Implementing Best Practices
-
Continuous monitoring and analysis of the DNS records within your attack surface
-
Remove DNS entries for sites that are no longer being used
-
Regularly monitor and test where each subdomain is being used
-
Conduct subdomain enumeration
-
In the event of an attack, best practices include quickly contacting your service provider to alert them of the fraudulent activity and cleansing the DNS records of the targeted entry.
Resources
-
https://developer.mozilla.org/en-US/docs/Web/Security/Subdomain_takeovers
-
https://learn.microsoft.com/en-us/azure/app-service/reference-dangling-subdomain-prevention
-
https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
-
https://www.techtarget.com/searchsecurity/answer/What-is-subdomain-takeover-and-why-does-it-matter