CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
DNS security is a lesser known and often overlooked field in cybersecurity. We know hacking websites requires coding knowledge and various unimaginable techniques, but did you know that you can take over a company’s entire website by pressing some buttons? Or fetch ALL their public and hidden subdomains with one simple command? Indeed, these vulnerabilities are mind-blowingly naive, easily neglected, ubiquitous, yet surprisingly powerful. They are often simple configuration mistakes that can be fixed within minutes, but in the highly digitalized world where system admins have to manage hundreds of domains, these loopholes become a hacker’s most sought after prey.
In this session, we will explore a few common DNS vulnerabilities and their causes, then demonstrate the severity of these issues with a study on the top 100 companies. We hope to raise awareness on DNS security and teach the audience how to detect and fix these issues.
Crystal Wu is a cybersecurity enthusiast exploring the landscape of this industry. Her work includes penetration testing, studying emerging attack vectors, developing cybersecurity testing tools, and managing red team exercises.