Skill UI

A comprehensive guide for discovering and exploiting broken link hijacking vulnerabilities. This skill focuses on identifying references to expired domains, decommissioned cloud resources (like S3 buckets), and dead external services. It covers advanced techniques such as subdomain takeover, supply chain security assessment, and resource claiming for authorized penetration testing.

This skill guides security analysts through advanced threat-hunting methodologies focused on detecting DNS-based persistence. It analyzes passive DNS history, zone file audits, and API data (like SecurityTrails) to identify unauthorized record modifications, subdomain takeovers, and DNS hijacking attempts that bypass traditional security controls. Ideal for SOC analysts and threat hunters.

This playbook details the methodology for detecting and exploiting subdomain takeover vulnerabilities. It focuses on identifying CNAME/NS/MX records pointing to deprovisioned or unclaimed cloud resources (e.g., AWS S3 buckets, Heroku apps). Understanding these weaknesses allows attackers to serve malicious content under the victim's trusted domain, leading to phishing, credential theft, and security bypasses.