DNS/hijacking/事例/starbucksについて、ここに記述してください。 Subdomain Takeover: Starbucks points to Azure https://0xpatrik.com/subdomain-takeover-starbucks/ This post is the write-up about bug bounty report that I reported back in March 2018 to Starbucks. The report is now disclosed, and I was awarded $2,000 bounty. Although I have written about subdomain takeover in multiple posts, this case was somehow different. HackerOne Report The domain in question was svcgatewayus.starbucks.com. The domain pointed to a non-existing resource in Microsoft Azure. I realized that I have never talked about Microsoft Azure as a potential vector for subdomain takeover. ---- I have to say that I find the Azure portal very messy. IMHO it is a lot more complex than AWS with no significant benefits.