Skip to content disloops

I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I think it has gone mostly unnoticed for a few reasons:

  • CloudFront's default behavior is not intuitive. Some standard DNS configurations can mislead users into thinking that their vulnerable domains are configured correctly.
  • In the past year, misconfigured S3 buckets have been everyone's priority. Other AWS security issues have played second banana.
  • Because a misconfigured domain presents an obvious error message, one would assume there is no "low-hanging fruit" for attackers.

There are a couple reports on HackerOne but I'd say that this issue is still relatively unexplored. So I devoted some time to finding the right targets and scripting the testing process. The results are below.

...continue reading "CloudFront Hijacking"