BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//speaker//CABTMF BEGIN:VTIMEZONE TZID:PST BEGIN:STANDARD DTSTART:20001029T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z TZNAME:PST TZOFFSETFROM:-0700 TZOFFSETTO:-0800 END:STANDARD BEGIN:STANDARD DTSTART:20071104T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:PST TZOFFSETFROM:-0700 TZOFFSETTO:-0800 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000402T030000 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z TZNAME:PDT TZOFFSETFROM:-0800 TZOFFSETTO:-0700 END:DAYLIGHT BEGIN:DAYLIGHT DTSTART:20070311T030000 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:PDT TZOFFSETFROM:-0800 TZOFFSETTO:-0700 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-fwd-cloudsec-2026-H38SPQ@pretalx.com DTSTART;TZID=PST:20260601T140000 DTEND;TZID=PST:20260601T144000 DESCRIPTION:Managing tens of thousands of DNS records across multiple cloud providers and registrars introduces significant risk—especially when bu g bounty reports for domain takeover vulnerabilities begin to surge. Scali ng remediation is both critical and complex. In this talk\, we share how o ur security team built a cloud-native\, event-driven automation system tha t delivered a 10x improvement in detection\, and achieved a 98% vulnerabil ity closure rate.\n\nWe’ll begin by explaining why domain takeovers beca me a problem worth solving at scale\, including the impact of different ta keover classes and the asset attribution challenges inherent in large orga nizations. From there\, we’ll walk through our journey—from evaluating tooling to designing a cloud-native orchestration system that integrates with our DNS registrar\, AWS and GCP environments\, and internal vulnerabi lity management platform.\n\nOur approach centers on continuous DNS asset enumeration via cloud provider APIs\, enrichment with account ownership me tadata\, and intelligent remediation workflows. Rather than treating takeo ver findings as isolated alerts requiring manual triage\, we built a syste m that continuously synchronizes DNS\, registrar\, and cloud account data. \n\nUsing Lambda and EventBridge\, new AWS accounts are automatically onbo arded into the organization. Hosted zones and domain states are enumerated \, enriched with organizational context\, and fed into our External Attack Surface Management (EASM) platform. External takeover findings are ingest ed through API Gateway webhooks and correlated with DNS records\, cloud in ventory\, and organizational metadata. This enables automated bundling\, s everity classification\, routing to the appropriate teams\, and enforced r e-alerting when issues are closed without remediation.\n\nA key factor in our success was ownership attribution. By correlating DNS records with clo ud and organizational metadata\, we reduced manual toil\, improved routing accuracy\, and ensured vulnerabilities could not be silently dismissed.\n \nWe’ll also discuss alternative solutions we evaluated that failed to s cale or proved ineffective\, and why an event-driven\, attribution-focused model ultimately succeeded.\n\nAttendees will leave with:\n- A clear unde rstanding of domain takeover vulnerabilities and their impact\n- Practical approaches to identifying and remediating domain takeovers at scale\n- In sight into asset attribution challenges in large organizations\n- An overv iew of tooling strategies and lessons learned\n\nWhether you manage ten do mains or tens of thousands\, this session provides a practical framework f or scalable DNS takeover detection and remediation. DTSTAMP:20260502T113313Z LOCATION:Room 1 SUMMARY:The domain takeover challenge: Detecting and defeating it at scale - Ramesh\, Eli F URL:https://pretalx.com/fwd-cloudsec-2026/talk/H38SPQ/ END:VEVENT END:VCALENDAR