This tweet discusses a security risk that bypasses the need for Web Application Firewall (WAF) bypasses altogether. It highlights that abandoned DNS records can automatically become vectors for domain hijacking. In such cases, attackers can take control of a legitimate subdomain due to the abandonment, thereby owning that subdomain without needing to perform complex WAF bypass techniques. This is a security issue related to domain name management and not directly tied to any specific WAF vendor or product. It emphasizes the importance of properly managing and securing DNS records to prevent attackers from exploiting them to gain control over subdomains and potentially carry out attacks from a trusted domain.
Check out the original tweet here: https://twitter.com/EdgeDetectOps/status/2038496691750351157