This walks through finding and exploiting dangling DNS records that point to deprovisioned cloud resources. You get fingerprint tables for spotting vulnerable CNAMEs (S3 buckets, Heroku apps, GitHub Pages), step-by-step claim procedures for each provider, and coverage of the nastier variants like NS takeover where you control an entire zone. The decision tree and tooling recommendations (subjack, nuclei, dnsreaper) are solid. Worth noting it correctly emphasizes that a CNAME existing doesn't mean takeover is possible, only when the target resource is actually unclaimed and you can register it. Routing to related skills like SSRF and CORS bypass shows where subdomain control becomes a pivot point for deeper exploitation.
npx skills add https://github.com/yaklang/hack-skills --skill subdomain-takeover