A subdomain takeover is a potential security vulnerability in which a malicious actor could take control of a subdomain of a larger domain.
The actor could then potentially use that subdomain to impersonate the larger domain or steal sensitive information.
This article provides a practical and step-by-step guide to finding subdomain takeover vulnerability.
The steps involve recon, filtering out exploitable subdomains, and claiming a found subdomain by creating a bucket and uploading a proof-of-concept (POC) file.
Specifically regarding AWS S3, the subdomain takeover vulnerability could be identified when the bucket does not exist and a NoSuchBucket error is received.
An attacker could then create the bucket and upload a POC to claim the subdomain and potentially impersonate the larger domain.