{"id":66790,"date":"2026-07-02T09:21:46","date_gmt":"2026-07-02T02:21:46","guid":{"rendered":"https:\/\/aws.cmctelecom.vn\/2026\/06\/19\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/"},"modified":"2026-06-30T17:49:04","modified_gmt":"2026-06-30T10:49:04","slug":"hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien","status":"publish","type":"post","link":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/","title":{"rendered":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n"},"content":{"rendered":"<p>T\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain (subdomain takeover) l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt m\u00e0 k\u1ebb x\u1ea5u khai th\u00e1c c\u00e1c b\u1ea3n ghi DNS b\u1ecb b\u1ecf qu\u00ean \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ebfn t\u00e0i nguy\u00ean do ch\u00fang ki\u1ec3m so\u00e1t. L\u1ed7i c\u1ea5u h\u00ecnh n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng r\u1ee7i ro nghi\u00eam tr\u1ecdng v\u1ec1 uy t\u00edn th\u01b0\u01a1ng hi\u1ec7u, l\u1eeba \u0111\u1ea3o phishing v\u00e0 t\u1ed5n th\u1ea5t t\u00e0i ch\u00ednh cho doanh nghi\u1ec7p. AWS \u0111\u00e3 chia s\u1ebb c\u00e1c ph\u01b0\u01a1ng ph\u00e1p v\u00e0 c\u00f4ng c\u1ee5 gi\u00fap doanh nghi\u1ec7p ch\u1ee7 \u0111\u1ed9ng ph\u00e1t hi\u1ec7n, ng\u0103n ch\u1eb7n v\u00e0 \u1ee9ng ph\u00f3 hi\u1ec7u qu\u1ea3 v\u1edbi m\u1ed1i \u0111e d\u1ecda n\u00e0y.<\/p>\n<p>Theo \u0110\u1ed9i ng\u0169 \u1ee8ng ph\u00f3 S\u1ef1 c\u1ed1 Kh\u00e1ch h\u00e0ng c\u1ee7a AWS (AWS CIRT), c\u00e1c t\u00e1c nh\u00e2n \u0111e d\u1ecda \u0111ang t\u00edch c\u1ef1c qu\u00e9t c\u00e1c b\u1ea3n ghi CNAME c\u00f4ng khai tr\u1ecf \u0111\u1ebfn nh\u1eefng t\u00e0i nguy\u00ean kh\u00f4ng c\u00f2n t\u1ed3n t\u1ea1i \u0111\u1ec3 t\u00ecm ki\u1ebfm c\u01a1 h\u1ed9i th\u1ef1c hi\u1ec7n t\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain.<\/p>\n<blockquote><p>L\u01b0u \u00fd: K\u1ef9 thu\u1eadt chi\u1ebfm \u0111o\u1ea1t subdomain kh\u00f4ng khai th\u00e1c l\u1ed7 h\u1ed5ng c\u1ee7a c\u00e1c d\u1ecbch v\u1ee5 AWS. N\u00f3 l\u1ee3i d\u1ee5ng m\u1ed9t b\u1ea3n ghi DNS &#8220;l\u01a1 l\u1eedng&#8221; (<em>dangling record<\/em>) \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ebfn m\u1ed9t t\u00e0i nguy\u00ean do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.<\/p><\/blockquote>\n<h2>Subdomain takeover l\u00e0 g\u00ec v\u00e0 t\u1ea1i sao nguy hi\u1ec3m?<\/h2>\n<p>M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain x\u1ea3y ra khi doanh nghi\u1ec7p x\u00f3a m\u1ed9t t\u00e0i nguy\u00ean \u0111\u00e1m m\u00e2y (nh\u01b0 S3 bucket) nh\u01b0ng qu\u00ean kh\u00f4ng x\u00f3a b\u1ea3n ghi DNS (c\u1ee5 th\u1ec3 l\u00e0 CNAME) \u0111ang tr\u1ecf \u0111\u1ebfn n\u00f3. B\u1ea3n ghi DNS n\u00e0y tr\u1edf th\u00e0nh &#8220;l\u01a1 l\u1eedng&#8221;, tr\u1ecf \u0111\u1ebfn m\u1ed9t \u0111\u00edch kh\u00f4ng c\u00f2n t\u1ed3n t\u1ea1i. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng \u0111i\u1ec1u n\u00e0y b\u1eb1ng c\u00e1ch t\u1ea1o ra m\u1ed9t t\u00e0i nguy\u00ean m\u1edbi v\u1edbi c\u00f9ng t\u00ean ch\u00ednh x\u00e1c \u0111\u00f3 trong t\u00e0i kho\u1ea3n c\u1ee7a ch\u00fang, qua \u0111\u00f3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t subdomain v\u00e0 ph\u00e2n ph\u00e1t n\u1ed9i dung \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>K\u1ef9 thu\u1eadt n\u00e0y kh\u1ea3 thi khi m\u1ed9t b\u1ea3n ghi CNAME tr\u1ecf \u0111\u1ebfn t\u00e0i nguy\u00ean AWS s\u1eed d\u1ee5ng kh\u00f4ng gian t\u00ean DNS chia s\u1ebb to\u00e0n c\u1ea7u, n\u01a1i t\u00ean t\u00e0i nguy\u00ean c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ch\u1ecdn b\u1edfi b\u1ea5t k\u1ef3 kh\u00e1ch h\u00e0ng AWS n\u00e0o. C\u00e1c t\u00e0i nguy\u00ean AWS sau \u0111\u00e2y thu\u1ed9c di\u1ec7n n\u00e0y:<\/p>\n<ul>\n<li><strong>Amazon S3 (kh\u00f4ng gian t\u00ean to\u00e0n c\u1ea7u):<\/strong> T\u00ean bucket nh\u01b0 <code>mybucket.s3.amazonaws.com<\/code> l\u00e0 duy nh\u1ea5t tr\u00ean to\u00e0n c\u1ea7u v\u00e0 c\u00f3 th\u1ec3 b\u1ecb chi\u1ebfm b\u1edfi t\u00e0i kho\u1ea3n kh\u00e1c n\u1ebfu bucket b\u1ecb x\u00f3a.<\/li>\n<li><strong>Amazon CloudFront:<\/strong> M\u1eb7c d\u00f9 t\u00ean mi\u1ec1n ph\u00e2n ph\u1ed1i nh\u01b0 <code>d111111abcdef8.cloudfront.net<\/code> do AWS g\u00e1n, n\u1ebfu b\u1ea1n x\u00f3a m\u1ed9t distribution v\u00e0 kh\u00e1ch h\u00e0ng kh\u00e1c t\u00ecnh c\u1edd nh\u1eadn \u0111\u01b0\u1ee3c c\u00f9ng t\u00ean mi\u1ec1n \u0111\u00f3, b\u1ea3n ghi CNAME l\u01a1 l\u1eedng c\u00f3 th\u1ec3 tr\u1ecf \u0111\u1ebfn n\u1ed9i dung c\u1ee7a h\u1ecd.<\/li>\n<li><strong>AWS Elastic Beanstalk:<\/strong> T\u00ean m\u00f4i tr\u01b0\u1eddng nh\u01b0 <code>myapp.elasticbeanstalk.com<\/code> l\u00e0 duy nh\u1ea5t to\u00e0n c\u1ea7u v\u00e0 c\u00f3 th\u1ec3 b\u1ecb chi\u1ebfm n\u1ebfu m\u00f4i tr\u01b0\u1eddng b\u1ecb ch\u1ea5m d\u1ee9t.<\/li>\n<\/ul>\n<p>C\u00e1c t\u00e1c \u0111\u1ed9ng ti\u1ec1m t\u00e0ng \u0111\u1ed1i v\u1edbi doanh nghi\u1ec7p bao g\u1ed3m:<\/p>\n<ul>\n<li><strong>R\u1ee7i ro danh ti\u1ebfng:<\/strong> Doanh nghi\u1ec7p m\u1ea5t ki\u1ec3m so\u00e1t n\u1ed9i dung \u0111\u01b0\u1ee3c ph\u00e2n ph\u00e1t t\u1eeb subdomain c\u1ee7a m\u00ecnh, c\u00f3 th\u1ec3 l\u00e0 n\u1ed9i dung x\u1ea5u \u0111\u1ed9c, g\u00e2y \u1ea3nh h\u01b0\u1edfng ti\u00eau c\u1ef1c \u0111\u1ebfn h\u00ecnh \u1ea3nh th\u01b0\u01a1ng hi\u1ec7u.<\/li>\n<li><strong>Nguy c\u01a1 l\u1eeba \u0111\u1ea3o (phishing):<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 d\u1ef1ng c\u00e1c trang web gi\u1ea3 m\u1ea1o \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp ho\u1eb7c ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i cho ng\u01b0\u1eddi d\u00f9ng tin t\u01b0\u1edfng v\u00e0o t\u00ean mi\u1ec1n c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>B\u1ecb ch\u1eb7n truy c\u1eadp:<\/strong> N\u1ebfu subdomain b\u1ecb c\u00e1c nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 b\u1ea3o m\u1eadt g\u1eafn c\u1edd v\u00ec ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i, n\u00f3 c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn ho\u1ea1t \u0111\u1ed9ng kinh doanh c\u1ee7a b\u1ea1n.<\/li>\n<li><strong>T\u1ed5n th\u1ea5t t\u00e0i ch\u00ednh:<\/strong> S\u1ef1 c\u1ed1 c\u00f3 th\u1ec3 g\u00e2y gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 v\u00e0 t\u1ed1n k\u00e9m chi ph\u00ed \u0111\u1ec3 kh\u1eafc ph\u1ee5c.<\/li>\n<\/ul>\n<h2>Ph\u00e2n t\u00edch m\u1ed9t k\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng<\/h2>\n<p>H\u00e3y xem x\u00e9t m\u1ed9t v\u00ed d\u1ee5 ph\u1ed5 bi\u1ebfn v\u1edbi Amazon S3. Ban \u0111\u1ea7u, b\u1ea1n c\u00f3 m\u1ed9t S3 bucket t\u00ean l\u00e0 <code>subdomain.example<\/code> \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u1ec3 l\u01b0u tr\u1eef m\u1ed9t trang web t\u0129nh, v\u1edbi endpoint l\u00e0 <code>subdomain.example.s3-website-us-east-1.amazonaws.com<\/code>.<\/p>\n<figure class=\"wp-block-image size-medium aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 392px; --smush-placeholder-aspect-ratio: 392\/236;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/eed643c32e.png\" alt=\"S\u01a1 \u0111\u1ed3 S3 bucket \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh l\u00e0m m\u1ed9t trang web t\u0129nh\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p>\u0110\u1ec3 ng\u01b0\u1eddi d\u00f9ng d\u1ec5 nh\u1edb, b\u1ea1n t\u1ea1o m\u1ed9t b\u1ea3n ghi CNAME trong Amazon Route 53, tr\u1ecf <code>subdomain.example.com<\/code> \u0111\u1ebfn endpoint c\u1ee7a S3 bucket.<\/p>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 515px; --smush-placeholder-aspect-ratio: 515\/240;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/c175a815d5.png\" alt=\"S\u01a1 \u0111\u1ed3 DNS Resolver \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh v\u1edbi b\u1ea3n ghi CNAME tr\u1ecf \u0111\u1ebfn S3 bucket g\u1ed1c\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p>Sau m\u1ed9t th\u1eddi gian, qu\u1ea3n tr\u1ecb vi\u00ean quy\u1ebft \u0111\u1ecbnh ng\u1eebng s\u1eed d\u1ee5ng trang web n\u00e0y v\u00e0 x\u00f3a S3 bucket \u0111i, nh\u01b0ng l\u1ea1i qu\u00ean x\u00f3a b\u1ea3n ghi CNAME trong Route 53.<\/p>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 734px; --smush-placeholder-aspect-ratio: 734\/271;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/9d980ea176.png\" alt=\"S\u01a1 \u0111\u1ed3 minh h\u1ecda t\u00e0i nguy\u00ean b\u1ecb x\u00f3a nh\u01b0ng b\u1ea3n ghi CNAME kh\u00f4ng \u0111\u01b0\u1ee3c x\u00f3a\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<p>L\u00fac n\u00e0y, b\u1ea3n ghi DNS \u0111\u00e3 tr\u1edf n\u00ean &#8220;l\u01a1 l\u1eedng&#8221;. K\u1ebb t\u1ea5n c\u00f4ng ph\u00e1t hi\u1ec7n ra t\u00ecnh tr\u1ea1ng n\u00e0y, ch\u00fang li\u1ec1n t\u1ea1o m\u1ed9t S3 bucket m\u1edbi v\u1edbi c\u00f9ng t\u00ean <code>subdomain.example<\/code> trong t\u00e0i kho\u1ea3n AWS c\u1ee7a ch\u00fang. Gi\u1edd \u0111\u00e2y, m\u1ecdi truy c\u1eadp \u0111\u1ebfn <code>subdomain.example.com<\/code> s\u1ebd b\u1ecb chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn n\u1ed9i dung \u0111\u1ed9c h\u1ea1i do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t, trong khi ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i kh\u00f4ng h\u1ec1 hay bi\u1ebft.<\/p>\n<figure class=\"wp-block-image size-large aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 772px; --smush-placeholder-aspect-ratio: 772\/390;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: 560px; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/b8afcdc00f.png\" alt=\"S\u01a1 \u0111\u1ed3 minh h\u1ecda qu\u00e1 tr\u00ecnh t\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<h2>Ch\u1ee7 \u0111\u1ed9ng ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng v\u1edbi AWS Config<\/h2>\n<p>\u0110\u1ec3 ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c r\u1ee7i ro, AWS khuy\u1ebfn ngh\u1ecb s\u1eed d\u1ee5ng <strong>AWS Config<\/strong> \u0111\u1ec3 li\u00ean t\u1ee5c gi\u00e1m s\u00e1t c\u00e1c b\u1ea3n ghi CNAME trong Route 53 v\u00e0 x\u00e1c minh r\u1eb1ng t\u00e0i nguy\u00ean \u0111\u00edch c\u00f3 th\u1ef1c s\u1ef1 t\u1ed3n t\u1ea1i trong t\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n hay kh\u00f4ng. C\u00e1ch ti\u1ebfp c\u1eadn n\u00e0y \u01b0u vi\u1ec7t h\u01a1n vi\u1ec7c ch\u1ec9 ki\u1ec3m tra ph\u00e2n gi\u1ea3i DNS, v\u00ec n\u1ebfu k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 chi\u1ebfm quy\u1ec1n, vi\u1ec7c ph\u00e2n gi\u1ea3i v\u1eabn th\u00e0nh c\u00f4ng nh\u01b0ng l\u1ea1i tr\u1ecf \u0111\u1ebfn t\u00e0i nguy\u00ean c\u1ee7a ch\u00fang.<\/p>\n<p>B\u1eb1ng c\u00e1ch truy v\u1ea5n kho c\u1ea5u h\u00ecnh c\u1ee7a AWS Config, gi\u1ea3i ph\u00e1p n\u00e0y ki\u1ec3m tra xem t\u00e0i nguy\u00ean c\u00f3 t\u1ed3n t\u1ea1i trong danh m\u1ee5c c\u1ee7a ch\u00ednh doanh nghi\u1ec7p b\u1ea1n hay kh\u00f4ng, gi\u00fap x\u00e1c \u0111\u1ecbnh ch\u00ednh x\u00e1c c\u00e1c b\u1ea3n ghi CNAME l\u01a1 l\u1eedng ngay c\u1ea3 khi cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u00e3 x\u1ea3y ra.<\/p>\n<p>AWS \u0111\u00e3 c\u00f4ng b\u1ed1 m\u1ed9t gi\u1ea3i ph\u00e1p tham kh\u1ea3o m\u00e3 ngu\u1ed3n m\u1edf \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a quy tr\u00ecnh n\u00e0y. Gi\u1ea3i ph\u00e1p n\u00e0y tri\u1ec3n khai m\u1ed9t h\u00e0m Lambda \u0111\u1ec3 qu\u00e9t c\u00e1c b\u1ea3n ghi CNAME, \u0111\u1ed1i chi\u1ebfu v\u1edbi kho AWS Config, v\u00e0 t\u1ea1o ra c\u00e1c ph\u00e1t hi\u1ec7n (finding) m\u1ee9c \u0111\u1ed9 <strong>HIGH<\/strong> trong AWS Security Hub khi ph\u00e1t hi\u1ec7n b\u1ea3n ghi l\u01a1 l\u1eedng. N\u00f3 c\u0169ng c\u00f3 th\u1ec3 g\u1eedi th\u00f4ng b\u00e1o qua SNS \u0111\u1ec3 c\u1ea3nh b\u00e1o \u0111\u1ed9i ng\u0169 b\u1ea3o m\u1eadt.<\/p>\n<figure class=\"wp-block-image size-full aligncenter\" style=\"text-align: center; margin: 1.5em 0;\"><img decoding=\"async\" style=\"--smush-placeholder-width: 2382px; --smush-placeholder-aspect-ratio: 2382\/1338;border-radius: 8px; border: 1px solid #e5e7eb; max-width: 100%; max-height: none; width: auto; height: auto; display: inline-block;\" data-src=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/43d20005cc.png\" alt=\"S\u01a1 \u0111\u1ed3 gi\u1ea3i ph\u00e1p ph\u00e1t hi\u1ec7n DNS l\u01a1 l\u1eedng c\u1ee7a AWS\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/figure>\n<h2>C\u00e1c bi\u1ec7n ph\u00e1p ng\u0103n ch\u1eb7n v\u00e0 \u1ee9ng ph\u00f3<\/h2>\n<p>Ph\u00f2ng ch\u1ed1ng t\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain \u0111\u00f2i h\u1ecfi c\u1ea3 quy tr\u00ecnh ph\u00f2ng ng\u1eeba v\u00e0 kh\u1ea3 n\u0103ng ph\u1ea3n \u1ee9ng nhanh.<\/p>\n<h3>Ph\u00f2ng ng\u1eeba: Quy tr\u00ecnh v\u1eadn h\u00e0nh chu\u1ea9n (SOP)<\/h3>\n<p>Bi\u1ec7n ph\u00e1p hi\u1ec7u qu\u1ea3 nh\u1ea5t l\u00e0 x\u00e2y d\u1ef1ng m\u1ed9t quy tr\u00ecnh v\u1eadn h\u00e0nh chu\u1ea9n cho vi\u1ec7c g\u1ee1 b\u1ecf t\u00e0i nguy\u00ean, \u0111\u1ea3m b\u1ea3o b\u1ea3n ghi DNS \u0111\u01b0\u1ee3c x\u00f3a <strong>tr\u01b0\u1edbc khi<\/strong> x\u00f3a t\u00e0i nguy\u00ean g\u1ed1c:<\/p>\n<ol>\n<li><strong>X\u00f3a b\u1ea3n ghi CNAME<\/strong> tr\u1ecf \u0111\u1ebfn t\u00e0i nguy\u00ean b\u1ea1n d\u1ef1 \u0111\u1ecbnh g\u1ee1 b\u1ecf.<\/li>\n<li><strong>Ch\u1edd cho DNS TTL h\u1ebft h\u1ea1n.<\/strong> \u0110i\u1ec1u n\u00e0y \u0111\u1ea3m b\u1ea3o c\u00e1c DNS resolver tr\u00ean internet c\u1eadp nh\u1eadt thay \u0111\u1ed5i. N\u1ebfu b\u1ea1n x\u00f3a t\u00e0i nguy\u00ean tr\u01b0\u1edbc khi TTL h\u1ebft h\u1ea1n, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm t\u00ean t\u00e0i nguy\u00ean trong khi c\u00e1c b\u1ea3n ghi CNAME \u0111\u01b0\u1ee3c cache v\u1eabn \u0111ang tr\u1ecf v\u1ec1 \u0111\u00f3.<\/li>\n<li><strong>G\u1ee1 b\u1ecf t\u00e0i nguy\u00ean<\/strong> (S3 bucket, m\u00f4i tr\u01b0\u1eddng Elastic Beanstalk, v.v.).<\/li>\n<li>Ki\u1ec3m tra l\u1ea1i DNS \u0111\u1ec3 x\u00e1c nh\u1eadn b\u1ea3n ghi \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00f3a ho\u00e0n to\u00e0n.<\/li>\n<\/ol>\n<p>Nguy\u00ean t\u1eafc v\u00e0ng: <strong>Lu\u00f4n x\u00f3a DNS tr\u01b0\u1edbc, \u0111\u1ee3i TTL, sau \u0111\u00f3 m\u1edbi x\u00f3a t\u00e0i nguy\u00ean.<\/strong><\/p>\n<h3>Ph\u00f2ng ng\u1eeba: S3 Account Regional Namespaces<\/h3>\n<p>V\u00e0o th\u00e1ng 3 n\u0103m 2026, AWS \u0111\u00e3 ra m\u1eaft <em>account regional namespaces<\/em> cho S3 bucket, gi\u00fap gi\u1ea3m thi\u1ec3u nguy c\u01a1 n\u00e0y. Tuy nhi\u00ean, doanh nghi\u1ec7p c\u1ea7n l\u01b0u \u00fd c\u00e1c gi\u1edbi h\u1ea1n quan tr\u1ecdng:<\/p>\n<ul>\n<li><strong>Kh\u00f4ng \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn bucket hi\u1ec7n c\u00f3:<\/strong> C\u00e1c bucket \u0111\u00e3 t\u1ea1o trong kh\u00f4ng gian t\u00ean to\u00e0n c\u1ea7u kh\u00f4ng th\u1ec3 di chuy\u1ec3n v\u00e0 v\u1eabn c\u00f3 nguy c\u01a1 b\u1ecb chi\u1ebfm \u0111o\u1ea1t.<\/li>\n<li><strong>Kh\u00f4ng gian t\u00ean to\u00e0n c\u1ea7u v\u1eabn l\u00e0 m\u1eb7c \u0111\u1ecbnh:<\/strong> Khi t\u1ea1o bucket m\u1edbi, ng\u01b0\u1eddi d\u00f9ng c\u1ea7n ch\u1ee7 \u0111\u1ed9ng ch\u1ecdn t\u00f9y ch\u1ecdn m\u1edbi n\u00e0y.<\/li>\n<li><strong>C\u1ea7n c\u1eadp nh\u1eadt m\u1eabu IaC:<\/strong> C\u00e1c m\u1eabu <em>Infrastructure-as-Code<\/em> (CloudFormation, Terraform) hi\u1ec7n c\u00f3 c\u1ea7n \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt \u0111\u1ec3 s\u1eed d\u1ee5ng kh\u00f4ng gian t\u00ean m\u1edbi.<\/li>\n<\/ul>\n<p>Do \u0111\u00f3, gi\u1ea3i ph\u00e1p ph\u00e1t hi\u1ec7n b\u1eb1ng AWS Config v\u1eabn r\u1ea5t quan tr\u1ecdng, \u0111\u1eb7c bi\u1ec7t v\u1edbi c\u00e1c h\u1ea1 t\u1ea7ng S3 c\u0169 v\u00e0 c\u00e1c d\u1ecbch v\u1ee5 kh\u00e1c nh\u01b0 CloudFront v\u00e0 Elastic Beanstalk.<\/p>\n<h3>\u1ee8ng ph\u00f3: Th\u00f4ng b\u00e1o v\u00e0 kh\u1eafc ph\u1ee5c<\/h3>\n<p>Khi ph\u00e1t hi\u1ec7n m\u1ed9t b\u1ea3n ghi l\u01a1 l\u1eedng, gi\u1ea3i ph\u00e1p tham kh\u1ea3o c\u1ee7a AWS s\u1ebd t\u1ef1 \u0111\u1ed9ng t\u1ea1o c\u1ea3nh b\u00e1o trong Security Hub v\u00e0 g\u1eedi th\u00f4ng b\u00e1o qua SNS. AWS khuy\u1ebfn ngh\u1ecb n\u00ean b\u1eaft \u0111\u1ea7u v\u1edbi quy tr\u00ecnh ph\u00e1t hi\u1ec7n v\u00e0 th\u00f4ng b\u00e1o, trong \u0111\u00f3 m\u1ed9t th\u00e0nh vi\u00ean c\u1ee7a \u0111\u1ed9i ng\u0169 s\u1ebd xem x\u00e9t v\u00e0 ph\u00ea duy\u1ec7t vi\u1ec7c x\u00f3a b\u1ea3n ghi DNS. Vi\u1ec7c t\u1ef1 \u0111\u1ed9ng x\u00f3a ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 mang r\u1ee7i ro n\u1ebfu c\u00f3 tr\u01b0\u1eddng h\u1ee3p d\u01b0\u01a1ng t\u00ednh gi\u1ea3.<\/p>\n<h2>K\u1ebft lu\u1eadn<\/h2>\n<p>Chi\u1ebfm \u0111o\u1ea1t subdomain l\u00e0 m\u1ed9t l\u1ed7i c\u1ea5u h\u00ecnh c\u00f3 th\u1ec3 ph\u00f2ng tr\u00e1nh nh\u01b0ng l\u1ea1i g\u00e2y ra h\u1eadu qu\u1ea3 \u0111\u00e1ng k\u1ec3. C\u00e1ch ti\u1ebfp c\u1eadn ph\u00f2ng th\u1ee7 theo l\u1edbp l\u00e0 hi\u1ec7u qu\u1ea3 nh\u1ea5t: x\u00e2y d\u1ef1ng quy tr\u00ecnh v\u1eadn h\u00e0nh ch\u1eb7t ch\u1ebd, s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 t\u1ef1 \u0111\u1ed9ng nh\u01b0 AWS Config \u0111\u1ec3 ph\u00e1t hi\u1ec7n sai s\u00f3t, v\u00e0 thi\u1ebft l\u1eadp quy tr\u00ecnh \u1ee9ng ph\u00f3 nhanh ch\u00f3ng. \u0110\u1ea3m b\u1ea3o &#8220;v\u1ec7 sinh&#8221; DNS t\u1ed1t l\u00e0 tuy\u1ebfn ph\u00f2ng th\u1ee7 \u0111\u1ea7u ti\u00ean v\u00e0 quan tr\u1ecdng nh\u1ea5t \u0111\u1ec3 b\u1ea3o v\u1ec7 t\u00e0i s\u1ea3n s\u1ed1 c\u1ee7a doanh nghi\u1ec7p tr\u00ean m\u00f4i tr\u01b0\u1eddng cloud.<\/p>","protected":false},"excerpt":{"rendered":"<p>T\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain (subdomain takeover) l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt m\u00e0 k\u1ebb x\u1ea5u khai th\u00e1c c\u00e1c b\u1ea3n ghi DNS b\u1ecb b\u1ecf qu\u00ean \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ebfn t\u00e0i nguy\u00ean do ch\u00fang ki\u1ec3m so\u00e1t. L\u1ed7i c\u1ea5u h\u00ecnh n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng r\u1ee7i ro nghi\u00eam tr\u1ecdng v\u1ec1 uy t\u00edn th\u01b0\u01a1ng hi\u1ec7u,&#8230;<\/p>","protected":false},"author":22,"featured_media":66784,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-66790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctelers-blogs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom\" \/>\n<meta property=\"og:description\" content=\"T\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain (subdomain takeover) l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt m\u00e0 k\u1ebb x\u1ea5u khai th\u00e1c c\u00e1c b\u1ea3n ghi DNS b\u1ecb b\u1ecf qu\u00ean \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ebfn t\u00e0i nguy\u00ean do ch\u00fang ki\u1ec3m so\u00e1t. L\u1ed7i c\u1ea5u h\u00ecnh n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng r\u1ee7i ro nghi\u00eam tr\u1ecdng v\u1ec1 uy t\u00edn th\u01b0\u01a1ng hi\u1ec7u,...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/\" \/>\n<meta property=\"og:site_name\" content=\"CMC Telecom\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CMCTelecomOfficial\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-02T02:21:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"731\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"publisher-bot\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"publisher-bot\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/\"},\"author\":{\"name\":\"publisher-bot\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/person\\\/630c0582c38b5246ea44d055155d721e\"},\"headline\":\"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n\",\"datePublished\":\"2026-07-02T02:21:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/\"},\"wordCount\":2237,\"publisher\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg\",\"articleSection\":[\"Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/\",\"name\":\"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg\",\"datePublished\":\"2026-07-02T02:21:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#primaryimage\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg\",\"contentUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg\",\"width\":1280,\"height\":731},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/2026\\\/07\\\/02\\\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Trang ch\u1ee7\",\"item\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blogs\",\"item\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/en\\\/danh-muc-tin-tuc\\\/ctelers-blogs\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#website\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\",\"name\":\"CMC Telecom\",\"description\":\"\u0110\u1ed1i t\u00e1c D\u1ecbch v\u1ee5 C\u1ea5p cao c\u1ee7a AWS t\u1ea1i Vi\u1ec7t Nam\",\"publisher\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\"},\"alternateName\":\"AWS Advanced Partner in Vietnam\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#organization\",\"name\":\"CMC Telecom\",\"alternateName\":\"CMC Telecom\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/cmc-telecom-logo.png\",\"contentUrl\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/cmc-telecom-logo.png\",\"width\":400,\"height\":96,\"caption\":\"CMC Telecom\"},\"image\":{\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/CMCTelecomOfficial\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/#\\\/schema\\\/person\\\/630c0582c38b5246ea44d055155d721e\",\"name\":\"publisher-bot\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g\",\"caption\":\"publisher-bot\"},\"url\":\"https:\\\/\\\/aws.cmctelecom.vn\\\/en\\\/author\\\/publisher-bot\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/","og_locale":"en_US","og_type":"article","og_title":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom","og_description":"T\u1ea5n c\u00f4ng chi\u1ebfm \u0111o\u1ea1t subdomain (subdomain takeover) l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt m\u00e0 k\u1ebb x\u1ea5u khai th\u00e1c c\u00e1c b\u1ea3n ghi DNS b\u1ecb b\u1ecf qu\u00ean \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ebfn t\u00e0i nguy\u00ean do ch\u00fang ki\u1ec3m so\u00e1t. L\u1ed7i c\u1ea5u h\u00ecnh n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng r\u1ee7i ro nghi\u00eam tr\u1ecdng v\u1ec1 uy t\u00edn th\u01b0\u01a1ng hi\u1ec7u,...","og_url":"https:\/\/aws.cmctelecom.vn\/en\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/","og_site_name":"CMC Telecom","article_publisher":"https:\/\/www.facebook.com\/CMCTelecomOfficial","article_published_time":"2026-07-02T02:21:46+00:00","og_image":[{"width":1280,"height":731,"url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg","type":"image\/jpeg"}],"author":"publisher-bot","twitter_card":"summary_large_image","twitter_misc":{"Written by":"publisher-bot","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#article","isPartOf":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/"},"author":{"name":"publisher-bot","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/person\/630c0582c38b5246ea44d055155d721e"},"headline":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n","datePublished":"2026-07-02T02:21:46+00:00","mainEntityOfPage":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/"},"wordCount":2237,"publisher":{"@id":"https:\/\/aws.cmctelecom.vn\/#organization"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#primaryimage"},"thumbnailUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg","articleSection":["Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/","url":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/","name":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n | CMC Telecom","isPartOf":{"@id":"https:\/\/aws.cmctelecom.vn\/#website"},"primaryImageOfPage":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#primaryimage"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#primaryimage"},"thumbnailUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg","datePublished":"2026-07-02T02:21:46+00:00","breadcrumb":{"@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#primaryimage","url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg","contentUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2026\/06\/threat-tactic-spotlight-subdomain-takeover.thumbnail.jpg","width":1280,"height":731},{"@type":"BreadcrumbList","@id":"https:\/\/aws.cmctelecom.vn\/2026\/07\/02\/hiem-hoa-chiem-doat-subdomain-aws-huong-dan-cach-phong-chong-va-phat-hien\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Trang ch\u1ee7","item":"https:\/\/aws.cmctelecom.vn\/"},{"@type":"ListItem","position":2,"name":"Blogs","item":"https:\/\/aws.cmctelecom.vn\/en\/danh-muc-tin-tuc\/ctelers-blogs\/"},{"@type":"ListItem","position":3,"name":"Hi\u1ec3m h\u1ecda chi\u1ebfm \u0111o\u1ea1t subdomain: AWS h\u01b0\u1edbng d\u1eabn c\u00e1ch ph\u00f2ng ch\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n"}]},{"@type":"WebSite","@id":"https:\/\/aws.cmctelecom.vn\/#website","url":"https:\/\/aws.cmctelecom.vn\/","name":"CMC Telecom","description":"CMC Telecom holds the position of a Advanced Tier Service Partner of AWS in Vietnam and has closely","publisher":{"@id":"https:\/\/aws.cmctelecom.vn\/#organization"},"alternateName":"AWS Advanced Partner in Vietnam","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/aws.cmctelecom.vn\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/aws.cmctelecom.vn\/#organization","name":"CMC Telecom","alternateName":"CMC Telecom","url":"https:\/\/aws.cmctelecom.vn\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/logo\/image\/","url":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2023\/07\/cmc-telecom-logo.png","contentUrl":"https:\/\/aws.cmctelecom.vn\/wp-content\/uploads\/2023\/07\/cmc-telecom-logo.png","width":400,"height":96,"caption":"CMC Telecom"},"image":{"@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CMCTelecomOfficial"]},{"@type":"Person","@id":"https:\/\/aws.cmctelecom.vn\/#\/schema\/person\/630c0582c38b5246ea44d055155d721e","name":"publisher-bot","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/83ecf50e74202a2c7d2e2c924c1d66b874db607a909c8236b74cc4fb96581a00?s=96&d=mm&r=g","caption":"publisher-bot"},"url":"https:\/\/aws.cmctelecom.vn\/en\/author\/publisher-bot\/"}]}},"_links":{"self":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/comments?post=66790"}],"version-history":[{"count":1,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66790\/revisions"}],"predecessor-version":[{"id":66883,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/posts\/66790\/revisions\/66883"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/media\/66784"}],"wp:attachment":[{"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/media?parent=66790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/categories?post=66790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aws.cmctelecom.vn\/en\/wp-json\/wp\/v2\/tags?post=66790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}