Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign

This write-up details an opportunistic 'passive takeover' technique where an actor leverages passive DNS and cloud instance provisioning (notably AWS Elastic IPs/EC2 and DigitalOcean) to occupy dangling A records and host a visible takeover page; the author reproduces the method, lists detection/mitigation steps, and publishes ~345 observed IPs/hostnames associated with the operation.