jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-07-21 18:21:16 -04:00
Code Issues Activity

changed takeover image

Browse Source
This commit is contained in:
Jake Jarvis
2019-04-04 13:24:55 -04:00
parent b43c257926
commit 0c78686e3d
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
content/notes/finding-candidates-subdomain-takeovers/images/hackerone-2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 146 KiB

4
content/notes/finding-candidates-subdomain-takeovers/index.md
View File

@@ -15,7 +15,7 @@ A **subdomain takeover** occurs when a subdomain (like *example*.jarv.is) points
Not only are takeovers a fun way to dip your toes into [penetration testing](https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/), but they can also be incredibly lucrative thanks to [bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) on services like [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover) and [Bugcrowd](https://bugcrowd.com/programs), where corporations pay pentesters for their discoveries.
![Huge rewards for subdomain takeovers on HackerOne](images/hackerone.png)
![Huge rewards for subdomain takeovers on HackerOne](images/hackerone-2.png)
*Huge rewards for subdomain takeovers on [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover)*
For a deep dive on the implications of takeovers, which can be a pretty serious vector of attack for malicious actors to obtain information from users of the targeted company, [Patrik Hudak](https://twitter.com/0xpatrik) wrote a [great post here](https://0xpatrik.com/subdomain-takeover/). Definitely take some time to skim through it and come back here when you're ready to hunt for a potential takeover yourself.
@@ -75,6 +75,6 @@ Since you have this luxury of time, it becomes ***extremely important*** that yo
---
I have several more [improvements](https://github.com/jakejarvis/subtake) I want to make to `subtake`, but still feel free to [make a suggestion](https://github.com/jakejarvis/subtake/issues) and/or contribute to it in the meantime.
I have several more [improvements](https://github.com/jakejarvis/subtake#to-do) I want to make to `subtake` (integrating the `sonar.sh` script into the main program, an all-in-one automated Docker image, a self-updating list of services, etc.) but still feel free to [make a suggestion](https://github.com/jakejarvis/subtake/issues) and/or contribute to the repository in the meantime.
Happy hunting, fellow penetrators! 😉