jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-07-21 14:41:18 -04:00
Code Issues Activity

support full HTML captions for image shortcode

Browse Source
This commit is contained in:
Jake Jarvis
2019-12-17 11:39:23 -05:00
parent 1b97c6b2de
commit c87bfd7797
22 changed files with 111 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/notes/finding-candidates-subdomain-takeovers/index.md
View File

@@ -16,7 +16,7 @@ A **subdomain takeover** occurs when a subdomain (like *example*.jarv.is) points
Not only are takeovers a fun way to dip your toes into [penetration testing](https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/), but they can also be incredibly lucrative thanks to [bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) on services like [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover) and [Bugcrowd](https://bugcrowd.com/programs), where corporations pay pentesters for their discoveries.
{{< image src="images/hackerone-2.png" width="620" alt="Huge rewards for subdomain takeovers on HackerOne" caption="Huge rewards for subdomain takeovers on HackerOne" >}}
{{< image src="images/hackerone-2.png" width="620" >}}<a href="https://hackerone.com/hacktivity?querystring=subdomain%20takeover">Huge rewards for subdomain takeovers on HackerOne.</a>{{< /image >}}
For a deep dive on the implications of takeovers, which can be a pretty serious vector of attack for malicious actors to obtain information from users of the targeted company, [Patrik Hudak](https://twitter.com/0xpatrik) wrote a [great post here](https://0xpatrik.com/subdomain-takeover/). Definitely take some time to skim through it and come back here when you're ready to hunt for a potential takeover yourself.