The beginning of the 100DaysOfCode challenge wasn’t dissimilar to my experience beginning the 146 days I spent on the Pacific Crest Trail. I was excited to get going, but hadn’t spent very much time preparing, and had no idea what I was getting myself into.

The first day of my journey I was tired, absolutely unsure of how to proceed, and even got lost for a little bit before I found my way to the start. Once started though, I was ecstatic and blissfully unaware of where the path in front of me would lead. Now sitting down in front…


Suddenly, it’s over. I remember feeling like that standing at the border between the US and Canada. Unsurprisingly that’s exactly how I feel right now. The elasticity of time perception really becomes apparent when you turn around and look back down the trail from where you came, and you get that funny sensation of having just been at the beginning, while simultaneously feeling emotionally overwhelmed by what feels like an entire lifetime of memories.

Over the course of 100 days my mindset has gone through a complete overhaul multiple times. Whether it was working through a problem for days only…


When I was a kid one of my favorite things to do was play with Legos. I loved the feeling of taking the tiny, insignificant pieces and putting them together in a meaningful way in order to create something that didn’t previously exist. Of course I didn’t think of it in those terms at the time. I was more interested in building space stations, but the feeling was the same. I suppose it’s only fitting that years later I’d stumble upon the React JS framework. One of the benefits of using React is that it allows you to create small…


In my first journal entry I walked through performing horizontal domain reconnaissance on Apple’s network in order to find a complete list of domains which are owned by the monolithic organization we all know. This entry picks up where we left off. Let’s continue.

Finding the right tree

So after vetting Apple’s ASN space I ended up with these domains to pick from:

aaplimg.com -> Apple’s CDN
apple-cloudkit.com
apple.com -> Main site
apple.com.cn
applesurveys.com -> Redirects to https://idmsac.apple.com/IDMSWebAuth/SAMLLogin
beatsbydre.com
apple.channel.support
icloud.com
icloud-content.com -> redirects to https://developer.apple.com/icloud
icloud.com.cn
itunesmusicstore.com
mzstatic.com

A few of these do redirect to apple.com, however they have…


In terms of being late or not starting at all, then it’s never too late. — Alison Headley

I tend to keep fairly thorough (albeit informal) notes while doing recon, however it’s never occurred to me to share anything. I’m not sure why exactly. Especially since a friend once gave me the idea to keep a public journal of all my experiences and endeavors while bug bounty hunting. Years later is better then never I guess.

Sharpening the axe

So the first step is just to figure out what root domains belong to Apple. This bounty program isn’t hosted on…

DJ Nelson

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store