Brandon Rossi @0xConda Twitter profile

Pinned Tweet

Brandon Rossi

@0xConda

2 years

I started doing bug bounty on the side about 8 months ago. Here's what I've found 👇

50

117

703

Last Seen Profiles

@rin_mog

@bokeplokalmalam

@segundodamerda

@EnDruMThaLa_

@ann_mariestelly

@LillyPark30

@BenAdsheadPA

@0m1R52gVO68m35y

@BinorRaja

@pollenbit

@EDIWDerbyUni

@michaelastracha

@stwmaniax

@Steph_Sukow

@David_Michael03

@ChrisNorep

@sarahmc73434346

@winlelenct

@iamwill

@AusOpenGaming

@LowhoMar

@Aaliyha___

@BRC20_AllDay

@bokeplokalmalam

@priskaaaas

@zikxo

@ligamx

@thisiscalmer

@DUALIPA

@bokeplokalmalam

@tlab31

@ryuji_fujimura

@mark21425304

@YakaFinance

@bokeplokalmalam

@smol_bananya

Brandon Rossi

@0xConda

2 years

Looking to hire a cybersecurity intern with 30 years of experience. Must have CISSP.

158

194

2K

Brandon Rossi

@0xConda

2 years

Here's a really cool mind map for pentesting Active Directory

36

625

2K

Brandon Rossi

@0xConda

2 years

I told ChatGPT to pentest a scope of IPs and it found me $69,420 worth of bugs. Pentesters will be obsolete.

123

198

2K

Brandon Rossi

@0xConda

2 years

The cybersecurity field has an astonishing amount of free content available online. If you want to get into the field, you have the resources available. You just need to invest the time to learn.

41

254

1K

Brandon Rossi

@0xConda

4 years

90% of hacking is swearing at your computer

46

207

1K

Brandon Rossi

@0xConda

2 years

None of us are born knowing cybersecurity. We all start from the same place.

58

140

1K

Brandon Rossi

@0xConda

3 years

Here's a mind map I made to help you with Linux privilege escalation

14

286

1K

Brandon Rossi

@0xConda

3 years

What are you favorite FREE resources for learning in #infosec ? Drop a link below 👇

82

345

1K

Brandon Rossi

@0xConda

3 years

Phishing 101... Hee Hee! 🤣

62

151

893

Brandon Rossi

@0xConda

3 years

I've officially accepted a job as a penetration tester!

58

13

823

Brandon Rossi

@0xConda

2 years

I'm happy to say I accepted an offer as a Senior Red Team Operator. Life is good 😃

39

10

693

Brandon Rossi

@0xConda

3 years

Do you have a #cybersecurity related blog, YouTube channel, etc? I want to see it! Drop a link below 👇

235

171

609

Brandon Rossi

@0xConda

2 years

Don't waste effort crafting phishing emails. Just send the link. People will click it.

31

70

598

Brandon Rossi

@0xConda

2 years

People will click ANY phishing email. I swear you could just send a link without pretext and still get clicks.

56

75

585

Brandon Rossi

@0xConda

3 years

I've officially earned my OSEP certification! Thank you @offsectraining for the amazing course.

61

10

587

Brandon Rossi

@0xConda

3 years

Crazy to think that 5 years ago I worked at McDonald's and now I'm a pentester. You can learn a lot in a short period of time if you're determined enough.

21

27

568

Brandon Rossi

@0xConda

3 years

My OSEP exam starts in 24 hours

100

3

538

Brandon Rossi

@0xConda

2 years

Check out what came in the mail 🥳

38

15

501

Brandon Rossi

@0xConda

3 years

Struggling with Windows privilege escalation? Check out this mind map 👇

1

135

507

Brandon Rossi

@0xConda

3 years

Pentesting is just auditing for cybersecurity

23

50

480

Brandon Rossi

@0xConda

3 years

Ransomware: surprise encryption as a service

26

81

456

Brandon Rossi

@0xConda

2 years

Failure is a huge part of hacking. Get comfortable with it. It's not a bad thing.

12

67

437

Brandon Rossi

@0xConda

2 years

She said yes!

72

0

436

Brandon Rossi

@0xConda

2 years

Want to get started in the pentesting field? Here's my advice 🧵👇

17

109

428

Brandon Rossi

@0xConda

2 years

In roughly my first month doing bug bounty I hit the top 100 of all time leaderboard on Intigriti. Here's what I learned 🧵

19

79

429

Brandon Rossi

@0xConda

2 years

Bug bounty isn't a way to get rich quick no matter how many bounties you see posted on Twitter

19

31

411

Brandon Rossi

@0xConda

2 years

Here's a cool repo that lists CVE PoCs that are posted to GitHub. Super useful when looking for exploits.

GitHub - nomi-sec/PoC-in-GitHub: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware. - nomi-sec/PoC-in-GitHub

github.com

7

144

411

Brandon Rossi

@0xConda

3 years

What are your favorite resources for learning in #infosec ? Drop a link below 👇

43

107

401

Brandon Rossi

@0xConda

3 years

Looking to improve your Active Directory hacking skills? Check out this playlist of videos 👇

Attacking Active Directory

www.youtube.com

2

95

378

Brandon Rossi

@0xConda

2 years

Here's a great place to start looking if you're interested

6

88

358

Brandon Rossi

@0xConda

2 years

I did my first Hack the Box machine about 4 years ago. I remember it took me at least a week to complete, even reading every forum post. Now I could probably do that same box in minutes. Keep learning! It gets easier, I promise.

6

31

346

Brandon Rossi

@0xConda

2 years

One typo with nmap and you're going straight to jail

21

51

343

Brandon Rossi

@0xConda

2 years

A lot of influencers probably make more money selling bug bounty courses than they've made from actually finding bugs

21

28

342

Brandon Rossi

@0xConda

3 years

Bug bounties aren't a "get rich quick" scheme. I always see new people wanting to get into cybersecurity because of the promise of easy money for finding these bugs. The truth is, you'll probably make way more money if you learn the fundamentals and apply them towards a career

18

45

325

Brandon Rossi

@0xConda

3 years

Today I officially graduated college and completed a bachelor's degree in computer science 🥳

29

6

311

Brandon Rossi

@0xConda

2 years

I've spent around 15 hours doing bug bounty in the last 3 days and found absolutely nothing. It happens to us all.

20

5

318

Brandon Rossi

@0xConda

3 years

Here are some mind maps I made to help with Windows and Linux privilege escalation

GitHub - C0nd4/OSCP-Priv-Esc: Mind maps / flow charts to help with privilege escalation on the OSCP.

Mind maps / flow charts to help with privilege escalation on the OSCP. - GitHub - C0nd4/OSCP-Priv-Esc: Mind maps / flow charts to help with privilege escalation on the OSCP.

github.com

6

111

325

Brandon Rossi

@0xConda

2 years

What's your favorite way to get ALL the subdomains for a target?

54

30

325

Brandon Rossi

@0xConda

3 years

Most people don't want to hear this, but there's no shortcut to learning what you need to know in #infosec . There's no magic book or course. Discipline and passion will take you further than anything else.

21

55

312

Brandon Rossi

@0xConda

2 years

It is insane to me how much you can grow in the hacking space. Just a few years ago I knew next to nothing related to the field. It's never too late to start learning. Here's my advice 👇

12

45

305

Brandon Rossi

@0xConda

2 years

My goal is to make enough money hacking computers that I never have to see one again

12

22

298

Brandon Rossi

@0xConda

3 years

Wanna learn some new techniques?Here's 14 different privilege escalation videos I made!

Privilege Escalation

Different privilege escalation methods

www.youtube.com

4

101

290

Brandon Rossi

@0xConda

2 years

Just started bug bounty and submitted my first report. Duplicate 🙃

26

1

286

Brandon Rossi

@0xConda

3 years

Just accidentally closed a terminal tab and killed a session deep in a network I needed. The pain is real.

32

9

286

Brandon Rossi

@0xConda

3 years

It always amazes me how many people in #infosec are willing to help total strangers learn for nothing in return. Slack groups, forums, blogs, etc all full of free and accessible information. Not sure where I'd be without the help and knowledge from tons of other people.

17

37

284

Brandon Rossi

@0xConda

2 years

You can pass the OSCP without even reading the material. There's so much information freely available online. I practiced on HTB then did the OSCP labs without touching their material and passed on the first go. Free resources are out there. You can be ready before signing up.

16

27

272

Brandon Rossi

@0xConda

2 years

Hacking is an art. You need to think creatively.

20

38

271

Brandon Rossi

@0xConda

3 years

5 years ago I worked at McDonald's and barely knew anything about computers. 3 years ago I got my first IT job at a helpdesk. Now I'm a pentester. If you put the time and energy into learning, you can certainly get that job you want.

5

21

267

Brandon Rossi

@0xConda

3 years

I pulled an all nighter at my desk scraping for the last points on my OSEP exam, but ultimately failed with 80 points. Bummer.

44

3

269

Brandon Rossi

@0xConda

2 years

Here are some mind maps I made to help with Linux and Windows privilege escalation for #OSCP .

4

75

266

Brandon Rossi

@0xConda

2 years

@k3nundrum Remote. But you have to come to the office 4 days a week.

9

7

266

Brandon Rossi

@0xConda

3 years

Do you create #cybersecurity related content? I'd love to see what people are putting out there! Drop a link below 👇

99

55

252

Brandon Rossi

@0xConda

3 years

What are some of your favorite tools for pentesting? Share them below! 👇

36

62

248

Brandon Rossi

@0xConda

3 years

The amount of #infosec knowledge that you can gain for free is a sign of how AMAZING the community is. For example, I went from knowing nothing about hacking to getting my OSCP by training with @hackthebox_eu for free.

11

34

229

Brandon Rossi

@0xConda

3 years

OSEP exam scheduled. Let's do it!

22

3

231

Brandon Rossi

@0xConda

6 months

Officially a married man!

54

2

229

Brandon Rossi

@0xConda

3 years

So if I understand #infosec Twitter, the more followers you have, the better hacker you are.... right??

37

7

219

Brandon Rossi

@0xConda

2 years

Burp Suite is a glorious tool

8

13

219

Brandon Rossi

@0xConda

3 years

Here's a big THANK YOU to those who release free #infosec content with the intent of helping others learn. So much of the knowledge I've gained has come from a variety of blogs and videos not behind any paywalls. Our community is truly great.

7

35

216

Brandon Rossi

@0xConda

3 years

I'll start. This repo has helped me so much, especially through OSCP

1

28

221

Brandon Rossi

@0xConda

3 years

@offsectraining Pick up a hobby that's away from the computer. Understand that it's impossible for you to master every niche within cybersecurity. There's not enough time to complete it in a lifetime.

3

15

220

Brandon Rossi

@0xConda

3 years

Oh you port scanned my web server? Prepare for legal consequences.

26

13

211

Brandon Rossi

@0xConda

2 years

Gonna have to file a CVE for @vxunderground default zip password

16

12

210

Brandon Rossi

@0xConda

3 years

Don't underestimate the value of CTFs. That's what originally got me hooked into #infosec and made a huge impact on my career and life.

8

19

209

Brandon Rossi

@0xConda

3 years

The time to give up my social life has come

19

3

205

Brandon Rossi

@0xConda

3 years

I love phishing awareness emails that look exactly like phishing emails 😂

8

17

187

Brandon Rossi

@0xConda

2 years

@am_xali Generally it goes like: 1. Run amass (provide api keys) 2. Generate permutations of all subdomains 3. Run httpx to find live web servers 4. Run eyewitness to screenshot everything Then I chose a subdomain to hunt on and start digging in with Burp as I would on any normal app.

4

37

189

Brandon Rossi

@0xConda

2 years

I gotta plan out a cert to do this year 2020 - OSCP 2021 - CRTP 2022 - OSEP 2023 - ????

58

4

185

Brandon Rossi

@0xConda

2 years

@vxunderground @hacker_ 50% of red teaming is just reading through SMB shares for passwords

3

14

186

Brandon Rossi

@0xConda

3 years

Just because a course has a price tag doesn't mean it's any better quality or material than what you can find for free. Most of these #infosec Udemy courses were built off of free blog posts anyways.

6

16

184

Brandon Rossi

@0xConda

3 years

Want to learn some Linux and Windows privilege escalation techniques? Check out this playlist of videos I made! 👇

Privilege Escalation

Different privilege escalation methods

www.youtube.com

1

56

182

Brandon Rossi

@0xConda

3 years

I've officially finished all of the OSEP material. Bring on the exam!

16

4

183

Brandon Rossi

@0xConda

2 years

If you're looking to get started in cybersecurity, join some online communities to talk with other people of various experience levels. Don't be shy!

12

10

177

Brandon Rossi

@0xConda

2 years

72 Bugs 67 accepted and 5 rejected ------------- 32 RCE 12 DNS Misconfigurations 7 Access Control Issues 4 Privilege Escalation 4 XSS 4 Information Disclosure 2 Subdomain Takeover 2 LFI 2 HTML Injection 1 Account Takeover 1 Open Redirect 1 Command Injection

8

10

173

Brandon Rossi

@0xConda

3 years

The amount of supportive people in #infosec always amazes me. Keep being awesome.

5

9

177

Brandon Rossi

@0xConda

2 years

I'm going to hit bug bounty programs hard in 2023

17

12

173

Brandon Rossi

@0xConda

3 years

Hacking is just so fun

10

172

Brandon Rossi

@0xConda

2 years

"Advanced cyber criminals" aka phishing emails, AnyDesk, and cracked Cobalt Strike

9

16

165

Brandon Rossi

@0xConda

3 years

OSEP report submitted. Let's hope 2nd time is the charm! Now the hardest part...waiting for the email!

10

1

159

Brandon Rossi

@0xConda

3 years

I cannot believe my YouTube channel just hit 200,000 views! It's so awesome to be able to help others learn in #infosec . Thank you!

13

1

157

Brandon Rossi

@0xConda

2 years

Bug bounty is cool until tax season comes

8

2

151

Brandon Rossi

@0xConda

3 years

The OSCP is a good cert, but it's just the tip of the iceberg

7

4

154

Brandon Rossi

@0xConda

2 years

Invest in a good chair. Don't let a career in front of the computer destroy your back.

13

12

148

Brandon Rossi

@0xConda

3 years

IT'S LIVE!! Want to hack a free pentesting lab? Look no further. Quality content doesn't require a Udemy price tag 😉

FREE Hacking Lab - Entry Level Pentesting

I created this cybersecurity lab, Entry Level Pentesting, to offer free cybersecurity training. This lab simulates a penetration testing assessment that star...

www.youtube.com

3

29

147

Brandon Rossi

@0xConda

2 years

I'm seriously addicted to hacking

13

7

143

Brandon Rossi

@0xConda

3 years

Don't be discouraged if you're new to #infosec and it seems really tough. The experience comes with time. If you aren't sure where to start, just pick a direction and go. This is a field where you'll never stop learning.

5

23

149

Brandon Rossi

@0xConda

3 years

You can't learn to hack over night. It's a long process with no true end. Don't get discouraged when the learning is tough!

3

25

144

Brandon Rossi

@0xConda

2 years

Hunting for bugs is really addictive

8

4

140

Brandon Rossi

@0xConda

3 years

Looking for some free #pentesting training? Here's a lab I made for you to practice! There's a mix of Linux and Windows machines, along with an Active Directory environment.

FREE Hacking Lab - Entry Level Pentesting

I created this cybersecurity lab, Entry Level Pentesting, to offer free cybersecurity training. This lab simulates a penetration testing assessment that star...

www.youtube.com

3

39

144

Brandon Rossi

@0xConda

2 years

I let katana crawl some sites for days and now have over 2GB of endpoints. Now to hack like crazy 😈

5

9

142

Brandon Rossi

@0xConda

2 years

My wife left me for ChatGPT

14

7

141

Brandon Rossi

@0xConda

2 years

If you need help gaining the 30 years experience, check out the free cybersecurity videos I create

Conda

I post videos on how to build and break things in the cybersecurity world. Currently I'm a penetration tester and am passionate about helping others learn about and break in to this industry. All...

www.youtube.com

5

8

141

Brandon Rossi

@0xConda

3 years

What would your advice be to someone who wants to get into #infosec ?

66

18

137

Brandon Rossi

@0xConda

2 years

What happens when you get all the certs?

90

5

139

Brandon Rossi

@0xConda

3 years

Honestly I felt more excited to pass my OSCP than to finish my Bachelor's degree

1

135

Brandon Rossi

@0xConda

3 years

Here's a tip for pentesting web applications. Instead of relying solely on directory brute forcing, see if there are any videos of someone giving a demo of the application. This can often disclose internal app URLs that might be accessible.

3

34

130

Brandon Rossi

@0xConda

3 years

Life goal: Make enough money in tech so I can retire in the middle of nowhere with minimal technology.

6

7

127

Brandon Rossi

@0xConda

3 years

Here's a sneak peak of the lab I'll be releasing soon! 6 target machines. Start "external" --> get domain admin. Sound fun?

6

8

131

Brandon Rossi

@0xConda

2 years

Building a server that can host a lot of VMs is still one of the best career investments I've made. Having the ability to spin up complex labs to test attack paths has been extremely valuable.

7

9

127