Robert Hansen @RSnake Twitter profile | Pikagi

Pikagi

Robert Hansen

@RSnake

35,692

Followers

979

Following

243

Media

4,709

Statuses

Managing Director - Grossman Ventures. Security executive, defender of others' privacy, Author of AI’s Best Friend, Advisor, often found joking.

Austin, TX

https://t.co/b4x1TzAojS

Joined July 2008

Don't wanna be here? Send us removal request.

Pinned Tweet

@RSnake

Robert Hansen

7 months

Thrilled to announce "AI's Best Friend" - a journey into the dawn of a new era where humans & AGI must coexist. This book merges research, personal insights & a deep dive into the ethical dilemmas of AI development. It's a call to ally with AGI, embracing friendship for a shared

Tweet media one

8

14

150

Last Seen Profiles

@urotoma

@kwonrakista

@bit20973854

@LeoaOya

@KITAI_Oficial

@AyobiQader67314

@Hine_Group

@amerxmirza

@DennyDSP77

@AFBunny1

@bokeplokalmalam

@MF8kdSWUToPPoOt

@7Ajlan

@CronicaCultura

@adjustcom

@radicailin

@literarydesiree

@FrazierKay

@anamaoso90

@JayTrade2024

@nnoviembre

@sicklikeadog

@Mukidi_alNgibul

@M05Gu

@11yui1212

@3li_alsultan

@griffin_periord

@hhVXOTelLRL2fp

@raemwoods

@CCAG_EM

@Nick_Tea

@moemoe_acp

@LynCazabon

@bchopp

@selmabaldwin23

@LegoCertifiedSA

@RSnake

Robert Hansen

3 months

Little known fact - I had been thinking about Slowloris for about 10 years before I finally actually sat down to write it. In the early 90's I had encountered a situation where Apache would die when people would do what I used to call "half-open" attacks where they'd see if they

@todayininfosec

Today In Infosec

@todayininfosec

3 months

2009: Robert "RSnake" Hansen released the denial of service attack tool, Slowloris. Unlike most DoS tools which flood targets with traffic, it worked by holding connections open by sending partial HTTP requests - a technique described by others as far back as 2005.

Tweet media one

2

15

73

14

105

500

@RSnake

Robert Hansen

3 years

Your security program summarized (probably):

Tweet media one

8

60

338

@RSnake

Robert Hansen

5 years

sudo -1 make_me_a_sandwitch

6

57

236

@RSnake

Robert Hansen

5 years

2fa

Tweet media one

18

50

217

@RSnake

Robert Hansen

3 months

Once during an vendor meeting trying to sell to a huge oil and gas company, the CISO of said company literally just stopped us mid explanation and said he wouldn't look at our product unless we made him an advisor to our company. We were floored. He went on to explain that he

21

20

208

@RSnake

Robert Hansen

7 years

Hacker life be like: gzcat dump.gz |cut -f 1 -d “:” |tr ‘[[:upper:]]’ ‘[[:lower:]]’ |egrep “^[a-z0-9\-]+.*@.+” |sort |uniq > emails.txt

4

67

170

@RSnake

Robert Hansen

3 months

There is rumbling afoot of a series of articles coming that will be targeting and possibly even naming and shaming both CISOs and VCs. Without naming my sources and not that it's important to do so anyway, because the following article does a good job of giving a high level lay

15

48

165

@RSnake

Robert Hansen

7 years

Equifax's surface area for anyone curious:

15

75

125

@RSnake

Robert Hansen

4 years

If you use Express VPN you definitely need to read this:

Tweet card media

Chinese VPNs Are Recording World Data On a Massive Scale - Strike Source

"In 2020, 29% of Americans reported using a VPN for personal use..."

www.strikesource.com

10

95

125

@RSnake

Robert Hansen

7 years

C'est la vie CISSP.

Tweet media one

23

40

113

@RSnake

Robert Hansen

7 years

Me: “I wonder what the right regex for checking emails is.” The Internet: 😑

Tweet media one

13

51

116

@RSnake

Robert Hansen

9 years

XSS BSOD <script>var c=new XMLHttpRequest();c.open('GET','/');c.setRequestHeader('Range','bytes=18-18446744073709551615');c.send();</script>

3

120

113

@RSnake

Robert Hansen

9 years

It turns out ~90% of credit card POS terminals use one of two passwords,166816 or Z66816. http://t.co/jCycsMW0QG

6

167

113

@RSnake

Robert Hansen

3 months

Basically...

Tweet media one

7

27

110

@RSnake

Robert Hansen

6 years

More cross domain leakage via CSS:

2

44

82

@RSnake

Robert Hansen

10 years

Wait, was this a 16 bit integer overflow the U2 caused when flying at 65,535+ feet? http://t.co/LbxgG5Tsxt

Tweet card media

Spy Plane Fries Air Traffic Control Computers, Shuts Down LAX

A U-2 confused the computers of Southern California air traffic controllers, cancelling and delaying hundreds of flights.

www.nbcnews.com

14

208

81

@RSnake

Robert Hansen

8 years

Wow, @mozilla : “No longer accept audits carried out by Ernst & Young Hong Kong.”

Distrusting New WoSign and StartCom Certificates – Mozilla Security Blog

Mozilla has discovered that a Certificate Authority (CA) called WoSign has had a number of technical and management failures. Most seriously, we discovered they were backdating SSL certificates in...

blog.mozilla.org

3

91

71

@RSnake

Robert Hansen

8 years

Useful default test financial data for pentesters. Don’t forget to disable test data in prod peeps.

Tweet media one

2

38

76

@RSnake

Robert Hansen

10 years

Detecting Tor users can be as simple as putting up a Tor hidden service and linking to it: <img src=“//[whatever].onion/?[user-ip-address]”>

1

72

70

@RSnake

Robert Hansen

7 years

If you're wondering, “Should I update my iPhone today?” Yes, yes you should:

Tweet card media

CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most...

CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod tou…

blog.flanker017.me

2

90

71

@RSnake

Robert Hansen

7 years

Cool, if you can inject into people’s CSS files you can use it to do keystroke logging without JS or breaking inline JS rules via CSP in the process:

2

56

63

@RSnake

Robert Hansen

5 months

More VPN shenanigans. This time it wasn’t the Chinese, it was Facebook, intercepting Snapchat users and decrypting their traffic:

Tweet card media

Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch

A secret program called "Project Ghostbusters" saw Facebook devise a way to intercept and decrypt the encrypted network traffic of Snapchat users to study their behavior.

5

27

63

@RSnake

Robert Hansen

7 years

“dolphins” is now a safe password, feel free to use it:

2

35

63

@RSnake

Robert Hansen

9 years

Wow, Flash is dead and now so too is Java Applets!

9

72

55

@RSnake

Robert Hansen

8 years

People to never lie to: your doctor, your lawyer and your security expert.

2

54

63

@RSnake

Robert Hansen

7 years

ImageMagick's ghostlib has a remote code execution exploit. If your site processes images, patch up:

2

51

58

@RSnake

Robert Hansen

3 months

1/ Whelp, Russia is legalizing hacking. Russia's new "white hat hacker" bill sheds light on its cyber capabilities and challenges. The bill aims to legalize ethical hacking under state control.

3

20

62

@RSnake

Robert Hansen

1 year

RIP James Flom (id) and his girlfriend Shannon Norton. James was my best friend.

Tweet media one

20

1

55

@RSnake

Robert Hansen

4 years

I hung out with someone who got the COVID vaccine and I’m sad to report my 5g cell phone reception has not improved at all.

2

7

56

@RSnake

Robert Hansen

7 years

Make sure to delete all of the recordings Google has of you (and tell your friends to do the same):

3

46

54

@RSnake

Robert Hansen

8 years

If your site collects PII you’ve got one month left before Google will mark it as insecure for not using HTTPS:

0

50

40

@RSnake

Robert Hansen

6 years

I’m disappointed to hear about Google today. They had a social product and didn’t tell anyone?

4

14

52

@RSnake

Robert Hansen

11 years

I published a list of HTTP Response headers for reference:

9

42

50

@RSnake

Robert Hansen

4 years

RIP @erikbirkholz :(

22

2

47

@RSnake

Robert Hansen

8 years

Me doing my duties on the @BlackHatEvents review board. Reviewing security talks requires hacker gear.

Tweet media one

6

10

45

@RSnake

Robert Hansen

6 months

100k! Thank you everyone who helped get the show to where it is!

Tweet media one

5

3

47

@RSnake

Robert Hansen

7 years

It cannot fail. The ultimate CAPTCHA:

Tweet media one

0

24

43

@RSnake

Robert Hansen

7 years

@internetofshit @kylemsanders CSS is awesome

1

13

42

@RSnake

Robert Hansen

11 years

I vote we rename “big data”, “heavy D”.

12

103

43

@RSnake

Robert Hansen

6 years

Venezuela’s Bolivars are worth so little they may start causing issues with exchanges who round to the nearest fraction of pennies.

Tweet media one

6

33

43

@RSnake

Robert Hansen

10 years

A nice JS de-obfuscation tool - Revelo 2.0 released: http://t.co/drTOHAjfoh

1

39

44

@RSnake

Robert Hansen

4 years

PSA - the command to detach a GNU screen (Control-A Control-D) is the same command in Outlook that selects all your email... and then deletes all of your email. Fun times.

9

11

43

@RSnake

Robert Hansen

6 years

I’m happy to announce that OutsideIntel was acquired by Bit Discovery:

7

14

41

@RSnake

Robert Hansen

11 years

In light of all these DDoS attacks, I wrote a DDoS runbook: http://t.co/HYtQx66M3v

9

42

41

@RSnake

Robert Hansen

9 years

If you use Firefox, type about:config click through type privacy.trackingprotection.enabled and change the value to “true”

1

28

40

@RSnake

Robert Hansen

7 years

I wonder how many kids will grow up thinking Alexa, Siri and Ok Google pronounce things correctly.

6

15

39

@RSnake

Robert Hansen

2 months

AT&T got hacked and it contains call logs and cell location data. If the data is passed to law enforcement are they allowed to use the hacked data they recover in OSINT even if it contains data on Americans, or is that still forbidden even if they obtained it in due course of

6

12

38

@RSnake

Robert Hansen

5 years

Another day, another exchange gets hacked and goes under. It almost feels like crypto exchanges are unsafe. Hmm...

2

18

38

@RSnake

Robert Hansen

8 years

IPv6 is… interesting. Your security/log analysis tool might require an update to normalize the addresses:

Tweet media one

2

20

36

@RSnake

Robert Hansen

4 months

Counterfeit network equipment branded as Cisco has been discovered at U.S. military bases, including those used in combat operations. The infiltration of these counterfeit items could compromise sensitive communications and operational effectiveness. If you’ve been paying

1

18

36

@RSnake

Robert Hansen

9 years

Apparently Adobe has finally agreed with what security experts have been saying for years: Java applets next.

1

65

34

@RSnake

Robert Hansen

2 years

Whew! What a ride!!

@TenableSecurity

Tenable

@TenableSecurity

2 years

We have officially acquired @BitDiscovery , a leader in external #attacksurface management (EASM). Paired with our market-leading solutions, customers will have a comprehensive view into known and previously unknown internet-facing assets.

Tweet media one

2

8

29

6

3

35

@RSnake

Robert Hansen

8 years

PSA: If you spam a conference with 15 submissions from your company it takes ~15 seconds to reject all of them.

2

9

31

@RSnake

Robert Hansen

2 years

Extremely accurate drone strike with a grenade. Pretty impressive delivery mechanism for tight seemingly impenetrable/austere conditions.

@SpecGhost

SpecGhost

2 years

Ho Ho Ho! #MeryChristmas #Weso łychŚwiąt 🎁💥 Throwing gifts into the chimney of Russian invaders by Ukrainian defenders. #Ukraine #GloryToUkraine

250

1K

9K

1

11

30

@RSnake

Robert Hansen

4 years

I’d expect huge layoffs tomorrow (Friday). Be nice to everyone. The chances are a lot of people and their families are going to have a very rough day tomorrow. #COVID19

1

5

29

@RSnake

Robert Hansen

6 years

Lexington Insurance Company and Beazley Insurance Company are suing Trustwave over Heartland breach:

4

23

31

@RSnake

Robert Hansen

11 years

If you use Gmail, I highly recommend changing this email image setting:

4

27

28

@RSnake

Robert Hansen

11 years

First of three parts: "Interview with a Blackhat" http://t.co/Sabk1fZViZ

4

43

30

@RSnake

Robert Hansen

3 months

Is it actually illegal for CISOs to take money or shares for fast-tracking companies? I am getting a lot of calls behind the scenes about this, and the consensus seemed to be wrong? Yes. Unethical? Yes. Opening up the CISO to civil suits? Yes. Grounds for termination? Yes. But

4

12

30

@RSnake

Robert Hansen

8 years

October 21st 2016. The day the Internet found out what DNS is for.

3

25

29

@RSnake

Robert Hansen

12 years

Finally got around to donating the XSS cheat sheet to @OWASP http://t.co/EI1zI9AK Now everyone can edit/modify at will.

2

56

29

@RSnake

Robert Hansen

2 months

@ErrataRob I poped some popcorn for this?!?

3

0

29

@RSnake

Robert Hansen

3 years

RIP @dakami :(

1

0

28

@RSnake

Robert Hansen

7 years

Ugh, disable @amazon Alexa Drop-In. It tells people when you're home. *shutter* Privacy disaster zone.

Tweet media one

7

31

28

@RSnake

Robert Hansen

8 years

One week remaining before Google marks http sites insecure if they have forms. Shhh, don’t tell your competitors.

0

20

26

@RSnake

Robert Hansen

3 months

Who is planning on being at hacker summercamp? @BlackHatEvents Hit me up if you wanna meet up. My schedule is already getting crazy.

Tweet media one

8

2

28

@RSnake

Robert Hansen

7 years

Time to make your smart TV’s dumb again and disconnect them. Exploit in HbbTV:

Tweet card media

Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

Security researcher warned that over 85% Of Smart TVs can be hacked remotely using malicious Broadcasting Signals

thehackernews.com

1

20

26

@RSnake

Robert Hansen

8 years

Secretary Fanning announcing “Hack the Army” Recruitment sites are in scope and open to .mil personnel. @hackerone

Tweet media one

1

22

25

@RSnake

Robert Hansen

8 years

It’s generally not a great sign when an agency refuses to say if they have any information about you, I’m guessing.

Tweet media one

3

11

25

@RSnake

Robert Hansen

8 years

It's always the weakest link, isn't it? Compromised printers can compromise Windows boxes via malicious drivers:

0

31

27

@RSnake

Robert Hansen

6 years

GDPR privacy changes already being deployed by some registrars. Whois is already being neutered in some cases:

Tweet media one

5

15

26

@RSnake

Robert Hansen

3 years

You’ll keep them updated, right?

Tweet media one

3

6

27

@RSnake

Robert Hansen

11 years

Tor hidden services decloaking technique http://t.co/IqlDOfINkA

1

29

27

@RSnake

Robert Hansen

7 years

PSA: Updating your phone and all apps before going to Blackhat/DefCon/BSidesLV is a good idea. Or better yet, don't bring them at all.

3

0

26

@RSnake

Robert Hansen

7 years

@gentilkiwi Are you *certified* not CISSP? Has someone checked your uncertification requirement to use that title?

1

2

25

@RSnake

Robert Hansen

7 years

Backstage about to go on at the Blackhat CISO event with @WeldPond @Kym_Possible @kjhiggins

Tweet media one

3

3

26

@RSnake

Robert Hansen

11 years

Useful little JavaScript tool to decode BigIP cookies: http://t.co/K00K2sdimI

0

20

25

@RSnake

Robert Hansen

3 years

Is it me or did the Internet miss a golden opportunity to name the log4j vuln “logjam”?

7

2

25

@RSnake

Robert Hansen

9 years

PHP magic hashes. http://t.co/7UFl4lVRKu Please send me your own, if you can find them.

6

16

23

@RSnake

Robert Hansen

6 years

Don’t forget to block those site/ad trackers, kids. Google Analytics especially.

@s8mb

Sam Bowman

6 years

Google's tracking has grown since the GDPR came into force while its smaller rivals have been obliterated.

Tweet media one

5

76

153

1

7

23

@RSnake

Robert Hansen

9 years

Apparently these characters can crash Chrome? http://a/%%30%30

10

37

24

@RSnake

Robert Hansen

9 years

There, I fixed that for you, @BlackBerry . ht @CygnusSEO

Tweet media one

3

11

23

@RSnake

Robert Hansen

7 years

“You don’t want a doctor to have to go through a forgot password flow with a patient on the table.” “I’d hate to see a corpse with it’s privacy intact.” Wrt optimizing for human life over privacy - @beauwoods

3

16

22

@RSnake

Robert Hansen

9 years

Formaction scriptless attack (HTML5 fun):

0

21

23

@RSnake

Robert Hansen

10 years

Aviator is finally going open source:

2

29

23

@RSnake

Robert Hansen

4 years

News Outlets, “Bad actors are trying to make money off of the coronavirus crisis.” Also News Outlets, “You can’t see our clickbait until you enable ads.”

1

3

20

@RSnake

Robert Hansen

11 years

10 proactive security things to think about as you're building your web app:

0

30

22

@RSnake

Robert Hansen

5 months

@JudithLewis Why should you never play Monopoly with Google? They’ll keep changing the rules.

1

2

22

@RSnake

Robert Hansen

4 years

For UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN users out there:

Tweet card media

Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the...

Maybe it was the old Lionel Hutz play: 'No-logging VPN? I meant, No! Logging VPN!'

www.theregister.com

0

10

21

@RSnake

Robert Hansen

3 years

@tqbf This guy has definitely worked for me before.

0

0

17

@RSnake

Robert Hansen

8 years

Facebook: Settings->Account settings->Ads->Manage the Preferences We Use To Show You Ads->Visit Ad Preferences->More

Tweet media one

0

12

20

@RSnake

Robert Hansen

4 years

Regarding breach disclosure: it occured to me that companies could use the spammiest looking content with the worst keywords from the shadiest RBL IP ranges and send it out as fast as possible so that it gets caught by anti-spam filters.

2

2

21

@RSnake

Robert Hansen

11 years

Tor SSL downgrade attacks being performed. Moral of the story? Don’t trust the exit node: http://t.co/zLM7Ptx373

Tweet card media

Scientists detect “spoiled onions” trying to sabotage Tor privacy network

Rogue Tor volunteers perform attacks that try to degrade encrypted connections.

arstechnica.com

5

63

21

@RSnake

Robert Hansen

7 years

If you use a Symantec/Thawte/Verisign/Equifax/Geotrust/RapidSSL cert, you'll be needing to replace that:

0

25

20

@RSnake

Robert Hansen

18 days

@x0rz @AdGuard It's horrific what the Internet has become in some ways. There's got to be a better model. As a percentage of Internet traffic that is enormously inefficient.

2

0

21

@RSnake

Robert Hansen

3 months

Over the last week I have run several polls about the supposed "Gili Ra'anan model" which allegedly compensates CISOs for preferentially buying products and services. Whether this is a real thing or not I cannot say for sure, but by judging a lot of the feedback I got offline and

Tweet media one

2

5

21

@RSnake

Robert Hansen

8 years

Russia is just DDoSing to help the US with work-life balance and to that we say thank you.

1

12

20

@RSnake

Robert Hansen

10 years

Wow - this could get very interesting for the pen testing/assessment industry. Banks sue Trustwave for Target breech: http://t.co/D0moZ59xZg

16

64

20

@RSnake

Robert Hansen

7 years

Never underestimate hackers!

@frgx

Devdatta Akhawe

7 years

omgwtf

Tweet media one

7

239

580

0

11

20