🦆 SchizoDuckie 🦆 @SchizoDuckie Twitter profile | Pikagi

Pikagi

🦆 SchizoDuckie 🦆

@SchizoDuckie

2,363

Followers

1,283

Following

7,039

Media

29,963

Statuses

Developer by day, Researcher at @divdnl by night. Has 'simultaneously the best and worst pseudonym we've seen' according to @tomshardware

South Holland, The Netherlands

https://t.co/saptq2C8cI

Joined February 2010

Don't wanna be here? Send us removal request.

Pinned Tweet

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread: (1/8) @Belastingdienst gave me the go-ahead to share the story of how the Lamest Hacker You Know® received this epic #ResponsibleDisclosure award from them. Looking back on it I don't think I can tell it any better than this chat log interaction, so here it is raw:

Tweet media one

Tweet media two

21

422

1K

Last Seen Profiles

@faerieologyyy

@AamirPhee

@FTMothmaan

@nicolas__sanson

@confusedadele

@HKN7HQ6paJStvLI

@kusyiing

@GennyJacal60825

@Ogre660

@amarianabecker

@georg_salva

@tahtrinj

@sergiopeinador

@xkk622zdb5

@juiki6

@AllProWam

@llijialin

@amanda_hsiao

@onlineshoppin2

@SeeMiaRoll

@Ccsz247318

@xeng_xung

@SebastiaPeris

@mrym37560

@Neewshah

@fluent_zero

@xsheeya

@bokeplokalmalam

@YunoGas56200237

@Munsterpps

@bokeplokalmalam

@riverleecrush

@jinkination

@turbanlisever69

@brondong557kuat

@BrockSkip

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@TeresaTesQueen @nocontextscats @bigbootyderek Have you seen the price of printer ink these days?

1

12

933

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 months

Me running SentinelOne

Tweet media one

9

69

859

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Hacking Fujitsu is so easy you don't even need malware because they just give you the keys Also they don't give AF about good faith researchers, dont have bugbounty program, vdp, security.txt, nothing. Just a psirt address that doesn't even have the courtesy to respond.

Tweet media one

@Cyber_Asia_

🄲🅈🄱🄴🅁 🄰🅂🄸🄰

6 months

Fujitsu confirmed a cyberattack in a statement on Friday, and warned that hackers may have stolen personal data and customer information. @TechCrunch @Fujitsu_Global #cybersecurity #databreach #hacker #japan

Tweet media one

1

8

43

5

86

571

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (8/8) And that, my friends, is why you should not hardcode passwords. Over the last couple of years I've seen the inside of more big name companies than I ever imagined by just finding passwords. This is a massive problem and I would love to give @github some tips.

4

14

330

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

@Foone I once encountered a virus infection that deleted all the fonts on the system (among other things) but Marlett could not be deleted because it gets an "in use" flag really early when loading the gui. This meant that Marlett was also the *only* fallback Font for text rendering!

Tweet media one

1

9

294

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Is this a #Shitpost ? Maybe.

Tweet media one

8

40

271

@SchizoDuckie

🦆 SchizoDuckie 🦆

8 months

@vnglst I love it. So does Yeti

2

4

261

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@mikko My favorite is opening a full screen browser to

10

35

244

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Tweet media one

2

43

202

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@tesseralis Imo yeet should be a synonym for "throw" ``` yeet new FatalExceptionError("this is fine"); ```

9

8

192

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Never half-ass anything. Even if you mess up, make sure people are impressed.

Tweet media one

6

27

191

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@erapplebaum @janking59 @birly_j @AmyKNelson @mehdirhasan Hello from The Netherlands. Power cables will work under water and in swampy soil no problem. Only above ground lines we have here hare the high voltage city to city lines

3

8

181

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@daveshackleford I'll give you a one picture teaser, then you can grab some popcorn and strap in before reading the rest

Tweet media one

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread: (1/8) @Belastingdienst gave me the go-ahead to share the story of how the Lamest Hacker You Know® received this epic #ResponsibleDisclosure award from them. Looking back on it I don't think I can tell it any better than this chat log interaction, so here it is raw:

Tweet media one

Tweet media two

21

422

1K

4

22

150

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

Just married 🥳💍

Tweet media one

52

2

135

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (7/8)

Tweet media one

1

4

121

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread: (2/8)

Tweet media one

1

4

113

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (6/8)

Tweet media one

1

3

108

@SchizoDuckie

🦆 SchizoDuckie 🦆

7 months

@r0wdy_ Hello from The Netherlands, Where there are provisions in place in our law system to allow exactly this for researchers that adhere to a strict set of ethical guidelines. Somebody's gotta do it. So then we'll do it. Thank us later. Or not at all, we'll still do it.

2

4

105

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (3/8)

Tweet media one

2

3

102

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (5/8)

Tweet media one

2

3

102

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Thread (4/8)

Tweet media one

1

3

98

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 months

@wesbos Boolean in .env with a default in config/

3

1

96

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Presented without further comment.

Tweet media one

Tweet media two

Tweet media three

10

3

91

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@campuscodi @4Dgifts This seems to be a recurring career path for people in crypto

0

1

76

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@instantkarma23 @Lexcat12 @Hertog6 @erapplebaum @janking59 @birly_j @AmyKNelson @mehdirhasan If the US would put one year of war spendings in national infrastructure thingies like this (roads, electricity, bridges) the country would be in a so much better state

2

2

81

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

What a lovely day. We told *nobody* we were getting married, so it was me, wife, kiddo and our 2 witnesses. Had lunch with the lady I can finally call my wife and kiddo in the afternoon, even a little nap inbetween and dinner with the witnesses in the afternoon 10/10 recommend🥰

13

0

80

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@jobbes86 @Belastingdienst Yes sir I confess. And yet here we are and I got this trophy. I reported this before anyone else found it and could take exploit it while staying silent. If this means I'm breaking the law I'll take that risk because someone obviously has to.

2

0

74

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@ThijsWhoa @korpsmariniers @sebohofkamp This is my rifle, this is my gun, this is for fighting and this is for fun

2

1

69

@SchizoDuckie

🦆 SchizoDuckie 🦆

4 years

@lilbigron @samfbiddle You mean: Alexa, send in the claymore Roomba's

0

0

63

@SchizoDuckie

🦆 SchizoDuckie 🦆

8 months

@__femb0t How can this be topped? Programming DNA that grows an OLED and control circuit that runs doom?

5

0

67

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Tweet media one

@ghidraninja

stacksmashing

6 months

Hello there, toilet firmware

Tweet media one

6

20

407

0

7

68

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Infosec pop quiz: What exactly IS #Fujitsu training here? 😂

Tweet media one

Tweet media two

8

7

68

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@TomSellers @lcamtuf JingleShells all the way! 🎅🎅🎅

0

0

66

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

Yay, I was awarded a $300 bounty on @Hacker0x01 ! Thanks @Udemy for still rewarding an out-of-scope issue! #TogetherWeHitHarder

Tweet media one

5

0

65

@SchizoDuckie

🦆 SchizoDuckie 🦆

4 years

@cirrius_tech

Tweet media one

0

0

61

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

I tried one from my perspective

Tweet media one

@UK_Daniel_Card

mRr3b00t

@UK_Daniel_Card

1 year

This is a diagram to try and show why orgs don't tend to shine when scoping their "pentesting" projects/activities. The issues is that "most" orgs don't have a strategy beyond can you pentest us or can you test "this website"

Tweet media one

10

11

74

3

19

59

@SchizoDuckie

🦆 SchizoDuckie 🦆

4 months

HOLY freaking shit the @bunjavascript debugging experience is 🔥🔥🔥🔥 Start your process with `bun --inspect=4000` and it'll throw you a url in cli to which runs a modified webkit inspector that just works out of the freaking box 💯

Tweet media one

Tweet media two

2

3

60

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

- Overheid: vangt in een paar weken ineens 40 cent netto meer voor elke liter benzine - Overheid: "Ja nee we kunnen écht niet zomaar iets doen aan de #benzineprijs want dan gaat het hele land kapotstuk" GA GVD WAT DOEN AAN DIE BENZINEPRIJS IDIOTEN

Tweet media one

11

14

58

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

I want to give a special shout-out to @AstridOosenbrug for being one of the reasons I can do what I do here in The #Netherlands She kickstarted the political climate where security researchers are applauded instead of prosecuted and now leads @DIVDAcademy . Legend. ❤️

Tweet media one

1

12

59

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

@Gi7w0rm I'll ask the obvious question: Why does a secured meeting on a custom client with additional security features allow downgrading the integrity of all of the connected clients by foregoing the 'secured' part?

5

0

58

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@SwiftOnSecurity A parking garage ticket machine with like 6 different forms of payment accepted, three card slots, a ticket printer, flashing buttons, and arrows and text everywhere. Stuff of nightmares.

2

2

55

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

Welcome to the future

Tweet media one

2

16

54

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@ashu_barot @RomSteady @securitytxt Done that multiple times. I like to pick the most senior security dude from their own address book and just whatsapp or call them. Pro tip: lawyers get spooked if you do that to them

0

1

53

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

HeT iS eEn CoMpLoT zeg ik je!

Tweet media one

1

3

56

@SchizoDuckie

🦆 SchizoDuckie 🦆

4 months

"We value your #privacy " "We and our 762 technology partners" Fuck off. *Closes tab*

Tweet media one

7

4

55

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Achievement unlocked 😎 As of today I'm allowed to call myself researcher at @DIVDnl , the Dutch Institute for Vulnerability Disclosure. So proud to be a part of this, thanks for having me!

7

0

53

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@ryanflorence - varchar(8) - no hashing

1

0

49

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@_BalthazarBratt @sshell_ Closing the door and opening the hatch that leads to that pit so deep it goes all the way to the depths of hell

0

1

48

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@0xdade My SSID is X5O!P% @AP [4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

1

2

46

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

What I love about #ResponsibleDisclosure : kind people ❤️🍻

Tweet media one

1

3

46

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 years

@iamdevloper

0

0

45

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@cperciva Make sure to do it on a site that'll be breached in the future for a gift that keeps on giving.

0

0

42

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@SwiftOnSecurity Oh crap. Speedrunners... Tool Assisted Speedrunners. HIDE!!

0

0

40

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 months

@GossiTheDog @_JohnHammond I'm a programmer and cant wait to have my code backed up REALLY really thoroughly over and over and over 🤣

1

0

43

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

She said yes 🥰🥰🥰

Tweet media one

16

0

42

@SchizoDuckie

🦆 SchizoDuckie 🦆

4 months

Niet geheel hoe ik gedacht had wakker te worden vanochtend, sirenes. P2000 check, om de hoek. F. Aankleden. Wordt er ineens een geredde kat die naar rook ruikt m'n slaapkamer ingesmeten want m'n lief was al bezig en heeft 2 katten in veiligheid gebracht.

Tweet media one

5

1

42

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

@dashJdot @elaifresh The "like, share and subscribe" sign

0

0

40

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@griffonatrix @theangelremiel @hondanhon Make sure to mint it on an OLED screen otherwise its just fancy #000

1

0

41

@SchizoDuckie

🦆 SchizoDuckie 🦆

11 months

May or may not have caused a minor international incident at #HackTheHague today

7

1

39

@SchizoDuckie

🦆 SchizoDuckie 🦆

10 months

@gdisselkoen Toen ze zeiden dat het internet en toegang tot alle informatie op de hele wereld mensen slimmer zou maken hadden ze het fout. Zo. Ontzettend. Fout... 😭

2

0

39

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

"New Outlook" must DIE It shares your tracking cookies with 801 third parties!!! #privacy #gdpr #stopthismadness

Tweet media one

7

12

40

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

@LaserMistress @pokitmeter @adafruit Stumbled upon this gem on reddit recently

Tweet media one

3

6

40

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

Dear Twitter fam, something serious: my little nephew is dying from leukemia. This 13 yr old kid is making his bucket list because even the most brilliant doctors in The Netherlands are basically calling their defeat. I know it's a long shot but do I know anyone that works magic?

25

21

35

@SchizoDuckie

🦆 SchizoDuckie 🦆

7 months

Mad respect to the #BadgeTeam here. DIVD members identified and reported a Buffer overflow vulnerability in the #Badge of #HackerHotel ( CVE-2024-21875 ) and this morning it was fixed already on the stable channel! Update your badge!

4

4

39

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@pimbrassien @jochemmyjer Lekker gevlogen Vince! Voor de geinteresseerden, dit is een 2.5" FPV "Cine" quad ?

Tweet media one

4

0

38

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@digitaaldenken @Belastingdienst Oh it is definitely true. And to scare you even more: I'm almost getting used to it. I could do this all day and stay busy, but the day job actually pays. I've been pulling this same trick for almost 3 years now and I'm nearing 500 responsible disclosures via just email

1

0

38

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

Hot take: Als je admin password Welkom01 was moet je eigenlijk gewoon echt gewoon je bakkes houden en de L nemen en blij zijn dat je niet geransomed bent door iemand met een bot die dit automatisch doet.

Tweet media one

6

5

37

@SchizoDuckie

🦆 SchizoDuckie 🦆

7 months

@r0wdy_ No worries, we report there too 😘

2

0

37

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

Mad props to @TheOnion who consistently runs the same headline whenever these mass shootings happens. Resulting in this.

Tweet media one

0

13

34

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

@gdisselkoen @mevrouwadvocaat Legend.

Tweet media one

8

1

33

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@binpwn @Belastingdienst I am worse than a script kiddy. I don't even use scripts.

2

0

36

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

ZOË! GVD 🤬🤬🤬

Tweet media one

12

0

36

@SchizoDuckie

🦆 SchizoDuckie 🦆

6 months

@ghidraninja I cant wait for this data breach to happen

1

0

35

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 months

I disclosed to Disney years ago, was on their intranet, as an employee and pulled an excel sheet with 130k servers/specs/ips. Their response: "come have a beer if you're in florida some time" I feel nothing.

@404LEAK

404 LEAK

2 months

Disney has been hacked. Around 1TiB of Data is stolen including Unreleased projects, raw images and code, some logins, links to internal api/web pages, and more.

177

751

8K

2

2

36

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 month

Am Dutch, Can confirm this is all 100% accurate. Except I never got my bike stolen because I befriended the junkie at the local train station

1

3

34

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

TBH, most, if not all, other airplane models show an equal problem when their fuel tanks are empty. #ThanksCaptainObvious

Tweet media one

4

5

34

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Stay weird, al🔥

Tweet media one

0

1

34

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

✅ Achievement Unlocked Kamervragen n.a.v. mijn hackwerk 😱

3

8

32

@SchizoDuckie

🦆 SchizoDuckie 🦆

7 months

Damn wat een kunstwerk! #Badgelife #HackerHotel

Tweet media one

7

3

33

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

Delete your account

@gvy_dvpont

Guy Dupont

5 months

We need to STOP running DOOM on new things and START putting new things into DOOM. For example, today I added micro-transactions to the original game. Any time you pick up an item, the game freezes until you make a payment.

302

2K

21K

0

6

33

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

@jhewitt_net I love that this type of recycling exists. Just send it through the bandsaw and sell it

0

0

31

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

@MalwareTechBlog See, this is why we only give americans 110v

0

0

31

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 months

I love Dutch Summer. This year it's on a wednesday

Tweet media one

2

0

32

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

@johnjhacking I still wanna make an nginx module that pretends it's vulnerable to a blind SQL injection and then outputs a custom virtual schema when's they start downloading, which obviously contains the full lyrics to never gonna give you up as tables and fields

0

3

30

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Real pro's don't cut corners. They drill them.

Tweet media one

2

0

30

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Aan alle #nieuws zenders die weer openen met "russische hackers" die "sites platgelegd hebben" DDOSSEN IS GEEN HACKEN DDOSSERS ZIJN GEEN HACKERS MIJN DOCHTER VAN 8 KAN DIT. DDOSSen is nog minder dan jezelf vastplakken op een start/landingsbaan.

4

2

29

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

Bank: Secured. But only because I was able to convince their Twitter support chat of the urgency of providing me an e-mail address to send my responsible disclose to. Not everyone will do that. Support engineer made the right call, vuln was nixed within 24 hours #HackThePlanet

Tweet media one

1

4

30

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 months

BOOM💥 I was awarded a $3,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - schizoduckie

I find the passwords you upload to the public internet before the ransomware idiots even get a chance -

6

0

30

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

@AgingWheels Buy fuses for the battery pack you want, not the battery pack you have

0

0

29

@SchizoDuckie

🦆 SchizoDuckie 🦆

9 months

They are absolutely glorious @DIVDnl #ChallengeCoin

Tweet media one

Tweet media two

2

1

28

@SchizoDuckie

🦆 SchizoDuckie 🦆

8 months

@0xdade @scriptjunkie1 There is no prem, it's just someone else's cloud

1

1

27

@SchizoDuckie

🦆 SchizoDuckie 🦆

7 months

Guess wie er een #goedecyberslechtecyber kwartet set gesnatched heeft ❤️🤣

Tweet media one

Tweet media two

7

1

28

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

To top off my holiday, I was awarded a $500 bounty on @Hacker0x01 ! 🤠 #HackThePlanet

1

2

26

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

Tek tek oop oop! Ik had even een volledige brain freeze op de vroege morgen

Tweet media one

0

1

27

@SchizoDuckie

🦆 SchizoDuckie 🦆

5 months

Iemand dorst? #WhiskyLeaks

Tweet media one

7

1

28

@SchizoDuckie

🦆 SchizoDuckie 🦆

3 years

Reserved myself a special place in hell today. Love how that came out

Tweet media one

Tweet media two

1

1

28

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 months

Ik ga niet eens de spiegelreflex proberen te pakken. Its perfect. #HoekVanHolland

Tweet media one

4

1

29

@SchizoDuckie

🦆 SchizoDuckie 🦆

1 year

@thembeddevguy @citcsmobile @lozaning @MarcusBrodie6 That's how I tried to win a constest to grab a free FPV drone if you could pull it out of the air by hacking... Until i found out the Dutch Telecom Authority was on-site with their tricked out scan van 🤣 i never once dared to hit the button

Tweet card media

SchizoDuckie (@schizoduck) • Instagram photo

www.instagram.com

2

0

27

@SchizoDuckie

🦆 SchizoDuckie 🦆

2 years

Periodic reminder voor o.a. @rotterdam #bijen #bloemen

Tweet media one

3

1

28