I found a zero day exploit in
@apple
that they are refusing to reward me for! So I am telling all of twitter!!
You can break their encryption algorithm (RSA) if you have the private key, this is such an obvious exploit why won't Apple reward me?
🤐 Hacking tip 💡
Defenders are so used to hackers using VPNs that if you use your real IP address they'll never believe it, and you'll be perfectly safe 😎
🔥🤑🤑 Neat bug bounty I just got. You can hack Google and use their API to make their search engine search for things:
curl {QUERY HERE}
Nice little £20,160 bounty! Thank you 😻😻
All public APIs are vulns ⚡⚡⚡
Follow for more
#bugbounty
tips!
(1/4) Introducing, ⚡ FastScan ⚡ You think sub 1-second port scanning is good? FastScan can complete a scan in 🚨 0.02 seconds 🚨
How can it do this? A thread 🧵
🤑 Found a neat RCE Medium bug on Windows 11 🔥
If the computer is unlocked, you can plug in a bluetooth keyboard and execute any commands you want remotely💻🤯
Nice little $500 from Microsoft for this 🔥
Follow for more tips on bug bounties ❤
#bugbounty
#hacking
#infosec
Let's run a little giveaway! 3x 1-month TryHackMe vouchers. To win, you must:
* Follow me (so I can DM you) 😄
* Retweet this 🐦
* Reply with your favourite TryHackMe room! (I'll use this in a blog post, you'll get credit too ❤)
Winners will be selected on 20/01 at ~5pm UK! 💘
£5500 😱 Last week bug bounty finds 💸
Here is how I did it 👇
I posted a bunch of tweets claiming to "help" newbies in this field 😉
They came to me with bugs and wanted help, I stole their work and profited from them 🤑
Follow for more tips
#bugbounty
#hacking
Love it when a prominent infosec influencer steals your open source work (and the work of others), creates their own tool and promotes it as "brand new and unique".
This violates the GPLv3 license, but more importantly, who steals someone else's work????
Ciphey - automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes⚡
Just released 5.11.1, adding support for Python3.9 and fixing many bugs 🔥
Wait until you see the revamp of the hash cracking module 😉
I GOT THE JOB! 🥳🥳🥳🥳🥳At my DREAM company!!!!! 🥳🥳🎉🎉🎉
Thank you so much to everyone that's supported me (
@z_zojja
@NoxCyber
@RealTryHackMe
)
Special thanks to
@erhannah
for mentoring me through the grad process, I hope I can repay you 1 day
I think we kept on getting deeper and deeper into system design and eventually this one question was just knowledge I didn't have. I gave _a_ solution, it wasn't great at all but it would have worked 🤷♂️
Hope I get it :((
🆕 New tool release! PyWhat helps you identify important things in a file, think of it as a smarter version of "strings"
Run it against a .pcap and find all IP addresses or CTF flags. Run it against malware and find crypto-addresses and domains!
🔥 Introducing Name That Hash - Modern Hash Identification system with popularity ratings, Hashcat, John, and descriptions.
The little secret project I've been working on for weeks with
@q8fawazo
@Jayy_2004
@OrielOrielOriel
and more!
99% of people lost their crypto/NFTs via a phishing attack. They are fooled into clicking a link or signing a transaction.
Let me show you an easy, step-by-step guide to work out if it's a phishing attack in under 5 minutes.
This thread will save you 💰💰💰
Every crypto wallet sucks for general use. The user experience of crypto is the biggest thing stopping it from going mainstream, let's look at what the perfect wallet may look like.
In the UK, over 600k people have signed a petition to make it a requirement to provide identification when signing up to social media.
Let me tell you why this hurts marginalised people and is a very bad idea.
#trackatroll
Hey, looking for a bug bounty hunter. Willing to pay £500.
I have a spider in my kitchen and I am placing a bounty on this bug.
DM for offers
#bugbounty
#hacking
#bugbountytips
@kyliebytes
hi I am an open source maintainer with ~15k+ GitHub stars and ~300k downloads
someone sent me £3 and I cried because it was the first time anyone had ever said thanks for my OSS work
pls support open source work and thank them 💓💓 It means so much :-)
Fun fact: 2 years ago I was so lost I didn't even know how to hack Blue. I had never heard of Nmap so I had to read a writeup to figure out what to do!
We all start somewhere, don't feel bad about it 🤗
Buying a hardware wallet or using a smart contract wallet costs money, and not everyone has that!
Here's how to make Metamask super secure without spending a single penny.
How to become an famous infosec tool developer in 2 easy steps, you won't believe step 2!
1. Develop a port scanner with absolutely no unique selling point
2. Claim it's faster than everything else without proving it
Now you're infosec famous! 🥳
@InsiderPhD
@RealTryHackMe
I wrote a blog post on a free guided path for TryHackMe too, so if someone's reading this and isn't sure what to do first this will help! :)
Very happy with how my
@RealTryHackMe
day 16 challenge went down. A lot of people found it quite hard and had to learn Python to solve it. Some experienced coders did it in a few minutes. Exactly as I planned! :)
(4/4) It has 100% accuracy on everything I've tested it on (test set == web servers only that serve both HTTPS and HTTP)
Here's the source code if you want to see how it works in detail. Good luck understanding it! I used my full 3-year CompSci degree to write this code.
In Response to My First Impressions of Web3 by
@moxie
I thought it was a fair article, it was missing a lot of things so I added some rebuttals here and there and even included the things I hate.
The
@RealTryHackMe
free path blog post has been updated again!
* New networking section!
* Owasp top 10, AOC1, AOC2 make an appearance
* Things moved around
⚙⚙⚙⚙🥳🥳🥳
A hardware wallet is not the ultimate security tool for all of your crypto needs, stop being fooled by it.
You can and will be hacked if you don't read this.
Here are the reasons why hardware wallets are not the silver bullet for security:
Some quick reminders:
💚 You don't have to be a web developer to be a programmer
💙 You don't need a fancy portfolio to be a great developer
💛 You don't need a blog to be a programmer
💜 Stop comparing yourself to others
You are awesome, never forget that :) <3
Ever wondered how I know so much? I take a lot of free online courses. This thread collects my favourites so you don't have to take the boring ones :) 👇
I got muted on a Discord server for saying "I support gay rights" nice
Better than that time Large InfoSec Youtuber's Discord mod tagged me and called me mentally ill for being LGBTQ+ lol
From being one of the first 5k
@RealTryHackMe
members to supporting over 300k 🔥 My journey has been wild 😄
Happy 300k THM fam <3 Now let's get the subreddit to 10k 😉
It's official! 🌌 I am now a backend engineer
@monzo
🥳
Here's a picture I took at
@PrideInLondon
when
@MakingMonzo
invited me in 2018! 🌈 Back then I was just a community forum member 🥲
Top Youtube Channels for programmers.
~Freecodecamp
~ Nick White
~ TheNewBoston
~ Kevin Powell
~ Sentdex
~ Kalle Hallden
~
@PatrickAlphaC
~ Fireship
~ Michael Reeves
What's your favourite?
3 years ago I started blogging because I thought "I could teach better than my professors"
Now professors are teaching things I've made.
It's only a matter of time before I go back to "I will summarise a lecture about something I've made" and go full circle 😂😂😂😂
A lot of people think I brought witches to sell them to make profit
In fact, I brought witches to roleplay in the Discord server with no intention of selling or hoping their price would go up 💀
🧙♀️ The “crypto coven” — a collection of witch avatars minted as NFTs — has quickly become a magical and extremely lucrative project, already generating over $20 million in sales.
Here’s how five friends created
@crypto_coven
. 👇
Some quick reminders:
💚 You don't have to be a web developer to be a programmer
💙 You don't need a fancy portfolio to be a great developer
💛 You don't need a blog to be a programmer
💜 Stop comparing yourself to others
You are awesome, never forget that :) <3
In case you missed it, I was interviewed by XSS Rat!
@theXSSrat
. Come listen to me talk about artificial intelligence, penetration testing, bug bounties, and quantum supremacy!
PS: This was my first ever interview, I was incredibly nervous 😨
For people that don't understand, when you Curl this URL the Google Database returns data to you unauthenticated and even the secret source code of their site.
The source code is not meant to be public + unauth access 2 database.
This is a P1 crit that made me £20k 🤑
MY FIRST OFFER!!! 🥳🥳🥳
Also: HR at company X (different to the offer) thinks I'm above grad level so if I get that job I'll basically be a compsci graduate that's never held a grad role <3 :D 🥳🥳🎉🎉🎉
In the future, all wallets will have a similar function to
@meta_angels
lending to lend your NFTs out to a hot wallet.
Keep your NFTs in a vault, never make transactions with it but lend out your NFTs to a hot wallet to be eligible for allow lists, airdrops etc.
@jna_sh
AWS Systems IoT Kettle Manager is amazing. My team used to manually boil the kettle, but now we have it in a Fargate Kubernetes Cluster it is so much easier. Especially when more than 2 people want to boil water at the same time, we can use network load balancers for it!
Your seed phrase is the most important part of your crypto security.
But, I bet you haven't thought much about it other than "write it down".
Here is the essential information you need to secure your assets properly 🔐