After months of working on this, I’m excited to release my first bug bounty course on
@udemy
today! This is not a complete course just yet, but I will be regularly updating it with new content and labs!
Thanks for 50,000 followers! I’ve partnered with
@eLearnSecurity
to give back to the community! Three lucky winners will win an eLS course of their choice.
To enter, all you have to do is like and reply to this tweet and follow eLS!
I have worked at a leading bug bounty platform.
Hacked companies like Airbnb, Apple, Snapchat, Department of Defense, PayPal.
Currently enjoying day one of unemployment.
Ask me anything?
I'm excited to announce that I have started a new role at
@Hacker0x01
as the head of Hacked Education to help create more content for hackers on
#Hacker10
! 🎉
I don't understand the hate and shade people throw at content creators. Can someone tell me what the fuck is the actual point in hating on people who are educating others for free?
Here are the slides from our talk at
@defcon
- "Owning the clout through SSRF and PDF generators". We'll probably write 3 blog posts on a few bug bounty examples soon! Also a big thank you to
@daeken
for being my partner in crime through this research.
My Udemy course is listed for FREE using the code 'FREEBLACKFRIDAY 'and then only $9.99 with 'BLACKFRIDAY23'. There’s a brand new update coming to the course in 2024! New labs, new videos and new challenges! 👀
🚨
@Burp_Suite
giveaway 🚨
2020 was a pretty rough year for a lot of people but I want to end the year on a good note. Reply with something you are grateful or proud of that happened in 2020 and I'll pick a random reply and send them a free Burp Suite license! 👇🏽
What are some endpoints that make you excited when it pops up while performing a directory brute force? Here are some of mine:
/api/proxy
/swagger-ui
/demo
/metrics
A group of us started to do this challenge for the entire month of November. Today was day 1. Feel free to join us if you’re up for the challenge.
Will try and update this thread every night.
I have 2 PWK vouchers to giveaway! Two ways to win
1. Join my discord & react to the message posted in announcements. ()
2. Like and respond to this tweet with
#nahomies
Big thank you to our
#nahamcon2022
sponsor,
@offsectraining
for making this happen.
I have a one year and a six month subscription to
@PentesterLab
for two people who reply with “
#NahamCon2022
” under this post.
Will pick winners tomorrow.
This Friday is my last day at
@Hacker0x01
. The last 6 years were have been incredible. I learned a lot of valuable lessons and met a ton of amazing people.
To celebrate I wanted to share the 6 things I learned from my time at h1.
I get asked how I manage a full time job, content, steam, hacking on top of my personal life. I’m going to answer this once and only once: if you have time to waste on YouTube/Reddit you have time to learn how to hack. I go to bed an hour later and wake up an hour earlier
Introducing The 5 Five Week Program: A program designed to help you find your first vulnerability. At the end of the 5 weeks, I will be bringing someone onto my team to directly work with me on a pentest!
There are time when I really don't wanna stream or make content, then I randomly get messages like this and remember why I started doing all of this in the first place. Thank you! 🙏🏽
What are some books you recommend to someone wanting to break into cybersecurity/hacking to learn the basics ⁉️ Would love to make this a thread on infosec book.
Here are some of my recommendations 👇
Besides curl and sed/awk/grep, what are some of your most frequently used linux commands that you think will help with hacking? (not including tools like nmap, metasploit, etc)
Check out my latest video on "Creating Wordlists for Pentesting & Bug Bounty Hunting". I also showed how I use
@DanielMiessler
's SecLists,
@TomNomNom
's Waybackurls, or Google's BigQuery to create my own wordlists!
LMK what you think of the video!
I just realized I have some more
@PentesterLab
vouchers, thanks to
@snyff
for sponsoring the LLS stream. Drop a reply under this tweet and I'll pick 3 people and give you either a 3 mo, 6 mo, or 12 month subscription.
Alright twitter, help me out! I'm trying to make a good list of places to find swagger (or swagger.json). Here are few of my favorites:
/swagger-ui/swagger.json
/apidocs/swagger.json
/api-docs/swagger.json
/swagger-ui
/api-docs
/apidocs
/swagger
/v1/swagger.json
With
#NahamCon2022EU
coming up I think it’s only fair to giveaway a one year subscription to
@pentesterlab
to someone random responding to this tweet. 👇🏽
This is how a hacker (nojob) was able to find a vulnerability in
@port_finance
and collect a bounty worth over $600,000 through
@immunefi
's bug bounty platform!
Thank you
@HalbornSecurity
for sharing their technical insight on this vulnerability!
Thread on educational content: 👇👇👇
This is coming from someone who sells a course. You really don't need anyone to teach you _anything_. Especially for bug bounties. The only thing you need in order to become successful is curiosity. To ask yourself "wtf does this mean" & 1/n
The "Resources for Beginner Bug Bounty Hunters" repository on
@github
was just updated with new content! If you are a new to hacking and bug bounty hunting, you should definitely check this out! 💯🚨🔥
Found a pretty neat SSRF on
@snapchat
and thanks to ideas from
@daeken
@bbuerhaus
, we were able to escalate it a bit. Technical details will be included in our talk
@defcon
and
@BSidesLV
(if it gets approved). Enjoy!
If you're still looking for resources to get into hacking or bug bounty, I highly recommend taking a look at this GitHub repository! It has a list of videos, labs, and talks for anything hacking related!
Don’t ever let anyone tell you that you can’t do it. I grew up with a large number of friends and family members laughing at my “hacking skills”. Don’t same friends are proud of me now and bring it up every time they see me. If I did it, you can too, homie.
After months of work, I have finally updated my Bug Bounty course with a massive focus on hands-on labs through
@hackinghub_io
!
More info here 👉🏼
Use code UPDATE50OFF to get 50% off!
I also have some free codes! RT/Reply for a chance to win!