ramsexy @plmaltais Twitter profile

Pinned Tweet

ramsexy

4 years

@hakluke Depends! To old people: "I'm working with computers" To the border agents: "I'm working in tech" To most adults: "I'm a cybersecurity specialist" To my friends after 2 beers: "I'm a hacker bitchezzz"

18

72

815

Last Seen Profiles

@marcelobinati

@IVF_1

@sutherwong

@Moonlover_Miyu

@Both265

@MarcelinaM7747

@sungmin_eth

@shiratama_1354

@RyanSwarthout51

@Der988008071792

@ragnarok1943

@Cncmeng_CN

@developer_west

@RozaEvinn

@bokeplokalmalam

@kkpapua1

@Olivia____ov

@Httwit1

@takahideokino

@west2025c

@maitan_69

@loveleg5858

@HOLYREALANGEL

@teamothy_x

@thefelicityhunt

@0x_score

@chubu_yomi

@Baseer2667

@2D_dey

@AceArtworks

@sebnembursali

@10Chigen

@ra_yu0401

@EriJos7

@WalterDomings

@ShafiraQiddist

ramsexy

@plmaltais

4 years

I still don't understand why some hackers are working for some free energy drinks, and then even promote the company afterwards. I guess posting your big stack of energy drinks online gets you a lot of clout, congrats!

29

66

600

ramsexy

@plmaltais

2 years

My office this morning! 🏄🤩

15

16

489

ramsexy

@plmaltais

5 years

Today is my first day as a full-time bug bounty hunter. I’m so excited about this new adventure.😀 If you're a program manager, please invite me to your programs! I’ll also be available to take some short pentesting mandates, so please DM me any opportunity you may have. Cheers!

39

24

465

ramsexy

@plmaltais

2 months

I was facing a very strict WAF while trying to exploit a XSS : no gt/lt signs, no parentheses, no double quotes, no backticks. I was injecting inside an html tag. Turns out the solution was very simple (and not well documented): <img src=x onerror=alert& #40document .domain& #41 >

9

40

417

ramsexy

@plmaltais

2 years

Do yourself a favor and buy a short domain, a small VPS and self-host your favorite blind XSS tool. A couple of dollars that will get you thousands in return.. and the peace of mind!

15

38

338

ramsexy

@plmaltais

4 years

I just found an IDOR that would basically allow an attacker to get infinite money. Sometimes I wish I was a black hat 🙈

11

14

261

ramsexy

@plmaltais

1 year

I just crossed 10k reputation on @Hacker0x01 🥳 Even though my objectives are not tied to internet points, it somehow feels good to hit that milestone. It was way slower than a lot of people but I'm glad I did it, on my own pace :)

22

3

257

ramsexy

@plmaltais

6 years

Yay, I was awarded a $10,000 bounty on @Hacker0x01 , for an SQLi on a public bug bounty program! #TogetherWeHitHarder

HackerOne profile - ramsexy

-

hackerone.com

12

15

232

ramsexy

@plmaltais

1 year

Good news, CVSS 4.0 spec has this line regarding Privileges Required (PR) : Self-service provisioned accounts, that may be necessary to attack a cloud service, do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

15

36

235

ramsexy

@plmaltais

4 months

@NahamSec @Hacker0x01

23

19

224

ramsexy

@plmaltais

3 years

Found an ESI injection but all tags are blocked by the WAF? If ESI comments works, you can try to bypass the WAF for the XSS with something like this : <img+src=x+onerror=alert(1)>

4

64

218

ramsexy

@plmaltais

3 years

Beware of @Burp_Suite last update, it deleted the default directory where project files are stored (/Applications/Burp Suite Professional .app/Contents/java/app/). I lost all my Burp projects.

15

46

205

ramsexy

@plmaltais

5 years

I earned $10,000 for my submission on @bugcrowd #ItTakesACrowd

11

3

200

ramsexy

@plmaltais

4 years

wat

8

30

194

ramsexy

@plmaltais

4 years

an horror story in 2 pictures

11

7

169

ramsexy

@plmaltais

5 years

🚌 Hacker Bus Update: We made the insulation and flooring. We fixed the benches. Fridge is ready to go! Next step is electricity and ventilation. Taking a break for winter but plans to go from Montréal to Las Vegas next summer. Who is in? 😎

15

7

160

ramsexy

@plmaltais

2 years

The best hacker out there is the one having the most fun.

4

11

154

ramsexy

@plmaltais

5 years

I finally reached 4k reputation on @Hacker0x01 ! I would have been really happy to reach it with a super cool bug, but it was a phpinfo disclosure. 😂🤷‍♂️

10

2

143

ramsexy

@plmaltais

5 years

The bus project is officially started! Who wants to come on a hacker road trip next year? 😎🚌🏄‍♂️ #vanlife

20

4

144

ramsexy

@plmaltais

1 year

Now @Burp_Suite whole UI freezes for like 2 mins when searching in a 3mb JS file. This tool is becoming more and more unusable. Not sure why I'm still paying for this.

35

6

132

ramsexy

@plmaltais

4 years

Another day at the office #bountylife #cyanerdz

5

1

133

ramsexy

@plmaltais

5 years

Ready to hack @Uber this week at #h14420 in London! 🔥🔥🔥 #teamcanada #togetherwehitharder @Hacker0x01

8

5

128

ramsexy

@plmaltais

2 years

Do you still think being full time bug bounty hunter is risky? Big techs are laying off thousands of people but I haven't seen many bug bounty programs shutting down 🤓

10

3

124

ramsexy

@plmaltais

6 years

5 DIGITS CLUB BOOYA! Yay, I was awarded a $10,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - ramsexy

-

hackerone.com

17

4

123

ramsexy

@plmaltais

3 years

Now that I have your attention with a cool picture from my ongoing trip, please @Hacker0x01 fix your mediation system. It had flaws in the past but it's only gotten worst. It seems you put a lot of effort to protect programs from abusive hackers, but not much for the opposite.

9

3

107

ramsexy

@plmaltais

4 years

Stay kind, respectful and give solid arguments: it might pay off 😇

1

3

107

ramsexy

@plmaltais

4 years

I've just realized it's been exactly a year since I quit my job and went full time bug hunting :) 10/10 would do again

ramsexy

@plmaltais

5 years

Today is my first day as a full-time bug bounty hunter. I’m so excited about this new adventure.😀 If you're a program manager, please invite me to your programs! I’ll also be available to take some short pentesting mandates, so please DM me any opportunity you may have. Cheers!

39

24

465

3

0

102

ramsexy

@plmaltais

2 years

Next year goals are the same since 2020 and probably for the rest of my life: Being happy and having fun.

6

2

102

ramsexy

@plmaltais

3 months

me waiting for @NahamSec to drop his next thumbnail

4

1

96

ramsexy

@plmaltais

8 months

3

6

90

ramsexy

@plmaltais

7 years

Got my shirt! Thanks @Pornhub and @Hacker0x01 :)

0

7

81

ramsexy

@plmaltais

8 months

I've been hacking and surfing from Costa Rica for the past 2 weeks. Pura vida!! 🫶

9

0

84

ramsexy

@plmaltais

4 years

Just imagine triaging for a product you never actually used b4. You receive a report, and then you have to figure out the whole thing by yourself as fast as possible. It's frustrating when triage do some mistakes, but at the same time, I understand.. (also triage my report plz)

11

1

79

ramsexy

@plmaltais

2 years

My office this morning. For some reason the mobile network was decent in the middle of the desert lol

5

3

83

ramsexy

@plmaltais

5 years

#BugBounty2020Goals - Make as much money (or more) from bounties as I was doing with bounties + a day job 💰 - Keep my HackerOne Impact and Signal above 90th percentile 📈 - Have a balanced lifestyle, do sports, travel the world 🏄‍♂️ Side quests: - Do not starve to death ☠️

1

80

ramsexy

@plmaltais

4 years

3000 followers 😇 Thank you everyone <3

2

0

78

ramsexy

@plmaltais

7 months

@NahamSec

9

2

76

ramsexy

@plmaltais

2 years

Professor ramsexy 😺 A few years ago when I started doing talks in colleges, few hands were raised when I asked who wanted to pursue a career in cybersecurity. I definitely see a change here, as there is a LOT of interest from students. 🐛💥 @cegepsoreltracy

2

0

77

ramsexy

@plmaltais

3 years

My friends asked a local artist to make a custom ramsexy painting for my birthday. I'm soooo happy with the result 😻😻😻

8

0

77

ramsexy

@plmaltais

1 year

Bug bounty programs when you find a SSRF

1

4

76

ramsexy

@plmaltais

5 years

Yo, the last decade was crazy. Bug bounty changed my life, and I'm so grateful for everything. I'm living the best time of my life right now, let's fucking go 2020! 😎🍻

1

0

75

ramsexy

@plmaltais

1 year

Bug bounty panel during the Cybereco conference in Montreal 📣📣📣

2

0

76

ramsexy

@plmaltais

4 years

Ok so basically a black hole is a region of spacetime where gravity is so strong that nothing—no particles or even electromagnetic radiation such as light—can escape from it.

4

1

75

ramsexy

@plmaltais

5 years

I've been surfing the waves and the web in Mexico for the last 10 days. Absolutely no regrets to going full time bug bounty hunting 😎😎😎

2

1

74

ramsexy

@plmaltais

4 years

they pay millions to organize soapbox races but pay bounties in redbull cans

Intigriti

@intigriti

4 years

Red Bull gives you swag! From today, @RedBull hosts their "friendly hacker" program at @intigriti . Read more:

14

22

137

6

3

74

ramsexy

@plmaltais

3 years

I really like this docker image. It allows you to send all your Burp traffic to a local proxy, where it is sent to your VPN. No more messy routing while hacking :)

1

15

71

ramsexy

@plmaltais

5 years

Last week, @SebMorin1 and I found a bug I NEVER found in bug bounty or pentest : a SSI injection. It's an old ass class of bug that I have only seen in CTFs 😂. It feels good to exploit something new (or old? 🤔).

2

72

ramsexy

@plmaltais

4 years

Today I was wondering why my payloads didn't worked while trying to exploit a SSRF through an image generator. Turns out my note taking software automatically replaces straight double quotes with opening/closing double quotes. I wonder how many bugs I missed because of that 😂🤦‍♂️

9

4

68

ramsexy

@plmaltais

4 years

Yep, you read it right 🍆👑

publiclyDisclosed

@disclosedh1

4 years

Tube8 disclosed a bug submitted by @plmaltais : - Bounty: $2,500 #hackerone #bugbounty

1

10

98

5

1

71

ramsexy

@plmaltais

3 years

Bugcrowd : *removes points on VDP* Also Bugcrowd : Find 100000$ worth of bugs for free and get a chance to win a camera and a shoutout on twitter

bugcrowd

@Bugcrowd

3 years

👀 Eyes on the prize! 👀 Want the chance to win some seriously cool PRIZES!? 📲 🎧 📸 🌴 🐁 Act fast! Start #hacking with CISA today, submission deadline is December 15th! 😎 👇🏽 #hacker #bughunting

0

9

27

1

5

67

ramsexy

@plmaltais

3 years

So proud of this! I truly enjoyed working with @c0rv4x , @SebMorin1 and @ArchAngelDDay during the last LHE with @ShopifyEng . Can't wait for the next collab! :)

5

0

69

ramsexy

@plmaltais

3 years

Hacking again on a program that used to be good until they tried to screw me a couple of months ago. It feels just like I'm going back to an ex-girlfriend 😅 wish me luck

2

67

ramsexy

@plmaltais

6 years

Today, I achieved my #bbpgoal2018 by reaching 2k rep on @Hacker0x01 while keeping my Signal and Impact over the 90th percentile. Woop!!

ramsexy

@plmaltais

7 years

In 2018, I'll try to reach 2k rep on @Hacker0x01 while keeping my signal & impact > 90th percentile. #bbpgoal2018

0

15

5

1

66

ramsexy

@plmaltais

4 years

Another great @Hacker0x01 live hacking event with @TheParanoids :) We finally did TeamQC with my boyz @SebMorin1 @ldionmarcil @vp440 and @JR0ch17 . Even though the scope was pretty tough, we managed find some cool bugs and one of them even made it to the show and tell 😎

1

4

63

ramsexy

@plmaltais

6 months

Just found a bug!! 🪲 Anybody else got a bug bounty tattoo? 😎

12

0

67

ramsexy

@plmaltais

2 years

I'm doing 3 bug bounty presentations in colleges next week! And thanks to @Hacker0x01 there's gonna be a raffle to win a Meta Quest 2 amongst all the students who attend my talks :) CAN'T WAIT! 🐛💥

3

0

66

ramsexy

@plmaltais

4 years

This is what I like the most in being self-employed, I do what ever I want whenever I want. Skiing this morning at Mont Orford, 15 mins from home :) #bountylife

2

0

65

ramsexy

@plmaltais

1 month

. @xnl_h4ck3r can I update your tool without getting roasted plz 😂

3

1

64

ramsexy

@plmaltais

4 years

Un «chasseur de bogues» fait 150 000$ par année

Le «chasseur de bogues» Pier-Luc Maltais gagne un salaire de 150 000$ par année en travaillant à temps partiel.

www.journaldemontreal.com

7

3

63

ramsexy

@plmaltais

3 years

I recorded a short video today for a MOOC (Massive Open Online Course) about cybersecurity, intended for Quebec universities students. I was quite impressed by the professionalism behind this project. Thanks @SERENE_RISC and @EDUlib_ORG for the opportunity🎥😎

5

2

64

ramsexy

@plmaltais

5 years

I spent a couple of days in Singapore for @Hacker0x01 #h165 . It was an awesome event in an impressive city. I'm so grateful to be able to live the #bountylife 😀

3

1

63

ramsexy

@plmaltais

3 years

Great news, @Bugcrowd VDPs will no longer reward points!

1

9

62

ramsexy

@plmaltais

2 years

The Bug Bounty Québec event was a huge success! 🐛 Thanks to @DesjardinsCoop for sponsoring the event 💰. Also, thank you to all the attendees who showed up. I'm super grateful that I was able to connect two of my passions at the same time: hacking and surfing 🧑‍💻🤝🏄

6

4

61

ramsexy

@plmaltais

4 years

6

2

62

ramsexy

@plmaltais

5 years

On my way to Vegas for #h1702 :D

5

0

57

ramsexy

@plmaltais

4 years

If too much people agrees to hack for reputation/kudos/drinks/t-shirts, that will bring the bug values down, then hackers will get less money, and same for the platforms, which benefits from people making money.

1

4

60

ramsexy

@plmaltais

6 years

Yay, I was awarded a 4 digits bounty for an SQL injection on @Hacker0x01 , while on vacation in Costa Rica. Pura vida! 🇨🇷🤙 #TogetherWeHitHarder

5

2

59

ramsexy

@plmaltais

1 year

Why do y'all censor your screenshots like that? 😂

8

1

54

ramsexy

@plmaltais

6 years

Latitude 00°00'00"

2

0

52

ramsexy

@plmaltais

5 years

So apparently there is a "Manual testing simulator" in @Burp_Suite . If you type in "burp", a special Billing section appears so you can see how much money you have made while it's running. This is GENIUS! 🤑🤑🤑

4

11

52

ramsexy

@plmaltais

3 months

I'm planning ~3 weeks van trip on the US/Canada east coast, starting may 17th at @NorthSec_io in Montréal. The itinerary is not decided yet, but I might go south until North Virginia. If any hackers along the way wants to hack or socialize, let me know! 🚐🇨🇦🇺🇸

9

1

53

ramsexy

@plmaltais

2 years

Last week I had a video call with a 10 yo and his teacher. I'm doing mentoring with high school and colleges kids for a while now, but it was my first time talking with a younger kid. He was interested in a career in cybersecurity and he had a couple questions for me.

2

0

51

ramsexy

@plmaltais

2 years

@steventseeley RCE via ESI injection was demonstrated before in specific implementations (see @Becojo 's bug at ) but I've never seen an ESI injection that led to RCE in the wild.

3

13

52

ramsexy

@plmaltais

1 year

I got a last-minute invite to @Hacker0x01 's next live hacking event in Los Angeles and I couldn't be more excited! Can't wait to test out this fun scope and see what vulnerabilities I can find. #h1213 🌅🏄

1

0

50

ramsexy

@plmaltais

1 year

@Rhynorater These settings are great too 😇

1

3

50

ramsexy

@plmaltais

6 years

Going back to Canada after a 3 months trip in south america and California. I'm so grateful for all the things the #bountylife brought to me. ♥️

0

1

50

ramsexy

@plmaltais

3 years

I just submitted my first bug after a one month break from hacking! feelsgood.jpg 😁

1

2

48

ramsexy

@plmaltais

4 years

However, incentivize VDPs with energy drinks (or rep/kudos/whatever), is a straight joke. Just imagine how clever these companies think they are when people are rushing to find bugs for some goodies and even promoting the company afterwards.

1

49

ramsexy

@plmaltais

4 months

Got 10 reports (wrongfully) closed as duplicates of the same report overnight. Makes me wanna quit bug bounty and open a bed and breakfast 🥲

9

1

49

ramsexy

@plmaltais

2 years

@nnwakelam if you have an RCE then fix the bug yourself haha

2

46

ramsexy

@plmaltais

6 years

Yay, I was awarded a $3,000 bounty on @Hacker0x01 , for an... Apache status page! :) #TogetherWeHitHarder

HackerOne profile - ramsexy

-

hackerone.com

5

2

46

ramsexy

@plmaltais

4 years

HACKFEST TICKETS GIVEAWAY I’ll pay for the first 50 persons to DM me their name, email and ticket type (conference, CTF Classic or CTF Pro). Follow/RT suggested but optional. More info here cc @hackfest_ca

4

14

45

ramsexy

@plmaltais

7 years

Yay, I was awarded a $3,000 bounty on @Hacker0x01 ! #TogetherWeHitHarder

HackerOne profile - ramsexy

-

hackerone.com

5

0

45

ramsexy

@plmaltais

4 years

@Hacker0x01 @InsiderPhD

4

0

46

ramsexy

@plmaltais

4 years

So a month ago, I started mentoring local high school and college students on @Academos_ . I had questions about my career from 3 students so far. It's such a great experience, I'm even considering doing some kind of internship with one of them. 👨‍🏫🐛💥

2

0

45

ramsexy

@plmaltais

4 years

Hacking some waves with @c0rv4x in Nicaragua. Best way to recover from a live hacking event 😎🏄🤙🇳🇮

0

44

ramsexy

@plmaltais

5 months

@NahamSec

4

0

44

ramsexy

@plmaltais

3 years

You know it's a good bug when they pull out the feature on a saturday 😎

0

44

ramsexy

@plmaltais

4 months

I've been a long time user of Burp + Firefox but I recently switched to @CaidoIO + Autochrome and I love it, especially with the new PwnFox passive workflow. For the moment, I'm still having Burp running on the side for a few things like Intruder and a few extensions I use a lot.

3

2

44

ramsexy

@plmaltais

5 years

I'm finally back on the 90 days leaderboard on @Hacker0x01 😎

3

0

44

ramsexy

@plmaltais

5 years

New job, new apartment, new city. Lots of stuff is happening, but I'll be back on bounty hunting soon 🔥😎

2

0

44

ramsexy

@plmaltais

4 years

I don't want to reply to everyone since it's really time consuming, but here some things I want to say. As a bug hunter, you don't want the global bug value to go down.

1

42

ramsexy

@plmaltais

2 years

PEOPLE OF MONTRÉAL 🇨🇦 What: 5 à 7 Bug Bounty Québec 🐛 When: November 23, 5-9pm Where: Oasis Surf, Brossard For whom: Anyone with an interest in bug bounty. No need to be active! Cost: FREE entry 🎟️, appetizers 🍤, drinks 🍻 and SURF 🏄 Register here:

5 à 7 Bug Bounty Québec

Évènement de surf et de réseautage pour les adeptes de bug bounty du Québec. Bouchées, drinks et session de surf offerts GRATUITEMENT.

www.eventbrite.com

4

10

41

ramsexy

@plmaltais

2 years

I think @Burp_Suite Comparer need some love. It is a simple and useful tool, but I really wish it had line wrap, pretty print and a search feature.

3

0

41

ramsexy

@plmaltais

4 years

What's up Twitter! I've been surfing and chilling on the beach since last week to recover from @PayPal LHE. What did I miss? CVEs and drama? 🤪

1

0

40

ramsexy

@plmaltais

10 months

You may not like it, but this is what peak performance looks like : cc @Burp_Suite

4

0

41

ramsexy

@plmaltais

7 years

Thanks @Hacker0x01 !!! @yaworsk @jobertabma @hackfest_ca #hackfest9lives

1

4

39

ramsexy

@plmaltais

5 years

Mastering Burp Suite training from @Agarri_FR is 🔥🔥🔥 I use Burp everyday since a couple of years and I can't believe how much my workflow has improved during the training.

4

39