Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
3 subscribed
Jul 16 β’ 6 tweets β’ 1 min read
"We're Number 1 on Google!" π Sounds great, right?
But what if that top ranking is actually hurting your brand?
Here's how the obsession with SEO is backfiring for many cybersecurity companies...
Let's say you've found a nice shiny low-competition, high search volume keyword that relates to your business. You use ChatGPT to pump out a crappy article and publish it on your website within minutes.
Aug 4, 2023 β’ 4 tweets β’ 1 min read
How to exit vim the "Scrum manager way"!
1οΈβ£ Call in a meeting, early in the morning
2οΈβ£ Tell everybody what a good job they are doing.
3οΈβ£ Tell everybody that there is still a lot to do.
Continued in thread π§΅π
4οΈβ£ Tell everybody that "we" can do it.
5οΈβ£ Remind them of the importance of team work.
6οΈβ£ Go through the tickets.
7οΈβ£ Tell the project manager that a ticket for closing Vim is missing.
π§΅2/4
May 1, 2023 β’ 12 tweets β’ 4 min read
10 handy practical #hacking tools I've developed over the years π§°
Check out this thread for the most valuable ones, along with a brief overview of their functions! π§΅π
1οΈβ£ hakrawler
π§ A simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
If you just want to find which hosts are alive, you can perform a ping scan with -sn
$ nmap -sn 123.123.123.1/24
Apr 2, 2023 β’ 8 tweets β’ 3 min read
I want to keep track of the latest cybersecurity news.
I also don't want to rely solely on Twitter.
Here are 5 great cybersecurity news outlets that I rely on daily! π
The /r/netsec subreddit is really, really good. If something big is going on in this industry, it's typically within the top 2 or 3 posts.
If you just want to find which hosts are alive, you can perform a ping scan with -sn
$ nmap -sn 123.123.123.1/24
May 11, 2022 β’ 14 tweets β’ 5 min read
I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't.
Here's a list of some of the most useful ones, and a brief explanation of what they do! π§΅π
Hakrawler is a simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
This tool is designed to bypass WAFs by discovering the origin web server IP. I'm sure someone has come up with this technique before, but I haven't seen it...
First it makes a HTTP request to the hostname that you provide and stores the response, then it makes a request to a list of IP addresses that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. π§΅π
Apr 11, 2022 β’ 16 tweets β’ 3 min read
I got hacked really badly once π¬. Here's the story.
I was a musician, and I was on tour, staying in a motel somewhere in the middle of nowhere, in NSW, Australia.
I got back to the motel late at night after a performance and parked my car in the Motel parking lot. ππ§΅
I left a backpack in the car which had some music-related stuff in it, along with my iPad. I used an iPad for all of my sheet music on stage because it was easier than carrying paper around, and owning a printer. ππ§΅
Apr 5, 2022 β’ 7 tweets β’ 4 min read
I want to keep track of the latest cybersecurity news.
I also don't want to spend all my time on Twitter.
Here are 5 great cybersecurity news outlets that I rely on!
π§΅π
I find /r/netsec to be the most informative cybersecurity news stream, if anything big is going on in cybersecurity it's typically within the top few posts on this subreddit. reddit.com/r/netsec
Mar 14, 2022 β’ 17 tweets β’ 3 min read
It's 9am and I'm 2 coffees deep on a Monday morning.
Time for a thread about starting and building your cybersecurity career.
ππ§΅
First let's talk about the hardest part - landing your first job.
You need two things:
π§ Knowledge
π’ Demonstration of knowledge
Jan 20, 2022 β’ 4 tweets β’ 1 min read
Years ago, I walked into a last minute on-site pentest. It was a tech startup mostly funded by a single large customer. ~20 staff.
I walked in and it was tense AF from the start. I found out that their AWS environment got popped and someone had spun up a stack of crypto-mining
infra. They didn't even notice until they got the bill.
They had no idea how it happened. Their idea was to get a pentest that might uncover the same hole.
I ran a nmap NSE scan on all their external hosts - it turned up an open HTTP proxy on one of their web servers.
Sep 1, 2021 β’ 12 tweets β’ 12 min read
This huge Twitter thread contains what I think are all of the best resources for learning to hack in 2021.
Buckle up!
Here we goooo! π
Firstly, here are some other repositories containing lists of resources:
There is still SO MUCH CSRF to find in bounty programs.
CSRF comes in many forms. Try:
- Removing the token parameter entirely
- Setting the token to a blank string
- Changing the token to an invalid token of the same format
- Using a different user's token
More in thread π
- Put the parameters in the URL instead of POST body (and remove the token) and change the HTTP verb to GET
- Testing every sensitive endpoint
- Check whether the token might be guessed / cracked
π
Dec 16, 2020 β’ 5 tweets β’ 2 min read
I've been finding a lot of access control bugs lately! Here's how.
Firstly I have two users, one with high privileges (admin), and one with low privileges (joe). I log in as the admin first, and use all the functionality. Whenever I do something that should...
Thread π
be reserved for an administrator, I send the request over to Repeater. Once I have a stack of them, I get the cookies from the "joe" account and insert them into those requests. I send them and analyse the difference in response to see if it worked. If it did, I report it!
May 22, 2020 β’ 14 tweets β’ 3 min read
Nmap tutorial time!
Nmap is a port scanner, but it does so much more including service/OS detection and even vuln scanning.
By default nmap does a standard TCP SYN scan on the top 1000 ports of host.
$ nmap host
For more verbosity use -v or -vv.
$ nmap -vv host
THREAD β¬οΈ
Nmap accept hostnames, IP addresses, CIDR ranges and dash notation.
First I replace every instance of www.whitelisteddomain.tld in that file with a domain that is whitelisted using the following command:
WHITELISTED="test.com" && sed 's/www.whitelisteddomain.tld/'"$WHITELISTED"'/' Open-Redirect-payloads.txt > Open-Redirect-payloads-burp-"$WHITELISTED".txt && echo "$WHITELISTED" | awk -F. '{print "https://"$0"."$NF}' >> Open-Redirect-payloads-burp-"$WHITELISTED".txt
Jul 11, 2019 β’ 5 tweets β’ 1 min read
Here's a little problem I run into all the time, and how I solve it.
I've SSH'd into a machine, started a long running process (let's say, nmap). Now I need to disconnect from SSH, but I want to keep the process running in a tmux/screen session? How do I do this? Read on! 1/x
First, I background the process by hitting Ctrl+Z, then keep it running by using the "bg" command, and disown it with "disown nmap". 2/x
3 subscribed
