Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_content
3 subscribed
Aug 4, 2023 • 4 tweets • 1 min read
How to exit vim the "Scrum manager way"!
1️⃣ Call in a meeting, early in the morning
2️⃣ Tell everybody what a good job they are doing.
3️⃣ Tell everybody that there is still a lot to do.
Continued in thread 🧵👇
4️⃣ Tell everybody that "we" can do it.
5️⃣ Remind them of the importance of team work.
6️⃣ Go through the tickets.
7️⃣ Tell the project manager that a ticket for closing Vim is missing.
🧵2/4
May 1, 2023 • 12 tweets • 4 min read
10 handy practical #hacking tools I've developed over the years 🧰
Check out this thread for the most valuable ones, along with a brief overview of their functions! 🧵👇
1️⃣ hakrawler
🔧 A simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
If you just want to find which hosts are alive, you can perform a ping scan with -sn
$ nmap -sn 123.123.123.1/24
Apr 2, 2023 • 8 tweets • 3 min read
I want to keep track of the latest cybersecurity news.
I also don't want to rely solely on Twitter.
Here are 5 great cybersecurity news outlets that I rely on daily! 👇
The /r/netsec subreddit is really, really good. If something big is going on in this industry, it's typically within the top 2 or 3 posts.
If you just want to find which hosts are alive, you can perform a ping scan with -sn
$ nmap -sn 123.123.123.1/24
May 11, 2022 • 14 tweets • 5 min read
I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't.
Here's a list of some of the most useful ones, and a brief explanation of what they do! 🧵👇
Hakrawler is a simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.
This tool is designed to bypass WAFs by discovering the origin web server IP. I'm sure someone has come up with this technique before, but I haven't seen it...
First it makes a HTTP request to the hostname that you provide and stores the response, then it makes a request to a list of IP addresses that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. 🧵👇
Apr 11, 2022 • 16 tweets • 3 min read
I got hacked really badly once 😬. Here's the story.
I was a musician, and I was on tour, staying in a motel somewhere in the middle of nowhere, in NSW, Australia.
I got back to the motel late at night after a performance and parked my car in the Motel parking lot. 👇🧵
I left a backpack in the car which had some music-related stuff in it, along with my iPad. I used an iPad for all of my sheet music on stage because it was easier than carrying paper around, and owning a printer. 👇🧵
Apr 5, 2022 • 7 tweets • 4 min read
I want to keep track of the latest cybersecurity news.
I also don't want to spend all my time on Twitter.
Here are 5 great cybersecurity news outlets that I rely on!
🧵👇
I find /r/netsec to be the most informative cybersecurity news stream, if anything big is going on in cybersecurity it's typically within the top few posts on this subreddit. reddit.com/r/netsec
Mar 14, 2022 • 17 tweets • 3 min read
It's 9am and I'm 2 coffees deep on a Monday morning.
Time for a thread about starting and building your cybersecurity career.
👇🧵
First let's talk about the hardest part - landing your first job.
You need two things:
🧠 Knowledge
📢 Demonstration of knowledge
Jan 20, 2022 • 4 tweets • 1 min read
Years ago, I walked into a last minute on-site pentest. It was a tech startup mostly funded by a single large customer. ~20 staff.
I walked in and it was tense AF from the start. I found out that their AWS environment got popped and someone had spun up a stack of crypto-mining
infra. They didn't even notice until they got the bill.
They had no idea how it happened. Their idea was to get a pentest that might uncover the same hole.
I ran a nmap NSE scan on all their external hosts - it turned up an open HTTP proxy on one of their web servers.
Sep 1, 2021 • 12 tweets • 12 min read
This huge Twitter thread contains what I think are all of the best resources for learning to hack in 2021.
Buckle up!
Here we goooo! 👇
Firstly, here are some other repositories containing lists of resources:
There is still SO MUCH CSRF to find in bounty programs.
CSRF comes in many forms. Try:
- Removing the token parameter entirely
- Setting the token to a blank string
- Changing the token to an invalid token of the same format
- Using a different user's token
More in thread 👇
- Put the parameters in the URL instead of POST body (and remove the token) and change the HTTP verb to GET
- Testing every sensitive endpoint
- Check whether the token might be guessed / cracked
👇
Dec 16, 2020 • 5 tweets • 2 min read
I've been finding a lot of access control bugs lately! Here's how.
Firstly I have two users, one with high privileges (admin), and one with low privileges (joe). I log in as the admin first, and use all the functionality. Whenever I do something that should...
Thread 👇
be reserved for an administrator, I send the request over to Repeater. Once I have a stack of them, I get the cookies from the "joe" account and insert them into those requests. I send them and analyse the difference in response to see if it worked. If it did, I report it!
May 22, 2020 • 14 tweets • 3 min read
Nmap tutorial time!
Nmap is a port scanner, but it does so much more including service/OS detection and even vuln scanning.
By default nmap does a standard TCP SYN scan on the top 1000 ports of host.
$ nmap host
For more verbosity use -v or -vv.
$ nmap -vv host
THREAD ⬇️
Nmap accept hostnames, IP addresses, CIDR ranges and dash notation.
First I replace every instance of www.whitelisteddomain.tld in that file with a domain that is whitelisted using the following command:
WHITELISTED="test.com" && sed 's/www.whitelisteddomain.tld/'"$WHITELISTED"'/' Open-Redirect-payloads.txt > Open-Redirect-payloads-burp-"$WHITELISTED".txt && echo "$WHITELISTED" | awk -F. '{print "https://"$0"."$NF}' >> Open-Redirect-payloads-burp-"$WHITELISTED".txt
Jul 11, 2019 • 5 tweets • 1 min read
Here's a little problem I run into all the time, and how I solve it.
I've SSH'd into a machine, started a long running process (let's say, nmap). Now I need to disconnect from SSH, but I want to keep the process running in a tmux/screen session? How do I do this? Read on! 1/x
First, I background the process by hitting Ctrl+Z, then keep it running by using the "bg" command, and disown it with "disown nmap". 2/x
3 subscribed