🧵A hackers guide to FINDING cybersecurity jobs🧵
Many people know of the normal ways to look for jobs like LinkedIn & Indeed... but we're hackers!
Today I'm going to share with you my top places/tips for finding your next gig.
🚨Retweet, follow, & like for more! 🚨
1/
Follow
Click to Follow Jhaddix
Jason Haddix
@Jhaddix
CISO/Hacker in Charge , 18 years hacking, 10 years leadership. exCitrix, exRedspin, exFortify, exHP, exBugcrowd, exUbisoft
Jason Haddix’s posts
👮 Hacking into several Prisons 👮
Here's how I did it (legally), and what I learned along the way!
A thread for security testers and cyber security pros
🧵👇
Another long (hacker) story thread 🧵
= Stealing checks worth millions & pwning a bank =
Here’s how I did it, so you can learn.
I was once contracted to do a penetration test on a bank…
Like, retweet, and follow for more hacker stories!
(1/x)
Here are the slides for The Bug Hunter's Methodology v4 Recon edition. Enjoy!
drive.google.com/file/d/1aG_qqR
I have a real problem with hacker elitism.
I dislike the term script kiddie.
This job does not make you better than anyone.
Taking pride in a thing you do for a career, that also happens to be fun , is a privilege.
please, participate positively in the community. <3
Just FYI my content discovery file is:
gist.github.com/jhaddix/b80ea6
My subdomain enumeration file is:
gist.github.com/jhaddix/f64c97
My github dork section of hunter.sh is:
gist.github.com/jhaddix/77253c
Enjoy!
A thread🧵
💸Secrets of automation-kings in bug bounty💸
Finding 1day (or 1month) web exploits that haven't made their into scanners yet can make you big money.
Read more to understand where and how to get an edge in this area!
🚨Retweet, follow, & like for more! 🚨
1/x
(a LONG thread) 🧵
Inspired by & here's one of my fun hacker stories:
= The complete compromise of a password manager company =
Here's how I did it (so you can learn):
I was given the project to pentest a password manager company: *.redacted.com
(1/16)
Working on a pretty cool "The Bug Hunter's Methodology" Mindmap for you all this weekend =) Stay tuned!
Excited to announce that and I are currently working on “The Bug Hunter’s Methodology” book. The book will focus on cutting edge web red team, pentester, and bug bounty topics. Tools, methods, automation, and no BS.
4/8/22 #bugbountydiary #bugbountytips
Everyone is sick in the house but I had some running scans I needed to check up on.
I found a SQL injection bug on a blog.
Here's how I did it, so you can learn...
👇
🚨Like, retweet, & follow for more hacker tips!🚨
1/x
Slides for the Bug Hunter's Methodology 3(ish) from today's LevelUp 0x02 conference - docs.google.com/presentation/d
- Run all your subdomain tools
- uniq them
- Pass that list to: "amass enum -nf domains.txt" to insert them into the amass database.
Then track new findings each day via:
amass track -d domain.com | grep "Found"
#bugbountytips #bugbountytip
thanks
== Trademark and Copyright Recon ==
How to find assets no other bug hunters have found.
One of my simple "secrets" for years.
Little automation exists for it.
💸💸💸
a thread🧵
🚨follow, retweet, & like for more hacker tips!🚨
1/x
Created a WAHH Methodology desktop background for Web Application hackers:
🧵Mistakes I make in hacking or bug bounty 🧵
#bugbountytips and hacking tips I wish I always adhered to 🙃
cc @sr_b1mal
Just so people know, I'm not crazy...
On the left, Burp 1.7 after spidering JUST tesla.com and setting a scope rule for "tesla"
On the right Burp 2023, with Incy Wincy crawler ON (via fastest config)
Same configs.
* 2023 Burp took 1.5 hours for the crawl
*… Show more
This is an absolutely dope mindmap for attacking AD.
orange-cyberdefense.github.io/ocd-mindmaps/i
Source: github.com/Orange-Cyberde
🧵Another hacker story thread! 🧵
== The Medical Alert Hack ==
Not too long ago I put a whole city on high alert during a security assessment. A tale of caution. 💀
Read along to learn my approach & mistakes!
🚨Retweet, follow, & like for more hacker stories! 🚨
1/x
👇🏼
🧵A Practice Target SUPER Thread🧵
Offensive Security People!
Want to take your theory to live targets?
Need some resume filler?
Just want to keep fresh and practice?
Here's a thread of my favorite practice targets to recommend.
🚨Retweet, follow, & like for more! 🚨
1/
🥽 The Anti-Recon Recon Thread 🥽
Recon is important, but some people hate it. I get it.
When you're in the zone & ready to pounce on a target, you just want to start hacking.
Want the best of both worlds? Quick/complete recon, WITH great coverage?
(a long thread)
🧵⬇️
A pretty 🔥 resource I keep bookmarked for AWS security projects -
When you look up your target's ASN you'll find their ipv4 & ipv6 ranges.
Here's a one-liner to request all the webserver's SSL certificates and parse them for NEW TLD's, domains, and subdomains.
#bugbountytips
😱. Need some subdomain data, really, really, really quick?
Without using command line tools?
Checkout - subdomainfinder.c99.nl
I started in helpdesk with very little comsci background, then *heard* pentesting was a thing you could make a career. I begged, borrowed, ++ to learn everything I could about it. You can do it too. I promise.
Happy holidays hackers. Especially newbies out there. Keep grinding.
My #nahamcon2022 Keynote recording is out!
The Bug Hunter's Methodology: Application Analysis v1
youtube.com/watch?v=HmDY7w
Learn my tips, tricks, & tools for web pentesting or bug bounty. Thanks Ben ( ) & NahamCon!
🚨Retweet, follow, & like for more hacker content! 🚨
Information security is one of those scenes where you can go from nothing to a lifelong happy career without a degree or pedigree. I love it.
🤖 WebSecGPT - Your AI security buddy
Hacking an API or JS framework?
Don't have a swagger file or struggling to understand the app?
Wanna quickly identify all js sinks?
Meet WebSecGPT
(a thread ) 👇
🔍 My ultimate workflow for simple and easy JavaScript Analysis
⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins.
Often you can find juicy hidden endpoints, parameters, & domains buried JS!
A thread 🧵 1/x
👇
Bypass Url Parser by
Checking the source, I can confirm many of these methods have worked for me in the past. Including a string of auth bypasses for $30k on a bounty platform.
Excited to test tool instead of doing it all manually 🤩
🧵Another new hacker story thread! 🧵
== The 100 Million Person Data Disclosure ==
That time I hacked a whole country by accident!
🚨Retweet, follow, & like for more hacker stories! 🚨
1/x
👇
Hello all,
Here are the slides for the Bug Hunters Methodology Application Analysis v1:
docs.google.com/presentation/d
#NahamCon2022
GIF
read image description
ALT
= Infosec super-thread =
A big part of my presos is tools/resources I like for offensive security & bug hunting.
Here's a thread of "PRINT" resources cited in the Bug Hunter's Methodology Application Analysis v1
docs.google.com/presentation/d
a 🧵
#bugbountytips #Pentesting
1/x
Impostor syndrome is hard tonight while I finish up the bug hunter's methodology v4 but I'm excited to present on Sunday at 's NahamCon! nahamcon.com
An epic talk on advanced Burp Suite usage by at :
"Burp Suite Pro tips and tricks, the sequel"
youtu.be/hslR6hE7fS8?li
Slides:
agarri.fr/docs/nsec23-bu
🧵Another hacker story thread!🧵
=== Penetrating a Porn Site ===
How I hacked access to the most sensitive areas of a porn site using only low severity vulnerabilities.
Here's how I did it...
👇
🚨follow, retweet, & like for more hacker stories!🚨
1/x
GIF
read image description
ALT
Pwn.college - a FREE Arizona State University curriculum for computer security and hacking.
Run by my friend and crew, former ctf winners and runners
⏰ Want a one-liner that notifies you of any fresh domains (if they come up) to you each hour?
#3 ⬇️
> screen
> subfinder -silent -d {target}.com -o {target}
> while true; do subfinder -silent -dL {target} -all -nW | anew {target} | notify; sleep 3600; done
A thread/tip for hackers/defenders/organizations. 🧵
⚠️A commonly found vulnerability for organizations is credentials leaked on Github.⚠️
Sometimes this can be from the organization's OWN code repositories on GitHub, but...
🚨follow, retweet, & like for more tips!🚨
1/x 👇
💪 Code Literacy is a Super Power for Hackers 💪
(and Security Literacy is a super power for devs)
Knowing how vulnerabilities are mitigated makes you a 10x engineer (sec or dev)
Check out this thread for some of my fav
🔥FREE🔥
resources. ⬇️
(Also send me more!)
🔍 There have been hundreds of thousands of FOSS vuln check rules created.
👍 While (by default) has a great many, there exists a project to gather over 119 repos of Nuclei checks/templates.
➕ That's over 30,000 additional checks.
github.com/AggressiveUser
Jeez, there were a lot of hacker Twitter peeps throwing hate at each other, and the weekend is not even over.
You know what’s really cool? Being kind, supportive, and not gatekeeping.
That’s fucking RAD.
On last night's stream we did an overview of all the great "targets" and resources newbies can learn hacking on. It was super fun! Most of it came from my appsec bootcamp which I mentioned briefly.
Will upload the video to YouTube tomorrow =)
🐻 Hacking a Search / Cloud Company 🐻
I once took over a MAJOR foreign search/cloud company.
I had full access to every employees email & full source code for all their apps.
Here's how it did it (legally)… ⬇️🧵
I still feel like I’m on that 3rd step with Linux AND hacking lol
Quote
🧵Full-Time Bug Bounty Hunter thread 🧵
I'm looking for people to jump in and give me their perspectives. This is all speculative and in US hyper inflated markets.
A Sr/Principle Security Tester in the US can command $150-200k salary in big markets (SFO, LA, NY).
👇1/x
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/ templates? They exist!
github.com/Static-Flow/go
github.com/projectdiscove
github.com/1N3/Sn1per/tre
github.com/sullo/nikto/tr
I know it's common sense but remember when parsing JS for endpoints/files:
/ = Root directory
. = This location
.. = Up a directory
./ = Current directory
../ = Parent of current directory
../../ = Two directories backwards
#bugbountytips ?
Analysis of 18,000+ parameters reveals *File inclusion/Path Traversal & Server Side Request Forgery* most often take place within these parameters.
Check out & mine's extension HUNT to alert whenever it sees 1 of these params.
github.com/bugcrowd/HUNT
PSA if new: Alongside & , you should all be checking out 's courses. Free & online.
Web Hacking:
samsclass.info/129S/129S_S20.
Incident Response:
samsclass.info/152/152_F19.sh
and find all the others scrolling down:
samsclass.info/old-classes.ht
Want a free training on AWS Security?
is GIVING away a free one on taught by
kloudle.com/masterclass/
A 7.5 hour AWS Security Masterclass including...
If you didn't know or just missed it maintains a configurable XSS cheatsheet for web security testers here:
portswigger.net/web-security/c
It includes features to build payloads with exactly what you need, and has written context around injections!
I use it often. Enjoy!
Statistical analysis of 18,000+ applications reveals *SQL Injection* most often takes place in these parameters.
Check out and mine's extension HUNT to alert whenever Burp sees one of these params, & gives advice to manually test.
github.com/bugcrowd/HUNT
Being a hacker has little to with your job.
It's in your blood, your soul— it's a way of thinking. It's curiosity, creativity, and challenging norms.
It's a relentless pursuit of knowledge, it's embracing the unconventional.
Whatever you do today, bring the hacker mindset.
I’ve been leading Ubisoft’s security team for the last 4 years.
It has been an epic adventure & I have learned so much along the way. I have truly worked with some great people.
It is, however, time for me to move on. I will depart Jan 2.
Stay tuned for what’s next 🫡
Taking a break from bounty and social media for a while. Prob a month or two.
Been pretty dark since defcon, I think I burned myself out 🥱
Stay safe everyone
❤️
Simple but impactful tip for content discovery. Always use the subdomain as a path. Often it is the root of the application #bugbountytips #bugbountytip :
kvothe.target.com
try:
kvothe.target.com/kvothe/
and then do content discovery
kvothe.target.com/kvothe/FUZZHERE
GIF
read image description
ALT
Hey friends. Sorry I’ve been so incognito recently. Julia (my wife) had some serious health issues the last few months that culminated in emergency surgery last week. Looks like we are out of the woods now but in recovery mode for a few more weeks. Love you all.
OWASP LLM Top Ten v.1:
🚀 Prompt Injections
💧 Data Leakage
🏖️ Inadequate Sandboxing
📜 Unauthorized Code Execution
🌐 SSRF Vulnerabilities
⚖️ Overreliance on LLM-generated Content
🧭 Inadequate AI Alignment
🚫 Insufficient Access Controls
⚠️ Improper Error Handling
💀 Training… Show more
I hope this graphic never disappears 😎
So I will continue to repost every once and a while!
🛹 AwsScrape:
My GO script to monitor AWS IP ranges & alert when it sees a keyword in SSL certificate data (CN, O, OU)
I have found many "ephemeral", dev, & misconfigured hosts monitoring the cloud space like this. Slow but powerful.
Enjoy!
github.com/jhaddix/awsScr
#bugbountytips
🧵 1/x
Starting from almost scratch. Testing Environment:
DO Ubuntu VPS, 2 vCPUs. 4GB mem / 60GB Disk, ($20/mo)
This works for most general tasks. In most VPS intensive tasks (content discovery, fuzzing, etc) memory is your bottleneck.
So… I just finished my 1st Live Hacking event & I’m heading into another with
As a program owner, hacker, & security leader… I have thoughts!
Read along for some spicy bounty takes.
🚨 Like, follow, & retweet for more security content 🚨
a 🧵
1/x
A new contender to Sublist3r... amass (written in GO) -github.com/caffix/amass : pulls ASNs, ranges, IPHistory, permutations (altdns), bruteforce (with my all.txt file), and more + these scraping sources: 👏💪👍
Dropped some previews of "The Bug Hunters Methodology v4 - App Hacking" the stream today. No ETA on release yet, WiP:
BountyTip 03 - Check out - github.com/wagiro/BurpBou and 's port of LinkFinder (by ):
- github.com/ghsec/BBProfil
- youtube.com/watch?v=ELftJw
- github.com/GerbenJavado/L
I'm gonna run out of good pics of myself!
I'll be doing the full 2hr version, a walkthrough of some of the tools, and my mind-mapping process of the The Bug Hunter's Methodology workshops this year! =)
Quote
FREE TRAINING Bug Bounty Hunter Methodology
Another great presentation by @Jhaddix ! Jason is doing a briefing and this 2-hour training!
@VillageRedTeam
Website: redteamvillage.io
YouTube: youtube.com/redteamvillage
Twitch: twitch.tv/redteamvillage
#DEFCON
Slides and code for HUNT: Data Driven Web Hacking & Manual Testing in preso - github.com/bugcrowdlabs/H
The lost art of LINKED target discovery w/ Burp Suite:
1) Turn off passive scanning
2) Set forms auto to submit
3) Set scope to advanced control and use string of target name (not a normal FQDN)
4) Walk+browse, then spider all hosts recursively!
5) Profit (more targets)!
SO you're a bounty hunter with a gaming rig? 🧵
If you don't want to use a VPS or run native (dual-boot Linux) you can install Ubuntu and WSL 2.
(+) You'll (probably) benefit from more memory, cores, and a fast broadband connection.
I'm not going to pay Medium to read hacking blogs. Sorry not sorry.
I hope some of you move away from that platform.
I just realized… today I hacked a fortune 50, had a call with the Gov, and spoke to a movie producer 😂🫠🚀
What a day lol
"Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)" - medium.com/@adam.toscher/ (Good Read)
Level up your cloud skills with AWSGoat!
Whether you're a cloud engineer, dev, or security tester, this app will help you learn common vulnerabilities in AWS.
#AWS #CloudSecurity #LearningNeverStops
SSRF (and XXE, LFI, ++) Cloud Metadata Dictionary - gist.github.com/jhaddix/78cece (haven't yet tested all of these, still in research phase)
#BountyProTip: found a 401/403, basic auth, or domain that seems interesting but is somehow locked down? Look at its archive.org/web/ entries. Sometimes you win instantly with API keys or URL structure that you can forcefully browse to unprotected content still there.
I was bullied for being brown, being overweight, being a nerd, having a birthmark on my face, being poor, & having glasses. Every harsh word and bruise/scar fueled me to work hard harder and become good at what I do. I learned compassion & empathy is a super power. Solidarity ✊🏽 t.co/9Y2WetKRqh
This Tweet is unavailable.
I unsubscribed from twitter blue.
I condemn the ceo of this site.
I’m deeply saddened I ever supported him.
The problem is MY brand was built here. Before him.
My brand feeds my family. Two of which are gay and non-binary.
I sat down with them to talk about it. They’d… Show more