In 2010, WikiLeaks released a classified document. A list of infrastructure critical to U.S national security. The government listed a Trans-Atlantic cable. 3 years ago,. 19-year-old me gained ADMIN access to that cable (and another; shared codebase). 🧵Here's how I found it

RT @naval: The currency of life isn’t money. It is not even time. It’s attention.

@Mike_kim714 @HackingDave

Rooting on @Mike_kim714 for you @HackingDave.

#WasteManagement

Christ is King!. Those who hope in Him will not be disappointed or put to shame. Colossians 1:15-23. "He is the image of the invisible God, the firstborn of all creation. For by him all things were created, in heaven and on earth, visible and invisible, whether thrones or.

RT @ahhensel: I've been reporting out this story on what the DTC space is like right now. It's tough, a lot of brands are not doing well, b….

You're using Burp Collaborator wrong. Don't use Burp's default collaborator instance when testing for out of band vulnerabilities. Many companies use egress filtering & block outbound traffic to the default collaborator domain It's worth setting up a.

Doing code analysis?. Use by @anysphere! . Whether you’re digging through a language you know or adventuring into a new one, using AI can definitely be helpful. Don’t think it’ll replace us yet, but auditing got more accessible. #typefully day 10

Finding vulnerabilities first = you get paid. Want to be the first to hack on new functionality? Monitor your target’s JS files for new paths or parameters. (automate with a headless browser to grab all dynamically loaded JS). #typefully day 9.

Focus is a competitive advantage. It’s tempting to jump around, but deep focus on one thing pays off. This applies beyond hacking, but you should stick to a target for a long time and become an expert. For example, @nnwakelam knew more about Yahoo than any Yahoo employee.

Lastly, you should search by organization name:. $ certsio search org “Uber Technologies, Inc.”. Certificates can also contain emails,you should search for assets using them:. $ certsio search emails @example.com. #typefully day 7.

It starts with finding these domain names. Find them in:.⁃your target’s CSP header.⁃/crossdomain.xml.⁃in JavaScript files .⁃GitHub.⁃Reverse whois (. Search for them using Shodan or . $ certsio search domain <internal_domain>.

Attack surface is larger than you’d expect. Most companies have domain names that they use internally (for development, QA, etc). Ex, PayPal uses “. Heres how you can find network misconfigurations and find “internal assets” on the public internet:.

sponsored by @boringmattress 😉.

Directory-brute forcing?. You should NEVER filter based on status code. Paths can exist and return a 404. I’ve seen this so many times:. /noexist/ -> 404 Not Found. /api/ -> 404 Not Found, but different response body (JSON formatted). /api/endpoint -> 200 OK. Filter by.

You're probably directory brute-forcing wrong. You should be methodical when targeting frameworks such as Express, Rails, Flask, Django, etc. 2/ By default, ffuf uses the GET HTTP method. You should be fuzzing with different HTTP methods. Try using a wordlist multiple times

Companies run software they don't write. Ex: Jira, GoAnywhere, etc. Finding vulns in these types of software = lots of vuln targets = $$$. So, do code review!. Need the source? Find the software AWS's AMI Catalog. Launch a server. SSH in. Pull it. Review it. #typefully day 4.

7/ A whopping $250. But good laughs. Lessons:. 1. Don't assume that what's "supposed" to be internal is internally-facing. 2. Always change default credentials. 🤦🏻‍♂️. end #typefully challenge day 3.