dade
@0xdade
Followers
17,193
Following
863
Media
2,281
Statuses
16,593
Seasonal Influencer. Python dev, security engineer, former red team, former SSD engineer. Hacker, rapper, writer. he/him.
Oakland, CA
Joined March 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Sinwar
• 801342 Tweets
Rosé
• 624997 Tweets
#يحيي_السنوار
• 283976 Tweets
Bluesky
• 246590 Tweets
Calderón
• 215190 Tweets
スーパームーン
• 191228 Tweets
Tyler
• 98922 Tweets
غير مدبر
• 69150 Tweets
#TUDUMNaLata
• 65962 Tweets
Monsalve
• 64767 Tweets
#OurPreciousFOURTHTurns20
• 59483 Tweets
HAPPY FOURTH DAY
• 57601 Tweets
Rafah
• 55262 Tweets
#Hamas
• 40733 Tweets
ابو ابراهيم
• 34134 Tweets
対象作品
• 23243 Tweets
Perón
• 22858 Tweets
Macaya
• 18455 Tweets
Karen Nyamu
• 17409 Tweets
Red Bull
• 14027 Tweets
Vural Çelik
• 11737 Tweets
ESTRENO URANUS2324 MEXICO
• 10706 Tweets
Hakan Fidan
• 10496 Tweets
احمد ياسين
• 10397 Tweets
Pinned Tweet
You can find me at which will have all my other links whenever this place joins the friendster in the sky
1
0
18
Which AWS region makes the best boyfriend?
us-east-1, because it goes down. All. The. Time.
33
353
4K
I wanted to try my hand at creating a 1337 hacking video.
Be sure to turn the sound on.
121
680
3K
Today I learned that you can put zero width spaces in file names on Linux. Have fun.
51
715
2K
Port scans are not cyber attacks
Ridiculous cyber security numbers from JPMorgan just dropped
• Spends $15 billion annually on IT defense
• Experiences 45 billion hacker attempts per day
• Carries 62,000 tech specialists to protect system
They're making those hackers work for it
39
88
946
38
220
2K
Officially, as of today, ya boy has been promoted to Staff Security Engineer.
That's two promotions in the year and a half I've been at my current company.
Versus the 0 I had in 2.5 years at Oracle Cloud.
And the 0 I had in 4 years at Intel.
58
34
2K
Bug bounty twitter is wild. They're out here like
"cat is a tool that is used by millions every day, but only 0.001% of those are masters of cat. Check out my 🧵to become a master of cat
#bugbountytips
"
And then it's like 5 basic things jacked straight from the top of man cat.
59
126
1K
It's 8.5 million windows computers, Michael. What could it cost, $10?
9
148
1K
I wanted to know what version of react I was using. I googled "check version of react" and click a stack overflow link. Guy gives an answer that explains how to check. Someone else responds "not working for me" and the guy replies "works for me, what version of react are you on?"
11
136
955
The future of LLMs, based on which company produces it.
Google:
"Can you help me make chocolate chip cookies?"
"Absolutely! Before we get started, would you like to hear about the new Chunky Chips Ahoy, available 0 .1 m from you? Here are some reviews for Chunky Chips Ahoy."
7
65
950
The only ethical thing to do is refund everyone who bought one of these domains and then never launch this tld again. What an absolutely insane thing to do.
19
171
913
Just think, if Telegram was actually a secure messenger, there would be no access to give.
Breaking: The crackdown against free speech escalates. Telegram founder Pavel Durov has been arrested in France. Western intelligence services want access to Telegram’s private messages. According to French media Durov may face 20 years in jail if he doesn’t cooperate.
@elonmusk
1K
10K
25K
18
97
922
Whenever life has got you down, just remember that this professional data broker website that makes money selling personal data on you and me took 5 iterations of their API to land on "Let's just have our clients write raw SQL"
Here's where you opt out.
18
101
866
Hi
I've written thousands of lines of python over the last year and today I forgot how to check if a key existed in a dictionary, which is literally the easiest thing you can do with a dictionary.
So, you know, don't feel bad for forgetting things. It's normal.
25
123
817
The internet elders don't want you to know that ICMP stands for Insane Clown Messaging Protocol.
Prior to becoming colloquially known as "ping" and "pong", ECHO_REQUEST and ECHO_REPLY were both represented by the neutral "Whoop"
Whoop ->
<- Whoop
17
180
810
Oh how far we've come.
The left is the first hard drive I bought when I went to college, it has lasted 12 years of almost constant power on - torrenting Linux distributions and making them available on Plex.
The right cost only marginally more than the left did.
88
39
754
It's amusing to me how many business problems people could solve with a single file flask app and a SQLite database.
19
35
644
Infosec has a lot of conversations like this:
"I did this cool thing!"
"Why did you reinvent the wheel?"
And the answer is almost always "Well I couldn't find the wheel."
Thinking about this quite a lot with a project I'm brainstorming.
42
96
641
I will let out a bit of a secret.
I have been running a full Amazon Web Services on a $5 Raspberry Pi Zero for ~5 years.
About 7 times more reliable us-east-1.
Millions of lines of JavaScript running flawless on a battery.
Tested an entire startup's JAMstack on it.
36
74
629
Hey there friends, acquaintances, internet strangers!
As we approach the new year, I would like to encourage you to evaluate your digital footprint. I'll thread some useful things, but if you only see this tweet, check out
And
7
269
542
Today I was given a cake with my password from my former employer on it. Was a good run, my friends. See you again in the next life, wherever that may be.
#RedTeamFam
22
61
537
Inspired by conversations with coworkers, I present this alternative take on a top ten security risk infographic.
O Shit, a Wasp! Top 10 Security Risks
14
136
531
Hey there you anonymous nmap user!
Did you know that default mongod ports are NOT covered in a normal Top 1000 scan? Nmap considers the mongod ports to be 2684th - 2686th most common TCP ports.
Think of all the juicy mongodb's that you've missed. But wait! There's a solution
11
179
528
This is a fun thread to read, having spent time working in SSD manufacturing and debug prior to finding a role in infosec. This particular comment can be expanded upon. There are a couple reasons why data recovery on SSDs is a hard problem.
13
206
518
Oh how far we've strayed from the light, "on prem" means "shared aws account"
60
44
529
A sequel to Hackers where Crash Override and the gang accepted jobs at Ellingson Mineral Company. It's been 25 years since they unveiled the heinous plot by the former security officer, Eugene Belford.
10
166
514
But I made it. I fucking made it.
I don't know where I'm going from here, but I made it farther than I thought I ever would.
30
27
511
Lot of y'all worrying about this yubikey vulnerability when your employees are still logging in to critical services from their home computers without MFA.
14
81
502
Hi there.
Do you have a personal website?
Is it server over https?
Does it have a blog?
Does it have an rss feed?
Does it also have an onion address?
Do you like privacy and the decentralization of content?
Let's start a webring.
61
51
463
Tbh I just wanna live in like a hacker warehouse building with converted lofts and a data center in the basement and like, people just doing cool art and cool hacker shit all the time.
38
30
465
Oy it finally happened, after a year of calling him the used car salesman of infosec, repeatedly @'ing him with used car salesman type jokes, and circulating more than a thousand put kevin back stickers.
I got to say it was a good day.
41
30
455
I'm leaving my red team job this week.
I'm going to take the convertible I just bought and cruise the California coast, the canyons, and the information superhighway.
I also have some very exciting independent projects in the works that I can't wait to share with you all.
55
4
450
Infosec Twitter kinda sucks.
"You're being irresponsible"
"No you're gatekeeping"
"real hackers <blank>"
"why can't you just tweet things that are useful to me all the time?"
"Your thing sucks because I don't see the results from it"
"Everyone does this because I do it"
30
24
442
What's up Twitter it's me 0xdade & I'm here to normalize acknowledging not knowing things and asking questions that smaller accounts would be ignored asking, & that larger accounts would be ridiculed for not knowing.
Is there a technical difference between 255.255.255.0 and /24?
47
39
445
fork it
clone it
branch it
code it
test it
fix it
git commit it
fix it
test it
push it
fetch it
merge it
push it
wait, rebase it
force it
fix it
push it
test it
push it
force it
quick, review it
13
106
440
Bad: "Why are you here?"
Better: "What are you interested in?"
Bad: "Are you a speaker?"
Better: "What are you speaking about?"
Bad: "Are you in marketing?"
Better: "What sort of work do you do?"
Bad: "Are you here with your boyfriend?"
Better: [Shut mouth, walk away]
If you see a woman at a technical conference, assume that she is technical
If you see a woman wearing a speaker badge at a technical conference, assume that she is actually a speaker
If you see a woman speaker at a technical conference, assume that she actually knows her shit
200
2K
11K
12
82
416
What online shopping looks like when your pi-hole is your DNS server.
4
18
411
9,898 👀
If I can get to 10k followers by Monday (which is a special day, to me) then I'll select one person at random who retweets this tweet (and is following me) and give out your choice of:
* 1 year VIP to Hackthebox
* Personal Binary Ninja license
Pic unrelated.
14
580
399
I wrote a BASIC program for the first time since I was a child. It was a very simple program. But the message was clear.
19
47
386
Gaining followers on twitter:
█
█
█
█ _
Post absolute shit Post useful things
15
50
370
Woah I left an http server running on :1337 for 12ish hours and didn't get a single stray HTTP request. This confirms my suspicion. Everyone change your http ports to 1337, 80 is too insecure.
14
25
369
Anyone who is considering retiring and opening up a bar, I implore you to simply call it "foo"
This provides a great opportunity to have a foo bar reference, while at the same time tricking bystanders into thinking you sell food but the d fell off.
23
34
353
The problem with Wi-Fi is there's no Ethernet cable to hastily unplug when I accidentally run live malware on my network.
27
38
357
Hi.
Your security team could probably benefit from hiring a UX expert.
Sincerely,
Everyone who has ever used any internal security tools.
15
46
346
So I had my OSCP exam today. Or I guess yesterday. I don't know, I didn't get a proper night's sleep. Anyways, I got to passing points with about 7.5 hours remaining and instead of calling it a night (or morning as it were), decided I would go on to try to solve the last one.
33
10
331
Hey red team friends,
As of this afternoon, I now have sole control over /r/redteam. Mostly looking to fill it with red team theory type posts, but good technical posts about challenges red teams face and potential solutions are also cool.
17
57
324
Everyone actin like they never accidentally hit publish on wordpress before
7
31
305
One of my biggest pet peeves:
Paying $150+ to attend a conference that then shares my contact information with their vendors that I didn't interact with.
But the tickets page says "We make no guarantees on the privacy of any information provided." so I guess it was my fault.
16
19
300
Last night I graduated from bedroom rapper to, whatever the level is where you perform live. Special thanks to fellow rapper, hacker, and friend
@dualcoremusic
.
25
10
305
You ever notice how the same people who say stupid shit like "html/css isn't real programming" are the same types of people who are adamant that their command line interface that you have to memorize 800 flags to use is a good interface?
19
34
298
I got promoted this week, as I approach my 1 year anniversary. First time in my career, nearly 10 years in, that I've gotten promoted without having to change roles to force it.
Work with people who recognize your skills, and who makes sure the organization recognizes them, too.
19
9
297
Man someone explaining "infosec 101" to tavis and someone else explaining opsec to grugq in a single day. Amazing.
12
24
289
Any sufficiently advanced malware is indistinguishable from security software.
18
51
294
Wow, today I learned. The history of computing is full of little gems like this.
15
81
292
Programming is one part text editor and 99 parts browser tabs with docs and stackoverflow.
13
72
289
My lyft driver is explaining cyber crime markets to me. It's good to be back in Vegas.
9
15
286
Microsoft:
"Can you help me make chocolate chip cookies?"
"A popular recipe is:
- 1 cup _________
- 2 cups _______
- 1 Tbsp ______
- Bake for __ minutes
Please subscribe to Office365 E42 to unlock the hidden core features of this recipe."
0
2
289
Beginning of decade / end of decade
Homeless -> my own apartment
95lbs -> 150lbs
Started exercising regularly.
1 tattoo -> "don't count anymore"
Failing high school -> Higher salary than I could've imagined in a job I didn't even know existed doing things I enjoy.
23
7
280
Today I am thankful that infosec twitter hasn't yet noticed that Signal soft launched a cryptocurrency wallet and payments integration yesterday, which will surely incense many of you.
Happy Thanksgiving 😏
19
26
279
Amazon:
"Can you help me make chocolate chip cookies?"
"To get started, you'll need 2 cups of Amazon Basic Chocolate Chips, an Amazon Basic drying rack, and a drop shipped baking sheet. Would you like me to add these to your cart?"
1
0
284
I'd love to know which "secure" messengers are backdoored by intelligence agencies that keep pushing the Signal FUD narrative to try to get people to switch off Signal.
It's like clockwork. And it's exhausting.
8
38
283
I've had my "dade jacket" for a few years now, but today I got this shirt in the mail, and I've wanted it for like 15 years. If it wasn't for
@HackersCurator
, I probably never would have been able to get one.
It's not an original, but then again neither am I, and that's ok.
11
21
276
I got this new keyboard today and you know what... Honestly?
I been fuckin hittin the "b" key with the wrong hand for 20 years.
36
7
280
I think one place that the infosec industry has largely failed is that infosec continues to develop material catering entirely to infosec. Most certifications are either marketed as or structured as something you do if you want a full time job doing security.
We should feel bad.
9
44
272
Harry Potter and the AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Tech Hogwarts.
Complete the title:
Harry Potter and the ________
2K
633
2K
16
42
278
Today, after twelve and a half years, my abuser has been paroled. I was only a kid when I had to miss a bunch of school to talk to cops, prosecutors, doctors, and court mandated psychologist appointments. A lot has changed in twelve years.
27
18
272
It never ceases to surprise me that so much of hacking can be summed up by the simple question:
"You put WHAT, WHERE?"
11
41
275
I'm one week into my new job and I can now safely assert the following things from first hand experience:
1. Building a security program is much harder than breaking one.
2. A company with 150 people moves so much faster than a company with 100,000.
I am tired. A lot.
8
11
276
I hope the cybertruck is made of a magnetic stainless steel alloy. Then we can see postmates, uber eats, and other courier services adopt the use of electromagnetic poons to shoot at the cybertrucks and catch free rides on their skateboards to neighboring Burbclaves.
12
46
275
You can create a .ssh/rc and it executes on ssh login prior to your shell or command, even if you disable TTY allocation.
Did you know about .ssh/rc before today? What about /etc/ssh/sshrc? Do you use it for totally legitimate reasons?
13
80
273
Someone on my red eye to new york told me that the trick to sleeping with your head down on the plane is to bring a deflated beach ball on your backpack and then inflate it to your comfort level on the fold out tray. I still think about how good a hacker that person must be.
6
26
262
Hi there friends, family, esteemed colleagues.
What if I told you that your conference talks would still be just as valuable even if you published the content in a written format?
What if I told you that they would be more valuable?
Thank you for coming to my TED talk.
12
26
261
If someone presents a Scooter hacking talk and doesn't call it Root Scoot and Boogie, I will be severely disappoint.
9
38
257
I've been working on this project for the last year or so. It's called Natlas, and it glues together some open source stuff to do scalable network scanning.
It's very much WIP but wanted people to be able to find it.
Public test:
7
77
254
Twitter:
"Can you help me make chocolate chip cookies?"
"I can't believe you would be so openly against Oatmeal Raisin. I know we've never talked before but get ready for my dissertation about why your choice of cookies is wrong."
1
0
257
If you call yourself a developer and you start tweets with "if you call yourself a developer" I just assume you are a junior.
11
12
248
In tonight's episode of Silicon Valley, I noticed this image in the background. It's a really nice touch. The name of the image is Lena, and it has been a standard test image in image processing since 1973.
6
16
234
Facebook:
"Can you help me make chocolate chip cookies?"
"Chocolate chip cookies are popular in your area right now! 19 of your friends have recently made them. Using your grandma's timeline, we give you the most authentic homemade cookie recipe, with a dash of dog whistle."
1
0
238