Jason Haddix
@Jhaddix
Followers
152,343
Following
7,495
Media
2,452
Statuses
17,402
CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec AI + hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.
Colorado
Joined February 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Colorado
• 133022 Tweets
Notre Dame
• 115160 Tweets
Kentucky
• 67807 Tweets
#仮面ライダーガヴ
• 56513 Tweets
The Weeknd
• 55885 Tweets
#AEWAllOut
• 52537 Tweets
Northern Illinois
• 38507 Tweets
Nebraska
• 35411 Tweets
Abel
• 29945 Tweets
Carti
• 29475 Tweets
#ブンブンジャー
• 25101 Tweets
Auburn
• 24168 Tweets
Talleres
• 24055 Tweets
#UFCVegas97
• 18724 Tweets
Medina
• 15765 Tweets
Willow
• 15755 Tweets
Bama
• 13979 Tweets
#ニノさん
• 13680 Tweets
Skullduggery
• 13293 Tweets
ショウマ
• 12907 Tweets
Herrera
• 12867 Tweets
ひろプリ
• 11876 Tweets
Last Seen Profiles
Pinned Tweet
⚠️ Giveaway ⚠️
Want to learn modern reconnaissance and hacking skills?
Join The Bug Hunter's Methodology Cohort 5!
October 2nd, 3rd, 4th -
Like and retweet this post for a chance to win a free seat! Five winners will be announced on Sept 1st!
122
808
1K
A 13 year old coded a botnet control framework that utilizes pastebin and github for control of hosts in red teaming…
This makes the hacker in me so hopeful.
Check out pastebomb when it’s dropped!
33
261
3K
🧵A hackers guide to FINDING cybersecurity jobs🧵
Many people know of the normal ways to look for jobs like LinkedIn & Indeed... but we're hackers!
Today I'm going to share with you my top places/tips for finding your next gig.
🚨Retweet, follow, & like for more! 🚨
1/
72
855
3K
👮 Hacking into several Prisons 👮
Here's how I did it (legally), and what I learned along the way!
A thread for security testers and cyber security pros
🧵👇
57
554
2K
Another long (hacker) story thread 🧵
= Stealing checks worth millions & pwning a bank =
Here’s how I did it, so you can learn.
I was once contracted to do a penetration test on a bank…
Like, retweet, and follow for more hacker stories!
(1/x)
58
533
2K
Here are the slides for The Bug Hunter's Methodology v4 Recon edition. Enjoy!
41
670
2K
A thread🧵
💸Secrets of automation-kings in bug bounty💸
Finding 1day (or 1month) web exploits that haven't made their into scanners yet can make you big money.
Read more to understand where and how to get an edge in this area!
🚨Retweet, follow, & like for more! 🚨
1/x
72
551
2K
I have a real problem with hacker elitism.
I dislike the term script kiddie.
This job does not make you better than anyone.
Taking pride in a thing you do for a career, that also happens to be fun , is a privilege.
please, participate positively in the community. <3
83
199
2K
My personal GPT for offensive security, SecGPT. Been working on it for a while now.
I use it like i have a peer in a chair next to me, asking questions to learn and bounce ideas off of.
Enjoy:
26
326
1K
Just FYI my content discovery file is:
My subdomain enumeration file is:
My github dork section of is:
Enjoy!
19
534
1K
(a LONG thread) 🧵
Inspired by
@infosec_au
&
@hacker_
here's one of my fun hacker stories:
= The complete compromise of a password manager company =
Here's how I did it (so you can learn):
I was given the project to pentest a password manager company: *.redacted.com
(1/16)
56
407
1K
Working on a pretty cool "The Bug Hunter's Methodology" Mindmap for you all this weekend =) Stay tuned!
33
425
1K
4/8/22
#bugbountydiary
#bugbountytips
Everyone is sick in the house but I had some running scans I needed to check up on.
I found a SQL injection bug on a blog.
Here's how I did it, so you can learn...
👇
🚨Like, retweet, & follow for more hacker tips!🚨
1/x
69
316
1K
🧙♀️ CISO Story Time
This is not exaggeration.
I have a good friend. He's a CISO of a multinational organization in the technology sector. We talk often.
Market trends, sales, and business regulations had the business decide to open an facility in China.
a 🧵 👇
27
271
1K
- Run all your subdomain tools
- uniq them
- Pass that list to: "amass enum -nf domains.txt" to insert them into the amass database.
Then track new findings each day via:
amass track -d | grep "Found"
#bugbountytips
#bugbountytip
thanks
@jeff_foley
8
375
1K
Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks.
All you have to do to win is like, retweet this tweet, and reply with “!”
I’ll pick winners next week!
If you haven’t seen my course, check out the link!
734
740
962
Are you new or getting started in pentesting?
Is it hard to come by AD environments to practice on except when on an engagement?
Check out:
Game of Active Directory (GOAD): A vulnerable Active Directory environment for penetration testing practice.
(link below)
14
220
963
== Trademark and Copyright Recon ==
How to find assets no other bug hunters have found.
One of my simple "secrets" for years.
Little automation exists for it.
💸💸💸
a thread🧵
🚨follow, retweet, & like for more hacker tips!🚨
1/x
48
283
959
🧵Mistakes I make in hacking or bug bounty 🧵
#bugbountytips
and hacking tips I wish I always adhered to 🙃
cc
@sr_b1mal
41
268
919
🥽 The Anti-Recon Recon Thread 🥽
Recon is important, but some people hate it. I get it.
When you're in the zone & ready to pounce on a target, you just want to start hacking.
Want the best of both worlds? Quick/complete recon, WITH great coverage?
(a long thread)
🧵⬇️
56
337
917
Just so people know, I'm not crazy...
On the left, Burp 1.7 after spidering JUST and setting a scope rule for "tesla"
On the right Burp 2023, with Incy Wincy crawler ON (via fastest config)
Same configs.
* 2023 Burp took 1.5 hours for the crawl
*
49
150
916
Created a WAHH Methodology desktop background for Web Application hackers:
26
543
881
🧵Another hacker story thread! 🧵
== The Medical Alert Hack ==
Not too long ago I put a whole city on high alert during a security assessment. A tale of caution. 💀
Read along to learn my approach & mistakes!
🚨Retweet, follow, & like for more hacker stories! 🚨
1/x
👇🏼
28
206
857
🧵A Practice Target SUPER Thread🧵
Offensive Security People!
Want to take your theory to live targets?
Need some resume filler?
Just want to keep fresh and practice?
Here's a thread of my favorite practice targets to recommend.
🚨Retweet, follow, & like for more! 🚨
1/
55
302
850
When you look up your target's ASN you'll find their ipv4 & ipv6 ranges.
Here's a one-liner to request all the webserver's SSL certificates and parse them for NEW TLD's, domains, and subdomains.
#bugbountytips
35
220
829
A pretty 🔥 resource I keep bookmarked for AWS security projects -
5
282
796
Hey
@Shopify
@Hacker0x01
...
I have had two bug hunters come to me and tell me horror stories about your bug bounty lately.
Valid bugs being exploited and you coming out saying... "oh we had planned on fixing that... no impact"
That is NOT the bug bounty contract. If there
77
136
800
😱. Need some subdomain data, really, really, really quick?
Without using command line tools?
Checkout -
26
186
777
🤖 WebSecGPT - Your AI security buddy
Hacking an API or JS framework?
Don't have a swagger file or struggling to understand the app?
Wanna quickly identify all js sinks?
Meet WebSecGPT
(a thread ) 👇
20
226
766
My
#nahamcon2022
Keynote recording is out!
The Bug Hunter's Methodology: Application Analysis v1
Learn my tips, tricks, & tools for web pentesting or bug bounty. Thanks Ben (
@NahamSec
) & NahamCon!
🚨Retweet, follow, & like for more hacker content! 🚨
44
233
745
🔍 My ultimate workflow for simple and easy JavaScript Analysis
⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins.
Often you can find juicy hidden endpoints, parameters, & domains buried JS!
A thread 🧵 1/x
👇
44
244
741
I have a friend who has been tasked with conducting DDoS testing (approved as part of a red teaming exercise).
I suggested because it's what malicious actors are using in conjunction with freshly purchased SOCKS proxies.
Do you know of any other tools
21
191
744
💪 Code Literacy is a Super Power for Hackers 💪
(and Security Literacy is a super power for devs)
Knowing how vulnerabilities are mitigated makes you a 10x engineer (sec or dev)
Check out this thread for some of my fav
🔥FREE🔥
resources. ⬇️
(Also send me more!)
32
261
724
Yubikey cloning possible. Crazy.
But the threat scenario is hard:
35
136
785
I started in helpdesk with very little comsci background, then *heard* pentesting was a thing you could make a career. I begged, borrowed, ++ to learn everything I could about it. You can do it too. I promise.
Happy holidays hackers. Especially newbies out there. Keep grinding.
20
86
703
Bypass Url Parser by
@TheLaluka
Checking the source, I can confirm many of these methods have worked for me in the past. Including a string of auth bypasses for $30k on a bounty platform.
Excited to test tool instead of doing it all manually 🤩
25
214
709
Hello all,
Here are the slides for the Bug Hunters Methodology Application Analysis v1:
#NahamCon2022
42
267
702
I've dropped my 403 bypass tampers on
@DanielMiessler
,
@g0tmi1k
, and I's project SecLists this afternoon.
I have found many bugs with these tricks.
Enjoy 🫶✌️🤫
12
169
701
Information security is one of those scenes where you can go from nothing to a lifelong happy career without a degree or pedigree. I love it.
12
98
691
🧵Another new hacker story thread! 🧵
== The 100 Million Person Data Disclosure ==
That time I hacked a whole country by accident!
🚨Retweet, follow, & like for more hacker stories! 🚨
1/x
👇
22
143
678
An epic talk on advanced Burp Suite usage by
@Agarri_FR
at
@NorthSec_io
:
"Burp Suite Pro tips and tricks, the sequel"
Slides:
13
230
677
= Infosec super-thread =
A big part of my presos is tools/resources I like for offensive security & bug hunting.
Here's a thread of "PRINT" resources cited in the Bug Hunter's Methodology Application Analysis v1
a 🧵
#bugbountytips
#Pentesting
1/x
50
230
663
🧵Another hacker story thread!🧵
=== Penetrating a Porn Site ===
How I hacked access to the most sensitive areas of a porn site using only low severity vulnerabilities.
Here's how I did it...
👇
🚨follow, retweet, & like for more hacker stories!🚨
1/x
41
177
648
A thread/tip for hackers/defenders/organizations. 🧵
⚠️A commonly found vulnerability for organizations is credentials leaked on Github.⚠️
Sometimes this can be from the organization's OWN code repositories on GitHub, but...
🚨follow, retweet, & like for more tips!🚨
1/x 👇
33
203
627
MGM gaming floor makes 1-1.3 million a day.
65% of the gaming floor is down.
That’s conservatively 650k/d, plus IP loss, ransom payment, legal fees, recovery, fines, overtime, & PR loss. Plus the hotel is impacted as well.
guessing that bug bounty + security budget isn’t
25
72
624
🐻 Hacking a Search / Cloud Company 🐻
I once took over a MAJOR foreign search/cloud company.
I had full access to every employees email & full source code for all their apps.
Here's how it did it (legally)… ⬇️🧵
21
150
606
🧵Full-Time Bug Bounty Hunter thread 🧵
I'm looking for people to jump in and give me their perspectives. This is all speculative and in US hyper inflated markets.
A Sr/Principle Security Tester in the US can command $150-200k salary in big markets (SFO, LA, NY).
👇1/x
43
106
575
The next level of automation in recon is targeted content discovery / directory bruteforcing for CVE's ++. Want a good start on these fingerprints/ templates? They exist!
5
222
565
Web Pentesting / Bounty Tip:
Some people like using a command-line spider for gathering endpoints. Katana is one of these security focused spiders:
When using katana:
1) use "-headless" as modern CDN WAFs block many command-line spiders.
2) use
5
129
576
On last night's stream we did an overview of all the great "targets" and resources newbies can learn hacking on. It was super fun! Most of it came from my appsec bootcamp which I mentioned briefly.
Will upload the video to YouTube tomorrow =)
16
156
561
Jeez, there were a lot of hacker Twitter peeps throwing hate at each other, and the weekend is not even over.
You know what’s really cool? Being kind, supportive, and not gatekeeping.
That’s fucking RAD.
0
59
556
I know it's common sense but remember when parsing JS for endpoints/files:
/ = Root directory
. = This location
.. = Up a directory
./ = Current directory
../ = Parent of current directory
../../ = Two directories backwards
#bugbountytips
?
2
150
544
Want a free training on AWS Security?
@Kloudleinc
is GIVING away a free one on taught by
@riyazwalikar
A 7.5 hour AWS Security Masterclass including...
18
146
547
PSA if new: Alongside
@PentesterLab
&
@WebSecAcademy
, you should all be checking out
@sambowne
's courses. Free & online.
Web Hacking:
Incident Response:
and find all the others scrolling down:
11
230
536
If you didn't know or just missed it
@portswigger
maintains a configurable XSS cheatsheet for web security testers here:
It includes features to build payloads with exactly what you need, and has written context around injections!
I use it often. Enjoy!
7
120
545
Analysis of 18,000+ parameters reveals *File inclusion/Path Traversal & Server Side Request Forgery* most often take place within these parameters.
Check out
@swagnetow
& mine's
@Burp_Suite
extension HUNT to alert whenever it sees 1 of these params.
6
269
525
I still feel like I’m on that 3rd step with Linux AND hacking lol
66
1K
3K
15
109
517
The next cohort of "The Bug Hunter's Methodology Live" will be:
US: March 2nd-3rd
EU: March 9th-10th
Repost, like, and reply for a chance at a free seat!
New in v2.5 - More Burp, more JS analysis, more IDOR/MFLAC!
135
236
507
I’ve been leading Ubisoft’s security team for the last 4 years.
It has been an epic adventure & I have learned so much along the way. I have truly worked with some great people.
It is, however, time for me to move on. I will depart Jan 2.
Stay tuned for what’s next 🫡
34
3
523
Being a hacker has little to with your job.
It's in your blood, your soul— it's a way of thinking. It's curiosity, creativity, and challenging norms.
It's a relentless pursuit of knowledge, it's embracing the unconventional.
Whatever you do today, bring the hacker mindset.
15
103
511
CISO & Security Exec friends:
Shit is changing. You can be held accountable for risk decisions.
Cover yourself with your contract, document everything, build into your yearly cost a legal stipend, build into your contract fixed/immutable severance package.
Just my 2c ✌️
18
73
510
Statistical analysis of 18,000+ applications reveals *SQL Injection* most often takes place in these parameters.
Check out
@swagnetow
and mine's
@Burp_Suite
extension HUNT to alert whenever Burp sees one of these params, & gives advice to manually test.
3
255
502
OWASP LLM Top Ten v.1:
🚀 Prompt Injections
💧 Data Leakage
🏖️ Inadequate Sandboxing
📜 Unauthorized Code Execution
🌐 SSRF Vulnerabilities
⚖️ Overreliance on LLM-generated Content
🧭 Inadequate AI Alignment
🚫 Insufficient Access Controls
⚠️ Improper Error Handling
💀 Training
12
172
510
Taking a break from bounty and social media for a while. Prob a month or two.
Been pretty dark since defcon, I think I burned myself out 🥱
Stay safe everyone
❤️
34
4
506
Simple but impactful tip for content discovery. Always use the subdomain as a path. Often it is the root of the application
#bugbountytips
#bugbountytip
:
try:
and then do content discovery
13
153
496
Hey friends. Sorry I’ve been so incognito recently. Julia (my wife) had some serious health issues the last few months that culminated in emergency surgery last week. Looks like we are out of the woods now but in recovery mode for a few more weeks. Love you all.
62
2
492
🛹 AwsScrape:
My GO script to monitor AWS IP ranges & alert when it sees a keyword in SSL certificate data (CN, O, OU)
I have found many "ephemeral", dev, & misconfigured hosts monitoring the cloud space like this. Slow but powerful.
Enjoy!
11
99
488
I hope this graphic never disappears 😎
So I will continue to repost every once and a while!
6
82
468
#bugbountytips
🧵 1/x
Starting from almost scratch. Testing Environment:
DO Ubuntu VPS, 2 vCPUs. 4GB mem / 60GB Disk, ($20/mo)
This works for most general tasks. In most VPS intensive tasks (content discovery, fuzzing, etc) memory is your bottleneck.
22
106
450
Exploring parameter fuzzing?
Use ffuf via .ffufrc config file or command line, custom, FUZZ keyword.
Get a general param list by me,
@DanielMiessler
, and
@albinowax
:
and the debug list by me &
@G0LDEN_infosec
:
Enjoy!
4
119
455
So… I just finished my 1st
@Hacker0x01
Live Hacking event & I’m heading into another with
@Bugcrowd
As a program owner, hacker, & security leader… I have thoughts!
Read along for some spicy bounty takes.
🚨 Like, follow, & retweet for more security content 🚨
a 🧵
1/x
6
62
450
OWASP WrongSecrets
A hands-on game packed with real-life examples of improper secrets management in software.
Includes 41 challenges to enhance your understanding of leaked secrets and can help you practice with the tools needed to detect them!
2
117
444
Dropped some previews of "The Bug Hunters Methodology v4 - App Hacking" the stream today. No ETA on release yet, WiP:
8
111
429