pry0cc
@pry0cc
Followers
31,229
Following
1,165
Media
2,947
Statuses
45,356
Explore trending content on Musk Viewer
#今月描いた絵を晒そう
• 230650 Tweets
PASTEL FRESHTORY X GF
• 187991 Tweets
Mombasa
• 110705 Tweets
OUROAD GRAND OPEN HOUSE
• 75797 Tweets
Griezmann
• 74160 Tweets
Meat Eaters Will Go To Hell
• 45861 Tweets
IRIAM
• 42881 Tweets
ASTRO
• 42590 Tweets
OHMLENG IDEA LIVE
• 39145 Tweets
Indigenous
• 27373 Tweets
Grizou
• 21516 Tweets
シャウエッセン
• 20074 Tweets
ムーンライト
• 19966 Tweets
#ゆうぴー愛してるぞ
• 19934 Tweets
チャウヌ
• 19355 Tweets
Deschamps
• 19095 Tweets
Re:ERA beginning
• 10106 Tweets
How to dox a hacker and get their address:
Ask them: ❌
OSINT Wizardry: ❌
Offer them free stickers: ✅
33
255
1K
How to get a P1 XSS in 10 seconds.
1. Find site
2. Find open port 80
3. Visit with Chrome
Then I suddenly remember, just:
CTRL+SHIFT+J
Console > type in the console, alert('hacked') ENTER
BOOM! P1 XSS! 🔥
Easy as that! 🤯😇
#bugbounty
104
211
1K
If anybody ever tells you your idea is dumb - just read this post and keep going :)
29
239
960
This happens all the time.
1. Company hires talented person
2. Person single handedly builds critical stuff that needs building and fights for it
3. Management underpay that person
4. That person leaves
5. The company flails because they didn’t know what they had
14
156
920
The saddest thing about IT & Cybersecurity is that 99% of the problems we're facing are not technical.
They're cultural, management and budget-related.
Implementing basic security controls, patching regularly, segmenting your network, EDR/AV on everything, it's basic shit.
21
181
719
Hey you,
If you want to upgrade your cat, try bat.
alias cat="bat --style=grid"
It does automatic syntax highlighting, will automatically 'less' itself if your file is too large, and detects automatically when you pipe it so it doesn't inject colors.
19
152
721
So I applied… and….
I got the job! 😃
Offensive Security Engineer @ AWS, starting in 2 weeks.
Wish me luck :)
Hey, I am hiring (Virtual US Support) to help me run the Bug Bounty program over here at AWS. Looking for an experienced TPM and Security Engineer that want to help drive new program initiatives, expand our program, build a community and of course day-to day operations.
5
33
118
81
7
706
Ok, hear me out. If you’re just starting offensive security / learning to hack. Learn your fundamentals, Linux shell, windows shell, networking, HTTP.
Then watch every single one of
@ippsec
’s videos and break them down and take notes. Then follow along.
You’ll get good quick 👍
23
126
698
OK!
I'm going to talk to you today about the Flipper Zero.
You may not have heard about it, but it's fucking epic.
29
167
650
HEY!
SERIOUSLY. Do not ever underestimate the power of OSINT when doing pentests or webapps (especially if its scoped tightly)
I just got root user MySQL creds this way - expand this and I'll explain how I did it.
👇👇👇
18
169
625
Hacking is usually 99% 'jus trying shit' and 1% "FUCK YEA IM A GENIUS"
23
80
577
Little word to employers in the security space:
There are barely any qualified and experienced people in this field.
*Only* hiring experts is *not* sustainable.
We need to get into the mindset of hiring and investing in people early on.
Don’t buy a grown tree, buy a seed.
18
95
565
If you could share one bash trick to a friend hacker what would you share?
🧵🪡🔥👇
138
111
531
Hey. You. The one judging me for being young.
Yes I am 20, yes my girlfriend is older than me, yes I founded a cybersecurity forum at 16, yes I never went to Uni, yes I already nearly have 2 years xp as a pentester / security pro.
Stop 👏 judging 👏 me 👏 by 👏 my 👏 age.
65
29
525
DAMNN
People just be dropping ClamAV 0days like its hot 👌🔥🔥🔥
And on Pastebin, anonymously!
4
216
491
Want to "hack" into something for the first time in under 1 hour? (For moderate technical)
If you're new - this is a fun way to get started (it's how I got started). Get an app called "fing" on your phone, join client network, scan for devices, then port scan each device. 1/2
18
79
443
If you want to make a pentester go crazy, give them a non-vulnerable web app and tell them it’s vulnerable to a vulnerability and it’s easy to find and exploit.
Then watch them melt down.
38
44
428
I don’t know who needs to hear this, STOP SENDING YOUR RESUME AS A DOCX
SEND IT AS A PDF YOU FUCKING DONUT
52
24
399
Man, Axiom is building a pretty impressive portfolio of tools.
aquatone
httprobe
subfinder
assetfinder
gf
masscan
sn0int
kxss
jq
SecLists
gobuster
nmap
waybackurls
amass
anti-burl
Golang (setup, path configured, latest version)
hakrawler
14
164
400
Most people running vuln scans don’t know how to interpret the results
37
23
393
Pentesting expectation: Hacking into the mainframe, EDR evasion, physical penetration, sliding past blue teamers.
Pentesting reality: Taking a screenshot of a password reset page that responds "invalid email" if the email is invalid.
5
40
347
Doing internet scanning research?
I have a list of IP ranges owned by top cloud providers, AWS, Azure, GCP, Godaddy, Linode, Rackspace.
All ready for internet research with masscan!
13
120
340
Wow I did not know this!
proxychains -q zsh
Now all your connections are tunneled through your SOCKS proxy! how sick is that!
6
80
329
Ok. Today is the day.
It's not finished - but it's good enough to release.
A set of utilities for managing and setting up your own hacking infrastructure on DO, preinstalls all the packages you could ever want for
#redteam
and
#BugBounty
!
23
113
321
How to get a P1 in 45 seconds.
1. Subfinder and resolve IPs
2. Find open port 80
Then I suddenly remember, just:
nc -v host 80
P1! 🔥🔥🔥😵
Easy as that! 😇
#bugbounty
43
46
321
More secure than a password manager when locked in a safe or not? What do you think? 🤔
54
43
310
To everybody trying to break into security.
YOU DON’T NEED KALI.
Install pretty much any Linux distro, you’ll be covered. Why would you daily Ubuntu and then run a Kali VM? Doesn’t make any sense to me.
Stop worrying about your OS and start learning about actually hacking.
28
53
311
If you were going to build a cybersecurity sticker starter pack, what would you include? 😅
Let me know below! Might be working on something 👀👇
37
47
299
People who WFH, how long is the transition between you waking up and starting your workday?
If you start at 8, what time do you get out of bed? 😅
370
7
306
I know a lotta infosec people also carry firearms.
Drop your EDC Concealed carry setup below I’m excited to get my own!
149
13
287
Im super proud to announce I will be joining
@Truesec
as a Senior Cyber Security Consultant! 🎉🎉🔥
I’m listed alongside some absolute industry legends here, and for that I am very humbled!
Looking forward to preventing breaches and having fun! 🔥❤️👌🏼
71
8
294
Going to show ya’ll how to solve a problem that took me way too long to solve. 🧐
How do you extract all the URL’s for web servers from an nmap scan?
& How do you account for vhosts when doing so?
The old way to discover web servers on a list of targets was one of two ways 🧵
14
86
295
Incase you weren't already aware - I maintain a custom wordlist generator called "relevant wordlists".
Every couple months I scrape headlines from news sources all over the world and put the unique words into a wordlist.
This is useful for cracking! 🔥
8
86
290
Ya boi just got promoted.
😎
We also might happen to be looking for a new hire in UK or US, fully remote.
34
15
286
Peeps - you don't need a MacBook Pro to hack.
All you really need is a light laptop that can run Linux or a cheap Macbook and then just abuse the shit out of the cloud.
It's seriously the way.
I built all of 0x00sec on a HQ Compaq 2710p, with a broken screen.
22
23
281
Cheeky 2 week honeymoon in NJ and then back to the UK while the paperwork processes…. ✌️🔥🇺🇸😴
12
0
278
Oh my god.
These guys reverse-engineered Stuxnet, and then wrote working C code from those reverse engineered binaries.
HUGE props to these guys, this is amazing.
2
109
275
You prolly don’t need a mentor. I mean, they can help. But you don’t need somebody to handhold you into being a hacker.
Go get OSCP, hackthebox and do bug bounty, get a few reports, then get a job. In that order. That’s it. It might take you 5 years. Be patient.
19
40
271
I recently learned that you can do:
nmap -T4 -iL ips -sV --top-ports 2000 -oA scan/%d-%m-%y
And provide %d %m %y to format the date into the output file!
Pretty cool! 🔥
5
57
275
Guys seriously. You HAVE to start doing hacktheboxes. They’re so hard for a newbie to start, but you eventually learn enough to start owning boxes.
And that’s where the magic happens. You can develop experience artificially.
14
29
269
Do you want to hear a piece of my secret to success?
Failure.
Fail often. Everytime you make a mistake, you have an opportunity to learn. Take risks. Try things out. If it fails 99% of the time - amazing.
You have a 1% success and you can learn 99% of the time :)
16
60
262
Just tested axiom-scan w/ masscan, full port range 0-65535 on 10k IP addresses.
Took 19 minutes across 10 instances. That's 9 IP's per second using full port ranges :D
We found 118,635 total services.... in 19 minutes....
17
24
258
You can learn everything in this list with a good level of competency within 5 years
This is just 😂
So.. people applying for the role of Full Stack Web Developer this for you 🤣
78
1K
6K
21
32
251
I've recently shifted my entire pentest and hacking methodology to using axiom instances for everything.
I don't hack from my local box anymore. Let me show you how I hack these days:
1) Spin up an instance, axiom-init
👇👇🔥
7
58
259
This is fucking scary.
A security researcher found with Chase bank you could send negative balances to other accounts and accumulate thousands in travel points.
They reported it, Chase bank closed all their accounts...😠
10
104
257
🚨HOW TO GET RCE ON AWS IN 60 SECONDS 🚨
1. Register an account
2. Spin up an EC2 instance
3. SSH in
Boom, you just got RCE on a cloud provider.
11
32
251
Windows, can you stop fucking turning on real-time protection after I turn it off, you’re deleting my work. You fucker.
22
15
244
Tip for pentesters:
If you have a windows lab, watch the event log as you own the network. Watch the event IDs and learn them!
A SOC is going to analyse those IDs and use it to track you, if you can tell them what they should’ve seen in the logs post test- it’s super helpful!
3
27
242
Finding bugs in pentests is way easier than bug bounty IMO
I find the dumbest shit in my pentests
23
14
237
Excuse me - what the actual fuck is automated penetration testing?
🙃
83
36
235
Does anybody know of good resources to brush up on code review and identifying vulnerabilities in code?
29
38
234
Does anybody else use two browsers for web testing?
One for research and one for testing?
47
8
230
Ok. It's live!
A new blog post - it was time for Delta to get some love, that is where I have used this most at
@NaviSecCyber
Unmasking and Bypassing WAF's including
#CloudFlare
! 🔥✅
I really hope you like it :)
#redteam
#bugbounty
8
81
223
Just released a little utility with the help of the legend
@hakluke
🏆
It converts nmap xml to IP:Port notation, and it’s in Go, which means you can run it as a binary which is insanely useful for me personally.
E.g
tew nmap.xml | httpx
6
51
223
Somebody needs to figure out how to hire and make really good use of the people who want to go from general IT Helpdesk skills and level up to a security practitioner in some aspect.
There are thousands of people in this place begging to get into infosec that hit hiring walls
22
27
202
This is what happens when y’all say HTML is a programming language and not markup 😭🤣
We want to be clear, this DESE hack was more than a simple “right click.”
THE FACTS: An individual accessed source code and then went a step further to convert and decode that data in order to obtain Missouri teachers’ personal information. (1/3)
2K
40
130
8
25
201
I can't explain why but the feeling when this works never feels gets old :P
20
18
202
When you don’t have a requirements.txt so you just pip install a new dependency every time you run it.
7
33
196
Just
#goodvibes
and axiom fleet development 🔥👊🏼
This is axiom-scan performing a distributed nmap scan across a fleet of instances, then outputting to a bootstrap HTML searchable page.
Thanks to
@stokfredrik
for bouncing ideas off of, 100% credit to him for the XSL idea!
4
32
196
Ok... So it seems that you can enumerate & validate o365 emails using ffuf 👇
Scrapes the /GetCredentialType endpoint matching regex.. 🥳
ffuf -w emails.txt -X POST -d '{"username":"FUZZ"}' -u
https://login.microsoftonline[.]com/common/GetCredentialType
-mr 'IfExistsResult":0'
4
46
202
I've taken a small detour away from Offensive Security and been doing Linux Forensics & Incident Response.
I really enjoy this new field of IR, it is a lot like pentesting and enumerating just backwards. With a different perspective.
10
10
190
Pssst
Did you know I dropped an article last night on WAF Bypasses using OSINT & a bunch of other tricks?
2
56
192
- Google dorked site
- Found open HTTP dir
- Navigated there - was patched
- Viewed Google Cache, Error log path was exposed
- Copied that same path to the / of the site, downloaded 300MB of web error logs.
- Parsed the errors found creds in plaintext.
5
28
191
I just uploaded my first proper cybersec video to YouTube!
First time I've edited in a little while :) Felt good to get my creative on :P
----------------------
Axiom Demo - Resolving 6 million domains in 5 minutes with 100 instances! 🔥🎉
13
33
189
I'm so surprised this method still works to bypass Windows Defender.
1
65
189
My amazing girlfriend
@akolsuoicauqol
is taking her CISM exam RIGHT NOW!
She has been studying so hard for this, and I’m so proud of her no matter what the outcome is :)
🎉
13
2
184
FYI to y’all:
I don’t hold any certs - none. I left school at 16.
I had a website, a GitHub repo and a hackthebox rank.
Lots of companies are waking up to the reality that the talent in this industry don’t require letters to their name, they have code.
Please do me a favor. Talk to your hiring departments and ask them to look at an individuals success in online cyber ranges the same as certs.
We need to open more pathways into this industry.
31
79
506
15
26
186
I just wrote a keybind to take the image from my clipboard, run it through OCR (extract the text), and then copy the output to my clipboard.
Now I can copy-paste text THROUGH images 😍
11
44
185
Project Crobat is really the fastest DNS enumeration method yet
Being fully opensourced in the near future :)
Supports full wildcard on domain index too. Search by {domain}.* and pull all subdomains.
1
32
184
Just found 10 SQL Injections within the first 30 minutes of this test 🥳
4
7
175
WAF Bypasses are a really common finding on pentests lately - they're easy to do but can have quite a big impact if they have vulns hiding underneath.
Should I do a writeup? Is it even worth talking about or is it too skiddy? :P
Let me know.
24
6
174
GitHub - johnnyxmas/ScanCannon: Combines the speed of masscan with the reliability and detailed enumeration of nmap
This has some cool bash code to steal
2
44
169