Ty Anderson

I've released the first two levels of Hack Back - the world's first RTS hacking game🎮 - for FREE!! I designed and built this game over the last year to teach the world about offensive security concepts in a fun and interactive way. Discord link in Steam store.steampowered.com/app/3709680/Ha…

Over the years, I've seen four common challenges that offsec folks face when trying to move into red teaming: red teaming philosophy, adversarial mindset, understanding red team operations, and gaining experience. Here are my recommendations and references @ty.anderson.3/transitioning-from-offsec-to-red-teaming-165fc2e968f8" target="_blank" rel="nofollow noopener">medium.com/@ty.anderson.3…

I took a sandboxed expression injection to full RCE in 4hrs thanks to AI . It's amazing what AI can do when guided correctly 💀 #bugbountytips

We're hiring a Senior Red Team Engineer @Adobe We're looking for an experienced Red Teamer to design, execute, and evolve Red and Purple Team operations Learn more and apply here: careers.adobe.com/us/en/job/R157…

I'm thrilled to announce the Coming Soon of my offensive security game, Hack Back! After a year of development, I've released a blog introducing the project and game, which includes a link to Hack Back's Steam game page. Check it out! @ty.anderson.3/hack-back-game-coming-soon-f81c88432579" target="_blank" rel="nofollow noopener">medium.com/@ty.anderson.3…

“how to secure your service” guides can also dual-purpose as “how to hack me” guides 🙃

A student friend asked me for some advice on how to prepare for a career in offensive security, so I wrote a blog on it. Know your options, gain the skills, prove your worth. @ty.anderson.3/preparing-for-a-career-in-offensive-security-dbe2d6ab277b" target="_blank" rel="nofollow noopener">medium.com/@ty.anderson.3…

@HackingLZ correction, YOUR assets in yahoo

@HackingLZ hm what's this say about yahoo's interest in protecting their assets?

Smh 🤦‍♂️

This is nuts. Major investigation reveals ExxonMobil allegedly orchestrated hack-for-hire campaign targeting 500+ climate activists and journalists.

Checkout my latest blog on how our @Adobe Red Team uses AI to keep pace with adversaries and prioritize meaningful work blog.developer.adobe.com/ai-powered-red…

@evilsocket most media just want clicks ($, power, influence). it's rare they care more about what's moral or right

somebody might consider the idea that if a single person writes something on twitter and the media picks up only part of what they said and make it sounds like it's the apocalypse, maybe the problem is in the media system

@_MG_ You’ll definitely need to know your audience. What excites them and what’s the impact they can expect to now be able to reach after listening to you

I think I’m going to try something new (to me) and I’d love feedback/ideas/suggestions/etc. It’s communicating to large audiences outside of the infosec bubble. Historically, it’s something I don’t find interesting. But lately I can’t stop thinking about the fact that is a unique skill & deceptively hard to do it right. What do you see as the factors that are needed to do it right? I have another question to ask about a curious phenomenon connected to this topic, but am going to save it for another thread as to not derail my own post.

@_MG_ What type of communication are you considering? Blog? Interview? Speech? I’ve got a project in the works around this as well and I’m interested in your approach

@galnagli @Hacker0x01 now that's red teaming at it's finest! intentional functionality exploited by an adversarial mindset 👏

It’s amazing what 30 mins of research can do. I went years not understanding a common offsec file type. I ChatGPT’d it and it’s bright as day and I’m incorporating it into my offsec tooling now.

A shoutout to making learning a lifelong goal! Includes a general summary of how I became a Red Teamer. Loved BYU and what they taught me. linkedin.com/posts/ty-ander…

I'm hiring a Senior Red Team Engineer! Join the @Adobe Red Team! If you have any questions, feel free to reach out. careers.adobe.com/us/en/job/R146…

Cybersecurity Red Teaming: When Assumptions Aren't Enough I am excited to share the article I published about our Red Team's capabilities, custom toolkit, and overall impact on @Adobe blog.developer.adobe.com/cybersecurity-…

how to automate BurpSuite Collaborator log analysis for dns exfil, Notify, etc: 1. run collaborator; in settings enable polling over http 2. run `sudo tcpdump -i any -v | grep polling -B 1` to get your token 3. automate the GETs thanks @rickoooooo! richardosgood.com/posts/burp-sui…