d3mondev

🔥 Puredns v2.1.0 has been released! This update comes with quality of life features: ☑ Bruteforce many domains at once ☑ Specify bruteforce location in domain ☑ Flag to use trusted resolvers only ☑ ...more! 🚨 Please RT and like for reach! ♥🤗 github.com/d3mondev/pured…

@galnagli @Google Congratulations Nagli! Well-deserved!

Super excited to join @Google and continue innovating at the intersection of AI & offensive security! Some amazing capabilities are coming very soon ✨

@sw33tLie Mine was finding so many "critical" findings, I actually had to make him a triager agent friend

Name a better feeling #bugbounty

@G0LDEN_infosec @Jhaddix I do the exact same thing on my workers! Except I use unbound instead of knot resolver (for no good reason - haven’t tested it)

New video alert! Just hopped on camera and yapped about how I do everything DNS for automation. Not saying it's perfect/right, but it is what I do :) Let me know what you think! youtu.be/otegh-41etk

Highly recommended!

@vxunderground Is the malware in the room with us right now?

Another funny story: I got malware (again) from trying to download "hacks" for Halo 2. I couldn't find the malware (again) so I randomly uninstalled software from the Control Panel. I uninstalled the audio drivers and network drivers. This didn't fix it. - smelly

When I was a teenager, I infected my personal computer trying to download "mods" for Windows XP. I couldn't find the malware (I only checked My Documents), so I thought the malware was in my modem. I convinced my parents to buy a new modem. It didn't fix it. - smelly

@InsiderPhD I love mine too! I started using it a lot for handwritten notes recently. But I keep it offline.

It’s just SUCH a niche device with terrible security but man I cannot imagine not having one now I spend so much free time reading because it’s so damn easy to pick up and read

My Boox is definitely my favourite purchase of this year that I’d never recommend to anyone else. But if you do want a e-reader with buttons, the flexibility of Android, and not being tied to Amazon. AND you don’t mind that it phones home A LOT and uses an outdated Android version maybe buy it!

Bug bounty hunting is a mental game, so remember this: there's always one more bug. Developers are humans, and humans make mistakes. Even on the most hardened target, there is always one more bug. You don't need private invites to find bugs. The scope of public programs is so big that there isn't enough hackers to cover 100% of it. There's always one more bug. Even if veteran hackers have tackled a program before you, you bring your unique perspective, methodology and mindset to the table. What one person might overlook, you might spot instantly. Also, there's always one more bug. There are always new features rolling out. Always new attack surface to be discovered. Always new vulnerabilities. Always one more bug.

Bug bounty hunters: What’s your advice for someone who’s trying to make their first $100,000 in 2025? What should they do/learn? What should they avoid?

As a bug bounty hunter, I’m sooo happy with all the AI tools that allow non-engineers to push code in production 🤑

How to choose remote wordlists or upload your own local wordlists when running a module that has the _wordlist_ variable! Here's a great example using @d3mondev's puredns-bruteforce module 👇

@thiezn_ That's exactly it, thanks for providing the details!

@d3mondev Never knew about that! So it seems you can create a CAA record with the iodef tag and an email address. Certificate providers have to validate CAA records nowadays and seems they will send an email to the iodef record. Sorry you missed the dangling record

TIL that CAA records can cause notifications when a certificate is requested from a CA that isn't permitted for the domain. A subdomain takeover slipped through my fingers because of that. They fixed it before I could submit a report. Always check those CAA records first!

I wish I could better show appreciation to some of the triagers who are awesome. Like with a tip or something. (this is probably a terrible idea)

🚀 Introducing SanicDNS 🚀 Looking for lightning-fast domain resolutions? SanicDNS resolves up to 5M domains per second! 🏎️💨 github.com/hadriansecurit…

Another lightbulb moment! Having Claude 3.5 Sonnet write my commit message from a git diff. Better documentation than I could ever write 🤯

I'm super happy with Open WebUI. I'm running Claude 3.5 Sonnet and ChatGPT 4o side by side while coding. They often give me a different perspective. I unsubbed from ChatGPT and will use the API exclusively from now on. github.com/open-webui/ope…

In my anecdotal experience, I prefer code written by Claude 3.5 Sonnet over ChatGPT 4 about 70% of the time. I find the code is cleaner, more idiomatic, and that the prompt is more closely respected.

@securibee tmp.txt out.txt temp.txt tmp2.txt ...

How do you name your *.txt files while hacking? targets.txt subs.txt ...

@securibee Oh that's interesting! Here's mine

What are your most used CLI commands?

@fattselimi You need an agent to deal with that for you 😂

Waking up and dealing with triagers its a pain