Davy

@MosheTov @AlvieriD @udemy Underrated post 😂

@AlvieriD @udemy They are selling Udemys data for 3,000,000$, but for a limited time you can grab it for 19.99$

Udemy online educational platform has been breached by ShinyHunters 1.4 million alleged student records containing PII are being claimed @udemy

@_RastaMouse What software do you think will give you the most trouble. You don't come across as much of a PowerPoint kinda Mouse, and I guess all things 'officey' are in the browser now. Adobe's creative stuff holds me back, would be so good if that stuff just worked without virtualization.

I'm going to legit try and make the jump to Linux as my daily driver. Wish me luck, fam.

@stokfredrik I like to think about it more like hunters getting a promotion to a management position, now that the tools are starting to think for themselves they need guidance and support to do an effective job. 🙂

I once said: AI is not going to take your job as a pentester or bugbounty hunter. I was wrong.

@steventruax @garethheyes I got a copy ages ago, I was far from disappointed... What didn't you like?

I’ve just bought #javascriptforhackers by @garethheyes and feel a little disappointed.

@claudeai Should just happen by default, no need to prompt it..... But better than nothing. Nice.

We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features: - /security-review slash command for ad-hoc security reviews - GitHub Actions integration for automatic reviews on every PR

@aroesec To host a VM with Linux in it.

Serious engineers use Windows.

@1n44n6 @mubix I would read

@mubix This would be an entertaining blog.

I use Log4shell canaries in my passwords and I have one per website. It’s been crazy interesting the sites that I have gotten pings for and where the pings are from. I think it’s cool. It would be a fun talk to put together and a good story to tell but not useful…

@bilawalsidhu @jimmycarr aren't some of these your jokes?

Conjuring burning man interviews out of latent space. Veo 3 is too good!

@snyff You got the numbers the wrong way around... Try 200 hours for 2k.

I’ve spent 2 solid hours doing bug bounty and I still haven’t made $200k. Can someone tell me what I’m doing wrong? #bugbountytips

@brianwhelton The red bull is a must.

@aroesec That's the productive eye, it's the rest that's lazy. 😂

Grok gave me a lazy eye. It's not ready to build thumbnails

@MalwareJake Violence isn't the way, goosefrabbah, goosefrabbah!

I want to find the Microsoft engineer behind this and beat them with dimensional lumber...

@splint3rsec Any recommendations?

hunting while listening to chillstep is another type of hunting

@UDAYDocs Keep going, you're doing great, this thread is awesome.

🎯 Day 122 ✅Completed Science of Rapid Skill Acquisition Book 📚1111/10000 - H1 Reports

Day~1 Today, I went through 38 write-ups about (IDOR) vulnerabilities. Whenever these write-ups present Burp Repeater tabs, URL endpoints, or API data, I could guess around 90% of the exploration process. My notes: heyiamuday.notion.site/IDOR-Write-Ups…… #bugbountyjourneyDay1

@albinowax @Burp_Suite I sometimes use _recovered_1, _recovered_2, _recovered_3 😅

Does anyone else use inspirational project file names in @Burp_Suite to help stay motivated?

@pry0cc Hope you're well. Look after yourself.

@MatinNouryan 4th folder from the left.

How do I get root access?

@bhavukjain1 "testing the effectiveness of the business continuity plan"

Brutal morning. Accidentally killed a server vulnerable to java deserialisation.

@w_n1rmala Nice work. 🙂

oh god, my first RCE #hackerone #bugbounty

@sebulino @offsectraining Yes. I know, I was being a little sarcastic. There's no reason they can't grandfather in + for students who have already taken in the last 3 years... Unless of course they want them to pay a couple of extra bucks for the privilege.

@davyrogersuk @offsectraining No. As it says: „Beginning November 1, 2024, when learners pass the updated exam, they will earn an OSCP+ certification.“

Seems to be some confusion with some about the announcement of the OSCP+. Mostly around what happens to the OSCP? Let's be clear - The OSCP does not expire. Will not expire. And will still be issued. No changes to the OSCP are being made. However there are a number of cert holders that work places that mandate a certification to expire. The current OSCP does not help these individuals at all. So, enter the OSCP+, which was created to provide benefits to these users and does expire. If you are not in a situation where you require an expiring certification, thats great. Nothing changes for you, you can ignore the OSCP+. If you do require an expiring cert, then starting Nov 1st the OSCP+ will help you out. We set this up in a way where we are careful not to take anything away from existing cert holders or those that do not require an expiring cert. This should be fully an expansion of benefits, with nothing taken away. Full details of the changes that were announced today are at: help.offsec.com/hc/en-us/artic… help.offsec.com/hc/en-us/artic… Also we will be doing a webinar the morning of the 6th, and standard office hours on discord at 1pm eastern. Happy to talk through questions with everyone then! - Jim