Hi! I'm Don.

The winter solstice is our annual reminder that just when it seems the darkness is too much, the light will return. Regardless of season, may your hearts forever stay warm. ♥️

Naomi Brockwell Joins JHT All-Stars! New Free Upskill Challenge: Create your own encrypted USB drives. justhacking.com/uc/uc-encrypte… Storing sensitive files on a normal USB drive is like writing your diary on a sticky note and leaving it in a taxi. If someone gets the drive, they get the files. No hacking required! Naomi shows three ways to create encrypted USB drives: The Apricorn Aegis Secure Key, the Kingston IronKey Vault Privacy 50C, and VeraCrypt. Find out how they compare, which best fits your threat model, and step-by-step setup tutorials for each. #cybersecurity #hacking #privacy #encryption @naomibrockwell

🚨 Workshop Spotlight # 5👉 "Instant API Hacker" by Corey J. Ball (@hAPI_hacker), author of "Hacking APIs" and founder of APIsec University (@apisecu) & hAPI Labs 📝 Description "Instant API Hacker" demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. You'll witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the "One Request to Rule Them All," you'll see firsthand how APIs can be compromised, and gain actionable insights you can apply immediately. The session walks through finding APIs, analyzing endpoints in Postman, going deep with Burp Suite, and exploiting the most common vulnerabilities. You leave with free resources for continued learning, including vulnerable labs and APIsec University courses. Beginner-friendly. By the end, you're an API hacker. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect!

Thank you for making the ultimate sacrifice. 🙏

Cyber 'Home Alone' Part 2: Fight Back with DNS Traps! Canary Tokens are a simple yet powerful tool for cybersecurity, providing alerts when an attacker interacts with a bait file, URL, or service. Perfect for improving your detection capabilities. Watch Adrian Sanabria demo a web bug Canary Token in his Free Upskill Challenge (UC), Detection via Deception. justhacking.com/uc/uc-detectio… All 50+ UCs are FREE! Try one, try them all. 😉 #Cybersecurity #HackingTips #InfoSec #DigitalForensics #EthicalHacking

Cyber 'Home Alone' Part 1: Fight Back with Digital Traps! Canary Tokens are a simple yet powerful tool for cybersecurity, providing alerts when an attacker interacts with a bait file, URL, or service. Perfect for improving your detection capabilities. Watch Adrian Sanabria @sawaba demo a web bug Canary Token in his Free Upskill Challenge (UC), Detection via Deception. buff.ly/NgR873G All 50+ UCs are FREE! Try one, try them all. 😉 #Cybersecurity #HackingTips #InfoSec #DigitalForensics #EthicalHacking

🚨 Workshop Spotlight 👉 "Prompt Injection Fundamentals & Hack-Along" by Eva Benn & Andrew Bellini (@d1gitalandrew) 📝 Description Prompt injection continues to be # 1 on the OWASP Top 10 for LLM Applications for the second edition running, and there's a reason it isn't moving. LLMs read instructions, data, and policy through the same channel. The attack surface is the entire space of human language, with infinite ways to phrase an input and infinite ways the model can respond. A single successful prompt injection can bypass every other security control you put in place, even if you've done everything else right. Model makers like OpenAI, Anthropic, and Google continue to invest in instruction hierarchy training and built-in safety controls, but models still can't reliably tell the difference between what the app builder told it to do and what an attacker hid inside a document, an email, a webpage, or a tool response. And the people building AI apps aren't just engineers anymore... This session is a practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting, or if you're building with AI and want to know what you're actually up against. 🎟️ Only at ContinuumCon 2026 - June 12-14 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas , and @Level_Effect !

Hack a Drug Lord's Smart Toilet! x.com/i/broadcasts/1…

The Dzhanibekov Effect: Spin any object with three different moments of inertia in zero gravity. The object will spin stably for a few seconds, then suddenly flip 180° while continuing its rotation, then flip back a few seconds later. It does this indefinitely.

Have fun at @bsidesnash today! Be sure to catch @NahamSec's keynote in just a few minutes. #FOMO

Many aspiring pentesters never start because web app security feels too advanced. Mike Lisi explains why hands-on exposure matters more than worrying about prerequisites early on. That’s what Crosswind Systems is built for. A free place to practice web app hacking concepts and start building real experience. 🛠️ JHT’s gift to the community. Practice web app hacking for free: crosswindsystems.com

One of the biggest gaps in cybersecurity education right now is practical pentesting experience. Mike Lisi explains why theory alone isn’t enough and why more practitioners need to help bridge the gap with real-world skills, mentorship, and hands-on exposure. That’s how junior pentesters become job-ready faster. 🔗 Start learning: justhacking.com/course/web-app…

🔥 ContinuumCon 2026 June 12-14 Workshops Announced! Stacked with content, plus a special event: This year we'll have a Live AMA with @brysonbort and @strandjs - Q&A, commentary, and the top-tier banter. Workshops 👇 # Roll Your Own Analyst by Rain Jordan Build your own local AI threat intel pipeline with Python & Ollama # Killing Active Directory Attack Paths Once and For All by @techspence Hands-on destruction of major AD attack paths with hardening to mitigate # Hacking Over & Under The Wire by @klrgrz Beginner-friendly SSH & PowerShell using OverTheWire wargames and trying back to tradecraft # Practical Security Engineering by @IceSolst Stand up SAST, DAST, SCA, and secrets scanning for free using GitHub Actions # Prompt Injection Fundamentals & Hack-Along by Eva Benn and @Andrew Bellini Practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting! # Escaping Sandboxes with AI by @ZackKorman Hands-on techniques for finding and executing AI sandbox escapes # Instant API Hacker by @hAPI_hacker Fast-paced exploitation of the OWASP API Top 10 with the author of Hacking APIs # Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response by Ihor S. Production-ready AWS WAF with custom monitoring, Slack alerts & automated threat response! # Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams by @fletusposton Build lightweight, engineering-aligned GRC that actually accelerates security work! # How to Analyze Malware by Matthew N. Safe, practical malware analysis workflow for beginners – static, dynamic & real sample walkthrough! # Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software by Smit Nayak Deep forensic recovery of WannaCry artifacts using open-source tools – DFIR gold! # StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction by Christopher Dio C. Detect & extract hidden malware from images & files with next-level steganography tools! And we'll be hosting content again this year through the great @getCourseStack platform! Big thank you to all putting the work and time in in to bring this con to everyone! 🙏 @_JohnHammond @JustHackingHQ @AnthonyBendas @Level_Effect Got your ticket yet? 🎟️ Head over to: continuumcon.com

A junior pentester went from beginner to finding real vulnerabilities in a few months. According to Mike Lisi, it came down to: • Real-world tool output • Context • Repetition That’s what actually builds skill. 🔗Start learning: justhacking.com/course/web-app…

The RF world is insane. Researchers recovered AES-128 keys from a Bluetooth chip by listening to its own antenna from 10 meters away. Crypto-engine switching noise couples into the RF chain, rides the 2.4 GHz carrier, and leaks out as radio.

New Course Launch 🚀 "Web App Pentesting - Jr Analyst" Only $80 in May! justhacking.com/course/web-app… Get hands-on apprenticeship with Mike Lisi. Don't just hack. Prepare for a career! You played CTFs, learned some hacking tricks and maybe even dabbled in bug bounty hunting. That’s a great start. But do you use a proper methodology, work on real-world, live web applications, or even know what will be expected of you as a member of a penetration testing team delivering paid services for clients? You Will! See for Yourself with Free Previews: 📖 Course Overview 🔍 Anatomy of a Web Application 💻 1.1 Search Engine Discovery (WSTG-INFO-01) Get ready for a truly unique learning experience… After completing the material of each lesson, you are assigned actual work tasks by your team! You get to practice what you’re taught using a provided, web-based VM of the latest version of Kali Linux. Since the client’s web apps are publicly available, you can use your own tools. The option is yours! As you complete your “work”, you are reminded of the importance of taking notes. This becomes vastly important, because your team needs you. Therefore, you are required to “Report to the Team” regularly… just as the job would require! #learn #explore #webapp #hacking #pentesting #ethicalhacking #training #cybersecurity #community #career

Join us on May 27, 2026, in Plano, TX, for the inaugural CYBR.HAK.CON.! I have partnered with @CybrSecCon, the team behind HOU.SEC.CON.. We have a great lineup of speakers, including @Jhaddix, @DHAhole, @TimMedin, @marcusjcarey, @sociosploit, @Larci007, @hackerfren, @BarCodeSecurity, @hacker_213, @DistortionCyber and more!

HTTPS traffic is encrypted by design—but if a client is configured to trust a proxy, it can be intercepted and inspected. @_JohnHammond shows how decrypted requests become visible in real time. 👉 Learn more: justhacking.com/uc/ucx-encrypt…

📺 Catch a Replay 📺 "Web App Pentesting - Jr Analyst" Drops - Only $80 in May! justhacking.com/course/web-app… Get course 1 of 3 of hands-on apprenticeship by Mike Lisi. Don't just hack. Prepare for a career! Other links from the livestream: 🔗 Our Gift to the Community... CrossWind Systems! Want to play with a live, purposely vulnerable web app? Have at it. Prefer more structured, curriculum-based training, then this course is for you! Either way, have fun learning with crosswindsystems.com 🔗 Free Previews of 3 Lessons in "Web App Pentesting - Jr Analyst": learn.justhacking.com/courses/590213… 🔗 ContinuumCon - The Cybersecurity Conference That Never Ends June 12-14, 2026 continuumcon.com Forget the noise. Get to justhacking.com! #learn #explore #webapp #hacking #pentesting #ethicalhacking #training #cybersecurity #community #career

Only 6 Hours Left! 20% Launch Discount on "AI Cyber Defense Ops" by @Antonlovesdnb Ends Midnight ET Tonight. justhacking.com/course/ai-cybe…

Much of the effort in purple teaming happens before execution. Reviewing threat intel, mapping TTPs, and planning what to emulate can take significant time. @Antonlovesdnb shows how AI can assist with that process so teams can spend more time on testing and communicating results. 👉️ Learn more: justhacking.com/course/ai-cybe… 20% launch discount ends April 30 at Midnight ET⏳️