KarlsSec

@vxunderground I just hacked you.

@SuperMeisty It tones down but you’re right, it’s always there

Finding a vulnerability never gets old. The adrenaline spike, the held breath, the attempted exploit, the "please work" ... then it does 🙂

My only point of contention is, what manger do you use? I suppose this is the same issue with recommending password managers, not a valid excuse to deter. Like, in the past when I’ve set it up, it’s been PC based, and I’m like what if I want to go on another device etc, so I ignored adoption. I’ve just created a passkey for my Google account using Bitwarden and it was pretty easy. I can see mobile users adopting this quicker than corporate users.

Cyber Nerds! we have a mission: it's reading this: ncsc.gov.uk/paper/traditio… #Passkeys

@ProtonPrivacy @Forbes I hope I’m worth more than $30

Your Gmail isn't free. You’re worth between $30 and $180,000. It just depends how valuable advertisers think you are. Based on our analysis featured in @Forbes 🔗👇

@DoomsdayGoth Sounds like you’ve been given permission to hack the company

I’m so fucking pissed.

wtf Downloaded Threads on a never used email address/meta account and my page is instantly filled with spam bots, inappropriate content, fake AI women and dodgy links. And @X gets all the shit? My photo doesn’t come close to the shit on there. DELETED.

@vxunderground It had a cool aesthetic

One of the most frequent questions I'm asked is "how do you stay up to date on malware stuff?" Okay, here is a pro tip: 1. Google OTX AlienVault 2. Make account 3. Look at latest 4. Scroll until you find posts from a guy named Petr something-something (has numbers in his name). 4. Follow his account He monitors all the big malware places and shares the URL, hashes, etc. from malware vendors. I've been following this random ass dude for years and getting updates on everything. I have no idea who he is. I don't know where he's from. All I know is his setup is absolute fire and he keeps you up to date on literally everything malware related 24/7 365. He also has stuff from vendors in China, Russia, Japan, etc. Every morning I log into OTX and check up on my boy Petr to see what fire he's bringing me. I love him.

@UK_Daniel_Card Well your post and NCSC’s recommendation has convinced me to try it. Today is the day I start using pass keys ! Suppose I better start recommending it to clients too!

@KarlsSec different service have different implementations: auth, fallback, recovery. It depends. It's 2026 not 2036.... this stuff is relatively 'new'

I'm on a windows machine, i'm using passkeys to access a site..... I just signed in using my iPhone by scanning a QR code.... the process was simple.

Is OSCP still a guaranteed way into pen testing in 2026? 🤔

@T3chFalcon Damn. I went too far! cd home/user/…..

@T3chFalcon GUI only when I want quick navigation around files instead of cd ../../../../../../../../../../

😂🫵🏾

@cyber_rekk True that! - Sent from Samsung Yacht

CYBERSECURITY IS NOT A GET RICH QUICK SCHEME

@quionie Wait, you guys have followers?

Your follower count means nothing if the wrong people are following you imo. 5,000 right people > 50,000 random ones every time.

@N104AP I remember thinking, why is this non blue ticker keep coming up in my feed 🫨

@N104AP Nah you haven’t, takes a while to kick in

what are you on about ive had it for a day now

@brutecat @Reelix @goofball1998 I was just on the wind up btw lol

@Reelix @goofball1998 @KarlsSec The one report there is just what I set to “public” on the bughunters site. I’m rank 19 on the global leaderboard lol. If you seriously think I’m a larp feel free to ask any googlers on the VRP discord.

My 2nd RCE in Google Cloud production (Borg) in less than 3 months... I'm at $600k in total rewards from Google VRP in the past few months. Still can't believe it.

@eliana_jordan If it pays well, that’ll be plan a

plan b if this indie hacker thing fails: babysitting ai agents

@vxunderground I want a copy of this

Just got done talking at Georgia Institute of Technology. I was introduced to a bunch of cybersecurity students as "cybercrime TMZ", a person who "collects pictures of cats", "fills computers with mayonnaise", and discusses things with "Dragon Ball Z" references. On paper this shit makes me look like a lunatic. The entire room was dead silent as I vaped and spoke schizophrenic nonsense. Chat, I DO NOT think they'll be inviting me back