@Cyberkid1987

i've never known anyone to make a consistent living off #bugbounties

Top 7 ways to earn free crypto - Learn how to earn free cryptocurrency with these seven methods, i... - https://cointelegraph.com/news/top-7-ways-to-earn-free-crypto #cryptocurrency #competitions #bugbounties. #airdrops #faucets #staking #surveys #free #earn #ways

Maybe I should learn how to catch bugs.

Google paid hackers over $12 million in bounties to keep its products secure in 2022 https://www.androidpolice.com/google-vulnerability-rewards-program-12-million-2022/

#Google #Hackers #BugBounties #Secure #InfoSec #TechNews #Android

Lol so true #bugbounties #meme

I am looking for team up for #bugbounties #bugcrowd #intigriti, I got a custom tool suite to scan internet with. I am looking for subject experts on different cwe to collaborate with.

What tools do other pentesters and bounty hunters use to manage their work, notes, and reporting needs? I'd love some input. AttackForge looks interesting but I'd prefer something Open Source personally. #bugbounties #bountyhunting #pentesting #PentestingTools

What tools do other pentesters and bounty hunters use to manage their work, notes, and reporting needs? I'd love some input. AttackForge looks interesting but I'd prefer something Open Source personally. #bugbounties #bountyhunting #pentesting #PentestingTools

#hackers #infosec #bugbounties

#bugbounties

100th post, as fine a time as any to do the traditional #introduction before nobody on #mastodon does them anymore.
I’m a #hacker , a parent, a founder & CEO, government advisory board member, cat food servant, defender and participant in democracy, & an arm wrestling and karaoke enthusiast — not necessarily at the same time, but not opposed to trying it all at once either.
Carpe brachium karaoke as they say. 💪🏼🎤
Here we go. Get a snack & some water, this is long. 🍪 🥛
My professional passions include #SystemDynamics & #security with my #focus on helping organizations & governments develop healthy sustainable #VulnerabilityDisclosure programs that may end up growing into a #BugBounty program, or helping existing programs mature & evolve.
🌺🏝️ 🌺🏝️ 🌺🏝️ 🌺🏝️
🌺I founded & run https://www.Lutasecurity.com & we employ dozens of people, mostly in the US, to help some of our customers manage their #VDPs and #BugBounties as internally-placed personnel.
📜Services: https://www.lutasecurity.com/services
💻Hiring: https://www.lutasecurity.com/careers
💵Referral bounties: https://www.lutasecurity.com/referralbounty
🌺🏝️ 🌺🏝️ 🌺🏝️ 🌺🏝️
👩🏻‍💻💰🛡️ 👩🏻‍💻💰🛡️ 👩🏻‍💻💰🛡️
I helped launch #HackThePentagon in 2016, which was the first bug bounty of the US government & the first time it was legal to hack the USG.
👩🏻‍💻💰🛡️ 👩🏻‍💻💰🛡️ 👩🏻‍💻💰🛡️
This was after I created Microsoft’s first bug bounty programs in 2013, paying out the most at the time for brand new exploitation techniques, which would later lead to me directly helping the US renegotiate the #Wassenaar Arrangement to clarify “intrusion software” and “intrusion software technology” export control exemptions to more easily allow for hassle-free exchange of 0day & malware samples across borders for vulnerability disclosure & incident response.
🛠️💻 🛠️💻 🛠️💻 🛠️💻
I also started two vulnerability research programs, Symantec Vulnerability Research & Microsoft Vulnerability Research. The latter was also the first formal major vendor multiparty #SupplyChain vulnerability coordination & disclosure program.
🛠️💻 🛠️💻 🛠️💻 🛠️💻
I now serve on 3 Federal advisory boards in cyber.
⚖️NIST ISPAB: https://csrc.nist.gov/Projects/ispab/members
💱Commerce ISTAC: https://tac.bis.doc.gov/index.php/documents/members-listing/422-istac-website-listing/file
🚨DHS CSRB: https://www.dhs.gov/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board
🎙️Fun fact: Despite mainstream media lip service about getting diverse voices on TV, and my extensive direct experience in US domestic & foreign cyber policy & norm-setting, I have *never* been invited to be on broadcast news to talk about it. Not one time. But there are the same dudes with none of my experience showing up on TV all the time.
📺 Email Press@Lutasecurity.com if you can change that.
📺📺📺📺📺📺📺📺
⚖️💸 ⚖️💸 ⚖️💸 ⚖️💸
👩🏻‍⚖️ Speaking of gender equity, I was the lead plaintiff in the attempted class action gender pay and promotion discrimination lawsuit against Microsoft.
💵💪🏼 https://www.theverge.com/22331972/pay-equity-now-pledge-katie-moussouris-microsoft-lawsuit
When it failed to get class certified due to some legal gotchas, NOT because of lack of data and evidence, I decided to drop my case and founded https://www.payequitynowfoundation.org/blog & created
https://www.manglonalab.org/ to fight for #PayEquity in our lifetime.
⚖️💸 ⚖️💸 ⚖️💸 ⚖️💸
🌸Another fun fact: I’m asked about the gender stuff way more often than any of my professional work or national security work. I view this as The Lady Tax & I’m all paid up thanks.
🙅🏻‍♀️Don’t ask me about how to attract more diverse candidates, don’t ask me to mentor your mentee, and don’t ask me for any more free labor. Don’t ask any historically marginalized people to do free labor, especially to solve your diversity puzzle.
👏🏼I highly recommend https://blacktechpipeline.com/ if you are serious about not just hiring but welcoming more black workers into your company. There are specialty recruiters out there for you to pay, so don’t ask every woman or person of color you know to help you with that unless they are being paid to do it.
👏🏼💰👏🏼💰👏🏼💰👏🏼💰
🧩 Miscellaneous bits if you’ve made it this far is that I studied molecular biology, biochemistry & mathematics but dropped out to become a systems administrator, a professional Linux developer, then a hacker for hire.
🔐 I still hack by accident (because hacksidents happen), and nobody should have to be the coauthor/coeditor of the International Standards on how to do Vulnerability Disclosure to get an organization’s attention.
👩🏻‍🏫 ISO standards overview: https://m.youtube.com/watch?v=-L3DNZtK8lc

📲 Clubhouse hack: https://www.wired.com/story/clubhouse-bug-lurkers-ghost/
🔐🔐🔐🔐🔐🔐🔐
💸💸💸💸💸💸💸
🙄 Despite my entire career being technical, when my company tried for venture capital funding to build something cool, we were met with sexism & lack of imagination & I was hilariously asked more than once if I had a technical cofounder.
It’s cool, joke’s on them. We’re #profitable and growing.
🤨https://www.vice.com/en/article/xgyvza/this-hacker-is-trying-to-close-the-gender-pay-gap-in-cybersecurity
💸💸💸💸💸💸💸
🏛️🏛️🏛️🏛️🏛️🏛️🏛️
I participate in Democracy with more than voting. Anyone with the bandwidth should look into doing it too.
1. Google “find my Legislative district”
2. Go to your State website & search by your address
3. Look up your Legislative District’s (LD) website to find out how to join
4. Attend monthly LD meetings
5. Run for Delegate per LD or be appointed like me when not enough people do 1-4
🏛️🏛️🏛️🏛️🏛️🏛️🏛️
👋🏼✌🏼👋🏼✌🏼👋🏼✌🏼👋🏼✌🏼
🛑Ending abruptly is on brand for me as a neuroatypical person, so I’ll leave you with this thought:
🐈 I named my 17 year old cat Scapy (rhymes with happy) after the Python tool of the same name. Because he is dumb & fuzzy.
😸If you get that joke, you pretty much get me.
🤙🏽🤙🏽🤙🏽🤙🏽🤙🏽🤙🏽🤙🏽🤙🏽
✌🏼Be kind, drink water, touch grass, save the planet, save Democracy, pet cute animals. ✌🏼

As a sort of proper introduction, here's a non comprehensive list of various topics you'll see here:

#floppydisks
#keyboards
#gamedev
#pentesting
#bugbounties
#magicthegathering ( #commander )
#warhammer40k ( #necrons )
#pointandclick #adventuregames
#photography ( #fujifilm )

I will inevitably remember something I forgot from this list as soon as I toot it

Today's lessons for the kid: #Routing, #ARPANET, #Ethernet, the #OSI model, #MitM attacks, responsible disclosures and its history with RFP, and #BugBounties. It's a lot to cover, but her curiosity was wonderful and took us to all of these places.

This is a prime example of why sites should rate limit their coupon endpoint: https://www.complex.com/sneakers/stockx-100-dollar-coupon-leak-canceled-orders

I have had a lot of #bugbounties marked as wont-fix due to this, but the impact can be massive!

Einige #Kryptowährungsplattformen, die Millionen von Dollar verloren haben, haben ihren Angreifern nun ein ungewöhnliches Angebot gemacht: Behalten Sie einen Teil des Geldes, aber geben Sie den Rest zurück. Ein letzter Versuch, die #Hacker davon zu überzeugen, den Großteil der gestohlenen Gelder zurückzugeben. Die Opfer haben bis zu 10 Millionen Dollar geboten und dies mit den #BugBounties verglichen, die an #Sicherheitsforscher für die Aufdeckung von #Softwarefehlern gezahlt werden.

RT @EU_DIGIT@twitter.com

Call to all #EthicalHackers🧑‍💻👩‍💻 to find and fix bugs 🪲 in:
🔹@cryptpad@twitter.com
🔹@joinmastodon@twitter.com
🔹@libreoffice@twitter.com
🔹@Odoo@twitter.com
🔹and Leos
Learn more about this new set of #BugBounties 🔗http://europa.eu/!WXPpvM
#opensource #ThinkOpen

🐦🔗: https://twitter.com/EU_DIGIT/status/1484111357893091333

@rysiek Source seems to be pjc50 @ HN:

https://news.ycombinator.com/item?id=29414924

Noted by me a day ago here:
https://toot.cat/@dredmorbius/107383837268611099

I'd picked it up via an APPENWAR blog post.

@cguess

#DAO #BugBounties #blockchain

Reminder that every DAO is a self-administering bug bounty for all of the value under its control.

-- pjc50 @ HN
https://news.ycombinator.com/item?id=29414924

#DAO #Blockchain #BugBounties #HN #VoiceOfWisdom

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned” - Two lucky winners scooped $200k for just 30 minutes' work - if you don't count the days, ... https://nakedsecurity.sophos.com/2021/04/09/pwn2own-2021-zoom-teams-exchange-chrome-and-edge-fully-owned/ #vulnerabilities #vulnerability #bugbounties #microsoft #exploits #windows #hacking #pwn2own #google #oracle #apple #linux

Ethical hackers swarm Pentagon websites - Hackers are crawling all over the US Department of Defense's websites - and DoD officials are quit... more: https://nakedsecurity.sophos.com/2020/03/05/ethical-hackers-swarm-pentagon-websites/ #departmentofdefensecybercrimecenter #usdepartmentofdefense #governmentsecurity #bugbountyprogram #securitythreats #hackthepentagon #vulnerability #bugbounties #whitehat #dc3

Checking out #Matrix. Someone (@coffee_n_weed on 🐤) created one for #bugbounties https://matrix.to/#/%23bugbounty:matrix.org

Now seeing if there are any other rooms of interest..

#infosec

(Repost to get their name right!)