LucifarGundam · @lucifargundam
361 followers · 13390 posts · Server qoto.org

@Cyberkid1987

i've never known anyone to make a consistent living off

#bugbounties

Last updated 1 year ago

CryptoNewsBot · @cryptonewsbot
418 followers · 18189 posts · Server schleuss.online

Maybe I should learn how to catch bugs.

Google paid hackers over $12 million in bounties to keep its products secure in 2022 androidpolice.com/google-vulne

#google #hackers #bugbounties #secure #infosec #technews #android

Last updated 2 years ago

ChickenPwny · @ChickenPwny
468 followers · 3132 posts · Server infosec.exchange

Lol so true

#bugbounties #meme

Last updated 2 years ago

ChickenPwny · @ChickenPwny
438 followers · 2493 posts · Server infosec.exchange

I am looking for team up for , I got a custom tool suite to scan internet with. I am looking for subject experts on different cwe to collaborate with.

#bugbounties #bugcrowd #Intigriti

Last updated 2 years ago

62666c · @62666c
21 followers · 49 posts · Server infosec.exchange

What tools do other pentesters and bounty hunters use to manage their work, notes, and reporting needs? I'd love some input. AttackForge looks interesting but I'd prefer something Open Source personally.

#bugbounties #bountyhunting #pentesting #pentestingtools

Last updated 2 years ago

62666c · @62666c
21 followers · 51 posts · Server infosec.exchange

What tools do other pentesters and bounty hunters use to manage their work, notes, and reporting needs? I'd love some input. AttackForge looks interesting but I'd prefer something Open Source personally.

#bugbounties #bountyhunting #pentesting #pentestingtools

Last updated 2 years ago

ChickenPwny · @ChickenPwny
440 followers · 2474 posts · Server infosec.exchange
ChickenPwny · @ChickenPwny
430 followers · 2322 posts · Server infosec.exchange

#bugbounties

Last updated 2 years ago

100th post, as fine a time as any to do the traditional before nobody on does them anymore.
Iโ€™m a , a parent, a founder & CEO, government advisory board member, cat food servant, defender and participant in democracy, & an arm wrestling and karaoke enthusiast โ€” not necessarily at the same time, but not opposed to trying it all at once either.
Carpe brachium karaoke as they say. ๐Ÿ’ช๐Ÿผ๐ŸŽค
Here we go. Get a snack & some water, this is long. ๐Ÿช ๐Ÿฅ›
My professional passions include & with my on helping organizations & governments develop healthy sustainable programs that may end up growing into a program, or helping existing programs mature & evolve.
๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ
๐ŸŒบI founded & run Lutasecurity.com & we employ dozens of people, mostly in the US, to help some of our customers manage their and as internally-placed personnel.
๐Ÿ“œServices: lutasecurity.com/services
๐Ÿ’ปHiring: lutasecurity.com/careers
๐Ÿ’ตReferral bounties: lutasecurity.com/referralbount
๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ ๐ŸŒบ๐Ÿ๏ธ
๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ
I helped launch in 2016, which was the first bug bounty of the US government & the first time it was legal to hack the USG.
๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ ๐Ÿ‘ฉ๐Ÿปโ€๐Ÿ’ป๐Ÿ’ฐ๐Ÿ›ก๏ธ
This was after I created Microsoftโ€™s first bug bounty programs in 2013, paying out the most at the time for brand new exploitation techniques, which would later lead to me directly helping the US renegotiate the Arrangement to clarify โ€œintrusion softwareโ€ and โ€œintrusion software technologyโ€ export control exemptions to more easily allow for hassle-free exchange of 0day & malware samples across borders for vulnerability disclosure & incident response.
๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป
I also started two vulnerability research programs, Symantec Vulnerability Research & Microsoft Vulnerability Research. The latter was also the first formal major vendor multiparty vulnerability coordination & disclosure program.
๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป ๐Ÿ› ๏ธ๐Ÿ’ป
I now serve on 3 Federal advisory boards in cyber.
โš–๏ธNIST ISPAB: csrc.nist.gov/Projects/ispab/m
๐Ÿ’ฑCommerce ISTAC: tac.bis.doc.gov/index.php/docu
๐ŸšจDHS CSRB: dhs.gov/news/2022/02/03/dhs-la
๐ŸŽ™๏ธFun fact: Despite mainstream media lip service about getting diverse voices on TV, and my extensive direct experience in US domestic & foreign cyber policy & norm-setting, I have *never* been invited to be on broadcast news to talk about it. Not one time. But there are the same dudes with none of my experience showing up on TV all the time.
๐Ÿ“บ Email Press@Lutasecurity.com if you can change that.
๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ๐Ÿ“บ
โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ
๐Ÿ‘ฉ๐Ÿปโ€โš–๏ธ Speaking of gender equity, I was the lead plaintiff in the attempted class action gender pay and promotion discrimination lawsuit against Microsoft.
๐Ÿ’ต๐Ÿ’ช๐Ÿผ theverge.com/22331972/pay-equi
When it failed to get class certified due to some legal gotchas, NOT because of lack of data and evidence, I decided to drop my case and founded payequitynowfoundation.org/blo & created
manglonalab.org/ to fight for in our lifetime.
โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ โš–๏ธ๐Ÿ’ธ
๐ŸŒธAnother fun fact: Iโ€™m asked about the gender stuff way more often than any of my professional work or national security work. I view this as The Lady Tax & Iโ€™m all paid up thanks.
๐Ÿ™…๐Ÿปโ€โ™€๏ธDonโ€™t ask me about how to attract more diverse candidates, donโ€™t ask me to mentor your mentee, and donโ€™t ask me for any more free labor. Donโ€™t ask any historically marginalized people to do free labor, especially to solve your diversity puzzle.
๐Ÿ‘๐ŸผI highly recommend blacktechpipeline.com/ if you are serious about not just hiring but welcoming more black workers into your company. There are specialty recruiters out there for you to pay, so donโ€™t ask every woman or person of color you know to help you with that unless they are being paid to do it.
๐Ÿ‘๐Ÿผ๐Ÿ’ฐ๐Ÿ‘๐Ÿผ๐Ÿ’ฐ๐Ÿ‘๐Ÿผ๐Ÿ’ฐ๐Ÿ‘๐Ÿผ๐Ÿ’ฐ
๐Ÿงฉ Miscellaneous bits if youโ€™ve made it this far is that I studied molecular biology, biochemistry & mathematics but dropped out to become a systems administrator, a professional Linux developer, then a hacker for hire.
๐Ÿ” I still hack by accident (because hacksidents happen), and nobody should have to be the coauthor/coeditor of the International Standards on how to do Vulnerability Disclosure to get an organizationโ€™s attention.
๐Ÿ‘ฉ๐Ÿปโ€๐Ÿซ ISO standards overview: m.youtube.com/watch?v=-L3DNZtK

๐Ÿ“ฒ Clubhouse hack: wired.com/story/clubhouse-bug-
๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”
๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ
๐Ÿ™„ Despite my entire career being technical, when my company tried for venture capital funding to build something cool, we were met with sexism & lack of imagination & I was hilariously asked more than once if I had a technical cofounder.
Itโ€™s cool, jokeโ€™s on them. Weโ€™re and growing.
๐Ÿคจvice.com/en/article/xgyvza/thi
๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ๐Ÿ’ธ
๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ
I participate in Democracy with more than voting. Anyone with the bandwidth should look into doing it too.
1. Google โ€œfind my Legislative districtโ€
2. Go to your State website & search by your address
3. Look up your Legislative Districtโ€™s (LD) website to find out how to join
4. Attend monthly LD meetings
5. Run for Delegate per LD or be appointed like me when not enough people do 1-4
๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ๐Ÿ›๏ธ
๐Ÿ‘‹๐ŸผโœŒ๐Ÿผ๐Ÿ‘‹๐ŸผโœŒ๐Ÿผ๐Ÿ‘‹๐ŸผโœŒ๐Ÿผ๐Ÿ‘‹๐ŸผโœŒ๐Ÿผ
๐Ÿ›‘Ending abruptly is on brand for me as a neuroatypical person, so Iโ€™ll leave you with this thought:
๐Ÿˆ I named my 17 year old cat Scapy (rhymes with happy) after the Python tool of the same name. Because he is dumb & fuzzy.
๐Ÿ˜ธIf you get that joke, you pretty much get me.
๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ๐Ÿค™๐Ÿฝ
โœŒ๐ŸผBe kind, drink water, touch grass, save the planet, save Democracy, pet cute animals. โœŒ๐Ÿผ

#introduction #mastodon #hacker #SystemDynamics #security #focus #vulnerabilitydisclosure #bugbounty #vdps #bugbounties #hackthepentagon #wassenaar #supplychain #payequity #profitable

Last updated 2 years ago

Coding · @codinginquarantine
10 followers · 21 posts · Server hachyderm.io

As a sort of proper introduction, here's a non comprehensive list of various topics you'll see here:






( )
( )

( )

I will inevitably remember something I forgot from this list as soon as I toot it

#floppydisks #keyboards #gamedev #pentesting #bugbounties #magicthegathering #commander #warhammer40k #necrons #pointandclick #adventuregames #photography #fujifilm

Last updated 2 years ago

Michael Starks ๐Ÿชต · @libr8r
70 followers · 121 posts · Server noc.social

Today's lessons for the kid: , , , the model, attacks, responsible disclosures and its history with RFP, and . It's a lot to cover, but her curiosity was wonderful and took us to all of these places.

#bugbounties #mitm #osi #ethernet #arpanet #routing

Last updated 2 years ago

NeuroWinter · @NeuroWinter
254 followers · 2072 posts · Server octodon.social

This is a prime example of why sites should rate limit their coupon endpoint: complex.com/sneakers/stockx-10

I have had a lot of marked as wont-fix due to this, but the impact can be massive!

#bugbounties

Last updated 2 years ago

TheBuggers :mastodon: · @thebuggers
48 followers · 1123 posts · Server mastodon.online

Einige , die Millionen von Dollar verloren haben, haben ihren Angreifern nun ein ungewรถhnliches Angebot gemacht: Behalten Sie einen Teil des Geldes, aber geben Sie den Rest zurรผck. Ein letzter Versuch, die davon zu รผberzeugen, den GroรŸteil der gestohlenen Gelder zurรผckzugeben. Die Opfer haben bis zu 10 Millionen Dollar geboten und dies mit den verglichen, die an fรผr die Aufdeckung von gezahlt werden.

#softwarefehlern #sicherheitsforscher #bugbounties #hacker #kryptowahrungsplattformen

Last updated 2 years ago

Ludovic Dubost · @ldubost
489 followers · 4371 posts · Server framapiaf.org

RT @EU_DIGIT@twitter.com

Call to all ๐Ÿง‘โ€๐Ÿ’ป๐Ÿ‘ฉโ€๐Ÿ’ป to find and fix bugs ๐Ÿชฒ in:
๐Ÿ”น@cryptpad@twitter.com
๐Ÿ”น@joinmastodon@twitter.com
๐Ÿ”น@libreoffice@twitter.com
๐Ÿ”น@Odoo@twitter.com
๐Ÿ”นand Leos
Learn more about this new set of ๐Ÿ”—europa.eu/!WXPpvM

๐Ÿฆ๐Ÿ”—: twitter.com/EU_DIGIT/status/14

#ethicalhackers #bugbounties #opensource #ThinkOpen

Last updated 3 years ago

Doc Edward Morbius โญ•โ€‹ · @dredmorbius
2081 followers · 14668 posts · Server toot.cat

@rysiek Source seems to be pjc50 @ HN:

news.ycombinator.com/item?id=2

Noted by me a day ago here:
toot.cat/@dredmorbius/10738383

I'd picked it up via an APPENWAR blog post.

@cguess

#dao #bugbounties #blockchain

Last updated 3 years ago

Doc Edward Morbius โญ•โ€‹ · @dredmorbius
2081 followers · 14668 posts · Server toot.cat

Reminder that every DAO is a self-administering bug bounty for all of the value under its control.

-- pjc50 @ HN
news.ycombinator.com/item?id=2

#dao #blockchain #bugbounties #hn #VoiceOfWisdom

Last updated 3 years ago

ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
HCS โ–‹ · @superruserr
1274 followers · 2877 posts · Server infosec.exchange

Checking out . Someone (@coffee_n_weed on ๐Ÿค) created one for matrix.to/#/%23bugbounty:matri

Now seeing if there are any other rooms of interest..

(Repost to get their name right!)

#matrix #bugbounties #infosec

Last updated 7 years ago