Twitter | Search | |
Jason Haddix
Father, hacker, educator, VP of Researcher Growth , blogger, gamer, & nerd. Tweets are my own: DMs open.
6,981
Tweets
6,978
Following
33,026
Followers
Tweets
Jason Haddix 11h
Replying to @Alyssa_Herrera_
Hope all goes well! Enjoy the time!
Reply Retweet Like
Jason Haddix retweeted
Rachel Tobac 12h
Thank you for interviewing me on my background before infosec, the challenges I’ve experienced trying to get into tech & what we could do about it, advice for noobs, and my infosec role models 😍 !
Reply Retweet Like
Jason Haddix retweeted
Ciarด้n McNดlly ☘ Dec 11
Absolutely love this! this technique works great when you've rooted a hardware/IOT device, dumped the source and want to quickly explore what endpoints you can reach as standard while unauthenticated, a nice quick way to narrow the attack surface to bugs that are fully remote 😍.
Reply Retweet Like
Jason Haddix Dec 11
Dan is excellent people, technically and personally. I’m lucky to be besties with him 🤟
Reply Retweet Like
Jason Haddix Dec 11
Yep! Dans auto forwards to a local proxy to populate Burp. That extra step is nice but not always necessary
Reply Retweet Like
Jason Haddix Dec 11
Replying to @assetnote
I haven’t used them yet or incorporated them into my “all.txt” but I’m hyped about a presentation I saw from on v2 of commonspeak lists :)
Reply Retweet Like
Jason Haddix Dec 11
Replying to @Jhaddix
The future of this is a modular content discovery system and a directory of community updated url lists. Wapplyzer -> framework detection -> use only relevant lists, and add on “custom code” lists on top.
Reply Retweet Like
Jason Haddix Dec 11
Awesome bug bounty on github has a collection or stuff. I’d read that.
Reply Retweet Like
Jason Haddix Dec 11
Bounty pro tip: if the target is a niche cms, crm, ad/analytics framework, or web framework, install it yourself and do content discovery on default paths/files for misconfigurations in access control. cc
Reply Retweet Like
Jason Haddix retweeted
Random Robbie Dec 10
- If you find a LFI ignore /etc/passwd and go for /var/run/secrets/kubernetes.io/serviceaccount this will raise the severity when you hand them a kubernetes token or cert.
Reply Retweet Like
Jason Haddix Dec 10
your seasonal name changes make me lol. Hope you're doing well dude! 🎅
Reply Retweet Like
Jason Haddix Dec 10
Replying to @LedgerOps
my press getup is blazer, Bugcrowd Tee under, dark jeans, semi-nice shoes. Maybe that's considered suited up in AU?
Reply Retweet Like
Jason Haddix Dec 10
Replying to @LedgerOps
That's what my wife said! must have been the shoes that gave that impression 🤣
Reply Retweet Like
Jason Haddix Dec 10
Just to be extra clear I was quoted on the education thing in the CNET article... My kids are k-12, not university. Thankfully I still have some more of the younger years ahead of me =P Arlen turns three today! 🎂
Reply Retweet Like
Jason Haddix retweeted
Scott Piper Dec 7
flAWS 2 is out! Learn to hack serverless (Lambda) and containers (ECS/Fargate)! This time there is also a Defender track to learn log analysis wit jq and Athena and common defender skills. Play it now at
Reply Retweet Like
Jason Haddix retweeted
Michelle Dailey Dec 10
Love this story. Especially the profile of “he's intimidating, right until the point you ask him about video games. Then he cracks -- a goofy grin breaks out.”
Reply Retweet Like
Jason Haddix Dec 10
Replying to @skryking
the Bears deserved that. Great defense.
Reply Retweet Like
Jason Haddix Dec 9
24 degrees, feels like 17 @ the Bears Rams game :) 🥶
Reply Retweet Like
Jason Haddix Dec 8
Replying to @DisK0nn3cT
Sweet as all hell
Reply Retweet Like
Jason Haddix Dec 6
Pre planned holiday stuff where Julia and I agreed that this weekend couldn’t be Keto but still...
Reply Retweet Like