hakluke

No worries! :)

@hakluke.com I pinned hakluke.com/speed-read in my browser, super useful, just want to say thanks!

So it turns out 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 and 2025 were NOT the year of the Linux desktop.

2026 though.

Red teaming tip: Up against a NAC, but need to plug your device in?

- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨

Do you think we'll ever get to a point where everyone just gives up on protecting personal data, and we just assume everything is public?

We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.

NEVER underestimate a properly caffeinated hacker with some free time

Hacker-Powered Security Report - 9th Edition | HackerOne The Hacker-Powered Security Report benchmarks how enterprises are confronting AI risk, closing exposure gaps, and adapting to faster, more persistent attackers

I'm so proud that HackerContent helped produce the new Hacker-Powered Security Report from @hacker0x01.bsky.social.

It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.

Read it here 👇

www.hackerone.com/report/hacke...

Imagine being the UI designer for AWS console

Social Media Manager Job Application | WorkForms From requests, feedback to data collection and more. Turn your insights into action with customizable WorkForms.

HackerContent is HIRING a social media manager and personal assistant! 🚨

Links to application forms:
🧑‍🎨 Social media manager: wkf.ms/48EnZP8
👨‍💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw

Yeah BS is the best of the bunch for this. I'm referring to social platforms in general. I wouldn't be surprised if BS changes in the next few years - hope not!

Friendly reminder: Social media algorithms are designed to polarize us.

You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.

Now more than ever, independent thought is vital.

Think.
For.
Yourself.

wife: how are bug bounties going?

me: pretty good pretty good

This is basically how hackercontent.com works

The Best Performing Post Types for Cybersecurity Companies in 2025 (So Far) Discover the 6 best-performing cybersecurity content types of 2025, from giveaways to explainer videos, that boost engagement and grow your audience.

I analyzed the ~5000 social media posts that HackerContent has put out on various cybersecurity-related social media accounts this year to figure out what the most engaging types of posts are.

Here's the roundup!

hackercontent.com/blog/the-top...

that feeling when you wait 3 days to see the results of an authenticated brute force with a huge wordlist but /logout was right at the top of the wordlist 😭

Right on Matt!

Cybersecurity marketing is a mess, and it's hurting everyone A dive into everything that's wrong with cybersecurity marketing, and how we can fix it.

Cybersecurity marketing is a mess.

I wrote a blog about it.

hakluke.com/cybersecurit...

They just do it to let you know that they have your PII. It's a threat.

Leaking the email of any YouTube user for $10,000 What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel

Awesome bug and write-up by Brutecat.

They found a way to leak any YouTube user's email using their public channel ID.

They chained two unrelated Google services:

- YouTube (to get their ID)
- Google Recorder (mapped ID to email)

Here's a link to the writeup:
brutecat.com/articles/lea...

Would you prefer a pentest where you find very little vulnerabilities and a short report, or a pentest where you find loads of vulnerabilities but a long report? 🤔

North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch Security researchers say North Korean hackers have infiltrated hundreds of organizations with the goal of taking money and stealing data to further the regime's nuclear weapons program.

New, by me: Security researchers say North Korean hackers, posing as VCs, recruiters, and remote IT workers, have infiltrated "hundreds of organizations" and stolen billions of crypto in recent years to fund the regime's nuke program.

My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...

Here's a live animation of sales on Shopify throughout Black Friday.

While I was watching it was hovering at around 1.2M per minute.

Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯

bfcm.shopify.com

How on earth did I get 2k followers here I have barely posted anything

Should I do bug bounties again y/n

The sky is always bluer on the other side

Yo!

This honestly does feel like Twitter in the early days.

External attack surface management has well and truly taken off now! 🚀

Here are 7 things that your EASM platform should be able to do. Written by me for Detectify.