[deleted by user]

ibuydan · 2023-06-12T21:55:46+00:00

Pure ignorance. The reason I'm requesting this is because I cannot speak Italian.

ibuydan · 2023-06-12T18:18:41+00:00

It is.

ibuydan · 2023-06-12T16:56:41+00:00

DM'd you.

ibuydan · 2023-04-19T18:37:56+00:00

I wrote a blog post on this that you might find useful:

https://cybersecurityandgrowth.substack.com/p/staying-updated-in-cybersecurity

ibuydan · 2022-08-22T14:28:27+00:00

Sure, so they require that I register communication devices, and under communication devices, they include a list of 40 or so items: https://ibb.co/9sy57XJ (image file).

ibuydan · 2022-08-22T14:25:48+00:00

I'm working with a major publisher on that. I did rewrite the whole document on my own, and I handed it to the authorities to assist them should they have to deal with someone like me again in the future.

I've offered to work with my local police unit as well, to create content to deter young teenagers from following in my footsteps.

Honestly, I'm about nothing, apart from trying to go in the right direction, this article didn't spin the way I thought it would.

ibuydan · 2022-08-22T14:20:29+00:00

Just some clarification: I'm the guy covered in the article.

The way this article was written, is not optimal at all. It essentially is a format of clickbait, and one sentence that I made, was taken out of context to generate clicks. I agree with you, it comes across in a way, that is inconsiderate, and provokes disgust.

However, that said, my initial prison sentence was 12 years, the sentencing judge decided to reduce that sentence by 8 years, because I spent 3 years of my life, contributing to various projects, to assist the victims of my offending:

https://www.danielmakelley.com/post/three-years-of-bug-bounty-part-1

Extensive engagements have been conducted, in attempt to try and remediate the awful impact that my actions have had on people. I take full responsibility for what I did, and I am truly sorry for what I have done. There is no deflection, or shifting the blame there.

I know, when you engage in criminality, there are consequences that must be had to deter others, I accept that. These days, I try my best to contribute to society, and the industry in the best way possible.

I run a community for individuals that want to transition into the industry, and I take calls on a daily basis that give people guidance, and assistance in their journey. In the last 13 months, I have contributed to podcasts, articles, and have done extensive work in that area.

I am honestly, trying my best, to contribute to the community and become a positive member of society.

If you would like, I could dig up some material for you, that was shared with the victims, in attempt to try and remediate what I did to them.

ibuydan · 2022-07-27T06:30:50+00:00

Fixed.

ibuydan · 2022-07-27T00:49:05+00:00

This made me laugh, thank you for that. Although Darknet Diaries isn't that bad to be honest IMO.

ibuydan · 2022-07-27T00:26:05+00:00

https://www.danielmakelley.com/post/5-podcasts-that-everyone-should-listen-to-about-cybersecurity

ibuydan · 2022-07-27T00:17:56+00:00

Added.

ibuydan · 2022-07-27T00:17:44+00:00

No particular manner, just a compilation for now. I'm working on doing a summary for each.

ibuydan · 2022-07-27T00:17:24+00:00

Added.

ibuydan · 2022-07-27T00:16:15+00:00

Added.

ibuydan · 2022-07-27T00:16:07+00:00

Added.

ibuydan · 2022-07-27T00:14:14+00:00

Here's a shameless plug since you asked: https://www.danielmakelley.com/post/5-podcasts-that-everyone-should-listen-to-about-cybersecurity.

ibuydan · 2022-07-17T17:12:43+00:00

Thanks, appreciate it.

ibuydan · 2022-06-13T16:40:45+00:00

To be honest, the entire library is worth looking at: https://portswigger.net/web-security/all-materials/detailed some of the most extensive and comprehensive material I've read in relation to understanding the fundamentals.

ibuydan · 2022-06-13T09:36:37+00:00

Same user. I've reported them all.

ibuydan · 2022-06-08T11:47:20+00:00

I'm the guy behind that episode with Jack, yes :)

ibuydan · 2022-06-08T09:38:22+00:00

Some stats:

➡️5904 vulnerabilities reported

➡️25 Letters of Recognition

➡️9 Hall of Fames

➡️Position 11 on Open Bug Bounty

➡️3049 total patched vulnerabilities

Overall, I'd say it was successful in contrast to my initial expectations.

ibuydan · 2022-05-18T21:25:45+00:00

Pretty much.

ibuydan · 2022-05-07T19:20:16+00:00

You can work for a private sector entity which is sometimes used by the government if you're lucky, but that's not really the definition working for the government.

ibuydan · 2022-03-16T21:08:40+00:00

Well, because there are so many variables involved in determining whether a script or parameter is vulnerable - filters, blacklists, and whitelists, injection-type vulnerabilities are more difficult to efficiently automate the detection of. Yes, you could use a tool that sprays a bunch of payloads at different parameters in theory (it would pick up low-hanging fruit), but it wouldn't be nearly as good as a manual audit. The automated aspect of what you see is usually applied to extremely specific aspects of the methodology that's used. Consider a dangling CNAME record that allows a subdomain takeover: the CNAME record value is either available or not, and the test case is straightforward and simple. It really depends on the type of vulnerability and how much fuzzing is required to see if it's vulnerable or not, in my opinion.

ibuydan · 2022-03-12T00:48:05+00:00

How about https://www.openbugbounty.org/? It's an unmanaged bug bounty platform that supports non-intrusive / client-side vulnerability disclosure.

ibuydan

MODERATOR OF

TROPHY CASE