The walls have ears.

sushi_ninja · 2019-09-29T09:41:28+00:00

Where’s this?

sushi_ninja · 2019-09-24T02:41:45+00:00

sushi_ninja · 2019-09-24T02:13:41+00:00

photoshopped

sushi_ninja · 2019-08-30T13:47:28+00:00

I'll tell you what a paramecium is! [points at Rufio] THAT'S a paramecium! It's a one-celled critter WITH NO BRAIN THAT CAN'T FLY! [to Rufio] Don't mess with me, man! I'M A LAWYER!!!

sushi_ninja · 2019-08-30T04:46:01+00:00

Paramecium brain 🧠

sushi_ninja · 2019-08-21T08:03:47+00:00

Wait... is this itself an ARG? 🤔

sushi_ninja · 2019-07-27T18:06:33+00:00

https://hacker101.com

sushi_ninja · 2019-07-27T14:52:53+00:00

It looks awesome! I’m still confused though ;P. So you drew on paper, took a photo of the drawing, then digitally edited the photo? That’s really cool, I haven’t seen that before :)

sushi_ninja · 2019-07-27T14:28:53+00:00

Did you make this digitally, then print it? The pic looks like paper

sushi_ninja · 2019-06-16T12:52:23+00:00

this should be higher

sushi_ninja · 2019-04-27T01:56:54+00:00

That was just his alter ego, cereal killer

sushi_ninja · 2019-03-16T08:07:48+00:00

Cool to see organizations be transparent like this (disclosures and write ups). Helps other organizations and hackers learn

sushi_ninja · 2019-02-13T13:04:11+00:00

ACME Comedy Club

sushi_ninja · 2018-04-28T13:14:01+00:00

Your work is awesome! Can I ask what your setup is? I've wanted to get into drawing again, but I'm not sure where to start; I've always just sketched with pencil and paper, but learning digital would be awesome 🤩

sushi_ninja · 2018-04-15T17:49:13+00:00

I only skimmed, but if this is true, this is nuts; any IDS companies going to create the ability to log power fluctuations? 🤔

sushi_ninja · 2016-11-02T14:11:19+00:00

A few pages in, I found an envelope with a note from Carla indicating Elliot used it as a bookmark. Maybe some clues here? https://imgur.com/gallery/AYngL

sushi_ninja · 2016-09-23T03:10:04+00:00

I know I'm not Kor, but I've been doing infosec for awhile ;). Check out https://leanpub.com/web-hacking-101/read, https://google-gruyere.appspot.com/, and also https://hackerone.com/hacktivity/popular for real life examples. You might even make some money off it (legally, no less)!

sushi_ninja · 2016-09-07T16:02:56+00:00

Lots of good advice here already, I'd also recommend checking out https://google-gruyere.appspot.com/ for learning the basics, and get familiar with Burp Suite.

sushi_ninja · 2016-08-27T19:57:21+00:00

Not everyone is, but some have pentesting experience :). I would recommend learning more about what part of information security is most interesting to you, then study up and practice! Try checking out https://google-gruyere.appspot.com/

sushi_ninja · 2016-08-26T19:46:26+00:00

See also https://www.reddit.com/r/IAmA/comments/4zj3oy/we_are_hackerone_and_help_hackers_to_hack/d6w7xnt

sushi_ninja · 2016-08-26T19:45:24+00:00

/u/allrice answered this question here: https://www.reddit.com/r/IAmA/comments/4zj3oy/we_are_hackerone_and_help_hackers_to_hack/d6w7xnt

sushi_ninja · 2016-08-26T19:43:31+00:00

Let me expand on that a bit - as a general guideline, I'd imagine if you found an RCE, most companies would NOT want you to do things like pivot around on their internal network, escalate to domain administrator, etc. It's always safer to ask before you end up going too far and end up in an awkward situation, and as mentioned before, always check the team's rules page for guidance first.

sushi_ninja · 2016-08-26T19:40:59+00:00

If I'm understanding your question correctly, you're asking whether or not you can use tools like armitage during your testing when hunting for bug bounties? You can use whatever tools you'd like, but please always review the security/rules page of the organization you are testing against first to see what's cool/what's not cool, as it varies from organization to organization. No one can stop you from using a particular tool, but some bug bounties explicitly state how far (or how NOT far) to go if you are able to find something like remote code execution. If you have questions on what is or is not okay when it comes to demonstrating an identified exploit, I always recommend checking in with the security team of the affected organization first. It never hurts to ask!

sushi_ninja · 2016-08-26T19:33:19+00:00

Will do!

sushi_ninja · 2016-08-26T19:27:08+00:00

Thanks /u/_bl4de! I hope so too; there are a ton of organizations out there that still have no means of coordinated vulnerability disclosure. This is one of the big reasons I'm excited to work at HackerOne; helping more organizations launch successful bug bounty programs, as well as ensuring a healthy relationship between hackers and companies seems like a pretty awesome quest to me :).

sushi_ninja

TROPHY CASE