Hacker Fantastic

@hackerfantastic

Co-founder & Director - professional cyber security services and training. Hacker and all things, CNE/CNA.

/etc/shadow
hacker.house
Joined January 2009
2,760 Photos and videos Photos and videos

You may also like

·

Worldwide trends

Tweets

You blocked @hackerfantastic

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @hackerfantastic

  1. Pinned Tweet
    Feb 3

    Team on-demand training launches this April - time to hack your way into a new career? want to improve your working knowledge of cyber security by learning practical skills? We teach you how to hack. Check out our limited pre-sale offers!

    We cannot play the video in this browser. Please try a different web browser.
    2 replies 15 retweets 58 likes
    Undo
  2. Retweeted
    10 minutes ago
    Replying to

    It is funny to hear DoD/NSA and totally square infosec companies use warez scene slang. Then I remembered where many of their top people got their start. It was like reading those CIA vault7 files and realizing oh I know this culture.

    1 retweet 1 like
    Undo
  3. Retweeted
    13 hours ago
    Replying to

    Yes I need to check this out looks promising.. need a place to send people that ask me how to learn to hack

    1 retweet 1 like
    Undo
  4. Retweeted
    15 minutes ago
    Replying to

    If you consider 0day as just a vuln regardless of impact, then yes, everyday. I dislike "0day" term though - I found CVE-2017-17215 used by Mirai 3 years before Checkpoint (re)discovered it, which was after it had been found/used in Mirai. Moral being your 0day may not be new

    2 retweets 5 likes
    Undo
  5. 14 minutes ago

    Hard to gain an accurate perspective on how frequently zero-day is used in and outside industry when collectively as hackers, defenders, analysts and administrators cannot agree on what one is (according to Twitter)! Our opinions are highly subjective to our own experience.

    1 retweet 4 likes
    Undo
  6. Retweeted
    37 minutes ago
    Replying to

    the stuff people would widely think of as cool 0day is fewer and further between but it's not unheard of. Memory corruption vulnerability analysis/exploit dev is often outside the time scope of most pentests though (i.e. "yo we found a worrisome crash, we can go further")

    1 retweet 3 likes
    Undo
  7. 23 minutes ago

    The last one is accurate to me, new malware isn't 0day unless it contains an exploit that has never been seen before or is using a highly advanced new persistence technique like DoubleAgent.

    Replying to @hackerfantastic
    I think you're all using different definitions of "0day". So far I've seen: - a new bug - undetected malware…
    1 reply 5 likes
    Undo
  8. Retweeted
    32 minutes ago
    Replying to

    0day is like the un-discovered strain that those flu shots (AV) can’t protect against but spread the fastest and do the most harm.

    1 reply 1 retweet 1 like
    Undo
  9. Retweeted
    35 minutes ago
    Replying to

    "needs a vendor patch" regularly hit this pentesting iot because the dependency chain of horrific shit they bolt together is more complex.

    1 reply 1 retweet 3 likes
    Undo
  10. Retweeted
    36 minutes ago
    Replying to

    Violent agreement!

    1 retweet 4 likes
    Undo
  11. 38 minutes ago

    so bugs on a pen-test in a client system that is used just for QA or a limited install base I would still count if they are genuine risks outside of the constrained test scope. If the bug affects more than one client, it's something - if you call it 0day then the poll is for you.

    Replying to @hackerfantastic @icommitfelonies
    On our pentests we find new bugs in web applications that are industry-specific (not stuff you'd get off github) on a several-a-week basis. (Not our full scope just the most common source of "0day").…
    2 replies 6 likes
    Undo
  12. Retweeted
    40 minutes ago
    Replying to

    I deem the tweet by unsuitable; it should be “flaw for which [there] is no fix” instead. ‘Their’ is possessive; ‘there’ is a pronoun or an adverb.

    1 reply 1 retweet 8 likes
    Undo
  13. 42 minutes ago

    So that is how they are stopping so many of those 0day threats... ;-) then they certainly have some culpability in detracting from the definition of 0day - which refers to a flaw for which their is no fix, yet in the warez community means unreleased to public.

    Replying to @GossiTheDog @hackerfantastic and 2 others
    Agreed. Pretty much every AV/EDR vendor will call a piece of Malware a “0-day” if it goes unnoticed by their product.
    3 replies 5 likes
    Undo
  14. Retweeted
    53 minutes ago
    Replying to

    I took this as “how often do you find 0day and use it on a gig”, myself.

    2 replies 1 retweet 1 like
    Undo
  15. Retweeted
    57 minutes ago
    Replying to

    - we (Microsoft) have a little experience with 0-days 😈 The slides Matt presented last week at are online.

    Posted the slides from my talk covering trends, challenges, and strategic shifts in the software vulnerability landscape. Questions, comments, and alternative perspectives welcome 🙂
    2 retweets 3 likes
    Undo
  16. Retweeted
    1 hour ago

    An excellent thread for those thinking about information security.

    I've tried to keep this bottled up, but seeing as we've a whole wave of new people to our industry, maybe it's time to help rather than stand silent. 0hday/Zeroday/0-day exploits should be the least of your worry. Adversa…
    Show this thread
    3 retweets 11 likes
    Undo
  17. Retweeted
    3 hours ago

    CVE-2019-1999 Elevated Privileges

    Undo
  18. Retweeted
    1 hour ago
    Replying to

    0day is the most popular, the most concerned is the Remote Code Execution vulnerability

    1 retweet 4 likes
    Undo
  19. Retweeted
    10 hours ago
    Replying to

    Drive-by install via vulnerable software, the patch had been out two days so it was due for release from QA the very next day... Source of infection was a WordPress site with a 100-day vulnerability. So if can agree on a ... :)

    1 retweet 4 likes
    Undo
  20. Retweeted
    11 hours ago

    I created a poll on 0day usage by hackers but what about the rest of you? How often in your job as an administrator/system defender/architect/engineer dealt with 0day either as a breach of your product or breach of your network?

    4 replies 1 retweet 5 likes
    Undo
  21. Retweeted
    1 hour ago
    Replying to

    I regularly find and fix 0day, often for open source projects. I dunno how much I can be said to "use" them? But mostly I get stuff fixed without writing exploits.

    1 reply 1 retweet 4 likes
    Undo

@hackerfantastic hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.