What happens when you combine hackers and phones?

Phreaking?
Social Engineering?

Sure! Valid answers.

What you didn't think of is web vulnerabilities.

XXE.

I found an XXE by phone call in a bug bounty program.

Here's the story:

— Corben Leo (@hacker_) April 20, 2022

Who's your phone provider?

Well, there's a good chance that I've hacked them!

Last year, I breached a major telecom company (many times…)

This time, I stole the data of every employee.

(well, I didn't steal all of it, but I could've)…

Here's how I did it:

— Corben Leo (@hacker_) April 15, 2022

302 Military FTP servers.

Imagine you had access to 302 military FTP servers.

What data could possibly be on them?

Who would get hurt by that data?

Who would it benefit?

5 years ago,

A 17-year-old gained access to 300 military FTP servers.

Here's how I did it:

— Corben Leo (@hacker_) April 12, 2022

Another long (hacker) story thread 🧵

= Stealing checks worth millions & pwning a bank =

Here’s how I did it, so you can learn.

I was once contracted to do a penetration test on a bank…

Like, retweet, and follow for more hacker stories!

(1/x)

— Jason Haddix (@Jhaddix) April 8, 2022

Inspired by @hacker_’s tweets about hacker stories, I’ll share one of mine. When looking at a global company, I realised that certain sub divisions in different countries of the company were more vulnerable than others. How did I identify these assets? 1/n

— shubs (@infosec_au) April 3, 2022

(a LONG thread) 🧵

Inspired by @infosec_au & @hacker_ here's one of my fun hacker stories:

= The complete compromise of a password manager company =

Here's how I did it (so you can learn):

I was given the project to pentest a password manager company: *.redacted.com

(1/16)

— Jason Haddix (@Jhaddix) April 4, 2022