hakluke
@hakluke.com
Dad, hacker, solo founder of haksec.com and hackercontent.com.
So it turns out 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 and 2025 were NOT the year of the Linux desktop.
2026 though.
2026 though.
October 10, 2025 at 4:31 AM
So it turns out 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 and 2025 were NOT the year of the Linux desktop.
2026 though.
2026 though.
Red teaming tip: Up against a NAC, but need to plug your device in?
- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨
- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨
October 6, 2025 at 1:26 AM
Red teaming tip: Up against a NAC, but need to plug your device in?
- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨
- Plug a switch into the ethernet port on the wall
- Plug a legit device into the port that is allowed by the NAC (like a printer or employee laptop)
- Wait for a bit
- Plug your evil device into the switch
- ✨ Access granted ✨
Do you think we'll ever get to a point where everyone just gives up on protecting personal data, and we just assume everything is public?
We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.
We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.
October 4, 2025 at 8:08 PM
Do you think we'll ever get to a point where everyone just gives up on protecting personal data, and we just assume everything is public?
We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.
We're already at the point where most people have had their data exposed in a breach, and people are already sharing most of their PII on Facebook.
NEVER underestimate a properly caffeinated hacker with some free time
October 3, 2025 at 12:37 PM
NEVER underestimate a properly caffeinated hacker with some free time
I'm so proud that HackerContent helped produce the new Hacker-Powered Security Report from @hacker0x01.bsky.social.
It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.
Read it here 👇
www.hackerone.com/report/hacke...
It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.
Read it here 👇
www.hackerone.com/report/hacke...
Hacker-Powered Security Report - 9th Edition | HackerOne
The Hacker-Powered Security Report benchmarks how enterprises are confronting AI risk, closing exposure gaps, and adapting to faster, more persistent attackers
www.hackerone.com
October 3, 2025 at 12:34 PM
I'm so proud that HackerContent helped produce the new Hacker-Powered Security Report from @hacker0x01.bsky.social.
It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.
Read it here 👇
www.hackerone.com/report/hacke...
It covers the impact that AI is having on bug bounties and cybersecurity in general - and It's not what you'd expect.
Read it here 👇
www.hackerone.com/report/hacke...
Imagine being the UI designer for AWS console
October 3, 2025 at 12:09 PM
Imagine being the UI designer for AWS console
HackerContent is HIRING a social media manager and personal assistant! 🚨
Links to application forms:
🧑🎨 Social media manager: wkf.ms/48EnZP8
👨💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw
Links to application forms:
🧑🎨 Social media manager: wkf.ms/48EnZP8
👨💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw
Social Media Manager Job Application | WorkForms
From requests, feedback to data collection and more. Turn your insights into action with customizable WorkForms.
wkf.ms
September 30, 2025 at 1:06 PM
HackerContent is HIRING a social media manager and personal assistant! 🚨
Links to application forms:
🧑🎨 Social media manager: wkf.ms/48EnZP8
👨💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw
Links to application forms:
🧑🎨 Social media manager: wkf.ms/48EnZP8
👨💻 Personal assistant / project manager: wkf.ms/3Wjm7Uw
Friendly reminder: Social media algorithms are designed to polarize us.
You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.
Now more than ever, independent thought is vital.
Think.
For.
Yourself.
You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.
Now more than ever, independent thought is vital.
Think.
For.
Yourself.
September 10, 2025 at 8:56 PM
Friendly reminder: Social media algorithms are designed to polarize us.
You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.
Now more than ever, independent thought is vital.
Think.
For.
Yourself.
You don't have to be politically hard right or hard left. You can agree on some things and disagree on others.
Now more than ever, independent thought is vital.
Think.
For.
Yourself.
wife: how are bug bounties going?
me: pretty good pretty good
me: pretty good pretty good
September 10, 2025 at 12:02 AM
wife: how are bug bounties going?
me: pretty good pretty good
me: pretty good pretty good
This is basically how hackercontent.com works
June 28, 2025 at 10:37 AM
This is basically how hackercontent.com works
I analyzed the ~5000 social media posts that HackerContent has put out on various cybersecurity-related social media accounts this year to figure out what the most engaging types of posts are.
Here's the roundup!
hackercontent.com/blog/the-top...
Here's the roundup!
hackercontent.com/blog/the-top...
The Best Performing Post Types for Cybersecurity Companies in 2025 (So Far)
Discover the 6 best-performing cybersecurity content types of 2025, from giveaways to explainer videos, that boost engagement and grow your audience.
hackercontent.com
June 28, 2025 at 9:40 AM
I analyzed the ~5000 social media posts that HackerContent has put out on various cybersecurity-related social media accounts this year to figure out what the most engaging types of posts are.
Here's the roundup!
hackercontent.com/blog/the-top...
Here's the roundup!
hackercontent.com/blog/the-top...
that feeling when you wait 3 days to see the results of an authenticated brute force with a huge wordlist but /logout was right at the top of the wordlist 😭
May 12, 2025 at 8:38 PM
that feeling when you wait 3 days to see the results of an authenticated brute force with a huge wordlist but /logout was right at the top of the wordlist 😭
Awesome bug and write-up by Brutecat.
They found a way to leak any YouTube user's email using their public channel ID.
They chained two unrelated Google services:
- YouTube (to get their ID)
- Google Recorder (mapped ID to email)
Here's a link to the writeup:
brutecat.com/articles/lea...
They found a way to leak any YouTube user's email using their public channel ID.
They chained two unrelated Google services:
- YouTube (to get their ID)
- Google Recorder (mapped ID to email)
Here's a link to the writeup:
brutecat.com/articles/lea...
Leaking the email of any YouTube user for $10,000
What could've been the largest data breach in the world - an attack chain on Google services to leak the email address of any YouTube channel
brutecat.com
February 21, 2025 at 8:18 PM
Awesome bug and write-up by Brutecat.
They found a way to leak any YouTube user's email using their public channel ID.
They chained two unrelated Google services:
- YouTube (to get their ID)
- Google Recorder (mapped ID to email)
Here's a link to the writeup:
brutecat.com/articles/lea...
They found a way to leak any YouTube user's email using their public channel ID.
They chained two unrelated Google services:
- YouTube (to get their ID)
- Google Recorder (mapped ID to email)
Here's a link to the writeup:
brutecat.com/articles/lea...
Would you prefer a pentest where you find very little vulnerabilities and a short report, or a pentest where you find loads of vulnerabilities but a long report? 🤔
December 9, 2024 at 4:40 AM
Would you prefer a pentest where you find very little vulnerabilities and a short report, or a pentest where you find loads of vulnerabilities but a long report? 🤔
Reposted by hakluke
New, by me: Security researchers say North Korean hackers, posing as VCs, recruiters, and remote IT workers, have infiltrated "hundreds of organizations" and stolen billions of crypto in recent years to fund the regime's nuke program.
My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...
My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...
North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch
Security researchers say North Korean hackers have infiltrated hundreds of organizations with the goal of taking money and stealing data to further the regime's nuclear weapons program.
techcrunch.com
November 28, 2024 at 2:02 PM
New, by me: Security researchers say North Korean hackers, posing as VCs, recruiters, and remote IT workers, have infiltrated "hundreds of organizations" and stolen billions of crypto in recent years to fund the regime's nuke program.
My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...
My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...
Here's a live animation of sales on Shopify throughout Black Friday.
While I was watching it was hovering at around 1.2M per minute.
Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯
bfcm.shopify.com
While I was watching it was hovering at around 1.2M per minute.
Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯
bfcm.shopify.com
November 29, 2024 at 4:19 AM
Here's a live animation of sales on Shopify throughout Black Friday.
While I was watching it was hovering at around 1.2M per minute.
Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯
bfcm.shopify.com
While I was watching it was hovering at around 1.2M per minute.
Shopify's commission sits at around 2.4-2.9%, which means they're making around $31,800USD per minute. Roughly $45 million in one day 🤯
bfcm.shopify.com
How on earth did I get 2k followers here I have barely posted anything
November 29, 2024 at 4:13 AM
How on earth did I get 2k followers here I have barely posted anything
Reposted by hakluke
The computers used to scream at us when we logged on because They Knew
November 19, 2024 at 7:05 PM
The computers used to scream at us when we logged on because They Knew
Should I do bug bounties again y/n
May 14, 2023 at 7:47 PM
Should I do bug bounties again y/n
The sky is always bluer on the other side
May 5, 2023 at 6:59 PM
The sky is always bluer on the other side
This honestly does feel like Twitter in the early days.
April 27, 2023 at 9:57 PM
This honestly does feel like Twitter in the early days.
External attack surface management has well and truly taken off now! 🚀
Here are 7 things that your EASM platform should be able to do. Written by me for Detectify.
Here are 7 things that your EASM platform should be able to do. Written by me for Detectify.
twitter.com
April 27, 2023 at 9:54 PM
External attack surface management has well and truly taken off now! 🚀
Here are 7 things that your EASM platform should be able to do. Written by me for Detectify.
Here are 7 things that your EASM platform should be able to do. Written by me for Detectify.
Reposted by hakluke
Work in progress, but just made Dorky public - a new tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon.. https://github.com/codingo/dorky
April 26, 2023 at 12:59 AM
Work in progress, but just made Dorky public - a new tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon.. https://github.com/codingo/dorky
Reposted by hakluke
In 2010, WikiLeaks released a classified document.
A list of infrastructure critical to U.S national security.
The government listed a Trans-Atlantic cable.
3 years ago,
19-year-old me gained ADMIN access to that cable (and another; shared codebase).
Here's how I did it:
A list of infrastructure critical to U.S national security.
The government listed a Trans-Atlantic cable.
3 years ago,
19-year-old me gained ADMIN access to that cable (and another; shared codebase).
Here's how I did it:
April 8, 2023 at 3:34 PM
In 2010, WikiLeaks released a classified document.
A list of infrastructure critical to U.S national security.
The government listed a Trans-Atlantic cable.
3 years ago,
19-year-old me gained ADMIN access to that cable (and another; shared codebase).
Here's how I did it:
A list of infrastructure critical to U.S national security.
The government listed a Trans-Atlantic cable.
3 years ago,
19-year-old me gained ADMIN access to that cable (and another; shared codebase).
Here's how I did it: