Toggle navigation
TWText.com
TWText.com
faq
Contact US
Follow US
Katie 👾 Moussouris (she/her)
k8em0
Hearing a lot of “SBOM is key in things like this #log4j issue” without anyone saying how they might use an SBOM *right now* during this phase of response.Please don’t
Read more
What’s great about these privacy warnings is that nobody is calling the researchers irresponsible for revealing them immediately to the public, & Twitter is thanking them instead of trying to
Read more
When we did Driven2pwn in UAE, I had to set up a makeshift SCIF-lite to keep exploits out of anyone’s hands except the researcher & the target vendor to avoid
Read more
I'm discussing “How I hacked Clubhouse (and made it safer for all)” with Bug Bounties & VDPs. Saturday, May 1 at 3:00 PM PDT on @joinclubhouse. Join us!https://www.joinclubhouse.com/event/PrWy8Ol6 I’ll host
Read more
A look back & forward for bug bounties over the past decade, a thread.History is important for newcomers & established folks alike.Outcomes have been both positive & negative.Some fears of
Read more
How is a bug bounty not paying for duplicates completely different from a 3rd party hacking competition not paying out for things that the vendors say they knew about but
Read more
XSS is one of the most common, well-understood web vulns. Detectable via free tools & techniques available to novices.Sure, turning XSS into something more is coolSo is paying hackers #bugbountiesWondering
Read more
Imagine spending your whole life taking things apart to see how they work & trying to improve them.Imagine exploring that curiosity & hacking together a career that lets you spread
Read more
Setting up a new planted aquarium in the office.Gonna fill it with a few cherry shrimp after the ground cover takes root & I fill the rest up.Will plant some
Read more
If you say that in 2020, a global pandemic disproportionately wiping out the poor & people of color is “to be expected”, then I would like to remind you that
Read more
Bug bounty platform vendors:Your NDAs are creating a huge amount of unnecessary friction between security researchers and the customers you are supposedly helping.You realize that NDAs are *not* part of
Read more
None of you are going to believe me that this massive increase in defensive market bug bounties is BAD for security until some men say it aren’t you?Wait, men did
Read more