Olivia
Online
Promina
@__Promina__
Cyber Security Instructor, @PvJRedCell, @SynackRedTeam
Joined March 2017
419 Following
84 Followers
637 Posts
Warning: Long Tweet!
I've been thinking a lot about the forthcoming knowledge gap in hacking and vulnerability research, though it applies far beyond just that.
One part that makes me a bit sad is that those coming into the field in the future will never know what it was like during the early days of going to DEF CON, sitting at tables or in hotel rooms with like-minded individuals to work through solving problems both together and individually, and being forced to use your brains and your knowledge... Never giving up! I'm sure that for many of us that the amount of time spent on manually reversing, debugging, coding, etc... could be quantified in literal years of our time spent on this planet. But it was always worth it... Or at least always a learning opportunity!
At the same time it's incredibly exciting to be alive having that same knowledge in the AI-era! I don't know that I've been this "energized" about the industry in a long time. I needed to write a Python app today to work with Ollama, a model, and Streamlit that would have taken me days on my own. Instead, I created it far faster than I could have on my own, and after only a couple iterations I had something solid and working well using AI.
My point however, is that I've been struggling with trying to answer a couple of questions:
1) How will those coming into the field gain the necessary knowledge in coding, reversing, debugging, etc... to be effective, to identify hallucinations, to understand the who, what, where, when, and why, and to identify new classes of vulnerabilities if AI is performing all of the work and everything is handed up on a silver platter?
2) How important is it for those coming into the field to need to understand those things? ...and if still important now, for how long?
I have more questions of course but those are two of the big ones...
A lot of the things that I'm able to automate now are of course due to AI first and foremost, but there's the big secondary piece. It's the fact that I've been doing vulnerability research for a very long time and I know a lot of the who, what, where, when, and why...
I've decided that on the @offby1security channel I'm going to start a new set of pre-recorded videos, separate from the weekly streams, where I simply cover foundational things that you cannot easily learn without having the practical experience. I need to put more thought into it but will figure it out through experimentation. Even if it only helps a small number of up and comers it's worth it to me.
I'm a firm believer that even with all of the AI and automation options that paying your dues in understanding how things work "under the hood" remains crucial. If ever there was a time to not be complacent... it's now!
I think that with this gap, and the decline in junior positions and apprenticeships, that Universities are going to need to figure out new ways to help prepare students for this new era.
Sorry if I'm coming across all "philosophical" but this has been nagging me for some time now. If you agree or disagree I'd love to hear your thoughts on the matter as I'm still trying to land on an answer.
after a few years of building, feroxbuster-pro is live!
i always knew it could be better. some early design decisions made things like adaptive scans impossible. feroxbuster-pro is built on feroxfuzz, which was always the foundation i needed to take it further.
1/2
My latest blog is live on @SynackRedTeam @Synack Exploits Explained 🙌
3 real-world vulnerabilities from banking & fintech microservices:
→ Full SSRF in a PDF download feature via internal subdomain fuzzing
→ JWT scope flaw leading to ATO
→ Proxy routing parameter pivoting into internal network
Why perimeter-focused testing falls short on modern microservices.👇
https://t.co/RYatnFuQFd
#bugbounty #bugbountytips #infosec
THINGS MOVE FAST.
BUILDING IS FUN.
SECURITY IS HARD.
YOU NEED SHORTCUTS.
AI put everything on fast-forward.
Builders ship at insane speed.
Breakers move just as fast.
New models drop. Old tech expires.
The new legacy is eight months.
Fresh exploits show up daily.
Security was never designed for this pace.
That’s why we’re launching Builders & Breakers!
As a start, a live, in-person event focused on high-velocity shortcuts from people who’ve shipped, broken things, and lived to tell the story.
You’ll meet the speedrunners, the daredevils, the builders, the breakers, the early adopters, the experimentalists.
Your peers. Your people. The ones who, just like you, push boundaries, do the work, and solve problems.
People who speak the same language, live the dream, and share the same vibe and energy.
📍 Stockholm | Onsite only, NO Recordings.
📆 26/3 @ 5an HOBO
🎟️ Limited tickets | 500kr / piece - all attendees must apply
🔒 Chatham House Rules
👉 Apply: https://t.co/SzhF4b99Qb
🎤 CFP open: https://t.co/Qsa7FnaPaH
Build fast. Break things. Ship confidently.
Let’s f***ing go. 🚀
//STÖK|KUGG
https://t.co/1aQHLAqfpQ
Executive Offense - (Release) The Arcanum Prompt Injection Taxonomy v1.5
https://t.co/ctyjolAHpf
Our FREE Modern Recon Workshop is coming up!
https://t.co/QvBwYFRJGF
We also want to thank our sponsor for this webinar @PlexTrac !
PlexTrac unifies and streamlines pentesting operations through a continuous, workflow-driven approach that brings pentest data directly into the CTEM lifecycle. By automating real-time delivery of findings, PlexTrac helps teams operationalize results faster and connect every stage of the offensive testing lifecycle in one system.
Check them out at:
https://t.co/VvWPJpwl8k
👀👀👀
Great start to the day with John Hammond’s keynote at BSidesNYC 0x05
#BSidesNYC
Hackers the movie was released 30 years ago today! September 15th 1995.
Hack the planet!
We’re excited to announce that we are sponsoring Cyber Info's Hack O’Lantern CTF 2025. The team at Cyber Info is putting together a challenging CTF and participants will have the chance to win Maldev Academy subscriptions.
Register now at https://t.co/nrU6DMeqwZ and get ready for an awesome CTF experience!
Special thanks to @CyberInfoHQ and the team for all their efforts.
🚀JHT launches live training as the exclusive provider of #BSidesChicago's pro workshops from 4 of our best All-Stars. https://t.co/byi0BtrLZ2 💸 Early Bird seats will go fast, so ACT NOW & spend the day with:
💻 @_JohnHammond - Script-Based Malware Analysis
💻 @mish3alkhan - Level Up OSINT
💻 @ellieintech - Vibe Coding for Responsible Adults
💻 @_t1v0_ - Hardware Hacking 101 w/ Take-Home Kit!
Get face-to-face instruction from top experts with a full day (8 hours) of in-person, hands-on training on hot technical topics on Oct 31.
💸 Early Bird $425 (until September 4 @ midnight!)
🎥 Includes online access after the event
⚡ Goes to $500 after September 4
🍽️ Lunch included!
Want Just Hacking Training at your event? Email sales (at) https://t.co/lyeW4QnALE
Just Hacking Training is a platform providing "Focused Technical Training for All Levels" with 60+ affordable, hands-on options in 4 categories: Courses, Free Upskill Challenges, Hack-Alongs and CTFs. With new content released twice a month throughout 2025, bi-monthly livestreams with John Hammond and our All-Star contributors and even some “Name Your Price” options, JHT will advance your career regardless of experience level or budget.
New Malware Development course update:
https://t.co/QCsKdmofYd
- Dumping The SAM Database
- Dumping The SAM Remotely
- Dumping The SAM From Disk
- Domain Enumeration Using MS-SAMR
Huge shoutout to @GigelV41464 for his help with these awesome modules 🔥
Oh noes! These pesky beacons keep coming back!
Execution & exfil from *our* servers?! How Un-possible!!1! X^D
Find it! Find it now!
@PvJBlueTeam #BSidesLV #PvJCTF
Pulled in over $250K just from Blind XSS in the past year. Yeah, it’s been wild. I broke down everything I’ve learned in a new video: tips, tricks, and hard-earned lessons. 👉 https://t.co/ScBVQg9Ezq
Do you want a CTF with a twist? Exposure to red & blue team ops in a live cyber-range? Try the PvJ Grey Team!
The Grey team is returning to our BSIDESLV event to add a higher degree of realism to the game.
Sign up here: https://t.co/ZmbonskQwI
Seats are limited, so hurry!
Loki C2 🧙♂️🔮
Download here for free: https://t.co/fR44ukK1Y2
"If you're getting into bug bounties for the money, you're gonna have a hard road." - Charlie Waterhouse (@CharlieW_T3X4N)
But if you treat it like free training, you'll learn, improve, and the bounties will follow.
Full talk 👉 https://t.co/UbHUapgqWb
#BugBounty #BBV #DEFCON
HELLO
NAHAMCON 2025 CTF IS MAY 23 TO MAY 25
BEN ASKED ME TO HELP PROMOTE AND I FORRGOOTTT
PLEASE REGISTER AND PLAY OUR GAME
https://t.co/T8z2qcgDQv
I WILL CONTINUE TO SPAM UNTIL SHOWTIME AND DURING EVENT SORRY BUT IT WILL BE FUN I PINKY PROMISE
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers