Olivia
Online
Hi! I'm Don.
@ethicalhacker
#Dad & #CyberSecurity OG! Co-Founder @justhackinghq w/ @_JohnHammond. Founder of The Ethical Hacker Network and ChicagoCon. Fun project = @diySTEAM #LifeIsGrand
Chicago, IL
Joined June 2008
1K Following
19.1K Followers
8.8K Posts
Pinned Tweet
The winter solstice is our annual reminder that just when it seems the darkness is too much, the light will return. Regardless of season, may your hearts forever stay warm. ♥️
New FREE Upskill Challenge ⚓️ Ahoy! More maritime ethical hacking w/ US Coast Guard Red Teamer, @Soups71! https://t.co/G458RArgwd
The 1st Free UC by James Campbell AKA Soups in the Maritime Cybersecurity series focused on the technologies found aboard vessels sailing the seven seas. This 2nd UC provides a basic intro to the CAN-based protocol for marine electronics, NMEA 2000, its security vulnerabilities and detecting attacks.
#maritime #security #hacking #cybersecurity #nmea2000
🚀 JHT Drops Web App Pentesting - Jr Analyst Course. Apprenticeship-style, hands-on learning prepares you for the job. Hurry... Only $80! Discount ends Mid ET May 31.
Know what it takes to be on a penetration testing team delivering paid services to clients? You Will!
🎁 JHT’s Gift to the Community - Hack a Free Vulnerable Web App to Learn Pentesting
CrossWind Systems Corporation is a fictitious company created for JHT’s web app courses. Their entire online presence, vulnerabilities and all, is publicly available for EVERYONE! https://t.co/RtjXeM1iSu
In this episode of Just Hacking Tips, Mike Lisi walks us through some of the learning opportunities on CrossWind Systems.
If you would like to play with a live, purposely vulnerable web app, have at it.
Prefer more structured, curriculum-based training, try JHT’s Web App Jr Analyst course 🚨 ⏰️ Only $80! Launch discount ends at midnight ET May 31. https://t.co/nq9PWmoSOX
#cybersecurity #training #owasp #webapp #ctf
Who to follow
INE Security (FKA eLearnSecurity)
@INEsecurity
Revolutionizing the way the world gains #ITSecurity skills. Part of the @INE family
Web Security Academy
@WebSecAcademy
Free web security training from @PortSwigger
bugcrowd
@Bugcrowd
The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Naomi Brockwell Joins JHT All-Stars! New Free Upskill Challenge: Create your own encrypted USB drives. https://t.co/GxKqIgkCYA
Storing sensitive files on a normal USB drive is like writing your diary on a sticky note and leaving it in a taxi. If someone gets the drive, they get the files. No hacking required!
Naomi shows three ways to create encrypted USB drives: The Apricorn Aegis Secure Key, the Kingston IronKey Vault Privacy 50C, and VeraCrypt. Find out how they compare, which best fits your threat model, and step-by-step setup tutorials for each.
#cybersecurity #hacking #privacy #encryption @naomibrockwell
🚨 Workshop Spotlight # 5👉 "Instant API Hacker"
by Corey J. Ball (@hAPI_hacker), author of "Hacking APIs" and founder of APIsec University (@apisecu) & hAPI Labs
📝 Description
"Instant API Hacker" demonstrates how quickly someone can learn to identify and exploit API vulnerabilities.
You'll witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure.
Through live demos using the "One Request to Rule Them All," you'll see firsthand how APIs can be compromised, and gain actionable insights you can apply immediately.
The session walks through finding APIs, analyzing endpoints in Postman, going deep with Burp Suite, and exploiting the most common vulnerabilities. You leave with free resources for continued learning, including vulnerable labs and APIsec University courses.
Beginner-friendly. By the end, you're an API hacker.
🎟️ Only at ContinuumCon 2026
Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does.
Got your ticket yet? 👉 https://t.co/N7pFB85xsS
Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas, and @Level_Effect!
Thank you for making the ultimate sacrifice. 🙏
Cyber 'Home Alone' Part 2: Fight Back with DNS Traps!
Canary Tokens are a simple yet powerful tool for cybersecurity, providing alerts when an attacker interacts with a bait file, URL, or service. Perfect for improving your detection capabilities.
Watch Adrian Sanabria demo a web bug Canary Token in his Free Upskill Challenge (UC), Detection via Deception. https://t.co/KEmeIdyALO
All 50+ UCs are FREE! Try one, try them all. 😉
#Cybersecurity #HackingTips #InfoSec #DigitalForensics #EthicalHacking
Cyber 'Home Alone' Part 1: Fight Back with Digital Traps!
Canary Tokens are a simple yet powerful tool for cybersecurity, providing alerts when an attacker interacts with a bait file, URL, or service. Perfect for improving your detection capabilities.
Watch Adrian Sanabria @sawaba demo a web bug Canary Token in his Free Upskill Challenge (UC), Detection via Deception. https://t.co/5ObAWpKflG
All 50+ UCs are FREE! Try one, try them all. 😉
#Cybersecurity #HackingTips #InfoSec #DigitalForensics #EthicalHacking
🚨 Workshop Spotlight 👉 "Prompt Injection Fundamentals & Hack-Along"
by Eva Benn & Andrew Bellini (@d1gitalandrew)
📝 Description
Prompt injection continues to be # 1 on the OWASP Top 10 for LLM Applications for the second edition running, and there's a reason it isn't moving. LLMs read instructions, data, and policy through the same channel.
The attack surface is the entire space of human language, with infinite ways to phrase an input and infinite ways the model can respond. A single successful prompt injection can bypass every other security control you put in place, even if you've done everything else right.
Model makers like OpenAI, Anthropic, and Google continue to invest in instruction hierarchy training and built-in safety controls, but models still can't reliably tell the difference between what the app builder told it to do and what an attacker hid inside a document, an email, a webpage, or a tool response.
And the people building AI apps aren't just engineers anymore...
This session is a practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting, or if you're building with AI and want to know what you're actually up against.
🎟️ Only at ContinuumCon 2026 - June 12-14
Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does.
Got your ticket yet? 👉 https://t.co/N7pFB85xsS
Hosted by @_JohnHammond, @JustHackingHQ, @AnthonyBendas , and @Level_Effect !
Hack a Drug Lord's Smart Toilet! https://t.co/kxNrEeHiRD
The Dzhanibekov Effect: Spin any object with three different moments of inertia in zero gravity. The object will spin stably for a few seconds, then suddenly flip 180° while continuing its rotation, then flip back a few seconds later. It does this indefinitely.
Many aspiring pentesters never start because web app security feels too advanced.
Mike Lisi explains why hands-on exposure matters more than worrying about prerequisites early on.
That’s what Crosswind Systems is built for. A free place to practice web app hacking concepts and start building real experience.
🛠️ JHT’s gift to the community. Practice web app hacking for free:
https://t.co/RtjXeM1iSu
One of the biggest gaps in cybersecurity education right now is practical pentesting experience.
Mike Lisi explains why theory alone isn’t enough and why more practitioners need to help bridge the gap with real-world skills, mentorship, and hands-on exposure.
That’s how junior pentesters become job-ready faster.
🔗 Start learning: https://t.co/nq9PWmoSOX
🔥 ContinuumCon 2026 June 12-14 Workshops Announced! Stacked with content, plus a special event:
This year we'll have a Live AMA with @brysonbort and @strandjs - Q&A, commentary, and the top-tier banter.
Workshops 👇
# Roll Your Own Analyst
by Rain Jordan
Build your own local AI threat intel pipeline with Python & Ollama
# Killing Active Directory Attack Paths Once and For All
by @techspence
Hands-on destruction of major AD attack paths with hardening to mitigate
# Hacking Over & Under The Wire
by @klrgrz
Beginner-friendly SSH & PowerShell using OverTheWire wargames and trying back to tradecraft
# Practical Security Engineering
by @IceSolst
Stand up SAST, DAST, SCA, and secrets scanning for free using GitHub Actions
# Prompt Injection Fundamentals & Hack-Along
by Eva Benn and @Andrew Bellini
Practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting!
# Escaping Sandboxes with AI
by @ZackKorman
Hands-on techniques for finding and executing AI sandbox escapes
# Instant API Hacker
by @hAPI_hacker
Fast-paced exploitation of the OWASP API Top 10 with the author of Hacking APIs
# Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response
by Ihor S.
Production-ready AWS WAF with custom monitoring, Slack alerts & automated threat response!
# Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams
by @fletusposton
Build lightweight, engineering-aligned GRC that actually accelerates security work!
# How to Analyze Malware
by Matthew N.
Safe, practical malware analysis workflow for beginners – static, dynamic & real sample walkthrough!
# Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software
by Smit Nayak
Deep forensic recovery of WannaCry artifacts using open-source tools – DFIR gold!
# StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction
by Christopher Dio C.
Detect & extract hidden malware from images & files with next-level steganography tools!
And we'll be hosting content again this year through the great @getCourseStack platform!
Big thank you to all putting the work and time in in to bring this con to everyone! 🙏
@_JohnHammond @JustHackingHQ @AnthonyBendas @Level_Effect
Got your ticket yet? 🎟️
Head over to: https://t.co/N7pFB85xsS
A junior pentester went from beginner to finding real vulnerabilities in a few months.
According to Mike Lisi, it came down to:
• Real-world tool output
• Context
• Repetition
That’s what actually builds skill.
🔗Start learning: https://t.co/0krZcGgG4e
The RF world is insane.
Researchers recovered AES-128 keys from a Bluetooth chip by listening to its own antenna from 10 meters away.
Crypto-engine switching noise couples into the RF chain, rides the 2.4 GHz carrier, and leaks out as radio.
New Course Launch 🚀 "Web App Pentesting - Jr Analyst" Only $80 in May! https://t.co/nq9PWmoSOX Get hands-on apprenticeship with Mike Lisi. Don't just hack. Prepare for a career!
You played CTFs, learned some hacking tricks and maybe even dabbled in bug bounty hunting. That’s a great start. But do you use a proper methodology, work on real-world, live web applications, or even know what will be expected of you as a member of a penetration testing team delivering paid services for clients?
You Will!
See for Yourself with Free Previews:
📖 Course Overview
🔍 Anatomy of a Web Application
💻 1.1 Search Engine Discovery (WSTG-INFO-01)
Get ready for a truly unique learning experience…
After completing the material of each lesson, you are assigned actual work tasks by your team!
You get to practice what you’re taught using a provided, web-based VM of the latest version of Kali Linux. Since the client’s web apps are publicly available, you can use your own tools. The option is yours!
As you complete your “work”, you are reminded of the importance of taking notes. This becomes vastly important, because your team needs you. Therefore, you are required to “Report to the Team” regularly… just as the job would require!
#learn #explore #webapp #hacking #pentesting #ethicalhacking #training #cybersecurity #community #career
Join us on May 27, 2026, in Plano, TX, for the inaugural CYBR.HAK.CON.! I have partnered with @CybrSecCon, the team behind HOU.SEC.CON.. We have a great lineup of speakers, including @Jhaddix, @DHAhole, @TimMedin, @marcusjcarey, @sociosploit, @Larci007, @hackerfren, @BarCodeSecurity, @hacker_213, @DistortionCyber and more!
HTTPS traffic is encrypted by design—but if a client is configured to trust a proxy, it can be intercepted and inspected.
@_JohnHammond shows how decrypted requests become visible in real time.
👉 Learn more: https://t.co/0VKnfVsdCO
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers