Discover and read the best of Twitter Threads about #Bypass

Most recents (10)

1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.
#PhishingScams #GoogleAds Image
2/ 🕵️‍♂️ Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results.
Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites.
#Cybersecurity Image
3/ 🎯 Some of the malicious ads and websites target brands such as @zapper_fi , @LidoFinance , @StargateFinance and @DefiLlama.
These advertisers have been identified as placing these malicious ads:
ТОВАРИСТВО З ОБМЕЖЕНОЮ ВІДПОВІДА­ЛЬНІСТЮ «РОМУС-ПОЛІГРАФ»
TRACY ANN MCLEISH. ImageImage
Read 11 tweets
Your PC telling you it’s not compatible with Windows 11? Just add this registry key & restart install 😎

Reg Path:
HKEY_LOCAL_MACHINE\SYSTEM\Setup

Create DWORD 32bit Key Named “AllowUpgradesWithUnsupportedTPMOrCPU”

Set it’s value to “1”

Now restart setup & share 👍🏻 #TechTip
If you’re doing a clean install from media & not upgrade from within Windows 10 you can use the latest version of Rufus to create media that automatically bypasses it 👍🏻 #TechTips #Windows11 Image
You can also hit SHIFT+F10 when setup loads booting from media to open CMD windows and then add registry key before proceeding to the “compatibility check” which also should work. The compatibility check is illusionary & Windows 11 works just fine without TPM or supported CPU 😏
Read 7 tweets
LayerZero Power Systems is a different type of company. LayerZero designs and builds the safest and most reliable power distribution products on the planet, equipped with advanced power quality monitoring technology. Here are 10 reasons why you need @LayerZero [thread] ... Ten reasons why you need LayerZero in your critical facility
10. @LayerZero makes preventative maintenance of bolted connections safe and convenient. Just unlock the IR porthole plate, rotate it open, and scan bolted connections with a thermal camera. There is no need to open the dead front doors. #LayerZero With LayerZero INSIGHT IR, operators can measure bolted conn
9. TMR increases reliability by one to two orders of magnitude. Triple Modular Redundant-enabled static transfer switches have no single point-of-failure; each control path is segmented and isolated with fiber optic connections to maximize power reliability. #TMR #LayerZero LayerZero's Triple Modular Redundancy increases reliability
Read 11 tweets
1/
#FTX owned an $11.5M stake in a tiny rural bank in Washington state with just 3 employees
Farmington State Bank in the state of Washington (Farmington town has 146 people), now renamed Moonstone, is the 26th smallest bank in the US.
It has a single branch and 3 employees.
2/
#FTX invested in the rural bank through Alameda, with an investment of $11.5M for 10% of the bank in its parent company FBH in March 2022.
The #AlamedaResearch investment was more than double the bank’s value of $5.7M.
3/
To put this into perspective #FTX’s investment valued the bank at $115M. Yet, it only had $10M in customer deposits
Why did they do that?
Read 8 tweets
Bypass 429 🏹(Too Many Requests)

#bugbounty #infosec
Look🧵(1/n) :👇 Bypass 429
➡Try add some custom header #bugbounty #infosec

▪X-Forwarded-For : 127.0.0.1
▪X-Forwarded-Host : 127.0.0.1
▪X-Client-IP : 127.0.0.1
▪X-Remote-IP : 127.0.0.1
▪X-Remote-Addr : 127.0.0.1
▪X-Host : 127.0.0.1
➡Adding Null Byte ( %00 ) or CRLF ( %09, %0d, %0a ) at the end of the Email can bypass rate limit.
. . . #bugbounty #infosec #bypass

POST /ForgotPass.php HTTP/1.1
Host: target.com

email=victim@gmail.com%00
Read 7 tweets
Bypass Rate Limits in Web Applications and API's.

— What is Rate Limit

Rate limiting is a process to limiting the number of request an user can make to a web server in an span of time.

#web #api #rate #limit #bypass #bugbounty #bugbountytips #infosec #cybersecurity
This can be achieved by implementing IP based, Session Based rate limits on web server.

—Where to Look for Rate Limit Bugs

Place like :
— Login/Signup pages
— Register Pages
— 2FA codes
— Confirmation Codes
...and any other request which if bruteforce will allow attacker to achieve anything malicious should be check for "No Rate Limit" issue.

[Bypass 1] - Using Null Chars

%00, %0d%0a, %09, %0C, %20, %0
Read 11 tweets
This is going to be one of my most important threads.

On Oct 24 2020 we analyzed the Rockefeller Foundation "Message Handbook - #Covid19 Testing & #Tracing, Sept 2020".

This thread examines the #UN [Share] Verified Guide to COVID-19 #Vaccine Communications (released Nov 18). Image
Before we begin, we need to understand who/what [Share] Verified is. Self-described as "the biggest team the world has ever seen" Verified is #Purpose PR firm (sister org of #Avaaz) partnered w/ #UN, #Luminate (#Omidyar) & #Ikea. Image
[Share] Verified "Collaborators" include #WorldBank, #Facebook, #Twitter, #TikTok, etc.

shareverified.com/en/collaborato…

"Verified works with the support of #Luminate, #IKEA Foundation & UN Foundation & partners all over the world." ImageImageImageImage
Read 41 tweets
Vamos a usar este tweet para publicar #Dorks de todo tipo, empecemos con este:

inurl:wp-config.php intext:DB_PASSWORD -stackoverflow -wpbeginner -foro -forum -topic -blog -about -docs -articles

#CyberSecurity #dork #BugBounty
intext:"pass" ! "usuario" | "user" | "contraseña" filetype:sql -github
Este es muy bueno, nos permite hacer uploads, ha sido probado con imágenes .jpeg

intitle:"FCKeditor - Uploaders Tests"
Read 63 tweets
Nearly $2 billion for 60 kms of road across the flattest part of the prairies: we’re now the owner of the most expensive stretch of flat road in Canada.
We could have built this #bypass with our workers and our companies for a fraction of the cost and a fraction of the problems.

Instead, the Sask. Party put their wealthy and well-connected friends ahead of the people of this province, and we’re left to pick up the tab.
And as @cathysproule says, "More money, more problems — that’s the story of this build, start to finish." #yqr #skpoli

ndpcaucus.sk.ca/reality_check_…
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!