Discover and read the best of Twitter Threads about #CyberSec

Most recents (22)

Two factor Authentication bypass : ⚔️

- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add

{XXNUMBERXX}
(1/n)

- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
(2/n)

- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.

#infosec #cybersec #bugbounty
Read 3 tweets
CAN I BE HACKED VIA BLUETOOTH?

Yes,

Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.

A thread
What is a Bluetooth Attack?

This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
Types of Bluetooth Attacks

· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
Read 7 tweets
Grow your cybersecurity skills with this incredible collection of FREE learning resources.

⚡️ Get ready to level up!

Follow & share the 🧵

#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
1️⃣ Hands-on cyber security training through real-world scenarios.

tryhackme.com
2️⃣ LiveOverflow YouTube channel

youtube.com/@LiveOverflow
Read 11 tweets
Looking to kickstart your career in cybersecurity?

You can do it all with FREE resources and a clear step-by-step path

Here is How 🧵

#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1️⃣ Level - Introduction to OpenVPN

🅰️ OpenVPN: How to Connect

-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS

The room is free complete it.👇

tryhackme.com/room/openvpn
2️⃣ Introductory Research Walkthrough

Here you will learn

- How to research
- How to search for vulnerabilities

The room is free complete it.👇

tryhackme.com/room/introtore…
Read 11 tweets
#India's #startup ecosystem raised $455 million across 24 deals last week (Jan.16-21,'23) with #fintech #unicorn PhonePe turning decacorn at $12 billion valuation.
#StartupIndia #DigitalIndia #VentureCapital #funding #Entrepreneurship #innovation #Motivation #prosunjoyi #Thread Image
#India's #startup ecosystem raised $126 million off 16 deals last week (Jan.23-28,'23) across #cybersecurity, #deeptech, #energy, #gaming, #logistics, #SaaS, etc. with total #funding for Jan.'23 crossing $1 billion. #StartupIndia #DigitalIndia #VentureCapital #inspiration #Thread India's startup ecosystem's funding round up for the last week and also for the January month + an inspirational quote stating that your present circumstances don't determine where you can go; they merely determine where you start.
#India's #startup ecosystem raised $49 million off 12 deals last week (Jan.30-Feb.4,'23) across #EVs, #freight, #manufacturing, etc. #StartupIndia #DigitalIndia #VentureCapital #leadership #founders #Entrepreneurship #MondayMotivation #inspiration #innovation #prosunjoyi #Thread Image
Read 44 tweets
12 YouTube Pages to Learn #Cybersecurity for FREE
1. Network Chuck- Everything Cybersecurity related

2. Outpost Gray- Cybersecurity Carer Dev

3. The XSS Rat- Bounty Hunting

4. Cyrill Gossi- Cryptography Videos

5. Cyberspatial- Cybersecurity Education and Training
6. Bugcrowd- Bug Bounty Interviews and Methodology

7. Professor Messer- Guides covering Certifications

8. Black Hat- Cybersecurity Technical Conferences

9. Hak5- Everything Cybersecurity

10. Infosec Institute- Cybersecurity Awareness
Read 4 tweets
Training/Methodology #infosec #offensivesec⚔️🛡️

- OSINT Training and Workflow (dfir.training/osint)

- Website Investigation Workflow ()

- OSINT Resources & Tutorials (aware-online.com/en/)

- Learning Overpass API (osmlab.github.io/learnoverpass/…)
- A 5-minute guide to creating a covert account for Internet Investigations (OSINT) (intelligencewithsteve.com/post/a-5-minut…)

- hat’s in a Company? Guide for investigate a company (kit.exposingtheinvisible.org/en/what/compan…)

- Osint : Comment naviguer en eaux troubles (daring-india-marten-972.medium.com/osint-comment-…)
- Amnesty International Course : Open Source Investigations for Human Rights (advocacyassembly.org/en/partners/am…)

- OSINT : Explorer l’espace informationnel Russe (docs.google.com/document/d/10a… from )
- OSINT Russia Resources (start.me/p/0PeKwy/osint…)
Read 4 tweets
10 types of web vulnerabilities that are often missed

🐞 HTTP/2 Smuggling
🐛 XXE via Office Open XML Parsers
🐜 SSRF via XSS in PDF Generators
🕷 XSS via SVG Files
🦟 Blind XSS

#bugbounty #pentest #hacking

Thread 🧵👇

labs.detectify.com/2021/09/30/10-…
10 types of web vulnerabilities that are often missed

🪲 Web Cache Deception
🪳 Web Cache Poisoning
🐞 h2c Smuggling
🐛 Second Order Subdomain Takeovers
🕷 postMessage bugs

#cybersec #infosec #bugs

🧵 2/3
This @Detectify blog was created through #HackerContent! 📖✍️

If you’re interested in getting some #cybersecurity-focused content or social media management for your organization, DM us, or check hackercontent.com!

#blogs #cyberseccontent #content

🧵 3/3
Read 3 tweets
Insecure CORS Configuration" vulnerabilities. 🛡️⚔️

[A thread 🧵]

#infosecurity #CyberSec #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]

Basic Origin Reflection Test:

Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com

> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Read 8 tweets
Bug Bounty automation script v2

#bugbounty #bugbountytip #infosec

See 🧵: 👇
Find JavaScript Files

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #Infosec #CyberSec
Get Subdomains from BufferOver. run

—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————

#bugbounty #Infosec #CyberSec
Read 9 tweets
You want a career in Cyber Security and Hacking?

BUT can't afford costly courses & subscriptions

Start with 💯 FREE @RealTryHackMe rooms:🧵

#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction

1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
2⃣ Introductory CTF

1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
Read 10 tweets
Here are some of the free cybersecurity certifications you can get :

Part 1/4 🧵👇

1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]

#Pentesting #CyberSec #bugbounty #infosec
Part 2/4 🧵👇
4. Networking Essentials[netacad.com/courses/networ…]

5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]

6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]

7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
Part 3/4 🧵👇

8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]

9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]

10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
Read 5 tweets
Hey #OSINT, Twitter is one of the leading social media networks.

Here is the list of 10 Twitter analysis 📈📉 tools to optimise your search and digital investigation.

#CyberSec #cybersecurity #cybersecuritytips #bugbountytips

A THREAD 🧵
Read 11 tweets
Here are some of the free cybersecurity certifications you can get :

Part 1/4 🧵👇

1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]

#Pentesting #CyberSec #bugbounty #infosec
Part 2/4 🧵👇
4. Networking Essentials[netacad.com/courses/networ…]

5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]

6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]

7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
Part 3/4 🧵👇

8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]

9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]

10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
Read 5 tweets
#VivaTech 🚀

Sur le stand @orange, on parle de souveraineté numérique avec @babgi (conseil national du numérique) et @huguesfoulon (PDG Orange Cyberdéfense).
“Être souverain, c’est avoir le choix et pleinement conscience de nos décisions en matière numérique” - @huguesfoulon

“Ne pas avoir une érosion de la valeur qui part à l’étranger” - @babgi
“Veut-on être une colonie américaine ad vitam ? La réponse d’@orange, c’est plutôt non mais ça ne se fait pas en un claquement de doigt” - @huguesfoulon

@OrangeCyberFR x @orange
#VivaTech
Read 10 tweets
1/ #LockedShields 2022: Heute hat die größte & komplexeste jährliche #LiveFire Übung zur #CyberSec der #NATO begonnen.
Für Euch mit dabei: Team @cirbw & viele Fähigkeiten aus dem #CIRBw. Bevor es losgeht, ein Thread 🧵 zur Einordnung und Erklärung... !B Viele SoldatInnen und ZivilistInnen sitzen in einem Raum. Vo
2/ #LockedShields steht unter Leitung der #NATO @ccdcoe. Seit 2010 treten jährlich 🔴 Teams gegen 🔵 Teams an; Letztere bilden die teilnehmenden Nationen. Sie stehen im #Wettstreit. Für das Erkennen & Abwehren von Angriffen gibt es Punkte/Punktabzug. 2021 hat 🇸🇪 gewonnen. Eine Soldatin sitzt an einem PC mit Doppelbildschirm. Sie sc
3/ Schlagwort #CyberSec: Bei #LockedShields geht es darum die eigenen #IT-Systeme & #KRITIS (kritische Infrastrukturen) gegen #Cyberangriffe zu verteidigen & abzusichern. Die Teilnehmenden müssen #Angriffe erkennen, bestenfalls verhindern oder aber zumindest die Folgen eindämmen. Das Wappen Locked Shields 2022 ist auf einem Monitor in der
Read 8 tweets
Wanna Learn Azure in 30 Days? 🚀
Here's Day 4 of 30 and will be learning today💯:

👨‍💼Azure Resource Manager (ARM)
🖥️Core Compute Services

(1/n)
#azure #cybersec #az #cloud #LearnAzure #learningazure
🧑‍💼Azure Resource Manager (ARM) : It provides management layer for all resources in Azure.

➼ All platforms from where we can manage cloud resources such as Portal, Az Module, AZ CLI, Rest API or SDKs, all communicate with ARM to perform actions in environment

(2/n)
➼ When request from any platform is sent to ARM then performs authentication and then forward request to resources providers for actions.

➼ ARM also includes templates known as (ARM Templates) for deploying resources repeatable and consistently.

(3/n)
Read 9 tweets
Cybersecurity job is a combination of #skills. Look around, be passioned and get the right set of values. It's not a #scary topic. Tips from #CyberSec executives to the #Youth @C_Painter @KlyngeC @MarinaKaljurand @dws_ch
@DSMeu
1/1: Hello, my name is Anna and my question is the following. I would like to know whether it’s possible for those people who don’t possess some specific technical skills to still become aspecialist in cybersecurity. Thank you. @krupnik_anna
1/2: You need that combination, particularly as we need to convince our ministers, our CEOs and others. This is not a scary topic. You don’t need to be a coder to understand the importance and the innovative importance of cybersecurity. We need those people. @C_Painter
Read 7 tweets
The @UBS 'Global #FamilyOffice Report 2019' holds some interesting #Insights...Some takeaways (1/10) ubs.com/global/en/weal… #GlobalTrends #Investing Image
2/10 #FamilyOffice #trends: General overview...Recession fears rising, returns fade, #PE best performer, #RE gaining traction, #ESG & #Tech is best longterm plays, #Geopolitics risks rising & #CyberSec is key concern... ImageImage
3/10 #FamilyOffice #trends: The family office trend really got on it's way since 2000 with the GFC acting as further catalyst as wealthy families got tired of what the major Wall Street players served up & decided to take control and bring key functions in-house...#Wealth Image
Read 10 tweets
The @wef 'Global #Risks Report 2020' provides plenty of #FoodForThought - weforum.org/reports/the-gl… Here are some takeaways... #GlobalTrends (1/9) The evolving risks landscape (2007-2020) Image
2/9 Overview of 'Global #Risks landscape 2020'... Image
3/9 Overview of the Global #Risks interconnections 2020... Image
Read 9 tweets
2/16 Silencing expert voices in the cybersecurity discussion space is a
strategy for weakness not strength, as any Red Team expert would tell
you. #CyberCon #CensorCon
3/16 The @CyberGovAU removed me from the #AISA #CyberCon speakers list
8 days b4 the event. Reason: my talk content was 'incongruent' w/ the
largest cybersec conf in AU. Yet they had not seen my talk content yet.
#CensorCon #cyber #infosec #cybersecurity #informationsecurity
4/16 #CyberCon removed me from the speakers list based on my talk title
alone. I'm not the only speaker removed: @Thomas_Drake1 was also disinvited. Others
told to alter format. #CensorCon #cyber #infosec #cybersecurity #informationsecurity
Read 16 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!