Discover and read the best of Twitter Threads about #CyberSecurity

Most recents (24)

Responsible for IT and #cybersecurity at your work?

20 years has taught me good tools are HUGE

Check out these 5 SOC Analyst web-based tools that will LEVEL UP your SOC game and help you move faster on detecting ‘bad’

The first one I bet you haven't heard of... 👇

[🧵]
[1] Echo Trail - echotrail.io

This one is new on the scene, but very interesting.

It has built a picture of what's normal or typical for a given operating system (OS) or a process running on that OS. Check if that odd service, dll, etc is 'normal'
[2] Any Run - app.any.run

Malware sandbox that I love 💖

Have a malicious or unknown file and want to see what it does fast, drop it in any run.

Saves you tons of time of building a VM if you’re just looking for a quick analysis.⚡
Read 10 tweets
People seeking a #cybersecurity career immediately get overwhelmed with Step 1😲

I’ve been at it 18+ years
I have over 500 #cybersecuirty YT vids💥

Grab my 7 focused, curated Playlists below💪
Accelerate your progress 🚀

(They answer the FAQ I get all the time)

[🧵]
[1] I have NO IT Background and Want to Get Into Cybersecurity
(21 Videos) 🎥

🌐 youtube.com/playlist?list=…

Is Cybersecurity for IT people only? NO! But how does one start without an IT background?

Here you go! 💥
[2] I Need to Know What Jobs Are In the Cybersecurity Field.
(12 Videos)🎥

🌐 youtube.com/playlist?list=…

There are soooo many jobs in the cybersecurity field.

Most people think of hacking or penetration tester, but there are many roles that suit different skills. ⚒️
Read 11 tweets
Here are 32 ways to learn Ethical Hacking for Free:

#infosec Thread 👇
1. Root Me — Challenges. @rootme_org
2. Stök's YouTube — Videos. @stokfredrik
3. Hacker101 Videos — Videos. @Hacker0x01
4. InsiderPhD YouTube — Videos. @InsiderPhD
5. EchoCTF — Interactive Learning. @echoCTF
6. Vuln Machines — Videos and Labs. @Vulnmachines
7. Try2Hack — Interactive Learning.
8. Pentester Land — Written Content. @PentesterLand
Read 10 tweets
As a #cybersecurity professional, I encourage privacy enthusiasts to use Apple's privacy feature that allows people hide their emails. Especially on sites they don't trust or for other reasons. It’s called HIDE MY EMAIL, available from iPhone, iPad and Macs. Image
Imagine it as an additional layer of security even if you use a VPN (I'm assuming you know how that works). As it is currently an Apple-specific feature, other providers and browsers will follow suit as it typically happens in the tech-space.
When a user is filling out a form on a website on Apple devices, they get the option to add their usual email address or add a randomly generated one that then forwards messages to the actual address. The best part is that you don't even have to write it down in case you forget.
Read 6 tweets
If you're looking for inclusive, supportive #cybersecurity communities for networking, knowledge share, and good times.... I got you covered.

Check out these Discord servers for verified good times!

(P.S. Networking is so important! )🤩
💥Blackhills Infosec discord.gg/BHIS

💥Recon Infosec discord.gg/aCArEkb7

💥Simply Cyber discord.gg/SimplyCyber

💥DC Cybersec discord.gg/v8ZVhEDv

💥Cyber Job Hunting discord.gg/tjVaFdgu
Joining is easy, just follow the link.

Follow server rules (they are all basically 'dont be a jerk')

Say hi, and start learning and sharing 💪

You'll be stunned at how much value you get out of it!😲
Read 6 tweets
Recon is the first step in the Cyber Kill Chain, but what tools to start with?

Let's Kickoff your OSINT toolbox with these 10 website OSINT tools that rock

Let's start with a banger that I just found out about ...
#cybersecurity #OSINT #pentesting
[1] TINFOLEAK tinfoleak.com

This site allows you to Search for Twitter users leaks 😱

Basic info about a Twitter user (name, picture, location, followers, etc.)

Devices and OS and much more. Full, informative briefing on a twitter user
[2] Shodan! shodan.io

Shodan is a search engine scanning the entirety of the internet for connected devices. 🌎

Arguably my favorite and one that every #cybersecuirty pro should know both for recon and for educating end users on 'whats out there!' Shodan searching for port 22 in Charleston SC
Read 14 tweets
I gained FULL ADMIN access to other organizations.

The craziest #bugbounty I've found.

Writeup🧵👇

#bugbountytips #infosec #cybersecurity #cybersecuritytips
First of all, I should give a little context about the target:

The target consisted of a collaboration tool for organizations/teams.

There are multiple user roles --> Member, Admin, Moderator, Leader.

It allows organizations to communicate with each other, create teams, etc.
Now onto the findings:

This impact was a result of a 3 bug chain.

Info disclosure --> IDOR --> IDOR --> Full Admin Access to other organizations

Let's dive deeper into each bug chain:
Read 13 tweets
Thread of OSINT and Pentest Linux Distributions 🧵 1/11
#osint #cybersecurity 👾 credit: Nick Raienko
--------------------------------
🧵 2/11
The Pentesters Framework - Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that omits less frequently used utilities.
🧵 3/11
PentestBox - Open source pre-configured portable penetration testing environment for the Windows Operating System.
Read 11 tweets
Very happy to share that The Oxford Handbook of Digital Ethics is now finished and will be out in the next few months! Some of it is already published online. If you're interested in #DigitalEthics, #AIEthics, #ethics, #privacy, #AI, #philosophy, this one is for you... 🧵👇 Image
In this chapter, @SvenNyholm relates the new area of the ethics of human–#robot interaction to traditional ethical theories such as #utilitarianism, Kantian #ethics, and virtue ethics. #AIEthics

academic.oup.com/edited-volume/…
In this chapter, Emily Sullivan and Mark Alfano (@moral_psych) develop a normative epistemic framework for sharing information online. They argue recent technological developments call for a rethinking of the norms of testimony. #epistemology

academic.oup.com/edited-volume/…
Read 25 tweets
🔹OPTUS DATA BREACH UPDATE 🔹

1. Firstly I am sorry it has taken several days to reach this landing. People are understandably stressed and need a pathway forward.
2. I can confirm Optus will contact customers in coming days to confirm whether or not they need to apply for a replacement driver licence.
3. People in NSW with a digital driver licence will have an interim card number issued instantaneously via the Service NSW app. A new plastic licence card will be issued within 10 business days. Information can be found here: service.nsw.gov.au/transaction/re…
Read 7 tweets
1/ #ThreatHunting:

In a compromised network, the TA used PCHunter on different systems to disable the local AV (or at least tried it).

In the web requests recorded on the firewall, we found traces of the download:
www.epoolsoft[.]com/pchunter/pchunter_free

🧵 #CyberSecurity
2/ @CrowdStrike also mentioned PCHUnter in the latest ThreatHunting report, along with GMER.

go.crowdstrike.com/rs/281-OBQ-266…
3/ I have tweeted about two of these tools (PCHunter / GMER) before, and we also see these two products regularly in our IR cases.

Read 4 tweets
Trying to get into #cybersecurity?

Here's the TOP 5 cybersecurity job hunting questions from an industry expert that has placed over a 1000 people into a cybersecurity job.

All answered with time stamps:

#iThinkThisIsHowYouUseThreads
[🧵] Image
0:47 How do I break into cybersecurity?
3:53 How do I identify if a role is remote?
Read 8 tweets
Here are 30 #CyberSecurity search engines:🔍

1. Dehashed—View leaked credentials.

2. SecurityTrails—Extensive DNS data.

3. DorkSearch—Really fast Google dorking.

(1/n) #infosec
4. ExploitDB—Archive of various exploits.

5. ZoomEye—Gather information about targets.

6. Pulsedive—Search for threat intelligence.

7. GrayHatWarefare—Search public S3 buckets.

8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.

10. LeakIX—Search publicly indexed information.

11. DNSDumpster—Search for DNS records quickly.

13. FullHunt—Search and discovery attack surfaces.
Read 8 tweets
FREE LABS TO TEST YOUR PENTEST/CTF SKILLS :-)

#cybersecurity #infosec #bugbounty
Academy Hackaflag BR - hackaflag.com.br
Attack-Defense - attackdefense.com
Alert to win - alf.nu/alert1
CTF Komodo Security - ctf.komodosec.com
CMD Challenge - cmdchallenge.com
Explotation Education - exploit.education
Google CTF - lnkd.in/e46drbz8
HackTheBox - hackthebox.com
Hackthis - hackthis.co.uk
Hacksplaining - lnkd.in/eAB5CSTA
Hacker101 - ctf.hacker101.com
Hacker Security - lnkd.in/ex7R-C-e
Hacking-Lab - hacking-lab.com
Read 7 tweets
30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
Read 7 tweets
हरघर तिरंगा का होते माहीत आहे का ?

हैदराबाद मध्ये संमेलन झाले काही दिवसांपूर्वी (जुलै 2022) आणि त्यात ठरले की 200 मिलियन लोकांपर्यंत पोहोचण्यासाठी काय करता येईल मग कल्पना ठरली की तिरंगा लावायचा घराघरा वर आणि त्याचा फोटो काढायचा आणि तो एका वेबसाईट वर अपलोड करायला सांगायचा.
1/n
मग अगोदर सर्व खेळाडू आणि समर्थक लोकांनी प्रचार प्रसार सुरू केला आणि 15 ऑगस्ट पर्यंत खूप जोरदार प्रचार झाला .. काठावरचे काही सामील झाले पाहिजेत म्हणून पर्यावरण वगैरे मुददा येऊ नये म्हणून प्लास्टिक झेंडा वापरू नका हे पण झालं .
मग काय सर्वांना मनावर घ्यावं लागलं ,
सरकारी अधिकारी सुद्धा ...आता एक रिपोर्ट आलंय त्याची objective माहिती अशी आहे की ,
Website Amazon सर्वर वर होस्ट आहे.
मालक कोण माहीत नाही.
घरांचे लोकेशन geotag आहे .
जवळपास 60 मिलियन लोकांनी आपले फोटो अपलोड केले आहेत . त्यातल्या 50 मिलियन लोकांनी नाव मोबाईल नंबर आणि फोटो add केलेत
Read 7 tweets
Python for Cybersecurity Specialization

Master Python for a variety of cybersecurity tasks with these FREE Top-class resources.

Enrollment Starts: Sep 15

#CyberSecurity #Python #programming #infosec #developer

👇👇
1⃣ Introduction to Python for Cybersecurity

- This course is the first part of Python for Cybersecurity Specialization.
- Learners will get an introduction and overview of the course format and learning objectives.

coursera.org/learn/pythonfo…
2⃣ Execution, persistence, privilege escalation, and evasion

coursera.org/learn/executio…
Read 7 tweets
🧵
Last week I wrote a piece about how opening the wrong PDF led to a #cybersecurity breach that rapidly escalated

Since then I've figured out how the PDF managed to evade all major virus/malware detection tools and exploit a vulnerability (that may still exist!)

Let's dig in👇
As mentioned in the piece I had suspicions about the PDF because it had come from the vicinity of #cryptocurrency criminals, so before opening I ran it through a bunch of reputable malware detection tools.
They all gave it the all clear... and they still do. Here's a link to the @virustotal report showing 0 out of 61 malware scanners alerted on this PDF.

#VirusTotal is Google's #cybersecurity offering so it's not surprising Gmail also gave it the all clear.
virustotal.com/gui/file/61d47… Image
Read 37 tweets
Breaking into Cyber Security?

Here’s 10 FREE #CyberSecurity University courses to help you get started 👇

#infosec #Course #thesecureedge #tech #learning
Network Security - Advanced Topics (New York University)
lnkd.in/en_3yp24

Cybersecurity Fundamentals (Rochester Institute of Technology)
lnkd.in/eWrh4Zpy
Penetration Testing - Exploitation (New York University)
lnkd.in/etDvCgTX

Introduction to Cybersecurity (University of Washington)
lnkd.in/eeyBb4Xd
Read 7 tweets
I revisited NahamCon 2021 and found the talk by @rez0__ on fuff super informative.

Hence, I decided to write a thread on it for those who don't have time to watch the talk.

"fuff scripts & tricks" - A thread.

🧵👇

#bugbounty #infosec #fuzzing #bugbountytips #cybersecurity
🚔Obey the law

Before we dive into the tips and tricks, remember that fuff is a powerful tool and don't spam it everywhere. Use the -t or -rate flags wherever necessary.
🔊 1. Noise Reduction
Read 11 tweets
Have you heard "Proxy" and "Reverse Proxy" most of the time in this Bug Bounty space but don't know what they are?

Don't worry, I got you covered.

"Proxy Servers - Explained" - Part 6 of the "Understanding the Internet" series.

🧵👇

#bugbounty #infosec #cybersecurity
Before we dive right into proxy servers, I have created a thread on some of the basic terminologies and fundamental knowledge you should know if you are starting out on bug bounty hunting or cybersecurity.

Read the fundamentals here:
🔵 Proxy Server

A forward proxy, also known as a proxy, proxy server, or web proxy, is a server that resides between two or more client PCs.
Read 16 tweets
------------------Feature Engineering----------------------

The success of all Machine Learning algorithms depends on how you present the data. Every model gets input data and gives us an output. When your goal is to get the best possible output from input,

1/
You need to present the best data to the model. This is a problem that Feature Engineering solves. Feature Engineering refers to the process of using the domain of Knowledge to extract features from raw data.

2/
In other words, Feature Engineering selects the most useful features from our raw data and presents them to our model, whereby we improve the performance of our model.

(hopefully, you get the point 😀).

3/
Read 10 tweets
New: #Ukraine bracing for new round of #Russia|n cyber attacks targeting its energy, financial sectors, Deputy Minister of Digital Transformation Georgii Dubynskyi tells reporters
"We saw this scenario before-before the winter they [#Russia] are trying to find a way how to undermine, how to defeat our energy system & how to make circumstances even more severe for Ukrainians" per Dubynskyi
#Russia also trying to employ "precision" #cyberattacks

"Using social engineering & using some traitors...so it's also possible #hybrid attacks as well" per Dubynskyi
Read 12 tweets
Let's assume you have three Features(age, height, salary) in your example.
The first feature varies from 1 to 90. The second one varies from 120 to 210 and the Third one varies from 1000 Euro to 4500 Euro.
#Thread
1/
As you can see the value of your features are in a different range. In this case, if you want to use gradient descent to find optimum parameters for your model( for instance linear regression), that leads to a slow speed of your model to converge. In this case,
/2
you can utilize Feature Scaling to bring the value of features in a range from 0 to 1 depending on the Scaling technique, that you use. So you improve the speed of your model convergence.

3/
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!