Discover and read the best of Twitter Threads about #Cybersecurity

Most recents (24)

How to Look for "Insecure CORS Configuration" vulnerabilities.

[A thread 🧵]

#appsec #bugbounty #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]

Basic Origin Reflection Test:

Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com

> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Read 8 tweets
This is a curated list by @Hacker0x01 of Burp plugins!

ActiveScan++
Autorepeater Burp
Autorize Burp
BurpSentinel
Flow
Headless Burp
Logger++
WSDL Wizard

#cybersecurity #bugbountytips #hacking #webappsec #webhacking #pentesting

THREAD 👇
@Hacker0x01 ActiveScan++: ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers.
portswigger.net/bappstore/3123…
@Hacker0x01 Autorepeater Burp: Automated HTTP request repeating with Burp Suite.
github.com/nccgroup/AutoR…
Read 13 tweets
15+ 🔑 USEFUL SERVICES FOR OUT-OF-BAND EXPLOITATION UPDATED 2021 🔥

😁You might have come across

Read about them below, It's a 💯 thread. 🧵
Let me know if I missed any.
#infosec #oob #CyberSecurity #bugbountytips #BugBounty @theXSSrat @ADITYASHENDE17
👇👇👇👇👇
Retweet for 📈
1. Burp Collaborator

Documentation portswigger.net/burp/documenta…
2. WebHook(.)site
🔗webhook.site
Read 20 tweets
Presentamos las sesiones presenciales del XIII Congreso Español de Criminología que tendrán lugar 25 y 26 de noviembre en Sevilla. Organiza @SEIC_difusion de la mano de @FACE_CRIMINOLOG @unisevilla @UDIMA ¿Sabéis cuáles son las presentaciones made in #CRÍMINA? ¡¡Quédate!!🧵👇
🗓️25-Nov ➡️9:30-11:00
"Pasado y Presente de la #Criminología"
Con el presidente de la @SEIC_difusion @FernandoQPH e importantes figuras de la criminología: @cesarsanjuan_g @Juan_JoseMedina @anabelcerezo @eFdezMolina Andrea Giménez, Cristina Rechea @SantiagoRedondo
#CRÍMINA 👇
🗓️25-Nov ➡️11:15-12:15 PANEL 1 (1/5)
👨‍💻"Criminalidad y TIC"👩‍💻
Identificando la denuncia pública de abusos sexuales en #Twitter a través del hashtag #MeTooIncest @aguerri_jc
#CRÍMINA #AbusosSexuales
👇👇👇
Read 11 tweets
Useful Linux🐧 Networking🌐 Commands📜 for Sysadmins/Regular Users🧑‍💻

A thread🧵
Hello everyone👋, Today I'll be doing another quick, easy to follow thread🧵 on some of the most used command-line tools and utilities for network management in Linux

#infosec #CyberSecurity #Linux
1. Ifconfig🌐
Ifconfig stands for Interface Configurator, it is one of the most used commands for finding network details, nitialize an interface, assign IP address, enable or disable an interface. It also display route and network interface.
2. Ip🌐
ip command is the latest version of ifconfig. It is more powerful than ifconfig command as it can perform several other tasks that the ifconfig cannot do. The utility is used for displaying and manipulating routing, network devices, interfaces.
Read 21 tweets
I've created an overview of the Smart Contract Auditing Process for pentesters, devs, bug bounty, or anyone vested in blockchain security.

Shoutout @Mudit__Gupta who really helped solidify this process from his walkthroughs.

#bugbountytips #infosec #web3 #CyberSecurity Image
As always open to feedback if I missed something / or if you feel the structure could be improved
@Mudit__Gupta @immunefi @metaversable @thedawgyg @BHinfoSecurity If anyone has any other processes they'd like modeled (blockchain security related) feel free to reach out! @julianor I know you mentioned threat modeling, if you have a process in mind dm me and I'll whip something up and give you credit :)
Read 3 tweets
Basic Linux 🐧Commands📜 For Text Manipulation

A thread🧵

Hello everyone👋, Today I'll be doing a quick, easy to follow thread🧵 on basic Linux commands for text manipulation.
#infosec #cybersecurity #Linux
1. Echo🐧
The echo command is used to display line of text to the standard output(stdout).
2. Cat🐧
The cat command is used concatenate files and print their contents on the standard output. In other words it's just used to display the contents of a file.
Read 27 tweets
OSCP (Offensive Security Certified Professional) Pass and Preparation - Tips and Tricks💡

A thread🧵

#oscp #CyberSecurity #infosec
2. [0x4D31/awesome-oscp: A curated list of awesome OSCP resources (github.com)](github.com/0x4D31/awesome…)
Read 16 tweets
BEGINNER👦 LINUX PRIVILEGE 🔐ESCALATION⬆️
Abusing SUDO rights and popping r00t shells

A thread🧵
#infosec #CyberSecurity #bugbountytips Image
In this thread🧵, I will be discussing how you can pop a root shell by abusing SUDO rights misconfiguration and will be demonstrating this using this box: tryhackme.com/room/linuxpriv…
First things first, let’s start with theoretical concepts!!😄
What is SUDO👑?
Sudo (Superuser Do) - is a Unix and Linux based utility that gives users permissions to run commands at the `root` level (most powerful user).
Read 21 tweets
The Linux🐧 commands you should NEVER use.
Disclaimer DON'T🚫 run these commands.

A thread🧵👇
#CyberSecurity #infosec #Linux Image
1. Recursive Deletion🔁🗑️
This is one of the most dangerous commands. Once this command is run, it deletes all the content of the root directory forcefully and recursively. Thus, all your directories and subdirectories will be deleted and the data will be lost. Image
2. Fork Bomb🍴💣

My personal best😄,this is a simple bash recursive function which once executed creates copies of itself which in turn creates another set of copies of itself. This consumes the CPU time and memory. Thus, it runs recursively until the system freezes. Image
Read 14 tweets
Daily Bookmarks to GAVNet 11/14/2021 greeneracresvaluenetwork.wordpress.com/2021/11/14/dai…
This mineral shouldn’t exist on Earth’s surface. But researchers found it inside a diamond.

usatoday.com/story/news/nat…

#diamonds #minerals #discovery #botswana #davemaoite
Read 8 tweets
1/ The journey of @iota [MONSTER THREAD] - From the top 5 token to the top 50 token and why it will at least get back into the top 5.
2/ #IOTA was founded in 2015 with the aim and vision of developing a #DLT protocol in which people and machines, can communicate via data & value tx permissionless, feeless, efficient and with the least technical requirements -
With a high level of security, decentralization…
3/ …and Scalability➡️blockchain trilemma.
They also wanted to develop their own #smartcontracts, #oracles, #identity solutions, etc.

At that time they already attracted the attention of the then much smaller #crypto community.

Why?
Read 87 tweets
Daily Bookmarks to GAVNet 11/09/2021 greeneracresvaluenetwork.wordpress.com/2021/11/09/dai…
Structure of a ‘promiscuous’ protein will help scientists design better drugs

phys.org/news/2021-11-p…

#GutProtein #MolecularStructure #DrugDevelopment #DrugAbsorption #ResearchResults
Read 8 tweets
On October 28, @BradSmi wrote about the growing #cybersecurity skills crisis and the work done by @Microsoft to cope with the cybersecurity workforce gap namely by announcing the increase of investments in cybersecurity to avoid a lack of skilled professionals in a few years.
The importance of skilled #cybersecurity workforce is huge for the #tech sector and #IT companies. They need to ACT today, together with youth @PenningsFlorian
blogs.microsoft.com/blog/2021/10/2…
We take the cybersecurity skills gap seriously at the #YouthIGF community and that is why we have created, together with the @MSEurope @KlyngeC @dws_c the First Cybersecurity Skills Summit @DigitalEU @DespinaSpanou. It is more that a Summit, its is a community @yourcyberskills
Read 4 tweets
RE tip of the day: IDA Freeware is shipped without FLIRT sigs for Delphi but you can use a great tool called IDR to extract sample's symbols, export them as IDC and use it (or part of it like MakeNameEx-based values) in IDA
#infosec #cybersecurity #malware github.com/crypto2011/IDR
The precompiled binaries for IDR can be found here: github.com/huettenhain/dh…
NB: always make a copy of your IDB first before applying any IDC scripts!
Read 3 tweets
Ja, es ist wahr.

Wawuschel wollte 2/21 keine #CoronaImpfung

Und das, wo ich mich seit Beginn dieser #Pandemie entschlossen für #Impfung gegen #Corona ausgesprochen,
Schon 12/20 Diskussionen über #Langzeitfolgen mit Wissenschaft gekontert
Und auf einen Termin gefiebert habe 1/
Wer mich kennt, denkt jetzt: "Da muss was vorgefallen sein, dass Wawuschel 2/21 keine #CoronaImpfung wollte."

Ihr habt schließlich mitbekommen, dass ich
5/21 Himmel & Hölle für 2. #CoronaImpfung in Bewegung gesetzt habe
Und ich als Risikopatient dieses #Corona ernst nehme
2/
Passiert ist... Die Katastrophe namens Priorisierung bei #CoronaImpfung und buggy Terminbuchung.

Am 25.2. erfahren, dass ich aufgrund meiner Erkrankungen Termin machen kann.

BaWü 2/21 für u70 nur #AstraZeneca, womit ich kein Problem hatte. Hauptsache #Impfung in Wawuschel!
3/
Read 28 tweets
As the frequency of data breaches increases, the threat to your data becomes more real every day — even if you've done your threat modelling & implemented digital security hygiene.

What can you do in the aftermath of a data breach? #CybersecCharcha ⬇️ 1/n
internetfreedom.in/6-cybersec-cha…
First things first, confirm the breach and don't fall for rumours on Twitter! Verify the news from 3-4 trusted sources.

Beware of scammers moonlighting as company reps & try to gather more information. Speak to the company via official channels if you have to! #databreach 2/n
Next: Change your passwords if your credentials were leaked. Password tips:

➡️ DO NOT repeat the same passwords everywhere
➡️ DO NOT include Personally Identifiable Information (like birthdates, parents' names etc) — this will make them easy to crack.
➡️ DO enable 2FA! 3/n
Read 8 tweets
@Walmart disrupting the healthcare market and its #cybersecurity implications - #Thread 1/7

That's big news, as Walmart has the power to change this market completely

@lauralovett7 describes it accurately as a shake up in this article on @MobiHealthNews

mobihealthnews.com/news/how-retai…
With over 200M weekly customers and over 4000 stores in medically unserved communities (MUC), this retail giant’s power is enormous.

In fact it’s nothing new, as @amazon is already taking part in the healthcare market via @PillPack, their medicine delivery services. 2/7
The distribution of medical services for this market leader in the coming years will most likely involve cutting edge tech, including AI models and machine learning to allow a full transformation of required data. 3/7
Read 8 tweets
Last October, a hacker gained control of a Bluetooth-enabled chastity cage and sent an unusual message to its users: “Your cock is mine now.” How secure are smart sex toys? @jduffinwolfe looks at how our private moments can come under threat. thewalrus.ca/your-sex-toy-m… 1/6
Sales of smart sex toys have surged this past year, as have security violations. Why is this happening? More here: thewalrus.ca/your-sex-toy-m… 2/6 #cybersecurity #hacking An illustration of an open pink eye surrounded by purple, bl
These devices risk a variety of breaches, from the nonconsensual gathering, release, or use of personal data to the easy discoverability of Wi-Fi or Bluetooth signals by other networked devices nearby. thewalrus.ca/your-sex-toy-m… 3/6 #Hacking #CyberSecurity
Read 6 tweets
#PegasusProject #OrderAnalysis❗️ Long Thread Alert 🧵

BIG NEWS: The Supreme Court of India has constituted a technical committee to investigate the allegations of #Pegasus use against Indian citizens. 1/14

internetfreedom.in/sc-appoints-a-…
WHAT CAN THE COMMITTEE DO? 👁‍🗨

It is to enquire and investigate whether the #Pegasus spyware was acquired by any Government; whether it was used on phones/devices of Indians to access stored data, eavesdrop, intercept information; and/or for any other purpose. 2/n
The Committee can also make recommendations regarding new laws around #surveillance to secure the right to #privacy as well as about establishment of a mechanism for citizens to raise grievances grievances if they fear they are under illegal surveillance. 3/n
Read 14 tweets
This is EVP Margrethe @Vestager speech "Democratic values in a digitalised world" @HumboldtUni 25.10.21. It explains rationales, set up basis for what I think will be a successful #EuropeanDigitalLaw! A speech that will continue to resonate for us #Thread ec.europa.eu/commission/com…
Late 1990: large platforms “emerged and started organizing the internet for what would soon become millions of users around the world.” For 1st time "the platforms acted as global “match-makers” B2C. With “ever-growing match-making” platforms have power, & control. 1/1
Power & control are particularly important 4 #socialmediaplatforms. "Clicks matter. The more content is seen and shared, the higher the income from advertising. Hence, it is not so much the quality or the truthfulness of the content that matters but its “virality”" 1/2
Read 19 tweets
🧵The latest Threat Landscape Update from @RelativityHQ’s Calder7 security team focuses on Evil Corp and its new Macaw Locker #ransomware that is being used to evade U.S. sanctions which previously prevented victims from paying ransoms. (1/7) #CyberSecurity #Legaltech
Background: Evil Corp, also known as Indrik Spider, Gold Drake, and Dridex gang, is an international cybercrime network that has stolen over $100 million USD in over 40 countries through a variety of attacks on banking institutions (2/7)
The group also dabbles in #ransomare, including their notorious #BitPaymer operation which utilized Dridex malware to attack compromised networks and subsequently led to sanctions from the US Treasury in 2019: home.treasury.gov/news/press-rel… (3/7)
Read 7 tweets
Is Bank of #SouthSudan offering rewards to its visitors?
Here is what i found
👇👇👇👇👇👇👇👇
#Thread 1/10

#SSOT #CyberSecurity #CybersecurityAwarenessMonth
please retweet
2/10
When i try to visit https://www.mp3juices[.]cc
(Free music downloading site)
There is a malicious ad that pops up at the top
3/10
When I go ahead and click on that ad in an isolated environment.I am presented with the screen below claiming that i have won $300,000 reward from Bank of #SouthSudan
Read 10 tweets
1/6 A thread 🧵on the intersection of #Cybernetics #SystemsThinking #Leadership and #CyberSecurity:

For context, first read this blog by @harish_josev: harishsnotebook.wordpress.com/2021/10/03/tow…

It is AMAZINGLY well-articulated and a MUST read for security practitioners & leaders in general!
2/6 Quote: "... we should stop setting targets and instead, provide a direction to move towards."

Wait, don't manage by goals?

Is a goal-less company/org possible? Yes 🙂
E.g. @basecamp led by @jasonfried
3/6 If you focus on the goals, you'll compromise your means. E.g.: Today's education #system makes kids focus on grades, not on learning .

Basically what is being advocated for is "Management by Means":
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!