Discover and read the best of Twitter Threads about #Cybersecurity

Most recents (24)

In this Mega thread, you will find 10 FREE online courses with a certificate of completion from :

1 - ISC ²
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS

#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1⃣ Free Cybersecurity Training

- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
🖇️
training.fortinet.com
2⃣ Introduction to Dark Web, Anonymity, and Cryptocurrency

Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency

🖇️
codered.eccouncil.org/course/introdu…
Read 12 tweets
🧵Free Resources to Help Your Learning Journey 🧵
🔴VulnHub- gain hands-on experience in #cybersecurity: vulnhub.com
🔴Proving Grounds Play- free practice labs with dedicated machines: offensive-security.com/labs/individua…
🔴Exploit Database - an archive of public exploits: exploit-db.com
Twitch
🟣OffSec Live- demonstrations and walkthroughs of course Topics and Proving Grounds machines. Sessions also offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips: twitch.tv/offsecofficial
Read 7 tweets
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Top 8 FREE cybersecurity courses with certification.

🧵👇

#bugbounty #pentesting #hacking #infosec #cybersecurity #pentesting #certifications
1. Introduction to Cybersecurity

🔗 Link: netacad.com/courses/cybers…
2. Networking Essentials

🔗 Link: netacad.com/courses/networ…
Read 10 tweets
BREAKING: #BNNCanada Reports.

Online classes have been cancelled, according to the Durham District School Board, as a result of what it is referring to as a "cyber incident." #Durham #Canada #Cybersecurity
The board, which serves Oshawa and the area east of Toronto, asserts it was made aware of the incident on Friday and took steps to secure its network. The board says all of its phone & email services were not working.
Parents were asked to send their children to school with a temporary emergency contact on Monday because schools may not have access to that information. The board stated in a Sunday update that its team had been working all weekend to get service back up and running.
Read 4 tweets
You cannot be an expert hacker in everything. #cybersecurity is a vast field.

Let's say you wear an offensive hat. This is a vast field in itself.

Choose one topic, say "application security" (I'm also into this).

Here’s my best approach to skill-up fast:

0/n
1. Read write-ups from @PentesterLand on that specific topic (say "authentication bypass")

Go to: pentester.land/writeups/ and search for "bypass"
2. Practice on @RealTryHackMe

Go to: tryhackme.com/hacktivities?t… and search for "bypass"
Read 7 tweets
Let's talk cybersecurity #jokes while we still can.

You probably don't take on a company like @McAfee or a person like @CybersecuritySF like *I* do. But most of you DO enjoy a joke that uses #sarcasm, #burlesque, #irony, and/or #satire to make its point…
thehill.com/opinion/judici…
…and that's something I've done in our industry for three decades. PC Magazine columnist @THErealDVORAK labeled me "a comic provocateur" for using the comedian's tools of the trade. My "#antivirus industry persona" predates The Colbert Report. I was…
…blogging about the #antivirus industry before Google's formation. My 120+ "audio rants" predate YouTube. My website visitors routinely crippled what you know as Mae West. I got snapped up at *the* apex of the Internet bubble and I laughed all the…
Read 11 tweets
Top 10 exploited vulnerabilities in 2022.

🧵👇

#bugbounty #infosec #cybersecurity #CVE #hacking
1. Follina (CVE-2022-30190)
2. Log4Shell (CVE-2021-44228)
3. Spring4Shell (CVE-2022-22965)
4. F5 BIG-IP (CVE-2022-1388)
5. Google Chrome zero-day (CVE-2022-0609)
6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)
Read 5 tweets
JUST IN: #BNNCanada Reports.

According to the latest reports, a cyber attack disabled online learning and left telephone and email services down in @DDSBSchools informed authorities. #Canada #cybersecurity
The board said that they had to cancel the literacy that was scheduled for Monday and most of the students' Chromebooks are also not working. They also issued a statement to guardians and parents of students.
The school board said it was first made aware of the "cyber-incident" on Friday and that IT teams have been working throughout the weekend to restore the services affected.
Read 5 tweets
#OSINT: Investigación iniciada desde un Documento Público, con el uso de técnicas, recursos y herramients, que sintetizan y profundizan el trabajo de un #AnalistaOsint🔎.
#Cybersecurity #CyberINT #DataBreach #ToolsOsint #EmailOsint #leaks #GoogleCloudShell #ManuelBot
🧵HILO🧵
1⃣ Hace poco, vi un documento público (Docs Google) que era compartida por un usuario (Con las iniciales "V") en un grupo de Telegram, por lo que decidí escarbar, y saber hasta donde puedo llegar (como #AnalistaOsint) con ese dato encontrado en TG.

⬇️ Image
2⃣ Así que como siempre, ejecuté el #GoogleCloudShell🔎 e instalé la herramienta #Xeuledoc (excelente #OSINTtool que sirve para obtener información sobre documentos abiertos/ desprotegidos/públicos en Google Drive).
✅ Tool: github.com/Malfrats/xeule…
✅ Creator: @MalfratsInd

⬇️ Image
Read 12 tweets
The infrastructure pentest, in six parts:

1 - Intelligence Gathering
2 - Vulnerability Analysis
3 - Exploitation
4 - Post Exploitation
5 - Reporting
6 - Configuration Review

0/n
1. Intelligence Gathering:

Technical steps to perform during the information gathering phase of an organization and figuring out the attack-surface area.

Full breakdown: bitvijays.github.io/LFF-IPS-P1-Int…
2. Vulnerability Analysis:

Exploring different services running on different ports of a machine by utilizing metasploit-fu, nmap or other tools.

Full breakdown: bitvijays.github.io/LFF-IPS-P2-Vul…
Read 7 tweets
List of 50 cybersecurity podcasts:
#infosec #cybersecurity #podcasts #infosecurity Image
1. Cyber Work
2. Click Here
3. Defrag This
4. Security Now
5. InfoSec Real
6. InfoSec Live
7. Simply Cyber
8. OWASP Podcast
9. We Talk Cyber
10. Risky Business
11. Malicious Life
12. Hacking Humans
13. What The Shell
14. Life of a CISO
15. H4unt3d Hacker
16. 2 Cyber Chicks
17. The Hacker Mind
18. Security Weekly
19. Cyberside Chats
20. Darknet Diaries
21. CyberWire Daily
22. Absolute AppSec
23. Security in Five
24. Smashing Security
25. 401 Access Denied
26. 7 Minute Security
27. 8th Layer Insights
28. Adopting Zero Trust
29. Cyber Security Sauna
Read 6 tweets
Learn #Cybersecurity for FREE

Here are 8 Platforms to get Cybersecurity Training ,Certifications and Courses for FREE

A thread 🧵
1.Cybrary Training (FREE) cybrary.it
2.AttackIQ Mitre Att&ck (FREE) lnkd.in/dcfmSPEJ
Read 9 tweets
JUST IN: #BNNUS Reports.

The US has banned the sale and import of new communications equipment from five Chinese companies, including @Huawei and @zteusa. #Huawei #ZTE #US #cybersecurity
This comes amidst concerns over national security. Other companies listed include Hikvision, Dahua and Hytera, which make video surveillance equipment and two-way radio systems.
It is the first time the US regulators have taken such a move on security grounds. The US Federal Communications Commission (@FCC) said its members had voted unanimously on Friday to adopt the new rules.
Read 4 tweets
1. Math and Statistics
Intro to Statistics - Udacity
🌐 bit.ly/3GMZe5n

Statistics - Udacity
🌐 bit.ly/3VKKzfB

Statistical Learning - Stanford University
🌐 bit.ly/3VqA5Sj
2. Excel
Introduction to MS Excel - Simplilearn
🌐 bit.ly/3u1h1OJ

Microsoft Excel: Online Tutorial for Beginners - Chandoo
🌐 bit.ly/3XzUHJO

Microsoft Excel Tutorial for Beginners - Free Code Camp
🌐 bit.ly/3Vax74G
Read 7 tweets
BREAKING: #BNNUK Reports.

Government agencies have been instructed to stop putting cameras from Chinese manufacturers in "sensitive sites." #UK #China #Cybersecurity #Social Image
In addition, due to security concerns, they have been urged to remove Chinese-made devices from essential computer networks.

Companies in China must abide by the nation's national intelligence law,
...which obliges them to work with Beijing's intelligence services, according to the Government Security Group, so they shouldn't be used.

A review of the present and potential security risks associated with the placement of surveillance systems on the government estate,
Read 4 tweets
Cybersecurity Certifications

A thread.

🧵👇

#bugbounty #hacking #infosec #cybersecurity Image
⭐ In this thread, I am not going to debate whether certifications are required to showcase your skill and get a job. You like it or not, certifications do add value to your resume.

That being said, I'm going to uncover top certifications with pricing based on difficulty.
1️⃣ Beginners

1. eJPT - eLearnSecurity / $200
2. eWPT - eLearnSecurity / $200
3. Pentest+ - Comptia / $397

❓CEH-Practical - EC-Council
Read 9 tweets
8 golden platforms where you can begin your Cybersecurity journey

#bugbounty #hacking #infosec #cybersecurity
1. @PortSwigger Web Academy
2. @PentesterLab

Highly recommended for Bug Bounties and Pentesting.
3. @RealTryHackMe
4. @hackthebox_eu

CTFs and Hands-on Learning.
Read 7 tweets
Blind XSS and More techniques!

#bugbounty #bugbountytips #cybersecurity
• Blind XSS-> Type of stored XSS. (Payload gets stored on a web page)

• Where do you find them? - In places you cannot access.
> An admin panel
> A log history restricted to admins
> A feedback form that goes straight to the admin
> A chat bot message to the support team
• Where do you put the payloads?
> In headers (eg: in Referer and User-Agent headers while filling forms)
> Put the payload in your username and self-report yourself ;)

• But how will you know if the payload actually fires?
> XSShunter!
Read 5 tweets
Red Team Resources 🖥

• Red Team Management by Joas
github.com/CyberSecurityU…

• Awesome Red Team by yeyintminthuhtut
github.com/yeyintminthuht…

• Awesome Red Team Operations by Joas
github.com/CyberSecurityU…

#cybersecurity #infosec #hacking #redteam
• Awesome Adversary Simulation Toolkit by 0x1
0x1.gitlab.io/pentesting/Red…

• Red/Purple Team by s0cm0nkey
s0cm0nkey.gitbook.io/s0cm0nkeys-sec…

• SpecterOps Red Team Blog
posts.specterops.io/tagged/red-tea…

• iRed Team Blog
ired.team/?trk=public_po…
• Red Team Tips Blog by Jean Maes
redteamer.tips

• Red Team Blog by Zach Stein
synzack.github.io

• Unstrustaland by João Paulo
untrustaland.com

• 100Security by Marcos Henrique
100security.com.br

• Red Team Village
redteamvillage.io
Read 4 tweets
2FA Bypass Techniques :)
🧵👇🏻

#bugbounty #bugbountytips #cybersecurity
1. Response Manipulation: In response, if "success":false Change it to "success":true

2. Status Code Manipulation: If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response: Check the response of the 2FA Code Triggering Request to see if the code is leaked

4. JS File Analysis: Rare but some JS Files may contain some information about the 2FA Code

5. 2FA Code Reusability: Same code can be reused
Read 6 tweets
Today we announce a first in #TeamOneFist history - #cyber striking an operational #Russian #AI/#ML (#MachineLearning) model, in addition to a #power #grid #SCADA/#ICS!
This is Op.Neutrino, an electrical counterattack against #SPB, #Russia, and now, it's story is here. 1/4
At 17:00 local time, we assumed control over an @EnstoGroup #grid #automation #controller belonging to the DK Port substation. Timing was chosen to match peak usage hours. In addition to controlling power supply, it was supplying data for Rosenergo's FLISR fault #algorithm 2/4
From the controller, we successfully fed bad data into the FLISR #ArtificialIntelligence model, via the connected sensors. Then, we nuked it!
Every attack against #Ukraine will be avenged, every #RU #data model will be corrupted! 🇺🇦☢️👊3/4 #UkraineWillWin #cybersecurity #infosec
Read 4 tweets
🧵Let's talk about #Telegram - here are ten useful cybersecurity groups and channels we watch:

A thread:
1. Cyber Security News (30k+ members)

Cyber Security News is a feed channel for links to breaking news stories across the internet, everything from #TechCrunch to #Portswigger. It’s a one-stop shop for cyber-related news with your morning coffee.

telegram.me/cyber_security…
2. Cyber Security Experts (23k+ members)
A great channel for exchanging #information about #cyber, #IT, and #security. Mainly used to get answers to questions and help other security experts to enhance their security maturity.

t.me/cybersecuritye…
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!