Discover and read the best of Twitter Threads about #Hacking

Most recents (24)

Je viens de recevoir un email de la Quadrature qui ne nous apporte pas de bonnes nouvelles si vous pratiquez l'#activisme ou le #hacking. Je trouve important de partager ça avec vous. #thread
La LOPMI pose de nombreux problèmes pour les libertés fondamentales au niveau du numérique. Des députés de la majorité (les filous) ont profité de cette loi pour renforcer la répression du piratage informatique et des atteintes aux systèmes de traitement automatisés de données.
Les articles qu'ils ont proposé n'ont pas été discutés au Sénat et très peu à l'Assemblée. Par contre, ils ont été validés dans le texte. Les conséquences pour l'image du hacking (au sens noble) et la répression de pratiques annexes peu problématiques sont graves. #hacking
Read 6 tweets
Breaking into cybersecurity?
Here’s 15 FREE Interview prep resources!

These videos / guides will help you to smash your next interview!

Top 30 Penetration Tester Interview Questions / Answers
lnkd.in/eAkvQFZG

#cybersecurity #infosec #hacking
Cyber Security Interview Prep
lnkd.in/eky9v_hC

SOC Analyst Interview Questions (LetsDefend)
lnkd.in/eqFPGS-Z

GRC Entry-Level Interview Q&A (Gerald Auger, Ph.D.)
lnkd.in/eK6uti-W
Mastering the Art of the Interview (TEDX Talks / Ashley Rizzotto, M.Ed.)
lnkd.in/ecMGM5Tn

Tell Me About Yourself - A Good Answer To This Question
lnkd.in/eES-wF7Q

How to Ace a Job Interview: 10 Crucial Tips
lnkd.in/e29vxaH9
Read 6 tweets
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

— Cyber Foundations —
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A

#cybersecurity #infosec #hacking
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
#RedTeaming - lnkd.in/et_T2DEa

— Vulnerability Management —
#Qualys - lnkd.in/eDWu2zyT

— SOC —
#Splunk - lnkd.in/et5bkjeY

— Engineering —
Secure Software Development - lnkd.in/ebGpA4wG
Maryland Software Security - lnkd.in/e3z4zFmJ
Read 4 tweets
Top 12 Accessories that Hacker use Mostly
#bugbounty #Infosec #Hacked #hacking

List of Items🧵:👇
1. Raspberry Pi 4

This is very useful we can install entire Kali Linux on this credit card sized computer.

Raspberry Pi also can be used in many other projects. Cybersecurity experts use it on various way.

👇: More
2. USB Rubber Ducky

The USB Rubber Ducky delivers powerful payloads in seconds by taking advantage of the target computers inherent trust all while deceiving humans by posing as an ordinary USB drive.

👇: More
Read 14 tweets
☃️FREE Blue Team Resources☃️

Security Blue Team is 6 free courses

➡️ OSINT
➡️ Digital Forensics
➡️ Network Analysis

and much more...

#blueteam #bugbounty #hacking #infosec #cybersecurity
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
Read 3 tweets
Advanced Header Filtering using tcpdump

To better inspect the request and responses in dump, we would like filtered data packets

To do this, we look for packets that contain PSH & ACK Flag

PSH Flag used to enforce immediate delivery

#bugbounty #infosec #hacking

Thread🧵: 👇
Following diagram depicts the TCP header and shows that TCP flags are defined starting from 14th byte

See img 👇 : we can see ACK & PSH Flag represented by fourth and fifth bits of the 14th byte

Calc req bytes :

CEUAPRSF
WCRCSSYI
REGKHTNN
00011000 = 24 decimal

More 🧵: 👇
These bytes will give us 00011000, or decimal 24

We can pass this number to tcpdump with TCP[13] = 24 as display filter

To see on packets that contains ACK & PSH bit set represented by 4th and 5th byte (24) of 14th byte of TCP header

More 👇
Read 5 tweets
1️⃣ NICCS Federal Virtual Training Environment (FedVTE)

Link: rb.gy/5uai1j
2️⃣ SANS Cyber Aces Free Cyber Security Training Course

Link: rb.gy/qg9on5
Read 7 tweets
Burpsuite frameworks.

A thread 👇🧵

#bugbounty #hacking #infosec #bugbountytips #cybersecurity #burpsuite
1️⃣ Use burpsuite to intercept and modify traffic between your web browser and a web application. This can help you test the application's security and identify vulnerabilities.
2️⃣ Use burpsuite's spider tool to automatically crawl an application and discover its functionality and content. This can help you identify hidden pages and areas of the application that may be vulnerable.
Read 11 tweets
Mercenary spyware was secretly flown to "blood soaked" Sudanese militia.

Uncovered thanks to an employee selfie.

Reminder: #EU inability to tackle #spyware crisis = global consequences.

Report by @cr0ft0n @telloglou @e_triantafillou
& @omerbenj
haaretz.com/israel-news/se…
Heirs to the murderous #Janjaweed have a global phone #hacking capability.

Reflect on the #NationalSecurity implications.

We've warned of this for a decade.

Yet policymakers still dither on mercenary #spyware.

It will only get worse.

More: lighthousereports.nl/investigation/…
Mercenary spyware companies persuaded regulators to leave them largely unregulated.

The #Sudan #militia sale is the logical conclusion.

These companies won't stop until they've burned our collective house down.
Read 7 tweets
You want a career in Cyber Security and Hacking?

BUT can't afford costly courses & subscriptions

Start with 💯 FREE @RealTryHackMe rooms:🧵

#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction

1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
2⃣ Introductory CTF

1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
Read 10 tweets
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Top 8 FREE cybersecurity courses with certification.

🧵👇

#bugbounty #pentesting #hacking #infosec #cybersecurity #pentesting #certifications
1. Introduction to Cybersecurity

🔗 Link: netacad.com/courses/cybers…
2. Networking Essentials

🔗 Link: netacad.com/courses/networ…
Read 10 tweets
Top 10 exploited vulnerabilities in 2022.

🧵👇

#bugbounty #infosec #cybersecurity #CVE #hacking
1. Follina (CVE-2022-30190)
2. Log4Shell (CVE-2021-44228)
3. Spring4Shell (CVE-2022-22965)
4. F5 BIG-IP (CVE-2022-1388)
5. Google Chrome zero-day (CVE-2022-0609)
6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)
Read 5 tweets
Cybersecurity Certifications

A thread.

🧵👇

#bugbounty #hacking #infosec #cybersecurity Image
⭐ In this thread, I am not going to debate whether certifications are required to showcase your skill and get a job. You like it or not, certifications do add value to your resume.

That being said, I'm going to uncover top certifications with pricing based on difficulty.
1️⃣ Beginners

1. eJPT - eLearnSecurity / $200
2. eWPT - eLearnSecurity / $200
3. Pentest+ - Comptia / $397

❓CEH-Practical - EC-Council
Read 9 tweets
Testing for IDOR ( Manual-Method )
#bubgounty #infosec

🧵(1/n) :👇
➡ Base Steps :

1. Create two accounts if possible or else enumerate users first.
2. Check if the endpoint is private or public and does it contains any kind of id param.
3. Try changing the param value to some other user and see if does anything to their account.

🧵(2/n) :👇
➡ Testcase 1: Add IDs to requests that don’t have them

GET /api/MyPictureList → /api/MyPictureList?user_id=<other_user_id>

Pro tip: You can find parameter names to try by deleting or editing other objects and seeing the parameter names used.

🧵(3/n) :👇
Read 14 tweets
8 golden platforms where you can begin your Cybersecurity journey

#bugbounty #hacking #infosec #cybersecurity
1. @PortSwigger Web Academy
2. @PentesterLab

Highly recommended for Bug Bounties and Pentesting.
3. @RealTryHackMe
4. @hackthebox_eu

CTFs and Hands-on Learning.
Read 7 tweets
10 Tips to Review Code
#bugbounty #infosec #hacking

1.Important functions first
2.Follow user input
3.Hardcoded secrets and credentials
4.Use of dangerous functions and outdated dependencies

Thread🧵:👇
5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
6.Hidden paths, deprecated endpoints, and endpoints in development
7.Weak cryptography or hashing algorithms

More 🧵:👇
8.Missing security checks on user input and regex strength
9.Missing cookie flags
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions
Read 4 tweets
Red Team Resources 🖥

• Red Team Management by Joas
github.com/CyberSecurityU…

• Awesome Red Team by yeyintminthuhtut
github.com/yeyintminthuht…

• Awesome Red Team Operations by Joas
github.com/CyberSecurityU…

#cybersecurity #infosec #hacking #redteam
• Awesome Adversary Simulation Toolkit by 0x1
0x1.gitlab.io/pentesting/Red…

• Red/Purple Team by s0cm0nkey
s0cm0nkey.gitbook.io/s0cm0nkeys-sec…

• SpecterOps Red Team Blog
posts.specterops.io/tagged/red-tea…

• iRed Team Blog
ired.team/?trk=public_po…
• Red Team Tips Blog by Jean Maes
redteamer.tips

• Red Team Blog by Zach Stein
synzack.github.io

• Unstrustaland by João Paulo
untrustaland.com

• 100Security by Marcos Henrique
100security.com.br

• Red Team Village
redteamvillage.io
Read 4 tweets
12 Pentest Tools✨
#bugbounty #Infosec #hacking

A collection of custom security tools
for quick needs.

⬇⬇⬇ Version - 1 ⬇⬇⬇

See 🧵: 🔽
arpa.sh
Converts IP address in arpa format to classical format.
- github.com/gwen001/pentes…

bbhost.sh
Performs host command on a given hosts list using parallel to make it fast.
- github.com/gwen001/pentes…

🧵: 🔽
• codeshare.php
Performs a string search on codeshare.io.
- github.com/gwen001/pentes…

cors.py
Test CORS issue on a given list of hosts.
- github.com/gwen001/pentes…

🧵: 🔽
Read 8 tweets
Tips on cybersecurity job hunting.

🧵👇

#hacking #infosec #bugbounty #cybersecurity
1️⃣ Certifications.

You can either be extremely skilled (mostly pentester) and showcase your public profile (HOFs, bounties) or the other way is certificates.

EOD, you have to prove your worth and let the employer know you are qualified for the job.
2️⃣ Resume

One pager.

Strictly have a one pager resume, which is not cobbled with info but neat and crisp. Highlight your most important talking points.

Tip: Use numbers wherever possible.
For example: Reported XXX bugs overall with AB.CD% accuracy.
Read 7 tweets
Malware Attack Infection Chain
🧵👇🏻

#cybersecurity #infosec #hacking
During the investigation of the campaign, researchers found that the attackers employed the extensive use of both dual-use and living-off-the-land tools. Also, some of the indications say that APT hackers initially attacked and exploited the publicly facing systems and further
moved to the victim’s networks.

There are several publicly available tools of the following have been used in this attack:-

• AdFind – A publicly available tool that is used to query Active Directory.
• Winmail – Can open winmail.dat files.
Read 8 tweets
Learn Malware Analysis 🚀

⚡️Abusing dll misconfigurations :bit.ly/3g68h6v
Red Canary: bit.ly/3hGbB97
SANS: bit.ly/3hDmk4b
Publicly disclosed DLL Hijacking opportunities:bit.ly/3AbIlNA

#cybersecurity #infosec #hacking
Pentestlab : bit.ly/2FxVQeR
itm4n's blog: bit.ly/3EuLZ8b
Exploiting DLL Hijacking by DLL Proxying : bit.ly/3g2NkcS
DLL Hijack Scanner: lnkd.in/dXb5ymbS
UAC bypass - DLL hijacking: bit.ly/3AdqC8N
⚡️Blogs :
SANS Malware Analysis: Tips & Tricks Poster: bit.ly/3AeXRZo
Binary Posters: bit.ly/3UNnSqg
RE Malware Methodology:bit.ly/3GdaI1K
APT Notes:bit.ly/3UB2ipi
Harlan Carvey's Blog:bit.ly/3E1IEvD
Read 13 tweets
El Webinar Gratuito: "Crear un Medio Infectado con Metasploit Framework" está disponible en video. #cybersecurity #hacking #readteam #bugbounty #forensics #osint 💡 reydes.com/d/?q=videos_20… Image
Muchas Gracias @encoua31 por el retweet.
Gracias @Ciberformacion por el retweet.
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!