Discover and read the best of Twitter Threads about #InfoSec

Most recents (24)

☃️FREE Blue Team Resources☃️

Security Blue Team is 6 free courses

➡️ OSINT
➡️ Digital Forensics
➡️ Network Analysis

and much more...

#blueteam #bugbounty #hacking #infosec #cybersecurity Image
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
Read 3 tweets
📚Here’s our list: Must-read books for every #infoSec practitioner, a thread 🧵👇
⏲️ Countdown to Zero Day by Kim Zetter - Stuxnet and the Launch of the World's First Digital Weapon

@KimZetter
amazon.com/Countdown-Zero…
⌛️Sandworm by Andy Greenberg - A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers.

@a_greenberg
amazon.com/Sandworm-Cyber…
Read 8 tweets
1️⃣ NICCS Federal Virtual Training Environment (FedVTE)

Link: rb.gy/5uai1j
2️⃣ SANS Cyber Aces Free Cyber Security Training Course

Link: rb.gy/qg9on5
Read 7 tweets
Burpsuite frameworks.

A thread 👇🧵

#bugbounty #hacking #infosec #bugbountytips #cybersecurity #burpsuite
1️⃣ Use burpsuite to intercept and modify traffic between your web browser and a web application. This can help you test the application's security and identify vulnerabilities.
2️⃣ Use burpsuite's spider tool to automatically crawl an application and discover its functionality and content. This can help you identify hidden pages and areas of the application that may be vulnerable.
Read 11 tweets
In this Mega thread, you will find 10 FREE online courses with a certificate of completion from :

1 - ISC ²
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS

#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1⃣ Free Cybersecurity Training

- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
🖇️
training.fortinet.com
2⃣ Introduction to Dark Web, Anonymity, and Cryptocurrency

Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency

🖇️
codered.eccouncil.org/course/introdu…
Read 12 tweets
You want a career in Cyber Security and Hacking?

BUT can't afford costly courses & subscriptions

Start with 💯 FREE @RealTryHackMe rooms:🧵

#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction

1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
2⃣ Introductory CTF

1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
Read 10 tweets
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Top 8 FREE cybersecurity courses with certification.

🧵👇

#bugbounty #pentesting #hacking #infosec #cybersecurity #pentesting #certifications
1. Introduction to Cybersecurity

🔗 Link: netacad.com/courses/cybers…
2. Networking Essentials

🔗 Link: netacad.com/courses/networ…
Read 10 tweets
⭐ JWT Testing Guide ⭐
#bugbounty #infosec

Thread🧵:👇
Some Sort of Tools :

• That would be helpful for Testing Flows in the process of Authentication or Authorization 🖼 ->👇

More🧵:👇
General Info That you should know about

• Some Major flows in Stablishment of JWT Token :

1. Leak Sensitive Info
2. Send without signature
3. Change algorythm r to h
4. Crack the secret h256
5. KID manipulation

See IMG For More : 👇

More Thread 🧵:👇
Read 5 tweets
Code Review 👩‍💻 Resources for Bug Bounty
#bugbounty #infosec

======
Bugbounty Tips Group Link :
t.me/bugbountyresou…
======

See Below 🧵(1/4) :👇
• Javascript Code Review : medium.com/techiepedia/ja…

• Code Review by Vickie Li : attacker-codeninja.github.io/2021-08-24-cod…

• Code Review Video by OWASP develop :

• Analyze Code For Bugs by BBH & Vickie Li Video :

More🧵(2/4) :👇
• Analyzing JS Files Video by XSSRat :

• Code Review With Chrome Extension Video by BugCrowd :

• Source Review Video by hackerone :

More🧵(3/4) :👇
Read 6 tweets
You cannot be an expert hacker in everything. #cybersecurity is a vast field.

Let's say you wear an offensive hat. This is a vast field in itself.

Choose one topic, say "application security" (I'm also into this).

Here’s my best approach to skill-up fast:

0/n
1. Read write-ups from @PentesterLand on that specific topic (say "authentication bypass")

Go to: pentester.land/writeups/ and search for "bypass"
2. Practice on @RealTryHackMe

Go to: tryhackme.com/hacktivities?t… and search for "bypass"
Read 7 tweets
Top 10 exploited vulnerabilities in 2022.

🧵👇

#bugbounty #infosec #cybersecurity #CVE #hacking
1. Follina (CVE-2022-30190)
2. Log4Shell (CVE-2021-44228)
3. Spring4Shell (CVE-2022-22965)
4. F5 BIG-IP (CVE-2022-1388)
5. Google Chrome zero-day (CVE-2022-0609)
6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)
Read 5 tweets
Hey #OSINT, Data visualization is the graphical representation of information and data.

Investigations become easier with visual elements like charts, graphs, maps, & tools. #DataVisualization

Here are some must use Data Visualization tools for OSINT investigators.

A thread🧵
1. Osint Combine’s Data Visualization Tool - osintcombine.com/data-visualiza…

2. Gephi - gephi.org

3. ArcGis - arcgis.com/index.html

4. Cytoscape - cytoscape.org

5. SocNetV - socnetv.org

#OSINT #JournalismIsNotACrime #Data #DataVisualization
Read 4 tweets
Bypass Linux Shell Restrictions { v1 }
#bugbounty #Infosec #pentest

Look the thread 🧵Below :👇
🏹Common Limitations Bypasses
#bugbounty #infosec

• Reverse Shell : 👇

• Short Rev shell : 👇
• Bypass Paths and forbidden words :🖼👇

• Bypass forbidden spaces : 🖼👇

• Bypass backslash and slash :🖼👇

• Bypass pipes : ↙

bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)
Read 3 tweets
The infrastructure pentest, in six parts:

1 - Intelligence Gathering
2 - Vulnerability Analysis
3 - Exploitation
4 - Post Exploitation
5 - Reporting
6 - Configuration Review

0/n
1. Intelligence Gathering:

Technical steps to perform during the information gathering phase of an organization and figuring out the attack-surface area.

Full breakdown: bitvijays.github.io/LFF-IPS-P1-Int…
2. Vulnerability Analysis:

Exploring different services running on different ports of a machine by utilizing metasploit-fu, nmap or other tools.

Full breakdown: bitvijays.github.io/LFF-IPS-P2-Vul…
Read 7 tweets
Musk touts Twitter signup growth.

But users aren't customers.

Advertisers are the primary customers.

And ~50% of them have left.

More are probably just waiting for holiday retail season to end.
If you aren't paying, you're the product, not the customer.

Twitter communities *were* the product.

Brands paid to be in front of their eyeballs.

As Musk chases them off, advertisers are inevitably following.
Twitter's communities were whole ecosystems.

Take my field: #infosec. So much of the conversation was happening here.

But now that community has left.

Want to reach them? You'll need advertising impressions elsewhere.

(Got examples? Counterexamples? please weigh in!)
Read 4 tweets
OAuth 2.0 Explained ! 📌v2
#bugbounty #infosec

Difficulty : Beginner & Intermediate

Read Thread🧵:👇
⭕ Weak redirect_uri

1. Alter the redirect_uri URL with TLD
aws.console.amazon.com/myservice -> aws.console.amazon.com

2. Finish OAuth flow and check if you're redirected to the TLD, then is vulnerable

3. Check your redirect is not to Referer header or other param [See ->🖼:👇]

🧵:👇
⭕Path traversal :
https: //yourtweetreader.com/callback/../redirect?url=https://evil.com

⭕HTML Injection and stealing tokens via referer header.

• Check referer header in the requests for sensitive info

🧵:👇
Read 9 tweets
OAuth 2.0 Explained ! 📌v1
#bugbounty #Infosec

Difficulty : Beginners

See Thread 🧵:👇
When OAuth 2.0 is in Work :
#bugbounty #Infosec

• YourWeb tried integrate with Twitter.
• YourWeb request to Twitter if you authorize.
• Prompt with a consent.
• Once accepted Twitter send request redirect_uri with code and state.
• YourWeb take code and it's own client_id and client_secret and ask server for access_token.
• YourWeb call Twitter API with access_token.

Some Definitions Explained : 🖼:👇
#bugbounty #infosec
Read 4 tweets
List of 50 cybersecurity podcasts:
#infosec #cybersecurity #podcasts #infosecurity Image
1. Cyber Work
2. Click Here
3. Defrag This
4. Security Now
5. InfoSec Real
6. InfoSec Live
7. Simply Cyber
8. OWASP Podcast
9. We Talk Cyber
10. Risky Business
11. Malicious Life
12. Hacking Humans
13. What The Shell
14. Life of a CISO
15. H4unt3d Hacker
16. 2 Cyber Chicks
17. The Hacker Mind
18. Security Weekly
19. Cyberside Chats
20. Darknet Diaries
21. CyberWire Daily
22. Absolute AppSec
23. Security in Five
24. Smashing Security
25. 401 Access Denied
26. 7 Minute Security
27. 8th Layer Insights
28. Adopting Zero Trust
29. Cyber Security Sauna
Read 6 tweets
⭐ Broken Authentication And Session Management.
#bugbounty #Infosec

Step by Step Explanation

See 🧵:
📌Old Session Does Not Expire After Password Change :

Steps🖼 :👇
📌Session Hijacking (Intended Behavior)
#bugbounty #infosec

Impact: If attacker get cookies of victim it will leads to account takeover.

Steps :👇
Read 10 tweets
Hidden API Functionality Exposure
#bugbounty #infosec

Credit : @N3T_hunt3r

Thread🧵:👇
Application programming interfaces (APIs) have become a critical part of almost every business.

APIs are responsible for transferring information between systems within a company or to external companies.

For example, 🧵:👇
when you log in to a website like Google or Facebook, an API processes your login credentials to verify they are correct.

• Swagger UI Documentation
• Dictionary Attack | Brute force
• Common wordlist for API Enum:

1. wordlists.assetnote.io

2. github.com/Net-hunter121/…

:👇
Read 4 tweets
Account Takeover Methodology
#bugbounty #infosec

📌Thread🧵:👇
📌Chaining Session Hijacking with XSS
#bugbounty #Infosec

==
My Bugbounty Tips Group Link : 👇
t.me/bugbountyresou…
==

Thread🧵:👇
📌No Rate Limit On Login With Weak Password Policy

So if you find that target have weak password policy, try to go for no rate limit attacks in poc shows by creating very weak password of your account.

(May or may not be accepted)

Thread🧵:👇
Read 8 tweets
Cybersecurity Certifications

A thread.

🧵👇

#bugbounty #hacking #infosec #cybersecurity Image
⭐ In this thread, I am not going to debate whether certifications are required to showcase your skill and get a job. You like it or not, certifications do add value to your resume.

That being said, I'm going to uncover top certifications with pricing based on difficulty.
1️⃣ Beginners

1. eJPT - eLearnSecurity / $200
2. eWPT - eLearnSecurity / $200
3. Pentest+ - Comptia / $397

❓CEH-Practical - EC-Council
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!