Discover and read the best of Twitter Threads about #InfoSecurity
Most recents (24)
7 Steps to Take When Pivoting into the Cybersecurity Industry
1. Acquire the fundamental knowledge. This can be achieved via Certifications and Online Courses
2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
3. Build a great Portfolio. Work on personal and collective projects, improve your writing and documenting skills,Participate in hackathons and CTFs and so on.
Today's quick #malware analysis with #SecurityOnion: FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!
Thanks to @malware_traffic for sharing this pcap!
More screenshots:
blog.securityonion.net/2023/02/quick-โฆ
#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
Thanks to @malware_traffic for sharing this pcap!
More screenshots:
blog.securityonion.net/2023/02/quick-โฆ
#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
@malware_traffic Let's review some of the data that #SecurityOnion generates from this traffic!
When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
@malware_traffic Here are the NIDS alerts:
Get ahead in your career:
How Coursera.org free #cybersecurity courses can boost your resume and job prospects
Follow the thread for a creative and engaging look free cybersecurity courses For Beginners & Professional ๐ป #Cybersecurity
#Infosys #infosecurity
How Coursera.org free #cybersecurity courses can boost your resume and job prospects
Follow the thread for a creative and engaging look free cybersecurity courses For Beginners & Professional ๐ป #Cybersecurity
#Infosys #infosecurity
Career page Links ๐ข
1. Capgemini: lnkd.in/dZBUYY88
2. Infosys: lnkd.in/dEcdZ7gf
3. Wipro : lnkd.in/d89txDcp
4. Cognizant : lnkd.in/d6tp6F_p
5. LTI : lnkd.in/dnCVuQzD
6. TCS : lnkd.in/dJpHXdvv
#Careers #infosecurity #infosec
1. Capgemini: lnkd.in/dZBUYY88
2. Infosys: lnkd.in/dEcdZ7gf
3. Wipro : lnkd.in/d89txDcp
4. Cognizant : lnkd.in/d6tp6F_p
5. LTI : lnkd.in/dnCVuQzD
6. TCS : lnkd.in/dJpHXdvv
#Careers #infosecurity #infosec
7. DXC Technology : lnkd.in/dnVzT7eb
8. HCL : lnkd.in/dwTuQWAf
9. Hashedin : lnkd.in/d2ePnTG4
10. Hexaware : jobs.hexaware.com
11. Revature : lnkd.in/dtJkkrBp
12. IBM : lnkd.in/dU-VhUCw
13. Nagarro : lnkd.in/dRyQ_rkk
8. HCL : lnkd.in/dwTuQWAf
9. Hashedin : lnkd.in/d2ePnTG4
10. Hexaware : jobs.hexaware.com
11. Revature : lnkd.in/dtJkkrBp
12. IBM : lnkd.in/dU-VhUCw
13. Nagarro : lnkd.in/dRyQ_rkk
14. Virtusa : lnkd.in/dHJwPXiG
15. Zoho : lnkd.in/dUw9Qi4B
16. CGI : lnkd.in/d3vs3whb
17. Finastra : lnkd.in/dsXSfUev
18. FIS : lnkd.in/dJCX6aVz
19. Fiserv : lnkd.in/d7inSReM
20. IQVIA : lnkd.in/dsxAXftw
15. Zoho : lnkd.in/dUw9Qi4B
16. CGI : lnkd.in/d3vs3whb
17. Finastra : lnkd.in/dsXSfUev
18. FIS : lnkd.in/dJCX6aVz
19. Fiserv : lnkd.in/d7inSReM
20. IQVIA : lnkd.in/dsxAXftw
Want to know more about Reverse Engineering? Check out these resources. #ReverseEngineering #infosecurity ๐ข
1. Reverse Engineering for Beginners by Ophir Harpaz: begin.re
2. Reverse Engineering for Everyone by Kevin Thomas My Technotalent lnkd.in/eUqUDdXS
1. Reverse Engineering for Beginners by Ophir Harpaz: begin.re
2. Reverse Engineering for Everyone by Kevin Thomas My Technotalent lnkd.in/eUqUDdXS
3. Reverse Engineering for beginners by Dennis Yurichev (available in many languages) lnkd.in/eHsdurZG
4. Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks lnkd.in/eR3_ki-6
#infosec
4. Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks lnkd.in/eR3_ki-6
#infosec
5. Malware Analysis โ Mind Map by Thatintel lnkd.in/evyAhNWt
6. Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu lnkd.in/eHZFTSqp
#Hacking #cybersecuriy #infosec
6. Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu lnkd.in/eHZFTSqp
#Hacking #cybersecuriy #infosec
Hey #OSINT๐ต, let's create our OWN Internet Archive/The Wayback Machine. Shall we?
#verification #archive #archivetwt #internet #InternetMarketing #journalism #journalist #journal #Fact #FactCheck #Factcheckers
Follow the thread ๐งต๐
#verification #archive #archivetwt #internet #InternetMarketing #journalism #journalist #journal #Fact #FactCheck #Factcheckers
Follow the thread ๐งต๐
Today the Internet Archive has a collection of nearly 625 billion web pages, 38 million books and texts, 14 million audio recordings, 7 million videos (including 2 million Television News programs), 4 million images, 790,000 software programs and more.
#journalism #journalist
#journalism #journalist
With all due respect, we donโt need all the data thatโs been recorded by the Internet Archive. Usually people save pages on the Wayback Machine that are relevant to them.
So let's use 'Archive Box' @ArchiveBoxApp to make our own archive.
#Fact #FactCheck #Factcheckers
So let's use 'Archive Box' @ArchiveBoxApp to make our own archive.
#Fact #FactCheck #Factcheckers
Insecure CORS Configuration" vulnerabilities. ๐ก๏ธโ๏ธ
[A thread ๐งต]
#infosecurity #CyberSec #bugbountytips #cybersecurity
[A thread ๐งต]
#infosecurity #CyberSec #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?
An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
What is Insecure CORS issue?
An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]
Basic Origin Reflection Test:
Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com
> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Basic Origin Reflection Test:
Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com
> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
In this Mega thread, you will find 10 FREE online courses with a certificate of completion from :
1 - ISC ยฒ
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS
#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1 - ISC ยฒ
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS
#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1โฃ Free Cybersecurity Training
- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
๐๏ธ
training.fortinet.com
- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
๐๏ธ
training.fortinet.com
2โฃ Introduction to Dark Web, Anonymity, and Cryptocurrency
Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency
๐๏ธ
codered.eccouncil.org/course/introduโฆ
Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency
๐๏ธ
codered.eccouncil.org/course/introduโฆ
1. Cyber Work
2. Click Here
3. Defrag This
4. Security Now
5. InfoSec Real
6. InfoSec Live
7. Simply Cyber
8. OWASP Podcast
9. We Talk Cyber
10. Risky Business
11. Malicious Life
12. Hacking Humans
13. What The Shell
14. Life of a CISO
15. H4unt3d Hacker
16. 2 Cyber Chicks
2. Click Here
3. Defrag This
4. Security Now
5. InfoSec Real
6. InfoSec Live
7. Simply Cyber
8. OWASP Podcast
9. We Talk Cyber
10. Risky Business
11. Malicious Life
12. Hacking Humans
13. What The Shell
14. Life of a CISO
15. H4unt3d Hacker
16. 2 Cyber Chicks
17. The Hacker Mind
18. Security Weekly
19. Cyberside Chats
20. Darknet Diaries
21. CyberWire Daily
22. Absolute AppSec
23. Security in Five
24. Smashing Security
25. 401 Access Denied
26. 7 Minute Security
27. 8th Layer Insights
28. Adopting Zero Trust
29. Cyber Security Sauna
18. Security Weekly
19. Cyberside Chats
20. Darknet Diaries
21. CyberWire Daily
22. Absolute AppSec
23. Security in Five
24. Smashing Security
25. 401 Access Denied
26. 7 Minute Security
27. 8th Layer Insights
28. Adopting Zero Trust
29. Cyber Security Sauna
Bug Testing Methodology Series:
๐๐๐๐ (๐๐๐ซ๐ฏ๐๐ซ ๐๐ข๐๐ ๐๐๐ช๐ฎ๐๐ฌ๐ญ ๐ ๐จ๐ซ๐ ๐๐ซ๐ฒ)
Learn how to test for #SSRF step by step on real #bugbounty programs
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
๐๐๐๐ (๐๐๐ซ๐ฏ๐๐ซ ๐๐ข๐๐ ๐๐๐ช๐ฎ๐๐ฌ๐ญ ๐ ๐จ๐ซ๐ ๐๐ซ๐ฒ)
Learn how to test for #SSRF step by step on real #bugbounty programs
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread won't teach how SSRF works, but rather a methodology to follow while actively testing for it.
To learn about how SSRF attacks work, have a read here โก๏ธ portswigger.net/web-security/sโฆ
To learn about how SSRF attacks work, have a read here โก๏ธ portswigger.net/web-security/sโฆ
1๏ธโฃ Finding an attack vector
This step simply implies using the web app THOROUGHLY and finding a place where you input a URL and the server fetches it.
Ex: profile pic from URL, URL Redirects, etc.
The best tip I can give you for this step is: CLICK EVERY SINGLE BUTTON YOU SEE
This step simply implies using the web app THOROUGHLY and finding a place where you input a URL and the server fetches it.
Ex: profile pic from URL, URL Redirects, etc.
The best tip I can give you for this step is: CLICK EVERY SINGLE BUTTON YOU SEE
Introduction to #XSS
Learn the basics of ๐๐ซ๐จ๐ฌ๐ฌ-๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ (๐๐๐)
Thread๐งต๐
#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Learn the basics of ๐๐ซ๐จ๐ฌ๐ฌ-๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ (๐๐๐)
Thread๐งต๐
#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:
The ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.
Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
The ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.
Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.
Types of XSS:
1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)
As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Types of XSS:
1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)
As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
15 effective websites for pentesting research:
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Bug Testing Methodology Series:
๐๐๐ (๐๐ซ๐จ๐ค๐๐ง ๐๐๐๐๐ฌ๐ฌ ๐๐จ๐ง๐ญ๐ซ๐จ๐ฅ)
Learn how to test for Broken Access Control step by step on real #bugbounty programs.
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
๐๐๐ (๐๐ซ๐จ๐ค๐๐ง ๐๐๐๐๐ฌ๐ฌ ๐๐จ๐ง๐ญ๐ซ๐จ๐ฅ)
Learn how to test for Broken Access Control step by step on real #bugbounty programs.
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread will not teach exactly how Broken Access Control vulnerabilities arise, but rather a testing methodology.
If you want to learn how BAC bugs work, check this out โก๏ธ portswigger.net/web-security/aโฆ
If you want to learn how BAC bugs work, check this out โก๏ธ portswigger.net/web-security/aโฆ
1๏ธโฃ Know your target
In order to know what which user role can do, you have to know your target well.
If documentations are available, make full use of them, if not, use the app as much as you can from the perspective of each user role (have a different account for each role)
In order to know what which user role can do, you have to know your target well.
If documentations are available, make full use of them, if not, use the app as much as you can from the perspective of each user role (have a different account for each role)
Start your Career in Cyber-Security / Information-Security by spending $0
These are FREE University courses that are available online for you to take!
๐งต
#infosec #infosecurity #Harvard #NetworkSecurity #CyberMonday2022 #CyberSecurityAwareness
These are FREE University courses that are available online for you to take!
๐งต
#infosec #infosecurity #Harvard #NetworkSecurity #CyberMonday2022 #CyberSecurityAwareness
๐๐๐ - ๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐๐ฌ๐ข๐๐ฌ
This course gives you the background needed to understand the basics of Cybersecurity.
๐๏ธ
edx.org/course/cyberseโฆ
This course gives you the background needed to understand the basics of Cybersecurity.
๐๏ธ
edx.org/course/cyberseโฆ
๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ ๐
๐ฎ๐ง๐๐๐ฆ๐๐ง๐ญ๐๐ฅ๐ฌ
Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate potential cyber attacks.
๐๏ธ
edx.org/course/cyberseโฆ
Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate potential cyber attacks.
๐๏ธ
edx.org/course/cyberseโฆ
Bug Testing Methodology Series:
๐๐๐ (๐๐ซ๐จ๐ฌ๐ฌ ๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ )
Learn how to test for #XSS step by step on real #bugbounty programs.
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
๐๐๐ (๐๐ซ๐จ๐ฌ๐ฌ ๐๐ข๐ญ๐ ๐๐๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ )
Learn how to test for #XSS step by step on real #bugbounty programs.
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, it should be mentioned that this thread will only focus on the testing methodology of XSS, not teaching how it works.
If you don't already know what XSS is, check this out โก๏ธ portswigger.net/web-security/cโฆ
If you don't already know what XSS is, check this out โก๏ธ portswigger.net/web-security/cโฆ
1๏ธโฃ Look for reflections
This is the first step in finding XSS.
Anywhere you see user input is reflected in the response (not limited to what you see on the page, it could be in source code/HTTP response only), note the location/parameter down, that's a potential attack vector.
This is the first step in finding XSS.
Anywhere you see user input is reflected in the response (not limited to what you see on the page, it could be in source code/HTTP response only), note the location/parameter down, that's a potential attack vector.
Complete roadmap to get into #cybersecurity in 2022:
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #hacker #bugbounty #bugbountytips #infosecurity
Thread๐งต๐
#cybersecurity #cybersecuritytips #infosec #hacking #hacker #bugbounty #bugbountytips #infosecurity
1๏ธโฃ IT Fundamentals
Before jumping into more advanced fields, you gotta know the basics.
You can learn everything you need for FREE from
@ProfessorMesser's course โก๏ธ professormesser.com/free-a-plus-trโฆ
For reference, you should be apt for @CompTIA's A+ certification before the next step.
Before jumping into more advanced fields, you gotta know the basics.
You can learn everything you need for FREE from
@ProfessorMesser's course โก๏ธ professormesser.com/free-a-plus-trโฆ
For reference, you should be apt for @CompTIA's A+ certification before the next step.
2๏ธโฃ Networking
It's time to get technical.
Networking will teach you how the internet works, and it's CRUCIAL to have a SOLID understanding of this subejct.
You don't have to be a network engineer, but know things like the OSI Model, TCP/IP, Ports & Services, CIDR, Subnets, etc
It's time to get technical.
Networking will teach you how the internet works, and it's CRUCIAL to have a SOLID understanding of this subejct.
You don't have to be a network engineer, but know things like the OSI Model, TCP/IP, Ports & Services, CIDR, Subnets, etc
Networking Refresher: #infosecurity #tech #Thread #tech #linux
Seven Second Subnetting:
Subnet Guide: drive.google.com/file/d/1ETKH31โฆ
Seven Second Subnetting:
Subnet Guide: drive.google.com/file/d/1ETKH31โฆ
Setting up our Lab #infosec #bugbounty
VMware: vmware.com/products/worksโฆ
VirtualBox: virtualbox.org/wiki/Downloads
Kali Download: offensive-security.com/kali-linux-vm-โฆ
Official Offensive Security kali 2019.3 release: cdimage.kali.org/kali-2019.3/
Other Offical kali 2019 Releases: cdimage.kali.org
VMware: vmware.com/products/worksโฆ
VirtualBox: virtualbox.org/wiki/Downloads
Kali Download: offensive-security.com/kali-linux-vm-โฆ
Official Offensive Security kali 2019.3 release: cdimage.kali.org/kali-2019.3/
Other Offical kali 2019 Releases: cdimage.kali.org
Mid-Course Capstone #infosec
New Capstone boxes: drive.google.com/drive/folders/โฆ
Old Capstone boxes:
Linux Priv Esc course: academy.tcm-sec.com/p/windows-privโฆ
Windows Priv Esc Course: academy.tcm-sec.com/p/linux-privilโฆ
New Capstone boxes: drive.google.com/drive/folders/โฆ
Old Capstone boxes:
Linux Priv Esc course: academy.tcm-sec.com/p/windows-privโฆ
Windows Priv Esc Course: academy.tcm-sec.com/p/linux-privilโฆ
List Of Best Cyber Security and Hacking Documentaries | #infosec
[ Thread ]
#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity #thesecureedge #Security
[ Thread ]
#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity #thesecureedge #Security
1. We Are Legion โ The Story Of The Hacktivists -lnkd.in/dEihGfAg
2. The Internetโs Own Boy: The Story Of Aaron Swartz - lnkd.in/d3hQVxqp
3. Hackers Wanted - lnkd.in/du-pMY2R
4. Secret History Of Hacking -
2. The Internetโs Own Boy: The Story Of Aaron Swartz - lnkd.in/d3hQVxqp
3. Hackers Wanted - lnkd.in/du-pMY2R
4. Secret History Of Hacking -
5. Def Con: The Documentary - lnkd.in/dPE4jVVA
6. Web Warriors - lnkd.in/dip22djp
7. Risk (2016) - lnkd.in/dMgWT-TN
8. Zero Days (2016) - lnkd.in/dq_gZA8z
6. Web Warriors - lnkd.in/dip22djp
7. Risk (2016) - lnkd.in/dMgWT-TN
8. Zero Days (2016) - lnkd.in/dq_gZA8z
List Of Best Cyber Security and Hacking Documentaries | #infosec
[ Thread ]
#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity
#thesecureedge #security
[ Thread ]
#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity
#thesecureedge #security
1. We Are Legion โ The Story Of The Hacktivists
-lnkd.in/dEihGfAg
2. The Internetโs Own Boy: The Story Of Aaron Swartz
- lnkd.in/d3hQVxqp
3. Hackers Wanted - lnkd.in/du-pMY2R
4. Secret History Of Hacking
- lnkd.in/dnCWU-hp
-lnkd.in/dEihGfAg
2. The Internetโs Own Boy: The Story Of Aaron Swartz
- lnkd.in/d3hQVxqp
3. Hackers Wanted - lnkd.in/du-pMY2R
4. Secret History Of Hacking
- lnkd.in/dnCWU-hp
5. Def Con: The Documentary
- lnkd.in/dPE4jVVA
6. Web Warriors
- lnkd.in/dip22djp
7. Risk (2016)
- lnkd.in/dMgWT-TN
8. Zero Days (2016)
- lnkd.in/dq_gZA8z
- lnkd.in/dPE4jVVA
6. Web Warriors
- lnkd.in/dip22djp
7. Risk (2016)
- lnkd.in/dMgWT-TN
8. Zero Days (2016)
- lnkd.in/dq_gZA8z
#securityexplained
S-6: Bypassing Biometrics in iOS with Objection
Many applications in iOS platform provides a functionality to enable touch/face ID to act as an added layer of protection to the application. However, it is possible to bypass this layer.
(1/n)
S-6: Bypassing Biometrics in iOS with Objection
Many applications in iOS platform provides a functionality to enable touch/face ID to act as an added layer of protection to the application. However, it is possible to bypass this layer.
(1/n)
(2/n)
If the attack has "physical access" to the device, there are multiple options to bypass the checks, however, one of the simplest methods is to use "Objection".
Before, performing the attack ensure that the Frida is running. Also, the Objection must be installed.
If the attack has "physical access" to the device, there are multiple options to bypass the checks, however, one of the simplest methods is to use "Objection".
Before, performing the attack ensure that the Frida is running. Also, the Objection must be installed.
(3/n)
# How to perform the attack:
1. Run the following command: objection --gadget <package_name_here>
2. In the objection run following command: ios ui biometrics_bypass
# How to perform the attack:
1. Run the following command: objection --gadget <package_name_here>
2. In the objection run following command: ios ui biometrics_bypass
@Walmart disrupting the healthcare market and its #cybersecurity implications - #Thread 1/7
That's big news, as Walmart has the power to change this market completely
@lauralovett7 describes it accurately as a shake up in this article on @MobiHealthNews
mobihealthnews.com/news/how-retaiโฆ
That's big news, as Walmart has the power to change this market completely
@lauralovett7 describes it accurately as a shake up in this article on @MobiHealthNews
mobihealthnews.com/news/how-retaiโฆ
With over 200M weekly customers and over 4000 stores in medically unserved communities (MUC), this retail giantโs power is enormous.
In fact itโs nothing new, as @amazon is already taking part in the healthcare market via @PillPack, their medicine delivery services. 2/7
In fact itโs nothing new, as @amazon is already taking part in the healthcare market via @PillPack, their medicine delivery services. 2/7
The distribution of medical services for this market leader in the coming years will most likely involve cutting edge tech, including AI models and machine learning to allow a full transformation of required data. 3/7
1/How @ElevenFinance got hacked? ๐งต
The exploit was possible due to a bug in emergencyBurn() function of ElevenNeverSellVault.
There is a transfer of previously deposited funds during the function call, but there is a lack of burning of Nerve shares to account for the transfer
The exploit was possible due to a bug in emergencyBurn() function of ElevenNeverSellVault.
There is a transfer of previously deposited funds during the function call, but there is a lack of burning of Nerve shares to account for the transfer
2/ In other words, an attacker could double-spend Nerve shares he acquired during initial deposit to the vault.
emergencyBurn() didnโt burn 11NRV Tokens so an attacker used them in โwithdrawAll()โ to get additional LP Tokens in return.
emergencyBurn() didnโt burn 11NRV Tokens so an attacker used them in โwithdrawAll()โ to get additional LP Tokens in return.
3/ He burned LP Tokens on PancakeSwap getting the underlying tokens.
After repaying the FlashSwap, attacker was left with funds from burning second time the 11NRV Tokens.
This was done on multiple vaults on ElevenFinance, marking a total loss of $4.5M.
After repaying the FlashSwap, attacker was left with funds from burning second time the 11NRV Tokens.
This was done on multiple vaults on ElevenFinance, marking a total loss of $4.5M.
#learn365 Day-21: GraphQL Vulnerabilities (Part-2)
1. Information Disclosure via Error Messages
- Similar to the normal information disclosure via error triggering.
- Provide malformed or unexpected input within GraphQL queries.
#BugBountyTips #appsec #infosecurity
(1/n)
1. Information Disclosure via Error Messages
- Similar to the normal information disclosure via error triggering.
- Provide malformed or unexpected input within GraphQL queries.
#BugBountyTips #appsec #infosecurity
(1/n)
(2/n)
- Sometimes you may observe verbose error messages revealing sensitive information.
2. GraphQL Denial of Service
- Due to an improper limit on the maximum query depth, it might be possible to perform a denial of service in graphql implementation.
- Sometimes you may observe verbose error messages revealing sensitive information.
2. GraphQL Denial of Service
- Due to an improper limit on the maximum query depth, it might be possible to perform a denial of service in graphql implementation.
(3/n)
- Nest a query to unlimited depth and send this query on a GraphQL endpoint to observe anything suspicious.
- A good example: owasp-skf.gitbook.io/asvs-write-upsโฆ
3. Insecure Direct Object Reference
- Similar to normal API like IDORs
- A good example: owasp-skf.gitbook.io/asvs-write-upsโฆ
- Nest a query to unlimited depth and send this query on a GraphQL endpoint to observe anything suspicious.
- A good example: owasp-skf.gitbook.io/asvs-write-upsโฆ
3. Insecure Direct Object Reference
- Similar to normal API like IDORs
- A good example: owasp-skf.gitbook.io/asvs-write-upsโฆ
15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don't know why WhatsApp is still not monitoring their website and google. This is 3rd time.
#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google
#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google
This time, @WhatsApp is actually using a โRobots.txtโ file and a โdisallow allโ setting, so they are instructing @Google not to index anything. Google is still Indexing.
#InfoSec
#InfoSec
Mobile Number and Messages on WhatsApp Web Is Being Indexed by Google Again. @Techna @billtoulas
technadu.com/whatsapp-web-iโฆ
#InfoSec
technadu.com/whatsapp-web-iโฆ
#InfoSec
