Discover and read the best of Twitter Threads about #PenetrationTesting

Most recents (6)

Due to the Sunk Cost Fallacy, it’s often emotionally easier to continue down a rabbit hole rather than just move on to a different attack vector, even if it causes us more pain and sufferance than the alternative.
What can we do about it? The following method works for me on many levels; we can apply it to machines on a network, to services on a machine, or to directories on a web application.
Read 8 tweets
Another new idea for #PenetrationTesting and #Bug-hunting:

Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
This web app used #JWT tokens that were transmitted in the bearer header, and for some reason, there were three more cookies that also contained this token.
Only two of them were secure with #HTTP Only.
Just a wild guess.
Read 5 tweets
Here's a list of free #PenetrationTesting and #RedTeam Labs you may set up in your own home to enhance your #hacking abilities :
1) Red Team Attack Lab
A simulated setting where red teams can practice exploiting #vulnerabilities in various operating systems.
2) Capsulecorp Pentest
#Capsulecorp is a lightweight virtual infrastructure operated using Vagrant and Ansible. One #Linux attacking system running #Xubuntu is included, along with four #Windows 2019 servers hosting a variety of #exploitable services.
Read 10 tweets
My updated list of #penetrationtesting books you should have in your collection!
@PhillipWylie, @kim_crawley, @georgiaweidman, @Moos1e_Moose, @hackerfantastic, @Jennifer_Arcuri, @three_cube

Books to Start Your Penetration Testing Journey (2021 Edition)…
If you enjoy what I'm doing, please support by buying me a "coffee"!

I will use it to keep building the blog, #InfoSecUnplugged & share exclusive content to supporters/members of the #pack!

All support is greatly appreciated!
Read 3 tweets
I did this one before. But since we're making #30daysofthreads a great opportunity for folks to learn gems going into 2020, I figured I bring this one back!

With that being said, I will list 10 books to get started you in #hacking & #penetrationtesting
#CyberSecurity #infosec
“Penetration Testing" by
- 1 of the top books you must read if you're new to hacking or reviewing. Some material is dated but it is still a great book (Georgia is working on a new version. Don't bother her about it!) -
@georgiaweidman “Linux Basics for Hackers” by OccupyTheWeb

This book is great for those learning or working w/ Linux. It explains how to install Kali & what services are installed & what they're used for. This book also explains how to create scripts in BASH & Python
Read 10 tweets
The @BBFC #AgeVerification "Certificate Standard" has been published.

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?…
@BBFC Well, that was fast:

"this is the foundation of the non-statutory, voluntary age-verification certification scheme (the Scheme)"

"Only age-verification providers that meet the requirements of the Standard…will receive certification"

What happens to the ones that don't?
@BBFC [ Incidentally, I am going through this in real time with a mug of coffee, so there may be some jumping back and forth. Don't expect perfection. ]
Read 104 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!