Discover and read the best of Twitter Threads about #cybersec
Most recents (22)
Two factor Authentication bypass : ⚔️
- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add
{XXNUMBERXX}
- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add
{XXNUMBERXX}
(1/n)
- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
(2/n)
- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.
#infosec #cybersec #bugbounty
- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.
#infosec #cybersec #bugbounty
CAN I BE HACKED VIA BLUETOOTH?
Yes,
Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
Yes,
Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
What is a Bluetooth Attack?
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
Types of Bluetooth Attacks
· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
Grow your cybersecurity skills with this incredible collection of FREE learning resources.
⚡️ Get ready to level up!
Follow & share the 🧵
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
⚡️ Get ready to level up!
Follow & share the 🧵
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
Looking to kickstart your career in cybersecurity?
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1️⃣ Level - Introduction to OpenVPN
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
2️⃣ Introductory Research Walkthrough
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
#India's #startup ecosystem raised $455 million across 24 deals last week (Jan.16-21,'23) with #fintech #unicorn PhonePe turning decacorn at $12 billion valuation.
#StartupIndia #DigitalIndia #VentureCapital #funding #Entrepreneurship #innovation #Motivation #prosunjoyi #Thread
#StartupIndia #DigitalIndia #VentureCapital #funding #Entrepreneurship #innovation #Motivation #prosunjoyi #Thread
#India's #startup ecosystem raised $126 million off 16 deals last week (Jan.23-28,'23) across #cybersecurity, #deeptech, #energy, #gaming, #logistics, #SaaS, etc. with total #funding for Jan.'23 crossing $1 billion. #StartupIndia #DigitalIndia #VentureCapital #inspiration #Thread
#India's #startup ecosystem raised $49 million off 12 deals last week (Jan.30-Feb.4,'23) across #EVs, #freight, #manufacturing, etc. #StartupIndia #DigitalIndia #VentureCapital #leadership #founders #Entrepreneurship #MondayMotivation #inspiration #innovation #prosunjoyi #Thread
12 YouTube Pages to Learn #Cybersecurity for FREE
1. Network Chuck- Everything Cybersecurity related
2. Outpost Gray- Cybersecurity Carer Dev
3. The XSS Rat- Bounty Hunting
4. Cyrill Gossi- Cryptography Videos
5. Cyberspatial- Cybersecurity Education and Training
2. Outpost Gray- Cybersecurity Carer Dev
3. The XSS Rat- Bounty Hunting
4. Cyrill Gossi- Cryptography Videos
5. Cyberspatial- Cybersecurity Education and Training
6. Bugcrowd- Bug Bounty Interviews and Methodology
7. Professor Messer- Guides covering Certifications
8. Black Hat- Cybersecurity Technical Conferences
9. Hak5- Everything Cybersecurity
10. Infosec Institute- Cybersecurity Awareness
7. Professor Messer- Guides covering Certifications
8. Black Hat- Cybersecurity Technical Conferences
9. Hak5- Everything Cybersecurity
10. Infosec Institute- Cybersecurity Awareness
Training/Methodology #infosec #offensivesec⚔️🛡️
- OSINT Training and Workflow (dfir.training/osint)
- Website Investigation Workflow ()
- OSINT Resources & Tutorials (aware-online.com/en/)
- Learning Overpass API (osmlab.github.io/learnoverpass/…)
- OSINT Training and Workflow (dfir.training/osint)
- Website Investigation Workflow ()
- OSINT Resources & Tutorials (aware-online.com/en/)
- Learning Overpass API (osmlab.github.io/learnoverpass/…)
- A 5-minute guide to creating a covert account for Internet Investigations (OSINT) (intelligencewithsteve.com/post/a-5-minut…)
- hat’s in a Company? Guide for investigate a company (kit.exposingtheinvisible.org/en/what/compan…)
- Osint : Comment naviguer en eaux troubles (daring-india-marten-972.medium.com/osint-comment-…)
- hat’s in a Company? Guide for investigate a company (kit.exposingtheinvisible.org/en/what/compan…)
- Osint : Comment naviguer en eaux troubles (daring-india-marten-972.medium.com/osint-comment-…)
- Amnesty International Course : Open Source Investigations for Human Rights (advocacyassembly.org/en/partners/am…)
- OSINT : Explorer l’espace informationnel Russe (docs.google.com/document/d/10a… from )
- OSINT Russia Resources (start.me/p/0PeKwy/osint…)
- OSINT : Explorer l’espace informationnel Russe (docs.google.com/document/d/10a… from )
- OSINT Russia Resources (start.me/p/0PeKwy/osint…)
10 types of web vulnerabilities that are often missed
🐞 HTTP/2 Smuggling
🐛 XXE via Office Open XML Parsers
🐜 SSRF via XSS in PDF Generators
🕷 XSS via SVG Files
🦟 Blind XSS
#bugbounty #pentest #hacking
Thread 🧵👇
labs.detectify.com/2021/09/30/10-…
🐞 HTTP/2 Smuggling
🐛 XXE via Office Open XML Parsers
🐜 SSRF via XSS in PDF Generators
🕷 XSS via SVG Files
🦟 Blind XSS
#bugbounty #pentest #hacking
Thread 🧵👇
labs.detectify.com/2021/09/30/10-…
10 types of web vulnerabilities that are often missed
🪲 Web Cache Deception
🪳 Web Cache Poisoning
🐞 h2c Smuggling
🐛 Second Order Subdomain Takeovers
🕷 postMessage bugs
#cybersec #infosec #bugs
🧵 2/3
🪲 Web Cache Deception
🪳 Web Cache Poisoning
🐞 h2c Smuggling
🐛 Second Order Subdomain Takeovers
🕷 postMessage bugs
#cybersec #infosec #bugs
🧵 2/3
This @Detectify blog was created through #HackerContent! 📖✍️
If you’re interested in getting some #cybersecurity-focused content or social media management for your organization, DM us, or check hackercontent.com!
#blogs #cyberseccontent #content
🧵 3/3
If you’re interested in getting some #cybersecurity-focused content or social media management for your organization, DM us, or check hackercontent.com!
#blogs #cyberseccontent #content
🧵 3/3
Insecure CORS Configuration" vulnerabilities. 🛡️⚔️
[A thread 🧵]
#infosecurity #CyberSec #bugbountytips #cybersecurity
[A thread 🧵]
#infosecurity #CyberSec #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?
An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
What is Insecure CORS issue?
An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]
Basic Origin Reflection Test:
Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com
> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Basic Origin Reflection Test:
Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com
> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Find JavaScript Files
—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————
#bugbounty #Infosec #CyberSec
—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————
#bugbounty #Infosec #CyberSec
Get Subdomains from BufferOver. run
—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————
#bugbounty #Infosec #CyberSec
—————————
I've opened My Bug Bounty tips Group => Join Link : t.me/bugbountyresou…
—————————
#bugbounty #Infosec #CyberSec
You want a career in Cyber Security and Hacking?
BUT can't afford costly courses & subscriptions
Start with 💯 FREE @RealTryHackMe rooms:🧵
#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
BUT can't afford costly courses & subscriptions
Start with 💯 FREE @RealTryHackMe rooms:🧵
#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction
1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
1. OpenVPN tryhackme.com/room/openvpn
2. Welcome tryhackme.com/jr/welcome
3. Intro to Researching tryhackme.com/room/introtore…
4. Crash Course Pentesting tryhackme.com/room/ccpentest…
2⃣ Introductory CTF
1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
1. Google Dorking tryhackme.com/room/googledor…
2. OHsint tryhackme.com/room/ohsint
3. Shodan tryhackme.com/room/shodan
Hey #OSINT, Here are top 10 weather maps that everyone should know.
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck #journalism #BookTwitter #Weathercloud #WeatherUpdate #journalist
A thread🧵
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck #journalism #BookTwitter #Weathercloud #WeatherUpdate #journalist
A thread🧵
Here are some of the free cybersecurity certifications you can get :
Part 1/4 🧵👇
1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]
#Pentesting #CyberSec #bugbounty #infosec
Part 1/4 🧵👇
1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]
#Pentesting #CyberSec #bugbounty #infosec
Part 2/4 🧵👇
4. Networking Essentials[netacad.com/courses/networ…]
5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]
6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]
7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
4. Networking Essentials[netacad.com/courses/networ…]
5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]
6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]
7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
Part 3/4 🧵👇
8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]
9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]
10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]
9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]
10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
Hey #OSINT, Twitter is one of the leading social media networks.
Here is the list of 10 Twitter analysis 📈📉 tools to optimise your search and digital investigation.
#CyberSec #cybersecurity #cybersecuritytips #bugbountytips
A THREAD 🧵
Here is the list of 10 Twitter analysis 📈📉 tools to optimise your search and digital investigation.
#CyberSec #cybersecurity #cybersecuritytips #bugbountytips
A THREAD 🧵
1. Tinfoleak - tinfoleak.com
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck
2. Account Analysis - accountanalysis.app
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck #journalism
#OSINT #CyberSec #cybersecurity #cybersecuritytips #bugbountytips #FactCheck #journalism
Here are some of the free cybersecurity certifications you can get :
Part 1/4 🧵👇
1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]
#Pentesting #CyberSec #bugbounty #infosec
Part 1/4 🧵👇
1. NSE 1,2 & 3[training.fortinet.com]
2. Introduction to Cybersecurity[netacad.com/courses/cybers…]
3. Cybersecurity Essentials[netacad.com/courses/cybers…]
#Pentesting #CyberSec #bugbounty #infosec
Part 2/4 🧵👇
4. Networking Essentials[netacad.com/courses/networ…]
5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]
6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]
7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
4. Networking Essentials[netacad.com/courses/networ…]
5. Android Bug Bounty Hunting: Hunt Like a Rat[codered.eccouncil.org/course/android…]
6. Ethical Hacking Essentials (EHE)[codered.eccouncil.org/course/ethical…]
7. Website Hacking Techniques[codered.eccouncil.org/course/website…]
Part 3/4 🧵👇
8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]
9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]
10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
8. Digital Forensics Essentials (DFE)[codered.eccouncil.org/course/digital…]
9. Network Defense Essentials (NDE)[codered.eccouncil.org/course/network…]
10. Introduction to Dark Web, Anonymity, and Cryptocurrency[codered.eccouncil.org/course/introdu…]
#VivaTech 🚀
Sur le stand @orange, on parle de souveraineté numérique avec @babgi (conseil national du numérique) et @huguesfoulon (PDG Orange Cyberdéfense).
Sur le stand @orange, on parle de souveraineté numérique avec @babgi (conseil national du numérique) et @huguesfoulon (PDG Orange Cyberdéfense).
“Être souverain, c’est avoir le choix et pleinement conscience de nos décisions en matière numérique” - @huguesfoulon
“Ne pas avoir une érosion de la valeur qui part à l’étranger” - @babgi
“Ne pas avoir une érosion de la valeur qui part à l’étranger” - @babgi
“Veut-on être une colonie américaine ad vitam ? La réponse d’@orange, c’est plutôt non mais ça ne se fait pas en un claquement de doigt” - @huguesfoulon
@OrangeCyberFR x @orange
#VivaTech
@OrangeCyberFR x @orange
#VivaTech
1/ #LockedShields 2022: Heute hat die größte & komplexeste jährliche #LiveFire Übung zur #CyberSec der #NATO begonnen.
Für Euch mit dabei: Team @cirbw & viele Fähigkeiten aus dem #CIRBw. Bevor es losgeht, ein Thread 🧵 zur Einordnung und Erklärung... !B
Für Euch mit dabei: Team @cirbw & viele Fähigkeiten aus dem #CIRBw. Bevor es losgeht, ein Thread 🧵 zur Einordnung und Erklärung... !B
2/ #LockedShields steht unter Leitung der #NATO @ccdcoe. Seit 2010 treten jährlich 🔴 Teams gegen 🔵 Teams an; Letztere bilden die teilnehmenden Nationen. Sie stehen im #Wettstreit. Für das Erkennen & Abwehren von Angriffen gibt es Punkte/Punktabzug. 2021 hat 🇸🇪 gewonnen.
3/ Schlagwort #CyberSec: Bei #LockedShields geht es darum die eigenen #IT-Systeme & #KRITIS (kritische Infrastrukturen) gegen #Cyberangriffe zu verteidigen & abzusichern. Die Teilnehmenden müssen #Angriffe erkennen, bestenfalls verhindern oder aber zumindest die Folgen eindämmen.
Wanna Learn Azure in 30 Days? 🚀
Here's Day 4 of 30 and will be learning today💯:
👨💼Azure Resource Manager (ARM)
🖥️Core Compute Services
(1/n)
#azure #cybersec #az #cloud #LearnAzure #learningazure
Here's Day 4 of 30 and will be learning today💯:
👨💼Azure Resource Manager (ARM)
🖥️Core Compute Services
(1/n)
#azure #cybersec #az #cloud #LearnAzure #learningazure
🧑💼Azure Resource Manager (ARM) : It provides management layer for all resources in Azure.
➼ All platforms from where we can manage cloud resources such as Portal, Az Module, AZ CLI, Rest API or SDKs, all communicate with ARM to perform actions in environment
(2/n)
➼ All platforms from where we can manage cloud resources such as Portal, Az Module, AZ CLI, Rest API or SDKs, all communicate with ARM to perform actions in environment
(2/n)
➼ When request from any platform is sent to ARM then performs authentication and then forward request to resources providers for actions.
➼ ARM also includes templates known as (ARM Templates) for deploying resources repeatable and consistently.
(3/n)
➼ ARM also includes templates known as (ARM Templates) for deploying resources repeatable and consistently.
(3/n)
Cybersecurity job is a combination of #skills. Look around, be passioned and get the right set of values. It's not a #scary topic. Tips from #CyberSec executives to the #Youth @C_Painter @KlyngeC @MarinaKaljurand @dws_ch
@DSMeu
@DSMeu
1/1: Hello, my name is Anna and my question is the following. I would like to know whether it’s possible for those people who don’t possess some specific technical skills to still become aspecialist in cybersecurity. Thank you. @krupnik_anna
1/2: You need that combination, particularly as we need to convince our ministers, our CEOs and others. This is not a scary topic. You don’t need to be a coder to understand the importance and the innovative importance of cybersecurity. We need those people. @C_Painter
The @UBS 'Global #FamilyOffice Report 2019' holds some interesting #Insights...Some takeaways (1/10) ubs.com/global/en/weal… #GlobalTrends #Investing
2/10 #FamilyOffice #trends: General overview...Recession fears rising, returns fade, #PE best performer, #RE gaining traction, #ESG & #Tech is best longterm plays, #Geopolitics risks rising & #CyberSec is key concern...
3/10 #FamilyOffice #trends: The family office trend really got on it's way since 2000 with the GFC acting as further catalyst as wealthy families got tired of what the major Wall Street players served up & decided to take control and bring key functions in-house...#Wealth
The @wef 'Global #Risks Report 2020' provides plenty of #FoodForThought - weforum.org/reports/the-gl… Here are some takeaways... #GlobalTrends (1/9) The evolving risks landscape (2007-2020)
2/16 Silencing expert voices in the cybersecurity discussion space is a
strategy for weakness not strength, as any Red Team expert would tell
you. #CyberCon #CensorCon
strategy for weakness not strength, as any Red Team expert would tell
you. #CyberCon #CensorCon
3/16 The @CyberGovAU removed me from the #AISA #CyberCon speakers list
8 days b4 the event. Reason: my talk content was 'incongruent' w/ the
largest cybersec conf in AU. Yet they had not seen my talk content yet.
#CensorCon #cyber #infosec #cybersecurity #informationsecurity
8 days b4 the event. Reason: my talk content was 'incongruent' w/ the
largest cybersec conf in AU. Yet they had not seen my talk content yet.
#CensorCon #cyber #infosec #cybersecurity #informationsecurity
4/16 #CyberCon removed me from the speakers list based on my talk title
alone. I'm not the only speaker removed: @Thomas_Drake1 was also disinvited. Others
told to alter format. #CensorCon #cyber #infosec #cybersecurity #informationsecurity
alone. I'm not the only speaker removed: @Thomas_Drake1 was also disinvited. Others
told to alter format. #CensorCon #cyber #infosec #cybersecurity #informationsecurity
