Discover and read the best of Twitter Threads about #cybersecurity

Most recents (24)

SHO's are this cycles ICO's ? I like this project but this type of alphabet shuffle is a direct reaction to the lack of clarity in the market. #XRPL needs more adoption but I wonder what the impact of possible security offerings have on perception.
#NFT's and their tokens for projects that aren't built are easy targets for the @SECGov new #cybersecurity group. @GaryGensler just asked congress for more money to go after what they perceive as fraud. I am not a lawyer, but I was licensed to sale securities.
A safe harbor provision would be amazing as most projects go from centralized offerings to decentralized, chain level. The issue I see with large #NFT projects is that they cannot become sufficiently decentralized. #BAYC's proposed chain faces this issue.
Read 5 tweets
Want to break into cybersecurity? We've got something special to ease
your journey.😎

In this webinar, we will discuss industry secrets guaranteed to help you land your dream cybersecurity job.
WHAT WILL YOU LEARN?

1. How to identify a cybersecurity niche and choose a career path.

2. Learn about the technical tools and technology required for entry-level roles.

3. Ways to connect with cybersecurity mentors both home and abroad.
4. Interview preparation steps (Mock interview).

5. How to find entry-level cybersecurity job opportunities.

You can't afford to miss this, so register here: bit.ly/bicbyhacktales
Read 4 tweets
Thread on the risks of Europ's increased dependence on US LNG
1- Among the pillars of energy security:
a- Diversification of energy sources
b- Diversification of energy imports
c- Low volatility of energy prices
d- Affordability and reliability
#Russia #Natgas #LNG #EU
2- Answer the following:
a- Who benefited the most from stopping Nordstearm 2?
b- Who was the Marketing-in-Cheif of US LNG?
c- Who took advantage of Russian invasion of Ukraine to secure US LNG market share in Europe?
d- Which country is the largest gas exporter to Europe now?
3- Europe has not learned its lesson... yet!

- All they are doing now is shifting dependence from the "mined" fossil fuels to the "mined" minerals needed for the "claimed" carbon neutrality.
and most importantly: shifting Europe's dependence from Russian gas to US gas!
#Russia
Read 13 tweets
1/ #ThreatHunting

AnyDesk
Splashtop
Atera
TeamViewer
SupRemo
ScreenConnect
Remote Utilities

After breaching a network, attackers install, besides the obvious backdoors, other (legitimate) remote desktop products that can be used to re-enter the network. 🧵

#CyberSecurity
2/ The list above is not exhaustive, but defenders and incident responders must make sure that the installed remote desktop products were installed by the customer and not by an attacker.
3/ Especially in the case of an IR investigation, it is imperative to hunt for these products in the network.

But also proactively during a compromise assessment - the credentials for the remote solution could also have been leaked on a private PC (-> if possible, use MFA).
Read 4 tweets
- Un système de stockage moléculaire de l'énergie solaire permettant une restitution sous forme d'électricité ... beau potentiel
- #PaLM le nouveau modèle d' #IA de #Google : expliquer des blagues, corriger du code informatique… rien ne lui résiste. Derrière ces perf. : 540 Mds de paramètres et 9M$ pour l'entrainement…
Read 7 tweets
1/ @ESET (see tweet below) has reported that #Emotet uses LNK attachments for the initial infection vector.

We can download a sample from Bazaar by @abuse_ch for doing our own analysis (sample from 2022-05-02).

bazaar.abuse.ch/sample/ce7191e…

#CyberSecurity
2/ exiftool works very well to find out the path and command line arguments of the malicious LNK file:
3/ The analyzed sample from @Netskope calls PowerShell directly. However, in our sample, cmd.exe is called first, then PowerShell with a base64 encoded command argument.

Picture taken from here - an analysis worth reading:
netskope.com/blog/emotet-ne…
Read 8 tweets
1/ #ThreatHunting: @Avast mentions in its Q1 Threat Report that one-third of their observed rootkit activity are due to the Ring-3 rootkit R77.

Here are two hunting approaches to detect R77 on an infected system. 🧵

#CyberSecurity
2/ R77 is an open-source rootkit that attempts to hide the existence on the infected system at various levels (screenshot).

As stated on the GitHub repo, e.g., all entities where the name starts with "$77" are hidden.

github.com/bytecode77/r77…
3/ The installer creates two scheduled tasks for the 32-bit and the 64-bit r77 service, according to the GitHub Readme.

After running the installer on our lab system, no new scheduled task is visible inside the Tasks folder.
Read 10 tweets
1/ As always, an excellently written blog post by @Mandiant.

In addition to the hunting strategies outlined in the blog, I see another hunting-angle that could be worthwhile. 🧵🥷

mandiant.com/resources/unc3…

#CyberSecurity
2/ The TA deployed the C2 agent "on opaque network appliances within the victim environment; think backdoors on SAN arrays, load balancers, and wireless access point controllers. These kinds of devices don’t support antivirus or endpoint detection and response tools (EDRs),
3/ subsequently leaving the underlying operating systems to vendors to manage."

The C2 agent on the compromised servers and systems uses DynDNS domains to communicate with the C2 server.

The use of an internal DNS server, which also logs the DNS queries over an extended
Read 5 tweets
According to the report published in 2022 by Identity Theft Resource Center, 1,789 data breach incidents have been recorded. #WorldPasswordDay
According to the White House Council of Economic Advisers, the United States economy loses approximately USD 57 - USD 109 billion each year to harmful cyber activity.

#cybersecuritytips #WorldPasswordDay2022
In Dec 2021, a huge security breach at Bitmart, a crypto trading platform, resulted in hackers removing about USD 200 million in assets. A stolen private key was the major source of the security compromise, which affected two of its #Ethereum and #Binance smart chain hot wallets.
Read 9 tweets
Different Hacking/Bug Bounty Methodologies From Different Hackers/Bug Bounty Hunters.
Feel Free To Add In This Thread If You Have Any :)
#BugBounty
#bugbountytips
#CyberSecurity
infosecwriteups.com/bug-hunting-me…
Read 15 tweets
The Linux Privilege Escalation Cheatsheet... :)

Credits ~ @g0tmi1k

👇🏻🧵

#cybersecurity #infosec #linux #hacking #redteam
Operating System
What's the distribution type? What version?

cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release

What's the kernel version? Is it 64-bit?

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-
What can be learnt from the environmental variables?

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Is there a printer?

lpstat -a
Read 21 tweets
15 years ago #OTD, Estonia was targeted by the first known cyberattacks against a whole nation.

It was a wake-up call for many on how malicious actors can misuse cyberspace.

Today, Estonia is a #cybersecurity heavyweight. 3rd globally and 1st in Europe.

🧵Some highlights: 1/6
Estonia created the world's first whole-of-government cybersecurity strategy in 2008. We're now in its fourth iteration.

We can be proud of @CERT_EE, @e_riik, @EconMinEstonia, @MoD_Estonia, @MFAestonia and many others for keeping Estonia's cyberspace open, free and secure. 2/6
Estonia hosts @ccdcoe which celebrates its 14th anniversary on 14 May.

Its flagships CyCon, live-fire exercises like Locked Shields, and Tallinn Manuals on international law have increased the know-how of allies and partners & lead the discussions on cyber defence globally. 3/6
Read 6 tweets
FREE LABS TO TEST YOUR PENTEST/CTF SKILLS :-)

Retweet this to let others know :)

#cybersecurity #infosec #pentesting
Academy Hackaflag BR - hackaflag.com.br
Attack-Defense - attackdefense.com
Alert to win - alf.nu/alert1
CTF Komodo Security - ctf.komodosec.com
CMD Challenge - cmdchallenge.com
Explotation Education - exploit.education
Google CTF - lnkd.in/e46drbz8
HackTheBox - hackthebox.com
Hackthis - hackthis.co.uk
Hacksplaining - lnkd.in/eAB5CSTA
Hacker101 - ctf.hacker101.com
Hacker Security - lnkd.in/ex7R-C-e
Hacking-Lab - hacking-lab.com
Read 7 tweets
Here's a list of some high quality Bug Bounty Methodologies / checklists.

All for FREE.

🧵👇

#bugbounty #bugbountytips #infosec #cybersecurity
Recon :

For recon, I personally prefer this tutorial by @Jhaddix presented by @RedTeamVillage_

Such quality information out there. Do create your own notes post watching this.
Web App Checklist : alike-lantern-72d.notion.site/Web-Applicatio…

Kudos to @e11i0t_4lders0n for curating this gem for us.
Read 10 tweets
List of Hacking and Forensic Investigation Tools for IT Security Expert:

( Be a Hacker )

// Thread

#infosec #thesecureedge #cybersecurity #hacking #forensics #tech #thread #linux #bugbounty #DigitalTransformation
Read 14 tweets
#ThreatHunting:

1/ When examing AutoRuns entries during an IR or CA - would you consider a Scheduled Task with the name COMSurrogate and with the following launch string as malicious (spoiler: it is 😉)?

"powershell.exe" -windowstyle hidden

#CyberSecurity #dfir
2/ @Malwarebytes has found out that the Colibri malware on Windows 10 systems (and up) drops a file called Get-Variable.exe in the path %APPDATA%\Local\Microsoft\WindowsApps.
3/ "It so happens that Get-Variable is a valid PowerShell cmdlet which is used to retrieve the value of a variable in the current console. Additionally, WindowsApps is by default in the path where PowerShell is executed. So when the Get-Variable command is issued on PowerShell
Read 7 tweets
Recon Tools for Web Application Pentesting... :)

Credits ~ Khalid Maina

A Thread 🧵↓

#cybersecurity #pentesting #bugbounty
Proxy

- burpsuite
- zap proxy

Subdomain

- subfinder
- assetfinder
- amass
- sublist3r
- dig
- chaos (chaos.projectdiscovery.io)

Webspidering

- gospider
- gau
- linkfinder
- waybackurls
- hakrawler
- paramspider

Directory/fuzzing

- ffuf
- wfuzz
- gobuster
- dirbuster
Fingerprinting

- wappalyzer
- builtwith
- netcraft
- whatweb
- wafw0f

Vulnerability

- nuclei
- wpscan
- nikto

Email

- mxtoolbox
- emkei
- anonymailer
- thunderbird

Exploit

- searchsploit
- exploitdb

Sensitive data

- trufflehog
- gitsecrets
Read 5 tweets
I recently wrote a thread on my top used Bug Bounty Tools. You can find it here :



After publishing the above thread, I got lots of requests to write on my most used / favourite Burp Suite extensions.

So here's a thread on my most used Burp extensions.
1. Autorize

Autorize is straight up one of my most used and liked extensions. I personally use Autorize to automate testing for IDORs and it's very simple to use.



In the above video I've combined with our favourite @theXSSrat on using Autorize.
2. Param Miner

Anybody who's into Bug Bounty for quite sometime knows how important it is to identify parameters. Param Miner helps you do this at ease.

I personally use Param Miner to check for web cache poisoning vulnerabilities.
Read 7 tweets
موضوعنا اليوم عن:-
◀️شهادة (CyberOps) وتجربتي فيها▶️

جيب قهوتك واستمتع بالقراءة ☕️

#CyberSecurity , #Cisco Image
1⃣
اسم الشهادة:
@Cisco Certified CyberOps
تركز الشهادة عالأمن السيبراني
بالأخص مراكز العمليات الأمنية (SOC)

تنقسم الشهادة الى مستويين :
1-Associate
2-Professional

يغطي كل مستوى مجموعة من المهارات بشهائد منفصله
في هذا الثريد بنتكلم عن المستوى الأول. Image
2⃣
المهارات والمنهج المتمحور حول الشهادة:
Attack Methods
Computer Forensic and Malware Analysis
Cryptography
Data And Event Analysis
Endpoint Threat Analysis
Host-Based Analysis
Incident Response
Network Intrusion Analysis
Security Monitoring
SOC Metrics

وغيرها موضحه فالصورة: Image
Read 11 tweets
▶️ Secure API Lifecycle

[A Thread 🧵] 👇

#cybersecurity #infosec #appsec #Pentesting
1/- Design

Strong API security starts at the design stage to ensure that full consideration of Authentication and authorization and Data privacy requirements, minimize attack surfaces and threat modeling activity ensures all attack surfaces are understood before implementation.
2/- Build

The construction of API back-ends is a critical factor in ensuring API security. For each of the respective frameworks (i.e., Spring Boot, ASPNET Core, etc.), developers should consult the specific security recommendations.
Read 7 tweets
Here's a list of tools that I use on a daily basis for Bug Bounty Hunting :
1. Proxy

I use Burpsuite for this purpose.
One could also use ZAP Proxy
2. Subdomain Enumeration

I'm a big fan of amass.

One article that I would definitely recommend anybody who's using amass is this gem by @hakluke

hakluke.medium.com/haklukes-guide…
Read 11 tweets
Make your own hacking Tool with Python Request Module

#imp
^^\ Full Documentary Python Scripting Request /^^

#cybersecurity
#bugbounty #bugbountytips #hacking

{ docs.python-requests.org/en/master/ }
Beloved Features¶

Requests is ready for today’s web.

> Keep-Alive & Connection Pooling

> International Domains and URLs

> Sessions with Cookie Persistence

> Browser-style SSL Verification

> Automatic Content Decoding

> Basic/Digest Authentication
Elegant Key/Value Cookies
> Elegant Key/Value Cookies

> Automatic Decompression

> Unicode Response Bodies

> HTTP(S) Proxy Support

> Multipart File Uploads

> Streaming Downloads

> Connection Timeouts

> Chunked Requests
.netrc Support
Read 4 tweets
Visualizing #cybersecurity concepts can be a great way to learn more about specific tools, methodologies, and techniques! Here is a thread that shows 6 useful infographics on threat intelligence and related topics!🧵👇#infosec #threatintel

1⃣ - Practical Threat Intel
2⃣ - Tactics, Techniques and Procedures is an important concept to understand when you are working on threat intelligence to understand the capabilities of threat actors! 🤓 #Infosec #ttp
3⃣ - Mitre ATT&CK Matrix is became one of the references to classify and categorize attackers' TTPs! ☠️ #cybersecurity
Read 8 tweets
Recently bypassed an auth with a simple trick:
1. GET site.bruh/private => 405
(homepage was just showing "Working", opened page source, got a js file, grep all endpoints using linkfinder from js file)
2. POST site.bruh/private => 500 error: "Expected JSON body"
3. POST site.bruh/private
{} => 500 error: missing auth_key

4. POST site.bruh/private
{"auth_key":"123"} => 403

After many trials and errors (passing random values, special characters, adding commonly used tricks to bypass 403, like headers etc, nothing worked)
I was about to give up, but then i remembered a technique i used in a ctf few months ago:

POST site.bruh/private
{"auth_key":true}

200 OK
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!