Discover and read the best of Twitter Threads about #cybersecurity
Most recents (24)
A lesser-known yet effective way of #bugbounty hunting is called "hacktivity" hunting. It involves bypassing fixes on disclosed reports found on @Hacker0x01's hacktivity page. This approach helped me score a $5k bounty! Here's how it works.👇
#InfoSec #CyberSecurity
#InfoSec #CyberSecurity
With hacktivity hunting, the hard part - finding interesting behavior or insecure features - is already done for you. Your main role is to find a bypass.
For example, I found a bypass for a report on hackerone.com/reports/949643
#BugBountyTips
For example, I found a bypass for a report on hackerone.com/reports/949643
#BugBountyTips
The original report tried to restrict access to /admin by restricting the path in Nginx. However, I bypassed it using simple encoding - /%2561dmin. Endpoints required authentication, but I bypassed this by adding ".json" at the end.
#BugBounty #Hacking
#BugBounty #Hacking
Want to improve your network scanning skills with Nmap? 🕵️♀️💻
Check out these 5 quick tips to define targets, speed up scans, and scan with specific script categories! 🧵👇
#recon #recontips #AttackSurface #bugbounty #recontools #cybersecurity
Check out these 5 quick tips to define targets, speed up scans, and scan with specific script categories! 🧵👇
#recon #recontips #AttackSurface #bugbounty #recontools #cybersecurity
1/5 Let's start with how to define targets.
Define targets for nmap scan by specifying IP addresses, IP ranges, domain names, or using a target list file.
$ nmap <IP1> <IP2> …
$ nmap 192.168.0.1/24
$ nmap <domain name>
$ nmap -iL <target list file>
Define targets for nmap scan by specifying IP addresses, IP ranges, domain names, or using a target list file.
$ nmap <IP1> <IP2> …
$ nmap 192.168.0.1/24
$ nmap <domain name>
$ nmap -iL <target list file>
2/5 The Ippsec scan for basic coverage.
Perform a comprehensive network scan using nmap's Ippsec initial scan.
$ nmap 127.0.0.1 -sC -sV -oA initial_nmap_scan
Perform a comprehensive network scan using nmap's Ippsec initial scan.
$ nmap 127.0.0.1 -sC -sV -oA initial_nmap_scan
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.
🧵👇
#bugbounty #cybersecurity #infosec #sqli
🧵👇
#bugbounty #cybersecurity #infosec #sqli
1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
2. Search fields: Search fields are often overlooked when testing for SQL injection vulnerabilities, but they can be an easy target for attackers. In un-sanitized search queries, an attacker can inject SQL code to retrieve sensitive data from the database.
"The future of #ChemicalEngineering"
I asked @slidesgpt to create a slide deck on the topic with #AI.
Some might say "pretty generic" again but let me tell you:
At every conference, there are presentations looking at least partially like this.
Let's go through it.
1/15
I asked @slidesgpt to create a slide deck on the topic with #AI.
Some might say "pretty generic" again but let me tell you:
At every conference, there are presentations looking at least partially like this.
Let's go through it.
1/15
For a start, it is good that @slidegpt warns you that you should have a critical look at the content.
2/15
2/15
If you want to talk about the future, start with the past. Okay.
It also gives you a comment so that you can just make a karaoke session out of it:
"[...] Understanding this history is important for understanding the current state of the field and predicting its future."
3/15
It also gives you a comment so that you can just make a karaoke session out of it:
"[...] Understanding this history is important for understanding the current state of the field and predicting its future."
3/15
Today's Twitter threads (a Twitter thread).
Inside: The Golden Rule (them what has the gold makes the rules); and more!
Archived at: pluralistic.net/2023/03/25/con…
#Pluralistic 1/
Inside: The Golden Rule (them what has the gold makes the rules); and more!
Archived at: pluralistic.net/2023/03/25/con…
#Pluralistic 1/
I'm kickstarting the #audiobook for my next novel, an anti-finance finance thriller about #SiliconValley scams called *Red Team Blues*. #Amazon's #Audible refuses to carry my audiobooks because they're #DRM free, but crowdfunding makes them possible:
kickstarter.com/projects/docto… 2/
kickstarter.com/projects/docto… 2/
The Golden Rule (them what has the gold makes the rules): Dobbs, SVB, the Internet Archive, antitrust and the law's foundation in norms, not consistency.
3/
3/
20 FREE Cybersecurity Certifications to Add to Resume/CV
casbt1osint.blogspot.com/2023/03/blog-p…
Списання вийшло з-під контролю: Росія зняла зі зберігання Т-54
Списання вийшло з-під контролю: Росія зняла зі зберігання Т-54
Команда CIT отримала фотографії потяга, який везе військову техніку з Далекого Сходу. Ми ідентифікували їх як радянські середні танки сімейства Т-54/55: в одному ешелоні були і Т-54, і танки, які могли бути пізніми Т-54 або Т-55 (див. ілюстрацію).
Як стало відомо, нещодавно цей ешелон вирушив з Арсеньєва Приморського краю, де розташована 1295-та центральна база резерву і зберігання танків.
From Noob to Pentesting Clients in 2023 👇
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
1/ The content below is from a file named install.bat and stems from a recent investigation where a TA launched this batch file. 👀
What's going on?
Well, VboxUpdate.exe is, in fact, tor.exe, and a new service is created, launching tor with a config file.
🧵 #CyberSecurity
What's going on?
Well, VboxUpdate.exe is, in fact, tor.exe, and a new service is created, launching tor with a config file.
🧵 #CyberSecurity
2/ Below is an excerpt from the content of config.txt; the configuration file passed as an argument to the tor service.
If you think this looks a lot like RDP Tunneling, you are absolutely right. 🥇
If you think this looks a lot like RDP Tunneling, you are absolutely right. 🥇
3/ Head over to the allthingsdfir blog to read a more profound write-up about the techniques used here and how they work together.
allthingsdfir.com/rdp-over-tor/
allthingsdfir.com/rdp-over-tor/
Mega Thread
This is an attempt to lay out an extensive timeline of events with sources for reference, leading to what the World Economic Forum and World Leaders like to call “The Great Reset”.
This is an attempt to lay out an extensive timeline of events with sources for reference, leading to what the World Economic Forum and World Leaders like to call “The Great Reset”.
I prefer to call this leviathan the BioSecurity State. Its preparation and the infrastructure put into place dates back at least 21 years, although it can be argued it goes back much further.
I realize there are significant historical events I leave out like 9/11 and subsequent wars. I try to focus on key events, stories and documents that builds specifically upon the narrative of pandemics, digital ID, digital currency and cyber security which are interlinked towards… twitter.com/i/web/status/1…
1/ Real-World #PingCastle Finding #13: Allow log on locally
➡️ Domain Users are eligible to log into DC's 🤯🙈
"When you grant an account the Allow logon locally right, you are allowing that account to log on locally to all domain controllers in the domain." [1]
#CyberSecurity
➡️ Domain Users are eligible to log into DC's 🤯🙈
"When you grant an account the Allow logon locally right, you are allowing that account to log on locally to all domain controllers in the domain." [1]
#CyberSecurity
2/ Why is this a bad idea?
"If you do not restrict this user right to legitimate users who must log on to the console of the computer, unauthorized users could download and run malicious software to elevate their privileges." [1]
"If you do not restrict this user right to legitimate users who must log on to the console of the computer, unauthorized users could download and run malicious software to elevate their privileges." [1]
3/ I encountered this finding several times in our AD assessments, so you better check your settings in your domain right now (better safe than sorry 🔒).
Good luck 🍀
Good luck 🍀
#cybersecurity #pentesting #hacking #DataSecurity
Cybersecurity is essential for protecting our digital lives. From personal devices to enterprise systems, cyber threats are ever-present and evolving. As technology advances, so do the tactics and techniques of cybercriminals.
Cybersecurity is essential for protecting our digital lives. From personal devices to enterprise systems, cyber threats are ever-present and evolving. As technology advances, so do the tactics and techniques of cybercriminals.
One of the most important steps in securing our digital lives is to use strong, unique passwords. This means avoiding common words and phrases, & instead using a combination of letters, numbers, and symbols. It's also important to avoid reusing passwords across multiple accounts.
Another key aspect of cybersecurity is keeping software up to date. Software companies regularly release updates that include security patches and bug fixes. By keeping your software up to date, you can protect against known vulnerabilities that cybercriminals may exploit.
HTTP Parameter Pollution @SecGPT has seen in its training.
1. ATO via password reset
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
1/ Do you monitor newly created services within your environment, and would you notice when a (vulnerable) driver is loaded?
The screenshot below (#Velociraptor 🤩) is from a recent #XMRig CoinMiner investigation ⤵️
🧵 #CyberSecurity
The screenshot below (#Velociraptor 🤩) is from a recent #XMRig CoinMiner investigation ⤵️
🧵 #CyberSecurity
2/ We talked about vulnerable drivers before:
3/ And here:
🚀🔒Exciting news! SecGPT is now LIVE!
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.
Its knowledge increases as more reports and writeups are published.
Its knowledge increases as more reports and writeups are published.
2. Explore SecGPT's capabilities and see how it can assist you in enhancing your cybersecurity expertise.
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Using @spiderfoot for Offensive Reconnaissance: Part 1 – Discovery 🔍 #OSINT
🔴 Exploring high correlations
🔴 Software and vulnerabilities
🔴 Other detections and their significance
#HackerContentBlogs
Part 2 in Thread 🧵👇
intel471.com/blog/using-spi…
🔴 Exploring high correlations
🔴 Software and vulnerabilities
🔴 Other detections and their significance
#HackerContentBlogs
Part 2 in Thread 🧵👇
intel471.com/blog/using-spi…
Using @spiderfoot for Offensive Reconnaissance: Part 2 – Validation ✅ #OSINT
🟢 Feasible exploitation
🟢 OpenSSH bugs and port enumeration
🟢 Validating the XSS vulnerabilities
#HackerContentBlogs
intel471.com/blog/using-spi…
🟢 Feasible exploitation
🟢 OpenSSH bugs and port enumeration
🟢 Validating the XSS vulnerabilities
#HackerContentBlogs
intel471.com/blog/using-spi…
These @spiderfoot articles were created through #HackerContent! 📖✍️
If you’re interested in getting some #cybersecurity-focused content or social media management for your organization, DM us, or check hackercontent.com!
If you’re interested in getting some #cybersecurity-focused content or social media management for your organization, DM us, or check hackercontent.com!
1/ #Velociraptor has covered hunting for malicious WMI Event Consumers for some time. [1]
However, Velociraptor does not provide an eradication hunt for malicious WMI Event Consumers out of the box.
🧵 #CyberSecurity
However, Velociraptor does not provide an eradication hunt for malicious WMI Event Consumers out of the box.
🧵 #CyberSecurity
2/ @threatpunter wrote a detailed blog about WMI persistences and how to remove them.
"The simplest method to remove the entry from the WMI database is to use Autoruns. Launch Autoruns as an administrator and select the WMI tab to review WMI-related persistence." ✂️
"The simplest method to remove the entry from the WMI database is to use Autoruns. Launch Autoruns as an administrator and select the WMI tab to review WMI-related persistence." ✂️
3/ "Alternatively, you can remove the WMI event subscriptions from the command line." [2]
1/10 🚀🌐 The Hypergraph by @Conste11ation is a game-changer in the #crypto world, and its potential goes beyond digital currencies. It can revolutionize different industries by providing a scalable and gasless fee structure.
$DAG #HGTP
$DAG #HGTP
2/10 🌍 #ERP software providers can create more secure and efficient supply chain management. With HGTP's ability to weave together data from different networks, enabling real-time tracking and transparency of inventory, orders, and deliveries.
$OBS @ObiusERP
$OBS @ObiusERP
3/10 💰 In the financial industry, the #Hypergraph can be used to create decentralized exchanges that allow for cross-chain asset exchanges with much faster transaction times, lower fees and greater liquidity. 💸💰
$LTX @LatticeExchange
$LTX @LatticeExchange
I never rely on automation alone.
In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
1. One instance was running a software vulnerable to arbitrary file deletion. Nuclei didn't even smell it, unfortunately.
What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
2. Another instance was running a software vulnerable to RCE. Thanks @infosec_au for the amazing work that help uncover this.
Nuclei has some templates for this, but they didn't catch it.
Similar to #1, I dug deeper manually and confirmed the vulnerabilty.
Nuclei has some templates for this, but they didn't catch it.
Similar to #1, I dug deeper manually and confirmed the vulnerabilty.
1/ Number #10 of the #ActiveDirectory hardening measures:
Easy Wins (for Attackers)
🧵 #CyberSecurity
Easy Wins (for Attackers)
🧵 #CyberSecurity
This is the last thread in this AD hardening measure series, but there would still be so much to discuss 😅
Here are more points you should focus on to defend your networks even better.
Here are more points you should focus on to defend your networks even better.
"Administrative accounts should never be enabled for delegation.
You can prevent these privileged accounts from being targeted by enabling the ‘Account is sensitive and cannot be delegated’ flag on them. You can optionally add these accounts to the ‘Protected Users’ group.
You can prevent these privileged accounts from being targeted by enabling the ‘Account is sensitive and cannot be delegated’ flag on them. You can optionally add these accounts to the ‘Protected Users’ group.
🚨🔍👨💻🛡️ I got few questions about what a Detection Engineers does. Daily tasks range from monitoring security systems to designing and developing detection logic? Here are some common tasks that I perform on given day #Cybersecurity #DetectionEngineer #SecurityOperations #SIEM
1️⃣ Building SIEM Architecture
Some detection engineers build SIEM architecture to collect, process, store, analyze, and respond to security-related data from various sources to identify potential security threats and alerts the security team.
Some detection engineers build SIEM architecture to collect, process, store, analyze, and respond to security-related data from various sources to identify potential security threats and alerts the security team.
2️⃣ Monitoring Security Systems
Detection engineers monitor security systems, review logs/alerts/reports, identify potential threats, and investigate suspicious activities. Essential in security ops.
Detection engineers monitor security systems, review logs/alerts/reports, identify potential threats, and investigate suspicious activities. Essential in security ops.
-Amatör Telsizcilik 101-
Arkadaşlarınızla yakın muhabereden tutun da uzay istasyonu dinlemeye kadar varan Amatör Telsizcilik belgesi hakkında bir flood hazırlamak istedik.
resim: @hayrodayi
Arkadaşlarınızla yakın muhabereden tutun da uzay istasyonu dinlemeye kadar varan Amatör Telsizcilik belgesi hakkında bir flood hazırlamak istedik.
resim: @hayrodayi
"Ülkelerin gelişmişlik düzeyinde baz alınan ölçütlerden birisi de o ülkedeki amatör telsizci sayısıdır."
-Sir Murat Şen (@TA2AWR)
Amatör Telsizcilik, alanı gereği fizik, coğrayfa vb konularla da yakından ilgilidir.
-Sir Murat Şen (@TA2AWR)
Amatör Telsizcilik, alanı gereği fizik, coğrayfa vb konularla da yakından ilgilidir.
6 Şubat 2023 tarihinde yaşanan Deprem Felaketinde gördüğümüz üzere GSM hatları çalışamaz duruma geldi, bu durumda amatör telsizciliğin hayat kurtardığını bir kez daha görmüş olduk, muhabere açısından ülkemiz için çok kıymetli bir alan bu yüzden dolayı.
2/ There exists a ton of different techniques of how attackers can relaying credentials to another host in order to raise their privileges or get a shell on the target server.
3/ @TrustedSec has written an excellent blog post about the different relaying techniques, how they work and which prerequisites have to be in place that the attack is successful. [1]
CAN I BE HACKED VIA BLUETOOTH?
Yes,
Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
Yes,
Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
What is a Bluetooth Attack?
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
Types of Bluetooth Attacks
· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
