Discover and read the best of Twitter Threads about #cybersecuritytips

Most recents (24)

The CIA not only invests with Venture Capitals, but also helps with finding interesting projects and security issues.

Why is it worth #revoking smart contracts that you interacted with?

A thread! 🧵

1/11
#CIA #crypto #approval #revoke #exploit #cybersecuritytips
Yesterday, we received an information from one of the Venture Capital company that after sending a transfer to other address, the funds immediately disappeared and according to their findings everything went to 0xdead~.

They asked us for assistance and clarification.

2/11
1) Firstly, we examined the transfer from the VC to another address. Nothing unusual happened here - it was just a normal transfer:

3/11 Image
Read 13 tweets
Several people asked me about the resources I recommend for learning GraphQL and GraphQL Hacking . Here is the list:

A Thread 🧵👇

GraphQL Basics:
- GraphQL in 40 Minutes:
- GraphQL in-depth:
- Great Website all about GraphQL: howtographql.com
Read 6 tweets
FREE cybersecurity certifications
- 15 Courses by Qualys 🧵📢

#infosec #cybersecurity #cybersecuritytips #Hacking

1. Vulnerability Management: lnkd.in/g64maMet

2. Global IT Asset Inventory: lnkd.in/gXR5bD5N

3. Scanning Strategies: lnkd.in/g6cQjQuh
4. Reporting Strategies: lnkd.in/gs6Vn-DA

5. Patch Management: lnkd.in/gnWVDCNp

6. Policy Compliance: lnkd.in/g5SXKncJ

7. PCI Compliance: lnkd.in/gZns6Xdf
8. Endpoint Detection & Response: lnkd.in/gw22Y__E

9. Vulnerability Management 2: lnkd.in/gYAFfAuT

10. Cloud Security Assessment & Response: lnkd.in/grrHivcW

11. API Fundamentals: lnkd.in/gngVxhbu
Read 5 tweets
Here's 30 fun cybersecurity search engines! 📢

Credit: @danielmakelley

#infosec #cybersecuritytips #Hacking 🧵

1. DeHashed—View leaked credentials.

2. SecurityTrails—Extensive DNS data.

3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

5. ZoomEye—Gather information about targets.

6. Pulsedive—Search for threat intelligence.

7. GrayHatWarfare—Search public S3 buckets.

8. PolySwarm—Scan files and URLs for threats.

9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.

11. DNSDumpster—Search for DNS records quickly.

12. FullHunt—Search and discovery attack surfaces.

13. AlienVault—Extensive threat intelligence feed.

14. ONYPHE—Collects cyber-threat intelligence data.
Read 11 tweets
[0]
Hello Hackers
I just created a tool/script to automate initial recon in #bugbounty.
[ Check the thread for more info about all MODE available in this tool ]

URL:- github.com/thecyberneh/sc…
[1]
1. EXP :- FULL EXPLOITATION MODE
contains functions as
- Effective Subdomain Enumeration with different services and open-source tools
- Effective URL Enumeration ( HTTP and HTTPS service )
- Run Vulnerability Detection with Nuclei
Subdomain Takeover Test on previous results
[2]
2. SUB : SUBDOMAIN ENUMERATION MODE contains functions as
Effective Subdomain Enumeration with different services and open source tools, You can use this mode if you only want to get subdomains from this tool or we can say Automation of Subdomain Enumeration.
Read 4 tweets
5 PRO tips to use in your enumeration for Active Directory pentesting:

(thread)
1. Leverage LDAP queries and enumeration tools such as ADRecon and BloodHound to gather as much information as possible about the Active Directory environment, including user accounts, group memberships, and access rights.
2. Look for common misconfigurations, such as weak passwords and unsecured administrative accounts, as well as access controls that allow users to elevate their privileges or access sensitive data.
Read 6 tweets
Let's learn Red Teaming together
[Thread]🧵👇
Read 11 tweets
Day 0⃣8⃣/2⃣0⃣ -- [Hacking File Upload Functionality]
➡️ Hitting P1's - RCE, SQL Injection, SSRF, Stored XSS, LFI, XXE, IDOR e.t.c
➡️ ➰ Below some of the best Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
File Upload Vulnerabilities Checklist
0xn3va.gitbook.io/cheat-sheets/w…
2/n
Exif Data Not Stripped From Uploaded Images
kathan19.gitbook.io/howtohunt/exif…
Read 25 tweets
Day 0⃣7⃣/2⃣0⃣ -- [Hacking Different Web Application Functionalities]
➡️ Groups & Teams
➡️ Email Contact
➡️ Submit Feedback
➡️ ➰ Below are Functionalities, Tips & References (Feel Free To Share)🧵🧵👇👇
🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
o/n
➡️ Chat Box/Support/Customer Care
➡️ Comment Functionality
➡️ Subscribe/Unsubscribe
➡️ Ecommerce Platform
➡️ Search Functionality
➡️ WebSockets
➡️ User-Agents
➡️ Cookies & Sessions
➡️ JSON Web Tokens
1/n
Blind SSRF on chatbox
hackerone.com/reports/1220688
Read 18 tweets
Day ➰➰/2⃣0⃣ -- [Hacking Bug Bounty Checklists/Methodologies]
➡️ Day ➰➰, Taking A Break! But Let's Talk About Different Hacking Methodologies.
➡️ Below are Some Of The Best Hacking Methodologies(Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
Resources-for-Beginner-Bug-Bounty-Hunters
github.com/nahamsec/Resou…
2/n
The Bug Hunter's Methodology (TBHM)
github.com/jhaddix/tbhm
Read 23 tweets
Day 0⃣6⃣/2⃣0⃣ -- [Delete/Deactivating An Account & Logout Vulnerabilities]
➡️ Day 6, Have You Ever Known That Deactivating & Logout Feature Can Be Hacked & Earn You Bounties?
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
IDOR — Let’s delete any account
medium.com/@Bohr/idor-let…
2/n
0 Click account delete CSRF
hacklido.com/d/32-csrf-atta…
Read 14 tweets
Day 0⃣5⃣/2⃣0⃣ -- [Web Application Profile/Dashboard Hacking]
➡️ Day 5, Profile Update/Dashboard Vulnerabilities & References.
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
IDOR on the dashboard
2/n
Instagram IDOR
Read 18 tweets
Day 0⃣4⃣/2⃣0⃣ -- [Hacking A Web Application Via Password Change Functionality]
➡️ Day 4, Hack A Web Application Via "Password Change Functionality"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips "No Resting Only Hacking!"
1/n
All about password reset vulnerabilities by @InfoSecComm
infosecwriteups.com/all-about-pass…
2/n
Password reset poisoning and web cache poisoning
skeletonscribe.net/2013/05/practi…
Read 22 tweets
Day 0⃣3⃣/2⃣0⃣ -- [How To Hack A Login Page!]
➡️ Day 3, How To Hack A Login Page "Exploiting Vulnerabilities On A Login Page"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
10 Common vulnerabilities found in the login functionality
redhuntlabs.com/blog/10-most-c…
2/n
Portswigger vulnerabilities on password based login
portswigger.net/web-security/a…
Read 20 tweets
Day 0⃣2⃣/2⃣0⃣ -- [Registration/SignUp Page Vulnerabilities]
➡️ Day 2, we will cover potential vulnerabilities that can affect a Registration/Sign-Up Page of a web application
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
Registration Page Vulnerabilities
github.com/carlospolop/ha…
2/n
Registration & Takeover Vulnerabilities
book.hacktricks.xyz/pentesting-web…
Read 20 tweets
Day 0⃣1⃣/2⃣0⃣ -- [Bug Bounty Reconnaissance/Information Gathering]

➡️ Being Day 1, Recon is usually the first approach when handling your target.
➡️ Below are some of the Best Checklists/Bug Bounty RECON references & Tips🧵🧵👇👇
#BugBounty
#bugbountytips
#cybersecuritytips
1/n
The Bug Hunter's Methodology v4.0 - Recon Edition by @Jhaddix
2/n
@_zwink Target Reconnaissance & Approach
Read 23 tweets
Bug Testing Methodology Series:

𝐒𝐒𝐑𝐅 (𝐒𝐞𝐫𝐯𝐞𝐫 𝐒𝐢𝐝𝐞 𝐑𝐞𝐪𝐮𝐞𝐬𝐭 𝐅𝐨𝐫𝐠𝐞𝐫𝐲)

Learn how to test for #SSRF step by step on real #bugbounty programs

Thread🧵👇

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread won't teach how SSRF works, but rather a methodology to follow while actively testing for it.

To learn about how SSRF attacks work, have a read here ➡️ portswigger.net/web-security/s…
1️⃣ Finding an attack vector

This step simply implies using the web app THOROUGHLY and finding a place where you input a URL and the server fetches it.

Ex: profile pic from URL, URL Redirects, etc.

The best tip I can give you for this step is: CLICK EVERY SINGLE BUTTON YOU SEE
Read 9 tweets
Introduction to #XSS

Learn the basics of 𝐂𝐫𝐨𝐬𝐬-𝐒𝐢𝐭𝐞 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠 (𝐗𝐒𝐒)

Thread🧵👇

#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:

The 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠 part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.

Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.

Types of XSS:

1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)

As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Read 12 tweets
15 effective websites for pentesting research:

Thread🧵👇

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
1. #SecurityTrails
Numerous DNS records.
Link: lnkd.in/dXMTMmWs
2. ExploitDB
collection of past expolitations.
Link: lnkd.in/dTAXTUQa
Read 16 tweets
Bug Testing Methodology Series:

𝐁𝐀𝐂 (𝐁𝐫𝐨𝐤𝐞𝐧 𝐀𝐜𝐜𝐞𝐬𝐬 𝐂𝐨𝐧𝐭𝐫𝐨𝐥)

Learn how to test for Broken Access Control step by step on real #bugbounty programs.

Thread🧵👇

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread will not teach exactly how Broken Access Control vulnerabilities arise, but rather a testing methodology.

If you want to learn how BAC bugs work, check this out ➡️ portswigger.net/web-security/a…
1️⃣ Know your target

In order to know what which user role can do, you have to know your target well.

If documentations are available, make full use of them, if not, use the app as much as you can from the perspective of each user role (have a different account for each role)
Read 9 tweets
Hey #OSINT, Twitter is one of the leading social media networks.

Here is the list of 10 Twitter analysis 📈📉 tools to optimise your search and digital investigation.

#CyberSec #cybersecurity #cybersecuritytips #bugbountytips

A THREAD 🧵
Read 11 tweets
📌Docker Images for Penetration Testing & Security
• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan

🧵👇

#Pentesting #infosec #cybersecuritytips
• docker pull metasploitframework/metasploit-framework - Official Metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!