Discover and read the best of Twitter Threads about #hacking

Most recents (24)

1️⃣ NICCS Federal Virtual Training Environment (FedVTE)

Link: Image
2️⃣ SANS Cyber Aces Free Cyber Security Training Course

Link: Image
Read 7 tweets
Burpsuite frameworks.

A thread 👇🧵

#bugbounty #hacking #infosec #bugbountytips #cybersecurity #burpsuite
1️⃣ Use burpsuite to intercept and modify traffic between your web browser and a web application. This can help you test the application's security and identify vulnerabilities.
2️⃣ Use burpsuite's spider tool to automatically crawl an application and discover its functionality and content. This can help you identify hidden pages and areas of the application that may be vulnerable.
Read 11 tweets
Mercenary spyware was secretly flown to "blood soaked" Sudanese militia.

Uncovered thanks to an employee selfie.

Reminder: #EU inability to tackle #spyware crisis = global consequences.

Report by @cr0ft0n @telloglou @e_triantafillou
& @omerbenj…
Heirs to the murderous #Janjaweed have a global phone #hacking capability.

Reflect on the #NationalSecurity implications.

We've warned of this for a decade.

Yet policymakers still dither on mercenary #spyware.

It will only get worse.

Mercenary spyware companies persuaded regulators to leave them largely unregulated.

The #Sudan #militia sale is the logical conclusion.

These companies won't stop until they've burned our collective house down.
Read 7 tweets
You want a career in Cyber Security and Hacking?

BUT can't afford costly courses & subscriptions

Start with 💯 FREE @RealTryHackMe rooms:🧵

#tryhackme #infosec #Linux #Hacked #Root #pythoncode #CyberSec #Web3 #Hacking #BugBounty #learning #100daysofpython #Security
1⃣ Level:01 Introduction

1. OpenVPN
2. Welcome
3. Intro to Researching…
4. Crash Course Pentesting…
2⃣ Introductory CTF

1. Google Dorking…
2. OHsint
3. Shodan
Read 10 tweets
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Top 8 FREE cybersecurity courses with certification.


#bugbounty #pentesting #hacking #infosec #cybersecurity #pentesting #certifications
1. Introduction to Cybersecurity

🔗 Link:…
2. Networking Essentials

🔗 Link:…
Read 10 tweets
Top 10 exploited vulnerabilities in 2022.


#bugbounty #infosec #cybersecurity #CVE #hacking
1. Follina (CVE-2022-30190)
2. Log4Shell (CVE-2021-44228)
3. Spring4Shell (CVE-2022-22965)
4. F5 BIG-IP (CVE-2022-1388)
5. Google Chrome zero-day (CVE-2022-0609)
6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)
Read 5 tweets
Cybersecurity Certifications

A thread.


#bugbounty #hacking #infosec #cybersecurity Image
⭐ In this thread, I am not going to debate whether certifications are required to showcase your skill and get a job. You like it or not, certifications do add value to your resume.

That being said, I'm going to uncover top certifications with pricing based on difficulty.
1️⃣ Beginners

1. eJPT - eLearnSecurity / $200
2. eWPT - eLearnSecurity / $200
3. Pentest+ - Comptia / $397

❓CEH-Practical - EC-Council
Read 9 tweets
Testing for IDOR ( Manual-Method )
#bubgounty #infosec

🧵(1/n) :👇
➡ Base Steps :

1. Create two accounts if possible or else enumerate users first.
2. Check if the endpoint is private or public and does it contains any kind of id param.
3. Try changing the param value to some other user and see if does anything to their account.

🧵(2/n) :👇
➡ Testcase 1: Add IDs to requests that don’t have them

GET /api/MyPictureList → /api/MyPictureList?user_id=<other_user_id>

Pro tip: You can find parameter names to try by deleting or editing other objects and seeing the parameter names used.

🧵(3/n) :👇
Read 14 tweets
8 golden platforms where you can begin your Cybersecurity journey

#bugbounty #hacking #infosec #cybersecurity
1. @PortSwigger Web Academy
2. @PentesterLab

Highly recommended for Bug Bounties and Pentesting.
3. @RealTryHackMe
4. @hackthebox_eu

CTFs and Hands-on Learning.
Read 7 tweets
10 Tips to Review Code
#bugbounty #infosec #hacking

1.Important functions first
2.Follow user input
3.Hardcoded secrets and credentials
4.Use of dangerous functions and outdated dependencies

5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
6.Hidden paths, deprecated endpoints, and endpoints in development
7.Weak cryptography or hashing algorithms

More 🧵:👇
8.Missing security checks on user input and regex strength
9.Missing cookie flags
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions
Read 4 tweets
Red Team Resources 🖥

• Red Team Management by Joas…

• Awesome Red Team by yeyintminthuhtut…

• Awesome Red Team Operations by Joas…

#cybersecurity #infosec #hacking #redteam
• Awesome Adversary Simulation Toolkit by 0x1…

• Red/Purple Team by s0cm0nkey…

• SpecterOps Red Team Blog…

• iRed Team Blog…
• Red Team Tips Blog by Jean Maes

• Red Team Blog by Zach Stein

• Unstrustaland by João Paulo

• 100Security by Marcos Henrique

• Red Team Village
Read 4 tweets
12 Pentest Tools✨
#bugbounty #Infosec #hacking

A collection of custom security tools
for quick needs.

⬇⬇⬇ Version - 1 ⬇⬇⬇

See 🧵: 🔽
Converts IP address in arpa format to classical format.
Performs host command on a given hosts list using parallel to make it fast.

🧵: 🔽
• codeshare.php
Performs a string search on
Test CORS issue on a given list of hosts.

🧵: 🔽
Read 8 tweets
Tips on cybersecurity job hunting.


#hacking #infosec #bugbounty #cybersecurity
1️⃣ Certifications.

You can either be extremely skilled (mostly pentester) and showcase your public profile (HOFs, bounties) or the other way is certificates.

EOD, you have to prove your worth and let the employer know you are qualified for the job.
2️⃣ Resume

One pager.

Strictly have a one pager resume, which is not cobbled with info but neat and crisp. Highlight your most important talking points.

Tip: Use numbers wherever possible.
For example: Reported XXX bugs overall with AB.CD% accuracy.
Read 7 tweets
Malware Attack Infection Chain

#cybersecurity #infosec #hacking
During the investigation of the campaign, researchers found that the attackers employed the extensive use of both dual-use and living-off-the-land tools. Also, some of the indications say that APT hackers initially attacked and exploited the publicly facing systems and further
moved to the victim’s networks.

There are several publicly available tools of the following have been used in this attack:-

• AdFind – A publicly available tool that is used to query Active Directory.
• Winmail – Can open winmail.dat files.
Read 8 tweets
Learn Malware Analysis 🚀

⚡️Abusing dll misconfigurations
Red Canary:
Publicly disclosed DLL Hijacking

#cybersecurity #infosec #hacking
Pentestlab :
itm4n's blog:
Exploiting DLL Hijacking by DLL Proxying :
DLL Hijack Scanner:
UAC bypass - DLL hijacking:
⚡️Blogs :
SANS Malware Analysis: Tips & Tricks Poster:
Binary Posters:
RE Malware
Harlan Carvey's
Read 13 tweets
El Webinar Gratuito: "Crear un Medio Infectado con Metasploit Framework" está disponible en video. #cybersecurity #hacking #readteam #bugbounty #forensics #osint 💡… Image
Muchas Gracias @encoua31 por el retweet.
Gracias @Ciberformacion por el retweet.
Read 4 tweets

Need to practice ?
Here is a list of resources 👇

-> Set up and AD home lab:

-> Script to set up a Vulnerable AD lab:…

#cybersecurity #infosec #hacking #activedirectory
-> Collection of various common attack scenarios on Azure Active Directory:…

-> A great document full of resources here:…

-> Active Directory Exploitation Cheat Sheet:…

Retweet to lets other know 😊
Join here to get more stuffs and resources on Tech & Cybersecurity 👇🏻…
Read 3 tweets
El Webinar Gratuito: "Analizar Tráfico de Red con Tshark" está disponible en video. #cybersecurity #hacking #readteam #bugbounty #forensics #osint 💡… Image
Muchas Gracias @RubnDaroPalomin por el retweet.
Gracias por el retweet @yiy008
Read 5 tweets
Here are some Damn Vulnerable Lab lists to get your hands dirty ↓

#infosec #hacking #bugbountytips #bugbounty 🧵

AzureGoat : A Damn Vulnerable Azure Infrastructure…

AWSGoat : A Damn Vulnerable AWS Infrastructure…

DVHMA - Damn Vulnerable Hybrid Mobile App…


Damn Vulnerable GraphQL Application…

Damn Vulnerable Router Firmware (DVRF) v0.3…

DVFaaS - Damn Vulnerable Functions as a Service…

Damn Vulnerable Cloud Application

VAmPI - The Vulnerable API (Based on OpenAPI 3)
Read 7 tweets
El Webinar Gratuito: "Consejos para Iniciar una Investigación OSINT" está disponible en video. #cybersecurity #hacking #readteam #bugbounty #forensics #osint 💡… Image
Muchas Gracias @S4kura_m_o_n por el retweet.
Gracias @karlos_monge por el retweet.
Read 11 tweets
E olha que louco! Hackeei um jogo feito em JavaScript para receber comandos via Web Socket do giroscópio meu celular e ainda brinquei com @TensorFlow Machine learning na parada 😬

/1 🧵

#tensorflow #javascript #duckhunt #hacking #creativeprogramming #100daysofcode
Ah e não é só isso! Estou usando Machine Learning com @TensorFlow para entender quanto ocorre um gesto de “tiro” a partir dos meus sensores e enviar ao jogo.

Muuuuito doido não? Vamos ver até onde vou nessa brincadeira 😆

Agora é melhorar esse modelo do TensorFlow e dar uma tunada em performance 💚

Read 5 tweets
Recon Everything v2

#bugbounty #infosec #bugbountytips

• Now, if you are slightly experienced, after a few minutes of tinkering with this workflow, you will get a feeling whether it might have something interesting going on or not. This point is difficult to explain. It will come with practice.

• The weird behavior doesn’t necessarily mean you have found a bug that is worth reporting. It probably means you have a good chance so you should keep digging into it more.

Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!