Discover and read the best of Twitter Threads about #infoSec
Most recents (24)
Cybersecurity is a rapidly growing field, and the demand for qualified professionals is high. A cybersecurity certificate can help you gain the skills and knowledge you need to start a career in this in-demand field.
Here are some of the benefits of getting a cybersecurity certificate:
1. Increased job opportunities
2. Higher salaries
3. More job security
4. Personal satisfaction
5. Addition To Your Knowledge
1. Increased job opportunities
2. Higher salaries
3. More job security
4. Personal satisfaction
5. Addition To Your Knowledge
Network Security is hard!
I’ve pulled together a list of essentials for Beginners in #CyberSecurity.
Give me 3 minutes and I’ll break things down for you 👇
I’ve pulled together a list of essentials for Beginners in #CyberSecurity.
Give me 3 minutes and I’ll break things down for you 👇
1/9 🔒 Network security is a complex field with numerous aspects to consider. If you're starting your journey in cybersecurity, here are key areas to explore further. Let's dive deeper into network security! #NetworkSecurity #InfoSec
2/9 🌐 Network segmentation is crucial for protecting sensitive data. Learn about strategies like virtual LANs (VLANs) and network zoning. Understand how segregating network resources and implementing access controls help mitigate the impact of potential breaches.
Damit Ihr es nicht müsst, habe ich die Nationale #Sicherheitsstrategie nach ihren Punkten zum Informationskrieg durchblättert 🔎
Was steht über Desinformation, Propaganda und Co. drin? Quite a bit actually!
Hier ein Thread 🧵 👇
Was steht über Desinformation, Propaganda und Co. drin? Quite a bit actually!
Hier ein Thread 🧵 👇
1️⃣ Zunächst fällt auf, dass sowohl der @Bundeskanzler als auch @ABaerbock in ihren Einführungen explizit auf die Gefahr von Desinformationskampagnen hinweisen 🔎 Punkte zur Informationssicherheit werden ebenfalls gemacht.
2️⃣ Zur Sache gehts im Kapitel „Resilient: Die Sicherung unserer Werte durch innere Stärke“
Im Fokus: #Desinformation
Das Wort fällt in sieben unterschiedlichen Punkten. Beleuchten wir sie mal 🔦
Im Fokus: #Desinformation
Das Wort fällt in sieben unterschiedlichen Punkten. Beleuchten wir sie mal 🔦
1/7 🚨 #DataBreach Alert 🚨: Personal data of COVID-19 vaccine recipients in India has reportedly been leaked online via a bot on #Telegram. #CyberSecurity #PrivacyMatters
2/7 📲 The bot allowed users to input a mobile number and it would respond with personal info connected to the number, including name, gender, DOB, and vaccination center. #InfoSec #DataLeak
3/7 📂 The leaked data also includes personal info on several politicians and journalists. This is a serious breach of privacy with significant implications. #DataProtection #PrivacyRights
Hey guys,
I see that a lot of people are getting into the cybersecurity industry and are seriously looking at different career paths, learning the basics, getting their hands dirty with hands on experience, joining communities.
This is a thread. Kindly follow along.
I see that a lot of people are getting into the cybersecurity industry and are seriously looking at different career paths, learning the basics, getting their hands dirty with hands on experience, joining communities.
This is a thread. Kindly follow along.
I have also noticed that here on twitter a few CyberNewbies do not actually take their personal branding as serious as they should in line with their learning skills.
So, this is for us to learn how important Personal Branding is.
So, this is for us to learn how important Personal Branding is.
🔒🌐 Building Your Personal Brand in Cybersecurity for Newbies 👩💻🔐
Are you a cybersecurity newbie eager to land an entry-level position in the industry? Building a strong personal brand can be the key to connecting with recruiters and professionals who can help you
Are you a cybersecurity newbie eager to land an entry-level position in the industry? Building a strong personal brand can be the key to connecting with recruiters and professionals who can help you
Folk in the trade need to rally round this. The proprietor here put a great big target on their back
ICYMI - No doubt coincidental...
#InfoSec #DataProtection media, legal, #HumanRights and #Librarian Twitter were the trades I was mainly referring to
Why would such string crash Whatsapp on Android devices?
Rendering issues?
Submitted URL:
http[://wa.me/settings
Effective URL:
https[://api.whatsapp.com/resolve/?deeplink=%2Fsettings¬_found=1
#infosec #whatsappcrash
Rendering issues?
Submitted URL:
http[://wa.me/settings
Effective URL:
https[://api.whatsapp.com/resolve/?deeplink=%2Fsettings¬_found=1
#infosec #whatsappcrash
That's why!
IndexOutOfBoundsException
This exception occurs when you try to access an index that is outside the bounds of an array or a collection.
Let's roll it!
(1/3)
This exception occurs when you try to access an index that is outside the bounds of an array or a collection.
Let's roll it!
(1/3)
- Ongoing #NAFOIntel thread -
In both kinetic and information warfare as conflict progresses both the tactics involved and the terrain of the battlefield changes.
We hope this thread helps the #NAFO community along on their journey to assist #Ukraine to victory. #SlavaUkraine
In both kinetic and information warfare as conflict progresses both the tactics involved and the terrain of the battlefield changes.
We hope this thread helps the #NAFO community along on their journey to assist #Ukraine to victory. #SlavaUkraine
To begin the thread we would like to focus on the issue of #NAFOfellas now getting put in time out or getting the big bonk themselves permanently.
We have people and groups that hunt trolls and report TOS violations..
They have Pro-Putin trolls that hunt Fellas & do the same.
We have people and groups that hunt trolls and report TOS violations..
They have Pro-Putin trolls that hunt Fellas & do the same.
One of their tactics, adopted from our own.. To trigger you, and bait you into your own #TangoDown ..
Never play chess with a pigeon. Even when you win.
The pigeon just knocks all the pieces over, shits all over the board, then struts around like it won.
Never play chess with a pigeon. Even when you win.
The pigeon just knocks all the pieces over, shits all over the board, then struts around like it won.
1/14 🚀 We've put together an in-depth series on APIs, covering everything from fundamentals to AI APIs. Join us on this journey! #APIs #WebDevelopment #Coding
2/14 📚 Starting with API fundamentals, we dive into the basics that every developer should know. Get the solid foundation you need! vegibit.com/%f0%9f%93%9a-a… #APIFundamentals #BackToBasics #LearnToCode
3/14 🌐 HTTP and RESTful APIs are key to modern web services. Learn how these technologies power the web. vegibit.com/%f0%9f%8c%90-h… #RESTfulAPIs #HTTP #WebServices
1/ I am taking a little break but couldn’t resist checking-out my favourite open-source projects for any updates. Doing so, I thought it will be useful to share my top 10 projects that anyone in the #infosec field should know about. Here they are 🧵:
2/ 📊 HELK (buff.ly/3BHn9iR): The Hunting ELK (HELK) project provides an analytics and threat hunting platform for security teams to identify and respond to threats in their environment. Just load your logs and start hunting! #HELK #ThreatHunting
3/ 🔍 Sigma(buff.ly/3q12WOC ): Sigma enables infosec peeps to create rules for SIEM systems for detecting and responding to security incidents. It also allows us to share our rules in a non-vendor-specific format! Free detections anyone!?! #Sigma #SIEM
Complete Bug Bounty tool List :)
dnscan github.com/rbsec/dnscan
Knockpy github.com/guelfoweb/knock
Sublist3r github.com/aboul3la/Subli…
massdns github.com/blechschmidt/m…
nmap nmap.org
masscan github.com/robertdavidgra…
#bugbounty #bugbountytips #cybersecurity #hacking
dnscan github.com/rbsec/dnscan
Knockpy github.com/guelfoweb/knock
Sublist3r github.com/aboul3la/Subli…
massdns github.com/blechschmidt/m…
nmap nmap.org
masscan github.com/robertdavidgra…
#bugbounty #bugbountytips #cybersecurity #hacking
EyeWitness github.com/ChrisTruncer/E…
DirBuster sourceforge.net/projects/dirbu…
dirsearch github.com/maurosoria/dir…
Gitrob github.com/michenriksen/g…
git-secrets github.com/awslabs/git-se…
sandcastle github.com/yasinS/sandcas…
bucket_finder digi.ninja/projects/bucke…
DirBuster sourceforge.net/projects/dirbu…
dirsearch github.com/maurosoria/dir…
Gitrob github.com/michenriksen/g…
git-secrets github.com/awslabs/git-se…
sandcastle github.com/yasinS/sandcas…
bucket_finder digi.ninja/projects/bucke…
GoogD0rker github.com/ZephrFish/Goog…
Wayback Machine web.archive.org
waybackurls gist.github.com/mhmdiaa/adf6bf…
Sn1per github.com/1N3/Sn1per/
XRay github.com/evilsocket/xray
wfuzz github.com/xmendez/wfuzz/
patator github.com/lanjelot/patat…
datasploit github.com/DataSploit/dat…
Wayback Machine web.archive.org
waybackurls gist.github.com/mhmdiaa/adf6bf…
Sn1per github.com/1N3/Sn1per/
XRay github.com/evilsocket/xray
wfuzz github.com/xmendez/wfuzz/
patator github.com/lanjelot/patat…
datasploit github.com/DataSploit/dat…
Top free #Cybersecurity and ethical #hacking certification⚔️📓
1./Introduction to IT & Cybersecurity (Cybrary) = cybrary.it/course/introdu…
2./Mobile App Security (Cybrary) = cybrary.it/course/mobile-…
3./Introduction to Cybersecurity (edx) = edx.org/course/introdu…
1./Introduction to IT & Cybersecurity (Cybrary) = cybrary.it/course/introdu…
2./Mobile App Security (Cybrary) = cybrary.it/course/mobile-…
3./Introduction to Cybersecurity (edx) = edx.org/course/introdu…
4./Introduction to Cyber Security (Future Learn) = futurelearn.com/courses/introd…
5./Introduction to Encryption and Cryptography (Future Learn) = futurelearn.com/courses/encryp…
6./Fundamentals of Red Hat Linux (edx) = edx.org/course/fundame…
5./Introduction to Encryption and Cryptography (Future Learn) = futurelearn.com/courses/encryp…
6./Fundamentals of Red Hat Linux (edx) = edx.org/course/fundame…
7./ Introduction to Cybersecurity (Codecademy) = codecademy.com/learn/introduc…
8./ Cisco Networking Academy = netacad.com/courses/all-co…
9./ SANS Cyber Aces (covers foundation areas of cybersecurity) - cyberaces.org/courses.html
10./ Opensecurity - = opensecuritytraining.info/Training.html
8./ Cisco Networking Academy = netacad.com/courses/all-co…
9./ SANS Cyber Aces (covers foundation areas of cybersecurity) - cyberaces.org/courses.html
10./ Opensecurity - = opensecuritytraining.info/Training.html
If you are new to tech and trying to transition into cybersecurity, its true cybersecurity is expensive but i will share some free course on this thread, go through all of it.
RT for others to see, You’re welcome🥂
PS: You will need a decent laptop and an internet connection
RT for others to see, You’re welcome🥂
PS: You will need a decent laptop and an internet connection
Cybersecurity Basics - lnkd.in/ezd5Z47D
COMPTIA (networking, cloud and cyber) - lnkd.in/era9pKjP
Cybrary IT - cybrary.it
Networking - lnkd.in/gNm8RhtS
More Networking - lnkd.in/ghqw2sHZ
Even More Networking - lnkd.in/g4fp8WFa
COMPTIA (networking, cloud and cyber) - lnkd.in/era9pKjP
Cybrary IT - cybrary.it
Networking - lnkd.in/gNm8RhtS
More Networking - lnkd.in/ghqw2sHZ
Even More Networking - lnkd.in/g4fp8WFa
Linux - lnkd.in/g7KJBUYd
More Linux - lnkd.in/gUK8PU4p
Windows Server - lnkd.in/gWUTmN-5
More Windows Server- lnkd.in/gsWZQnwj
Python - lnkd.in/g_NpsqEM
CompTIA Security+ - lnkd.in/gyFy_CG9
More Linux - lnkd.in/gUK8PU4p
Windows Server - lnkd.in/gWUTmN-5
More Windows Server- lnkd.in/gsWZQnwj
Python - lnkd.in/g_NpsqEM
CompTIA Security+ - lnkd.in/gyFy_CG9
A lesser-known yet effective way of #bugbounty hunting is called "hacktivity" hunting. It involves bypassing fixes on disclosed reports found on @Hacker0x01's hacktivity page. This approach helped me score a $5k bounty! Here's how it works.👇
#InfoSec #CyberSecurity
#InfoSec #CyberSecurity
With hacktivity hunting, the hard part - finding interesting behavior or insecure features - is already done for you. Your main role is to find a bypass.
For example, I found a bypass for a report on hackerone.com/reports/949643
#BugBountyTips
For example, I found a bypass for a report on hackerone.com/reports/949643
#BugBountyTips
The original report tried to restrict access to /admin by restricting the path in Nginx. However, I bypassed it using simple encoding - /%2561dmin. Endpoints required authentication, but I bypassed this by adding ".json" at the end.
#BugBounty #Hacking
#BugBounty #Hacking
Two factor Authentication bypass : ⚔️
- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add
{XXNUMBERXX}
- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add
{XXNUMBERXX}
(1/n)
- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
(2/n)
- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.
#infosec #cybersec #bugbounty
- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.
#infosec #cybersec #bugbounty
Google Dorks - Cloud Storage #2:
site:dev.azure.com "example[.]com"
site:onedrive.live.com "example[.]com"
site:digitaloceanspaces.com "example[.]com"
Find sensitive data and company assets
#recon #bugbountytips #infosec #seo
site:dev.azure.com "example[.]com"
site:onedrive.live.com "example[.]com"
site:digitaloceanspaces.com "example[.]com"
Find sensitive data and company assets
#recon #bugbountytips #infosec #seo
Combine:
site:dev.azure.com | site:onedrive.live.com | site:digitaloceanspaces.com "example[.]com"
Add something to narrow the results: "confidential" "privileged" "apikey"
site:dev.azure.com | site:onedrive.live.com | site:digitaloceanspaces.com "example[.]com"
Add something to narrow the results: "confidential" "privileged" "apikey"
More Cloud Dorks: infosecwriteups.com/uncover-hidden…
I have unfollowed most of the people I used to follow in #infosec and pretty much all of the musicians I used to follow, from Hall and Oates to Jamiroquai to Siouxsie and the Banshees.
Every world tour and every maskless convention selfie is a betrayal... #CovidIsNotOver 🧵
Every world tour and every maskless convention selfie is a betrayal... #CovidIsNotOver 🧵
I'm finally in a point in my life where I can afford overpriced concert tickets and some travel if it's something that's really a priority to me.
But fuck no. The musicians I genuinely used to love now will never see a dime out of me ever again...
But fuck no. The musicians I genuinely used to love now will never see a dime out of me ever again...
I BitTorrent their music, because even Spotify and YouTube plays would give them a fraction of a cent each time.
My favourite musicians (musically, at least) aren't even starving artists. Have you seen Jay Kay's car collection?!
My favourite musicians (musically, at least) aren't even starving artists. Have you seen Jay Kay's car collection?!
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.
🧵👇
#bugbounty #cybersecurity #infosec #sqli
🧵👇
#bugbounty #cybersecurity #infosec #sqli
1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
2. Search fields: Search fields are often overlooked when testing for SQL injection vulnerabilities, but they can be an easy target for attackers. In un-sanitized search queries, an attacker can inject SQL code to retrieve sensitive data from the database.
40 Best PenTesting Toolkits
Information Gathering
•OSINT Framework
•Nmap
•Whois
•Recon-ng
•Wireshark
•Dnsrecon
•Google Hacking Database
•Nikto
•Dnsenum
Information Gathering
•OSINT Framework
•Nmap
•Whois
•Recon-ng
•Wireshark
•Dnsrecon
•Google Hacking Database
•Nikto
•Dnsenum
Scanning and Enumeration
•Nmap
•Nikto
•Powershell Scripts
•Openvas
•Nessus
•Sqlninja
•OWASP ZAP
•Wp-scan
•Nmap
•Nikto
•Powershell Scripts
•Openvas
•Nessus
•Sqlninja
•OWASP ZAP
•Wp-scan
Exploitation
•Metasploit
•Sqlmap
•Mitre Att&ck
•Burp Suite
•Hydra
•Netcat
•Routersploit
•Cain and Abel
•John the Ripper
•Hashcat
•Metasploit
•Sqlmap
•Mitre Att&ck
•Burp Suite
•Hydra
•Netcat
•Routersploit
•Cain and Abel
•John the Ripper
•Hashcat
Google Dorks - File Storage:
site:dropbox.com/s "example[.]com"
site:box.com/s "example[.]com"
site:docs.google.com inurl:"/d/" "example[.]com"
Find sensitive data and company accounts
#recon #bugbountytips #infosec #seo
site:dropbox.com/s "example[.]com"
site:box.com/s "example[.]com"
site:docs.google.com inurl:"/d/" "example[.]com"
Find sensitive data and company accounts
#recon #bugbountytips #infosec #seo
Combine:
site:dropbox.com/s | site:box.com/s | site:docs.google.com "example[.]com"
Add something to narrow the results: "confidential" "privileged" "not for public release"
site:dropbox.com/s | site:box.com/s | site:docs.google.com "example[.]com"
Add something to narrow the results: "confidential" "privileged" "not for public release"
More Google Dorks: infosecwriteups.com/uncover-hidden…
20 FREE Cybersecurity Certifications to Add to Resume/CV
From Noob to Pentesting Clients in 2023 👇
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
HTTP Parameter Pollution @SecGPT has seen in its training.
1. ATO via password reset
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐚𝐧𝐝 𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐞𝐧𝐭𝐬 📢
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
Awesome Reverse Engineering
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
Malware API
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
