Discover and read the best of Twitter Threads about #vulnerabilities

Most recents (24)

🧵Let's talk about #Telegram - here are ten useful cybersecurity groups and channels we watch:

A thread:
1. Cyber Security News (30k+ members)

Cyber Security News is a feed channel for links to breaking news stories across the internet, everything from #TechCrunch to #Portswigger. It’s a one-stop shop for cyber-related news with your morning coffee.

telegram.me/cyber_security…
2. Cyber Security Experts (23k+ members)
A great channel for exchanging #information about #cyber, #IT, and #security. Mainly used to get answers to questions and help other security experts to enhance their security maturity.

t.me/cybersecuritye…
Read 13 tweets
⬇️very useful document offering a network perspective on societal ills currently plaguing us.

I am certainly appreciating the insights offered here and fully agree with many of the things outlined.
Please give it a read:
1/
I've been thinking more on a complexity framework to account for the non-linearity of the systems we are part of, as well as emergence and control theory.

But network & graph theory plays an enormous role there as well because complex systems can be abstracted into networks
2/ ImageImageImage
The really interesting question is not what framework or models we use to #conceptualize the relationships between society and our broken info spheres, but whether or not they are #useful to understand why we currently experience #democratic backsliding around the world
3/ ImageImageImage
Read 6 tweets
Another new idea for #PenetrationTesting and #Bug-hunting:

Tester:
Enhance the force of #vulnerabilities by doing things like
I discovered a free #URL that leads somewhere else.
Put this in my report and move on ?
To the contrary, changing the #payload allowed me to transform it into a reflected #XSS #vulnerability. Is this the final question?
Obviously not if I have any hope of carrying on.
This web app used #JWT tokens that were transmitted in the bearer header, and for some reason, there were three more cookies that also contained this token.
Only two of them were secure with #HTTP Only.
Just a wild guess.
Read 5 tweets
Here's a list of free #PenetrationTesting and #RedTeam Labs you may set up in your own home to enhance your #hacking abilities :
1) Red Team Attack Lab
A simulated setting where red teams can practice exploiting #vulnerabilities in various operating systems.
lnkd.in/ernefQv8
2) Capsulecorp Pentest
#Capsulecorp is a lightweight virtual infrastructure operated using Vagrant and Ansible. One #Linux attacking system running #Xubuntu is included, along with four #Windows 2019 servers hosting a variety of #exploitable services.

lnkd.in/eYfGmNBe
Read 10 tweets
Here are some of my favorite 💯 FREE TryHackMe Path /Rooms to learn Web Hacking.

#Hackingtime #hacking #tryhackme #Website #Pentesting #vulnerabilities

👇
Room 1⃣: HTTP In Detail

⁃ Learn about how you request content from a web server using the HTTP protocol.

🔗
tryhackme.com/room/httpindet…
Room 2⃣: Burp Suite: The Basics

⁃ An introduction to using Burp Suite for Web
Application #Pentesting .

🔗
tryhackme.com/room/burpsuite…
Read 6 tweets
Since your malicious cyberattack timelines matched cybersecurity’s research to strengthen security for years and now, you hack alone but with a cooperative goal to damage national security. Which Advanced Persistent Threats group/s #APTs are you in, #Animez_UK? Image
Converting traditional crime to cyber-enabled crime and becomes a malicious attacker against the UK, for

1- financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the UKGOV.

#Animez_UK ImageImage
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learn to communicate with #women.
-favours #authoritarianism.
-enjoys #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.

#Animez_UK ImageImage
Read 214 tweets
Having fun with cyberstalking #UKGOV, attacking organisations, universities & individuals connected to the justice system, UK #military against #NCSC, treating #intelligence & #GCHQ as jokes to your 15- 20 yrs malicious #hacking for #China & #Russia inside #Britain, @Animez_UK?01
Converting #traditional crime to cyber-enabled crime and becomes a malicious #cyberattacker against the UK, for

1- #financial income,
2- #sexual desire and #harassment with #pornography sent to #women,
3- attacks for #politics against the #UKGOV.

@Animez_UK @NCSC

02 Image
1st stage- early life:
-Experienced #exclusion/#discrimination.
-Didn’t learned to communicate with #women.
-favours #authoritarianism.
-enjoys to #control targeted women & whom against his will.
- Expresses hidden #hatred & #violence on through cyberattacks.

@Animez_UK @NCSC Image
Read 188 tweets
Top 10 Blockchain Attacks That resulted in cryptocurrency losses all around the world.

A Thread 🧵👇

#Web3 #cryptotrading #cryptocrash #Bitcoin #Blockchain #cybersecuritytips #hacking #vulnerabilities #javascript
1⃣ Exchange Hack
2⃣ DeFi Hack
Read 15 tweets
Recently I contributed to a paper on "Reporting Cyber Risk to Boards". It summarizes findings and best practices from a CISO Working Group, and is a must read for CISOs, CIOs, and other Cybersecurity executives that report to the Board.
Highlights🧵
Boards often fail to see the continuous importance of cybersecurity and have knee jerk reactions to breaking cyber stories in the media then quickly forget about it until the next big cyber incident. Typically, cybersecurity only becomes an issue when it is already too late.
In cases where cybersecurity reporting to the Board is taking place, there is a wide variety of methods, tools, and processes in use. Organizations struggle with what to report and how to obtain effective feedback from the Board.
Read 26 tweets
17. Hi, this is @akgungor_c again. Let’s come back to where we had left: Post-disaster controversies… These are indeed closely associated with how we individually and socially (re)construct the #catastrophe.
18. A disaster is the outcome(s) of a physical occurrence as well as how we perceive and process them. Like any “event”, for every disaster, there are as many accounts as the number of people who’ve been exposed to it.
19. Individual #narratives of a disaster are the expression of how we position ourselves vis-a-vis the catastrophe and its effects on us, in a sense, fabricating our own #reality.
Read 11 tweets
9. Hello again, @akgungor_c continues from where he has left :) So, I tend to think of #disasters as systemic “radiographs”. I’m not sure when I first came up with this analogy but I usually associate this idea with my own experience as a search & rescue volunteer.
10. After all, looking around in a disaster-stricken zone, few people don't come to reflect on their own #vulnerability first, then, gradually, about the vulnerability of human societies to massive #disruptions.
11. The greater the impact, the thinner seems the protective bubble provided by our physical and social systems.
Read 9 tweets
#SecurityExplained S-61: CWE-787: Out-of-bounds Write

The Out-of-bounds Write is a software security vulnerability that occurs when the data is written beyond the boundaries (i.e. past the end, before the beginning) of the intended buffer.

1/n
2/n
This weakness is also listed in the CWE TOP 25 (2021). This has been given the CWE ID as CWE-787

- This vulnerability could result in buffer overflows, memory corruption, the crash of the software or even a code execution.
3/n
As per the cwe.mitre.org, The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
Read 9 tweets
Protection against #Ransomware – how to prevent an infection.

#SSOT

Thread⬇️
1. Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected.
2. Avoid disclosing personal information: If you receive a call, text message, or #email from an untrusted source requesting personal information, do not reply. #Cybercriminals who are planning a #Ransomware attack might try to collect personal information in advance,
Read 10 tweets
We have had a busy 2021 and we look forward to 2022 which is brightened further with the spirit of Indovation and ideation. Cheers to each of you and your families. Image
2/n 2021 was a challenging year personally for many with #Covid 2nd wave but it presented professional opportunities for #startup ecosystem too. @SucSEED_IN built its maiden #AngelFund #IndovationFund, amongst overwhelming response & kept growing its strength as #AngelNetwork too ImageImage
3/n At #IndovationFund, we believe that early-stage discovery is best handled with the help of Experienced folks. We have great #SectoralCommittee structure helping us to discover, screen, curate, invest and mentor these startups, in 6 sectors of our #Fundfocus #SucSEEDfamily Image
Read 24 tweets
RDP brute-force attacks were up again in T2 2021, with 55 billion detections – a 104% increase compared to T1 2021. #ESETreserach also saw a massive surge in #RDP attacks against Spanish entities in August, accounting for a third of global all detections that month. 1/4 Image
Attackers seem to have a hard time finding new #RDP targets, yet those that are already on their list are hit more aggressively, confirmed by an increase in average daily attacks per unique client, which doubled from 1,392 attempts in T1 2021 to 2,756 in T2 2021. 2/4 Image
Password guessing was the top external network intrusion vector with 53%, followed by attempts to exploit #ProxyLogon #vulnerabilities (22%) and attempted deployment of NSA backdoor #DoublePulsar (10%). 3/4 Image
Read 5 tweets
So #ICYMI #OnThisDay in 1974, and into the following day, was the #Tornado #SuperOutbreak This montage of images is on the @NWS pages at: weather.gov/iln/19740403 Image
I have the following image as a poster in my office for several reasons, which I will expound upon in subsequent tweets. Firstly it was produced by hand by Theodore ‘Ted’ Fujita, who developed the F-scale (later the EF-Scale based in wind intensity and damage. Image
What I really noticed in the key/legend on the map was how he was also looking at the type of structure where fatalities occurred, something that other scientists (@StephenMStrader) were looking at before I came along, but once you start, you can’t stop. I’m pretty much obsessed. Image
Read 11 tweets
This thread brings together all my #infographics until today (2years of work).

These are all infographics about #infosec 🔐

Feel free to share this tweet if you think it may be useful for your #community 📚

Follow me ➡ @SecurityGuill fore more about #security #hacking #news ImageImageImageImage
How does an #Antivirus works? Image
Quick presentation of the different #Bluetooth Hacking Techniques Image
Read 44 tweets
Daily Bookmarks to GAVNet 01/12/2021 greeneracresvaluenetwork.wordpress.com/2021/01/12/dai…
Math Can Help In Deciding How To Distribute The Vaccine : NPR

npr.org/2021/01/10/955…

#vaccine
Crisis In Cosmology Gets Worse

forbes.com/sites/drdonlin…

#cosmology #crisis
Read 8 tweets
It’s our birthday! #CISAgov was established on November 16, 2018. From elections to COVID-19 to natural disasters and more, year two has been action-packed. Let’s take a trip down memory lane…
Informed by #cyber intelligence and real-world events, we issued several insight products, providing background on #cyber threats, #vulnerabilities, and mitigation activities: cisa.gov/insights #InfoSec
One key insight was in in January when we warned partners about potential Iranian retaliation against U.S. organizations—and advised them on how to assess and strengthen their physical & cyber security. This is the kind of rapid information-sharing we aim for! #InfoSecurity
Read 15 tweets
#ICS Advisory (ICSA-20-203-01) - #Wibu-Systems #CodeMeter

* Affected? Multiple #KRITIS sectors worldwide!
* CVSSv3 score? 10.0!
* Exploitable remotely? With low skill level to exploit!
#RCE 1/3
us-cert.cisa.gov/ics/advisories…
Risk Evaluation?
#exploitation of #vulnerabilities could allow an attacker to alter & forge a license file, cause a DoS condition, potentially attain remote code execution #RCE, read heap data, and prevent normal operation of third-party software dependent on the #CodeMeter! 2/3
Vulnerabilities?
Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release! 3/3
Read 3 tweets
My current #Working #Research #Topic: "A Review of the #CommonMonetaryArea of #SouthernAfrica: Are Client Countries Better-off De-Linking from the #Anchor #Economy?". I'm using #OptimumCurrencyArea #OCA #Theory to analyse the #CMA arrangement. Draft will be ready January end..!
The #CommonMonetaryArea of #SouthernAfrica or #CMA could seem to some (mostly the technically inclined) to be a no-brainer & a clear natural #OptimumCurrencyArea given the historical links between the #anchor #SouthAfrica & the #clients (#Lesotho #Eswatini & #Namibia)...
Be that as it may, 2020 marks 46 years since the #RandMonetaryArea - #RMA agreement and 34 years since the RMA was revised to establish the #CommonMonetaryArea - #CMA between #SouthAfrica, #Lesotho, Swaziland (now, #Eswatini) and #Namibia...
Read 10 tweets
#Nmap comes with 586 #NSE scripts. 148 of them are default (-sC) or version (-sV) scripts. The rest (438) have to be invoked directly or by category, so many folks don't use them. Here are my top 18 NSE scripts you should run in 2018: #DiscoveringNSE
#DiscoveringNSE 1/18: Fingerprint 100s of web apps and embedded devices with http-enum. Got Nikto? http-enum uses that fingerprint file, too. nmap.org/nsedoc/scripts… Found a device with a web interface? Check for default creds with http-default-accounts. nmap.org/nsedoc/scripts…
#DiscoveringNSE 2/18: Import a list of targets to scan directly from the XML output of another scan with targets-xml. Lots of scripts that discover new addresses let you scan them in the same command with --script-args newtargets nmap.org/nsedoc/scripts…
Read 19 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!