Share this page!

Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
Twitter logo
30 Sep, 11 tweets, 6 min read
10 Useful websites for cyber security.

🧡

@shifacyclewala
#infosec #bugbounty #security
1. @DanielMiessler

An experienced cybersecurity expert, consultant and writer. Worth reading his blogs, curated newsletters, essays, podcasts and high-quality writing.

Link:
danielmiessler.com
2. @gcluley

A longtime industry expert who held senior roles with Sophos and McAfee before deciding to begin β€œworking for myself” in 2013

Link:
grahamcluley.com
3. @TheHackersNews

The Hacker News features the latest cybersecurity news

Link: thehackernews.com
4. @securityweekly

Security Awareness, Blogs and Webcasts for all your security needs.

Link:
securityweekly.com/blog
5. @InfosecurityMag

Infosecurity Magazine has been delivering cutting-edge cybersecurity content to readers for the past decade

Link: infosecurity-magazine.com
6. @CSOonline

CSO provides news, analysis and research on a broad range of security and risk management topics.

Link: csoonline.com
7. @troyhunt

Troy Hunt is Microsoft Regional Director and Most Valued Professional (MVP) specialising in online security and cloud development.

Link: troyhunt.com
8. @threatpost

ThreatPost is an independent news site that covers security from various aspects with articles and podcasts.

Link: threatpost.com
9. @gbhackers_news

GBHackers on security is a Cyber Security platform that covers daily Cyber Security News, Hacking News, Technology updates and Kali Linux tutorials

Link: gbhackers.com
10. @InfoSecComm

A collection of awesome write-ups from the best hackers in the worlds from topics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges etc.

Link: infosecwriteups.com

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ

Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackerGautam

Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
30 Sep
Job Possibilities in Security Domain πŸ‘‡

🧡

β†’ Security Analyst

Role: Analyses and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities.

@shifacyclewala
β†’ Security Consultant/Specialist:

Works with any one or all of the other roles/titles related to securing computers, networks, software, data and/or information systems against malwares or risks.
β†’ Computer Security Incident Responder:

One of creates a rapid response to security threats and attacks such as viruses and denial-of-service attacks in the organisation
Read 14 tweets
Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
30 Sep
FREE Resources to Learn Programming βœ…πŸ‘‡
🧡

1. hackerrank.com

HackerRank- Learn and Solve Coding Challenges and boost your learning.

@shifacyclewala
#programming #development
2. javascript.info

Learn Modern JS principles & Tutorials
3. w3schools.com

Learn HTML, CSS, JS, Programming for FREE from one of the oldest resources
Read 15 tweets
Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
20 Sep
A comprehensive thread on OWASP!
What is OWASP Top 10?
2013 vs 2017 vs 2021 ?
How OWASP is useful for pentesters and bug bounty hunters?
My Views on OWASP 2021 Update?

cc - @shifacyclewala @Hacktifycs
Who is Owasp?
β†’ Open Web Application Security Project
β†’ its a non-profit foundation dedicated to improving the security of software. @owasp operates as open community model, where anyone can participate in & contribute to projects, events, online chats, and more.
{1/17}
What is Owasp?
β†’ OWASP Top 10 is an online document on OWASP’s website that provides ranking of and remediation guidance for the top 10 most critical web application security risks

{2/17}
Read 18 tweets
Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
18 Sep
A comprehensive thread on XXE Attacks.

What is XML, Entities and DTD?
How OWASP Top 10 2021 merged XXE in Security Misconfiguration?
XXE exploitation Types & Payloads for pentesters and bug bounty hunters
↓

{1/18}
Thanks to @shifacyclewala @Hacktifycs
β†’ XXE stands for XML External Entity
β†’ XXE is possible in applications which processes XML data in client side or server side
β†’ All Office documents process XML data. Eg -docx,xlsx,pptx

{2/18}
β†’ XXE attacks are possible when external entities are included and are processed.
β†’ OWASP Top 10 2017 introduced XXE at A-4 position.
β†’ OWASP Top 10 2021 merged in Security Misconfiguration at A-5

{3/18}
Read 18 tweets
Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
16 Sep
Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?

↓

{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.

The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.

{2/16}
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.

{3/16}
Read 16 tweets
Rohit Gautam πŸ€˜πŸ΄β€β˜ οΈ Profile picture
6 Jul
Infosec Entry level Interview Questions 101 πŸ“œπŸ†

PS: These are the list of questions I have come across and questions faced by my students in their interviews.

Feel free to add more below πŸ‘‡

1. What is your fav OWASP Top 10 bug
2. Explain your methodology?
#infosec #bugbounty
3. CSRF vs SSRF
4. What can an attacker do with XSS
5. Requirements of CSRF to happen
6. Root cause of Clickjacking
7. What is diff between SAST & DAST
8. Black/White/Grey Box Testing
9. What is threat, vulnerability, risk
10. What is CIA Triad
11. What are cookie attributes
12. What are most common business logic issues?
13. Question on Burpsuite Tabs
14. What are your fav open source tools?
15. How will you protect against ransomware?
16. What is XXE attack, explain any payload?
17. SSRF and what can be achieved?
18. How can we fix SQLi
#infosec
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @HackerGautam has new unrolls!

Check out other threads from @HackerGautam!

Read all threads by @HackerGautam

:(