Rahul Bhichher Profile picture
Nov 26, 2021 7 tweets 2 min read Read on X
Shodan detects devices that are connected to the internet at any given time, the location of those devices and their current users.

It's a thread 🧵👇
You can search, hack and even get a bounty if lucky enough with @shodanhq
#infosec
1) To find vulnerable Databases:
2) To find sensitive files and directories:
3) To find vulnerable Printers:
4) To find Devices & Servers using default credentials:
5) To find Compromised devices and websites:
Feel free to add more #shodan queries.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Rahul Bhichher

Rahul Bhichher Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @rbhichher

Dec 4, 2021
Web Applications can be complex in nature, and it's not always possible for developers to prevent vulnerabilities such as XSS.

In this thread 👇🧵,

Learn how they try to prevent XSS, and in #bugbounty it's better to know the defense.
Credits: @saferinternetpr
#infosec
1) Filtering User Input: When a user inputs data into the website, the developers want it to be filtered as strictly as possible while still getting the same output as if there was no filter.
2) Response Headers: Within HTTP response headers, developers can prevent XSS that aren't supposed to have any HTML or JavaScript, they can easily use the Content-Type and X-Content-Type-Options headers to make sure that browsers are able to respond the way it's intended.
Read 7 tweets
Nov 15, 2021
Networking is a massive topic, but when starting into cyber security; you have to know the commonly used methods to uncover the potential areas of interest as an attacker you can leverage.

It's a thread 🧵 👇
#infosec
1. The OSI Model: can be seen as a universal language for computer networking. It’s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.
Read more: bit.ly/3DkBEZs
2. Encapsulation: This is the process of adding additional information when data is traveling in the OSI or TCP/IP model. The additional information has been added on the sender’s side, starting from the Application layer to the Physical layer.
Read more: bit.ly/3wNOGMh
Read 9 tweets
Nov 11, 2021
9 OSINT Tools, you might have come across.

Read about them below, it's a thread 👇.

Let me know if I missed an awesome OSINT Tool.
#OSINT #infosec
1. Maltego: Specializes in uncovering relationships among ppl, companies, domains, and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered info and plotting it all out in easy-2-read charts and graphs.
#maltego
2. Mitaka: Available as a Chrome extension and Firefox add-on, #Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, #Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(