Dr. Maik Ro ➡️🦋 Profile picture
Oct 7, 2022 8 tweets 4 min read Read on X
Day 3️⃣ 3️⃣

What is the one thing that separates newbie bug hunters from the professionals - let me tell you
It’s persistence. The tools and ideas that for example @Jhaddix shows is his talks are far beyond the level I thought someone would use for Bug Bounty.

There was one Technique that blew my mind 🤯
It is scraping cloud provider IP ranges (proactively and recurring)

Imagine you are hacking on a program and you want to check which assets they have.

I assume at least 99% of what’s running on the web now is hosted by Cloud Providers (AWS, Azure, GCP, Digital Ocean etc)
The big brain idea was - lets just test all their IP ranges, these are limited after all (IPv4 space).

Another important factor is https - it requires a certificate and that has a name attached to it - the domain it is for.

Ok now what?
Hackers check if an application is running on port 443 of the IP address they scan - This is the port used for https

They then compare the name of the certificate with their current target and if there is a match - BOOM!
They might have found a development server that was open to the internet but was not associated with a url - so technically the developers assumed no one would find it.

But elite bug bounty hunters do.

And they automate the detection!
@erbbysam and @daehee shared talks about details and Sam even wrote a service for it - tls.bufferover.run/dns?q=.defcon.…

- Talk: github.com/erbbysam/Hunti…)
Another tool that is used is: sslscrape → github.com/cheetz/sslScra…

🤯🤯🤯
I hope you learned something today - feel free to follow me for more insights during #30DaysOfBugBounty

#bugbounty #hacking #bugbountytips

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dr. Maik Ro ➡️🦋

Dr. Maik Ro ➡️🦋 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @maikroservice

Jul 14
How to setup effective computer interrogation 🖥️ 🔍 🕵️‍♀️ - a 🧵:
Hey friends - in this thread we will walk through the setup of zentral to allow you to query all your endpoints at once using only SQL

ready, set - GO: MAGIC 🪄✨
but first things first - why would I want this in the first place?!

GREAT question! 💜
Read 27 tweets
Jun 28
If you work in Tech/IT/Security today everyone is talking about TeamViewer.

Wanna know what happened and how you can easily triage cases like this in the future as a SOC Analyst?

Allow me to share, a 🧵:
The TeamViewer Application is used by IT Professionals and everyone who lives far away from home but still has to deal with their families’ IT problems.

It allows you to remotely login to any computer that shares some session information with you.
What happened recently was that TeamViewer announced they might have been compromised

😱😱😱
Read 16 tweets
Jun 18
The easiest way to start with Cybersecurity:
Imagine the following situation:

WOHOOOOOO - YOU WON 🥇🏆

You have your first day as the new security person.

Congratulations, this journey was not easy but you made it anyway! 🚀🎉
and of course, you are EAGER to show up on your first day and fix any security problem that comes your way!!!!!11 👩‍🔧🧑‍🔧👨‍🔧

and then you arrive… 🚗💨
Read 28 tweets
Feb 19
Walkthrough 🚶🚶‍♀️🚶‍♂️ - What does all of this mean and why should I care?! Image
In the last post I shared the screenshot above with you ⬆️

& wanted to know what you would do if you see this after an alert was triggered when a new account logged into one of the machines in your company network
First up, what do you need to do as a SOC Analyst when you see a new alert?! 🚨🤨🔍
Read 26 tweets
Jan 25
Day 2️⃣7️⃣

MITRE ATT&CK Framework for brainiacs 🧠 and other cyber stars🌟:
Imagine you are a glorious SOC Analyst working on a beautiful new case after the following alert has been thrown: Image
OH SHOOOOOOT - that is possibly bad karma, terrible mojo and defcon 1 all combined.

So you start investigating - first which machine was this on:

The webserver.
Read 26 tweets
Jan 15
Day 2️⃣6️⃣

Detecting Image
Brute Force attacks are very common lateral movement / initial access vectors because humans are inherently bad at remembering long complex passwords.
💡 What is the difference between brute-force, password spraying and credential stuffing?
Brute-Force - attackers use common usernames / password combos (e.g. root 4 linux & administrator 4 windows)

Password Spraying - one/few passwords against many accounts (internal/external)

Credential Stuffing - known credentials 4 computers that they did not yet compromise Image
Read 33 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(