Share this page!

Lohitaksh Nandan Profile picture
Twitter logo
Nov 19 13 tweets 15 min read
Learn Malware Analysis 🚀

⚡️Abusing dll misconfigurations :bit.ly/3g68h6v
Red Canary: bit.ly/3hGbB97
SANS: bit.ly/3hDmk4b
Publicly disclosed DLL Hijacking opportunities:bit.ly/3AbIlNA

#cybersecurity #infosec #hacking
Pentestlab : bit.ly/2FxVQeR
itm4n's blog: bit.ly/3EuLZ8b
Exploiting DLL Hijacking by DLL Proxying : bit.ly/3g2NkcS
DLL Hijack Scanner: lnkd.in/dXb5ymbS
UAC bypass - DLL hijacking: bit.ly/3AdqC8N
⚡️Blogs :
SANS Malware Analysis: Tips & Tricks Poster: bit.ly/3AeXRZo
Binary Posters: bit.ly/3UNnSqg
RE Malware Methodology:bit.ly/3GdaI1K
APT Notes:bit.ly/3UB2ipi
Harlan Carvey's Blog:bit.ly/3E1IEvD
Dr. Fu's Blog on RE : bit.ly/3EtQccc
Rensselaer Polytechnic :lnkd.in/dzTbvRKE lnkd.in/dNDFAfy9
Tutorials:bit.ly/3DX6CrO
PE Disection Poster: bit.ly/3EuPTOn
PE File Format Graphs (Ero Carrera's blog): bit.ly/3g4TAkf
Josh Stroschein's Blog: bit.ly/3txu6Pr

⚡️RE Basics
RE For Beginners Videos: bit.ly/3hDEdjg
Resources on RE: bit.ly/3hBvEFy
RE tutorial on x86, x64, 32-bit & 64-bit ARM: bit.ly/3UVtcYG
0verfl0w Twitter:bit.ly/3AbJe8S
0xPat blog: bit.ly/3hFShsk
Intezaar: bit.ly/3EpEpeN ,bit.ly/3X355cO
RE 101:bit.ly/3TwAvFh
Slides: bit.ly/3hGJYMT Hackers-arise :bit.ly/3tuwMO1
IBM: ibm.co/3hInAmg
Malware Analysis ,RE Workflow: bit.ly/3EsmB2x
Alexandre Borges Blog: bit.ly/3GdIx2T
Josh Stroschein's Blog: bit.ly/3UWNuRT
🎃Malware :
⚡️Quakbot- MS Defender TI:
bit.ly/3trHO6D
bit.ly/3TsAZfL
bit.ly/3GeS4a4
bit.ly/3hBzQFi
bit.ly/3UVsATd
bit.ly/3UyNKqp
bit.ly/3O4Y1ba
Qakbot Dropper Analysis: bit.ly/3E51T7D
QakBot Excel Malware Analysis: bit.ly/3tJXT81
Analysis Of Qakbot's DLL Sideloading Technique: bit.ly/3g2O1Tw

⚡️Emotet:
Bromium's Blog: bit.ly/3ttSSQO
Examining Emotet Traffic: bit.ly/3EtxW2v
Emotet Maldoc Analysis :bit.ly/3GeJYhG
Zscaller: bit.ly/3WVSPuv
Kroll: bit.ly/3hA3hHQ

⚡️Tesla:
Qualys: bit.ly/3hD7lqW
Deep Analysis Agent Tesla : bit.ly/3tut2fr
AgentTesla Sample Using VBA Macros and Certutil : bit.ly/3X1BwIz
AgentTesla analysis Work Flow: bit.ly/3Eui4wG
BlackBerry : blck.by/3UJ1xKG
Agent Tesla Extraction of final payload from dropper : bit.ly/3EoCTZp
Microsoft Security Intelligence : bit.ly/3AbTYnL
⚡️Malware Analysis Cheat Sheets: bit.ly/3EqTXz2
bit.ly/3twshCk
bit.ly/3g0E9cK
bit.ly/3ts5CaE
bit.ly/3g2b14V

#cybersecurity #infosec #hacking
Join here to get more stuffs and resources on Tech & Cybersecurity 👇🏻
telegram.me/h4ckerinthehou…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lohitaksh Nandan

Lohitaksh Nandan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NandanLohitaksh

Lohitaksh Nandan Profile picture
Nov 19
Malware Attack Infection Chain
🧵👇🏻

#cybersecurity #infosec #hacking
During the investigation of the campaign, researchers found that the attackers employed the extensive use of both dual-use and living-off-the-land tools. Also, some of the indications say that APT hackers initially attacked and exploited the publicly facing systems and further
moved to the victim’s networks.

There are several publicly available tools of the following have been used in this attack:-

• AdFind – A publicly available tool that is used to query Active Directory.
• Winmail – Can open winmail.dat files.
Read 8 tweets
Lohitaksh Nandan Profile picture
Nov 16
Hacking resources that are free but are worth thousands:

#bugbounty #cybersecurity #infosec #hacking
Web Security Academy from @PortSwigger

After years of pentesting, I still come back to exercises in these labs on a regular basis for reference.

portswigger.net/web-security
All courses from @OpenSecTraining, especially the ones on x86_64 ASM and OS internals. I have used these quite a lot while learning xdev/RE.

opensecuritytraining.info/About.html
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 14
30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
13. FullHunt—Search and discovery attack surfaces.
14. AlienVault—Extensive threat intelligence feed.
12. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
Read 8 tweets
Lohitaksh Nandan Profile picture
Nov 14
17 platforms where you can begin cybersecurity:

1. HackXpert - Free labs and training.
2. TryHackMe - Hands-on exercises and labs.
3. CyberSecLabs - High quality training labs.
4. Cybrary - Videos, labs, and practice exams.

#cybersecurity #infosec #hacking #bugbounty
5. LetsDefend - Blue team training platform.
6. Root Me - Over 400 cybersecurity challenges.
7. RangeForce - Interactive and hands-on platform.
8. Certified Secure - Loads of different challenges.
9. Vuln Machines - Real world scenarios to practice.
10. Try2Hack - Play a game based on the real attacks.
11. TCM Security - Entry level courses for cybersecurity.
12. EchoCTF - Train your offensive and defensive skills.
13. Hack The Box - Cybersecurity training platform.
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 13
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 10
Websites/Platforms to learn to hack... :)

→ Hackthebox
→ Hacxpert
→ Tryhackme
→ Pentester Lab
→ Vulnhub
→ Cybrary
→ CybersecLabs
→ Root Me
→ OverTheWire
→ Vulnmachines
→ RangeForce
→ certifiedsecure
→ EchoCTF
→ Try2Hack

#cybersecurity #infosec #hacking
🌐Web Exploitation
→ Hackxpert
→ Portswigger Web Security Academy
→ Bug Bounty Hunter
→ Pentester Lab
application.security
→ OWASP Juice Shop
→ OWASP WebGoat
→ bWAPP
→ OWASP Broken Web Application
🏁CTF Based Learning
→ CTFTime
→ PicoCTF
→ 247CTF
→ Hackthissite
→ WeChall
→ W3challs
→ Hacker101
→ IO wargame
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(