Make sure to properly validate any user-supplied input to ensure that it is not malicious.
This can help to prevent attackers from sending crafted requests to your application.
🧵(2/n)
➡ Use a whitelist approach :
Instead of trying to identify and block specific types of malicious input, a whitelist approach allows you to specify the types of input that are allowed.
This can help to prevent attackers from sending requests to unintended destinations.
This is very useful we can install entire Kali Linux on this credit card sized computer.
Raspberry Pi also can be used in many other projects. Cybersecurity experts use it on various way.
👇: More
2. USB Rubber Ducky
The USB Rubber Ducky delivers powerful payloads in seconds by taking advantage of the target computers inherent trust all while deceiving humans by posing as an ordinary USB drive.
• /passwd: A human-readable text file which stores information of user account.
• etc/group: also a human-readable text file which stores group information as well as user belongs to which group can be identified through this file.
Thread🧵: 👇
• Encrypted password:
The X denotes encrypted password which is actually stored inside /shadow file. If the user does not have a password, then the password field will have an *(asterisk).
More : 👇
• User Id (UID): Every user must be allotted a user ID
• (UID). UID 0 (zero) is kept for root user and UIDs 1-99 are kept for further predefined accounts, UID x.x.x.x
• Group Id (GID): It denotes the group of each user; like as UIDs, the first x.x.x.x
The first step to identifying vulnerabilities in a web application is actually using the web application
More 🧵(1/n) :👇
➡ Create an account
click on the links you can see what the application does(and to identify an attack surface i.e. what parts of the application have functionality that you can attack) use the different functionality(e.g. making transactions)
🧵(2/n) :👇
• What languages/frameworks did the developer use
• What version of the server/language.
During the walk through, it’s important to think like a developer. During this process try and think of the design/implementation of a particular feature