Share this page!

Lohitaksh Nandan Profile picture
Twitter logo
Dec 6 6 tweets 5 min read
Breaking into cybersecurity?
Here’s 15 FREE Interview prep resources!

These videos / guides will help you to smash your next interview!

Top 30 Penetration Tester Interview Questions / Answers
lnkd.in/eAkvQFZG

#cybersecurity #infosec #hacking
Cyber Security Interview Prep
lnkd.in/eky9v_hC

SOC Analyst Interview Questions (LetsDefend)
lnkd.in/eqFPGS-Z

GRC Entry-Level Interview Q&A (Gerald Auger, Ph.D.)
lnkd.in/eK6uti-W
Mastering the Art of the Interview (TEDX Talks / Ashley Rizzotto, M.Ed.)
lnkd.in/ecMGM5Tn

Tell Me About Yourself - A Good Answer To This Question
lnkd.in/eES-wF7Q

How to Ace a Job Interview: 10 Crucial Tips
lnkd.in/e29vxaH9
Cybersecurity Interview Preparation Playlist (Jon Good)
lnkd.in/ek-x4cPx

How To Be Confident In Interviews
lnkd.in/eGQgXbKJ

How To Crush Any Interview
lnkd.in/eWr2mU57

10 Best Questions to Ask an Interviewer
lnkd.in/efMbFn4S
How to Ace Your Job Interview (David Bombal)
lnkd.in/eKyqWpCU

Cybersecurity Practice Interview Questions Playlist (Josh Madakor)
lnkd.in/eqw-Z-tD

How to Prepare for a Cyber Security Interview (Cyberspatial)
lnkd.in/eTzegN6G
How to Fail a Cybersecurity Interview (Cyberspatial)
lnkd.in/eu_KyAf2

Do you have any other tips / advice you would give to people looking for their first role in cyber?

#cybersecurity #infosec #hacking

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lohitaksh Nandan

Lohitaksh Nandan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NandanLohitaksh

Lohitaksh Nandan Profile picture
Dec 5
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

— Cyber Foundations —
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A

#cybersecurity #infosec #hacking
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
#RedTeaming - lnkd.in/et_T2DEa

— Vulnerability Management —
#Qualys - lnkd.in/eDWu2zyT

— SOC —
#Splunk - lnkd.in/et5bkjeY

— Engineering —
Secure Software Development - lnkd.in/ebGpA4wG
Maryland Software Security - lnkd.in/e3z4zFmJ
Read 4 tweets
Lohitaksh Nandan Profile picture
Nov 29
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 23
Blind XSS and More techniques!

#bugbounty #bugbountytips #cybersecurity
• Blind XSS-> Type of stored XSS. (Payload gets stored on a web page)

• Where do you find them? - In places you cannot access.
> An admin panel
> A log history restricted to admins
> A feedback form that goes straight to the admin
> A chat bot message to the support team
• Where do you put the payloads?
> In headers (eg: in Referer and User-Agent headers while filling forms)
> Put the payload in your username and self-report yourself ;)

• But how will you know if the payload actually fires?
> XSShunter!
Read 5 tweets
Lohitaksh Nandan Profile picture
Nov 22
Red Team Resources 🖥

• Red Team Management by Joas
github.com/CyberSecurityU…

• Awesome Red Team by yeyintminthuhtut
github.com/yeyintminthuht…

• Awesome Red Team Operations by Joas
github.com/CyberSecurityU…

#cybersecurity #infosec #hacking #redteam
• Awesome Adversary Simulation Toolkit by 0x1
0x1.gitlab.io/pentesting/Red…

• Red/Purple Team by s0cm0nkey
s0cm0nkey.gitbook.io/s0cm0nkeys-sec…

• SpecterOps Red Team Blog
posts.specterops.io/tagged/red-tea…

• iRed Team Blog
ired.team/?trk=public_po…
• Red Team Tips Blog by Jean Maes
redteamer.tips

• Red Team Blog by Zach Stein
synzack.github.io

• Unstrustaland by João Paulo
untrustaland.com

• 100Security by Marcos Henrique
100security.com.br

• Red Team Village
redteamvillage.io
Read 4 tweets
Lohitaksh Nandan Profile picture
Nov 22
2FA Bypass Techniques :)
🧵👇🏻

#bugbounty #bugbountytips #cybersecurity
1. Response Manipulation: In response, if "success":false Change it to "success":true

2. Status Code Manipulation: If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response: Check the response of the 2FA Code Triggering Request to see if the code is leaked

4. JS File Analysis: Rare but some JS Files may contain some information about the 2FA Code

5. 2FA Code Reusability: Same code can be reused
Read 6 tweets
Lohitaksh Nandan Profile picture
Nov 19
Malware Attack Infection Chain
🧵👇🏻

#cybersecurity #infosec #hacking
During the investigation of the campaign, researchers found that the attackers employed the extensive use of both dual-use and living-off-the-land tools. Also, some of the indications say that APT hackers initially attacked and exploited the publicly facing systems and further
moved to the victim’s networks.

There are several publicly available tools of the following have been used in this attack:-

• AdFind – A publicly available tool that is used to query Active Directory.
• Winmail – Can open winmail.dat files.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(