Share this page!

Lohitaksh Nandan Profile picture
Twitter logo
Jan 14 β€’ 6 tweets β€’ 3 min read
Interested in learning iOS Penetration Testing?
Here is how you can start πŸ‘‡πŸ§΅

#bugbounty #bugbountytips #cybersecurity #hacking
Requirements:
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
Starting iOS App Pentest:
- Reverse engineer the IPA to check for hardcoded secrets, sensitive info etc. (Book Ref: amazon.com/Mobile-App-Rev…)
- Run MobSF static analysis, review the findings and manually validate the interesting points
- Install the IPA on jailbroken test device {Use AppSync unified/Re-sign with iOS App signer (dev account needed)}
- Run the app --> capture traffic (SSL pinning bypass with Frida/Objections)
- Perform all API related test cases
- Test Deeplinks, insecure local storage, logic bypass with response modification etc.
- Find more interesting test cases from the info you gained so far
Resources:
- Mobexler: mobexler.com
- Everything you need to know about Mobexler:
- Mobile Application Security Verification Standard: mas.owasp.org/MASVS/
- Jailbreaking steps: ios.cfw.guide/installing-pal…

#ios #pentesting #infosec

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Lohitaksh Nandan

Lohitaksh Nandan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @NandanLohitaksh

Lohitaksh Nandan Profile picture
Jan 13
What is a Blockchain?

It's a growing list of records (blocks)

The Blocks are linked together using cryptography.

It's described as a data storage:
- trustless
- fully decentralized
- peer-to-peer
- immutable

It's spread over a network of participants (nodes)

#blockchain
Β· Blocks

They contain:
- a cryptographic hash of the previous one.
- a timestamp + transaction data.

The timestamp proves that the transaction data existed when the block was published in order to get into its hash.

The blocks form a chain (hence the name).
Β· Resistance to modification

The recorded data in a block cannot be altered without altering all subsequent blocks

They are ban be managed by a p2p network for use as a publicly distributed ledger

Nodes adhere to a protocol to communicate/validate new blocks.
Read 9 tweets
Lohitaksh Nandan Profile picture
Jan 6
WANT TO LAND YOUR FIRST CYBERSECURITY JOB...??

#cybersecurity #infosec #bugbounty #hacking
1. BUILD THE FOUNDATION

Make sure you have a strong
foundation of knowledge and
skills. As a beginner focus on
improving your knowledge day
today and stay up-to-date on the
latest attacks, trends, and technologies in this field.
2. NETWORKING

Networking is a key to every
domain of IT. Attend industry
events, and connect with other
cybersecurity professionals to
build your network and maintain
a good contact.
Read 6 tweets
Lohitaksh Nandan Profile picture
Dec 21, 2022
If you're starting out and your choice is Pentester/Red Teamer, here is another plan for you πŸ‘‡πŸ§΅

#cybersecurity #infosec #hacking
- Do Penetration student course from @ine or Practical Ethical Hacking course from @TCMSecurity
- Learn OWASP top 10
- Go through the Web Security Academy from @PortSwigger (Burp Suite is one of the main tools for Web Pentest and it has a community edition)
- Practice your knowledge using vulnerable apps, like Webgoat, Juice Shop, @hackthebox_eu, @RealTryHackMe, @VulnHub and others. There are so many
Read 7 tweets
Lohitaksh Nandan Profile picture
Dec 6, 2022
Breaking into cybersecurity?
Here’s 15 FREE Interview prep resources!

These videos / guides will help you to smash your next interview!

Top 30 Penetration Tester Interview Questions / Answers
lnkd.in/eAkvQFZG

#cybersecurity #infosec #hacking
Cyber Security Interview Prep
lnkd.in/eky9v_hC

SOC Analyst Interview Questions (LetsDefend)
lnkd.in/eqFPGS-Z

GRC Entry-Level Interview Q&A (Gerald Auger, Ph.D.)
lnkd.in/eK6uti-W
Mastering the Art of the Interview (TEDX Talks / Ashley Rizzotto, M.Ed.)
lnkd.in/ecMGM5Tn

Tell Me About Yourself - A Good Answer To This Question
lnkd.in/eES-wF7Q

How to Ace a Job Interview: 10 Crucial Tips
lnkd.in/e29vxaH9
Read 6 tweets
Lohitaksh Nandan Profile picture
Dec 5, 2022
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

β€” Cyber Foundations β€”
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A

#cybersecurity #infosec #hacking
Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

β€” Hacking β€”
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
#RedTeaming - lnkd.in/et_T2DEa

β€” Vulnerability Management β€”
#Qualys - lnkd.in/eDWu2zyT

β€” SOC β€”
#Splunk - lnkd.in/et5bkjeY

β€” Engineering β€”
Secure Software Development - lnkd.in/ebGpA4wG
Maryland Software Security - lnkd.in/e3z4zFmJ
Read 4 tweets
Lohitaksh Nandan Profile picture
Nov 29, 2022
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity
7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
15. Masscan - Mass IP and port scanner.
16. Lazy Recon - Subdomain discovery.
18. XSS Hunter - Blind XSS discovery.
19. Aquatone - HTTP based recon.
20. LinkFinder - Endpoint discovery through JS files.
21. JS-Scan - Endpoint discovery through JS files.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(