πŸ‡·πŸ‡΄ cristi Profile picture
Mar 7 β€’ 9 tweets β€’ 4 min read
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? πŸ‘‡
1. Inspired by @NahamSec recent video.

First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
3. The majority of my testing is manual, mostly using Burp @PortSwigger, which is an ecosystem in of itself and it helped me find the great chunk of the hundreds of vulns I found in 2022 and 2023 alone.
4. Many of the pentests also involve code review, where most automation falls short. I found and keep finding a lot of gems by manually going through and reading code.
5. When I do network pentesting I use more automation, especially during the initial phase of the assessment, while mobile app pentesting is a combination of both.
6. The same applies to the few private bounties I participate in: some automation initially, more manual thereafter.

But but, I sell a recon course bit.ly/cybersecrecon

Yes, and that's a very solid foundation for all my current recon methods.
7. That said, automation can be very powerful, only when you're using it like no one else does.

If you're using the same tools with the same parameters (subfinder, nuclei, httpx) like everyone else, you should not expect much.

PRO tip: Code your own scripts and templates.
8. I'll probably write more about basic differentiated automation in recon in another thread here or on my blog at cristivlad.substack.com. Stay tuned!

#pentesting #appsec #infosec #cybersecurity #bugbounty #recon #hacking #ethicalhacking

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with πŸ‡·πŸ‡΄ cristi

πŸ‡·πŸ‡΄ cristi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CristiVlad25

Mar 4
More practice, less theory (but not 0 theory)

In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.

My point was not understood and I got a lot of hate for it. Image
1. Again, there's less value in being Top 1% if your experience is purely theoretical.

Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.

Get your daily real-world experience from VDPs (and not paid bounties).
Read 4 tweets
Feb 27
SSH local port forwarding, explained to humans:

ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.πŸŒπŸ’» Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
2.πŸ›£οΈπŸ“¬ Think of it like a mail forwarding service: just as you'd tell the service to forward your mail to your new address, you can tell SSH to forward traffic from a remote server to your local machine.
Read 7 tweets
Feb 26
Not a paid sponsorship, but I'd love to @HelloPaperspace :) πŸ‘‡

For the last 3-4 years, I had a VPS with 16 GB of RAM and 8 CPUs for which I paid $0.16 per hour of usage.
1. A few days ago I said I'd upgrade to a VPS with 30 GB of RAM and 12 CPUs.

Definitely a dramatically huge increase in performance! Still quite cheap at $0.3/h.

My usual monthly usage so far has been 100 hours or less.
2. I use it for cybersecurity research and for machine learning. I'll probably get an A100 in the future, which is about $3 per hour, but it's the best GPU in town. Need to make more money first.
Read 7 tweets
Feb 3
The following technique can be used to bypass AI text detection. Use it for ethical purposes only!πŸ‘‡
1. Generate whatever text you want with ChatGPT. Then reply to ChatGPT with the following:

"When it comes to writing content, two factors are crucial, "perplexity" and "burstiness." Perplexity measures the complexity of text. Separately, burstiness compares the variationsπŸ‘‡
of sentences. Humans tend to write with greater burstiness, for example, with some longer or complex sentences alongside shorter ones. AI sentences tend to be more uniform. πŸ‘‡
Read 6 tweets
Feb 3
Massive giveaway by @AppSecEngineer!

Annual PRO subscription (worth $399)

Rules to participate πŸ‘‡
1. Subscribe to my free newsletter. At cristivlad.substack.com.
2. Like and retweet this post (the top post of the thread).
Read 6 tweets
Feb 2
How to get started with machine learning: From 0 to Engineer.

(thread)
1. Math - via @khanacademy

Use these resources (all links in the last tweet):

- Khan Academy - Multivariable Calculus
- Khan Academy - Differential Equations
- Khan Academy - Linear Algebra
- Khan Academy - Statistics Probability
2. Learn Python - via @freeCodeCamp

- Learn Python: Full Course For Beginners
- Intermediate Python: Programming Course
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(