From Noob to Pentesting Clients in 2023 π 1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
Mar 19, 2023 β’ 4 tweets β’ 1 min read
This got interesting very fast, business development with ChatGPT, concise.
Mar 19, 2023 β’ 5 tweets β’ 3 min read
HTTP Parameter Pollution @SecGPT has seen in its training. 1. ATO via password reset
The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
Mar 17, 2023 β’ 7 tweets β’ 4 min read
ππExciting news! SecGPT is now LIVE!
Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.π 1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.
Its knowledge increases as more reports and writeups are published.
Mar 16, 2023 β’ 4 tweets β’ 2 min read
I never rely on automation alone.
In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
1. One instance was running a software vulnerable to arbitrary file deletion. Nuclei didn't even smell it, unfortunately.
What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
Mar 14, 2023 β’ 11 tweets β’ 2 min read
Broken Access Control attack vectors, by #ChatGPT4 π 1. IDOR
This occurs when an application exposes internal implementation objects, such as files, directories, or database keys, without proper authorization checks. Attackers can manipulate these references to gain unauthorized access to sensitive data.
Mar 13, 2023 β’ 7 tweets β’ 3 min read
Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports.
I've asked it for some XXE payloads found in the reports. 1. Basic XXE payload
`<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>`
Mar 11, 2023 β’ 8 tweets β’ 3 min read
Unlocking the Secrets: Breaking Access Controls, the basics π
(from the AI model I'm currently training on security reports) 1. Direct object reference
This occurs when an attacker is able to access a resource directly by manipulating a parameter in the URL or form data.
Mar 8, 2023 β’ 6 tweets β’ 1 min read
Large language models exhibit emergent abilities π
1. Large language models (LLMs) exhibit emergent abilities after crossing a critical value of effective parameters
Mar 7, 2023 β’ 9 tweets β’ 4 min read
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? π
1. Inspired by @NahamSec recent video.
First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
Mar 4, 2023 β’ 4 tweets β’ 3 min read
More practice, less theory (but not 0 theory)
In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.
My point was not understood and I got a lot of hate for it. 1. Again, there's less value in being Top 1% if your experience is purely theoretical.
Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
Feb 27, 2023 β’ 7 tweets β’ 2 min read
SSH local port forwarding, explained to humans:
ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server
1.ππ» Have you ever wanted to access a remote server as if it were running on your local machine? That's where local port forwarding comes in!
Feb 26, 2023 β’ 7 tweets β’ 2 min read
Not a paid sponsorship, but I'd love to @HelloPaperspace :) π
For the last 3-4 years, I had a VPS with 16 GB of RAM and 8 CPUs for which I paid $0.16 per hour of usage. 1. A few days ago I said I'd upgrade to a VPS with 30 GB of RAM and 12 CPUs.
Definitely a dramatically huge increase in performance! Still quite cheap at $0.3/h.
My usual monthly usage so far has been 100 hours or less.
Feb 3, 2023 β’ 6 tweets β’ 3 min read
The following technique can be used to bypass AI text detection. Use it for ethical purposes only!π
1. Generate whatever text you want with ChatGPT. Then reply to ChatGPT with the following:
"When it comes to writing content, two factors are crucial, "perplexity" and "burstiness." Perplexity measures the complexity of text. Separately, burstiness compares the variationsπ
Use these resources (all links in the last tweet):
- Khan Academy - Multivariable Calculus
- Khan Academy - Differential Equations
- Khan Academy - Linear Algebra
- Khan Academy - Statistics Probability
Feb 1, 2023 β’ 6 tweets β’ 1 min read
The art of getting lucky by turning the odds in your favor. @naval.
4 ways, only one works well.
(thread)
1. Hope luck finds you.
Feb 1, 2023 β’ 8 tweets β’ 4 min read
SSRF via PDF? Now made easy.
(thread)
1. Go to @jonasl github and clone this repo. Can't paste the link, for some reason @twitter thinks it's malicious...
Jan 29, 2023 β’ 6 tweets β’ 3 min read
Privilege escalation in Windows using 4 tools for red teamers and pentesters.
(thread)
1. WinPEAS - it's a simple .exe script you can run as: winpeas.exe > outputfile.txt