Teaching 100,000+ individuals from 152 counties about cybersecurity! Founder @hacktifycs
Mar 30, 2022 • 7 tweets • 1 min read
Best Investments in Cyber security 🧵
1/100
Make friends with like minded people. Community building brings success
Oct 18, 2021 • 7 tweets • 2 min read
The Dunning–Kruger effect :
Hypothetical cognitive bias stating that people with low ability at a task overestimate their own ability, & that people with high ability at a task underestimate their own ability
A thread 🧵👇 @shifacyclewala
Examples of the Dunning-Kruger effect:
➡️Work : Dunning-Kruger effect can make it difficult for people to recognize and correct their own poor performance.
That’s why employers conduct performance reviews, but not all employees are receptive to constructive criticism received.
Sep 30, 2021 • 14 tweets • 2 min read
Job Possibilities in Security Domain 👇
🧵
→ Security Analyst
Role: Analyses and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities.
Works with any one or all of the other roles/titles related to securing computers, networks, software, data and/or information systems against malwares or risks.
A comprehensive thread on OWASP!
What is OWASP Top 10?
2013 vs 2017 vs 2021 ?
How OWASP is useful for pentesters and bug bounty hunters?
My Views on OWASP 2021 Update?
cc - @shifacyclewala@Hacktifycs
Who is Owasp?
→ Open Web Application Security Project
→ its a non-profit foundation dedicated to improving the security of software. @owasp operates as open community model, where anyone can participate in & contribute to projects, events, online chats, and more.
{1/17}
Sep 18, 2021 • 18 tweets • 5 min read
A comprehensive thread on XXE Attacks.
What is XML, Entities and DTD?
How OWASP Top 10 2021 merged XXE in Security Misconfiguration?
XXE exploitation Types & Payloads for pentesters and bug bounty hunters
↓
{1/18}
Thanks to @shifacyclewala@Hacktifycs
→ XXE stands for XML External Entity
→ XXE is possible in applications which processes XML data in client side or server side
→ All Office documents process XML data. Eg -docx,xlsx,pptx
{2/18}
Sep 16, 2021 • 16 tweets • 8 min read
Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
↓
{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
{2/16}
Jul 6, 2021 • 7 tweets • 3 min read
Infosec Entry level Interview Questions 101 📜🏆
PS: These are the list of questions I have come across and questions faced by my students in their interviews.
Feel free to add more below 👇
1. What is your fav OWASP Top 10 bug 2. Explain your methodology? #infosec#bugbounty3. CSRF vs SSRF 4. What can an attacker do with XSS 5. Requirements of CSRF to happen 6. Root cause of Clickjacking 7. What is diff between SAST & DAST 8. Black/White/Grey Box Testing 9. What is threat, vulnerability, risk 10. What is CIA Triad 11. What are cookie attributes
1. org: evilcorp[.]com 2. language:"bash" org:evilcorp[.]com 3. "target[.]com" language:python "secret" "password" "key" NOT docs NOT sandbox NOT test NOT fake
