Frooti πŸ‹ Profile picture
Director @hacktifycs | Instructor @isacindia @udemy Content Creator - https://t.co/zNAjhG25kx | Buddhist
18 Oct
The Dunning–Kruger effect :

Hypothetical cognitive bias stating that people with low ability at a task overestimate their own ability, & that people with high ability at a task underestimate their own ability

People in #bugbounty experience thisβœ…

A thread πŸ§΅πŸ‘‡
@shifacyclewala
Examples of the Dunning-Kruger effect:

➑️Work : Dunning-Kruger effect can make it difficult for people to recognize and correct their own poor performance.

That’s why employers conduct performance reviews, but not all employees are receptive to constructive criticism received.
➑️ Politics:
Supporters of opposing political parties often hold radically different views without realising what they actually knew.
Read 7 tweets
30 Sep
Job Possibilities in Security Domain πŸ‘‡

🧡

β†’ Security Analyst

Role: Analyses and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities.

@shifacyclewala
β†’ Security Consultant/Specialist:

Works with any one or all of the other roles/titles related to securing computers, networks, software, data and/or information systems against malwares or risks.
β†’ Computer Security Incident Responder:

One of creates a rapid response to security threats and attacks such as viruses and denial-of-service attacks in the organisation
Read 14 tweets
30 Sep
FREE Resources to Learn Programming βœ…πŸ‘‡
🧡

1. hackerrank.com

HackerRank- Learn and Solve Coding Challenges and boost your learning.

@shifacyclewala
#programming #development
2. javascript.info

Learn Modern JS principles & Tutorials
3. w3schools.com

Learn HTML, CSS, JS, Programming for FREE from one of the oldest resources
Read 15 tweets
30 Sep
10 Useful websites for cyber security.

🧡

@shifacyclewala
#infosec #bugbounty #security
1. @DanielMiessler

An experienced cybersecurity expert, consultant and writer. Worth reading his blogs, curated newsletters, essays, podcasts and high-quality writing.

Link:
danielmiessler.com
2. @gcluley

A longtime industry expert who held senior roles with Sophos and McAfee before deciding to begin β€œworking for myself” in 2013

Link:
grahamcluley.com
Read 11 tweets
20 Sep
A comprehensive thread on OWASP!
What is OWASP Top 10?
2013 vs 2017 vs 2021 ?
How OWASP is useful for pentesters and bug bounty hunters?
My Views on OWASP 2021 Update?

cc - @shifacyclewala @Hacktifycs
Who is Owasp?
β†’ Open Web Application Security Project
β†’ its a non-profit foundation dedicated to improving the security of software. @owasp operates as open community model, where anyone can participate in & contribute to projects, events, online chats, and more.
{1/17}
What is Owasp?
β†’ OWASP Top 10 is an online document on OWASP’s website that provides ranking of and remediation guidance for the top 10 most critical web application security risks

{2/17}
Read 18 tweets
18 Sep
A comprehensive thread on XXE Attacks.

What is XML, Entities and DTD?
How OWASP Top 10 2021 merged XXE in Security Misconfiguration?
XXE exploitation Types & Payloads for pentesters and bug bounty hunters
↓

{1/18}
Thanks to @shifacyclewala @Hacktifycs
β†’ XXE stands for XML External Entity
β†’ XXE is possible in applications which processes XML data in client side or server side
β†’ All Office documents process XML data. Eg -docx,xlsx,pptx

{2/18}
β†’ XXE attacks are possible when external entities are included and are processed.
β†’ OWASP Top 10 2017 introduced XXE at A-4 position.
β†’ OWASP Top 10 2021 merged in Security Misconfiguration at A-5

{3/18}
Read 18 tweets
16 Sep
Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?

↓

{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.

The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.

{2/16}
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.

{3/16}
Read 16 tweets
6 Jul
Infosec Entry level Interview Questions 101 πŸ“œπŸ†

PS: These are the list of questions I have come across and questions faced by my students in their interviews.

Feel free to add more below πŸ‘‡

1. What is your fav OWASP Top 10 bug
2. Explain your methodology?
#infosec #bugbounty
3. CSRF vs SSRF
4. What can an attacker do with XSS
5. Requirements of CSRF to happen
6. Root cause of Clickjacking
7. What is diff between SAST & DAST
8. Black/White/Grey Box Testing
9. What is threat, vulnerability, risk
10. What is CIA Triad
11. What are cookie attributes
12. What are most common business logic issues?
13. Question on Burpsuite Tabs
14. What are your fav open source tools?
15. How will you protect against ransomware?
16. What is XXE attack, explain any payload?
17. SSRF and what can be achieved?
18. How can we fix SQLi
#infosec
Read 7 tweets
30 Jun
Github Recon 101 πŸ†πŸ‘‡

1. Manual Enumeration
2. Automated Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
πŸ’‘Manual:
GitHub Dorking is basically finding leaks in the code pushed by the target organisation or its employees.

1. org: evilcorp[.]com
2. language:"bash" org:evilcorp[.]com
3. "target[.]com" language:python "secret" "password" "key" NOT docs NOT sandbox NOT test NOT fake
πŸ’‘Dorks:

Jenkins
Jira
OTP
oauth
authoriztion
password
pwd
ftp
ssh
dotfiles
JDBC
token
user
pass
secret
SecretAccessKey
AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
S3
https://
Read 8 tweets
29 Jun
Subdomain Enumeration 101 πŸ† πŸ‘‡

1. Passive Enumeration
2. Active Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Passive:
1. Google Dorking:
β€œsite:*.example.org -www -store -jobs -uk”
2. virustotal
3. dnsdumpster
4. crt[.]sh
5. censys[.]io
6. Rapid7 Sonar Datasets
7. Dnsbufferover

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Unique Ways:
1. dig +multi AXFR @ns1.dns.co insecuredns.com
2. CSP (curl -I -s -L https://some[.]com | grep -iE 'Content-Security|CSP')
3. Github Subdomains
4. nmap --script targets-asn --script-args targets-asn.asn=17012
5. Scraping using webscrapers
#bugbountytips
Read 9 tweets
24 Jul 20
@aboul3la Someone interested can read these files from the server, I have tested them.

logo.gif
http_auth.html
user_dialog.html
localization_inc.lua
portal_inc.lua
include
nostcaccess.html
ask.html
no_svc.html
svc.html
session.js
useralert.html
ping.html
help
@aboul3la /2
app_index.html
tlbr
portal_forms.js
logon_forms.js
win.js
portal.css
portal.js
sess_update.html
blank.html
noportal.html
portal_ce.html
portal.html
home
logon_custom.css
portal_custom.css
preview.html
session_expired
custom
portal_elements.html
commonspawn.js
common.js
@aboul3la /3
appstart.js
appstatus
relaymonjar.html
relaymonocx.html
relayjar.html
relayocx.html
portal_img
color_picker.js
color_picker.html
cedhelp.html
cedmain.html
cedlogon.html
cedportal.html
cedsave.html
cedf.html
ced.html
lced.html
files
pluginlib.js
shshim
do_url
clear_cache
Read 5 tweets