Lohitaksh Nandan Profile picture
Just a TECHNOPHILE... | Building @hackerinhouse
Mother Data Profile picture 2 added to My Authors
Jan 31 6 tweets 6 min read
18 Threat Hunting and OSINT Tools 🔥

1. shodan.io - Search for devices connected to the internet and their vulnerabilities
2. prowl.lupovis.io - Free IP search & identifications of IoC and IoA

#cybersecurity #infosec #hacking #OSINT 3. intelx.io - Search engine for data archives.
4. netlas.io - Search and monitor devices connected to the internet
5. urlscan.io - Scan a website incoming and outgoing links and assets
Jan 24 7 tweets 3 min read
10 Ways to Bypass CSRF Defense Mechanism

A Thread 🧵
#bugbounty #bugbountytips #cybersecurity 1. Change GET request to POST request, and vice versa.

2. Remove the CSRF token and send the request and check whether the application is accepting the request without the token.And also send empty parameter and check.
Jan 14 6 tweets 3 min read
Interested in learning iOS Penetration Testing?
Here is how you can start 👇🧵

#bugbounty #bugbountytips #cybersecurity #hacking Requirements:
- Mac (Intel/M1/M2) Or Mobexler virtual machine (Apple proprietary tools not available)
- Jailbroken iPhone Or Corellium virtual iOS device
Jan 13 9 tweets 2 min read
What is a Blockchain?

It's a growing list of records (blocks)

The Blocks are linked together using cryptography.

It's described as a data storage:
- trustless
- fully decentralized
- peer-to-peer
- immutable

It's spread over a network of participants (nodes)

#blockchain · Blocks

They contain:
- a cryptographic hash of the previous one.
- a timestamp + transaction data.

The timestamp proves that the transaction data existed when the block was published in order to get into its hash.

The blocks form a chain (hence the name).
Jan 6 6 tweets 2 min read
WANT TO LAND YOUR FIRST CYBERSECURITY JOB...??

#cybersecurity #infosec #bugbounty #hacking 1. BUILD THE FOUNDATION

Make sure you have a strong
foundation of knowledge and
skills. As a beginner focus on
improving your knowledge day
today and stay up-to-date on the
latest attacks, trends, and technologies in this field.
Dec 21, 2022 7 tweets 4 min read
If you're starting out and your choice is Pentester/Red Teamer, here is another plan for you 👇🧵

#cybersecurity #infosec #hacking - Do Penetration student course from @ine or Practical Ethical Hacking course from @TCMSecurity
- Learn OWASP top 10
- Go through the Web Security Academy from @PortSwigger (Burp Suite is one of the main tools for Web Pentest and it has a community edition)
Dec 6, 2022 6 tweets 5 min read
Breaking into cybersecurity?
Here’s 15 FREE Interview prep resources!

These videos / guides will help you to smash your next interview!

Top 30 Penetration Tester Interview Questions / Answers
lnkd.in/eAkvQFZG

#cybersecurity #infosec #hacking Cyber Security Interview Prep
lnkd.in/eky9v_hC

SOC Analyst Interview Questions (LetsDefend)
lnkd.in/eqFPGS-Z

GRC Entry-Level Interview Q&A (Gerald Auger, Ph.D.)
lnkd.in/eK6uti-W
Dec 5, 2022 4 tweets 7 min read
Amazing FREE Cyber Security Courses

Help you get started or get better at things like Cloud ☁️

— Cyber Foundations —
ISC(2) Certified in Cyber - lnkd.in/e6jB_6af
Cyber Security - lnkd.in/eueCSF6A

#cybersecurity #infosec #hacking Cisco Cyber Induction - lnkd.in/e8C3jacc
Cisco Cyber Essentials - lnkd.in/eTQNsbyF
Fortinet NSE - lnkd.in/es3c_Q6E

— Hacking —
PortSwigger Web Hacking - lnkd.in/eEa-fNfu
CodeRed Hacking Essentials - lnkd.in/eJbyZp_9
Nov 29, 2022 5 tweets 3 min read
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity 7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
Nov 23, 2022 5 tweets 3 min read
Blind XSS and More techniques!

#bugbounty #bugbountytips #cybersecurity • Blind XSS-> Type of stored XSS. (Payload gets stored on a web page)

• Where do you find them? - In places you cannot access.
> An admin panel
> A log history restricted to admins
> A feedback form that goes straight to the admin
> A chat bot message to the support team
Nov 22, 2022 4 tweets 4 min read
Red Team Resources 🖥

• Red Team Management by Joas
github.com/CyberSecurityU…

• Awesome Red Team by yeyintminthuhtut
github.com/yeyintminthuht…

• Awesome Red Team Operations by Joas
github.com/CyberSecurityU…

#cybersecurity #infosec #hacking #redteam • Awesome Adversary Simulation Toolkit by 0x1
0x1.gitlab.io/pentesting/Red…

• Red/Purple Team by s0cm0nkey
s0cm0nkey.gitbook.io/s0cm0nkeys-sec…

• SpecterOps Red Team Blog
posts.specterops.io/tagged/red-tea…

• iRed Team Blog
ired.team/?trk=public_po…
Nov 22, 2022 6 tweets 2 min read
2FA Bypass Techniques :)
🧵👇🏻

#bugbounty #bugbountytips #cybersecurity 1. Response Manipulation: In response, if "success":false Change it to "success":true

2. Status Code Manipulation: If Status Code is 4xx Try to change it to 200 OK and see if it bypass restrictions
Nov 19, 2022 8 tweets 3 min read
Malware Attack Infection Chain
🧵👇🏻

#cybersecurity #infosec #hacking During the investigation of the campaign, researchers found that the attackers employed the extensive use of both dual-use and living-off-the-land tools. Also, some of the indications say that APT hackers initially attacked and exploited the publicly facing systems and further
Nov 19, 2022 13 tweets 15 min read
Learn Malware Analysis 🚀

⚡️Abusing dll misconfigurations :bit.ly/3g68h6v
Red Canary: bit.ly/3hGbB97
SANS: bit.ly/3hDmk4b
Publicly disclosed DLL Hijacking opportunities:bit.ly/3AbIlNA

#cybersecurity #infosec #hacking Pentestlab : bit.ly/2FxVQeR
itm4n's blog: bit.ly/3EuLZ8b
Exploiting DLL Hijacking by DLL Proxying : bit.ly/3g2NkcS
DLL Hijack Scanner: lnkd.in/dXb5ymbS
UAC bypass - DLL hijacking: bit.ly/3AdqC8N
Nov 16, 2022 5 tweets 3 min read
Hacking resources that are free but are worth thousands:

#bugbounty #cybersecurity #infosec #hacking Web Security Academy from @PortSwigger

After years of pentesting, I still come back to exercises in these labs on a regular basis for reference.

portswigger.net/web-security
Nov 14, 2022 8 tweets 3 min read
30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty 5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarefare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
Nov 14, 2022 5 tweets 2 min read
17 platforms where you can begin cybersecurity:

1. HackXpert - Free labs and training.
2. TryHackMe - Hands-on exercises and labs.
3. CyberSecLabs - High quality training labs.
4. Cybrary - Videos, labs, and practice exams.

#cybersecurity #infosec #hacking #bugbounty 5. LetsDefend - Blue team training platform.
6. Root Me - Over 400 cybersecurity challenges.
7. RangeForce - Interactive and hands-on platform.
8. Certified Secure - Loads of different challenges.
Nov 13, 2022 5 tweets 3 min read
Introducing 24 web-application hacking tools

1. Burp Suite - Framework.
2. ZAP Proxy - Framework.
3. Dirsearch - HTTP bruteforcing.
4. Nmap - Port scanning.
5. Sublist3r - Subdomain discovery.
6. Amass - Subdomain discovery.

#bugbounty #bugbountytips #cybersecurity 7. SQLmap - SQLi exploitation.
8. Metasploit - Framework.
9. WPscan - WordPress exploitation.
10. Nikto - Webserver scanning.
11. HTTPX - HTTP probing.
12. Nuclei - YAML based template scanning.
13. FFUF - HTTP probing.
14. Subfinder - Subdomain discovery.
Nov 10, 2022 8 tweets 4 min read
Websites/Platforms to learn to hack... :)

→ Hackthebox
→ Hacxpert
→ Tryhackme
→ Pentester Lab
→ Vulnhub
→ Cybrary
→ CybersecLabs
→ Root Me
→ OverTheWire
→ Vulnmachines
→ RangeForce
→ certifiedsecure
→ EchoCTF
→ Try2Hack

#cybersecurity #infosec #hacking 🌐Web Exploitation
→ Hackxpert
→ Portswigger Web Security Academy
→ Bug Bounty Hunter
→ Pentester Lab
application.security
→ OWASP Juice Shop
→ OWASP WebGoat
→ bWAPP
→ OWASP Broken Web Application
Nov 9, 2022 8 tweets 9 min read
FREE LABS TO TEST YOUR PENTEST/CTF SKILLS :-)

Retweet this to let others know :)

#cybersecurity #infosec #hacking #bugbounty Academy Hackaflag BR - hackaflag.com.br
Attack-Defense - attackdefense.com
Alert to win - alf.nu/alert1
CTF Komodo Security - ctf.komodosec.com
CMD Challenge - cmdchallenge.com
Explotation Education - exploit.education
Nov 8, 2022 6 tweets 2 min read
Recon Tools for Web Application Pentesting... :)

A Thread 🧵

#bugbounty #bugbountytips #cybersecurity Proxy

- burpsuite
- zap proxy

Subdomain

- subfinder
- assetfinder
- amass
- sublist3r
- dig
- chaos (chaos.projectdiscovery.io)

Webspidering

- gospider
- gau
- linkfinder
- waybackurls
- hakrawler
- paramspider

Directory/fuzzing

- ffuf
- wfuzz
- gobuster
- dirbuster