"We're Number 1 on Google!" 🎉 Sounds great, right?

But what if that top ranking is actually hurting your brand?

Here's how the obsession with SEO is backfiring for many cybersecurity companies... Let's say you've found a nice shiny low-competition, high search volume keyword that relates to your business. You use ChatGPT to pump out a crappy article and publish it on your website within minutes.

How to exit vim the "Scrum manager way"!

1️⃣ Call in a meeting, early in the morning
2️⃣ Tell everybody what a good job they are doing.
3️⃣ Tell everybody that there is still a lot to do.

Continued in thread 🧵👇 4️⃣ Tell everybody that "we" can do it.
5️⃣ Remind them of the importance of team work.
6️⃣ Go through the tickets.
7️⃣ Tell the project manager that a ticket for closing Vim is missing.

🧵2/4

10 handy practical #hacking tools I've developed over the years 🧰

Check out this thread for the most valuable ones, along with a brief overview of their functions! 🧵👇 1️⃣ hakrawler

🔧 A simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.

github.com/hakluke/hakraw…

Become an Nmap pro in 30s 👇🕥

Nmap is a port scanner, but it does much more including service/OS detection and even vuln scanning.

By default nmap does a standard TCP SYN scan on the top 1000 ports of host.

$ nmap host

For more verbosity use -v or -vv.

$ nmap -vv host

👇 Nmap accept hostnames, IP addresses, CIDR ranges and dash notation.

$ nmap hostname
$ nmap 123.123.123.123
$ nmap 123.123.123.1/24
$ nmap 123.123.123.1-255

If you just want to find which hosts are alive, you can perform a ping scan with -sn

$ nmap -sn 123.123.123.1/24

I want to keep track of the latest cybersecurity news.

I also don't want to rely solely on Twitter.

Here are 5 great cybersecurity news outlets that I rely on daily! 👇 The /r/netsec subreddit is really, really good. If something big is going on in this industry, it's typically within the top 2 or 3 posts.

reddit.com/r/netsec

Become an Nmap pro in 30s 👇🕥

Nmap is a port scanner, but it does much more including service/OS detection and even vuln scanning.

By default nmap does a standard TCP SYN scan on the top 1000 ports of host.

$ nmap host

For more verbosity use -v or -vv.

$ nmap -vv host

🧵👇 Nmap accept hostnames, IP addresses, CIDR ranges and dash notation.

$ nmap hostname
$ nmap 123.123.123.123
$ nmap 123.123.123.1/24
$ nmap 123.123.123.1-255

If you just want to find which hosts are alive, you can perform a ping scan with -sn

$ nmap -sn 123.123.123.1/24

I have created a lot of useful little hacking tools over the last few years, sometimes I tweet about them, sometimes I don't.

Here's a list of some of the most useful ones, and a brief explanation of what they do! 🧵👇 Hakrawler is a simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.

github.com/hakluke/hakraw…

🚨 I wrote a new tool! 🚨

This tool is designed to bypass WAFs by discovering the origin web server IP. I'm sure someone has come up with this technique before, but I haven't seen it...

This is how it works 🧵👇

https://twitter.com/detectify/status/1523608184509894656

First it makes a HTTP request to the hostname that you provide and stores the response, then it makes a request to a list of IP addresses that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. 🧵👇

I got hacked really badly once 😬. Here's the story.

I was a musician, and I was on tour, staying in a motel somewhere in the middle of nowhere, in NSW, Australia.

I got back to the motel late at night after a performance and parked my car in the Motel parking lot. 👇🧵 I left a backpack in the car which had some music-related stuff in it, along with my iPad. I used an iPad for all of my sheet music on stage because it was easier than carrying paper around, and owning a printer. 👇🧵

I want to keep track of the latest cybersecurity news.

I also don't want to spend all my time on Twitter.

Here are 5 great cybersecurity news outlets that I rely on!

🧵👇 I find /r/netsec to be the most informative cybersecurity news stream, if anything big is going on in cybersecurity it's typically within the top few posts on this subreddit.
reddit.com/r/netsec

It's 9am and I'm 2 coffees deep on a Monday morning.

Time for a thread about starting and building your cybersecurity career.

👇🧵 First let's talk about the hardest part - landing your first job.

You need two things:

🧠 Knowledge
📢 Demonstration of knowledge

Years ago, I walked into a last minute on-site pentest. It was a tech startup mostly funded by a single large customer. ~20 staff.

I walked in and it was tense AF from the start. I found out that their AWS environment got popped and someone had spun up a stack of crypto-mining infra. They didn't even notice until they got the bill.

They had no idea how it happened. Their idea was to get a pentest that might uncover the same hole.

I ran a nmap NSE scan on all their external hosts - it turned up an open HTTP proxy on one of their web servers.

This huge Twitter thread contains what I think are all of the best resources for learning to hack in 2021.

Buckle up!

Here we goooo! 👇 Firstly, here are some other repositories containing lists of resources:

Nahamsec's Resources for beginners: github.com/nahamsec/Resou…

Codingo's search bar: codingo.com/search/

@s0cm0nkeysec's gitbook: s0cm0nkey.gitbook.io/s0cm0nkeys-sec…

@InfoSecComm's blog infosecwriteups.com

There is still SO MUCH CSRF to find in bounty programs.

CSRF comes in many forms. Try:

- Removing the token parameter entirely
- Setting the token to a blank string
- Changing the token to an invalid token of the same format
- Using a different user's token

More in thread 👇 - Put the parameters in the URL instead of POST body (and remove the token) and change the HTTP verb to GET
- Testing every sensitive endpoint
- Check whether the token might be guessed / cracked
👇

I've been finding a lot of access control bugs lately! Here's how.

Firstly I have two users, one with high privileges (admin), and one with low privileges (joe). I log in as the admin first, and use all the functionality. Whenever I do something that should...

Thread 👇 be reserved for an administrator, I send the request over to Repeater. Once I have a stack of them, I get the cookies from the "joe" account and insert them into those requests. I send them and analyse the difference in response to see if it worked. If it did, I report it!

Nmap tutorial time!

Nmap is a port scanner, but it does so much more including service/OS detection and even vuln scanning.

By default nmap does a standard TCP SYN scan on the top 1000 ports of host.

$ nmap host

For more verbosity use -v or -vv.

$ nmap -vv host

THREAD ⬇️ Nmap accept hostnames, IP addresses, CIDR ranges and dash notation.

$ nmap hostname
$ nmap 123.123.123.123
$ nmap 123.123.123.1/24
$ nmap 123.123.123.1-255

If you just want to find which hosts are alive, you can perform a ping scan with -sn

$ nmap -sn 123.123.123.1/24

The best way I've found to bypass open redirect filters is using this list: raw.githubusercontent.com/swisskyrepo/Pa…

First I replace every instance of www.whitelisteddomain.tld in that file with a domain that is whitelisted using the following command: WHITELISTED="test.com" && sed 's/www.whitelisteddomain.tld/'"$WHITELISTED"'/' Open-Redirect-payloads.txt > Open-Redirect-payloads-burp-"$WHITELISTED".txt && echo "$WHITELISTED" | awk -F. '{print "https://"$0"."$NF}' >> Open-Redirect-payloads-burp-"$WHITELISTED".txt

Here's a little problem I run into all the time, and how I solve it.

I've SSH'd into a machine, started a long running process (let's say, nmap). Now I need to disconnect from SSH, but I want to keep the process running in a tmux/screen session? How do I do this? Read on! 1/x First, I background the process by hitting Ctrl+Z, then keep it running by using the "bg" command, and disown it with "disown nmap". 2/x