Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
payloadartist Profile picture
payloadartist
@payloadartist
Yapping about cool things in AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my own • Shitposts sometimes
Sep 16, 2022 12 tweets 4 min read
⚠️ Uber apparently got grandly hacked.

Attacker basically got access to almost everything (allegedly)

- Slack
- Google Workspace Admin
- AWS Accounts
- HackerOne Admin
- SentinelOne EDR
- vSphere
- Financial Dashboards

Thread on what we know so far 🧵👇

#Hacking Allegedly, TA (attacker) gained the initial access through social engineering.

After scanning their internal network, TA obtained admin credentials to Thycotic through a powershell script on a network share.

Thus they extracted secrets for all services.

Aug 23, 2022 9 tweets 5 min read
🤫 Hunting for exposed secrets can help you find low hanging fruits in #BugBounty and #Pentesting

OWASP WrongSecrets project offers a vulnerable app.

There are several challenges to understand where and how developers might expose secrets. Thread👇🧵

#CyberSecurity #Hacking Image 2/ Secrets can be exposed in Docker environment variables. This is a common bad practice.

Docker image linters like dockle can be used to find/detect them.

github.com/goodwithtech/d… Image