Rahul Bhichher Profile picture
Contributing Security Analyst at SaferInternetProject • OSINT • Ethical Hacker • Splunk • I learn things and then share them with you!
4 Dec
Web Applications can be complex in nature, and it's not always possible for developers to prevent vulnerabilities such as XSS.

In this thread 👇🧵,

Learn how they try to prevent XSS, and in #bugbounty it's better to know the defense.
Credits: @saferinternetpr
1) Filtering User Input: When a user inputs data into the website, the developers want it to be filtered as strictly as possible while still getting the same output as if there was no filter.
2) Response Headers: Within HTTP response headers, developers can prevent XSS that aren't supposed to have any HTML or JavaScript, they can easily use the Content-Type and X-Content-Type-Options headers to make sure that browsers are able to respond the way it's intended.
Read 7 tweets
26 Nov
Shodan detects devices that are connected to the internet at any given time, the location of those devices and their current users.

It's a thread 🧵👇
You can search, hack and even get a bounty if lucky enough with @shodanhq
1) To find vulnerable Databases:
2) To find sensitive files and directories:
Read 7 tweets
15 Nov
Networking is a massive topic, but when starting into cyber security; you have to know the commonly used methods to uncover the potential areas of interest as an attacker you can leverage.

It's a thread 🧵 👇
1. The OSI Model: can be seen as a universal language for computer networking. It’s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.
Read more: bit.ly/3DkBEZs
2. Encapsulation: This is the process of adding additional information when data is traveling in the OSI or TCP/IP model. The additional information has been added on the sender’s side, starting from the Application layer to the Physical layer.
Read more: bit.ly/3wNOGMh
Read 9 tweets
11 Nov
9 OSINT Tools, you might have come across.

Read about them below, it's a thread 👇.

Let me know if I missed an awesome OSINT Tool.
#OSINT #infosec
1. Maltego: Specializes in uncovering relationships among ppl, companies, domains, and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered info and plotting it all out in easy-2-read charts and graphs.
2. Mitaka: Available as a Chrome extension and Firefox add-on, #Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, #Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser.
Read 10 tweets