Nithin 🦹‍♂️ Profile picture
Heckr | Former Community Manager @InfoSecComm | eJPT | Certified Red Team Professional (CRTP)
3 subscribers
Apr 10 12 tweets 6 min read
Top 10 Browser Extensions for Bug Bounty Hunters and Security Researchers 🧵👇

2024 Edition. 1️⃣ Wappalyzer: A technology profiler that identifies the technologies used on websites, from CMS to JavaScript libraries.

Available in: Google Chrome | Mozilla Firefox

🔗Link:

🔗Link: chromewebstore.google.com/detail/wappaly…
addons.mozilla.org/en-US/firefox/…
Apr 9 7 tweets 3 min read
💉 You cannot ignore to lookout for SQL Injection vulnerabilities if you want to make $$$$ bounty.

To master SQL injections, open this thread of massive resources 👇 1️⃣ SQL injection by @PortSwigger

🌟 PortSwigger Academy offers excellent resources to learn about web vulnerabilities like SQL injection, providing interactive labs for practical skill enhancement.

portswigger.net/web-security/s…
Apr 8 10 tweets 2 min read
🕵️‍♂️ New to bug bounty hunting? Here's a beginner-friendly thread with 10 must-do steps to kickstart your journey!

From starting small to staying ethical, this list has got you covered.😉 1️⃣ Begin with hacking VDPs

This will help you to develop skills gradually rather than aiming for big rewards right away.

2️⃣ Understand Program Rules:

Familiarize yourself with bug bounty program rules for each company before starting testing to avoid misunderstandings.
Mar 31 7 tweets 2 min read
Top 5 DevSecOps platforms to learn Cybersecurity in 2024 👇 1️⃣ AppSecEngineer: This platform offers hands-on, full-stack security training tailored to various skill levels and roles, including developers, cloud beginners, and security architects.

appsecengineer.com
Mar 28 7 tweets 2 min read
Github dorks are super useful and can easily get you $$$$ bounty with correct dorks 🚀

So what should I dork for?

Learn in this thread below 👇 1️⃣ First, what are GitHub dorks?
These are advanced search queries specifically crafted to find sensitive information like API keys, passwords, credentials, and more, often left exposed in code repositories.
Feb 24 10 tweets 4 min read
If you want to master SQL injections, open this thread!

💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$💸 Image 2️⃣ Cheatsheet by @pentest_swissky

🌟 PayloadsAllTheThings serves as a goldmine 🏆 for database hacking, with cheat sheets 📝 for sneaky tricks to break in and mess around. 🕵️‍♂️💻

github.com/swisskyrepo/Pa…
Feb 24 10 tweets 3 min read
If you want to master API security, open this thread! Image 1️⃣ Everything API Hacking by @InsiderPhD

🌟 This is one of the BEST videos out there on API hacking.

youtube.com/playlist?list=…
Feb 6 12 tweets 4 min read
Finding difficulty in learning Cybersecurity? 🤔

Not Anymore.

Check out this thread to find 10 beginner friendly Youtube channels to learn Cybersecurity at ease 🧵👇 Image 1️⃣ Network Chuck: Provides engaging tutorials and career advice on networking and cybersecurity.

youtube.com/@NetworkChuck
Feb 5 13 tweets 4 min read
THREAD: 10 essential Burp Suite extensions you need to use in 2024!

Find vulnerabilities, automate, profit $$$$ Image 1️⃣ Autorize🔐:

This Extension assists in finding authorization vulnerabilities by automatically testing each request for different levels of access control. It helps in discovering endpoints with insufficient authorization checks.

🔗 Link: portswigger.net/bappstore/f9bb…
Jan 27 8 tweets 2 min read
Every beginner bug bounty hunter MUST check this thread.

One of the most easiest bugs you can find as a beginner and make $$$🧵👇 ⚡ Email Injection.

Email Injection is a vulnerability that lets a hacker abuse email-related functionality, such as email contact forms on web pages, to send malicious email content to arbitrary recipients. It is based on injecting end-of-the-line characters.
Dec 6, 2023 8 tweets 3 min read
🧙‍♂️ As a beginner bug bounty hunter, it can be often confusing to hunt on applications if you do not have a checklist.

Here are 5 high-quality checklists/cheatsheets/methodologies which can help you organize and hunt better 🧵👇

#bugbounty #cybersecurity #infosec 1. This repo contains tips and tutorials for bug bounty and also penetration tests.

This contains checklist for a lot of attack vectors such as API Security, OSINT, SSRF, 2FA Bypass and a lot more.

github.com/0xmaximus/Gala…
Nov 16, 2023 6 tweets 3 min read
Want to learn Active Directory Pentesting for FREE?
No worries, open this thread 👇🧵

#cybersecurity #activedirectory 1️⃣ To learn active directory, I highly recommend you checkout @TCMSecurity 's free course on hacking active directory here:

2️⃣ To learn basic AD terminologies, checkout this blog:
csbygb.gitbook.io/pentips/window…
Oct 21, 2023 17 tweets 3 min read
🧵 Types of API Vulnerabilities 👇

#bugbounty #infosec 1. API Exposure :
- APIs can have different levels of visibility. Some may be accessible to the internet while others are only available internally. There are multiple ways to access these APIs, including:
Jun 19, 2023 14 tweets 5 min read
😱 I watched @GodfatherOrwa 's insightful talk "The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities" at @NahamSec 's #NahamCon2023 and have condensed the ~25 minute talk for you to read in 2 minutes.

Here's some interesting bug bounty tips and tricks ⬇️ Image 1. To find all information related to *.target.*, you first need to identify the organization's name. You can do this by clicking the lock icon -> connection is secure -> certificate is valid.

This is wrt Brave/Chrome, there will something similar for those using Firefox. Image
Apr 3, 2023 8 tweets 2 min read
As promised, here I deliver.

Web3 Basics - A thread 🧵👇 1. Cryptocurrency:
Mar 27, 2023 7 tweets 2 min read
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.

🧵👇

#bugbounty #cybersecurity #infosec #sqli 1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
Mar 27, 2023 4 tweets 3 min read
☃️Bug Bounty Beginner's Roadmap☃️

Many of you have asked me how to get started at bugbounty and what are the pre-requisites to get started.

This repository contains nearly everything you need to know and can help you get started easily with a variety of resources.

#bugbounty 🔗 Link: github.com/bittentech/Bug…

💳 Credits: @techhacker98
Feb 13, 2023 10 tweets 3 min read
"Bug Bounty/Cybersecurity Resources"

A thread 🧵👇 📔 Books
Feb 2, 2023 13 tweets 9 min read
Want to get started at Cybersecurity in 2023?

Worry no more. Open the thread below and master to core!

🧵👇 1. Pre-requisites

I still believe you can get into Cybersecurity without having little to no technical knowledge. That being said, if you want to master the art I would highly suggest you to learn these topics:

1. Networks
2. Operating Systems
3. Programming - Python/Bash/JS
Jan 31, 2023 11 tweets 4 min read
7 GitHub profiles to star if you are into Bug Bounty.

🧵👇 1. @NahamSec 's Resources-for-Beginner-Bug-Bounty-Hunters

🔗Link: github.com/nahamsec/Resou…
Jan 7, 2023 10 tweets 4 min read
😱 There are 137,345 Chrome extensions available for installation from the Chrome Web Store.

Here’s a list of 7 extensions you have to install right now to stay productive 💪

#productivity #growth 1. @ScribeHow

Auto-generate step-by-step guides for FREE.

Scribe saves any team 20+ hours a month with instant process documentation, complete with text and screenshots.

Link: getscribe.how/chrome