Nithin 🦹‍♂️ Profile picture
Hacking machines and life | Community Manager @InfoSecComm | eJPT | Certified Red Team Professional (CRTP)
GHOST NVICA Profile picture Subhadeep Pramanik Profile picture 3 subscribed
Feb 24 10 tweets 4 min read
If you want to master SQL injections, open this thread!

💉 SQL Injection is a P1 vulnerability and can easily help you earn $$$$💸 Image 2️⃣ Cheatsheet by @pentest_swissky

🌟 PayloadsAllTheThings serves as a goldmine 🏆 for database hacking, with cheat sheets 📝 for sneaky tricks to break in and mess around. 🕵️‍♂️💻

github.com/swisskyrepo/Pa…
Feb 24 10 tweets 3 min read
If you want to master API security, open this thread! Image 1️⃣ Everything API Hacking by @InsiderPhD

🌟 This is one of the BEST videos out there on API hacking.

youtube.com/playlist?list=…
Feb 6 12 tweets 4 min read
Finding difficulty in learning Cybersecurity? 🤔

Not Anymore.

Check out this thread to find 10 beginner friendly Youtube channels to learn Cybersecurity at ease 🧵👇 Image 1️⃣ Network Chuck: Provides engaging tutorials and career advice on networking and cybersecurity.

youtube.com/@NetworkChuck
Feb 5 13 tweets 4 min read
THREAD: 10 essential Burp Suite extensions you need to use in 2024!

Find vulnerabilities, automate, profit $$$$ Image 1️⃣ Autorize🔐:

This Extension assists in finding authorization vulnerabilities by automatically testing each request for different levels of access control. It helps in discovering endpoints with insufficient authorization checks.

🔗 Link: portswigger.net/bappstore/f9bb…
Jan 27 8 tweets 2 min read
Every beginner bug bounty hunter MUST check this thread.

One of the most easiest bugs you can find as a beginner and make $$$🧵👇 ⚡ Email Injection.

Email Injection is a vulnerability that lets a hacker abuse email-related functionality, such as email contact forms on web pages, to send malicious email content to arbitrary recipients. It is based on injecting end-of-the-line characters.
Dec 6, 2023 8 tweets 3 min read
🧙‍♂️ As a beginner bug bounty hunter, it can be often confusing to hunt on applications if you do not have a checklist.

Here are 5 high-quality checklists/cheatsheets/methodologies which can help you organize and hunt better 🧵👇

#bugbounty #cybersecurity #infosec 1. This repo contains tips and tutorials for bug bounty and also penetration tests.

This contains checklist for a lot of attack vectors such as API Security, OSINT, SSRF, 2FA Bypass and a lot more.

github.com/0xmaximus/Gala…
Nov 16, 2023 6 tweets 3 min read
Want to learn Active Directory Pentesting for FREE?
No worries, open this thread 👇🧵

#cybersecurity #activedirectory 1️⃣ To learn active directory, I highly recommend you checkout @TCMSecurity 's free course on hacking active directory here:

2️⃣ To learn basic AD terminologies, checkout this blog:
csbygb.gitbook.io/pentips/window…
Oct 21, 2023 17 tweets 3 min read
🧵 Types of API Vulnerabilities 👇

#bugbounty #infosec 1. API Exposure :
- APIs can have different levels of visibility. Some may be accessible to the internet while others are only available internally. There are multiple ways to access these APIs, including:
Jun 19, 2023 14 tweets 5 min read
😱 I watched @GodfatherOrwa 's insightful talk "The Power of Shodan - Leveraging Shodan for Critical Vulnerabilities" at @NahamSec 's #NahamCon2023 and have condensed the ~25 minute talk for you to read in 2 minutes.

Here's some interesting bug bounty tips and tricks ⬇️ Image 1. To find all information related to *.target.*, you first need to identify the organization's name. You can do this by clicking the lock icon -> connection is secure -> certificate is valid.

This is wrt Brave/Chrome, there will something similar for those using Firefox. Image
Apr 3, 2023 8 tweets 2 min read
As promised, here I deliver.

Web3 Basics - A thread 🧵👇 1. Cryptocurrency:
Mar 27, 2023 7 tweets 2 min read
😱 I asked ChatGPT "What are some of the unpopular SQL injection areas" and this is what it replied.

🧵👇

#bugbounty #cybersecurity #infosec #sqli 1. Error messages: Sometimes error messages can reveal important information about the application's database, such as table names or column names. An attacker can use this information to craft a SQL injection attack.
Mar 27, 2023 4 tweets 3 min read
☃️Bug Bounty Beginner's Roadmap☃️

Many of you have asked me how to get started at bugbounty and what are the pre-requisites to get started.

This repository contains nearly everything you need to know and can help you get started easily with a variety of resources.

#bugbounty 🔗 Link: github.com/bittentech/Bug…

💳 Credits: @techhacker98
Feb 13, 2023 10 tweets 3 min read
"Bug Bounty/Cybersecurity Resources"

A thread 🧵👇 📔 Books
Feb 2, 2023 13 tweets 9 min read
Want to get started at Cybersecurity in 2023?

Worry no more. Open the thread below and master to core!

🧵👇 1. Pre-requisites

I still believe you can get into Cybersecurity without having little to no technical knowledge. That being said, if you want to master the art I would highly suggest you to learn these topics:

1. Networks
2. Operating Systems
3. Programming - Python/Bash/JS
Jan 31, 2023 11 tweets 4 min read
7 GitHub profiles to star if you are into Bug Bounty.

🧵👇 1. @NahamSec 's Resources-for-Beginner-Bug-Bounty-Hunters

🔗Link: github.com/nahamsec/Resou…
Jan 7, 2023 10 tweets 4 min read
😱 There are 137,345 Chrome extensions available for installation from the Chrome Web Store.

Here’s a list of 7 extensions you have to install right now to stay productive 💪

#productivity #growth 1. @ScribeHow

Auto-generate step-by-step guides for FREE.

Scribe saves any team 20+ hours a month with instant process documentation, complete with text and screenshots.

Link: getscribe.how/chrome
Jan 7, 2023 4 tweets 3 min read
☃️OSRE Course☃️

This repository contains a fill blown Offensive Security and Reverse Engineering course and the courses covered include

➡️Reverse Engineering
➡️Bug Hunting and Fuzzing
➡️Intro to Assembly x86 and x64

and much more..

#bugbounty #fuzzing #infosec #cybersecurity 🔗 Link: github.com/ashemery/explo…

💳 Credits: @binaryz0ne
Jan 4, 2023 8 tweets 3 min read
Had an interesting 1-1 conversation with @arvnd1806 yesterday.

Here's a glimpse of what we discussed ⏬

#bugbounty #infosec #cybersecurity 🔵Aravind and I established an easy connect at the very start and he started off with explaining his story to me, on where he graduated how he entered security and what is he doing right now.
Jan 4, 2023 7 tweets 2 min read
The Power of Morning Journaling - A thread.

🧵👇

#growth #productivity 🔵 Incorporate morning journaling in your routine. This easy yet effective practice helps you to reflect on your thoughts and plan for the day ultimately leading to increased productivity and well-being.
Dec 12, 2022 5 tweets 3 min read
FREE Network Security Resources

🧵👇

#infosec #cybersecurity #networksecurity #hacking #pentest #tryhackme #hackthebox 1️⃣ Professor Messer’s CompTIA N10-008 Network+ Course

🔗 professormesser.com/network-plus/n…
Dec 3, 2022 10 tweets 2 min read
I read "Mindset" by Carol S. Dweck recently.

Here's what I learnt from the book. Image 🧠 The Two Mindsets

There are two main mindsets we can navigate life with: growth and fixed.