Discover and read the best of Twitter Threads about #InfoSecurity

Most recents (24)

7 Steps to Take When Pivoting into the Cybersecurity Industry
1. Acquire the fundamental knowledge. This can be achieved via Certifications and Online Courses

2. Improve your Hands-On Skills. Experiment on onsite or offsite environments.
3. Build a great Portfolio. Work on personal and collective projects, improve your writing and documenting skills,Participate in hackathons and CTFs and so on.
Read 6 tweets
Today's quick #malware analysis with #SecurityOnion: FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!

Thanks to @malware_traffic for sharing this pcap!

More screenshots:
blog.securityonion.net/2023/02/quick-โ€ฆ

#infosec
#infosecurity
#ThreatHunting
#IncidentResponse
@malware_traffic Let's review some of the data that #SecurityOnion generates from this traffic!

When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:
@malware_traffic Here are the NIDS alerts:
Read 13 tweets
Get ahead in your career:

How Coursera.org free #cybersecurity courses can boost your resume and job prospects

Follow the thread for a creative and engaging look free cybersecurity courses For Beginners & Professional ๐Ÿ’ป #Cybersecurity

#Infosys #infosecurity
2โƒฃ Ethical #hacking Essential

coursera.org/learn/ethical-โ€ฆ
Read 11 tweets
Career page Links ๐Ÿ“ข

1. Capgemini: lnkd.in/dZBUYY88

2. Infosys: lnkd.in/dEcdZ7gf

3. Wipro : lnkd.in/d89txDcp

4. Cognizant : lnkd.in/d6tp6F_p

5. LTI : lnkd.in/dnCVuQzD

6. TCS : lnkd.in/dJpHXdvv

#Careers #infosecurity #infosec
7. DXC Technology : lnkd.in/dnVzT7eb

8. HCL : lnkd.in/dwTuQWAf

9. Hashedin : lnkd.in/d2ePnTG4

10. Hexaware : jobs.hexaware.com

11. Revature : lnkd.in/dtJkkrBp

12. IBM : lnkd.in/dU-VhUCw

13. Nagarro : lnkd.in/dRyQ_rkk
14. Virtusa : lnkd.in/dHJwPXiG

15. Zoho : lnkd.in/dUw9Qi4B

16. CGI : lnkd.in/d3vs3whb

17. Finastra : lnkd.in/dsXSfUev

18. FIS : lnkd.in/dJCX6aVz

19. Fiserv : lnkd.in/d7inSReM

20. IQVIA : lnkd.in/dsxAXftw
Read 10 tweets
Want to know more about Reverse Engineering? Check out these resources. #ReverseEngineering #infosecurity ๐Ÿ“ข

1. Reverse Engineering for Beginners by Ophir Harpaz: begin.re

2. Reverse Engineering for Everyone by Kevin Thomas My Technotalent lnkd.in/eUqUDdXS
3. Reverse Engineering for beginners by Dennis Yurichev (available in many languages) lnkd.in/eHsdurZG

4. Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks lnkd.in/eR3_ki-6

#infosec
5. Malware Analysis โ€“ Mind Map by Thatintel lnkd.in/evyAhNWt

6. Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu lnkd.in/eHZFTSqp

#Hacking #cybersecuriy #infosec
Read 3 tweets
Hey #OSINT๐Ÿ•ต, let's create our OWN Internet Archive/The Wayback Machine. Shall we?

#verification #archive #archivetwt #internet #InternetMarketing #journalism #journalist #journal #Fact #FactCheck #Factcheckers

Follow the thread ๐Ÿงต๐Ÿ‘‡
Today the Internet Archive has a collection of nearly 625 billion web pages, 38 million books and texts, 14 million audio recordings, 7 million videos (including 2 million Television News programs), 4 million images, 790,000 software programs and more.

#journalism #journalist
With all due respect, we donโ€™t need all the data thatโ€™s been recorded by the Internet Archive. Usually people save pages on the Wayback Machine that are relevant to them.

So let's use 'Archive Box' @ArchiveBoxApp to make our own archive.

#Fact #FactCheck #Factcheckers
Read 11 tweets
Insecure CORS Configuration" vulnerabilities. ๐Ÿ›ก๏ธโš”๏ธ

[A thread ๐Ÿงต]

#infosecurity #CyberSec #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]

Basic Origin Reflection Test:

Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com

> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Read 8 tweets
In this Mega thread, you will find 10 FREE online courses with a certificate of completion from :

1 - ISC ยฒ
2 - Cisco Academy
3 - Fortinet
4 - EC-Council
5 - AWS

#CyberSecurity #Cisco #AWS #dfir #infosec #infosecurity #threats #Python #100DaysOfHacking
1โƒฃ Free Cybersecurity Training

- Information Security Awareness
- The Evolution of Cybersecurity
- NSE 2 Cloud Security
- NSE 2 Endpoint Security
- NSE 2 Threat Intelligence
- NSE 2 Security Information & Event Management
- Security Operations &
๐Ÿ–‡๏ธ
training.fortinet.com
2โƒฃ Introduction to Dark Web, Anonymity, and Cryptocurrency

Learn to access Dark Web, and Tor Browser and know about Bitcoin cryptocurrency

๐Ÿ–‡๏ธ
codered.eccouncil.org/course/introduโ€ฆ
Read 12 tweets
List of 50 cybersecurity podcasts:
#infosec #cybersecurity #podcasts #infosecurity Image
1. Cyber Work
2. Click Here
3. Defrag This
4. Security Now
5. InfoSec Real
6. InfoSec Live
7. Simply Cyber
8. OWASP Podcast
9. We Talk Cyber
10. Risky Business
11. Malicious Life
12. Hacking Humans
13. What The Shell
14. Life of a CISO
15. H4unt3d Hacker
16. 2 Cyber Chicks
17. The Hacker Mind
18. Security Weekly
19. Cyberside Chats
20. Darknet Diaries
21. CyberWire Daily
22. Absolute AppSec
23. Security in Five
24. Smashing Security
25. 401 Access Denied
26. 7 Minute Security
27. 8th Layer Insights
28. Adopting Zero Trust
29. Cyber Security Sauna
Read 6 tweets
Bug Testing Methodology Series:

๐’๐’๐‘๐… (๐’๐ž๐ซ๐ฏ๐ž๐ซ ๐’๐ข๐๐ž ๐‘๐ž๐ช๐ฎ๐ž๐ฌ๐ญ ๐…๐จ๐ซ๐ ๐ž๐ซ๐ฒ)

Learn how to test for #SSRF step by step on real #bugbounty programs

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread won't teach how SSRF works, but rather a methodology to follow while actively testing for it.

To learn about how SSRF attacks work, have a read here โžก๏ธ portswigger.net/web-security/sโ€ฆ
1๏ธโƒฃ Finding an attack vector

This step simply implies using the web app THOROUGHLY and finding a place where you input a URL and the server fetches it.

Ex: profile pic from URL, URL Redirects, etc.

The best tip I can give you for this step is: CLICK EVERY SINGLE BUTTON YOU SEE
Read 9 tweets
Introduction to #XSS

Learn the basics of ๐‚๐ซ๐จ๐ฌ๐ฌ-๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  (๐—๐’๐’)

Thread๐Ÿงต๐Ÿ‘‡

#bugbounty #bugbountytips #bugbountytip #cybersecurity #cybersecuritytips #infosec #infosecurity #hacking
Let's inspect the name first:

The ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐  part indicates, obviously, scripting, so we can think about what kind of scripting we know exist in Web Apps: HTML & JavaScript being the 2 most common.

Secondly, XSS is part of the INJECTION bug class (see @owasp's Top 10)
So, we now know XSS consists of injecting scripts in websites.

Types of XSS:

1. Reflected
2. Stored
3. DOM-based
They can also be Blind too (you don't see the reflection)

As this thread is aimed at beginners, I will focus on the first 2 as they're easier to understand at first
Read 12 tweets
15 effective websites for pentesting research:

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
1. #SecurityTrails
Numerous DNS records.
Link: lnkd.in/dXMTMmWs
2. ExploitDB
collection of past expolitations.
Link: lnkd.in/dTAXTUQa
Read 16 tweets
Bug Testing Methodology Series:

๐๐€๐‚ (๐๐ซ๐จ๐ค๐ž๐ง ๐€๐œ๐œ๐ž๐ฌ๐ฌ ๐‚๐จ๐ง๐ญ๐ซ๐จ๐ฅ)

Learn how to test for Broken Access Control step by step on real #bugbounty programs.

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, this thread will not teach exactly how Broken Access Control vulnerabilities arise, but rather a testing methodology.

If you want to learn how BAC bugs work, check this out โžก๏ธ portswigger.net/web-security/aโ€ฆ
1๏ธโƒฃ Know your target

In order to know what which user role can do, you have to know your target well.

If documentations are available, make full use of them, if not, use the app as much as you can from the perspective of each user role (have a different account for each role)
Read 9 tweets
Start your Career in Cyber-Security / Information-Security by spending $0

These are FREE University courses that are available online for you to take!
๐Ÿงต

#infosec #infosecurity #Harvard #NetworkSecurity #CyberMonday2022 #CyberSecurityAwareness
๐ˆ๐๐Œ - ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐š๐ฌ๐ข๐œ๐ฌ
This course gives you the background needed to understand the basics of Cybersecurity.
๐Ÿ–‡๏ธ
edx.org/course/cyberseโ€ฆ
๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐…๐ฎ๐ง๐๐š๐ฆ๐ž๐ง๐ญ๐š๐ฅ๐ฌ

Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate potential cyber attacks.
๐Ÿ–‡๏ธ
edx.org/course/cyberseโ€ฆ
Read 10 tweets
Bug Testing Methodology Series:

๐—๐’๐’ (๐‚๐ซ๐จ๐ฌ๐ฌ ๐’๐ข๐ญ๐ž ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ )

Learn how to test for #XSS step by step on real #bugbounty programs.

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, it should be mentioned that this thread will only focus on the testing methodology of XSS, not teaching how it works.

If you don't already know what XSS is, check this out โžก๏ธ portswigger.net/web-security/cโ€ฆ
1๏ธโƒฃ Look for reflections

This is the first step in finding XSS.

Anywhere you see user input is reflected in the response (not limited to what you see on the page, it could be in source code/HTTP response only), note the location/parameter down, that's a potential attack vector.
Read 10 tweets
Complete roadmap to get into #cybersecurity in 2022:

Thread๐Ÿงต๐Ÿ‘‡

#cybersecurity #cybersecuritytips #infosec #hacking #hacker #bugbounty #bugbountytips #infosecurity
1๏ธโƒฃ IT Fundamentals

Before jumping into more advanced fields, you gotta know the basics.

You can learn everything you need for FREE from
@ProfessorMesser's course โžก๏ธ professormesser.com/free-a-plus-trโ€ฆ

For reference, you should be apt for @CompTIA's A+ certification before the next step.
2๏ธโƒฃ Networking

It's time to get technical.

Networking will teach you how the internet works, and it's CRUCIAL to have a SOLID understanding of this subejct.

You don't have to be a network engineer, but know things like the OSI Model, TCP/IP, Ports & Services, CIDR, Subnets, etc
Read 18 tweets
Networking Refresher: #infosecurity #tech #Thread #tech #linux

Seven Second Subnetting:
Subnet Guide: drive.google.com/file/d/1ETKH31โ€ฆ
Setting up our Lab #infosec #bugbounty

VMware: vmware.com/products/worksโ€ฆ
VirtualBox: virtualbox.org/wiki/Downloads
Kali Download: offensive-security.com/kali-linux-vm-โ€ฆ
Official Offensive Security kali 2019.3 release: cdimage.kali.org/kali-2019.3/
Other Offical kali 2019 Releases: cdimage.kali.org
Mid-Course Capstone #infosec

New Capstone boxes: drive.google.com/drive/folders/โ€ฆ
Old Capstone boxes:
Linux Priv Esc course: academy.tcm-sec.com/p/windows-privโ€ฆ
Windows Priv Esc Course: academy.tcm-sec.com/p/linux-privilโ€ฆ
Read 4 tweets
List Of Best Cyber Security and Hacking Documentaries | #infosec

[ Thread ]

#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity #thesecureedge #Security
1. We Are Legion โ€“ The Story Of The Hacktivists -lnkd.in/dEihGfAg
2. The Internetโ€™s Own Boy: The Story Of Aaron Swartz - lnkd.in/d3hQVxqp
3. Hackers Wanted - lnkd.in/du-pMY2R
4. Secret History Of Hacking -
5. Def Con: The Documentary - lnkd.in/dPE4jVVA
6. Web Warriors - lnkd.in/dip22djp
7. Risk (2016) - lnkd.in/dMgWT-TN
8. Zero Days (2016) - lnkd.in/dq_gZA8z
Read 6 tweets
List Of Best Cyber Security and Hacking Documentaries | #infosec

[ Thread ]

#cybersecurity #hacking #IoT #bugbounty #linux #tech #movies #infosecurity
#thesecureedge #security
1. We Are Legion โ€“ The Story Of The Hacktivists
-lnkd.in/dEihGfAg

2. The Internetโ€™s Own Boy: The Story Of Aaron Swartz
- lnkd.in/d3hQVxqp

3. Hackers Wanted - lnkd.in/du-pMY2R

4. Secret History Of Hacking
- lnkd.in/dnCWU-hp
5. Def Con: The Documentary
- lnkd.in/dPE4jVVA

6. Web Warriors
- lnkd.in/dip22djp

7. Risk (2016)
- lnkd.in/dMgWT-TN

8. Zero Days (2016)
- lnkd.in/dq_gZA8z
Read 8 tweets
#securityexplained
S-6: Bypassing Biometrics in iOS with Objection

Many applications in iOS platform provides a functionality to enable touch/face ID to act as an added layer of protection to the application. However, it is possible to bypass this layer.

(1/n)
(2/n)
If the attack has "physical access" to the device, there are multiple options to bypass the checks, however, one of the simplest methods is to use "Objection".
Before, performing the attack ensure that the Frida is running. Also, the Objection must be installed.
(3/n)
# How to perform the attack:

1. Run the following command: objection --gadget <package_name_here>
2. In the objection run following command: ios ui biometrics_bypass
Read 6 tweets
@Walmart disrupting the healthcare market and its #cybersecurity implications - #Thread 1/7

That's big news, as Walmart has the power to change this market completely

@lauralovett7 describes it accurately as a shake up in this article on @MobiHealthNews

mobihealthnews.com/news/how-retaiโ€ฆ
With over 200M weekly customers and over 4000 stores in medically unserved communities (MUC), this retail giantโ€™s power is enormous.

In fact itโ€™s nothing new, as @amazon is already taking part in the healthcare market via @PillPack, their medicine delivery services. 2/7
The distribution of medical services for this market leader in the coming years will most likely involve cutting edge tech, including AI models and machine learning to allow a full transformation of required data. 3/7
Read 8 tweets
1/How @ElevenFinance got hacked? ๐Ÿงต

The exploit was possible due to a bug in emergencyBurn() function of ElevenNeverSellVault.

There is a transfer of previously deposited funds during the function call, but there is a lack of burning of Nerve shares to account for the transfer Image
2/ In other words, an attacker could double-spend Nerve shares he acquired during initial deposit to the vault.

emergencyBurn() didnโ€™t burn 11NRV Tokens so an attacker used them in โ€œwithdrawAll()โ€ to get additional LP Tokens in return.
3/ He burned LP Tokens on PancakeSwap getting the underlying tokens.

After repaying the FlashSwap, attacker was left with funds from burning second time the 11NRV Tokens.

This was done on multiple vaults on ElevenFinance, marking a total loss of $4.5M.
Read 4 tweets
#learn365 Day-21: GraphQL Vulnerabilities (Part-2)
1. Information Disclosure via Error Messages
- Similar to the normal information disclosure via error triggering.
- Provide malformed or unexpected input within GraphQL queries.

#BugBountyTips #appsec #infosecurity

(1/n)
(2/n)
- Sometimes you may observe verbose error messages revealing sensitive information.

2. GraphQL Denial of Service
- Due to an improper limit on the maximum query depth, it might be possible to perform a denial of service in graphql implementation.
(3/n)
- Nest a query to unlimited depth and send this query on a GraphQL endpoint to observe anything suspicious.
- A good example: owasp-skf.gitbook.io/asvs-write-upsโ€ฆ

3. Insecure Direct Object Reference
- Similar to normal API like IDORs
- A good example: owasp-skf.gitbook.io/asvs-write-upsโ€ฆ
Read 4 tweets
15 Jan 2021, If you are using @WhatsApp Web, your Mobile Number and Messages are being index by @Google again. Don't know why WhatsApp is still not monitoring their website and google. This is 3rd time.
#Infosec #Privacy #infosecurity #GDPR #Whatsapp #Privacy #Policy #Google ImageImage
This time, @WhatsApp is actually using a โ€œRobots.txtโ€ file and a โ€œdisallow allโ€ setting, so they are instructing @Google not to index anything. Google is still Indexing.
#InfoSec
Mobile Number and Messages on WhatsApp Web Is Being Indexed by Google Again. @Techna @billtoulas
technadu.com/whatsapp-web-iโ€ฆ
#InfoSec
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!