Discover and read the best of Twitter Threads about #hacking

Most recents (24)

Fiona Wightman, ex-wife of comedian Paul Whitehouse, is now giving evidence.

Mirror Group Newspapers admits unlawful information gathering - including paying a private investigator to “blag” her private medical records during her cancer treatment. But deny she was phoned hacked.
Fiona Wightman says in her witness statement “I began to get door stepped by journalists and asked to talk about my cancer. I was really shocked as I considered it private and didn't at any point give my story to the press.”
“I had someone calling the hospital pretending they should have had access to my records. I felt totally invaded and confused.”
Read 15 tweets
Prince Harry arrives at the High Court to give evidence in his hacking case against Mirror Group Newspapers.

The first time in 130 years a senior Royal has appeared in a court witness box.

And promises to be box office… I’m off to get my seat in court! #PrinceHarry #Hacking
Prince Harry was quiet and sounded nervous as he stated his name “Prince Harry” and swore an oath on the bible in the witness box
I’ve never heard a barrister have to explain to the court the protocol on how to address a witness… “Your Royal Highness” in the first instance, then “Prince Harry”
Read 21 tweets
10 ways to use awk for hackers! 🚀 🧵👇 Image
1️⃣ Extracting Specific Columns from a CSV File

Quickly extract email addresses and phone numbers from a huge contact list.

#DataExtraction #EthicalHacking Image
2️⃣ Filtering Lines Based on a Pattern

Filter out sensitive information like passwords from log files.

#LogAnalysis #Security Image
Read 11 tweets
Some of the major vulnerabilities and related POC’s:

➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF

#hacking #bugbounty #bugbountytips

Are Found Below🧵(1/n)👇
Read 13 tweets
Final day of the Training at #hardwear_io USA & the sessions are turning super exciting!

Here is a glimpse from @reivilo_t 's Training

🔬Extracting bits from Scanning Electron Microscope pictures using Fiji and python scripting +

💽Getting the binary of ROMs

#hw_ioUSA2023 Image
Day 3 at #TEEPwn Training by Cristofaro @pulsoid !

⌨️Students performing exciting hands-on exercises with TEE-specific exploitation techniques + a solid understanding of #ARM TrustZone-based TEEs

#hw_ioUSA2023 #hardwaresecurity Image
Read 3 tweets
🔥Gary McKinnon - arrêté à #Londres en 2002 pour avoir piraté des dizaines d'ordinateurs de l'armée américaine et de la #NASA (traduction ci-dessous)

"...Londres, Angleterre, 19 mars 2002. Peu après 8 heures,
#Military @YvesPDB #UAPs #Aliens #USA #RoyaumeUni #Hacking
l'unité nationale de lutte contre la criminalité liée à la haute technologie arrive au domicile de Gary McKinnon, un ingénieur informatique écossais de 36 ans. Ils sont là pour l'arrêter au nom du ministère de la Justice des États-Unis
pour avoir piraté des ordinateurs top secrets de la NASA et du Pentagone.
Non seulement McKinnon reconnaît son crime, mais il affirme avoir découvert des preuves que le gouvernement américain travaillait avec des êtres extraterrestres.
Read 11 tweets
Here’s what we learnt on Day Two of Duke of Sussex v NGN hearing…

#PrinceHarry was watching on a video-link from LA as more shocking details about alleged hacking and blagging at The Sun and News of The World were revealed in court documents.
It’s alleged in the mid-90s The Sun was even intercepting the phone calls and messages of Charles, now King Charles, and Camilla, now Queen Consort.
Prince Harry claims his own private information about his “education, his health and welfare” - would’ve been accessed as a result #hacking #RoyalFamily
Read 7 tweets
Back at the High Court for another explosive Prince Harry court case against the tabloids - this time it’s The Sun and the News of the World #PrinceHarry #RoyalFamily
Prince Harry is not here at the High Court today - but his presence looms large in the British judicial system right now. This is the latest in a series of legal battles against tabloid newspapers
Prince Harry accuses The Sun and the News of the World of multiple unlawful acts:

-illegally intercepting voicemails
-“blagging” private info like phone bills or medical records
-using private investigators to commit unlawful acts
Read 25 tweets
Top free #Cybersecurity and ethical #hacking certification⚔️📓

1./Introduction to IT & Cybersecurity (Cybrary) = cybrary.it/course/introdu…

2./Mobile App Security (Cybrary) = cybrary.it/course/mobile-…

3./Introduction to Cybersecurity (edx) = edx.org/course/introdu…
4./Introduction to Cyber Security (Future Learn) = futurelearn.com/courses/introd…

5./Introduction to Encryption and Cryptography (Future Learn) = futurelearn.com/courses/encryp…

6./Fundamentals of Red Hat Linux (edx) = edx.org/course/fundame…
7./ Introduction to Cybersecurity (Codecademy) = codecademy.com/learn/introduc…

8./ Cisco Networking Academy = netacad.com/courses/all-co…

9./ SANS Cyber Aces (covers foundation areas of cybersecurity) - cyberaces.org/courses.html

10./ Opensecurity - = opensecuritytraining.info/Training.html
Read 4 tweets
A lesser-known yet effective way of #bugbounty hunting is called "hacktivity" hunting. It involves bypassing fixes on disclosed reports found on @Hacker0x01's hacktivity page. This approach helped me score a $5k bounty! Here's how it works.👇

#InfoSec #CyberSecurity
With hacktivity hunting, the hard part - finding interesting behavior or insecure features - is already done for you. Your main role is to find a bypass.

For example, I found a bypass for a report on hackerone.com/reports/949643

#BugBountyTips
The original report tried to restrict access to /admin by restricting the path in Nginx. However, I bypassed it using simple encoding - /%2561dmin. Endpoints required authentication, but I bypassed this by adding ".json" at the end.

#BugBounty #Hacking
Read 8 tweets
WARNING:
There are new pathogens in our midst.

My latest article about media #manipulators, velocity #hacking, and the latest Covid origin #controversy.

Maybe some #mainstream journalists & influencers take a good look in the mirror.

Read:
protagonistfuture.substack.com/p/the-rise-of-… Image
How much should we think about the role of information in society?

In this article, I use the recent media coverage surrounding #lableak versus #zoonosis to point toward a new threat we have not yet wrapped our heads around:

Information pathogens with high #velocity. Image
#Velocity is a metric for the transmission efficacy of information given a particular content payload, its viral packaging, and its host environment.

Basically the R0 of information, a measure of #contagiousness.

Info pathogens with high velocity outcompetes good information. Image
Read 11 tweets
#cybersecurity #pentesting #hacking #DataSecurity

Cybersecurity is essential for protecting our digital lives. From personal devices to enterprise systems, cyber threats are ever-present and evolving. As technology advances, so do the tactics and techniques of cybercriminals.
One of the most important steps in securing our digital lives is to use strong, unique passwords. This means avoiding common words and phrases, & instead using a combination of letters, numbers, and symbols. It's also important to avoid reusing passwords across multiple accounts.
Another key aspect of cybersecurity is keeping software up to date. Software companies regularly release updates that include security patches and bug fixes. By keeping your software up to date, you can protect against known vulnerabilities that cybercriminals may exploit.
Read 9 tweets
𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐚𝐧𝐝 𝐑𝐞𝐯𝐞𝐫𝐬𝐞 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐂𝐨𝐧𝐭𝐞𝐧𝐭𝐬 📢

#infosec #Hacking #redteam
#malware #ReverseEngineering
#RE

Awesome Malware and Reverse Engineering
lnkd.in/dZFy_k6d

lnkd.in/dZh9hbpq
Malware API
malapi.io

lnkd.in/djqeN7RS

Malware Analysis and Reverse Engineering
lnkd.in/dXjFkZ7a

Retoolkit
lnkd.in/dwn8bRi3

Malware Bazar
bazaar.abuse.ch

Malware Analysis Journey
lnkd.in/d9B6UGQ8
Read 6 tweets
My recent #aws threads always startet with creds, but how to get these creds will be the topic over the next days.
#hacking #recon #cloud

Lets start here:
👇
Definitions first:
#aws creds: classic name and passwords e.g for IAM, or aws access and secret keys
Outside: no creds, and no connections in any way to the org and its aws cloud to be tested
Interaction Point: Any potential point, application ressource, system, vulnerabilty etc, where there is a pawsibilty to gain #aws creds, can be a lot of things

lets do outside first: #hackers are cold, let them in.
Read 13 tweets
#Veeam Community Edition Install on server 2022 for the #Ransomware Lab
Backup and Replication License Agreement goes brrr
I ACCEPT
Now here is the default config
Read 28 tweets
As much as I love automation in recon, 98% of the findings in my pentests have nothing to do with it. Why? 👇
1. Inspired by @NahamSec recent video.

First, in a large majority of the web pentests, clients want me to focus only on their app and it's features. So, there's no need for subdomain enumeration/bruteforcing or any other large recon tactic.
2. This doesn't mean that I don't use automation. I automate some of the boring and repetitive tasks via bash and python.
Read 9 tweets
More practice, less theory (but not 0 theory)

In the past, I criticized Top 1% THM who know close to nothing about the real-world aspects of a pentest.

My point was not understood and I got a lot of hate for it. Image
1. Again, there's less value in being Top 1% if your experience is purely theoretical.

Yet, you will go way further if you complement your experience (from day-to-day work in cybersecurity) with continuous practice on THM and other platforms (focusing on non-CTFish materials).
2. If you're not working in cybersecurity yet, but you want to, no problem.

Get your daily real-world experience from VDPs (and not paid bounties).
Read 4 tweets
¿Quieres participar en un #bootcamp gratuito sobre fundamentos de #ciberseguridad ? Ven acá 🧵
Voy a impartir un bootcamp sobre fundamentos de ciberseguridad completamente gratis pero altamente selectivo solo hay 10 cupos disponibles
El contenido es básico: Abarca temas desde historia y teoría de seguridad y #hacking hasta DLP, medidas de prevención y mitigación de ataques, tiene un enfoque teórico/práctico ideal para principiantes
Read 9 tweets
I pet a cat today and now my allergies are killing me, so obviously this calls for a follow up of, hey you found some #aws creds, what to do meow:

#cloud #hacking #Recon
👇
Step 1: First you gotta decide if this is more of a lazy space vibe kinda thing (A), or (B) calls for some illegal dirty acidcore and adjust your playlist accordingly:
A:
B: soundcloud.com/pitch1/i-can-h…
next drop the keys in your .aws creds file. I typically name the first set initial and work with the --profile tag in the cli, so I can keep track on were I am. Then check who you are first, with:
aws sts get-caller-identity --profile initial
Read 11 tweets
So you found #aws creds to an S3, lets do some #cloud #hacking #recon:

👇
First of all, S3 stands for serious summertime sadness
and allows the general operations of:

list
get
put
delete

An S3 is a bucket and within a bucket there are objects. Basically an object can be anyfile. Objects have keys assoziated
and a bucket nayme must be globally unique and not contain spaces or uppercase letters.
Example:
mrlee.s3.us-west-2.amazonaws.com/mafia/pizza.jpg

the bucket mrlee in the west region with an object pizza.jpg and a key of /mafia/pizza.jpg
Read 10 tweets
Grow your cybersecurity skills with this incredible collection of FREE learning resources.

⚡️ Get ready to level up!

Follow & share the 🧵

#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
1️⃣ Hands-on cyber security training through real-world scenarios.

tryhackme.com
2️⃣ LiveOverflow YouTube channel

youtube.com/@LiveOverflow
Read 11 tweets
1/ #China #USA #Europe #Hacking

China reporting

Beijing Cyber Security Lab , reported on the exposure of a hacker group whose main members are from Europe and North America, which conducts constant cyber attacks against China as its main target.
2/ This is a serious threat to the country's cyber security and data security .

A hacker group called Against The West (ATW) is reported to have said it has exposed sensitive information more than 70 times since 2021,
3/ including source code and a database of important China-related information systems, involving about 300 China-related information systems, more than 100 important government agencies; and aviation and infrastructure departments.
Read 6 tweets
Looking to kickstart your career in cybersecurity?

You can do it all with FREE resources and a clear step-by-step path

Here is How 🧵

#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1️⃣ Level - Introduction to OpenVPN

🅰️ OpenVPN: How to Connect

-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS

The room is free complete it.👇

tryhackme.com/room/openvpn
2️⃣ Introductory Research Walkthrough

Here you will learn

- How to research
- How to search for vulnerabilities

The room is free complete it.👇

tryhackme.com/room/introtore…
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!