Tweets

This is a collection of tweets from which I have learned hacking stuff. Here you can find tips, writeups and many resources to support your career.

cocomelonckzzhassulan zhussupov@cocomelonckz
my intro to syscalls. I love introductory posts =^..^= #cybersec #cybersecurity #informationsecurity #malware #malwaredev #malwareanalysis #redteam #blueteam #purpleteam #hacking #ethicalhacking #windows #winapi #win32api #programming #cpp #assembly #asm
22180
SEKTOR7netSEKTOR7 Institute@SEKTOR7net
Detecting bread crumbs of lateral movement, by Nicolas Biscos @Synacktiv #redteam
267198
SEKTOR7netSEKTOR7 Institute@SEKTOR7net
Great summary of code execution techniques with detection recommendations, by Francisco Dominguez and Denis Nagayuk. #redteam
258143
_ayoubfathi_Ayoub FATHI 阿尤布@_ayoubfathi_
How could I have Hacked into any #ChatGPT account, including saved conversations, account status, chat history and more! A tale of 4 ChatGPT vulnerabilities 👇 We can discuss it now that the #OpenAI team has confirmed it's completely fixed. Let me explain 🤌:
How could I have Hacked into any #ChatGPT account, including saved conversations, account status, chat history and more! A tale of 4 ChatGPT vulnerabilities 👇 We can discuss it now that the #OpenAI team has confirmed it's completely fixed. Let me explain 🤌: https://t.co/WwDsGtpqzI
18206834
NinadMishra5Ninad Mishra@NinadMishra5
Burp Suite > Proxy > Options > TLS Pass Through. Add these: .*\.google\.com .*\.gstatic\.com .*\.mozilla\.com .*\.googleapis\.com .*\.pki\.goog No more noise in your logs! credit:@sw33tLie #bugbountytips
18146455
binitamshahBinni Shah@binitamshah
Game Of Active Directory v2 : credits @M4yFly Part 1 : :
872175
NinjaParanoidChetan Nayak (Brute Ratel C4 Author)@NinjaParanoid
Here it goes. A detailed blog on proxying your DLL loads and hiding the original callstack from userland hooks/ETW with a new set of undocumented API and some hacky tricks. Code is on my Github repository. This one was a brain buster 🔥
10111320
GuhnooPlusLinuxkevin@GuhnooPlusLinux
Red Teamers, are you tired of uploading Sysinternals PsExec.exe when doing lateral movement? Windows has a better alternative preinstalled. Try this instead: wmic.exe /node:10.1.1.1 /user:username /password:pass process call create cmd.exe /c " command " #redteamtips #redteam
20157708
passthehashbrwnJosh@passthehashbrwn
@GuhnooPlusLinux powershell -c Invoke-WMIMethod -class Win32_Process -Name Create -ArgumentList "cmd /c net group `"Domain Admins`" /domain" -ComputerName ProdDC01
62092
SpecterOpsSpecterOps@SpecterOps
ICYMI: @_wald0 dropped a new blog post today: Passwordless Persistence and Privilege Escalation in Azure You can read it here:
265140
queesseoqueseo@queesseo
@anaqueenmaker @DotCSV Link?
202
0x0SojalSecMd Ismail Šojal@0x0SojalSec
In Burp suite, configure Proxy Listener to redirect port from 80 to 443. Profit! though some app just don't work with this method 😅 Original idea from #android #infosec
1110
techhacker98Ansh Bhawnani@techhacker98
LEARNING OSCP: Day #1 Started my journey exploring the new OffSec portal. I mean it's very intuitive if you are not used to the old one. The problem I felt was there is no separate section to access courses you've bought. #oscp #informationsecurity
LEARNING OSCP: Day #1 Started my journey exploring the new OffSec portal. I mean it's very intuitive if you are not used to the old one. The problem I felt was there is no separate section to access courses you've bought. #oscp #informationsecurity https://t.co/FrOOaMJ2Xg
61793
_zSecurity_zSecurity@_zSecurity_
Downloading and executing payloads from DNS Txt Records! #hacking #powershell #zsecurity
Downloading and executing payloads from DNS Txt Records! https://t.co/D0y6FaDGW4 #ethicalhacking #hacking #powershell #zsecurity https://t.co/GB0D9oRt3q
766307
infosec_aushubs@infosec_au
I just published a blog post for the people that want to get into bug bounties. I hope it helps people that are thinking about doing bug bounties, but haven't started yet. It explains what to expect and how to deal with common problems / situations:
27373981
hipotermiahipotermia@hipotermia
Just for fun I submitted a blind XSS payload, but I got something way better on the response. The error revealed this request was vulnerable to SQL injection as special chars were not being escaped, hence it was possible to modify the query being executed.
Just for fun I submitted a blind XSS payload, but I got something way better on the response. The error revealed this request was vulnerable to SQL injection as special chars were not being escaped, hence it was possible to modify the query being executed. https://t.co/dmShmPBGpn
9321.1K
_mrd7_MRD7@_mrd7_
Writeup: How I scored $$$$ for a very simple account takeover bug. #bugbounty
794235