Olivia
Online
PRAHADEESH
@AnonymousSphinx
Cyber Security researcher | Musicofanatic 🎶| Python programmer | eJPT | Blogger
India
Joined January 2020
620 Following
121 Followers
249 Posts
@appSecExp @lean0x2f I think if one platform has started, then the remaining ones will also follow the same.
I’m an Incident Responder on the AWS Customer Incident Response Team (CIRT). And I get asked a lot of questions, like:
“Where do I even start with incident response in the cloud?”
Here’s a beginner-friendly thread on AWS IR tips — with a few lessons I learned 🧵👇
The Time Has Come for Robots.
I build AI Agents to replace office workers, but these demos convince me! All physical labor will be gone to robots, too. (even the world's oldest profession).
Just watch it if you disagree. The biggest robot thread ever (50 demos):
Since you liked the last one 80 MORE bug bounty tips and techniques
1️⃣ Use amass enum -passive -d https://t.co/DAXb48PNs5 for passive subdomain enumeration 🕵️♂️
2️⃣ Automate subdomain bruteforcing with subfinder -d https://t.co/DAXb48PNs5 | httprobe
3️⃣ Use httpx -silent -title -tech-detect to identify web technologies 💡
4️⃣ Scan for subdomain takeovers with subjack -w subdomains.txt -t 50 -o results.txt
5️⃣ Use gau https://t.co/DAXb48PNs5 | tee urls.txt to extract archived URLs 🏛
6️⃣ Automate XSS testing with dalfox -b https://t.co/KpprP9dyuC -u https://t.co/DAXb48PNs5
7️⃣ Check for API key leaks with truffleHog --regex --entropy=True 🔑
8️⃣ Use waybackurls https://t.co/DAXb48PNs5 to find historical endpoints
9️⃣ Scan JavaScript files for secrets with linkfinder -i target.js 🔎
🔟 Use dirsearch -u https://t.co/bk7AB2mMmo -e php,html,js to find hidden directories
1️⃣1️⃣ Automate WordPress vulnerability scanning with wpscan --url https://t.co/bk7AB2mMmo --enumerate u
1️⃣2️⃣ Scan for misconfigured Firebase databases with https://t.co/39cgWdb8W7
1️⃣3️⃣ Detect leaked credentials in Git repositories using GitLeaks 🛠
1️⃣4️⃣ Hunt for CSP misconfigurations using csp-evaluator
1️⃣5️⃣ Fuzz GET parameters with ffuf -u https://t.co/ZXeh72h7WP -w params.txt
1️⃣6️⃣ Automate hidden parameter discovery with ParamSpider -d https://t.co/DAXb48PNs5
1️⃣7️⃣ Use gf to find common vulnerabilities in HTTP responses
1️⃣8️⃣ Identify vulnerable third-party libraries using retire.js 📜
1️⃣9️⃣ Automate SQLi detection with sqlmap -u "https://t.co/ThnJydHrk5" --batch
2️⃣0️⃣ Use nuclei -t cves/ -l targets.txt to automate CVE scanning
2️⃣1️⃣ Automate JWT cracking with jwt_tool -C -t token.jwt --wordlist rockyou.txt
2️⃣2️⃣ Find subdomains via https://t.co/qyWccMgsAu with curl "https://t.co/lDgz1W8Taq"
2️⃣3️⃣ Test for HTTP request smuggling with https://t.co/VRu2DoGf29 -u https://t.co/bk7AB2mMmo
2️⃣4️⃣ Detect SSRF vulnerabilities using Burp Collaborator 🌐
2️⃣5️⃣ Use dnsx -l subdomains.txt -silent -a to resolve A records
2️⃣6️⃣ Scan for open ports using nmap -p- -T4 -A https://t.co/DAXb48PNs5
2️⃣7️⃣ Automate API testing with nuclei -t nuclei-templates/api
2️⃣8️⃣ Detect CORS misconfigurations with Corsy -u https://t.co/bk7AB2mMmo
2️⃣9️⃣ Check for open redirects using qsreplace 'https://t.co/Feek7Armys' | httpx -silent
3️⃣0️⃣ Automate S3 bucket scanning with s3scanner -bucket target-bucket ☁
3️⃣1️⃣ Use tplmap -u https://t.co/bk7AB2mMmo -p param for template injection
3️⃣2️⃣ Bypass WAFs using ffuf -u https://t.co/7zoC5kaMIN -w bypass.txt
3️⃣3️⃣ Find misconfigured GraphQL endpoints with GraphQLmap -u https://t.co/O6xxLxeMSK
3️⃣4️⃣ Enumerate login endpoints using waybackurls | gf login
3️⃣5️⃣ Automate IDOR testing with ffuf -u https://t.co/NfkiPaXDHq -w ids.txt
3️⃣6️⃣ Test for XML External Entity (XXE) attacks using XXEinjector
3️⃣7️⃣ Scan for directory traversal vulnerabilities using dotdotpwn
3️⃣8️⃣ Automate SSRF testing with Burp Suite Collaborator
3️⃣9️⃣ Identify default credentials with medusa -h https://t.co/DAXb48PNs5 -u admin -P rockyou.txt -M http
4️⃣0️⃣ Detect hardcoded secrets in mobile apps using apktool 📱
4️⃣1️⃣ Automate brute-forcing login pages using hydra -L users.txt -P passwords.txt https://t.co/DAXb48PNs5 http-post-form
4️⃣2️⃣ Scan for CSP bypass vectors using csp-scanner
4️⃣3️⃣ Use feroxbuster -u https://t.co/bk7AB2mMmo -t 50 -e to find hidden files
4️⃣4️⃣ Extract secrets from JavaScript with SecretFinder -i target.js
4️⃣5️⃣ Check for SSRF using burp collaborator and manual payload injection
4️⃣6️⃣ Automate HTTP method testing using metasploit auxiliary/scanner/http/http_methods
4️⃣7️⃣ Scan for robots.txt restricted paths using wget --mirror --no-robots
4️⃣8️⃣ Find forgotten admin panels with Gobuster dir -u https://t.co/bk7AB2mMmo -w admin-panels.txt
4️⃣9️⃣ Check for LFI vulnerabilities with dotdotpwn -m http -u "https://t.co/lYdGDQdrh0"
5️⃣0️⃣ Detect open database instances using Shodan search "port:27017"
5️⃣1️⃣ Scan for outdated dependencies using OWASP Dependency-Check
5️⃣2️⃣ Automate API fuzzing with ffuf -u https://t.co/So7RZd7HjB -w wordlist.txt
5️⃣3️⃣ Test for reflected parameters with gf xss | httpx -silent
5️⃣4️⃣ Check for broken access control by modifying session tokens manually 🛑
5️⃣5️⃣ Hunt for forgotten endpoints with waybackurls https://t.co/DAXb48PNs5 | gf endpoints
5️⃣6️⃣ Find misconfigured .git repositories with git-dumper https://t.co/D1nhYlNzqq /output-dir
5️⃣7️⃣ Scan for weak TLS configurations using https://t.co/XNR72QHSCc https://t.co/DAXb48PNs5
5️⃣8️⃣ Automate vulnerability detection with nuclei -t nuclei-templates/
5️⃣9️⃣ Test for blind XSS using https://t.co/5QfVyKE6HY
6️⃣0️⃣ Identify parameter pollution vulnerabilities using arjun -u https://t.co/bk7AB2mMmo
6️⃣1️⃣ Automate cookie poisoning attacks using Cookiemonster
6️⃣2️⃣ Extract sensitive data from memory dumps using volatility
6️⃣3️⃣ Identify hidden webshells using find /var/www -name "*.php" -size +1000k
6️⃣4️⃣ Scan for WebSockets vulnerabilities using wssip -u wss://target.com
6️⃣5️⃣ Automate NoSQL injection testing using nosqlmap
6️⃣6️⃣ Enumerate AWS permissions using enumerate-iam
6️⃣7️⃣ Automate password reset abuse detection using ffuf
6️⃣8️⃣ Extract JavaScript endpoints with getJS -u https://t.co/DAXb48PNs5
6️⃣9️⃣ Detect API misconfigurations with Swagger Scanner
7️⃣0️⃣ Bypass 2FA with brute-force techniques using burp sequencer
7️⃣1️⃣ Automate timing attacks using time-based SQLi fuzzing with sqlmap
7️⃣2️⃣ Search for leaked credentials in public repos using Gitrob
7️⃣3️⃣ Bruteforce GraphQL queries with GraphQLmap
7️⃣4️⃣ Automate fuzzing request parameters using wfuzz
7️⃣5️⃣ Extract sensitive headers using curl -I https://t.co/DAXb48PNs5
7️⃣6️⃣ Automate SSRF exploitation using ssrfmap
7️⃣7️⃣ Detect outdated servers using whatweb
7️⃣8️⃣ Scan for open RDP ports using nmap -p 3389 --script=rdp* https://t.co/DAXb48PNs5
7️⃣9️⃣ Use nikto -host https://t.co/bk7AB2mMmo for basic vulnerability scanning
8️⃣0️⃣ Test for CRLF injection using crlfuzz
🚀 Happy Bug Hunting! 🎯💻 #BugBounty #CyberSecurity #EthicalHacking #Pentesting #Automation #BugHunting
So you're interested in hardware hacking and tinkering? Me too let me share my top resources for getting started with solidering, CAD, electrical engineering etc... DISCLAIMER I am still a noob but I wanted to share anyway
1/12
🎉 SAL1 Certification Giveaway! 🎉
We're giving away 10 SAL1 certifications, and YOU could be a winner! 🚀
✅ Share this post on your social media
👥 Tag a SOC analyst buddy
💬 Comment how SAL1 will impact your cyber career
Winners will be contacted on 11 March 2025
New blog post with @infosec_au:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
The issue was reported and patched.
Full post here: https://t.co/QPzRIqqx9t
Disclosure of 7 Android and Google Pixel Vulnerabilities - PoC published : https://t.co/XeaszDQLzl
PoC :
Writeup for this chall:
https://t.co/asSdfRL99Z
OpenAI CEO Sam Altman did a Reddit AMA today w/ CPO Kevin Weil, SVP of Research Mark Chen, VP of Engineering Srinivas Narayanan, and chief scientist Jakub Pachocki. Here's some of the highlights 🧵
@kamran4300 Wow!!! Very interesting gadgets :)
1/ Gru AI
An advanced AI developer designed to assist you in solving technical issues such as coding/testing/debugging, building algorithms and more
🔗 https://t.co/xQneJmPa9w
@vinceflibustier Reallyy
The Microsoft / CrowdStrike outage has taken down most airports in India. I got my first hand-written boarding pass today 😅
Getting the maximum impact :
read the SSH PRIVATE KEY:
aCSHELL/../../../../../../../home/admin/.ssh/id_rsa
connect to the server :
ssh [email protected] -i id_rsa
API hacking is simple, easier to learn and reproduce.
Down below are massive API hacking resources.
PS: You might definitely want to bookmark this and come.
My personal GPT for offensive security, SecGPT. Been working on it for a while now.
I use it like i have a peer in a chair next to me, asking questions to learn and bounce ideas off of.
Enjoy:
https://t.co/sc8HWC1MW9
🎁Monthly Giveaway🎁
HTB 1-month Pro Lab Bundle x2
- Follow, Like, and Retweet to join!
- Winner will be picked randomly on 20 Jan.
#hackthebox #giveaway #projectsekaictf
Last Seen Users on Sotwe
Olaf Falafel
Seen from United States
Trai đẹp Doyin
Seen from Vietnam
ToiletTwink593
Seen from United States
hito🐯 
Seen from Korea
AZGİN BOĞA
Seen from Turkey
Trần nguyễn nam phúc
Seen from Vietnam
Việt
Seen from Vietnam
terong janda
Seen from Singapore
광주 초보 부부
Seen from Korea
Penyuka ibu ibu stw
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers