Pierre 🇪🇨 | Alpha Cybersecurity

@alpha_cybersec

Cyber Threat Intelligence Analyst • Threat Hunter • Java Programmer•

Quito, Ecuador

Joined May 2021

625 Following

74 Followers

811 Posts

Pierre 🇪🇨 | Alpha Cybersecurity @alpha_cybersec

over 1 year ago

@LaarBox El ID del envío es UIO1389263033.

1

0

0

0

64

Pierre 🇪🇨 | Alpha Cybersecurity @alpha_cybersec

over 1 year ago

@LaarBox @LaarBox cómo puede ser posible que el paquete que pedí hace más de un mes no haya llegado aún. Encima que lo de aduana pague el 6 de diciembre. Y me siguen diciendo que está en la bodega temporal. Cada vez que me comunico por Whatsapp se demoran horas en pasarme con un agente.

alpha_cybersec's tweet photo. @LaarBox @LaarBox cómo puede ser posible que el paquete que pedí hace más de un mes no haya llegado aún. Encima que lo de aduana pague el 6 de diciembre. Y me siguen diciendo que está en la bodega temporal. Cada vez que me comunico por Whatsapp se demoran horas en pasarme con un agente. https://t.co/5OZxR5subX

2

0

0

0

206

Pierre 🇪🇨 | Alpha Cybersecurity @alpha_cybersec

over 1 year ago

📷 Big shoutout to @ECCUniversity for an incredible CTF challenge! 📷📷 Thank you, EC-Council University, for this fantastic opportunity! 📷 #CyberSecurity #CTF #EthicalHacking #CyberSkills #eccu #ECCouncilUniversityCTF #CyberChallenge #ECCouncilUniversity

alpha_cybersec's tweet photo. 📷 Big shoutout to @ECCUniversity for an incredible CTF challenge! 📷📷
Thank you, EC-Council University, for this fantastic opportunity! 📷 #CyberSecurity #CTF #EthicalHacking #CyberSkills #eccu #ECCouncilUniversityCTF #CyberChallenge #ECCouncilUniversity https://t.co/AamY65LEaI

0

0

0

0

50

alpha_cybersec retweeted

over 1 year ago

Malware Analysis series by @cocomelonckz Part 1 : https://t.co/esgRmT1IUy Part 2 : https://t.co/gIqd3I9YCF Part 3 : https://t.co/Sf1XqrZMQ1 Part 4 : https://t.co/sNqItO1TCs Part 6 : https://t.co/flsy9q9MAM Part 7 : https://t.co/KaPxMdlfLc Part 8 : https://t.co/i31lilgTXW #malware #analysis #pwn

5mukx's tweet photo. Malware Analysis series by @cocomelonckz

Part 1 : https://t.co/esgRmT1IUy
Part 2 : https://t.co/gIqd3I9YCF
Part 3 : https://t.co/Sf1XqrZMQ1
Part 4 : https://t.co/sNqItO1TCs
Part 6 : https://t.co/flsy9q9MAM
Part 7 : https://t.co/KaPxMdlfLc
Part 8 : https://t.co/i31lilgTXW

#malware #analysis #pwn

6

921

271

1K

46K

Who to follow

Project Sekai CTF

@ProjectSEKAIctf

Project SEKAI, yet another CTF team. Recruiting: https://t.co/2ahLBWEYpZ Sponsorship & Partnership: [email protected]

Parvez Mosharaf Siam🇧🇩

Security Researcher | Knight Squad Member | CTF player | CTF organizer

Vaibhav Lakhani

VAPT | Red Teaming | Trainer @udemy @thebountybox

alpha_cybersec retweeted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

over 1 year ago

🧑‍💻CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others 📄CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed behind Cloudflare's protective shield. Subdomain scanning is employed as a key technique in this pursuit. This tool is an invaluable resource for penetration testers, security professionals, and web administrators seeking to perform comprehensive security assessments and identify vulnerabilities that may be obscured by Cloudflare's security measures. 📒Checkout on Github https://t.co/dm67tEWyAc #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

bountywriteups's tweet photo. 🧑‍💻CloakQuest3r - Uncover the true IP address of websites safeguarded by Cloudflare & Others

📄CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare and other alternatives, a widely adopted web security and performance enhancement service. Its core mission is to accurately discern the actual IP address of web servers that are concealed behind Cloudflare's protective shield. Subdomain scanning is employed as a key technique in this pursuit. This tool is an invaluable resource for penetration testers, security professionals, and web administrators seeking to perform comprehensive security assessments and identify vulnerabilities that may be obscured by Cloudflare's security measures.

📒Checkout on Github
https://t.co/dm67tEWyAc

#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

1

559

128

547

32K

alpha_cybersec retweeted

over 1 year ago

Attacking UNIX Systems via CUPS (Part I) : https://t.co/wnPJuB085D

6

666

106

382

48K

alpha_cybersec retweeted

over 1 year ago

CAPTCHA Bypass Methods

hetmehtaa's tweet photo. CAPTCHA Bypass Methods https://t.co/kZxOrZILJy

3

1K

178

1K

106K

alpha_cybersec retweeted

HADESS @Hadess_security

over 1 year ago

Attacking MongoDB https://t.co/0sWiXH8FRF Other Series👇 HTTP Security Header: https://t.co/vityvV9HjA #mongodb #devops #devsecops #database #nosql

Hadess_security's tweet photo. Attacking MongoDB
https://t.co/0sWiXH8FRF

Other Series👇
HTTP Security Header: https://t.co/vityvV9HjA

#mongodb #devops #devsecops #database #nosql https://t.co/Y0KdiqjCrq

0

30

11

12

1K

alpha_cybersec retweeted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

over 1 year ago

🔰 Sql Injection - WAF Bypass using TOR sqlmap -r request.txt --time-sec=10 --tor --tor-type=SOCKS5 --check-tor #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp #bookmyshow

0

115

26

67

5K

alpha_cybersec retweeted

over 1 year ago

try this google dork to find senstive files on website: site:*.dell.com (ext:doc OR ext:docx OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:log OR ext:bak OR ext:conf OR ext:sql)

4

390

67

452

24K

alpha_cybersec retweeted

Scott Sutherland @_nullbind

over 1 year ago

This is very useful, worth the read for red teamers. https://t.co/OVPjLpbB7Y

3

442

109

388

29K

alpha_cybersec retweeted

over 1 year ago

A list of the most used Google dorks to use on your targets! 🤠 What others can you add? 🤔

intigriti's tweet photo. A list of the most used Google dorks to use on your targets! 🤠

What others can you add? 🤔 https://t.co/7D7pXiHY3N

2

151

34

141

12K

alpha_cybersec retweeted

𝕏 Bug Bounty Writeups 𝕏

@bountywriteups

over 1 year ago

🚨 Find Spring Boot servers with Shodan 🚨 By @sw33tLie Search for the following favicon hash in Shodan to find Spring Boot servers deployed in the target organization: org:YOUR_TARGET http.favicon.hash:116323821 Then check for exposed actuators. If /env is available, you can probably achieve RCE. If /heapdump is accessible, you may find private keys and tokens. In case you are unfamiliar with Spring Boot technology, do not worry. Here’s a quick 101. Spring Boot is an open source Java-based framework used to build stand-alone spring applications based on the concepts of micro services. Spring Boot Actuator is a mechanism of interacting with them using a web interface. They are typically mapped to URL such as: https://t.co/KvoJCmpVSZ https://t.co/Z5Fktgrmkp etc. Here’s an example of exposed /env actuator #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

bountywriteups's tweet photo. 🚨 Find Spring Boot servers with Shodan 🚨
By @sw33tLie

Search for the following favicon hash in Shodan to find Spring Boot servers deployed in the target organization:

org:YOUR_TARGET http.favicon.hash:116323821

Then check for exposed actuators. If /env is available, you can probably achieve RCE. If /heapdump is accessible, you may find private keys and tokens.

In case you are unfamiliar with Spring Boot technology, do not worry. Here’s a quick 101.

Spring Boot is an open source Java-based framework used to build stand-alone spring applications based on the concepts of micro services.

Spring Boot Actuator is a mechanism of interacting with them using a web interface. They are typically mapped to URL such as:

https://t.co/KvoJCmpVSZ
https://t.co/Z5Fktgrmkp
etc.
Here’s an example of exposed /env actuator

#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

1

186

50

153

12K

alpha_cybersec retweeted

over 1 year ago

The moment for those who have been waiting for it. I have released my pentest template for Obsidian: https://t.co/sFxSOfB0zk This template includes better structure, tags, and more techniques that I use on engagements, hackthebox, and in PEN-200.

9

397

105

317

26K

alpha_cybersec retweeted

over 1 year ago

during a recent forensic investigation, threat actors were proxying traffic through an Amazon API in order to enumerate user accounts in Microsoft Entra ID To see if this activity is present in your environment, look for user agent beginning with the string "AmazonAPIGateway"

1

175

29

136

20K

alpha_cybersec retweeted

over 1 year ago

Bad news for the onion network. German prosecutors have been able to deanon Tor users since at least 2022 by tapping Tor Nodes over long time and then doing a timing analysis. Journalists saw documents related to at least one court case where this method was successful 4 times.

43

3K

586

766

264K

alpha_cybersec retweeted

over 1 year ago

Today we are releasing our FREE: "Introduction to x86 Assembly" educational course! This FREE course covers registers, the stack, writing code, and compiling that code! With a detailed breakdown on registers, sections, and the stack this FREE course is perfect! Links👇

usetraceix's tweet photo. Today we are releasing our FREE: "Introduction to x86 Assembly" educational course!

This FREE course covers registers, the stack, writing code, and compiling that code!

With a detailed breakdown on registers, sections, and the stack this FREE course is perfect!

Links👇

usetraceix's tweet photo. Today we are releasing our FREE: "Introduction to x86 Assembly" educational course!

This FREE course covers registers, the stack, writing code, and compiling that code!

With a detailed breakdown on registers, sections, and the stack this FREE course is perfect!

Links👇

usetraceix's tweet photo. Today we are releasing our FREE: "Introduction to x86 Assembly" educational course!

This FREE course covers registers, the stack, writing code, and compiling that code!

With a detailed breakdown on registers, sections, and the stack this FREE course is perfect!

Links👇

usetraceix's tweet photo. Today we are releasing our FREE: "Introduction to x86 Assembly" educational course!

This FREE course covers registers, the stack, writing code, and compiling that code!

With a detailed breakdown on registers, sections, and the stack this FREE course is perfect!

Links👇

8

1K

247

1K

5M

alpha_cybersec retweeted

over 1 year ago

💡 BugBountyTip: Did you know that if Jenkins was left incorrectly configured, it could allow you to signup for an account and sometimes even provide you access to the CI/CD pipeline, build logs and even Jenkins Groovy console? Routes to check: • /signup • /jenkins/signup

intigriti's tweet photo. 💡 BugBountyTip:

Did you know that if Jenkins was left incorrectly configured, it could allow you to signup for an account and sometimes even provide you access to the CI/CD pipeline, build logs and even Jenkins Groovy console?

Routes to check:
• /signup
• /jenkins/signup https://t.co/efqBoesb6U

3

244

29

149

12K

alpha_cybersec retweeted

HADESS @Hadess_security

over 1 year ago

Resetting Hardware for Red Teamer https://t.co/ackBEXJ0c2 Imagine the intricate ballet of power cycles—five deliberate resets, each one a calculated step towards revealing a device’s most guarded secrets. Cheatsheet Repo: https://t.co/ceTVHxxdBX #redteam #ics #iot #hardware

Hadess_security's tweet photo. Resetting Hardware for Red Teamer
https://t.co/ackBEXJ0c2

Imagine the intricate ballet of power cycles—five deliberate resets, each one a calculated step towards revealing a device’s most guarded secrets.
Cheatsheet Repo:
https://t.co/ceTVHxxdBX

#redteam #ics #iot #hardware https://t.co/XjwBmsnhSh

0

23

5

5

789

alpha_cybersec retweeted

over 1 year ago

Using NTDS.dit and the SYSTEM data from Windows registry to find and crack domain user password hashes -- nothing fancy, impacket and hashcat, but with a slight twist of "multi-factor authentication" fatigue... and a subtle teaser for an upcoming CTF 👀 https://t.co/lTcuVTWYSh

_JohnHammond's tweet photo. Using NTDS.dit and the SYSTEM data from Windows registry to find and crack domain user password hashes -- nothing fancy, impacket and hashcat, but with a slight twist of "multi-factor authentication" fatigue... and a subtle teaser for an upcoming CTF 👀 https://t.co/lTcuVTWYSh https://t.co/ODrwyAdCH6

1

330

62

117

18K

Last Seen Users on Sotwe

Trends for you

Most Popular Users