Olivia
Online
Top Hat Hacking
@TopHatHacking
I'm interested in hacking, medicine, world news and technology.
believer in only 2 genders, equality through struggle, and pro constitution
worldwide
Joined December 2021
768 Following
48 Followers
930 Posts
How DNS works
@elonmusk Money worth all comes back to supply of earth metals/resources.
AI cant create that.
18 Linux commands every cybersecurity professional and enthusiasts should know.
PYTHON PROJECTS FOR HACKING
Top 10 Bug Bounty Tools (Semi-Manual Hunts)
1.Burp Suite Professional
2.Browser DevTools (Chrome / Firefox) + FoxyProxy or pwnfox
3.ffuf
4.Amass
5.waybackurls / gau
6.autorize
https://t.co/OTnibQmHZM Dorking
8.Interactsh / Burp Collaborator
9.@KN0X55 / XSStrike / Dalfox
10.curl / httpie / jq
Manual in a sense of you determining exactly what Params to throw into tools like @KN0X55 instead of blindly chucking shit at the wall. I will still use tools like this if I have a hunch!
โ ๏ธ HikvisionExploiter โ An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
Read more: https://t.co/wHEJJ3IR8w
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras.
This Python-based utility targets unauthenticated endpoints in cameras running outdated firmware, such as version 3.1.3.150324.
It streamlines reconnaissance and exploitation, highlighting how easily exposed devices can be compromised for surveillance hijacking or credential theft. HikvisionExploiter performs a series of automated checks, starting with verifying access to the /onvif-http/snapshot endpoint to capture live images without authentication.
To Get Daily Security Updates, add Cyber Security News ยฎ as your preferred source on Google -> https://t.co/N1wthFjc7B
#cybersecuritynews
@_winter_wonders Linux Lite
Cybersecurity Tools by Category
This year, Trumpโs Big Beautiful Bill gave:
Google an $18 billion tax break.
Amazon a $16 billion tax break.
Microsoft a $12 billion tax break.
Facebook an $11 billion tax break.
Now, theyโre writing checks to Trump for his $300 million ballroom.
Gee, I wonder why?
Even a decade later, this is still one of the best references on malware analysis. I remember spending an entire summer studying this book religiously. I owe the start of my career to it. Waiting for the update @nostarch ๐ค
[ Microservices - Authentication Mechanisms ] Give it a read ๐
Pro tip => These Authentication Mechanisms/Types are not limited just to microservices.
[1.] ๐๐๐ ๐๐๐ฒ๐ฌ
โพ Simple, unique identifiers assigned to each client or service.
โพ Sent as a header or query parameter with each request.
โพ Best suited for internal services, less sensitive APIs, or for granting access to specific features.
โพ Easy to implement and manage.
โพ Not as secure as token-based methods. Keys can be easily leaked or stolen.
[2.] ๐๐๐ฌ๐ข๐ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง
โพ Username and password are sent in the Authorization header as base64 encoded string.
โพ Simple to implement but requires HTTPS to be secure.
โพ Suitable for simple scenarios with low-security requirements.
โพ Widely supported and easy to understand.
โพ Vulnerable to man-in-the-middle attacks if not used with HTTPS.
โพ Passwords are sent in cleartext (even when encoded).
[3.] ๐๐๐๐ ๐๐๐ ๐๐จ๐ค๐๐ง๐ฌ (๐๐๐)
โพ Self-contained tokens that carry user information and claims in a JSON payload.
โพ Issued by an authentication server after successful login, then sent by the client in the Authorization header.
โพ Widely used for stateless authentication in microservices, single sign-on (SSO) and authorization.
โพ Stateless, secure, compact and can contain additional claims.
โพ Requires proper key management for signing and verification.
[4.] ๐๐๐ฎ๐ญ๐ก 2.0
โพ An authorization framework allowing third-party applications to obtain limited access to resources on behalf of the resource owner (user) without sharing credentials.
โพ Uses various grant types (authorization code, implicit, client credentials, etc.) to obtain access tokens and refresh tokens.
โพ Widely used for user authorization and delegated access to APIs.
โพ Provides a standardized way to secure access to resources without sharing credentials.
โพ Can be complex to implement and requires careful consideration of security vulnerabilities.
[5.] ๐๐ฉ๐๐ง๐๐ ๐๐จ๐ง๐ง๐๐๐ญ (๐๐๐๐)
โพ An identity layer on top of OAuth 2.0 that provides user authentication and profile information.
โพ Uses an ID token along with the access token to provide user identity information.
โพ Used for authentication in conjunction with OAuth 2.0 for authorization.
โพ Simplifies authentication by providing a standardized way to obtain user information.
โพ Requires integration with an OIDC provider (e.g., Google, Okta).
[6.] ๐๐ฎ๐ญ๐ฎ๐๐ฅ ๐๐๐ (๐ฆ๐๐๐)
โพ Both client and server authenticate each other using X.509 certificates.
โพ Requires a certificate authority (CA) to issue and manage certificates.
โพ Best suited for securing communication between internal services or highly sensitive APIs.
โพ Strong security due to mutual authentication and encryption.
โพ More complex to set up and manage compared to other mechanisms.
_____
Follow - @techNmak
![techNmak's tweet photo. [ Microservices - Authentication Mechanisms ] Give it a read ๐
Pro tip => These Authentication Mechanisms/Types are not limited just to microservices.
[1.] ๐๐๐ ๐๐๐ฒ๐ฌ
โพ Simple, unique identifiers assigned to each client or service.
โพ Sent as a header or query parameter with each request.
โพ Best suited for internal services, less sensitive APIs, or for granting access to specific features.
โพ Easy to implement and manage.
โพ Not as secure as token-based methods. Keys can be easily leaked or stolen.
[2.] ๐๐๐ฌ๐ข๐ ๐๐ฎ๐ญ๐ก๐๐ง๐ญ๐ข๐๐๐ญ๐ข๐จ๐ง
โพ Username and password are sent in the Authorization header as base64 encoded string.
โพ Simple to implement but requires HTTPS to be secure.
โพ Suitable for simple scenarios with low-security requirements.
โพ Widely supported and easy to understand.
โพ Vulnerable to man-in-the-middle attacks if not used with HTTPS.
โพ Passwords are sent in cleartext (even when encoded).
[3.] ๐๐๐๐ ๐๐๐ ๐๐จ๐ค๐๐ง๐ฌ (๐๐๐)
โพ Self-contained tokens that carry user information and claims in a JSON payload.
โพ Issued by an authentication server after successful login, then sent by the client in the Authorization header.
โพ Widely used for stateless authentication in microservices, single sign-on (SSO) and authorization.
โพ Stateless, secure, compact and can contain additional claims.
โพ Requires proper key management for signing and verification.
[4.] ๐๐๐ฎ๐ญ๐ก 2.0
โพ An authorization framework allowing third-party applications to obtain limited access to resources on behalf of the resource owner (user) without sharing credentials.
โพ Uses various grant types (authorization code, implicit, client credentials, etc.) to obtain access tokens and refresh tokens.
โพ Widely used for user authorization and delegated access to APIs.
โพ Provides a standardized way to secure access to resources without sharing credentials.
โพ Can be complex to implement and requires careful consideration of security vulnerabilities.
[5.] ๐๐ฉ๐๐ง๐๐ ๐๐จ๐ง๐ง๐๐๐ญ (๐๐๐๐)
โพ An identity layer on top of OAuth 2.0 that provides user authentication and profile information.
โพ Uses an ID token along with the access token to provide user identity information.
โพ Used for authentication in conjunction with OAuth 2.0 for authorization.
โพ Simplifies authentication by providing a standardized way to obtain user information.
โพ Requires integration with an OIDC provider (e.g., Google, Okta).
[6.] ๐๐ฎ๐ญ๐ฎ๐๐ฅ ๐๐๐ (๐ฆ๐๐๐)
โพ Both client and server authenticate each other using X.509 certificates.
โพ Requires a certificate authority (CA) to issue and manage certificates.
โพ Best suited for securing communication between internal services or highly sensitive APIs.
โพ Strong security due to mutual authentication and encryption.
โพ More complex to set up and manage compared to other mechanisms.
_____
Follow - @techNmak](https://pbs.twimg.com/media/G4DglV6WQAAhzTB.jpg)
Jaw correction surgery
I have 18!!! Hours of free bug bounty content out dude
https://t.co/8ES0KyhsQr
What are you waiting for? Get them crits!
@cyber_razz What is a ping?
Todays Assigned Reading:
File Drop: The FMDA DD17.2 3D Printable Pistol Frame
Learn a skill.
Make a thing.
https://t.co/BrHkEkOmL7
Last Seen Users on Sotwe
ts vica loverโค๐๐๐
Seen from Germany
Hamza Malik
Seen from Pakistan
mliwrrn 
Seen from Thailand
Gop Gap
Seen from Thailand
Javier Licea
Seen from Turkey
gila Gila
Seen from Germany
เธชเธฒเธงเนเธซเธเน เธชเธฒเธงเธญเธงเธเธญเนเธงเธเธเธฑเธเนเธเนเธเธฃเธฑเธ
Seen from Thailand
Bizdevariz Edirne
Seen from Turkey
OLGUN GEZGIN 50
Seen from Turkey
sikici kral 58
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers