Karan Sharma

@HSC_Consult JWT

Which auth token is common in APIs? A) JWT B) ARP C) ICMP D) Cookie

@CyberRacheal @grok Tell me how I can check website I visited in incognito mode in my pc. Also suggest tools / commands.

Interviewer: You use private browsing mode on a public computer. Why can the next user still see your search history?🤔

@HSC_Consult She said sudo trust me... Now she has root access to my feelings.

Sudo sudo 🙃

I've been following you since I first saw you on @BeerBicepsGuy podcast. Since then, your posts, clarity of thought, and the way you simplify complex ideas have genuinely inspired me. This post is another example of that. It's rare to find people whose content not only informs but also changes how you think and act. Grateful for the lessons you share daily, and hopefully one day I'll get the opportunity to work and learn alongside you.

DON’T WATER THE PLANTS YOU DON’T WANT TO GROW: Simple line. Took me years to actually live it. Every time you replay an insult in your head, you’re watering it. Every time you revisit a regret on loop, you’re watering it. Every time you entertain a thought that makes you smaller, you’re watering it. And it grows. Slowly. Quietly. Until one day it’s the loudest thing in the room. Your mind is a garden. Finite space. Finite energy. Finite hours in a day. What you give attention to, grows. What you starve, dies. The anxious thought. The bitter memory. The comparison that eats you alive at 2am. Stop watering them. Not because they aren’t real. But because they don’t deserve your soil. Water what you want to see more of. Gratitude. Ambition. Clarity. Calm. You don’t get a bigger garden. You just get to choose what grows in it. 🙏🏻

Great explanation. What fascinated me when I first learned about SYN Floods was how such a small packet can force a server to commit resources. It's a perfect example of how attackers exploit protocol design rather than software vulnerabilities. Also, many beginners learn the TCP three-way handshake but don't realize that the "half-open connection" state itself can become the attack surface. The asymmetry aspect is what makes this attack so elegant and dangerous at the same time.

SYN Flood is one of the oldest denial-of-service attacks, and it is still effective today. Here's what happens under the hood... A TCP connection is established with a three-way handshake: the client sends a SYN, the server responds with a SYN-ACK, and the client completes it with an ACK. What's interesting is that during this process, the server allocates memory for each half-open connection in a backlog queue. In a SYN Flood, an attacker sends thousands of SYN packets but never completes the handshake. The server keeps waiting for ACKs that never arrive, and the backlog queue fills up. Once it is full, legitimate users can not connect anymore. Thus, a DoS attack. What makes this attack effective is the 'asymmetry' - the attacker sends tiny packets with minimal effort, but the server has to allocate resources for each one. A single low-powered machine can overwhelm a much more powerful server. Fun fact: SYN floods have taken down GitHub, Cloudflare, and several databases in the past. To defend against SYN flooding, we can: 1. Cap the number of SYN packets from a single IP 2. Drop packets from known malicious sources 3. Or, the most effective, use SYN Cookies With SYN cookies, the server does not store anything. Instead, it encodes all the necessary connection information (client IP, port, and a timestamp) into the initial sequence number of the SYN-ACK packet it sends back. This sequence number is cryptographically generated, so it cannot be forged. SYN cookies make the handshake effectively stateless on the server side until it's fully verified, so the server does not reserve any resources until it knows the client is real. By the way, most modern operating systems have SYN cookie support built in. On Linux, we can enable it with `net.ipv4.tcp_syncookies = 1`. If you are interested, the Wikipedia pages are pretty well written for understanding this, and as always, you can use your favorite LLM to dig deeper.

Cybersecurity Terms Starting with "B" Building your cybersecurity vocabulary, one letter at a time. How many of these cybersecurity terms do you know? Biometrics → Unique physical characteristics (fingerprint, face, iris, voice) used to verify a person's identity. Business Continuity → An organization's ability to continue critical operations during and after disruptions through proper planning and recovery strategies. Brute Force Attack → A trial-and-error method where attackers repeatedly guess passwords or encryption keys. Backup → A copy of important data used for recovery in case of accidental deletion, ransomware, or system failure. Botnet → A network of compromised devices controlled by an attacker to perform malicious activities. Browser Hijacking → Unauthorized modification of a browser's settings, homepage, or search engine. Small terms. Big concepts. Know any other cybersecurity terms that start with "B"? Drop them in the comments

@aryaniyaps Let's connect

105 followers and growing. I'm building this corner of the internet for people who *build* things — not just talk about building. If you're into AI agents, full-stack web dev, backend systems, startups, design, or just building cool stuff and are intellectually curious — let's connect. What I've built so far: → Postiz — self-hosted social scheduler that replaced 3 SaaS tools. Runs on sunlight. ₹0/month. → Hermes Agent — personal AI assistant handling infra, ops, backups, and cron jobs → Pi coding agent with adversarial review harness — Agent A writes, Agent B critiques, A fixes, B re-reviews → Homelab stack: Ubuntu 24.04 → Tailscale → Restic → Cloudflare R2 (daily encrypted backups, ₹0) Currently at YC Startup School. Based out of Founder Startup House, Bangalore. Looking for a cofounder. Building in public, questioning defaults, shipping things. Let's connect 🤝

Cybersecurity Terms Starting with "A" Building your cybersecurity vocabulary, one letter at a time. Asset → Anything valuable to an organization. Attack Vector → The path an attacker uses to gain unauthorized access. Authentication → Verifying who you are. Authorization → Determining what you're allowed to access. Availability → Ensuring authorized users can access data when needed. Assess (NIST RMF) → Evaluating whether security controls are implemented correctly. Authorize (NIST RMF) → Accepting accountability for security and privacy risks. Master the basics, and the advanced concepts become much easier. Know any other cybersecurity terms that start with "A"? Drop them below 👇

@cyber_rekk @grok explain how to create link like this and find location.

How hackers can get your exact location

@HSC_Consult ARP

Which protocol is responsible for mapping IP addresses to MAC addresses? A) DNS B) ARP C) DHCP D) ICMP

@drishtiispeaks Did you saw my message?

This is why I show up, even on the days I don't feel like it. I don't always know who's reading or whether any of it is landing. But then messages like these remind me somewhere, something I thought, created, & published at the right time made a difference in someone's life.

one of the quotes i find most inspiring on a hard day: "Whatever your hand finds to do, do it with all your might, for in the realm of the dead, where you are going, there is neither working nor planning nor knowledge nor wisdom" Ecclesiastes 9:10

@cyber_rekk @grok create a plan and find resource to do this!

DONT BE AVERAGE • Pentest 20 separate enterprise networks a day • Analyze 5,000 gigabytes of PCAP files by noon • Carry your mainframe to the data center, don’t use cloud hosting • Stare at the terminal without blinking for 2 hours straight • Never patch your own vulnerabilities, you’re wasting time • Don’t use Wi-Fi, it has no wires to protect • Decode raw hex strings while maintaining a wall sit

"The heaviest penalty for declining to rule is to be ruled by someone inferior" - PLATO

@kaisiyejindagi How many rounds of interview?

I M HIRING!!!!!!! yes ! Open role: Boyfriend No of position: Only one Location: In my heart CTC: My unconditional chaos + love

@JustJerry121 @X Let's connect. Always interested in learning from people building cool things in this space. 🤝

@karansharmma @X Ethical breaking + AI automation is a lane I like reading about. Let's connect - I'm usually around devtools and coding-agent threads.

Hey @X Algorithm 👋 I'm Karan. Looking to connect with people interested in: 🔐 Cybersecurity ☁️ Cloud Computing 🤖 AI & Automation 📱 Tech & Gadgets 🚀 Startups & SaaS 📈 Marketing & Growth 🧠 Psychology & Human Behavior 💻 Freelancing & Remote Work Always curious to learn, build, and exchange ideas. What are you currently working on? 👇

Networking Quiz A user reports slow network performance. You want to analyze packet-level data to identify delays and retransmissions. Which tool would you use? A) ping B) Wireshark C) nslookup D) arp Drop your answer and reasoning below.

Jahaan matter bade hote hain, wahaan King khade hote hain 👑

King Kohli does it again. 👑🏏 Congratulations @RCBTweets on becoming IPL Champions! 🏆❤️🥳