Ha_Ha_Sher

Here are 17 platforms where you can begin learning cybersecurity: 1. HackXpert - Free labs and training. 2. TryHackMe -Hands-on exercises and labs. 3. CyberSecLabs - High quality training labs. 4. Cybrary - Videos, labs, and practice exams. 5. LetsDefend - Blue team training platform. 6. Root Me - Over 400 cybersecurity challenges. 7. RangeForce - Interactive and hands-on platform. 8. Certified Secure - Loads of different challenges. 9. Vuln Machines - Real world scenarios to practice. 10. Try2Hack - Play a game based on the real attacks. 11. TCM Security Entry level courses for cybersecurity. 12. EchoCTF - Train your offensive and defensive skills. 13. Hack The Box - Online cybersecurity training platform. 14. Vuln Hub - Material for practical hands-on experience. 15. OverTheWire -Learn security concepts through challenges. 16. PentesterL.ab - Learn web-application penetration testing. 17. PortSwigger Web Security Academy - Extensive learning material. #Infosec #Learning #Hacking #CyberSecurity

@IndiaPostOffice Sir, I am also attaching a screenshot of status as of 2 July 2023 11:53PM screenshot for reference.

@IndiaPostOffice Referring trailing tweet, issue not resolved and niether received consignment, Please look into matter

@IndiaPostOffice Dear sir, I had post EN932073352IN but it's status showing that consignment not found, I am attaching screenshots also, please look into matter.

I found a really interesting rXSS on a @SynackRedTeam target last night. The injection point was like this: <button onclick="document.location='$USER_INPUTsomeother_randomtext'"> More details in thread 👇 #infosec #hacking #hunting #XSS

we are having our aktu b.tech. Exams in this extreme hot weather we are not getting electricity for study, we are getting electricity one or two hour which gets interrupted every half hour please look at the matter. Add- Bhauti Pratapur @DMKanpurDehat @UPPCLLKO

@IndiaPostOffice Is it mandatory @IndiaPostOffice that I will have to visit the Post Office to collect my Post or Courier. I received the courier yesterday when I visited the Post Office. he had neither informed me on phone call or by other means and saying that we don't have people to deliver

@Ha_Ha_Sher Your tweet has been forwarded to the concerned office. We will revert to you shortly.

Here's a useful recon one-liner using 2 of my tools! 🤘 Enumerate subdomains with haktrails 👉 github.com/hakluke/haktra… ⭐️ Convert to absolute URLs with httpx 👉 github.com/projectdiscove… ⭐️ Discovery URL endpoints with hakrawler 👉 github.com/hakluke/hakraw… ⭐️ #hackingtips

Bug Bounty Hint Bypassing Cloudfront XSS WAF 1) alert = window["al"+"ert"] 2) bypass () with `` 3) replace space with / 4) encode symbols: 🔹< = %3c 🔹> = %3e 🔹" = %22 🔹[ = %5b 🔹] = %5d 🔹` = %60 Not Encoded Payload: <svg/onload=window["al"+"ert"]`1337`> Cheers

How to use Amass to find ASNs and CIDRs and then enumerate subdomains with them! 🔍 🧨 Find ASN and CIDRs: amass intel -org "<target>" 💥 Enumerate subdomains: amass enum -d <target> -active -cidr <cidr-block> -asn <asn> Try this to find more subdomains! 🔥 #hacking

How we, @vidocsecurity, bypass 401 and 403 - practical tips for fellow #bugbounty hunters <thread>

This is one of the easiest RCEs I've ever found in my BB, lets hope this isn't a duplicate. Found an endpoint with `something.php?run=`, execute the encoded `%26echo%20`id`%24()%5C%20 ` in HTTP request, surprised to see when server returned ID. #BugBounty #RCE

Want to start bug bounties but don't know where to begin? 🕵️‍♀️💻 You're in luck! I get asked this question daily So, I've put together a small list of resources to help you get started on your bug bounty adventure. 💥 A #bugbountytips thread 🧵 1/10

@krishnsec 10000

Thank you everyone for following ❤️ I have 10k friends now , Will send 10 gifts🎁to first 10 randomly generated numbers just comment a number out of 1-10,000 👇 and 11th gift to last follower #Giveway

Some recent lessons learned: If something is suspicious but SQLMap “thinks” it might/might not be vulnerable, manually confirm/deny before leaving. Payload example: ' AND extractvalue(rand(),concat(0x3a,(SELECT user()))) # #bugbountytips #BugBounty

Here's a list of bug bounty tools that @GodfatherOrwa uses and shared in @NahamSec 's live stream. 🧵👇 #bugbounty #bugbountytips

ChatGPT Plus is much more powerful than ChatGPT. But it costs $20/month and its knowledge ends in 2021. Here is a FREE alternative with no limitations (and internet access):

Bypass WAF / Restrictions with REcollapse - This tool assists in blackbox regex fuzzing to bypass validations and discover normalizations in web apps. - Repo: github.com/0xacb/recollap… - Creator: @0xacb (Also thanks to @Hacker0x01) - - #infosec #cybersecurity #CTF #bugbountytips

100 tools every self respecting web app hacker should know Burp Suite OWASP ZAP Metasploit Framework sqlmap Nmap Dirbuster WPScan Arachni BeEF Hydra XSSer Sqlninja Cain and Abel Netcat THC Hydra Nikto Skipfish Vega sqlsus John the Ripper THC-SSL-DOS Sublist3r Wfuzz Shodan Fiddler sqlmapgui Wapiti Yersinia Tamper Data WebScarab Paros SQL Inject Me Acunetix Nessus Grendel-Scan Ratproxy IronWASP Websecurify Zed Attack Proxy Zenmap NoSQLMap ODAT X-Forwarded-For Spoofer WebSlayer w3af Maltego WPScan Desktop WP-Scan Vulnerability Database BruteForcer JoomScan Joomfish Scanner WP Security Audit Log JoomlaScan CMSmap Vega Vulnerability Scanner Skipfish Web Application Security Scanner Grabber DAVScan bbqsql Scrawlr Cewl Wapiti Web Application Vulnerability Scanner XssPy RIPS Zenmap WPScan Arachni OWASP ZAP Sqlmap Nessus Kali Linux Acunetix Web Vulnerability Scanner Nmap Vega Metasploit Framework Hydra Burp Suite Nikto Zed Attack Proxy Grendel-Scan Skipfish Arachni Wfuzz Dirbuster Sqlninja NoSQLMap OWASP Mantra WP-Scanner XSSer Metagoofil Brutus RainbowCrack THC-Hydra Medusa THC-SSL-DOS OpenVAS WP-Scan Vulnerability Database WPScan Desktop LFI Suite XssPy

@IRCTCofficial @RailMadad I have booked in train 18190 and train will Perumbur station at 07:58 Pm but still chart is not prepared, Kindly do needful as soon as possible