Sabitlenmiş Tweet
Few days ago I promised to drop a roadmap for beginners in ethical hacking so they don’t get confused and carried about by shinny object syndrome.
Tap in 👇
cybergeneration.tech/becoming-a-mas…
English
Winston Ighodaro
5.1K posts
Winston Ighodaro
@Officialwhyte22
Ethical Hacker, Forensic Investigator, Malware Engineer. Security+, Network+, Pentest+, and CNVP. Founder of @hack_ademy
I am Root Katılım Haziran 2022
204 Takip Edilen27.5K Takipçiler
Introduce un número de tarjeta de 16 dígitos y el formulario indica inmediatamente "Número de tarjeta no válido".
Existen miles de millones de números posibles.
¿Cómo es posible que se chequee sea tan rápido?
Español
That “Invalid card number” check is not guessing billions of possibilities.
It is validation.
Every 16-digit card number follows a strict mathematical structure. The system is not testing random combinations, it is verifying whether your input fits a known pattern. The first few digits identify the card issuer (Visa, Mastercard, etc.), and the last digit is not random at all, it is calculated using something called the Luhn algorithm.
The Luhn algorithm is a checksum formula. It takes the digits you entered, runs a quick calculation, and determines if the number is even mathematically possible to be a real card. If it fails that test, it gets rejected instantly without ever contacting a bank.
That is why the response feels instant.
Because the validation is happening locally in your browser, not on a remote server. There is no need to check “billions of combinations” because the system is not searching, it is verifying structure in real time.
This is also why you can type a fake number and still pass the first check. If the number follows the correct format and passes the checksum, it may look valid to the form. The real verification only happens later when the payment processor checks if the card actually exists and has funds.
So what looks like speed is actually efficiency.
It is not about checking every possibility, it is about rejecting impossibilities instantly.
Don Quijote de la IA@IA_Quijote
Introduce un número de tarjeta de 16 dígitos y el formulario indica inmediatamente "Número de tarjeta no válido". Existen miles de millones de números posibles. ¿Cómo es posible que se chequee sea tan rápido?
English
Alot Happened yesterday.
A friends Instagram account got hacked and I helped her recover it with the help of my community.
Hackademy to the world.
You know I don't just say stuff; I show workings.
Review my workings below
I remain root.
x.com/Officialwhyte2…
Winston Ighodaro@Officialwhyte22
English
Good job
Keep learning from Hackademy
Olaaminu@amintemi69
Encryption protects the data. Not the system. If they steal your password (or MFA token), encryption folds like paper. They log in as you. Everything decrypted on the spot. Strongest AES-256 means nothing against credential theft. This is one of the most overlooked truths in cybersecurity. Encryption (whether at rest, in transit, or end-to-end) is incredibly powerful against passive eavesdroppers, stolen drives, or intercepted network traffic but it becomes irrelevant the moment an attacker authenticates as a legitimate user. Why This Happens Encryption secures the data itself, not the access path or the authenticated session. When you're logged in, your system/device/application decrypts the data automatically for use (that's the whole point of usability). An attacker with your credentials (password, compromised MFA, stolen session cookie, etc.) inherits that same decryption privilege. Result: They see plaintext data just like you do. No brute-forcing AES-256 required. Real-world examples from recent incidents and expert consensus: Credential theft bypasses encryption entirely because attackers impersonate authorized users (no need to break crypto). Even phishing-resistant MFA (like passkeys/FIDO2) is the recommended defense, as traditional MFA can still fall to real-time fatigue attacks or session hijacking. Ransomware groups often exfiltrate data before encryption starts; credential compromise gives them the keys to the kingdom without touching the crypto layer. Bottom Line Layer your defenses: Prioritize phishing-resistant authentication (passkeys, hardware keys) over legacy MFA. Use identity threat detection (ITDR) to spot anomalous logins. Apply zero trust / least privilege so even valid credentials have limited blast radius. Monitor for credential exposure (dark web scans, etc.). Encryption is essential but it's not a silver bullet. Credential security is often the real perimeter. What do you think is the most effective way to fight credential theft today? Passkeys? Hardware tokens? Something else? Drop your take below. 👇 @Officialwhyte22 @hack_ademy
English
@Officialwhyte22 Okay, but who's the idiot who uses a 4-letter password for root? :)
English
(Tilt your phone to see better)
If you have watched
MR robot you'll remember there was a part where the company Elliot was pentesing for was under attack and the attackers planted a back door in the
system and told him not to delete it. Well in this video I'm showing you how they did it. They got in through the ssh port.
So in the video I'm just scanning with nmap and brute forcing with a python script, then after the successful brute force attack I log in and plant the back door which is a bash script, then I open another terminal to start a listener so we can catch the connection from the victim machine and even when I restarted the listener we still caught the connection.
This is how fsociety did it.
I remain root
English
After access, attackers usually start with the files that explain the environment fastest. Home directories, shell history, SSH metadata, application folders, and environment files can reveal far more than a scan ever would. They show where the user has been, which internal systems they trust, what applications are installed, and whether credentials are already exposed in plain text. This is why the earliest file access on a compromised Linux server matters so much during investigations.
In the terminal below , the attacker begins by listing the contents of the user’s home directory and immediately spots high-value locations: .bash_history, .ssh, and an app folder. The shell history reveals recent commands that point directly to sensitive areas, including an .env file, internal SSH activity, and a privilege check using sudo -l. That already tells the attacker which files were important to the legitimate user and which systems may be reachable next. Instead of guessing, they follow the user’s own trail.
The next steps confirm why this works. Inspecting the application directory reveals a .env file and a configuration file, both of which commonly store secrets. Grepping the .env file exposes database credentials and an API token, while /etc/hosts maps internal names to real IPs. Finally, sudo -l shows that the user may have administrative privileges, turning a simple file review into a complete privilege and lateral movement roadmap. This is why the first files attackers check are so important: they often contain the whole attack plan already written out for them.
Security Trybe@SecurityTrybe
After gaining access to a Linux server, attackers usually do not begin by running loud scans or dropping tools everywhere. The first move is often much smaller and much more useful: they check the files that explain how the system works. Configuration files, shell histories, SSH trust files, web app settings, and environment files can reveal passwords, internal hosts, database connections, and privilege paths without making noise. This is why the earliest stage of a compromise often looks boring. A careful attacker is not trying to impress anyone. They are trying to learn which file gives the fastest path to more access. One exposed .env file or one weak SSH configuration is often worth more than a dozen exploits. That is also why good investigations focus on file access patterns. The first valuable clue is often not “what malware ran,” but “what file was opened first.” Attackers reveal intent by what they read before they reveal capability by what they execute.
English
Keeping Commands Running After You Leave (nohup)
One thing that frustrates people on Linux is starting a command, closing the terminal, and then finding out the command stopped with it. That is normal behaviour because many commands stay attached to your session unless you deliberately separate them. Once you understand that, you stop treating the terminal like a fragile window and start using it properly.
In the terminal below, I am starting a command with nohup so it can keep running even after the session ends. I send the process to the background, confirm that it started, and then check the output file Linux creates for it. This is the normal way to keep simple jobs alive without sitting there watching the screen.
This is one of those small Linux habits that makes you look far more comfortable on the system. You stop babysitting commands and start thinking in a calmer, cleaner way. When this clicks, long-running tasks stop feeling stressful because you know how to launch them and come back late
English
Winston Ighodaro retweetledi
MAC ADDRESS SPOOFING ON WINDOWS
HOW TO CARRY IT OUT ON YPUR COMMAND LINE
English
@segoslavia Just push without checking and then turn your phone off throughout tomorrow 😂
English
@Officialwhyte22 Definitely pushing it today! Tomorrow is public holiday 😂😂😂
English
I want to wait till Thursday evening… as Friday and Monday na public holiday 😂😂
Olúmáyòwá.dev@akintunero
That project you’re hoarding in your localhost, push it to PROD today 😌
English
I’ve gotten a lot of dm about my articles and some have mentioned that it’s beginner friendly and easy to understand. I’ll continue dropping more.
I remain root!!
English
Bro That’s literally just a replacement cover. All it has at the back of it is adhesive. It’s not stealing or sniffing any information. Who traumatized unc???
English
A lot of malware investigations begin with something extremely simple: process inspection. When malicious software runs on a Windows system, it has to execute as a process somewhere. Even if the malware hides its activity, it still leaves small clues behind.
In the terminal below I demonstrate a quick triage technique I use during malware analysis. The goal is to identify processes consuming resources and then inspect where they are actually running from.
You will notice that one process appears legitimate at first glance, but the moment we inspect its file path and signature, it becomes clear something is wrong.
In the image below I start the investigation using the PowerShell command Get-Process. When malware executes on a system it must run as a process, so reviewing active processes is one of the fastest ways to begin triage. By sorting the processes based on CPU usage, I can quickly see which programs are consuming the most system resources. Most of the entries look normal, but one process called winupdate immediately stands out.
Next I inspect the process directly using Get-Process winupdate. This command reveals important details about the process including its process ID and the executable path. The key red flag here is the file location. The executable is running from C:\Users\Public, which is not where legitimate Windows update components operate. System update services normally run from the System32 directory under trusted Microsoft binaries.
Finally I examine the file itself. Using Get-AuthenticodeSignature, I check whether the executable is digitally signed. Legitimate Windows system binaries are almost always signed by Microsoft, but this file is not signed at all. After confirming this, I generate a SHA256 hash using Get-FileHash. This hash can then be searched in malware intelligence platforms to determine whether the file has been previously identified as malicious. At this stage the evidence strongly suggests the process is malware masquerading as a system update.
Security Trybe@SecurityTrybe
Most malware is not discovered because antivirus is smart. It is discovered because analysts know how malware behaves inside a system. Attackers rarely drop obvious files anymore. Instead they hide persistence in scheduled tasks, registry keys, or strange processes that quietly run in the background. If you want to understand malware, stop looking for viruses and start looking for behavior.
English
@favour78043 @sudosheggs @_ytee001 @hack_ademy @ireteeh @TemitopeSobulo @h4ruk7 @segoslavia Link in bio chief
Nederlands
@sudosheggs @_ytee001 @hack_ademy @Officialwhyte22 @ireteeh @TemitopeSobulo @h4ruk7 @segoslavia Pls can you share the link
English
Today I started learning at @hack_ademy
-Finished learning the basics
-Exploiting IDOR Vulnerabilities
-Completed the Lab
-Got a cert 🎉
@Officialwhyte22 @ireteeh @TemitopeSobulo @h4ruk7 @segoslavia
English
It’s with great joy that I’ve come to celebrate 309 students in Hackademy. I launched my academy less than a month ago, and we already have 309 students. That’s 309 people who decided to take my courses and learn from me. God bless you all for believing in me. 🎉🎉🎉
Lastly I want to say a big thank you to all my mentees and assistants for their support.
English