Priyanshu🦈

I've made several videos on Autopsy last few months. Anyone who is total beginner at it could learn from these easily. youtube.com/playlist?list=…

@intigriti That wasnt difficult at all

OSINT Quiz! Where am I? 👀 Challenge difficulty: Hard 🔥

Pentesters must rebrand themselves as Vibe Checkers.

@wearyandroid Sad to hear that. Something similar to my situation. I got off from learning, and again leaning back to it. Keep grinding, you'll find it.

@_KumarPriyanshu I already had a good job, infosec doesn't pay the bills ☹️ Took a few years off from learning and decided to get back into it recently.

I completed the Basic Static Analysis #tryhackme Room Learn basic malware analysis techniques without running the malware. ✅Lab setup for malware analysis ✅Searching for strings and obfuscated strings ✅Fingerprinting malware using hashes and identifying similar samples using imphash and ssdeep ✅Using signature-based detection like Yara and Capa ✅Identifying artifacts from the PE header #malware #blueteam @tryhackme tryhackme.com/r/room/statica…

Infosec ppl

Sun:Moon North:South Vibe coders : ????

@GrahamHelton3 The faster it got high...the faster it got crashed😁

VIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBE CODINGVIBEEEEEEEEEEEEE

@GrahamHelton3 Live Pentests and report writing. I loved your Practical Phishing assessments , few years back. And, sure will be waiting to get some more practical experiences from you.

Would love feedback on this. I've been considering streaming a few hours a week doing security research, deep dives, tool writing, etc. Would this be interesting to watch? What would you like to see if so?

@CristiVlad25 @tryhackme I guess it always(last 3-4 years) was, it always will(probably)!

if you're just starting out in cybersecurity, I guess @tryhackme is all you need.

@IceSolst This is exactly the insightful tweet, for which I follow experts like you on X.

Is red team harder than blue team? Target’s 2013 breach is my fav example of resource mismanagement, alert fatigue, and the complexity of large environments. Actor activity was flagged, but ignored. Having been on both sides, both can be hard, both have heavy resourcing constraints, but blue teams have the unique challenge of cat herding at large scale. A common misconception for newer blue team leaders is ”just buy the tool”, “just use edr” etc. Procuring a shiny new tool is the easiest part. What do you do with the findings? How does it scale? When you do get many alerts with bad signal:noise ratio, now what? I think of Sartre’s quote “Hell is other people” and in blue team you have to deal with more people. Anyway you’re probably going to get phished more than anything else.

@CheddarB0b42 Yes! I guess it brings out the real-time SOC work. Been doing static analysis with autopsy, wireshark,splunk,etc. and I love doing so. I think I'm gonna try this, but its for enterprises and not for individuals, right?

@payloadartist @navifinance Few months back the ministry of art& culture website was taken control of. No one's concerned of data anyway. whether its pvt or pub. Just a few lakhs of VDP, and all this loss of crores could be avoided.

Bruh, one of the biggest Indian fintech startup @navifinance getting pwned by 2000s era script kiddie tier input tampering attack. This was in 2024. Can't make this shit up 🧵 #infosec #cybersecurity #bugbounty #startupindia

@soychotic By no means, I've experienced proton as honeypot. Almost no spams till now for 5yrs. Hosting own email server, atleast requires money and some technical knowledge and, still gets into the hands of spammers.

📢 PROTONMAIL IS A HONEYPOT 📢 Host your own email server or perish

@GrahamHelton3 Almost no security addition, as if one possesses a password, he will have it for a long term and not just for some seconds for 1st input. So, its just creates the friction for users.

Fun scenario: A bank requires MFA (shocking, I know). The auth flow looks like this: - Username/password -> submit - MFA token & Password -> submit - Logged in The question: Does providing the password again along with the MFA token provide any extra security?

The best way to learn hacking is to be a thirteen year old with an underdeveloped moral compass, no notion of consequences, and a mind-numbing education system to fuel your existential boredom.

So, This 2025 will be actually cool. I'll reboot my IT security learnings since I left it for 2 yrs or so. Focusing on essential skills first and then on bug bounty. If available, I'll freelance in pentesting when I'm capable of doing so.

@ThuleanFuturist Storing it locally.

Obsidian users, do you store your vaults locally or in a cloud storage environment?

Every single hardened #bugbounty program. #bugbountytips #infosec

The man who broke mountains for love ♥️

@jakecreps I have done this for some of my reports. All of them got rejected. Probably for being "out-of-scope", even though it could actually affect the organisation.

I just submitted my first #BugBounty report using only #OSINT. I’m not sure it counts but I found an app running on a subdomain in scope that was actively being exploited by a stored XSS that resulted in a defacing with extremely graphic content. Let’s see what happens.