Jeevan.eth

Hi guys👋🤗, This thread is for those who want to get into web3 Security, and the roadmap I followed to get into the same, - some basic topics to go thru : - Cryptography - Decentralization - BlockChain - what are Smart Contracts - Different ERC standards 🧵1/n

@h4x0r_dz might be a BIG file stored on the YT server reference: youtube.com/watch?v=_w6PCH…

This North Korean user uploaded a video that's over 1,000,000 hours @shinywr" target="_blank" rel="nofollow noopener">youtube.com/@shinywr

@Behi_Sec i dont understand who and why are these amateurs trying to fix authotization issues with client sided patxh wtf man

To my surprise, it worked! The devs thought that adding a new parameter (usrID) containing the user's email would tighten the authorization, but they did not check whether the docID belonged to that usrID, or whether the authenticated user matched the usrID in the request :)

I found an IDOR on a program. They paid me $5,000. Twice. Here is the story: 🧵

faced-off with the most heart shattering fact/truth today. 💔 but guess what the comeback will be smoother than ever before. ~ 11th December 2025.

🔍 Audit ACLs, not groups 🧹 Remove stale delegations 🚩 Flag weird write permissions 🔐 Protect service accounts Takeaway: If you don’t know all your admins… you don’t control your AD.

• Misconfigured delegation • Inherited ACL privileges • Old service accounts • “Temporary access” no one removed Why it’s scary: Attackers LOVE them. No alerts. No privilege escalation logs. Just silent domain takeover. Defend yourself:

The most dangerous AD admin? The one you don’t know exists. 👀 “Shadow Admins” = accounts not in any admin group… …but with hidden permissions that can take over your domain instantly. Most orgs never detect them. How they appear:

Takeaway: If you didn’t request it, don’t approve it. Ever.

Entire cloud accounts have been hijacked because someone approved one rogue request during a busy moment. No exploits. Just pressure. How to stay safe: ⚠️ Unexpected MFA prompt = attack attempt 🔢 Enable number matching or use FIDO keys 🙅‍♂️ Approve only the logins you start

Many people think MFA = safe. Not when “MFA fatigue” hits. 🔄 Attackers don’t need to hack your code — they just spam you with nonstop MFA prompts until you accidentally tap Approve. It’s psychological, not technical. Real impact:

This threat actor really just used FTK to dump the NTDS database and SYSTEM hive. #IncidentResponse #WindowsSecurity #CyberSecurity #DFIR #ThreatHunting #WindowsForensics #Ransomware #BlueTeam #Cloudflare credits of findings: mauricefielenbach

got rugged by a 12 year old then realised it doesn't matter because I'm just a chill guy

💀🔥 #Bitcoin

Just recently an article broke out about hacked Kia cars when one uses their license plate numbers. This is why the smart cars / automotive industry needs to boost its cybersecurity now more than ever😬 #EthicalHacking #TechSafety #SmartCars #IoTSecurity samcurry.net/hacking-kia

@gowtham_ponnana @session_app try using .org TLD :))

@session_app Indians using VPN to access p*rn sites☠️

@gowtham_ponnana should be just in your budget amazon.in/ASUS-Swift-Gam…

Guys, Suggest me one good monitor for my MacBook Pro. NOTE: Doesn't matter whether curved or not, but atleast 4K + >= 60hz Noting once again, I'm poor...

speaking from personal experience on what i observed most of the startup orgs (mostly those using cloud services) which are fairly running arent really following simple security protocols such as Access Keys Rotation(every 90 days atleast) 🤐 one of tech firm #informationsecurity

and now some endpoints of #Discord are out ❌💀

Yes, for those asking, #Telegram is down!

a really aspiring quote from a book i've been reading lately..👨🏻‍💻📚 "Security within our technologies is nothing until security is within our minds" Book: Inside the Security Mind- Making the tough decisions Author: Kevin Day #informationsecurity #CyberSecurity #ReadingHour

@BhalgamaVedant @gowtham_ponnana @nullshock1 @LexiLominite +99

@gowtham_ponnana @nullshock1 @LexiLominite @cyberzyro1 Miss those days when we used to grind for hours bro, truly miss that :-(

Glad that everything went well 😁 Excited about future 🙌🤞 Huge thanks for love and support 🫂 youtu.be/DT0thGOiW3Y