USMAN BALOGUN

Day 9 — 14Day Cybersecurity Challenge Today I learned about basic backdoor concepts and connection handling using Metasploit, and I conducted a real-life test on my personal Windows lab systems (Windows 10 & Windows 11). This wasn’t just theory. I was able to successfully gain access to my own Windows machines using a basic backdoor payload in a fully authorized environment, which helped me understand how real world compromises happen and how they should be prevented. What I learned: • How basic backdoors work and how they establish connections • How listeners handle incoming sessions • How access is gained when endpoint protections are weak or misconfigured • Why endpoint security, AV/EDR, and system hardening are critical Tools used: • Metasploit Framework • Msfvenom • Windows 10 & Windows 11 (personal systems only) Real world takeaway: There are many types of backdoors, but understanding even a basic one makes it clear how attackers gain access in real environments and more importantly, how defenders can detect, block, and respond to them. This hands-on test reinforced the importance of: • Endpoint monitoring • Application control • Least privilege • Proper security configurations All testing was done on systems I own and have explicit permission to test. This learning is focused on defensive security through real understanding, not misuse. Day 9 complete ✅ Learning by doing. Defending by understanding. 🚀 @thatboringbro @adeolatemi_ @Ifepresh001 @AyomideAdams13 @Short_Whiteside @RedHunterFavour #7DayCyberChallenge #CyberSecurity #Infosec #BlueTeam #Metasploit #EthicalHacking #LearningInPublic

@stackqadri_ Elonmusk boys

Cybersecurity specialists gathering. 😂

@Saanvi_dhillon Rebase

I'm a vibe coder, scare me with one word.👀

@Saanvi_dhillon Vulnerability

One week ago today, the @cowrywise Ambassadors at @mivauniversity had their first Physical Hangout. It was an honour to be able to drag each of them who attended because these Cool Kids don’t like touching grass 😂😂😂. Anyways, here’s a brief backstory that led up to this

@Brattyenori13 Only in Nigeria people dey use phone do ranking system 😂

I’m not happy with Ronaldo,why is a billionaire using iPhone 12 Pro Max?? Is he not as rich as we thought??

I did a full recon + vulnerability assessment on a live web application as part of learning ethical hacking. No exploiting, no unauthorized access just passive recon and scanning tools. @h4ruk7 @thatboringbro @zoecyber001 Here's everything I found, every tool I used, and what it all means. 👇 2/ Step 1: Subdomain Enumeration First thing I did was brute-force subdomains using Nmap's dns-brute script. Found: www, api, mail, webmail, ftp, cpanel, whm The API subdomain resolved to a live production server. That became my main target. Tool: Nmap (dns-brute) 3/ Step 2: Full Port Scan Ran a full -p- scan with service and version detection. Open ports: → 22 — SSH (OpenSSH 9.6p1) → 80/443 — nginx (Laravel app) → 3306 — MySQL 8.0.32 👀 → 5000 — Apache / phpMyAdmin 👀 → 6379 — Redis 8.2.0 💀 → 8004, 8005, 8006 — Laravel/Swoole instances → 8080 — Dozzle Docker log viewer → 9000, 9009 — Swagger API docs Tool: Nmap -sV -sC -A -p- 4/ Step 3: Web Server Scanning Scanned both port 5000 and 443 with Nikto. Found: → /composer.json, /composer.lock, /package.json all publicly readable → /vendor/composer/installed.json exposed → Cookies missing Secure and HttpOnly flags → DEBUG HTTP verb enabled → Missing headers: CSP, HSTS, Permissions-Policy, Referrer-Policy, X-Content-Type-Options Tool: Nikto 5/ Step 4: CVE Scanning with Nuclei Nuclei matched the Redis version (8.2.0) against its template database. CVEs found: → CVE-2025-46817 🔴 CRITICAL → CVE-2025-49844 🔴 CRITICAL → CVE-2025-46819 🟠 HIGH → CVE-2025-46818 🟠 HIGH It also tested default credentials and got in with: blank password, "admin", "password", "root", "iamadmin" Zero effort to access. Tool: Nuclei 🚨 6/ CRITICAL FINDING #1 Unauthenticated Redis (Port 6379) Redis was publicly accessible with NO authentication whatsoever. I listed the keyspace 762+ live cache keys containing: → Customer profile records → Financial transaction history → KYC / identity verification results → Monnify direct debit mandate data → Live API session tokens → Business verification data → SMS message records No data was read or extracted. Listing keys alone confirms the full exposure. Fix: bind to 127.0.0.1, set requirepass, block port 6379 at the firewall. 🚨 7/ CRITICAL FINDING #2 phpMyAdmin Publicly Exposed (Port 5000) A full database admin panel open to the internet. No IP restriction. No 2FA. No rate limiting. AND MySQL itself (port 3306) was also publicly exposed. That is TWO separate direct attack paths into a live production database holding real customer financial data. Fix: IP whitelist phpMyAdmin, put it behind a VPN, bind MySQL to localhost. 🚨 8/ CRITICAL FINDING #3 Unauthenticated Docker Log Viewer (Port 8080) Dozzle was running with authProvider set to none. The real-time Docker log viewer was fully open to the internet. From the logs I could see: → Live production app logs → SMS API responses with real phone numbers → User IDs tied to financial transactions → Internal service responses and job events No credentials needed. Logs were streaming live. Fix: enable Dozzle auth or block port 8080 from external access immediately. 9/ HIGH FINDINGS #4 Swagger API docs exposed on ports 9000 & 9009. Every endpoint, parameter and response format enumerated publicly. Makes attacking the API layer trivial. #5 Laravel/Swoole instances on 8004–8006 leak internal Docker network IPs (172.18.x.x) in response headers. Full container topology exposed. #6 A second domain I scanned was fully behind Cloudflare. No open services, no direct server access. Cloudflare was doing exactly what it should. Tool: Gobuster 10/ Full Tools Used → Nmap port scan, service detection, subdomain brute-force → Nikto web server misconfiguration scanning → Nuclei CVE template matching and automated vuln detection → Gobuster directory and endpoint brute-forcing → Redis-cli keyspace enumeration (keys listed only, zero data read) Total findings: 🔴 4 Critical 🟠 4 High 🟡 4+ Medium / Info All findings reported responsibly. No data was accessed, extracted or modified. 11/ 5 lessons from this: Use Cloudflare or a CDN it hides your real server and kills most recon Never bind Redis or MySQL to 0.0.0.0 in production. Ever. Admin panels (phpMyAdmin, Dozzle) should NEVER face the public internet Blank or default passwords on Redis is a P0 misconfiguration it's your front door left wide open Leaving composer.json, package.json and vendor files in your webroot tells attackers exactly what CVEs to target If you're running a startup on a VPS, scan yourself. You might not like what you find. Questions? Drop them below 👇 #CyberSecurity #BugBounty #Infosec #100DaysOfHacking #LearnInPublic #EthicalHacking

I had the opportunity to work on a live server for security testing. Here's everything I learned tools, methodology, and findings. Thread 👇 1/ RECON FIRST Before touching anything, I started with passive recon: • crt .sh for subdomain enumeration via SSL cert transparency • dig for DNS records (MX, TXT, SPF) • SPF records can leak real server IPs even when Cloudflare is protecting the domain 2/ TOOLS I USED • Nmap port scanning, OS detection, service versions • ffuf directory and API endpoint fuzzing • Gobuster directory brute forcing • Nuclei automated CVE and misconfiguration scanning • curl manual header and response inspection 3/ CLOUDFLARE BYPASS Cloudflare hides your real IP but several methods can reveal it: • SPF records often contain the real hosting IP • Subdomains not proxied through Cloudflare resolve directly • MX records may point to the origin server • Historical DNS records via SecurityTrails 4/ PORT SCANNING Nmap revealed what was actually running on the server: • Open ports with service versions • OS fingerprinting • Default script results (http-title, ssl-cert, ssh-hostkey) Always scan the REAL IP not the Cloudflare IP you'll only see CF's edge otherwise 5/ WEB APP RECON ffuf with an API wordlist found endpoints returning 405 meaning they EXIST but reject GET requests. That's still valuable info. Nuclei with 2900+ templates ran in 2 minutes and checked for CVEs, misconfigs, and exposed files 6/ WHAT I FOUND • Real server IP leaked via SPF record • Swagger UI publicly accessible full API surface exposed • Internal Docker network IPs leaking in HTTP response headers • Open CORS (access-control-allow-origin: *) on API endpoints • Database and admin tools exposed on non-standard ports 7/ KEY LESSONS ✅ Cloudflare protects port 80/443 but not every port ✅ SPF records are often overlooked and leak real IPs ✅ Swagger/docs should never be publicly accessible in production ✅ Docker binds to 0.0.0.0 by default firewall your ports ✅ Always scan your real IP, not just your domain 8/ TOOLS TO LEARN → nmap (port scanning) → ffuf (fuzzing) → nuclei (vulnerability scanning) → subfinder + httpx (subdomain recon) → testssl .sh (TLS audit) → trivy (Docker image scanning) All free. All on Kali Linux. #CyberSecurity #EthicalHacking #Infosec #PenTesting #KaliLinux #LearningInPublic

The wait is now over!! 🔥 First episode is out on Spotify!!🎙️ Many cybersecurity enthusiasts don’t understand the reality in the filed, this episode begins the journey to a shift in paradigm of what cybersecurity actually means in the corporate world. open.spotify.com/episode/5ESKov…

@rathor7_ I can insert sim card in my laptop

why do laptops have a hotspot feature when we can't even insert SIM card. Are they stupid?

@paula_nays81702 @CheifSarkeey Same here

@CheifSarkeey 😂😂

BOOOOOOOOOM🔥🔥

New update soon

@smsgang_ We move

Just hit our first 100 users on SMSgang 🚀 Real people. Real usage. Real momentum. We’re building: • WhatsApp notifications (OTP, alerts, updates) • Virtual numbers • Dev-friendly APIs This is just the start. smsgang.org

SMSGang: SMS Verification Social Media Growth — All in One Platform producthunt.com/products/smsga… @smsgang_

@IkejaElectric Omo oru yii poooo

Power Update🙏.

Transport wahala too much for this country. People wake 4am. Still late. Still stressed. Still overpay. So we said enough. NaijaTrip is building a smarter way to move.

@Deradacreator1 Make i no talk sha

Everyman's dream 😋

@abhitwt Gaming laptop joor

pick one for rest of ur life

How Laravel developers are using AI.

Keyloggers are old but they’re still actively used. And assuming they’re outdated malware is a dangerous mistake. I know this because I built a keylogger myself for research not to attack, but to understand how endpoint compromise really works. Keyloggers don’t need to break encryption. They don’t need to bypass servers. They collect data before protection even applies. Once malware runs on your laptop, it can quietly capture: 1.Keystrokes (passwords, messages, OTPs) 2. Clipboard data (API keys, secrets) 3.Screenshots (banking apps, dashboards, emails) 4. Camera & microphone access 5. Browser sessions and local data The goal isn’t speed. It’s silent, continuowus access. This is why keyloggers still work in 2026. They exploit trust, not vulnerabilities. Security tools protect networks, APIs, and encryption. Keyloggers operate below all of that. If malware runs with user-level access: 1. HTTPS doesn’t matter 2. MFA doesn’t matter 3. Strong passwords don’t matter The data is captured before security applies. Most infections don’t come from hacking. They come from cracked software, fake installers, browser extensions, email attachments, USB devices, and outdated systems. Older laptops are especially vulnerable because: 1.They stop receiving security updates 2.Protections get disabled for performance 3.Legacy drivers run with higher privileges Data is usually exfiltrated quietly to a remote server, blended into normal traffic which is why the system often looks finewhile everything is being watched. Defense is simple, but strict 1.Treat your laptop as a security boundary 2.Keep your OS fully updated Audit camera, mic, and screen permissions 3.Avoid untrusted software and cracked tools 4. Use real endpoint protection If compromise is suspected: reinstall, then rotate credentials Keyloggers aren’t advanced hacking tools. They’re patient surveillance tools. If you care about fintech security, bug bounty, developer safety, or privacy endpoint security matters just as much as APIs and servers.