Nelson Chinonso

Hi #everyone I'm Mgbada Nelson , I'm looking to #Connect with people who are interested in: 🔒 #Cybersecurity 🕵️‍♂️ #ethicalhacking 🔐 #networksecurity 🛡️ #PenetrationTesting 🚨 #RiskManagement 🧑‍💻 #SecureCoding 🪲#BugHunter's Let's win big this year.

A thread Free homelabs you can do in cybersecurity 📣 YouTube Channel: lnkd.in/d_HBAmkA Governance and Regulatory Framework. 1. Juice Shop – Modern OWASP vuln app.   Host locally & attempt SQLi, XSS, more.   lnkd.in/grzv3CWN 2. GoPhish – Phishing simulation platform.   Send test phishing emails to lab inboxes.   getgophish.com

@Nancygemma2 Merry Christmas Nancy

Merry Christmas lovelies🎄🎅 Have a wonderful year ahead. ❤️ Ps: I think Gemini did well 😂

@ireteeh @Cyblackorg Congratulations

We have successfully completed four cohorts of CyBlack SOC Academy ✨ If you’re interested in joining the next cohort, follow @Cyblackorg so you don’t miss the announcement.

@T3chFalcon Permission to repost.

Something worth knowing: Opening a file doesn't just open the file. It creates a Shortcut to it. Every time you double-click a document, Windows automatically creates a hidden .LNK (Link) file in the Recent folder. These LNK files persist even if you delete the original document. The Forensic Value: They find a .LNK file pointing to C:\Users\John\Desktop\Fraud_Plan.docx. You deleted the Word doc. You forgot to delete the Shortcut Windows made for you. They can't read the file, but can prove you had it, opened it, and exactly when you did it. 💀

@T3chFalcon He should kindly exit x

Should I ? 😅

@commando_skiipz Congrats @commando_skiipz

Two Nigerians on a global list, and it’s not a crime list? Two Nigerians, out of hundreds of professionals across several continents. Two Nigerians, on the same list as an American and an Englishwoman? Nah! I’m beyond proud. I’ve achieved mind-blowing things this year, and this is one of them. Thank you so much, guys.

@Nancygemma2 @cyberjeremiah Congrats Jerry... You worked for it.

@cyberjeremiah I’m happy for you 😌❤️. Well done!

You people come and see oh 🔥🔥🔥 Thank you so much Ma. God bless you immensely ❤️❤️✨. Thank you so much for your efforts. I'm so short of words Ma ❤️🥹😩

@schoolsfocus Awesome, could actually work together.

The term is ending. Teachers are tired. Admins are overwhelmed. Yet results must be ready. What if results were ready in minutes, not weeks. Process results faster, cheaper and stress free with SchoolsFocus. #EdTechNigeria #SchoolsFocus

@schoolsfocus This powerful.

@chinasa_lo62229 I'm rooting for you... Hope say u no dey this states that are under attacks

To think that I fell sick after two days of my stay in camp, 😩 and to this effect, I've not been online (twitter) for a while now, hence have not read for some days 🥺 Health first but I promise to bounce back with full force. ✌️🥹❤️

FAIL on time, and be teachable. FAIL on time, and be teachable. FAIL on time, and be teachable.

@ArhnnieyJhaii @tobi_mayana I can give it a shot, recommend any?

@mcloxyventures @tobi_mayana You must have a reason for you to be admitted. Either academical or hands-on skill. You will need to prove you are eligible for it. Note, you are competing with thousands of others so you need to something very strong to stand out.

CYBERUS - Erasmus Mundus Joint Master in Cybersecurity erasmus-plus.ec.europa.eu/projects/searc… CyberMACS - Master of Applied Cybersecurity erasmus-plus.ec.europa.eu/projects/searc… CYBERSURE - Master's Programme in Cybersecurity and Assurance erasmus-plus.ec.europa.eu/projects/searc…

@SunnyAjaka @tobi_mayana What kinda conditions

@mcloxyventures @tobi_mayana You can however it comes with conditions

@keleccini I would keep searching though

@mcloxyventures You can. Foreign unis are not as rigid as Nigerian universities.

Early this year, a Fortune 500 fintech company discovered that its customer-service AI agent had been quietly leaking sensitive account data, and it had been happening for weeks without anyone noticing. The AI system was designed to help customers with balance checks, transaction history, and account status inquiries. It was tightly integrated with the company’s internal banking systems and trusted enough to pull real customer data on demand. In other words, it had legitimate access, and that access became the company’s downfall. Attackers crafted prompts that manipulated the AI into pulling and exposing the account information of completely different customers. All the traditional security controls such as network segmentation, firewalls, authentication, and API access policies were functioning exactly as designed. The flaw was in the reasoning layer of the AI agent. The exploit targeted the AI’s decision-making process itself. Because the system trusted the AI, the exfiltration blended in with normal operations. No alarms were triggered. No logs looked out of place. People’s sensitive financial data kept leaking quietly for weeks. By the time the company detected the vulnerability, the damage was done. Regulators got involved. Customers had to be notified. Incident response teams worked around the clock. The breach ultimately cost the company millions in regulatory fines, legal settlements, and remediation, and it became one of the earliest real-world examples cited in industry reports about how prompt injection can compromise even the most mature enterprise environments. (I demonstrated something similar with vulnbank, I’ll quote it in the comments)

@elormkdaniel Gracias

@mcloxyventures Permission granted

Imagine receiving a normal WhatsApp message from someone… and later discovering that the message secretly contained their exact location, even though they never shared it. That’s exactly what happened during a recent forensic extraction I performed on my iPhone 12 Pro Max. During the analysis, I found a I decided to pick a message I received from @RedHatPentester, on 3rd September 2025 at 7:11 AM. Nothing unusual at first glance just a regular text. But deep inside the message metadata, the phone had silently logged: @RedHatPentester exact location at the moment he sent that message. He didn’t share it intentionally. I didn’t request it. Yet the device recorded it automatically. This was extracted directly from my own phone, meaning: If your location is turned ON while chatting on WhatsApp, your exact location can be extracted from someone else’s device if theirs undergoes forensic imaging. Most people have absolutely no idea this happens. But this was only the beginning. Also, every single file created on the device, ie: photos, videos, screenshots, recordings had the exact location of where I was when that file was created. The phone automatically logged precise GPS coordinates for each media file. This means investigators can determine where you were at the exact moment you took a picture, recorded a video, captured a screenshot, or created any media on the device. This level of metadata helps reconstruct movements, timelines, and behaviors with incredible accuracy. The extraction revealed far more than hidden location data and remember, this phone was NOT jailbroken. Here’s what else was recovered: 1. Full Synchronized Accounts & Passwords The extraction pulled: •URLs •Usernames •Passwords •Stored login metadata Basically, every synchronized password ever used on the device all recovered without jailbreak. 2. Complete Application Logs & Histories Every installed application had: ✔ Detailed logs ✔ Usage history ✔ Internal data ✔ Metadata Even apps considered “secure” or “encrypted” still left behind recoverable traces. 3. Full WhatsApp Data, Including Group Histories WhatsApp revealed more than most users realize: •Full history of every group ever joined •Date each group was created •Who created it •Date I was added •Group metadata even after you exit the group This is critical in investigations because a suspect cannot deny belonging to a group when the device itself retains: 📌 Creation date 📌 Creator identity 📌 Join date 📌 Participation timeline Even if they left the group years ago. 4. Message-Level Location Metadata The iPhone logged exact sender locations at the moment messages were typed and sent just like what happened with @RedHatPentester message. Most people never see this. Investigators do. Why This Matters Every phone tells a story. Every app keeps footprints. Every message carries more than text. This extraction proves that even without a jailbreak, investigators can discover: ✔ Locations ✔ Passwords ✔ Group associations ✔ Message histories ✔ Detailed app activity ✔ Metadata most users never realize exists Digital devices rarely forget even when the user does.

@_anonysm The hustle is real.

Bug bounty gave me more than money. It gave me the power to choose and afford my life. Grateful to the programs that made this real 🤍 #bugbounty #cybersecurity