🇷🇴 cristi @CristiVlad25 Twitter profile

Web Application Penetration Testing Checklist | Notion

17

346

1K

🇷🇴 cristi

@CristiVlad25

4 years

In light of current events, I open my course Python for Pentesters. Get it free in the next 24h and have lifetime access. Inspired by @thecybermentor I want you to use this knowledge for the Good! Leave a review, it helps me. Coupon: FREEEDUCATION Link:

105

416

949

🇷🇴 cristi

@CristiVlad25

2 years

You cannot be an expert hacker in everything. #cybersecurity is a vast field. Let's say you wear an offensive hat. This is a vast field in itself. Choose one topic, say "application security" (I'm also into this). Here’s my best approach to skill-up fast: 0/n

33

178

947

🇷🇴 cristi

@CristiVlad25

2 years

2023 Hacker's Guide: How to Break into Pentesting and AppSec. (thread)

38

244

910

🇷🇴 cristi

@CristiVlad25

2 years

In my pentests and appsec assessments, if I get stuck, these are two checklists that help me going: 1. by @Six2dez1 : 2. by @e11i0t_4lders0n : They are very extensive!

More than 200 custom test cases

alike-lantern-72d.notion.site

42

296

876

🇷🇴 cristi

@CristiVlad25

2 years

The most frequent vulns I found in 80+ pentests in 2022. (thread)

16

199

834

🇷🇴 cristi

@CristiVlad25

2 years

SSRF via PDF? Now made easy. (thread)

27

270

835

🇷🇴 cristi

@CristiVlad25

2 years

Top Python Libraries used by Hackers (thread)

25

198

787

🇷🇴 cristi

@CristiVlad25

2 years

Must-have checklists I use in my #pentesting assessments. (thread)

57

280

789

🇷🇴 cristi

@CristiVlad25

2 years

Pentesters, what do you write in the report when there are no findings?

163

62

620

🇷🇴 cristi

@CristiVlad25

2 years

Privilege escalation in Windows using 4 tools for red teamers and pentesters. (thread)

20

140

564

🇷🇴 cristi

@CristiVlad25

1 year

Now you can use ChatGPT and GPT4 in your terminal, as simply as: gpt "<your prompt>"

12

111

536

🇷🇴 cristi

@CristiVlad25

2 years

If PUT is not allowed, you try to override with the following headers: X-HTTP-Method-Override: PUT X-Method-Override: PUT - by @Six2dez1

17

141

507

🇷🇴 cristi

@CristiVlad25

2 years

Cybersecurity creators you must follow in 2023: @stokfredrik @hakluke @InsiderPhD @TheXSSrat @NetworkChuck @NahamSec @dccybersec @gregxsunday @thehackerish @RogueSMG @Hacksplained @HackerSploit @TomNomNomDotCom Who else? #infosec #cybersecurity #pentesting

38

120

491

🇷🇴 cristi

@CristiVlad25

3 years

extremely useful when pentesting APIs.

3

142

476

🇷🇴 cristi

@CristiVlad25

3 years

I don't do memes, but this one is the best I've seen so far

5

112

451

🇷🇴 cristi

@CristiVlad25

2 years

Paid to Hack! How much money can you make in cybersecurity? (thread)

15

87

446

🇷🇴 cristi

@CristiVlad25

3 years

really useful for when doing code reviews. via @vickieli7 and @nostarch

6

123

450

🇷🇴 cristi

@CristiVlad25

1 year

🚀🔒Exciting news! SecGPT is now LIVE! Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇

21

94

430

🇷🇴 cristi

@CristiVlad25

2 months

Advanced IDORs - 9 Techniques by @intigriti : 1. Exploiting Basic IDORs How to: Modify a predictable numeric ID in the request URL or parameters. Example: GET /user/email?userId=1002 (change userId to another value). 2. Exploiting IDORs via Parameter Pollution How to: Inject

2

138

436

🇷🇴 cristi

@CristiVlad25

2 years

Often times to simplify my work I build scripts.👇 I recently discovered katana by @pdiscoveryio . And I turned this: katana -d 5 -c 50 -p 20 -ef "ttf,woff,svg,jpeg,jpg,png,ico,gif,css" -u < https://tld> -cs "regex-to-restrict-to-tld-and-subdomains" into this: kata <tld>

8

93

429

🇷🇴 cristi

@CristiVlad25

1 year

- stopped using ffuf a while ago - switched to ferox - I often config based on the target, but - here's my mostly-used config Ferox is more reliable and gives me fewer false positives. Plus, I like how it dynamically adapts to the target, especially for rate-limits.

23

73

407

🇷🇴 cristi

@CristiVlad25

2 years

If you're an ethical #hacker , these are highly sought-after skills: 1. Knowledge of Networking: Understanding the fundamentals of network architecture, protocols, and technologies is essential for an #ethicalhacker . (thread)

15

70

382

🇷🇴 cristi

@CristiVlad25

2 years

Today I learned that the command "w" in the terminal shows who is doing what. Pretty neat, as someone who has been using Linux for over 15 years now. Thanks @RealTryHackMe .

12

31

393

🇷🇴 cristi

@CristiVlad25

3 years

in cybersecurity, bash skills are like superpowers. I'd dare to say, more important than python.

16

31

384

🇷🇴 cristi

@CristiVlad25

4 years

I've created a playlist of 35 videos for those beginning in Bug Bounty Hunting and Penetration Testing. Check it out and share it around! #bugbounty #pentesting #penetrationtesting #bugbountytips #bughunting #python #cybersecurity #ethicalhacking

4

150

375

🇷🇴 cristi

@CristiVlad25

4 years

The majority of tweets are bragging about successes and how you got $$$ for your report. That's often very toxic for beginners and it can be demotivating. In September I got a lot of reports rejected/dupes and my biggest bounty was $100. But I sure learned a lot. #bugbounty

19

50

376

🇷🇴 cristi

@CristiVlad25

2 years

All of my top tips on #hacking now available as blogs. Read below. (thread)

14

118

370

🇷🇴 cristi

@CristiVlad25

2 years

Next generation cyber-attacks via AI models: (thread)

7

87

367

🇷🇴 cristi

@CristiVlad25

3 years

Leak size: 997 GB Document count (elastic): 1.6+ billion Found & reported: December 26, 2021 Mobile app with 100+ million installs on Android. Massive leak of private user activity and videos. Reported and in the process of informing @GoogleVRP too

13

99

362

🇷🇴 cristi

@CristiVlad25

2 years

where do you get your #cybersecurity news from?

73

48

342

🇷🇴 cristi

@CristiVlad25

2 years

From ethical hacking to cybersecurity management, these 9 careers are perfect for you, the aspiring cyber-expert! (no bug bounty involved). 1. Cybersecurity Analyst 2. Penetration Tester 3. Cloud Security Engineer 4. Malware Analyst 5. DevSecOps Engineer ... (thread)

12

76

327

🇷🇴 cristi

@CristiVlad25

2 years

SQLi + XSS + SSTI: '"><svg/onload=prompt(5);>{{7*7}} (another great one by @Six2dez1 )

8

84

335

🇷🇴 cristi

@CristiVlad25

1 month

How I configure Autorize in Burp Suite 90% of the time, to identify IDOR/BOLA: - Uncheck Ignore 304/204 (they can often uncover issues) - Check unauthenticated - (the first 2 filters are default) - Filter: Scope items only - Filter: Ignore OPTIONS requests #pentesting #appsec

6

68

336

🇷🇴 cristi

@CristiVlad25

2 years

Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input 👇

7

49

315

🇷🇴 cristi

@CristiVlad25

11 months

One (out of hundreds) way to use GPT4-V to help when pentesting. #appsec #cybersecurity #pentesting #infosec

8

47

298

🇷🇴 cristi

@CristiVlad25

2 years

How to learn Python fast, in 3 steps: (thread)

10

52

299

🇷🇴 cristi

@CristiVlad25

2 years

5 sources to learn smart contract hacking by example. (thread)

10

88

298

🇷🇴 cristi

@CristiVlad25

2 years

when you understand how much money you can make in cybersecurity and ethical hacking and that it has nothing to do with bounties, you'll not even look at bug hunting, except for fun maybe...

19

27

288

🇷🇴 cristi

@CristiVlad25

2 years

These 5 tools and techniques have completely transformed my pentesting and appsec assessments: (thread)

16

68

291

🇷🇴 cristi

@CristiVlad25

2 years

The infrastructure pentest, in six parts: 1 - Intelligence Gathering 2 - Vulnerability Analysis 3 - Exploitation 4 - Post Exploitation 5 - Reporting 6 - Configuration Review 0/n

6

81

284

🇷🇴 cristi

@CristiVlad25

2 years

real hacking skills here, where you can see a combo of ingenuity and coding. Read part I before this one.

[Hacking Bank] Broken Access Control Vulnerability in Banking application [PART II]

As I mentioned in Part 1 the story of finding a Critical vulnerability in Banking mobile app , in the Part II,I will explain how I debugged…

[Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I]

3

85

286

🇷🇴 cristi

@CristiVlad25

2 years

How I do subdomain enumeration by aggregating multiple tools in a bash script. The script contains the following tools: (thread)

12

72

285

🇷🇴 cristi

@CristiVlad25

2 years

This is very well written!

This is the part I of the story about finding a critical Vulnerability in a banking mobile app that allows attackers to obtain full user…

Account (of the CEO) Takeover via Password Reset

2

90

281

🇷🇴 cristi

@CristiVlad25

1 year

I just posted a write-up for an account takeover I found in a pentest for a client. #pentesting #appsec #cybersecurity #infosec

In a web app pentest for a client, I found this interesting account takeover and I thought of sharing my findings with the infosec…

cristivlad.medium.com

8

86

284

🇷🇴 cristi

@CristiVlad25

3 years

Bug bounty can't be a full time job for at least 90% of hackers from med/high income countries. You worship the 1-2% making $100k+/y but fail to see the millions of hackers (the 90%+) stuck in the beginner hell. In pentesting you can easily go $100k+/y - all the burnout/drama.

19

34

270

🇷🇴 cristi

@CristiVlad25

2 years

Look for these file extensions in your pentests and appsec assessments. (thread)

17

82

270

🇷🇴 cristi

@CristiVlad25

4 years

Now's your chance to develop Python skills for your cyber practices. Take my course for free. And share this to reach more people who can't afford to pay. Limited to the next 40 hours. Course link: Code: GROWASKILL

Online Courses - Learn Anything, On Your Schedule | Udemy

Udemy is an online learning and teaching marketplace with over 250,000 courses and 73 million students. Learn programming, marketing, data science and more.

Tricky 2FA Bypass Leads to 4 digit Bounty $$$$

11

101

267

🇷🇴 cristi

@CristiVlad25

2 years

How to find uncommon bugs via manual testing. (thread)

10

71

264

🇷🇴 cristi

@CristiVlad25

2 years

5 methods to bypass authentication. via @AnonY0gi (thread)

8

63

257

🇷🇴 cristi

@CristiVlad25

6 months

Wow, I didn't know this bypass was even possible! #bugbounty

Hii Everyone i am Rohan Gupta part time bug hunter and Full time as a Jr. Security analyst.

Online Courses - Learn Anything, On Your Schedule | Udemy

10

41

260

🇷🇴 cristi

@CristiVlad25

3 years

got my first RCE, on two targets. after 2 years of doing bug bounties.

14

7

254

🇷🇴 cristi

@CristiVlad25

4 years

If elite hackers reveal their tactics, there would be no elite. l33t = years of hard work + 0 immediate gratification Therefore, few make it. Say NO to one-liner orgasms and to the reemerging cult of the script kiddie.

9

43

251

🇷🇴 cristi

@CristiVlad25

4 years

PRO tip: Stop doing beginner courses and stop copying one liners. You'll only get duplicates. Instead, start indepth studying documentations. Like AWS infrastructure, for example.

4

32

252

🇷🇴 cristi

@CristiVlad25

2 years

60

14

247

🇷🇴 cristi

@CristiVlad25

3 years

When you recon, keep in mind there's more to dorking than Google.

5

64

248

🇷🇴 cristi

@CristiVlad25

3 years

Here's 1000 free spots into my recon course. I don't need anything in return. Coupon: NOVRECON Course:

Udemy is an online learning and teaching marketplace with over 250,000 courses and 73 million students. Learn programming, marketing, data science and more.

How I Use ChatGPT as a Cybersecurity Professional

36

67

240

🇷🇴 cristi

@CristiVlad25

2 years

SSH local port forwarding, explained to humans: ssh -L [local_address:]local_port:remote_address:remote_port [user@]ssh_server

5

41

245

🇷🇴 cristi

@CristiVlad25

2 years

I'm also going through this book by @and1hof

6

16

243

🇷🇴 cristi

@CristiVlad25

2 years

JWT Attack Playbook: great resource for JWT attacks @ticarpi :

Home

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens - ticarpi/jwt_tool

github.com

3

60

231

🇷🇴 cristi

@CristiVlad25

2 years

How I use ChatGPT as a Cybersecurity Professional. #chatGPT #gpt3 #infosec #cybersecurity #pentesting #appsec

Burp Suite Deep Dive course: https://bit.ly/burpforpros________________________________________________________________________________________________ How t...

How to Use Nmap as a Free Vulnerability Scanner [Powered by NSE]

6

39

229

🇷🇴 cristi

@CristiVlad25

4 years

You don't need an expensive $5,000 vulnerability scanner. New video on leveraging the power of the nmap scripting engine. #bugbountytips #penetrationtesting #ethicalhacking #CyberSecurity

Burp Suite Deep Dive course: https://bit.ly/burpforpros________________________________________________________________________________________________ Nmap ...

The Ugly Truth about Bug Bounty Hunting

1

57

223

🇷🇴 cristi

@CristiVlad25

2 years

The 4 Pentesting Learning Paths by @RealTryHackMe . (thread)

7

51

225

🇷🇴 cristi

@CristiVlad25

2 years

How about some AI straight into your terminal? Just say: gpt3 <your_command>. (thread)

9

49

226

🇷🇴 cristi

@CristiVlad25

2 years

damn, the level of sophistication that attacks can reach. I didn't know this, thanks @RealTryHackMe (thread)

8

49

225

🇷🇴 cristi

@CristiVlad25

4 years

This video's gonna get me a lot of hate but I had to make it. #bugbounty #bugbountytips

Burp Suite Deep Dive course: https://bit.ly/burpforpros________________________________________________________________________________________________ Why o...

WSTG Checklist - with "How to Test" (public).xlsx

9

42

222

🇷🇴 cristi

@CristiVlad25

2 years

Let's do it again... Up for grabs is a @RealTryHackMe subscription. How to participate: - follow me @cristivlad25 and retweet this. If and when this tweet reaches a total of 400 likes and retweets in 5 days or less, we'll randomly select a winner.

17

173

215

🇷🇴 cristi

@CristiVlad25

6 months

If you're pentesting web apps, my version of WSTG Checklist by @owasp will give you hundreds of test cases and how to test. This is very useful when your client asks you to test against a methodology. #pentesting #appsec #cybersecurity #infosec

docs.google.com

2

60

224

🇷🇴 cristi

@CristiVlad25

2 years

How to Approach IDOR hunting? via @InonShkedy 👇

14

63

220

🇷🇴 cristi

@CristiVlad25

2 years

How to learn malware analysis, by practicing with real malware samples. In 2 steps, by @HackerSploit . Not beginner friendly. (thread)

4

65

218

🇷🇴 cristi

@CristiVlad25

3 years

Clarity will get you a long way. I hate XSS,SQLI,SSRF,XXE,CSRF. I don't look for them. I enjoy logic flaws, code review, bypasses & misconfigs. I focus on them. #cybersecurity #focus #bugbounty

6

22

208

🇷🇴 cristi

@CristiVlad25

1 year

You can add "/vendor/credentials" to your wordlist.

1

34

211

🇷🇴 cristi

@CristiVlad25

4 years

Python is still one of the most 'spoken' cyber languages out there. Use PYTHONISTA2021 to learn for FREE with my Python Basics course. Tell others. Course link: #python #pentesting #cybersecurity #bugbounty

Online Courses - Learn Anything, On Your Schedule | Udemy

Udemy is an online learning and teaching marketplace with over 250,000 courses and 73 million students. Learn programming, marketing, data science and more.

Online Courses - Learn Anything, On Your Schedule | Udemy

11

86

197

🇷🇴 cristi

@CristiVlad25

2 years

6 under-the-radar resources to master authentication vulnerabilities: 1. OWASP Auth Cheat Sheet 2. SANS ISC 3. NIST Special Publication 800-63B 4. CERT Vulnerability Note Database 5. IETF RFCs on Authentication Protocols 6. OAuth 2.0 Security Best Practices (thread)

2

56

196

🇷🇴 cristi

@CristiVlad25

3 years

Now and for a period of time, my Python basics course is free. Course:

Udemy is an online learning and teaching marketplace with over 250,000 courses and 73 million students. Learn programming, marketing, data science and more.

Web Application Penetration Testing Checklist | Notion

10

53

192

🇷🇴 cristi

@CristiVlad25

4 years

Mobile Security Testing Guide 2020 by the amazing people @owasp and @OWASP_MSTG . Learn this by heart if you want to hack mobile. #bugbounty #bugbountytips #mobilehacking #androidsecurity #bughunting

0

79

192

🇷🇴 cristi

@CristiVlad25

3 years

This is a well-crafted checklist for when you perform a pentest, by @e11i0t_4lders0n .

More than 200 custom test cases

alike-lantern-72d.notion.site

2

73

190

🇷🇴 cristi

@CristiVlad25

3 years

Look for #ssrf in: - webhooks - file upload via URL, - document and image processors, - link expansion, and - proxy services via @vickieli7

3

56

186

🇷🇴 cristi

@CristiVlad25

5 years

I've been through a lot of hurdle to keep this free. So, if you want to learn how to develop with Python for cybersecurity, go take my course Developing Ethical Hacking Tools with Python on @cybraryIT . Oh, and do me a favor, share around!

FREE Developing Ethical Hacking Tools with Python Online Training Course | Cybrary

Take the FREE Cybrary Developing Ethical Hacking Tools with Python course to practice real-world cybersecurity skills, and prepare for certifications.

www.cybrary.it

10

81

186

🇷🇴 cristi

@CristiVlad25

4 years

Don't do beginner hacking courses, learn networking. You will understand how 'things' work at a fundamental level. Hacking courses get you very distilled knowledge - with someone else's filters and biases applied. A good book is Internet Infrastructure by Rob Fox.

4

22

188

🇷🇴 cristi

@CristiVlad25

5 months

My current Burp extensions. What are yours? #pentesting #appsec #cybersecurity #bugbounty

10

30

191

🇷🇴 cristi

@CristiVlad25

11 months

My recon course, first published in 2020, is going to be free on YouTube. Keep an eye on the playlist of the course, and spread the word. #pentesting #appsec #infosec #bugbounty First video is available now:

Recon in Cybersecurity

A primer course on recon.

The 3 Books I use in Every Pentest

4

49

185

🇷🇴 cristi

@CristiVlad25

2 years

What I Learned Exploiting an SSRF bug, by Raymond Lind. (thread)

4

45

181

🇷🇴 cristi

@CristiVlad25

4 years

Why hunt for business logic? (never-again-duplicates) 1. Security scanners can't identify them. 2. WAF can't defend from them. 3. IDS can't detect them. More:

2

68

179

🇷🇴 cristi

@CristiVlad25

2 years

My top 3 go-to resources for every pentest I perform:

In 2022 alone I’ve performed about 20 pentests so far (as of early May). A large majority of them involve application security. My current methodology is heavily manual. I don’t do much perimeter and...

cristivlad.substack.com

9

43

180

🇷🇴 cristi

@CristiVlad25

3 years

JavaScript for Hackers, posted by Joas Antonio on LinkedIn.

5

45

178

🇷🇴 cristi

@CristiVlad25

1 year

Boost your pentesting and bug bounty game with SecGPT's AI insights from thousands of online security reports. I've asked it for some XXE payloads found in the reports.

5

39

175

🇷🇴 cristi

@CristiVlad25

2 years

great compilation of #dorks from @therceman #cybersecurity #pentesting #infosec

3

43

176

🇷🇴 cristi

@CristiVlad25

1 year

If you want to become really good really fast, don't take courses, unless you're a beginner. Here's what I do daily. On a very specific subject (say Access Controls): 1. Read reports/writeups 2. Study exploits. ChatGPT4 with COT and other prompt engineering techniques can take

2

36

172

🇷🇴 cristi

@CristiVlad25

2 years

Here's a 5 bullet point methodology for finding XSS. I don't like XSS but I must look for it as part of the pentests I perform for clients.👇

6

39

171

🇷🇴 cristi

@CristiVlad25

3 years

better fuzzing: 1. visit the url 2. view-source 3. find directories manually 4. fuzz directories

6

21

169

🇷🇴 cristi

@CristiVlad25

2 years

#giveaway time! 10 FREE coupons to Burp Suite Deep Dive. Rules are simple: - follow me @CristiVlad25 and retweet this. If and when this tweet reaches a total of 400 likes & retweets in 5 days or less, we'll randomly select the winners. #pentesting

Online Courses - Learn Anything, On Your Schedule | Udemy

Udemy is an online learning and teaching marketplace with over 250,000 courses and 73 million students. Learn programming, marketing, data science and more.

OAuth to Account takeover | HackTricks

15

126

159

🇷🇴 cristi

@CristiVlad25

1 year

(unpopular opinion) In #bugbounty , those who make the most money are not necessarily the best in terms of skills (hardly ever). They're definitely the best at making money. By: - access to unpopulated private programs - milking CVEs from many programs - favoritism on some

11

15

167

🇷🇴 cristi

@CristiVlad25

2 years

One of the best explanations of the oauth flow, with examples. And how it can be abused.

book.hacktricks.xyz

0

54

172

🇷🇴 cristi

@CristiVlad25

3 months

Sometimes, the bug is in the response... #pentesting #appsec #cybersecurity #bugbounty

Account takeover vulnerability that resulted in $2500 bounty!

In case you have any questions, or just wanna do some research with me, hit me up at @deadoverflow I decided to make a YouTube channel that teaches you how to actually find bugs, you can find the…