Harsh Bothra
@harshbothra_
Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal
Security Stories - Story: 4 - Luke Stephens
SecurityStories - 52 Weeks, 52 Stories: Story - 4
~ Don't lose your creativity. As soon as people get a cybersecurity job, they lose their curiosity and creativity.
Featuring Luke Stephens widely known as @hakluke who needs no introductions. Let's know his story. 🧵
Question: Could you briefly introduce yourself?
Luke: I'm Luke Stephens. I go by hakluke online. I'm a computer hacker and indie founder.
10 XSS Payloads for Different Scenarios - #AppSecwithAI
#AppSecwithAI
Look what ChatGPT generated when I asked it to give me 10 XSS payloads for different scenarios - 🧵 ↓
1/10: `<svg/onload=alert(1)>` - This payload uses an SVG element with an onload event handler to trigger the XSS payload.
2/10: `<img/src=x onerror=alert(1)>` - This payload uses the onerror event handler to trigger the XSS payload when the image source is invalid.
SecurityStories - Nilesh Sapariya
SecurityStories - 52 Weeks, 52 Stories
~ Take regular breaks to give your mind and body a rest helps you cope up with cyber security burn outs a lot.
Featuring Nilesh Sapariya (@nilesh_loganx), a skilled pentester from India and working in UAE. Learn from his story 🧵 ↓
Security Stories - 2: Featuring Sumit Grover
SecurityStories - 52 Weeks, 52 Stories
Story - 2: Featuring Sumit Grover (@sumgr0)
Learn more about Sumit in 🧵
100 Application & API Security Test Cases
Don't let your Applications & APIs be a security risk.
Protect them with these 100 Security Test Cases 🧵
1. Broken Object Level Authorization
2. Broken User Authentication
3. Excessive Data Exposure
4. Lack of Resources & Rate Limiting
5. Broken Function Level Authorization
6. Security Misconfigurations
7. Cross-Site Scripting (XSS)
8. Insecure Deserialization
Playing with JavaScript and executing a prototype pollution attack is always interesting thing to do.
Learn about Prototype Pollution: cobalt.io/blog/a-pentesters-guide-to-prototype-pollution-attacks
First blog of 2023. I hope you like it
6 Productivity Tools One Must Try
What are your go-to tools for productivity and daily use?
My Go-To Tools for Productivity and Daily Use 🧵 1/
2/
📒 Google Keep - I keep my daily planner here, so that I can track everything from tasks to upcoming events in one place.
🎯 Trello - Great for goal setting & tracking progress on projects /goals with ease. It's also a great visual way of seeing what needs attention!
SecurityStories - Story - 1
Featuring Ahmet Gurel @ahmettgurell, A well known Security Researcher & Ethical Hacker from Turkey.
Read his SecurityStory: harsh-bothra.github.io/SecurityStories/SecurityStories/ahmet-gurel.html
A Twitter thread will be published soon :)
🧵 Thread
This year (2022), I have worked on creating educational resources in various forms, such as blogs, Twitter series, mindmaps and others. In case you missed them, here are all of them:
# SecurityExplained Twitter Series:
- github.com/harsh-bothra/SecurityExplained
🧵 - 1/5
2/5
# MindMaps
1. Forget Password Vulns: xmind.net/m/nZwbdk/
2. XML Attacks: xmind.net/m/xNEY9b/
3. 2FA Bypass Techniques: xmind.net/m/8Hkymg/
4. Android PT Checklist: xmind.net/m/GkgaYH/
5. Cookie Based Auth Vulnerabilities: xmind.net/m/2FwJ7D/
