Devansh (⚡, 🥷)
@0xAsm0d3us
Followers
14,034
Following
2,797
Media
349
Statuses
1,052
Pwn & Security Research 🔍 🏗️ Hunting threats in the wild⚡ Opinions are solely mine
mempool
Joined December 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
उत्तर प्रदेश
• 216980 Tweets
नीतीश कुमार
• 139749 Tweets
#WorldEnvironmentDay
• 95048 Tweets
クロリンデ
• 42742 Tweets
मुख्यमंत्री श्री
• 35738 Tweets
東京ダービー
• 34542 Tweets
#TheAcolyte
• 27259 Tweets
तेजस्वी यादव
• 26382 Tweets
SB19 ON NICKELODEON KCA
• 23248 Tweets
#NDA_सरकार_है_तैयार
• 19727 Tweets
EFEITO BORBOLETA
• 19492 Tweets
ヒンメル
• 18350 Tweets
PrabowoFOKUS KerjaTERBAIK
• 13509 Tweets
पर्यावरण संरक्षण
• 12975 Tweets
KerjaKOMPAK KerjaCERDAS
• 12905 Tweets
ガーシー
• 12247 Tweets
श्री योगी आदित्यनाथ
• 11649 Tweets
アルハイゼン
• 10735 Tweets
逮捕の男
• 10532 Tweets
サンデー
• 10087 Tweets
Pinned Tweet
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
75
508
4K
A collection of awesome security hardening guides, tools and other resources
#cybersecurity
#hacking
16
542
2K
Reverse Engineering For Everyone!
This comprehensive set of reverse engineering tutorials covers x86, x64 32-bit ARM, 64-bit architectures. If you're a newbie looking to learn reversing, or just someone looking to revise some concepts, check it out
9
536
1K
Free Malware Analysis Course, covers malware concepts, malware analysis, and black-box reverse engineering techniques
#cybersecurity
#malware
10
415
1K
Weaponizing favicon.ico for BugBounties , OSINT and what not !
Blog :
FavFreak :
FingerPrint Based Favicon Hash Detection !
@Jhaddix
@stokfredrik
@NahamSec
@hakluke
@HusseiN98D
17
455
965
A powerful and open-source toolkit for hackers and security automation
19
318
968
Free Malware Analysis Course, covers malware concepts, malware analysis, and black-box reverse engineering techniques
#cybersecurity
#malware
9
314
961
Cyber-Bookmarks: a list of bookmarks that contains lists of resources/articles that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#cybersecurity
#malware
#bugbounty
#hacking
24
344
935
🔥 Awesome BugBounty Writeups 🔥
Created a list of 600+ Bugbounty writeups characterized by Bug type ! Happy Quarantine ! Grab a coffee and give them binge read 🔥
Github :
15
429
905
My notes (actually a checklist ✅) for getting into Blockchain Security, a thread 🧵
24
344
869
14
303
869
A curated list of awesome malware analysis tools and resources.
#malware
#reversing
#hacking
#cybersecurity
4
277
837
The full content of the bash file is as follows:
The script works by including raw escape codes to move the cursor up a couple of lines, so the rest of the script is written over the top of the malicious code, hiding it.
6
33
857
17
284
815
This awesome repository contains Malware analysis/Reverse engineering related tools, training, podcasts, blog posts, literature and just about anything else closely related to the topic. - by
@0x4143
#malware
#hacking
#reversing
#cybersecurity
1
320
800
Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#hacking
#bughunting
#cybersecurity
24
277
714
0
267
708
ParamSpider : Parameter miner for humans
Got a nice SSRF last week using this :
- paramspider found a url with parameter ?file_url=
- The parameter was deprecated long back from the production
- luckily the parameter was vulnerable to SSRF
Github :
16
278
710
A list of interesting payloads, tips and tricks for bug bounty hunters.
15
247
689
🔎 An awesome list of some of the most popular search engines for Hackers/OSINT Professionals/Cyber Investigators. (1/3)
#cybersecurity
#hacking
#osint
16
228
691
This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!
4
236
695
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
#android
#cybersecurity
#bugbounty
2
306
691
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
#hacking
#graphql
#cybersecurity
#bughunting
4
297
666
A non-exhaustive list of awesome CTFs for sharping your hacking/pwning skills
8
229
644
We are so worried by this `xz` fiasco, when in reality it is so trivial to trick humans into running malicious code. No CVEs are used for the majority of the big shot hacks, humans are the most vulnerable link in this chain. Education/awareness alone will stop the majority of the
8
26
636
2
273
611
2
239
613
4
242
604
2
217
589
4
271
596
🔥Find OpenRedirect Vulnerabilities in Bulk !
OpenRedireX : An Asynchronous Fuzzer for testing Openredirect issues
Initially
@nullpxl
and I coded this for the output produced by ParamSpider + GF ,
Now releasing it as a standalone repository !
Github :
10
218
589
Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts. Throughout numerous challenges you will build the skills to become a bug hunter or security auditor in the space, and yeah Merry Christmas🎄
#blockchain
6
186
593
List of tutorials and things to look for while hunting for vulnerabilities 🐛 (- compiled by
@KathanP19
and other awesome contributors)
#cybersecurity
#bughunting
#hacking
9
212
565
Bug Hunter Handbook: a book that contains lists of resources that will help bug bounty hunters with resources that are useful during their bug bounty journey.
#hacking
#bughunting
#cybersecurity
4
223
564
Application Security Cheat Sheet: A list of cheat sheets for application security
#cybersecurity
#bughunting
#hacking
#malware
#exploit
13
230
565
2
180
505
1
207
486
A thread 🧵 on DNS misconfigurations/resources/articles/tools 👇
#hacking
#cybersecurity
#dns
#bugbounty
9
170
480
Awesome Hacking: A collection of various awesome lists for hackers, pentesters, and security researchers
#hacking
#cybersecurity
#osint
#bughunting
3
179
480
Some of my favorite Solidity Smart Contract Security resources 💚
#ethereum
#blockchain
#solidity
#smartcontracts
35
178
473
A curated list of awesome threat detection and hunting resources
#cybersecurity
#bughunting
#hacking
#malware
1
175
471
API Security Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API.
#cybersecurity
#api
#hacking
#bughunting
4
211
478
⚔️ Checklist for container security - DevSecOps practices
#cybersecurity
#hacking
#containers
#bughunting
#devops
#devsecops
1
167
424
10
153
413
A list of interesting payloads, tips and tricks for bug bounty hunters.
#bugbounty
#hacking
#cybersecurity
1
163
409
headerpwn: A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers
Useful for uncovering following behaviors:
- Header based access control issues
- 403/401 Bypasses
- Detecting anomalies when certain special headers are present
- Header
4
115
415
A curated list of blockchain security Capture the Flag (CTF) competitions
#blockchain
#ethereum
#solidity
8
150
395
2
165
391
Mobile Security Testing Guide by OWASP: An excellent starting point for getting into Mobile Security (Android & iOS)
#android
#ios
#cybersecurity
#hacking
#bughunting
2
183
373
Hacker101: Free educational resource to grow and empower the hacker community at large.
#cybersecurity
#hacking
#bugbounty
5
133
368
2
123
349
7
119
352
Machine Learning for Cyber Security: A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.
#cybersecurity
#hacking
#machinelearning
5
127
343
Advanced XXE Exploitation: 3-hour workshop on XML External Entities (XXE) exploitation by GoSecure
#xxe
#hacking
#cybersecurity
2
136
343
Let's run this `" file. Wait what? Why it is spitting out the contents of `/etc/passwd`? The trick here is "escape codes".
6
5
346
A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials, and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development.
#cybersecurity
#fuzzing
#hacking
2
133
327
A curated list of resources(trainings, documentation, tools) for Secure Coding (by
@VladToie
)
0
138
324
CVE reversing is perhaps the best, most effective and practical approach for learning the ropes of offensive security research. Here is how I do it:
- Tracking recent CVEs
- Selecting CVEs related to extensively utilized software
- Scrutinizing CVE description
- Reading product
4
65
328
A curated list of awesome threat detection and hunting resources
#cybersecurity
#bughunting
#hacking
#malware
3
105
323
Template Injection in Action: 2-hour workshop on Template Injection (SSTI)
#ssti
#hacking
#cybersecurity
#bughunting
2
155
321
Github's SecurityBites playlist is a good entry point for devs to learn how to secure your code against common vulnerabilities.
#cybersecurity
7
88
310
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
#cybersecurity
#bugbounty
#hacking
1
145
311
How to exploit a double-free vulnerability ('Use After Free for Dummies')
#binaryexploitation
#hacking
#cybersecurity
1
85
309
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework capable of performing static and dynamic analysis.
#cybersecurity
#hacking
1
136
291
paramspider: Mining URLs from dark corners of Web Archives for bughunting/fuzzing/further probing
GitHub:
🔄 Revamped Features:
- Multiple domain names Input using file
- Enhanced Exception Handling
- Easy Setup using pip
- Clear and more
9
85
307
[Thanks to a PR] FavFreak now has around 500 fingerprints of common services,
FavFreak :
Reference :
#bugbounty
7
126
303
More info:
3
19
303
DNSleuth sniffs DNS packets, i.e, allowing you to spy on the DNS queries your machine is making
GitHub:
#cybersecurity
3
61
279
This repo aims to explain the basics of DNS at different levels of complexity for readers with various technical backgrounds.
3
79
277
🐛 A list of writeups from the Google VRP Bug Bounty program
#cybersecurity
#bugbounty
#hacking
#googlevrp
2
115
270
2
116
270
0
84
274
Pentest-Book: A collection of some awesome tools or techniques, tricks that might be useful in pentests/bugbounties (by
@Six2dez1
)
#cybersecurity
#bughunting
#hacking
#malware
2
72
273
Discover potential XSS vulnerabilities en masse on the URLs stored in Wayback achrive for a domain using Rayder workflows
Rayder:
Workflow:
#bugbounty
5
83
261
4
88
262
revit : A command-line utility for performing reverse DNS lookups
#bugbountytips
#dns
#cybersecurity
2
47
258
An Intentionally designed Vulnerable Android Application built in Kotlin for sharping your mobile hacking skills via exploiting real-world mobile vulnerabilities.
#android
#hacking
#cybsersecurity
2
119
249
OpenRedireX: A fuzzer for detecting open redirect vulnerabilities
#bugbountytips
#BugBounty
4
66
248
Reverse Engineering resources (little outdated, but still relevant)
#hacking
#cybersecurity
#reversing
0
75
236
(2/n) Reading the file using `cat` seems fine, right? Definitely, nothing suspicious there, right?
2
2
242
heaptruffle: Mine URLs from Browser's Heap Snapshot for fun and profit
GitHub:
heaptruffle captures heap snapshots of the web pages' memory. These heap snapshots are then parsed, allowing heaptruffle to extract URLs/endpoints from it.
#bugbountytips
3
66
240
I got so many DMs on how to use ParamSpider + GF , I created a section in the readme file() with follow along steps , do check this out , if still got problems DM are always open !
9
91
234
4
74
224
4
85
228
1
115
221
⚡️ Discover more subdomains and expand the attack surface using Rayder workflow.
Here is what the workflow does:
- Fetches subdomains of a domain using subfinder
- Mutates the subdomains using radamsa fuzzer
- Fetches fresh DNS resolvers for dns bruteforcing
- Uses massdns to
3
52
218
Mind-Maps for Bug Hunters, Penetration Testers, Offensive/Defensive Security Professionals
#cybersecurity
#bughunting
4
89
218
Nettacker: Automated Penetration Testing Framework - Open-Source Vulnerability Scanner
1
83
212
This wiki (by
@rv_inc
) contains a comprehensive list of common smart contract security vulnerabilities, compiled from various sources.
1
84
209
Malware and Exploitdev Resources: This document serves as a list of resources, and other things that aid in malware analysis/dev and exploit dev
#cybersecurity
#hacking
#malware
#exploit
1
107
210
AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
#cybersecurity
#hacking
#cloud
#forensics
0
70
205
Awesome OSINT: A curated list of amazingly awesome open-source intelligence tools and resources.
#osint
#cybersecurity
#osint
#hacking
#bughunting
1
78
205
How to audit Solana smart contracts Part 1: a systematic approach
0
71
206
Brute force HTTP headers on a list of URLs for finding anomalies and analyzing how servers respond to different HTTP headers using Rayder workflows
Useful for uncovering following behaviors:
⚡️ Header based access control issues
⚡️ 403/401 Bypasses
⚡️ Detecting anomalies
3
42
208
2
77
201