View profile

Bypassing 2FA, Active Directory Security, Building your strong circle! - Ritik Sahni

Deep Space
Hey, friend!
I hope you’re doing good :)
Let’s dive straight into the newsletter ✉️

How to find smart people? 🧠
On June 13, I responded to an interesting question on Twitter.
The question was very simple - How do we find people smarter than us?
My response to the question:
Ask these questions to yourself…
  1. Do you like listening to them?
  2. Do they share valuable knowledge that you care about?
  3. Do you think about the conversation for days after it’s over?
  4. If given a choice, would you spend time working with them?
Thinking about these simple questions and reflecting can really help you identify smart and strong people around you. Remember, it may take some time but always thrive to create a strong network. You may lose a lot of people in the process and may have to let go of some, but it’s a part of the entire thing - this is how you create your strong circle.
Tweet:
Ritik Sahni (deep)
@Lohith84211942 @sahilypatel @shl Ask these questions to yourself:

1. Do you like listening to them?
2. Do they share valuable knowledge that you care about?
3. Do you think about the conversation for days after it's done?
4. If given a choice, would you spend time working with them?
Blogs 📚
Bypassing 2FA using OpenID Misconfiguration
^^ This is a must read if you’re starting with Active Directory Pentesting.
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug | The GitHub Blog
A super fascinating read on privilege escalation using polkit in Linux.
CVE-2021-33564 Argument Injection in Ruby Dragonfly | ZX Security
Resources 👑
What's the need ?🤔 - Subdomain Enumeration Guide
GitHub - flozz/p0wny-shell: Single-file PHP shell
GitHub - indianajson/can-i-take-over-dns: "Can I take over DNS?" — a list of DNS providers and how to claim (sub)domains via missing hosted zones
GitHub - detectify/page-fetch: Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pages and see the returned values
Favorite Tweets ✍️
Rob O'Neill ⚡️ Info Product Wizard 🔮(((Royalty)))
POWER.

There are 3 forms of power:

1. Wealth - Control over scarce and valuable resources.

2. Influence - Control over information, narratives & opinions.

3. Might - Control over violence, punishment and consequences. https://t.co/E6C26RC6fq
| UM
Game theory and Zero-Sum games.

Strategies that shift power in your favour.

A thread.
Game theory is so interesting! This thread highlights that and it definitely made me curious to learn more about it. Do you like game theory?
Sahil Bloom
The hiring process is ultra-competitive.

But you’ve incorrectly been told that the only way to stand out is by having fancy degrees and credentials.

THREAD: 20 ways to stand out in a hiring process (that don’t involve your resume):
If you’re looking for a job, this thread is a must-read. Small gestures can really help out stand out from your competition.
Quotes 🧠
“I don’t care about being right. I care about the success and doing the right thing.” - Steve Jobs
“The ability to observe without evaluating is the highest form of intelligence.” - J. Krishnamurti
This quote by J. Krishnamurti has created a deep impact on how I observe my surroundings ❤️
Letting go of biased judgment, ego when observing anything truly lets you understand everything with clarity.
Updates 🌟
I AM SOON STARTING MY OWN PODCAST!
If you listen to cybersecurity podcasts, reply to this email with the names of those shows you like to listen to. Your input will be super valuable for me to bring quality content in the future.
I read every email so if you wanna have a conversation, give suggestions then reply to this email. Alternatively, you can DM me on my Twitter (DMs are always open)
Thank you for reading this week’s newsletter, I’ll see you next week!
If you wanna give feedback, suggestions, complaints then feel free to reply to this email.
If you like my content, you can support me through Buy Me A Coffee!
- Ritik Sahni
PS: If you enjoyed this newsletter, please share it with a friend. They can subscribe here🤝
Did you enjoy this issue? Yes No
Ritik Sahni
Ritik Sahni @ritiksahni22

Weekly newsletters with references to great articles, blogs, and other cybersecurity content delivered right into your email inbox!

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.