β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#DefinitionS HACKING TERMS
1οΈβ£SOCIAL WORKERS VULNERABILITY :
When you specifically Google:) /Baidu social worker, the answer is social work, we said that social workers would have nothing to do with this. Social workers are called social engineering, which is a technology that studies the weakness of human nature to attack. For instance the website administrator is called Xiao Ming.Then the administrator password of the website is likely to be xiaoming, or even xiaohong, why is it with Xiaohong? Because it may be the person Xiao Ming likes, of course, it may also have xiaofeng, but the probability is very low, at least much lower than the previous two. Social work attacks are usually attacked with this idea. To put it simply, you can also understand it as human flesh, and some of the materials that are extracted from human flesh on the Internet all use social engineering technology. Xiaofeng gives a simple example. For example, if you are looking for the qq number of a star, you can search for the name of his company in the qq group. The xx company group may appear, and then you know how to find the qq number.
2οΈβ£WebShell
WebShell is a command environment that exists in the form of asp, php, jsp and other web files, and it can also be called a web page backdoor. After a hacker has invaded a website, these asp or php backdoor files are usually mixed with the normal web page files in the WEB directory of the website server, and they are usually hidden deeper because they cannot be found by the administrator and cannot be accessed after being deleted. Take control. A website is hung with a webshell backdoor, basically you can do whatever you want, you can modify any part of the website or delete it. The web transactions between hackers are carried out through webshell. For example, how much do I spend to buy webshell permissions for this website, and the attacker is responsible for finding a way to put a webshell backdoor in this website, so that everyone should understand.
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#DefinitionS HACKING TERMS
1οΈβ£SOCIAL WORKERS VULNERABILITY :
When you specifically Google:) /Baidu social worker, the answer is social work, we said that social workers would have nothing to do with this. Social workers are called social engineering, which is a technology that studies the weakness of human nature to attack. For instance the website administrator is called Xiao Ming.Then the administrator password of the website is likely to be xiaoming, or even xiaohong, why is it with Xiaohong? Because it may be the person Xiao Ming likes, of course, it may also have xiaofeng, but the probability is very low, at least much lower than the previous two. Social work attacks are usually attacked with this idea. To put it simply, you can also understand it as human flesh, and some of the materials that are extracted from human flesh on the Internet all use social engineering technology. Xiaofeng gives a simple example. For example, if you are looking for the qq number of a star, you can search for the name of his company in the qq group. The xx company group may appear, and then you know how to find the qq number.
2οΈβ£WebShell
WebShell is a command environment that exists in the form of asp, php, jsp and other web files, and it can also be called a web page backdoor. After a hacker has invaded a website, these asp or php backdoor files are usually mixed with the normal web page files in the WEB directory of the website server, and they are usually hidden deeper because they cannot be found by the administrator and cannot be accessed after being deleted. Take control. A website is hung with a webshell backdoor, basically you can do whatever you want, you can modify any part of the website or delete it. The web transactions between hackers are carried out through webshell. For example, how much do I spend to buy webshell permissions for this website, and the attacker is responsible for finding a way to put a webshell backdoor in this website, so that everyone should understand.
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦SOME IP ATTACKS #DEFINITIONS
> Hide server ip
Using CDN acceleration can hide the real ip of the server , resulting in the attacker not being able to attack the real ip, but this can only prevent some of the more attackers unless you really hide the ip.
> Prohibit proxy access
As mentioned earlier, the attacker attacks through a large number of proxies. Setting up to prohibit proxy access or limit the number of proxy connections can also play a certain role in protection.
> Shield attack ip
Thousands of tcp connections usually appear on the server when being attacked by cc. Open cmd and enter netstat -an. If a large number of external IPs appear, you will be attacked. At this time, you can use protective software to block the attack ip or manually block. This method is often used. passive.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦SOME IP ATTACKS #DEFINITIONS
> Hide server ip
Using CDN acceleration can hide the real ip of the server , resulting in the attacker not being able to attack the real ip, but this can only prevent some of the more attackers unless you really hide the ip.
> Prohibit proxy access
As mentioned earlier, the attacker attacks through a large number of proxies. Setting up to prohibit proxy access or limit the number of proxy connections can also play a certain role in protection.
> Shield attack ip
Thousands of tcp connections usually appear on the server when being attacked by cc. Open cmd and enter netstat -an. If a large number of external IPs appear, you will be attacked. At this time, you can use protective software to block the attack ip or manually block. This method is often used. passive.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is IOC ? #definitions
One of the challenges that security incident investigators face in the process of security incident emergency response is to find an effective method to organize all the information in the investigation process, including the activities of the attacker, the tools used, malware, or other information. Indicators of compromise (IOC).
π³π΄π΅πΈπ½πΈπ πΈπΎπ½π :
1) The security of the network layer has traditional IOC related search methods, such as domain name blacklist, IP blacklist and some CIDRs, or use Snort or Bro to find relevant signatures of malicious events.
2) With the rapid development of malicious technologies, the basic settings of attackers are becoming more and more dynamic, and it is difficult to distinguish them from legitimate servers. The use of network IOCs to detect threats has become more difficult and less effective. In other words, the network IOC will soon be eliminated. Attackers often monitor their network assets, and once they find a filtered list, they will migrate to other terminals. Some attackers divide the attack program into each attack target to reduce related IOC information.
3) Cloud computing has exacerbated the challenges related to IOC search. Attackers can easily obtain IP addresses from hosting providers. Similarly, the new ccTLD and ICANN tld only require very little information verification, making this easier and cheaper or even free, and because of the WHOIS privacy service registrant information will not be disclosed.
4) For these reasons, we need more intelligent methods. Instead of tracking the past and searching for known errors, cyber defenders look for models and signals related to unknown errors. Once a previously unknown sign of malicious behavior is identified, organizations can activate their response programs.
π¦ Use passive DNS tracking :
1) Passive DNS has a simple structured method to capture these signals and patterns. Passive DNS reorganizes DNS transmissions by passively capturing internal DNS transmissions to collect data.
2) Since then, many security organizations have begun to install DNS sensors in the network to collect passive DNS information and then analyze the resulting data to generate threat intelligence. In today's threat environment, passive DNS is very useful in tracking threats.
3) A passive DNS sensor essentially captures DNS transmissionsβUDP packets (DNS) on port 53βand then reassembles the information into a single record, including requests and responses. We have done experiments on two open source sensors
l passiveDNS
l sie-dns-sensor
We have options to collect duplicate DNS requests (green part) or collect all DNS transfers.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is IOC ? #definitions
One of the challenges that security incident investigators face in the process of security incident emergency response is to find an effective method to organize all the information in the investigation process, including the activities of the attacker, the tools used, malware, or other information. Indicators of compromise (IOC).
π³π΄π΅πΈπ½πΈπ πΈπΎπ½π :
1) The security of the network layer has traditional IOC related search methods, such as domain name blacklist, IP blacklist and some CIDRs, or use Snort or Bro to find relevant signatures of malicious events.
2) With the rapid development of malicious technologies, the basic settings of attackers are becoming more and more dynamic, and it is difficult to distinguish them from legitimate servers. The use of network IOCs to detect threats has become more difficult and less effective. In other words, the network IOC will soon be eliminated. Attackers often monitor their network assets, and once they find a filtered list, they will migrate to other terminals. Some attackers divide the attack program into each attack target to reduce related IOC information.
3) Cloud computing has exacerbated the challenges related to IOC search. Attackers can easily obtain IP addresses from hosting providers. Similarly, the new ccTLD and ICANN tld only require very little information verification, making this easier and cheaper or even free, and because of the WHOIS privacy service registrant information will not be disclosed.
4) For these reasons, we need more intelligent methods. Instead of tracking the past and searching for known errors, cyber defenders look for models and signals related to unknown errors. Once a previously unknown sign of malicious behavior is identified, organizations can activate their response programs.
π¦ Use passive DNS tracking :
1) Passive DNS has a simple structured method to capture these signals and patterns. Passive DNS reorganizes DNS transmissions by passively capturing internal DNS transmissions to collect data.
2) Since then, many security organizations have begun to install DNS sensors in the network to collect passive DNS information and then analyze the resulting data to generate threat intelligence. In today's threat environment, passive DNS is very useful in tracking threats.
3) A passive DNS sensor essentially captures DNS transmissionsβUDP packets (DNS) on port 53βand then reassembles the information into a single record, including requests and responses. We have done experiments on two open source sensors
l passiveDNS
l sie-dns-sensor
We have options to collect duplicate DNS requests (green part) or collect all DNS transfers.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β