Be aware of this new CVE 2020-0674 in Internet Explorer 11
#Vulnerabilities

THE NEW INTERNET Explorer CVE

https://pastebin.com/qC1nEFE8

USE FOR LEARN !!!

I've noticed during testing against Anti-Virus over the years that each is different and each prioritize PE signatures differently, whether the signature is valid or not. There are some Anti-Virus vendors that give priority to certain certificate authorities without checking that the signature is actually valid, and there are those that just check to see that the certTable is populated with some value

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Ways To Hack An API (And How To Defend):

1) Reverse Engineering
2 h
https://www.youtube.com/watch?v=a2EkORFcSZo

2) User Spoofing
9 min
https://www.youtube.com/watch?v=VjguxR97xC0

3) Man in the Middle Attack
21 min
https://www.youtube.com/watch?v=3aiREf5u48Q

4) Session Replays
2 h
https://www.youtube.com/watch?v=bj8kkgLCHaw

5) Social Engineering
1 h
https://www.youtube.com/watch?v=O5lXUSMGQ2I


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FREE GPS LOCATION &TRACKING FOR ANDROID :

https://play.google.com/store/apps/details?id=com.androidauthority.app

https://play.google.com/store/apps/details?id=com.sygic.aura&hl=en_IN

https://apps.apple.com/us/app/sygic-gps-navigation-maps/id585193266

https://play.google.com/store/apps/details?id=com.jkfantasy.gpsmapcamera&hl=en_IN

https://apps.apple.com/us/app/gps-camera-55-field-survey/id1439730560

https://play.google.com/store/apps/details?id=com.vecturagames.android.app.gpxviewer&hl=en_IN

https://play.google.com/store/apps/details?id=it.carfind&hl=en_IN

https://play.google.com/store/apps/details?id=org.findmykids.app&hl=en_IN

https://apps.apple.com/us/app/findmykids-gps-phone-tracker/id994098803

https://play.google.com/store/apps/details?id=mg.locations.track5&hl=en_IN

https://apps.apple.com/us/app/phone-tracker-by-number/
id1470943827

https://play.google.com/store/apps/details?id=com.waze&hl=en_IN

https://apps.apple.com/us/app/waze-navigation-live-traffic/id323229106

https://play.google.com/store/apps/details?id=com.life360.android.safetymapd&hl=en_IN

https://apps.apple.com/us/app/life360-safety-for-families/id384830320

https://play.google.com/store/apps/details?id=com.prime.studio.apps.route.finder.map&hl=en_IN

https://play.google.com/store/apps/details?id=com.mictale.gpsessentials&hl=en_IN

https://play.google.com/store/apps/details?id=com.mobiletracker.mobileapp&hl=en_IN

https://play.google.com/store/apps/details?id=com.wondershare.famisafe&hl=en_IN

https://apps.apple.com/us/app/famisafe-parental-control-app/id1385417904

https://play.google.com/store/apps/details?id=com.fsp.android.c&hl=en_IN

https://play.google.com/store/apps/details?id=com.isharing.isharing&hl=en_IN

https://play.google.com/store/apps/details?id=com.google.android.apps.maps&hl=en_IN

https://apps.apple.com/us/app/google-maps-transit-food/id585027354

https://play.google.com/store/apps/details?id=com.ilyabogdanovich.geotracker&hl=en_IN

https://play.google.com/store/apps/details?id=com.mapquest.android.ace&hl=en_IN

https://apps.apple.com/us/app/mapquest-gps-navigation-maps/id316126557

https://play.google.com/store/apps/details?id=com.alienmanfc6.wheresmyandroid&hl=en_IN

https://play.google.com/store/apps/details?id=com.safe365.safe365app&hl=en

https://apps.apple.com/us/app/safe365-eldercare-app/id622546357

ENJOY 👍🏻❤️
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

s

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS BASHTOP ?
Bashtop should work with most modern Linux distributions with a terminal that supports truecolor.

Because it's written in Bash, installing Bashtop is as easy as downloading the bashtop script from its project page (or from the release archive) and installing it somewhere in your PATH. However, it has several dependencies that you need to make sure they are installed on your system (besides additional dependencies, in most cases others should already be installed):

F E A T U R E S :

1) Bash (it needs version 4.4 or newer, so it won't work, for example, on Ubuntu 16.04 or CentOS 7)

2) Basic GNU utilities

3) GNU Grep

4) ps from procps-ng (version 3.1.15 or newer, usually a

5) package named procps that you already installed)

6) sed

7) awk

8) Optional:
lm-sensors to display the CPU temperature (the package is usually named lm-sensors or lm_sensors; you need to run sensors-detect as root after installation to detect your computer's sensors)

9) curl to display messages about Bashtop updates and the ability to download additional themes (the curl package is available on most, if not all Linux distributions)

10) Easy to use, with a game inspired menu system.

11) Fast and "mostly" responsive UI with UP, DOWN keys process selection.

12) Function for showing detailed stats for selected process.

13) Ability to filter processes.

14) Easy switching between sorting options.

15) Send SIGTERM, SIGKILL, SIGINT to selected process.

17) UI menu for changing all config file options.

18) Auto scaling graph for network usage.

19) Shows message in menu if new version is available

20) Shows current read and write speeds for disks

21) Multiple data collection methods which can be switched if running on Linux

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) download or clone https://github.com/aristocratos/bashtop

2) If you haven't got python3 installed:

> brew install python3

3) python3 -m pip install psutil

4) cd bashtop

5) sudo make install

More info & usage https://github.com/aristocratos/bashtop

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up automatic kernel updates on Linux :

Manual kernel updates require a system reboot. This leads to downtime, which can be problematic, so reboots are usually scheduled at regular intervals. Since manual patching is performed during these cycles, this gives hackers a "time window" in which they can attack the server infrastructure.

1) Canonical Livepatch is a service that fixes a running kernel without rebooting your Ubuntu system. Livepatch is free to use on three Ubuntu systems. To use this service on more than three computers, you need to subscribe to the Ubuntu Advantage program.

2) Before installing the service, you need to get a livepatch token from the Livepatch service website.

3) After installing the token and enabling the service by running the following two commands:

〰️sudo snap install canonical-livepatch

〰️sudo canonical-livepatch enable <your-key>

4) To check the status of the service, run:

〰️sudo canonical-livepatch status --verbose

5) Later, if you want to unregister the machine, use this command:

〰️sudo canonical-livepatch disable <your-key>

6) The same instructions apply for Ubuntu

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Signs of being hacked :

1) battery charge. If the battery of the smartphone begins to discharge rapidly, reducing the operating time of the device by several hours during normal use, then most likely this indicates the operation of malicious background applications;

2) The appearance in the general list of application icons of new ones that you have not installed may indicate that the device has been hacked;

3) notifications. Displaying strange messages on the screen with unreadable characters, links or notifications about the execution of a request, if you have not had a hand in this, does not bode well either - for sure hackers already have your data;

4) balance. If your mobile account suffers losses, although you are convinced that you did not call paid numbers, did not order additional services and were not involved in any financial transactions, then we can say with certainty that your gadget has been hacked;

5) malfunctions. Strange signals during a conversation, extraneous noises or even disconnections with a good signal level can also indicate the use of the device's microphone or even listening to conversations;

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is ping monitoring ?

1) Without getting into complex ping monitoring, it refers to the way our devices access the Internet.

2) Basically, when you want to go online, your device (computer, tablet, phone, etc.), known as a client, communicates with another device for information.

3) To make a request for information, your device sends a request (known as a packet) to the server that stores the information. To access a packet, the server needs to know who is requesting it so they can send it back.

4) Packages can be sent in a variety of ways, some of which are faster than others. The one most people are familiar with is HTTP .

5) This way, the server processes your packets and sends them back using the ping command , which tests the connection between the client and the server.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List :

https://pastebin.com/QkqFVpCZ

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new update SIPVicious suite is a set of security tools that can be used to audit SIP based VoIP systems.:

1) svmap
this is a sip scanner. When launched against
ranges of ip address space, it will identify any SIP

2) servers
which it finds on the way. Also has the option to scan
hosts on ranges of ports.

3) svwar
identifies working extension lines on a PBX. A working extension is one that can be registered.
Also tells you if the extension line requires authentication or not.

4) svcrack
a password cracker making use of digest authentication.
It is able to crack passwords on both registrar servers and proxy servers. Current cracking modes are either numeric ranges or words from dictionary files.

5) svreport
able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.

6) svcrash
responds to svwar and svcrack SIP messages with a message that causes old versions to crash.
For usage help make use of -h or --help switch.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/enablesecurity/sipvicious.git

2) cd sipvicious/
Setup the tool.

3) python setup.py install

4) Fire-up the scripts one by one.

sipvicious_svmap --help
sipvicious_svcrack --help
sipvicious_svcrash --help
sipvicious_svwar --help
sipvicious_svreport --help

5) Installing via pip:
Simply using pip install sipvicious should do.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A quick way to get the row count of all tables in a database is to query the data from the information_schema database directly:
#FastTips

// SELECT
table_name,
table_rows
FROM
information_schema.tables
WHERE
table_schema = 'classicmodels'
ORDER BY table_name; ////


1) This method is sometimes inaccurate because the number of rows in information_schema and the actual number of rows in the tables are out of sync. To avoid this, you must execute the ANALYZE TABLE statement before querying the row count from the information_schema database.

2) ANALYZE TABLE table_name, ...;

#FastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MySQL Security - Generate a random password :

MySQL has the ability to generate random passwords for user accounts, as an alternative to requiring explicit administrator-supplied literal passwords.

The database administrator can use CREATE USER, ALTER USER, or SET PASSWORD to generate random passwords for user accounts.

> Let's take a quick look at using MySQL 8.0

MySQL SQL> SELECT VERSION ();
+ ----------- +
| VERSION () |
+ ----------- +
| 8.0.19 |
+ ----------- +


1) Create user account
To create a new MySQL user account with a random password, use the CREATE USER statement with the IDENTIFIED BY RANDOM PASSWORD clause:

MySQL SQL>
CREATE USER aUser @ localhost IDENTIFIED BY RANDOM PASSWORD;
+ ---------- + ----------- + ---------------------- +
| user | host | generated password |
+ ---------- + ----------- + ---------------------- +
| Stella | localhost | M3BA1Po% as1Kse8Jt! AC |
+ ---------- + ----------- + ---------------------- +


2) Change user account
To assign a new random password for the MySQL user account, use the ALTER USER statement with the IDENTIFIED BY RANDOM PASSWORD clause:

MySQL SQL>
ALTER USER aUser @ localhost IDENTIFIED BY RANDOM PASSWORD;
+ ---------- + ----------- + ---------------------- +
| user | host | generated password |
+ ---------- + ----------- + ---------------------- +
| AndreyEx | localhost | SjAA * @ (LA & fd43IOj> vS |
+ ---------- + ----------- + ---------------------- +


3) Assign a password
Another way to assign a new random password to the MySQL user account is to use the SET PASSWORD statement with the TO RANDOM clause:

MySQL SQL>

4) SET PASSWORD FOR aUser @ localhost TO RANDOM;
+ ---------- + ----------- + ---------------------- +
| user | host | generated password |
+ ---------- + ----------- + ---------------------- +
| Stella | localhost | 7kaJY ^% x1 <b8kT & 84Du, |
+ ---------- + ----------- + ---------------------- +

5) Please note that by default the generated random passwords are 20 characters long.
This length is controlled by the generate_random_password_length system variable, which has a range of 5 to 255.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁