▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Finding a CTF :

If you ever wanted to start running, you were probably encouraged to sign up to a 5k to keep focused on a goal. The same principle applies here: pick a CTF in the near future that you want to compete in and come up with a practice schedule. Here are some CTFs that we can recommend:


1) PicoCTF and PlaidCTF by CMU

2) HSCTF is made for high school students

3) Ghost in the Shellcode (GitS)

4) CSAW CTF by NYU-Poly

5) UCSB iCTF is for academics only

6) Defcon CTF

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

According to Microsoft, the execution policy is part of the security strategy of PowerShell. It determines whether you can load conguration les (including your PowerShell prole) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run. It should be noted that Microsoft has gone on record saying that the ExecutionPolicy was never intended to be a security control.
In order to change the PowerShell Execution Policy you have to start PowerShell as an administrator and run the following command Set-ExecutionPolicy ExecutionPolicy RemoteSigned. You can also set the RemoteSigned to unrestricted, but it is discouraged by Microsoft.
Alright, but what if you are not an administrator yet? You have basic low privilege access to a Windows machine, and you need to upgrade your shell to something more stable, or to add some Empire persistence. How can you change the ExecutionPolicy?

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 How to install and connect OpenVPN client on Debian-kali 2020-parrot ?

1) Installing the OpenVPN Client
OpenVPN packages are available in the default Debian repositories.

2) Open a terminal on your Debian system and update the apt cache.

3) After that, install the OpenVPN package.

4) Open a terminal and run the commands to install the openvpn client on Debian:

sudo apt update

sudo apt install openvpn -y

5) Connect to OpenVPN Server
Copy the openvpn client config file to your Debian machine.

6) You can use the –config command line parameter to provide a configuration file.

7) The command will read all the necessary data to create a vpn from this file.

8) Let's run the following command to connect to the openvpn server:

openvpn --config client.ovpn
You should see the following output:

9) Thu Sep 10 12:04:18 2020 TCP / UDP: Preserving recently used remote address: [AF_INET] 69.87.218.145:1194
Thu Sep 10 12:04:18 2020 Socket Buffers: R = [212992-> 212992] S = [212992-> 212992]
Thu Sep 10 12:04:18 2020 UDP link local: (not bound)
Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET] 69.87.218.145:1194

Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET] 69.87.218.145:1194, sid = 6d27e1cb 524bd8cd
Thu Sep 10 12:04:18 2020 VERIFY OK: depth = 1, CN = Easy-RSA CA
Thu Sep 10 12:04:18 2020 VERIFY OK: depth = 0, CN = tecadmin-server
Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET] 69.87.218.145:1194
Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status = 1)
Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY, redirect-gateway def1, dhcp-option DNS 208.67.222.222, dhcp-option DNS 208.67.220.220, route 10.8.0.1, topology net30, ping 20, ping-restart 60, ifconfig 10.8.0.6 10.8.0.5, peer-id 0, cipher AES-256-GCM '
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and / or timeouts modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig / up options modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified

10) Check the connection
After a successful connection, a new IP address will be assigned on the tun0 interface by the OpenVPN server.

11) You can check it with the following command:

ip a show tun0

🦑Output:

4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link / none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80 :: 7226: 57b1: f101: 313b / 64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
You can also check the OpenVPN server log to check the connection status:

12) the log file

tail -f /var/log/openvpn.log


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

18TB hard drive spring is here, Western Red Disk and Purple Disk are upgraded at the same time
#Technologies
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🍌 Windows 10 update removes the need to remember passwords with Windows Hello and FIDO2:

1) Last fall, we learned that Windows aims to eliminate the need to remember passwords using Windows Hello, a biometrics-based technology.

2) This makes it a little easier that there is no need to keep somewhere a separate list of all the different passwords and password versions that you use.

3) Now achieving this goal is made even more realistic as Windows Hello has achieved FIDO2 certification, which allows biometrics and PINs to be treated as secure authenticators.

Say goodbye to passwords

4) Microsoft knows what everyone thinks about passwords, noting that "no one likes passwords (except hackers)."

5) Since the advent of the computer systems that we all use, we have had to remember passwords - for computer systems, websites, applications, devices, and the like.

“People don't like passwords because we have to remember them,” Microsoft explained.

"As a result, we often create passwords that are easy to guess — making them the first target for hackers trying to gain access to your computer or network."

6) The need for confidentiality meant passwords for everything.

This increased need has led to different types of passwords.

7) Instead of your birthday, anniversary, dog name, street name, etc., you were forced to remember more complex passwords or have a password manager.

8) These are the reasons that led the company to create Windows Hello last fall.

9) This biometrics-based technology used FIDO, which allowed Windows users to authenticate secure access using only fingerprints or facial recognition.

Windows Hello has now received FIDO2 certification, which adds acceptable standards for authentication.

10) This updated method now also includes the use of PINs.

11) The FIDO Alliance explained in a press release that “FIDO2 is a set of standards that enables easy and secure access to websites and applications using biometrics, mobile devices and / or FIDO security keys.

12) FIDO2's simplified login process is provided with robust cryptographic protection that far surpasses passwords, protecting users from phishing, all forms of password theft and replay attacks. ”

Windows 10x was recently announced.

13) Here you can see if these tools and the general list of Windows 10x options will be available

Windows Hello and FIDO2 integration
You can take advantage of Windows Hello with FIDO2 by updating Windows 10 to version 1903.

14) Microsoft Edge, Google Chrome and Mozilla Firefox will support biometrics and PINs.

Other Microsoft products such as Office 365, Skype, and Xbox Live can also authenticate using Windows Hello.

15) Will you be upgrading to Windows 10 to take advantage of Windows Hello and FIDO2 technologies?

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST TORRENTS APPS FOR ANDROID 2020 :

https://play.google.com/store/apps/details?id=com.bittorrent.bundle

https://play.google.com/store/apps/details?id=com.bittorrent.client&hl=en

https://play.google.com/store/apps/details?id=com.utorrent.client&hl=en

https://play.google.com/store/apps/details?id=hu.tagsoft.ttorrent.lite&hl=en

https://play.google.com/store/apps/details?id=com.mediaget.android&hl=en

https://play.google.com/store/apps/details?id=com.mobilityflow.torrent&hl=en

https://play.google.com/store/apps/details?id=com.delphicoder.flud

https://play.google.com/store/apps/details?id=intelligems.torrdroid

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is a DNS leak and why it matters👨⚕️ ?

1) When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network.

2) If any traffic flows outside of a secure connection to the network, any adversary controlling your traffic will be able to register your activity.

3) DNS or Domain Name System is used to translate domain names such as www.privacyinternational.org into numeric IP addresses, for example. 123.123.123.123, which are required to route data packets on the Internet.

4) Whenever your computer needs to contact a server on the Internet, for example when you enter a URL in your browser, your computer contacts the DNS server and asks for an IP address.

5) Most ISPs assign their customers a DNS server that they control and use to log and record your online activities.

6) Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer over the anonymity network.

7) DNS leaks pose a serious privacy threat because an anonymous network can provide a false sense of security while personal data is leaked.

8) If you are concerned about a DNS leak, you must also understand DNS transparent proxy technology to ensure that the solution you choose preserves your privacy.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Variations and Symptoms of the WordPress Redirect Hack :

1) Classic Redirection Hack

The hacked redirect has been around since the longest time. Every time someone visits your website, they're redirected to questionable links like pharma sites, adult websites etc.

2) Redirection via Search Results

When website is opened by entering the URL in the browser, it opens fine. But when opened by searching on Google, it redirects to malicious websites.

3) Device Specific WordPress Redirection

The website only redirects when opened from mobile device or only redirects when opened from desktop depending on what type of malware is present.


4) Push Notifications Hack

We've seen this one since last few months where hackers also show browser push notifications to your visitors. Usually these push notifications point to porn websites.


5) Geography Specific Redirection

In some cases, some visitors of yours might see a redirection and some might not. This could be because hackers program the malware to work only for certain geographies. Where exactly the malware redirects also can be tailored geography-wise by hackers.

some wiki source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST DDOS ATTACK TOOLS IN 2020 :

https://www.solarwinds.com/security-event-manager/use-cases/ddos-attack?a_aid=BIZ-TXT-GURU99

https://sourceforge.net/projects/loic/

https://sourceforge.net/projects/highorbitioncannon/

https://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html

https://sourceforge.net/projects/ddosim/

https://github.com/Ha3MrX/DDos-Attack

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Telegram down

Microsoft removes 18 Azure Active Directory apps after being abused by Chinese hackers
#CyberAttacks
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to determine when the Linux operating system was booted ? #ForAdvanced

1) There is a simple solution, because we can directly use the / proc filesystem.

Use the / proc / stat file which contains kernel / system statistics.

$ cat / proc / stat
cpu 13014200 24406 4799169 40794104 34102 0 96456 0 0 0
cpu0 3273277 5052 1208241 30257443 16180 0 30562 0 0 0
cpu1 3258376 6672 1187026 3510180 8958 0 25642 0 0 0
cpu2 3266882 6158 1193469 3501113 4998 0 29868 0 0 0
cpu3 3215665 6523 1210432 3525367 3964 0 10383 0 0 0
intr 539439101 9 389 0 0 0 0 0 15646 1 2595538 0 0 15 0 0 0 0 0 0 0 0 347 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 253 0 0 0 0 1483731 313 4800809 44745763 0 7901501 18 629 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ctxt 2042251595
btime 1578304868
processes 196905
procs_running 1
procs_blocked 0
softirq 310354343 39361834 94774221 414 442124 4311767 39 489577 97929159 0 73045208

2) Let's calculate the btime value, which contains the loading time in seconds since the start.

$ awk '/ btime / {print $ 2}' / proc / stat
1578304868

3) Convert seconds from start to date using awk, xargs and date.
$ awk '/ btime / {print $ 2}' / proc / stat | xargs -IUNIX_TIMESTAMP date --date @UNIX_TIMESTAMP
Mon Jan 6 11:01:08 CET 2020

4) Convert seconds elapsed from start to date using awk and date.

$ awk '/ btime / {command = "date --date @" $ 2; system (command)}' / proc / stat
Mon Jan 6 11:01:08 CET 2020

5) Convert seconds to date using only awk.

$ awk '/ btime / {print strftime ("% a% b% e% H:% M:% S% Z% Y", $ 2)}' / proc / stat
Mon Jan 6 11:01:08 CET 2020

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑For beginers by undercode What is the principle of DDoS attack? Introduction to the principle of DDoS attack and protective measures

1) Definition of DDoS

The predecessor of DDos, the DoS (DenialofService) attack, means a denial of service attack. This attack behavior makes the website server flooded with a large amount of information requesting a reply, consumes network bandwidth or system resources, and causes the network or system to be overloaded and stop providing normal network service.

The DDoS distributed denial of service mainly uses the vulnerabilities of existing machines and systems on the Internet to capture a large number of networked hosts and make them a proxy for attackers.

When the number of controlled machines reaches a certain number, the attacker sends instructions to manipulate these attacking machines to launch DoS attacks on the target host or network at the same time, which consumes a large amount of its network belt and system resources, causing the network or system to be paralyzed or stop providing normal networks service. Due to the distributed nature of DDos, it has far more powerful attack and destructive power than Dos.

2) The principle of DDoS attack

look at picture a relatively complete DDos attack system is divided into four parts, namely the attacker (attacker can also be called master), control puppet machine (handler), attack puppet machine (demon, also called agent) and Victim.

Part 2 and Part 3 are used for control and actual attack. The control machine in the second part only issues orders and does not participate in the actual attack, and the third part attacks the actual DDoS attack package on the puppet machine.

For the second and third part of the computer, the attacker has control or partial control, and uploads the corresponding DDoS program to these platforms. These programs run like normal programs and wait for instructions from the attacker. Usually It also uses various means to hide itself from being discovered by others. In normal times, there is nothing unusual about these puppet machines, but once an attacker connects to them to control and issue instructions, the attacking puppet machine becomes the attacker to launch an attack.


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

EXTRACT PHONE NUMBER & EMAIL FROM INSTAGRAM :

What data can you export with GrowMeOrganic?
Instagram Username
Full Name
Email
Phone Number
Website
Bio
Country
City
Zip Code
Address
Followers Count
Following Count
Is Business
Category
Business Potential (Using Instagram AI)
Is Private
Is Verified


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁