β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦behavior of centralized crypto exchanges :
To understand the behavior of centralized crypto exchanges, you need to analyze some key components individually or in groups, and generalize some concepts at a higher level. Here are a few key components related to the behavior of centralized crypto exchanges:
1) Hot wallet: Hot wallet usually refers to the main communication method between external parties and exchanges. This wallet can be used to trade cryptocurrency assets.
2) Cold wallet: A cold wallet is seen as a means of secure storage of encrypted assets. Such wallets usually hold large amounts of assets that are not intended for frequent transactions.
3) Deposit address: usually refers to a temporary address on the blockchain used to transfer funds to the exchange. The main purpose of this type of address is to facilitate users to exchange cash flow.
4) Withdrawal address: usually refers to a temporary address on the blockchain used to transfer funds from the main transaction wallet. Sometimes the withdrawal address can also play the dual role of the deposit address.
5) Although these four components represent the core of the on-chain architecture of a centralized exchange, to identify them requires quite complex heuristics or machine learning methods. Part of the challenge is that the interaction model between these components can be arbitrary and complex, and is not well understood.
With the help of IntoTheBlock 's transaction machine learning classifier, the visual exploration of the blockchain data set revealed some very elegant and charming models.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦behavior of centralized crypto exchanges :
To understand the behavior of centralized crypto exchanges, you need to analyze some key components individually or in groups, and generalize some concepts at a higher level. Here are a few key components related to the behavior of centralized crypto exchanges:
1) Hot wallet: Hot wallet usually refers to the main communication method between external parties and exchanges. This wallet can be used to trade cryptocurrency assets.
2) Cold wallet: A cold wallet is seen as a means of secure storage of encrypted assets. Such wallets usually hold large amounts of assets that are not intended for frequent transactions.
3) Deposit address: usually refers to a temporary address on the blockchain used to transfer funds to the exchange. The main purpose of this type of address is to facilitate users to exchange cash flow.
4) Withdrawal address: usually refers to a temporary address on the blockchain used to transfer funds from the main transaction wallet. Sometimes the withdrawal address can also play the dual role of the deposit address.
5) Although these four components represent the core of the on-chain architecture of a centralized exchange, to identify them requires quite complex heuristics or machine learning methods. Part of the challenge is that the interaction model between these components can be arbitrary and complex, and is not well understood.
With the help of IntoTheBlock 's transaction machine learning classifier, the visual exploration of the blockchain data set revealed some very elegant and charming models.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 update wireless protocol investigation
any linux/macos
The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/jopohl/urh
2) cd urh
3) sudo python3 -m pip install --upgrade pip # Update your pip installation
4) sudo python3 -m pip install urh # Install URH
5) python setup.py install
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 update wireless protocol investigation
any linux/macos
The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/jopohl/urh
2) cd urh
3) sudo python3 -m pip install --upgrade pip # Update your pip installation
4) sudo python3 -m pip install urh # Install URH
5) python setup.py install
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - jopohl/urh: Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss - jopohl/urh
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the hazards website vulnerabilities :
The harm of SQL injection vulnerabilities is not only reflected in the database level, but also may endanger the operating system that hosts the database; if SQL injection is used to hang horses, it may also be used to spread malware, etc. These hazards include but are not limited to:
1) Database information leakage: user privacy information stored in the database is leaked.
2) Web page tampering: tampering with specific web pages by operating the database.
3) The website is hacked to spread malicious software: modify the value of some fields in the database, embed the link of the network horse, and carry out a hacking attack.
4) The database was maliciously operated: The database server was attacked and the database system administrator account was tampered with.
5) The server is controlled remotely and a backdoor is installed: the operating system support provided by the database server allows hackers to modify or control the operating system.
6) Destroy hard disk data and paralyze the entire system.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the hazards website vulnerabilities :
The harm of SQL injection vulnerabilities is not only reflected in the database level, but also may endanger the operating system that hosts the database; if SQL injection is used to hang horses, it may also be used to spread malware, etc. These hazards include but are not limited to:
1) Database information leakage: user privacy information stored in the database is leaked.
2) Web page tampering: tampering with specific web pages by operating the database.
3) The website is hacked to spread malicious software: modify the value of some fields in the database, embed the link of the network horse, and carry out a hacking attack.
4) The database was maliciously operated: The database server was attacked and the database system administrator account was tampered with.
5) The server is controlled remotely and a backdoor is installed: the operating system support provided by the database server allows hackers to modify or control the operating system.
6) Destroy hard disk data and paralyze the entire system.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACK METHODE BY UNDERCODE:
π Injection of OS command to attack web applications :
A) What is OS Command Injection?
OS Command Injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server running an application, and typically completely compromise the application and all of its data.
Very often, an attacker can exploit an OS command injection vulnerability to compromise other parts of the hosting infrastructure, using trust relationships to attack other systems in an organization.
B) Execution of arbitrary commands
1) Consider a shopping app that allows a user to see if an item is in stock at a particular store.
2) This information is available via a URL, for example:
3) To provide information on promotions, the application must query various legacy systems.
4) For historical reasons, functionality is implemented by invoking a shell command with product IDs and storing the IDs:
stockreport.pl 381 29
5) This command displays the stock status for the specified item, which is returned to the user.
Since the application does not implement any protection against OS command injection, an attacker can send the following input to execute an arbitrary command:
& echo aiwefwlguh &
9) If this input is passed in the productID parameter, then the command executed by the application is:
stockreport.pl & echo aiwefwlguh & 29
10) The echo command simply causes the passed string to fly to stdout, which is a useful way to test some types of OS command injection.
The & character is the shell command separator, and therefore actually three separate commands are executed one after the other.
As a result, the output returned to the user is:
Error - productID was not provided
aiwefwlguh
29: command not found
11) These lines of output demonstrate that:
The original stockreport.pl command was executed with no expected arguments and therefore returned an error.
12) The echo command was injected and the provided string was reflected in the output.
The original argument 29 was executed as the command that caused the error.
13) Placing an extra command separator & after the entered command is usually good practice, as it separates the command you entered from what follows the insertion point.
This reduces the likelihood that subsequent action will prevent the execution of the command entered.
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACK METHODE BY UNDERCODE:
π Injection of OS command to attack web applications :
A) What is OS Command Injection?
OS Command Injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server running an application, and typically completely compromise the application and all of its data.
Very often, an attacker can exploit an OS command injection vulnerability to compromise other parts of the hosting infrastructure, using trust relationships to attack other systems in an organization.
B) Execution of arbitrary commands
1) Consider a shopping app that allows a user to see if an item is in stock at a particular store.
2) This information is available via a URL, for example:
3) To provide information on promotions, the application must query various legacy systems.
4) For historical reasons, functionality is implemented by invoking a shell command with product IDs and storing the IDs:
stockreport.pl 381 29
5) This command displays the stock status for the specified item, which is returned to the user.
Since the application does not implement any protection against OS command injection, an attacker can send the following input to execute an arbitrary command:
& echo aiwefwlguh &
9) If this input is passed in the productID parameter, then the command executed by the application is:
stockreport.pl & echo aiwefwlguh & 29
10) The echo command simply causes the passed string to fly to stdout, which is a useful way to test some types of OS command injection.
The & character is the shell command separator, and therefore actually three separate commands are executed one after the other.
As a result, the output returned to the user is:
Error - productID was not provided
aiwefwlguh
29: command not found
11) These lines of output demonstrate that:
The original stockreport.pl command was executed with no expected arguments and therefore returned an error.
12) The echo command was injected and the provided string was reflected in the output.
The original argument 29 was executed as the command that caused the error.
13) Placing an extra command separator & after the entered command is usually good practice, as it separates the command you entered from what follows the insertion point.
This reduces the likelihood that subsequent action will prevent the execution of the command entered.
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β