β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to choose a CCTV camera ?
A) Equipment selection criteria
1) Before you buy a security camera , you need to decide where it will be used - outdoors or indoors. For example, indoor units are characterized by a more compact size and aesthetic design. They can organically fit into the interior of the room. Outdoor use requires models equipped with a waterproof and dustproof housing. An outdoor camera can be used inside a building, but it may not fit the design.
2) If the equipment will be installed independently, it is better to choose wireless models. Wi-Fi technology assumes the ability to mount the device anywhere there is a wireless signal. The only thing that is required is a power connection. The disadvantage of wireless technology is the ability to limit transmission distance in the presence of buildings or other obstacles along the way.
3)Pay attention to the POE parameter if the transmission distance is significant. The main feature of this technology is that it can be implemented using a single Ethernet wire. This cable will connect power and also transmit the signal.
4)Separately, it should be said about the cost. As a rule, the higher the price, the more functional and better the equipment works. But today manufacturers offer good and inexpensive IP cameras with decent shooting quality and decent service.
5)If you decide to give preference to cheaper options, you need to remember the following nuances:
B) when buying, you always need to compare the characteristics and parameters of devices;
1) before purchasing, you should familiarize yourself with the software, as well as check the usability of the interface;
2) on the Internet, you can search for recordings made by a camera of a certain model in order to understand how high-quality the picture is;
you should clarify everything regarding service and warranty.
3)Many modern models provide the ability to save videos, but you can find more outdated devices on sale. After the information is recorded, it is uploaded to the FTP server.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to choose a CCTV camera ?
A) Equipment selection criteria
1) Before you buy a security camera , you need to decide where it will be used - outdoors or indoors. For example, indoor units are characterized by a more compact size and aesthetic design. They can organically fit into the interior of the room. Outdoor use requires models equipped with a waterproof and dustproof housing. An outdoor camera can be used inside a building, but it may not fit the design.
2) If the equipment will be installed independently, it is better to choose wireless models. Wi-Fi technology assumes the ability to mount the device anywhere there is a wireless signal. The only thing that is required is a power connection. The disadvantage of wireless technology is the ability to limit transmission distance in the presence of buildings or other obstacles along the way.
3)Pay attention to the POE parameter if the transmission distance is significant. The main feature of this technology is that it can be implemented using a single Ethernet wire. This cable will connect power and also transmit the signal.
4)Separately, it should be said about the cost. As a rule, the higher the price, the more functional and better the equipment works. But today manufacturers offer good and inexpensive IP cameras with decent shooting quality and decent service.
5)If you decide to give preference to cheaper options, you need to remember the following nuances:
B) when buying, you always need to compare the characteristics and parameters of devices;
1) before purchasing, you should familiarize yourself with the software, as well as check the usability of the interface;
2) on the Internet, you can search for recordings made by a camera of a certain model in order to understand how high-quality the picture is;
you should clarify everything regarding service and warranty.
3)Many modern models provide the ability to save videos, but you can find more outdated devices on sale. After the information is recorded, it is uploaded to the FTP server.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS DDE EXPLOIT ?
1)DDE exploitation was also known as dynamic data exchange, it allows data to be transferred between applications without any user interaction.
2)Hackers have used this technique to execute malicious scripts to compromise data.
3) This was reported to Microsoft by Sensepost, Etienne Stalmans and Saif El-Sherei, but this has not been fixed as many applications use the DDE protocol.
4) This exploit does not require a macro feature to be enabled.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS DDE EXPLOIT ?
1)DDE exploitation was also known as dynamic data exchange, it allows data to be transferred between applications without any user interaction.
2)Hackers have used this technique to execute malicious scripts to compromise data.
3) This was reported to Microsoft by Sensepost, Etienne Stalmans and Saif El-Sherei, but this has not been fixed as many applications use the DDE protocol.
4) This exploit does not require a macro feature to be enabled.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Share several IDS open source systems :
1) Prelude IDS
From the perspective of design, it is positioned to meet the needs of large-scale networks, and realizes network detectors, log analyzers, and alarm information centralized viewing and analysis tools. The network detector part is basically a copy of Snort's functions and is fully compatible with Snort's rule set. ( http://www.prelude-ids.org/ )
2) Firestorm
It is a very high-performance network intrusion detection system (NIDS). Currently it only implements the detector part and is fully compatible with Snort's rule set, but plans include real support for analysis, reporting, remote console and real-time sensor configuration. It is fully pluggable, so it is very flexible. It can record alarm information to the Prelude IDS manager. It claims to be much better than Snort in performance. http://www.scaramanga.co.uk/firestorm/
3) NetSTAT
Based on the research results of STAT (State Transition Analysis Technique) describing the attack, using the unique STATL language to describe the attack, the attack description text is converted into C++ code by the STATL interpretation tool and compiled into the detection engine to realize the detection function. It has been released. STATL language interpretation conversion tool and a basic example network detector part (a few examples of detection functions). To be proficient in using this IDS tool requires relatively strong programming skills, but with this IDS, very complex detection functions can be achieved.
http://www.cs.ucsb.edu/~rsg/STAT/
4) It is a real-time network intrusion detection software implemented by Vern Paxson. It was released in 1998 under the BSD license. Its original design goal was to achieve a real-time alarm, separation of mechanism and strategy, and highly scalable intrusion detection and network under a 100M network. Monitor the audit system.
https://www.bro.org/
5) Suricata
It is a system that supports IDS, IPS, and NSM. The system has a Snort-like architecture and relies on signatures like Snort. It can even use the same Emerging Threat rule set used by VRT Snort rules and Snort itself. Suricata is newer than Snort and it will have a chance to overtake Snort. https://suricata-ids.org/
6) OSSEC
OSSEC open source security information management system (OPEN SOURCE SECURITY INFORMATION MANAGEMENT) is an open source host-based intrusion detection system, which can be referred to as HIDS for short. It has log analysis, file integrity check, policy monitoring, rootkit detection, real-time alarm and linkage response functions. https://ossec.github.io/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Share several IDS open source systems :
1) Prelude IDS
From the perspective of design, it is positioned to meet the needs of large-scale networks, and realizes network detectors, log analyzers, and alarm information centralized viewing and analysis tools. The network detector part is basically a copy of Snort's functions and is fully compatible with Snort's rule set. ( http://www.prelude-ids.org/ )
2) Firestorm
It is a very high-performance network intrusion detection system (NIDS). Currently it only implements the detector part and is fully compatible with Snort's rule set, but plans include real support for analysis, reporting, remote console and real-time sensor configuration. It is fully pluggable, so it is very flexible. It can record alarm information to the Prelude IDS manager. It claims to be much better than Snort in performance. http://www.scaramanga.co.uk/firestorm/
3) NetSTAT
Based on the research results of STAT (State Transition Analysis Technique) describing the attack, using the unique STATL language to describe the attack, the attack description text is converted into C++ code by the STATL interpretation tool and compiled into the detection engine to realize the detection function. It has been released. STATL language interpretation conversion tool and a basic example network detector part (a few examples of detection functions). To be proficient in using this IDS tool requires relatively strong programming skills, but with this IDS, very complex detection functions can be achieved.
http://www.cs.ucsb.edu/~rsg/STAT/
4) It is a real-time network intrusion detection software implemented by Vern Paxson. It was released in 1998 under the BSD license. Its original design goal was to achieve a real-time alarm, separation of mechanism and strategy, and highly scalable intrusion detection and network under a 100M network. Monitor the audit system.
https://www.bro.org/
5) Suricata
It is a system that supports IDS, IPS, and NSM. The system has a Snort-like architecture and relies on signatures like Snort. It can even use the same Emerging Threat rule set used by VRT Snort rules and Snort itself. Suricata is newer than Snort and it will have a chance to overtake Snort. https://suricata-ids.org/
6) OSSEC
OSSEC open source security information management system (OPEN SOURCE SECURITY INFORMATION MANAGEMENT) is an open source host-based intrusion detection system, which can be referred to as HIDS for short. It has log analysis, file integrity check, policy monitoring, rootkit detection, real-time alarm and linkage response functions. https://ossec.github.io/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETFLIX SIMILARS APPS :new list
https://www.hoopladigital.com/
https://www.popcornflix.com/
https://tubitv.com/
https://pluto.tv/
https://www.vudu.com/content/movies/free
https://www.imdb.com/tv/
https://www.sonycrackle.com/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETFLIX SIMILARS APPS :new list
https://www.hoopladigital.com/
https://www.popcornflix.com/
https://tubitv.com/
https://pluto.tv/
https://www.vudu.com/content/movies/free
https://www.imdb.com/tv/
https://www.sonycrackle.com/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hoopladigital
hoopla digital: audiobooks, ebooks, movies, tv and comics.
hoopla is a groundbreaking digital media service offered by your local public library that allows you to borrow movies, music, audiobooks, eBooks, comics β¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Heartbleeding OpenSSL :
Last year, OpenSSL broke the most serious security vulnerability in history. This vulnerability was named a "heart bleeding" vulnerability in the hacker community. The 360 ββwebsite guard security team analyzed the vulnerability and found that the vulnerability is not only related to URLs beginning with https, but also products and services that indirectly use OpenSSL code, such as VPN, mail system, FTP tools and other products and services, or even possible The source code of some other security facilities will be involved.
A) Affected version
OpenSSL1.0.1, 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, Beta 1 of OpenSSL 1.0.2 and other versions.
B) Vulnerability description
1) OpenSSL has coding flaws when implementing the heartbeat processing logic of TLS and DTLS. OpenSSL's heartbeat processing logic does not detect whether the length field in the heartbeat packet matches the subsequent data field. Attackers can use this to construct an abnormal data packet to obtain subsequent data in the memory area where the heartbeat data is located. These data may contain sensitive information such as certificate private keys, user names, user passwords, and user mailboxes. This vulnerability allows an attacker to read up to 64KB of data from memory.
2) The vulnerability analysis articles of the past few days mainly focused on websites with HTTPS enabled, and ordinary netizens may think that only the website's own business will be affected by this vulnerability. From the monitoring data of the 360 ββwebsite guard Openssl Heartbleed Vulnerability Online Detection Platform (wangzhan.360.cn/heartbleed), the radiation range of the Heartbleed Vulnerability has been extended from the HTTPS-enabled website to the VPN system and mail system. At present, a total of 251 in China have been found. A VPN system and 725 mail systems also have vulnerabilities, many of which are government websites, key universities and related security vendors.
3) In order to better let everyone understand which part of the Openssl painstaking loophole is the problem, we use the OpenSSL lib library to write an independent server program that does not depend on any business, to actually debug the code step by step to prove that it is not only https There is a problem with the website of, as long as the application using the OpenSSL libssl.so library with the vulnerability has a security vulnerability!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Heartbleeding OpenSSL :
Last year, OpenSSL broke the most serious security vulnerability in history. This vulnerability was named a "heart bleeding" vulnerability in the hacker community. The 360 ββwebsite guard security team analyzed the vulnerability and found that the vulnerability is not only related to URLs beginning with https, but also products and services that indirectly use OpenSSL code, such as VPN, mail system, FTP tools and other products and services, or even possible The source code of some other security facilities will be involved.
A) Affected version
OpenSSL1.0.1, 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, Beta 1 of OpenSSL 1.0.2 and other versions.
B) Vulnerability description
1) OpenSSL has coding flaws when implementing the heartbeat processing logic of TLS and DTLS. OpenSSL's heartbeat processing logic does not detect whether the length field in the heartbeat packet matches the subsequent data field. Attackers can use this to construct an abnormal data packet to obtain subsequent data in the memory area where the heartbeat data is located. These data may contain sensitive information such as certificate private keys, user names, user passwords, and user mailboxes. This vulnerability allows an attacker to read up to 64KB of data from memory.
2) The vulnerability analysis articles of the past few days mainly focused on websites with HTTPS enabled, and ordinary netizens may think that only the website's own business will be affected by this vulnerability. From the monitoring data of the 360 ββwebsite guard Openssl Heartbleed Vulnerability Online Detection Platform (wangzhan.360.cn/heartbleed), the radiation range of the Heartbleed Vulnerability has been extended from the HTTPS-enabled website to the VPN system and mail system. At present, a total of 251 in China have been found. A VPN system and 725 mail systems also have vulnerabilities, many of which are government websites, key universities and related security vendors.
3) In order to better let everyone understand which part of the Openssl painstaking loophole is the problem, we use the OpenSSL lib library to write an independent server program that does not depend on any business, to actually debug the code step by step to prove that it is not only https There is a problem with the website of, as long as the application using the OpenSSL libssl.so library with the vulnerability has a security vulnerability!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Send Emails in Laravel Using SMTP :
A) SMTP Setup and Configuration
1) Open the .env file from the root folder of the Laravel project and set up the configuration according to your Gmail account. You must enable the βLess secure appβ option of your Gmail account to send an email using the Gmail SMTP server.
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=465
MAIL_USERNAME=YOUR_EMAIL_ADDRESS
MAIL_PASSWORD=YOUR_PASSWORD
MAIL_ENCRYPTION=ssl
***Note:
2) You may receive the SMTP authentication error while sending emails using the SMTP Gmail account server. Open the StreamBuffer.php file from the following location.
3) /var/www/html/laravelpro/vendor/swiftmailer/swiftmailer/
lib/classes/Swift/Transport/StreamBuffer.php
Find and replace line 259 with the following line to authenticate the Gmail SMTP server.
$options['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false,
'allow_self_signed' => true);
4) Sending Emails Using SMTP
Perform the following steps to send email using the contact form by creating a controller, view, and mail class.
π¦Steps:
5) Run the following command from the terminal to create EmailController to show the contact form and send an email using Laravel mail class.
$ php artisan make:controller EmailController
6) Run the following command to create a mail class named sendingEmail.
7) This will create the class under the App\Mail folder.
$ php artisan make:mail sendingEmail
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Send Emails in Laravel Using SMTP :
A) SMTP Setup and Configuration
1) Open the .env file from the root folder of the Laravel project and set up the configuration according to your Gmail account. You must enable the βLess secure appβ option of your Gmail account to send an email using the Gmail SMTP server.
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=465
MAIL_USERNAME=YOUR_EMAIL_ADDRESS
MAIL_PASSWORD=YOUR_PASSWORD
MAIL_ENCRYPTION=ssl
***Note:
2) You may receive the SMTP authentication error while sending emails using the SMTP Gmail account server. Open the StreamBuffer.php file from the following location.
3) /var/www/html/laravelpro/vendor/swiftmailer/swiftmailer/
lib/classes/Swift/Transport/StreamBuffer.php
Find and replace line 259 with the following line to authenticate the Gmail SMTP server.
$options['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false,
'allow_self_signed' => true);
4) Sending Emails Using SMTP
Perform the following steps to send email using the contact form by creating a controller, view, and mail class.
π¦Steps:
5) Run the following command from the terminal to create EmailController to show the contact form and send an email using Laravel mail class.
$ php artisan make:controller EmailController
6) Run the following command to create a mail class named sendingEmail.
7) This will create the class under the App\Mail folder.
$ php artisan make:mail sendingEmail
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β