▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera : > source wiki
t.me/iUndercode

> If you use Apple iPhone or MacBook, here we have a piece of alarming news for you.

> Turns out merely visiting a website — not just malicious but also legitimate sites unknowingly loading malicious ads as well — using Safari browser could have let remote attackers secretly access your device's camera, microphone, or location, and in some cases, saved passwords as well.

> Apple recently paid a $75,000 bounty reward to an ethical hacker, Ryan Pickren, who practically demonstrated the hack and helped the company patch a total of seven new vulnerabilities before any real attacker could take advantage of them.

> The fixes were issued in a series of updates to Safari spanning versions 13.0.5 (released January 28, 2020) and Safari 13.1 (published March 24, 2020).

▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CRACKING AND ACCOUNTS MOST POPULAR 2020


https://www.crackingpro.com/

https://crackia.com/

https://crackians.com/

https://cracked.to/

https://crackingsoul.com/

https://nethingoez.com/


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑These are the popular tools used for wireless password cracking and network troubleshooting:


> Aircrack. Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking.
http://www.aircrack-ng.org/

> AirSnort.
http://www.aircrack-ng.org/

> Cain & Able
http://www.oxid.it/cain.html

> Kismet.
http://www.kismetwireless.net/

> NetStumbler.
http://www.stumbler.net/

> inSSIDer
http://www.stumbler.net/

> WireShark.
https://www.wireshark.org/

> CoWPAtty.
http://sourceforge.net/projects/cowpatty

> Airjack
http://wepattack.sourceforge.net/

> OmniPeek
http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer


> CommView for WiFi
http://www.tamos.com/products/commwifi/

> CloudCracker
https://crack.sh/


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is the difference between Trojan horse and worms?

> Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person.

> A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 by Nsa A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down.
t.me/UndercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) Open a terminal and clone WALKOFF:

git clone https://github.com/nsacyber/WALKOFF.git

2) Move into the WALKOFF directory:

cd WALKOFF

3)( Build WALKOFF's bootloader container, which handles management of the WALKOFF stack:

./build_bootloader.sh

4) The bootloader performs the following tasks:

> Creating Docker secrets, configs, networks, volumes, etc.
Building and pushing component images to WALKOFF's internal registry.
Deploying and removing the Docker Stack.

> Launch WALKOFF with the bootloader, building components as well:

./walkoff.sh up --build

# If verbose output is desired:
./walkoff.sh up --build --debug
Navigate to the default IP and port. The default IP and the port can be changed by altering the port NGINX is exposed on (the right-hand port) in the top-level docker-compose.yml. Note that you should use HTTPS, and allow the self-signed certificate when prompted.

https://127.0.0.1:8080
The default username is "admin" and password is "admin." These can and should be changed upon initial login.

To stop WALKOFF, use the bootloader:

./walkoff.sh down

# If removing encryption key (and persistent data), stored images, and verbose output is desired:
./walkoff.sh down --key --registry --debug

🦑 Deploying WALKOFF in a Windows environment
Open PowerShell and clone WALKOFF:

1) git clone https://github.com/nsacyber/WALKOFF.git
Move into the WALKOFF directory:

2)( cd WALKOFF
Use the provided walkoff.ps1 script to initialize Walkoff's required components:

# Create Docker volumes, secrets
.\walkoff.ps1 init

# Build and Push WALKOFF component images
.\walkoff.ps1 build

3) Launch WALKOFF with walkoff.ps1:

# Deploy WALKOFF stack
.\walkoff.ps1 up

# Check WALKOFF stack services
.\walkoff.ps1 status

4) Navigate to the default IP and port. The default IP and the port can be changed by altering the port NGINX is exposed on (the right-hand port) in the top-level docker-compose.yml. Note that you should use HTTPS, and allow the self-signed certificate when prompted.

https://127.0.0.1:8080
5) The default username is "admin" and password is "admin." These can and should be changed upon initial login.

To stop WALKOFF, use the bootloader:

.\walkoff.ps1 stop

# If removing encryption key, persistent data, stored images is desired:
.\walkoff.ps1 down


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Does a Data Breach Happen?


Research into the root causes of data breaches and security breaches, gathered from the State of Software Security Report, Verizon Business Risk Team and the Open Security Foundation, reveals three main types of data breach causes:

1) Benevolent insiders

2) Targeted attacks

3) Malicious insiders

4) In many cases, breaches are caused by a combination of these factors.

> For example, targeted attacks are often enabled inadvertently by well-meaning insiders who fail to comply with data or security policies, which can lead to a data breach.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Guarding Against a Data Breach :

1) Use this checklist as a quick reference tool to help protect your enterprise from a data breach and a security breach:

2) Prevent data exfiltration. Data exfiltration is defined as the deliberate dissemination of sensitive information from an application to a third party via common data transmission methods.

3) Identify threats by correlating application security quality with global security intelligence.

4) Proactively protect information. An example of this is scanning all your applications for security holes.

5)Follow industry best practices for data loss prevention and digital seurity

6) Implement an application security policy across your company.
Stop incursions by targeted attacks.

7) Veracode Helps Prevent Data Breaches

8) The gateway to your data is through your applications. Attackers know applications are the weak link in today's computer networks and they look for vulnerabilities in applications that provide access to sensitive data.

> Testing applications for security vulnerabilities reduces the risk of a data breach. Using Veracode as part of your data breach prevention strategy allows you to understand the weaknesses in your applications and provides a path to improving the overall security quality of all the applications running on your network and mobile devices.

> Examples of critical and confidential data that applications can access include

1) Intellectual Property: Source code, product design documents, process documentation, internal price lists

2) Corporate Data: Financial documents, strategic planning documents, due diligence research for mergers and acquisitions, employee information

3) Customer Data: Social Security numbers, credit card numbers, medical records, financial statements

4) Protecting the security of your applications is an important step in any data breach strategy. Veracode provides security testing software and remediation that produces a prioritized report of flaws that can lead to data breaches. We then work with your developers to fix the flaws according to your risk management policies.

@wiki @UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 ALL you need to know about Data Breach

🦑 Just kicking inactive members here

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 In order to manage the 32GB eMMC system, we encourage users to follow these guidelines to ensure that their systems operate in an optimal manner and perform as expected:
t.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Ensure that system storage is only used for the operating system and critical applications (antivirus, email client, media player, etc.)

2) Use cloud storage services to store large files such as photos and videos. Cloud-based solutions may include:

> Common third-party cloud services, such as Dropbox , OneDrive or
Personal cloud devices combine multiple cloud services and external storage in one device you own and manage.

> Use external storage devices (hard drives, flash drives, network attached storage (NAS), etc.) to store non-critical applications and large files.

> Ensure that the operating system is regularly maintained to clear temporary files, empty the recycle bin, and uninstall all unused applications.

🦑Following these recommendations will help ensure that the system continues to operate at maximum efficiency.


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

For situations where Windows Update cannot be run due to limited space

🦑FRESH PREMIUM PROXIES DETAILS LIST:

pastebin.com/5rN2vTCC

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Special wordlist for cracking :
> you can create your own with cupp but those wordlist special one :

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

> hashesorg2019 100 12.79 Gb
https://download.weakpass.com/wordlists/1851/hashesorg2019.gz

>weakpass_2a 99 85.44 Gb
https://download.weakpass.com/wordlists/1919/weakpass_2a.gz


>weakpass_2 97 28.44 Gb
https://download.weakpass.com/wordlists/1863/weakpass_2.gz

>HashesOrg 95 4.14 Gb
https://download.weakpass.com/wordlists/1802/HashesOrg.gz

> weakpass_1 92 34.47 Gb
https://download.weakpass.com/wordlists/1257/DCHTPassv1.0.txt.gz

>DCHTPassv1.0.txt 83 22.84 Gb
https://download.weakpass.com/wordlists/1257/DCHTPassv1.0.txt.gz

> weakpass 80 36.7 Gb
https://download.weakpass.com/wordlists/1861/weakpass.gz

>DicAss.v.1.0.txt 68 206.69 Gb
https://download.weakpass.com/wordlists/1900/DicAss.v.1.0.txt.gz

🦑More customize wordlists on :
https://weakpass.com/wordlist

E N J O Y
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best sites for downloads any softwares-apps... :

1) Download.Com

2) FileHippo.Com

3) ZDNet Download

4) Softpedia.Com

5) Tucows.Com

6) FreewareFiles.Com

7) MajorGeeks

8) FileCluster > much more but this listy is most popular Websites

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Before they attack a bank what they do :

> An attacker collects the following information about the bank:

1) Information about network perimeter systems and software

2) Employees (including email addresses, telephones, positions, and names)

3) Partners and contractors, as well as their systems and employees

4) Business processes


🦑 Examples of preparatory actions:

1) Penetrating the internal network

Stage 2. Penetrating the internal network
Stage 2. Penetrating the internal network
Stage 3. Developing the attack and gaining a foothold in the network

2) Once criminals have gained access to the bank's intranet, they need to obtain local administrator privileges on employee computers and servers to continue their attack. Success of attacks is due to insufficient system protection against internal intruders. Common vulnerabilities are as follows:

3) Use of outdated software versions and failure to install OS security updates
Configuration errors (including excessive user and software privileges, as well as setting local administrator passwords through group policies)

4) Use of dictionary passwords by privileged users
Absence of two-factor authentication for access to critical systems
After gaining maximum privileges on the host, criminals can access the OS memory in order to learn the credentials of all logged in users (usernames, passwords, or hash values of passwords). This data is then used to connect to other computers on the network.

🦑
Stage 3. Developing the attack and gaining a foothold in the network

1) Moving among hosts is usually done with legitimate software and built-in OS functions (for example, PsExec or RAdmin). Since these are tools used by corporate system administrators on a daily basis, they are unlikely to cause suspicion. The Cobalt gang also resorted to use of phishing messages within the bank by sending letters from real employees' workstations.

2) Local administrator privileges are used according to a typical scheme: an attacker copies memory of the lsass.exe process and uses it to extract passwords of OS users (or their hash values) using the mimikatz tool. Such actions are not detectable by antivirus software because legitimate tools are used to copy memory (for example, ProcDump) while mimikatz runs on the attacker's laptop. In addition, attackers can use Responder to attack network protocols and intercept credentials.

3) Such methods of spreading throughout the network are given in more detail in our previous report.

4) If attackers manage to gain domain administrator privileges, they can continue to navigate freely through the network and monitor employees' computers, servers, and infrastructure services of the bank. With this level of privileges, it is very easy to gain access to the organization's business systems and banking software—it is enough to identify workstations of employees who have such access and connect to them. Using the golden ticket technique, attackers can safely gain a foothold in the corporate system and stay there for a long time.

5)To disguise their presence, attackers often use bodyless malicious code that resides in RAM only. Attackers retain remote control after computer restarts by adding malicious software to the list of startup programs.

🦑Stage 4. Compromising banking systems and stealing funds
After gaining a foothold in the network, criminals need to understand on which hosts the target banking systems are located and find the most convenient ways to access them. Criminals examine users' workstations in search of files indicating that a particular workstation has worked with bank applications. To store passwords for critical systems on corporate networks, specialized software is usually used.

>Such an attack scenario is very effective and has been successfully implemented during penetration testing on multiple occasions. Additional support for criminals can be provided by resources that contain information about the infrastructure: for example, monitoring systems that administrators use in their work or technical support resources for users.

> This data increases the confidence of intruders in their knowledge of the internal network structure and helps them to take into account operational details of the bank's business processes during the attack, so as not to raise suspicions or trigger detection.

🦑 The main methods of theft are:

1) Transferring funds to fictitious accounts through interbank payment systems

2) Transferring funds to cryptocurrency wallets

3) Controlling bank cards and accounts

4) Controlling ATM cash dispensing

5) Developing or adapting malicious software for the software and

6) OS versions used in the bank

7) Preparing phishing emails

8) Setting up infrastructure (including domain registration, server rental, and purchase of exploits)

9) Preparing the infrastructure for money laundering and cash

10) Searching for money mules

11) Testing the infrastructure and malicious software

@Wiki @UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁