Forwarded from UNDERCODE SECURITY
[XSS] Re ected XSS Bypass Filter.pdf
290.9 KB
Forwarded from UNDERCODE SECURITY
Toppo_1 _ Vulnhub Walkthrough.pdf
881.6 KB
Forwarded from UNDERCODE SECURITY
XXE OOB exploitation at Java 1.7+.pdf
330.3 KB
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Memory #Analysis Tools topic 2020 :
* [Evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework
* [inVtero.net](https://github.com/ShaneK2/inVtero.net) - Advanced memory analysis for Windows x64 with nested hypervisor support
* [KnTList](http://www.gmgsystemsinc.com/knttools/) - Computer memory analysis tools
* [LiME](https://github.com/504ensicsLabs/LiME) - LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices
* [Memoryze](https://www.fireeye.com/services/freeware/memoryze.html) - Memoryze by Mandiant is a free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis
* [Memoryze for Mac](https://www.fireeye.com/services/freeware/memoryze-for-the-mac.html) - Memoryze for Mac is Memoryze but then for Macs. A lower number of features, however
* [Rekall](http://www.rekall-forensic.com/) - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples
* [Responder PRO](http://www.countertack.com/responder-pro) - Responder PRO is the industry standard physical memory and automated malware analysis solution
* [Volatility](https://github.com/volatilityfoundation/volatility) - An advanced memory forensics framework
* [VolatilityBot](https://github.com/mkorman90/VolatilityBot) - VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation
* [VolDiff](https://github.com/aim4r/VolDiff) - Malware Memory Footprint Analysis based on Volatility
* [WindowsSCOPE](http://www.windowsscope.com/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=35&category_id=3&option=com_virtuemart) - another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically used for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory
> git resources
@UndercodeTesting
@UndercodeSecurity
@UndercodeCourses
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Memory #Analysis Tools topic 2020 :
* [Evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework
* [inVtero.net](https://github.com/ShaneK2/inVtero.net) - Advanced memory analysis for Windows x64 with nested hypervisor support
* [KnTList](http://www.gmgsystemsinc.com/knttools/) - Computer memory analysis tools
* [LiME](https://github.com/504ensicsLabs/LiME) - LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices
* [Memoryze](https://www.fireeye.com/services/freeware/memoryze.html) - Memoryze by Mandiant is a free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis
* [Memoryze for Mac](https://www.fireeye.com/services/freeware/memoryze-for-the-mac.html) - Memoryze for Mac is Memoryze but then for Macs. A lower number of features, however
* [Rekall](http://www.rekall-forensic.com/) - Open source tool (and library) for the extraction of digital artifacts from volatile memory (RAM) samples
* [Responder PRO](http://www.countertack.com/responder-pro) - Responder PRO is the industry standard physical memory and automated malware analysis solution
* [Volatility](https://github.com/volatilityfoundation/volatility) - An advanced memory forensics framework
* [VolatilityBot](https://github.com/mkorman90/VolatilityBot) - VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation
* [VolDiff](https://github.com/aim4r/VolDiff) - Malware Memory Footprint Analysis based on Volatility
* [WindowsSCOPE](http://www.windowsscope.com/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=35&category_id=3&option=com_virtuemart) - another memory forensics and reverse engineering tool used for analyzing volatile memory. It is basically used for reverse engineering of malwares. It provides the capability of analyzing the Windows kernel, drivers, DLLs, virtual and physical memory
> git resources
@UndercodeTesting
@UndercodeSecurity
@UndercodeCourses
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - JamesHabben/evolve: Web interface for the Volatility Memory Forensics Framework
Web interface for the Volatility Memory Forensics Framework - JamesHabben/evolve
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxiesPrevent users from browsing and using external proxies :
π»π΄π 'π π π π°π π :
1οΈβ£ Some background knowledge:
(1) HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
(2) snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
(3) libnet is open source software that can be used as a network protocol/packet generator.
(4) The TCP/IP network is a packet-switched network.
(5) Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCPRESET packet.
2οΈβ£Prerequisites:
(1) Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
3οΈβ£ Implementation:
(1) compile snort with flexresp(flex response) feature
(2) Define snort rules:
alert tcp $HOMENET any <> $EXTERNET 80 (msg: "block proxy"; uricontent:"Via:"; resp: rstall;)
4οΈβ£ Effect:
Internal network users can browse external websites normally. If the internal userβs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxiesPrevent users from browsing and using external proxies :
π»π΄π 'π π π π°π π :
1οΈβ£ Some background knowledge:
(1) HTTP/1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response headers, use Via: to identify the proxy server used to prevent the
server loop;
(2) snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
(3) libnet is open source software that can be used as a network protocol/packet generator.
(4) The TCP/IP network is a packet-switched network.
(5) Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCPRESET packet.
2οΈβ£Prerequisites:
(1) Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
3οΈβ£ Implementation:
(1) compile snort with flexresp(flex response) feature
(2) Define snort rules:
alert tcp $HOMENET any <> $EXTERNET 80 (msg: "block proxy"; uricontent:"Via:"; resp: rstall;)
4οΈβ£ Effect:
Internal network users can browse external websites normally. If the internal userβs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Installing a USRP Device-driver on Linux ?
(used for cellular-pentesting)
1) sudo add-apt-repository ppa:ettusresearch/uhd
2) sudo apt-get update
3) sudo apt-get install libuhd-dev libuhd003 uhd-host
4) uhd_find_devices
5) cd /usr/lib/uhd/utils/
6) ./uhd_images_downloader.py
7) sudo uhd_usrp_probe
8) sudo uhd_usrp_probe
π¦STARTING :
[INFO] [UHD] linux; GNU C++ version 7.4.0; Boost_106501; UHD_3.14.1.1-release
[INFO] [B200] Detected Device: B*****
[INFO] [B200] Operating over USB 3.
[INFO] [B200] Initialize CODEC control...
[INFO] [B200] Initialize Radio control...
[INFO] [B200] Performing register loopback test...
[INFO] [B200] Register loopback test passed
[INFO] [B200] Setting master clock rate selection to 'automatic'.
[INFO] [B200] Asking for clock rate 16.000000 MHz...
[INFO] [B200] Actually got clock rate 16.000000 MHz.
_________________________________________________
/
| Device: B-Series Device
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Installing a USRP Device-driver on Linux ?
(used for cellular-pentesting)
1) sudo add-apt-repository ppa:ettusresearch/uhd
2) sudo apt-get update
3) sudo apt-get install libuhd-dev libuhd003 uhd-host
4) uhd_find_devices
5) cd /usr/lib/uhd/utils/
6) ./uhd_images_downloader.py
7) sudo uhd_usrp_probe
8) sudo uhd_usrp_probe
π¦STARTING :
[INFO] [UHD] linux; GNU C++ version 7.4.0; Boost_106501; UHD_3.14.1.1-release
[INFO] [B200] Detected Device: B*****
[INFO] [B200] Operating over USB 3.
[INFO] [B200] Initialize CODEC control...
[INFO] [B200] Initialize Radio control...
[INFO] [B200] Performing register loopback test...
[INFO] [B200] Register loopback test passed
[INFO] [B200] Setting master clock rate selection to 'automatic'.
[INFO] [B200] Asking for clock rate 16.000000 MHz...
[INFO] [B200] Actually got clock rate 16.000000 MHz.
_________________________________________________
/
| Device: B-Series Device
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Reverse Proxy
- docker-flow-proxy - Reconfigures proxy every time a new service is deployed, or when a service is scaled. By @vfarcicvfarcic
- fabio - A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices managed by consul. By @magiconair (Frank Schroeder)
- Let's Encrypt Nginx-proxy Companion - A lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. By @JrCs
- muguet - DNS Server & Reverse proxy for Docker environments. By @mattallty
- nginx-proxynginxproxy - Automated nginx proxy for Docker containers using docker-gen by @jwilderjwilder
- Swarm Ingress Router - Route DNS names to Swarm services based on labels. By @tpbowden
- Swarm Router - A ΓΒ«zero configΓΒ» service name based router for docker swarm mode with a fresh and more secure approach. By @flavioaiello
- TrΓΒ¦fΓΒͺk - Automated reverse proxy and load-balancer for Docker, Mesos, Consul, Etcd... By @EmileVauge
> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Reverse Proxy
- docker-flow-proxy - Reconfigures proxy every time a new service is deployed, or when a service is scaled. By @vfarcicvfarcic
- fabio - A fast, modern, zero-conf load balancing HTTP(S) router for deploying microservices managed by consul. By @magiconair (Frank Schroeder)
- Let's Encrypt Nginx-proxy Companion - A lightweight companion container for the nginx-proxy. It allow the creation/renewal of Let's Encrypt certificates automatically. By @JrCs
- muguet - DNS Server & Reverse proxy for Docker environments. By @mattallty
- nginx-proxynginxproxy - Automated nginx proxy for Docker containers using docker-gen by @jwilderjwilder
- Swarm Ingress Router - Route DNS names to Swarm services based on labels. By @tpbowden
- Swarm Router - A ΓΒ«zero configΓΒ» service name based router for docker swarm mode with a fresh and more secure approach. By @flavioaiello
- TrΓΒ¦fΓΒͺk - Automated reverse proxy and load-balancer for Docker, Mesos, Consul, Etcd... By @EmileVauge
> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - vfarcic/docker-flow-proxy: Docker Flow Proxy
Docker Flow Proxy. Contribute to vfarcic/docker-flow-proxy development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST POPULAR JOMLA EXTENSIONS 2020 :
π»π΄π 'π π π π°π π :
http://extensions.joomla.org/extension/jhackguard
http://extensions.joomla.org/extension/jomdefender
http://extensions.joomla.org/extension/rsfirewall
http://extensions.joomla.org/extension/admin-tools
http://extensions.joomla.org/extension/eyesite
http://extensions.joomla.org/extension/ose-anti-virus-for-joomla
http://extensions.joomla.org/extension/admin-tools-professional
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST POPULAR JOMLA EXTENSIONS 2020 :
π»π΄π 'π π π π°π π :
http://extensions.joomla.org/extension/jhackguard
http://extensions.joomla.org/extension/jomdefender
http://extensions.joomla.org/extension/rsfirewall
http://extensions.joomla.org/extension/admin-tools
http://extensions.joomla.org/extension/eyesite
http://extensions.joomla.org/extension/ose-anti-virus-for-joomla
http://extensions.joomla.org/extension/admin-tools-professional
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
extensions.joomla.org
jHackGuard - Joomla! Extension Directory
Find extensions for your Joomla site in the Joomla Extensions Directory, the official directory for Joomla components, modules and plugins.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #Networking Dockers - Popular in 2020 :
- Calico-Dockercalico - Calico is a pure layer 3 virtual network that allows containers over multiple docker-hosts to talk to each other.
- Flannel - Flannel is a virtual network that gives a subnet to each host for use with container runtimes. By @coreoscoreos
- netshoot - The netshoot container has a powerful set of networking tools to help troubleshoot Docker networking issues by @nicolaka
- Weaveweave (The Docker network) - Weave creates a virtual network that connects Docker containers deployed across multiple hosts.
> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #Networking Dockers - Popular in 2020 :
- Calico-Dockercalico - Calico is a pure layer 3 virtual network that allows containers over multiple docker-hosts to talk to each other.
- Flannel - Flannel is a virtual network that gives a subnet to each host for use with container runtimes. By @coreoscoreos
- netshoot - The netshoot container has a powerful set of networking tools to help troubleshoot Docker networking issues by @nicolaka
- Weaveweave (The Docker network) - Weave creates a virtual network that connects Docker containers deployed across multiple hosts.
> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - flannel-io/flannel: flannel is a network fabric for containers, designed for Kubernetes
flannel is a network fabric for containers, designed for Kubernetes - flannel-io/flannel
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A small Tutorials-ex & -course on exploiting and defending neural networks :
π»π΄π 'π π π π°π π :
2020 repo with 2,2k stars :
π¦ The exercises :
0 - Last Layer Attack
1 - Backdooring
2 - Extracting Information
3 - Brute Forcing
4 - Neural Overflow
5 - Malware Injection
6 - Neural Obfuscation
7 - Bug Hunting
8 - GPU Attack
π¦Download :
> https://github.com/Kayzaks/HackingNeuralNetworks
π¦Required & Packages :
1οΈβ£ Keras: Installing Keras can be tricky. We refer to the official installation guide at https://keras.io/#installation and suggest TensorFlow as a backend (using the GPU-enabled version, if one is available on the machine).
2οΈβ£NumPy, SciPy and scikit-image: NumPy and SciPy are excellent helper packages, which are used throughout all exercises. Following the official SciPy instructions should also install NumPy https://www.scipy.org/install.html. We will also need to install scikit-image for image loading and saving: https://scikit-image.org/docs/stable/install.html.
3οΈβ£PyCuda: PyCuda is required for the GPU-based attack exercise. If no nVidia GPU is available on the machine, this can be skipped. https://wiki.tiker.net/PyCuda/Installation
NLTK: NLTK provides functionalities for natural language processing and is very helpful for some of the exercises. https://www.nltk.org/install.html
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A small Tutorials-ex & -course on exploiting and defending neural networks :
π»π΄π 'π π π π°π π :
2020 repo with 2,2k stars :
π¦ The exercises :
0 - Last Layer Attack
1 - Backdooring
2 - Extracting Information
3 - Brute Forcing
4 - Neural Overflow
5 - Malware Injection
6 - Neural Obfuscation
7 - Bug Hunting
8 - GPU Attack
π¦Download :
> https://github.com/Kayzaks/HackingNeuralNetworks
π¦Required & Packages :
1οΈβ£ Keras: Installing Keras can be tricky. We refer to the official installation guide at https://keras.io/#installation and suggest TensorFlow as a backend (using the GPU-enabled version, if one is available on the machine).
2οΈβ£NumPy, SciPy and scikit-image: NumPy and SciPy are excellent helper packages, which are used throughout all exercises. Following the official SciPy instructions should also install NumPy https://www.scipy.org/install.html. We will also need to install scikit-image for image loading and saving: https://scikit-image.org/docs/stable/install.html.
3οΈβ£PyCuda: PyCuda is required for the GPU-based attack exercise. If no nVidia GPU is available on the machine, this can be skipped. https://wiki.tiker.net/PyCuda/Installation
NLTK: NLTK provides functionalities for natural language processing and is very helpful for some of the exercises. https://www.nltk.org/install.html
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Kayzaks/HackingNeuralNetworks: A small course on exploiting and defending neural networks
A small course on exploiting and defending neural networks - Kayzaks/HackingNeuralNetworks
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Memory Imaging Tools 2020- manage and more-opensources codes :
[Belkasoft Live RAM Capturer](http://belkasoft.com/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computerΓ’β¬β’s volatile memory Γ’β¬β even if protected by an active anti-debugging or anti-dumping system
Linux Memory Grabber - A script for dumping Linux memory and creating Volatility profiles.
[Magnet RAM Capture](https://www.magnetforensics.com/free-tool-magnet-ram-capture/) - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a
suspectΓ’β¬β’s computer. Supports recent versions of Windows
OSForensics - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual processΓ’β¬β’s memory space or physical memory dump can be done
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Memory Imaging Tools 2020- manage and more-opensources codes :
[Belkasoft Live RAM Capturer](http://belkasoft.com/ram-capturer) - A tiny free forensic tool to reliably extract the entire content of the computerΓ’β¬β’s volatile memory Γ’β¬β even if protected by an active anti-debugging or anti-dumping system
Linux Memory Grabber - A script for dumping Linux memory and creating Volatility profiles.
[Magnet RAM Capture](https://www.magnetforensics.com/free-tool-magnet-ram-capture/) - Magnet RAM Capture is a free imaging tool designed to capture the physical memory of a
suspectΓ’β¬β’s computer. Supports recent versions of Windows
OSForensics - OSForensics can acquire live memory on 32bit and 64bit systems. A dump of an individual processΓ’β¬β’s memory space or physical memory dump can be done
#git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - halpomeranz/lmg: Script for automating Linux memory capture and analysis
Script for automating Linux memory capture and analysis - halpomeranz/lmg