Forwarded from UNDERCODE SECURITY
LTE_Jamming_Magazine_Paper_final.pdf
541.4 KB
Forwarded from UNDERCODE SECURITY
LTE_open_source_HackerHalted.pdf
2.4 MB
Forwarded from UNDERCODE SECURITY
ShmooCon_talk_final_01162016.pdf
1.8 MB
Forwarded from UNDERCODE SECURITY
π¦ Those tutorials related to cellular hacking (focus on data-3g-4g ) & jamming :)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Exploit Development References
π¦Tutorials and Examples :
* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html)
* [Shellcode Examples](http://shell-storm.org/shellcode/)
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
* [Exploit Exercises](https://exploit-exercises.com/)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Exploit Development References
π¦Tutorials and Examples :
* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html)
* [Shellcode Examples](http://shell-storm.org/shellcode/)
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
* [Exploit Exercises](https://exploit-exercises.com/)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACKERS GIFT :))
1οΈβ£#Reverse Enginnering Tools
- IDA Pro
- GDB
- Radare2
2οΈβ£#MQTT
- Introduction
- Hacking the IoT with MQTT
- thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
- Nmap
- The Seven Best MQTT Client Tools
- A Guide to MQTT by Hacking a Doorbell to send Push Notifications
3οΈβ£#CoAP
- Introduction
- CoAP client Tools
- CoAP Pentest Tools
- Nmap
4οΈβ£#Automobile
- Introduction and protocol Overview
- PENTESTING VEHICLES WITH CANTOOLZ
- Building a Car Hacking Development Workbench: Part1
- CANToolz - Black-box CAN network analysis framework
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦HACKERS GIFT :))
1οΈβ£#Reverse Enginnering Tools
- IDA Pro
- GDB
- Radare2
2οΈβ£#MQTT
- Introduction
- Hacking the IoT with MQTT
- thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
- Nmap
- The Seven Best MQTT Client Tools
- A Guide to MQTT by Hacking a Doorbell to send Push Notifications
3οΈβ£#CoAP
- Introduction
- CoAP client Tools
- CoAP Pentest Tools
- Nmap
4οΈβ£#Automobile
- Introduction and protocol Overview
- PENTESTING VEHICLES WITH CANTOOLZ
- Building a Car Hacking Development Workbench: Part1
- CANToolz - Black-box CAN network analysis framework
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
YouTube
How to Reverse Engineer with IDA Pro Disassembler Part1
π₯ Learn How to Reverse Engineer With IDA Pro Disassembler
π¨βπ» Buy Our Courses: https://guidedhacking.com/register/
π° Donate on Patreon: https://patreon.com/guidedhacking
β€οΈ Follow us on Social Media: https://linktr.ee/guidedhacking
π Article Link: httpsβ¦
π¨βπ» Buy Our Courses: https://guidedhacking.com/register/
π° Donate on Patreon: https://patreon.com/guidedhacking
β€οΈ Follow us on Social Media: https://linktr.ee/guidedhacking
π Article Link: httpsβ¦
π¦SIM CARD GSM SOFTWARES FREE :
> This is the source code for the pySimReader application.
> It requires a PCSC compatible SIM reader to be attached to the computer.
> The main product page is here: http://twhiteman.netfirms.com/pySIM.html
(You can download the Windows installer from here: https://github.com/toddw-as/SimReader/blob/master/installer/pySimReader_v14_setup.exe?raw=true )
> The application uses Python for the user interface and data processing, as well as a binary Python module (DLL) to utilize the Microsoft SmartCard Base Component APIs (note that if I were to rewrite this code today, I'd probably utilize Python ctypes instead of this wrapper library - as that would simplify the build process - removing the Microsoft Visual Studio and Swig dependencies).
#Requested
β
> This is the source code for the pySimReader application.
> It requires a PCSC compatible SIM reader to be attached to the computer.
> The main product page is here: http://twhiteman.netfirms.com/pySIM.html
(You can download the Windows installer from here: https://github.com/toddw-as/SimReader/blob/master/installer/pySimReader_v14_setup.exe?raw=true )
> The application uses Python for the user interface and data processing, as well as a binary Python module (DLL) to utilize the Microsoft SmartCard Base Component APIs (note that if I were to rewrite this code today, I'd probably utilize Python ctypes instead of this wrapper library - as that would simplify the build process - removing the Microsoft Visual Studio and Swig dependencies).
#Requested
β
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #GSM & #SS7 Pentesting
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer Γ’β¬β A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #GSM & #SS7 Pentesting
- [Introduction to GSM Security](http://www.pentestingexperts.com/introduction-to-gsm-security/)
- [GSM Security 2](https://www.ehacking.net/2011/02/gsm-security-2.html)
- [vulnerabilities in GSM security with USRP B200](https://ieeexplore.ieee.org/document/7581461/)
- [Security Testing 4G (LTE) Networks](https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-44con-lte-presentation-2012-09-11.pdf)
- [Case Study of SS7/SIGTRAN Assessment](https://nullcon.net/website/archives/pdf/goa-2017/case-study-of-SS7-sigtran.pdf)
- [Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP](https://github.com/SigPloiter/SigPloit)
- [ss7MAPer Γ’β¬β A SS7 pen testing toolkit](https://n0where.net/ss7-pentesting-toolkit-ss7maper)
- [Introduction to SIGTRAN and SIGTRAN Licensing](https://www.youtube.com/watch?v=XUY6pyoRKsg)
- [SS7 Network Architecture](https://youtu.be/pg47dDUL1T0)
- [Introduction to SS7 Signaling](https://www.patton.com/whitepapers/Intro_to_SS7_Tutorial.pdf)
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
CIP Cyber
GSM Security 2 - CIP Cyber
On the previous article on GSM security here. We have briefly discussed about the network element and the network architecture of GSM, including the encryption that are widely used in GSM network. At the end of that article as we have discussed about howβ¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WhatsApp vulnerability or exposed user's mobile number :
> A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.
> WhatsApp
WhatsApp vulnerability or exposed user's mobile number
Author: Content reprint Date: 2020-06-09 Category: Vulnerability event
Views 2550like 0score 12345
A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.
> Athul Jayaram, a security researcher, said that WhatsApp executives are aware of the problem, but are indifferent to it. It is reported that the issue is related to the WhatsApp QR code feature launched earlier this year.
> WhatsAppβs previously released group invite link works differently than the new QR code feature, but the former is obviously more secure-because the latter uses the unencrypted http://wa.me/ short URL system, The user's phone number is not hidden in the link.
> When a user shares a QR code on the new system, if the URL is crawled by a Google crawler, it will most likely be included in the search engine's index results. If you are worried about your number being accidentally received, please search and verify it via site:wa.me + country code.
> Currently, if searched through site:api.whatsapp.com, the Google search engine will also return thousands of search results. But unless the WhatsApp executives face the problem squarely, the negative impact of this matter will certainly continue.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WhatsApp vulnerability or exposed user's mobile number :
> A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.
WhatsApp vulnerability or exposed user's mobile number
Author: Content reprint Date: 2020-06-09 Category: Vulnerability event
Views 2550like 0score 12345
A security researcher revealed that WhatsApp discovered a bug that allowed users' mobile numbers to be exposed on the Google search engine. Although not all users' numbers have been exposed, this issue has caused their concern. However, if the user has only talked to a WhatsApp user he knows (the group invitation link has not been used), there is a high probability that he will not be affected by this vulnerability.
> Athul Jayaram, a security researcher, said that WhatsApp executives are aware of the problem, but are indifferent to it. It is reported that the issue is related to the WhatsApp QR code feature launched earlier this year.
> WhatsAppβs previously released group invite link works differently than the new QR code feature, but the former is obviously more secure-because the latter uses the unencrypted http://wa.me/ short URL system, The user's phone number is not hidden in the link.
> When a user shares a QR code on the new system, if the URL is crawled by a Google crawler, it will most likely be included in the search engine's index results. If you are worried about your number being accidentally received, please search and verify it via site:wa.me + country code.
> Currently, if searched through site:api.whatsapp.com, the Google search engine will also return thousands of search results. But unless the WhatsApp executives face the problem squarely, the negative impact of this matter will certainly continue.
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Radio IoT Protocols Overview
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
β @UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Radio IoT Protocols Overview
- [Understanding Radio](https://www.taitradioacademy.com/lessons/introduction-to-radio-communications-principals/)
- [Signal Processing]()
- [Software Defined Radio](https://www.allaboutcircuits.com/technical-articles/introduction-to-software-defined-radio/)
- [Gnuradio](https://wiki.gnuradio.org/index.php/Guided_Tutorial_GRC#Tutorial:_GNU_Radio_Companion)
- [Creating a flow graph](https://blog.didierstevens.com/2017/09/19/quickpost-creating-a-simple-flow-graph-with-gnu-radio-companion/)
- [Analysing radio signals](https://www.rtl-sdr.com/analyzing-433-mhz-transmitters-rtl-sdr/)
- [Recording specific radio signal](https://www.rtl-sdr.com/freqwatch-rtl-sdr-frequency-scanner-recorder/)
- [Replay Attacks](https://www.rtl-sdr.com/tutorial-replay-attacks-with-an-rtl-sdr-raspberry-pi-and-rpitx/)
β @UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Tait Radio Academy
Introduction to Radio Communications Principles | Tait Radio Academy
All forms of communication follow the same basic principles. In this first chapter, we explore those principles and the different ways in which people communicate. We also look at radio waves and learn how radio technology is able to make your voice heardβ¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hacking systems with the automation of PasteJacking attacks :
> In short, Pastejacking is a method that malicious websites employ to take control of your computersβ clipboard and change its content to something harmful without your knowledge. From The Windows club definition
> So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hacking systems with the automation of PasteJacking attacks :
> In short, Pastejacking is a method that malicious websites employ to take control of your computersβ clipboard and change its content to something harmful without your knowledge. From The Windows club definition
> So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/D4Vinci/PasteJacker.gitπ¦requirements :
2οΈβ£sudo python3 -m pip install ./PasteJacker
3οΈβ£sudo pastejacker
1οΈβ£
Python 3 and setuptools module.
2οΈβ£Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04).
3οΈβ£Third-party requirements like msfvenom but only if you are gonna use the msfvenom option, of course.
4οΈβ£Third-party library ncurses-dev for Ubuntu
Root access.@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Sandboxing/Reversing tools 2020 Used by Pro hackers :
[Cuckoo](https://github.com/cuckoobox) - O\pen Source Highly configurable sandboxing tool
Cuckoo-modified - Heavily modified Cuckoo fork developed by community
[Cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A Python library to control a cuckoo-modified sandbox
Hybrid-Analysis - Hybrid-Analysis is a free powerful online sandbox by Payload Security
[Malwr](https://malwr.com) - Malwr is a free online malware analysis service and community, which is powered by the Cuckoo Sandbox
Mastiff - MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats
[Metadefender Cloud](https://www.metadefender.com) - Metadefender is a free threat intelligence platform providing multiscanning, data sanitization and vulnerability assesment of files
Virustotal - Virustotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Sandboxing/Reversing tools 2020 Used by Pro hackers :
[Cuckoo](https://github.com/cuckoobox) - O\pen Source Highly configurable sandboxing tool
Cuckoo-modified - Heavily modified Cuckoo fork developed by community
[Cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A Python library to control a cuckoo-modified sandbox
Hybrid-Analysis - Hybrid-Analysis is a free powerful online sandbox by Payload Security
[Malwr](https://malwr.com) - Malwr is a free online malware analysis service and community, which is powered by the Cuckoo Sandbox
Mastiff - MASTIFF is a static analysis framework that automates the process of extracting key characteristics from a number of different file formats
[Metadefender Cloud](https://www.metadefender.com) - Metadefender is a free threat intelligence platform providing multiscanning, data sanitization and vulnerability assesment of files
Virustotal - Virustotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners
> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β