▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DNS Most popular tools used for informations gathering :

> dnsenum : http://code.google.com/p/dnsenum

> dnsmap : http://code.google.com/p/dnsmap

> dnsrecon : http://www.darkoperator.com/tools-and-scripts

> dnstracer : http://www.mavetju.org/unix/dnstracer.php

> dnswalk : http://sourceforge.net/projects/dnswalk

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DMVPN-hub-configuration :


> crypto isakmp policy 1
encryption aes
authentication pre-share
group 14
!
! A dynamic ISAKMP key and IPsec profile
crypto isakmp key supersecretkey address 0.0.0.0 crypto ipsec transform-set trans2 esp-aes esp-sha-hmac mode transport
!
crypto ipsec profile myhubvpnprofile
set transform-set trans2
!
! The tunnel interface with NHRP Interface Tunnel0
ip address 10.0.0.1 255.255.255.0
ip nhrp authentication anothersupersecretkey
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
! This line must match on all nodes that want to use this mGRE tunnel.
tunnel key 100000
tunnel protection ipsec profile myhubvpnprofile
!
interface GigabitEthernet0/0
ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.0.0 0.0.0.255

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 #Remote Access and Site-to-site VPN Troubleshooting References :


- ASA and AnyConnect Troubleshooting TechNotes

- AnyConnect VPN Client Troubleshooting Guide

- Site-to-Site VPNs for Firepower Threat Defense


- Remote Access VPNs for Firepower Threat Defense

- VPN Monitoring for Firepower Threat Defense

- VPN Troubleshooting for Firepower Threat Defense


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Rules For Applying Zone-Based Policy Firewall :


- Router network interfaces’ membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces:

- A zone must be configured before interfaces can be assigned to the zone.

- An interface can be assigned to only one security zone.

- All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router.

- Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone.

- In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.

- The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied.

- Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones.

- Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration.

- If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired.

- From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another).

- The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Vulnerable Apps, Servers, and Websites :

The following is a collection of vulnerable servers (VMs) or websites that you can use to practice your skills (sorted alphabetically).

- bWAPP : <https://sourceforge.net/projects/bwapp/files/bWAPP>
- Damn Vulnerable ARM Router (DVAR): <http://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html>
- Damn Vulnerable iOS Application (DVIA): <http://damnvulnerableiosapp.com>
- Damn Vulnerable Web App (DVWA): <https://github.com/ethicalhack3r/DVWA>
- DOMXSS: <http://www.domxss.com/domxss/>
- Game of Hacks: <http://www.gameofhacks.com>
- Gruyere: <https://google-gruyere.appspot.com>
- Hack the Box: <https://www.hackthebox.eu/>
- Hack This Site: <https://www.hackthissite.org>
- Hack This: <https://www.hackthis.co.uk>
- Hack Yourself first <https://hack-yourself-first.com/>
- Hackazon : <https://github.com/rapid7/hackazon>
- HellBound Hackers: <https://www.hellboundhackers.org>
- Metasploitable2 : <https://community.rapid7.com/docs/DOC-1875>
- Metasploitable3 : <https://blog.rapid7.com/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3/>
- Over The Wire Wargames: <http://overthewire.org/wargames>
- OWASP Juice Shop : https://www.owasp.org/index.php/OWASP_Juice_Shop_Project
- OWASP Mutillidae II: <https://sourceforge.net/projects/mutillidae>
- Peruggia: <https://sourceforge.net/projects/peruggia>
- RootMe: <https://www.root-me.org>
- Samurai Web Testing Framework: <http://www.samurai-wtf.org/>
- Try2Hack: <http://www.try2hack.nl>
- Vicnum: <http://vicnum.ciphertechs.com>
- VulnHub:https://www.vulnhub.com
- Web Security Dojo: <https://www.mavensecurity.com/resources/web-security-dojo>
- WebSploit Labs (created and maintained by Omar Ωr Santos): https://websploit.h4cker.org
- WebGoat: <https://github.com/WebGoat/WebGoat>
- PortSwigger Web Security Academy: <https://portswigger.net/web-security>

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Service Discovery

- docker-consul by @progriumprogrium

- etcd - A highly-available key value store for shared configuration and service discovery by @coreOScoreos

- istio - An open platform to connect, manage, and secure microservices by @IstioMesh
- registrator - Service registry bridge for Docker by @gliderlabsgliderlabs and @progriumprogrium

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Volume Management / Data :

- Blockbridge - The Blockbridge plugin is a volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. By @blockbridgeblockbridge

- Convoy - an open-source Docker volume driver that can snapshot, backup and restore Docker volumes anywhere. By @rancherrancher

- Docker Machine NFS Activates NFS for an existing boot2docker box created through Docker Machine on OS X.

- Docker Unison A docker volume container using Unison for fast two-way folder sync. Created as an alternative to slow boot2docker volumes on OS X. By @leighmcculloch

- Local Persist Specify a mountpoint for your local volumes (created via docker volume create) so that files will always persist and so you can mount to different directories in different containers.

- Minio - S3 compatible object storage server in Docker containers

- Netshare Docker NFS, AWS EFS, Ceph & Samba/CIFS Volume Plugin. By @ContainX

- REX-Ray provides a vendor agnostic storage orchestration engine. The primary design goal is to provide persistent storage for Docker, Kubernetes, and Mesos. By@thecodeteam (DELL Technologies)

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑X 500 HULU DISNEY + PREMIUM -CHECKER BY XRISKY:

pastebin.com/n00rnUDi

send screanshoats after login @Undercode_Bot

🦑X400 NORDVPN -XRISKY

NOT CRACKED BY UNDERCODE-TESTING

pastebin.com/jsXrug4V

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Popular real hackers resources :

#Online resources

[Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems

Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions

[Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems


# tools -exploitation :

empire - A post exploitation framework for powershell and python.

[silenttrinity](https://github.com/byt3bl33d3r/SILENTTRINITY) - A post exploitation tool that uses iron python to get past powershell restrictions.

ebowla - Framework for Making Environmental Keyed Payloads

# ETC

[SecTools](http://sectools.org/) - Top 125 Network Security Tools

Hopper's Roppers Security Training - Four free courses designed to teach beginners the fundamentals of computing, security, and CTFs.

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑There are two methods to legally watch Netflix for free:

1) The first thing we present is thanks to Together Price , a platform that helps share the cost of digital subscriptions multiaccounting like Netflix, Spotify, HBO etc. in a way easy, legal and safe .

2) It is a method of sharing (or sharing), have a network where owners of digital subscriptions made available free spaces that do not use their account, users who do not have an account but want to save pay a proportionate share of the service for it.

3) In this way, everyone wins, but the good news does not end here. The platform presents a promotion that allows you to enjoy Netflix "Free Forever" legally.

4) The procedure to enjoy this promotion is very easy, we explain step by step how to do it:

> Get the Premium subscription Netflix

> Register on the platform

> Create a group to share Netflix

> Complete the group

5) Keep the group to complete by 30 days
If you kept full for 30 days, Together Price reimburse part of the fee paid by the Administrator, and so you can enjoy all content on Netflix free forever .

6) Regarding the second method, before starting with the steps to follow , we recommend getting a paid subscription to support the creation of new content.

>Go to the Netflix website

>Click on " ENJOY A MONTH FOR FREE "

> Follow the steps indicated until you reach " Create account "

> Enter an email and password

>Choose the payment method that is most comfortable for you (don't worry, you won't be charged anything)

>Now you just have to go to " Your account " and deactivate " SUBSCRIPTION and BILLING "

> You will receive two emails, one confirming the registration on Netflix and the other canceling the automatic subscription where they indicate that we will still be able to continue enjoying our free month.

7)When the month passes we repeat the same operation with a different email , if we use the same email it will detect that we have already been customers and they will charge us for the entire month. The most advisable thing is to have a control of the emails used every month.

8) The only downside (to add one) is that being new accounts you will lose all your history of movies and favorite series every time you repeat the process. Every time you carry out the process you will be able to see the content on two different computers in high quality .

9) We insist that the method to consume Netflix for free every month is completely legal , we recommend that you subscribe to continue generating quality content

YOU CAN ALSO GET A WORKING MOD APK NETFLIX PREMIUM COMPLETE MOD FROM @UNDERCODETESTING

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 HELPFULL BOTs For Telegram Users :
(from botListchat grp)

•🔎🌐Inline Web Search - Busqueda Web en línea
@ArcheWikiBot 🔎
@GoodReadsBooksBot
@GoogleDEBot 🔎
@GoogleSearchUnofficialBot 🔎
@GoogramBot 🔎
@HentaiDBot 🔎
@hotRedditBot 🔎
@inlinepixivbot
@inlineredditbot 🔎
@instant_utilities_bot
@itorrentsearchbot 🔎
@letmebot 🔎
@letmegbot 🔎
@lmddgtfybot 🔎
@NephoBot 🔎
@PHPFuncsBot 🔎
@PHPIndexBot 🔎
@podsearchbot 🔎
🆕 @ribot 🔎
@TorrentSearchRoBot 🔎
@TubeListBot 🔎

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Social Engineering

* [Social Engineering Toolkit](https://github.com/trustedsec/social-engineer-toolkit)

* [Social Engineer Portal](https://www.social-engineer.org/)

* [7 Best social Engineering attack](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411)

* [Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf)

* [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf)

* [OWASP Presentation of Social Engineering - OWASP](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf)

* [USB Drop Attacks: The Danger of “Lost And Found†Thumb Drives](https://www.redteamsecure.com/usb-drop-attacks-the-danger-of-lost-
and-found-thumb-drives/)

* [PyPhishing Toolkit](https://github.com/redteamsecurity/PyPhishing)

* [Best Time to send email](https://coschedule.com/blog/best-time-to-send-email/)

* [Phishing on Twitter - POT](https://www.kitploit.com/2018/02/pot-phishing-on-twitter.html)


> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Threat Hunting Resources

# Platforms and Tools
- [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) - A curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
- [MITRE CAR](https://car.mitre.org/wiki/Main_Page) - The Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the Adversary Tactics, Techniques, and Common Knowledge (ATT&CK™) adversary model.
- [MITRE ATT&CK Navigator](https://mitre.github.io/attack-navigator/enterprise/)([source code](https://github.com/mitre/attack-navigator)) - The ATT&CK Navigator is designed to provide basic navigation and annotation of ATT&CK matrices, something that people are already doing today in tools like Excel.
- [HELK](https://github.com/Cyb3rWard0g/HELK) - A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.
- [osquery](https://osquery.io/) - An operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. It exposes an operating system as a high-performance relational database.
- [osquery-configuration](https://github.com/palantir/osquery-configuration) - A repository for using osquery for incident detection and response.
- [DetectionLab](https://github.com/clong/DetectionLab/) - Vagrant & Packer scripts to build a lab environment complete with security tooling and logging best practices.
- [Sysmon-DFIR](https://github.com/MHaggis/sysmon-dfir) - Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- [sysmon-config](https://github.com/SwiftOnSecurity/sysmon-config) - Sysmon configuration file template with default high-quality event tracing.
- [sysmon-modular](https://github.com/olafhartong/sysmon-modular) - A repository of sysmon configuration modules. It also includes a [mapping](https://github.com/olafhartong/sysmon-modular/blob/master/attack_matrix/README.md) of Sysmon configurations to MITRE ATT&CK techniques.
- [Revoke-Obfuscation](https://github.com/danielbohannon/Revoke-Obfuscation) - PowerShell Obfuscation Detection Framework.
- [Invoke-ATTACKAPI](https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI) - A PowerShell script to interact with the MITRE ATT&CK Framework via its own API.
- [Unfetter](https://github.com/unfetter-analytic/unfetter) - A reference implementation provides a framework for collecting events (process creation, network connections, Window Event Logs, etc.) from a client machine and performing CAR analytics to detect potential adversary activity.
- [NOAH](https://github.com/giMini/NOAH) - PowerShell No Agent Hunting.
- [PSHunt](https://github.com/Infocyte/PSHunt) - Powershell Threat Hunting Module.
- [Flare](https://github.com/austin-taylor/flare) - An analytical framework for network traffic and behavioral analytics.
- [go-audit](https://github.com/slackhq/go-audit) - An alternative to the auditd daemon that ships with many distros.
- [sqhunter](https://github.com/0x4D31/sqhunter) - A simple threat hunting tool based on osquery, Salt Open and Cymon API.
- [Alerting and Detection Strategies Framework](https://github.com/palantir/alerting-detection-strategy-framework) - A framework for developing alerting and detection strategies.
- [A Simple Hunting Maturity Model](http://detect-respond.blogspot.com.au/2015/10/a-simple-hunting-maturity-model.html) - The Hunting Maturity Model describes five levels of organizational hunting capability, ranging from HMM0 (the least capability) to HMM4 (the most).
- [The Pyramic of Pain](http://detect-respond.blogspot.com.au/2013/03/the-pyramid-of-pain.html) - The relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them.
- [A Framework for Cyber Threat Hunting](http://sqrrl.com/media/Framework-for-Threat-Hunting-Whitepaper.pdf)
- [The PARIS Model](http://threathunter.guru/blog/the-paris-model/) - A model for threat hunting.

- [Cyber Kill Chain](https://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html) - It is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
- [The DML Model](http://ryanstillions.blogspot.com.au/2014/04/the-dml-model_21.html) - The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
- [Endgame Hunt Cycle](http://pages.endgame.com/rs/627-YBU-612/images/Endgame%20Hunt%20Methodology%20POV%203.24.16.pdf)
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
- [Sigma](https://github.com/Neo23x0/sigma) - Generic Signature Format for SIEM Systems



> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁