β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Free Port Scanner for Windows
-and How to see who is on your wifi windows ?
Although the title says that Angry IP Scanner is a port scanner for Windows, in fact it is a cross-platform scanner that works great on Linux as well as on Mac. But Linux has Nmap - a powerful network scanner with many options and additional functions for obtaining information about hosts on the network. By the way, Nmap also works on Windows and even has a graphical interface, but many Windows users find it difficult to deal with the command line and numerous Nmap options, and many just donβt need such an abundance of functions (see the article Port Scanner for Windows ).
So, Angry IP Scanner is a simple and intuitive program for finding hosts and scanning ports of computers, sites, servers, phones and any other online devices.
π¦Download : https://angryip.org/download/#windows
#TIPSFORNOOBS
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Free Port Scanner for Windows
-and How to see who is on your wifi windows ?
Although the title says that Angry IP Scanner is a port scanner for Windows, in fact it is a cross-platform scanner that works great on Linux as well as on Mac. But Linux has Nmap - a powerful network scanner with many options and additional functions for obtaining information about hosts on the network. By the way, Nmap also works on Windows and even has a graphical interface, but many Windows users find it difficult to deal with the command line and numerous Nmap options, and many just donβt need such an abundance of functions (see the article Port Scanner for Windows ).
So, Angry IP Scanner is a simple and intuitive program for finding hosts and scanning ports of computers, sites, servers, phones and any other online devices.
π¦Download : https://angryip.org/download/#windows
#TIPSFORNOOBS
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦UDP VS TCP BY UNDERCODE :
1) The payoff for the reliability of the TCP protocol is what accounting calls βoverheadsβ - the bottom line is that to provide a mechanism for controlling the delivery of packets in the TCP protocol, a lot of data is sent that does not contain useful information, but serves only for installation and connection control.
> For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,
2) For this reason, both TCP and UDP are βgoodβ - it is important to use them correctly. For example, when streaming video, it doesn't matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.
π¦A detailed understanding of TCP and UDP matters when:
Written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦UDP VS TCP BY UNDERCODE :
(VPN OPTIONS as example)The question may arise, why is such an unreliable UDP protocol needed if there is a reliable TCP protocol?
1) The payoff for the reliability of the TCP protocol is what accounting calls βoverheadsβ - the bottom line is that to provide a mechanism for controlling the delivery of packets in the TCP protocol, a lot of data is sent that does not contain useful information, but serves only for installation and connection control.
> For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,
2) For this reason, both TCP and UDP are βgoodβ - it is important to use them correctly. For example, when streaming video, it doesn't matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.
π¦A detailed understanding of TCP and UDP matters when:
1οΈβ£network traffic analysisFor example, understanding the mechanism of TCP connections, you can configure the iptables so that all new connections will be prohibited while preserving the existing ones, or you can prohibit any incoming connections with full outgoing permission, understand and prevent a number of DoS attacks, understand SYN and other types of scans - why are they possible and what is their mechanism, etc ..
2οΈβ£configure iptables network firewall
3οΈβ£understanding and protecting against DoS attacks of some kind.
Written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WIFI HACKING -LINUX 2020 :
FEATURES :
Rogue access point attack
Man-in-the-middle attack
Module for deauthentication attack
Module for extra-captiveflask templates
Rogue Dns Server
Captive portal attack (captiveflask)
Intercept, inspect, modify and replay web traffic
WiFi networks scanning
DNS monitoring service
Credentials harvesting
Transparent Proxies
LLMNR, NBT-NS and MDNS poisoner
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
π¦Tools (pre-installed) :
β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WIFI HACKING -LINUX 2020 :
FEATURES :
Rogue access point attack
Man-in-the-middle attack
Module for deauthentication attack
Module for extra-captiveflask templates
Rogue Dns Server
Captive portal attack (captiveflask)
Intercept, inspect, modify and replay web traffic
WiFi networks scanning
DNS monitoring service
Credentials harvesting
Transparent Proxies
LLMNR, NBT-NS and MDNS poisoner
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£sudo apt install python3.7-dev libssl-dev libffi-dev build-essential python3.7FOR MORE OS INSTALL GO TO https://wifipumpkin3.github.io/docs/getting-started#installation
2οΈβ£$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
3οΈβ£$ cd wifipumpkin3
4οΈβ£ $ sudo make install
π¦FOR KALI :
1οΈβ£ $ sudo apt install libssl-dev libffi-dev build-essential
2οΈβ£ $ git clone https://github.com/P0cL4bs/wifipumpkin3.git
3οΈβ£$ cd wifipumpkin3
now, we need to install the PyQt5, it very easy:
4οΈβ£sudo apt install python3-pyqt5
or check if the pyqt5 is installed successful:
5οΈβ£python3 -c "from PyQt5.QtCore import QSettings; print('done')"
now, if you got the message done, nice. the next step is install the wp3:
6οΈβ£ $ sudo python3 setup.py install
π¦Tools (pre-installed) :
> iptables (current: iptables v1.6.1)
> iw (current: iw version 4.14)
> net-tools (current: version (1.60+)
> wireless-tools (current: version 30~pre9-12)
> hostapd (current: hostapd v2.6)
7οΈβ£Once started the tool with sudo wifipumpkin3 , youβll be presented with an interactive session like the metasploit framework where you can enable or disable modules, plugin, proxy configure the ap and etc
> MORE USAGE : CHECK HERE β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
wifipumpkin3
Welcome to wifipumpkin3 - wifipumpkin3
This is a starter Wifipumpkin3 - Powerful framework for Rogue Wi-Fi Access Point Attack
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦NEW PENTEST TUTORIALS & TOOLS :
- [WeebDNS - DNS Enumeration With Asynchronicity](http://feedproxy.google.com/~r/PentestTools/~3/aj8iNTv76KM/weebdns-dns-enumeration-with.html)
- [RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace](http://feedproxy.google.com/~r/PentestTools/~3/r5pc37rjXcE/redghost-v30-linux-post-exploitation.html)
- [Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources](http://feedproxy.google.com/~r/PentestTools/~3/aJ03REwtdTs/recon-ng-v500-open-source-intelligence.html)
- [Uncompyle6 - A Cross-Version Python Bytecode Decompiler](http://feedproxy.google.com/~r/PentestTools/~3/4BqkUdipfRA/uncompyle6-cross-version-python.html)
- [OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X](http://feedproxy.google.com/~r/PentestTools/~3/iIrDdkpfB3I/osxcollector-forensic-evidence.html)
- [Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops](http://feedproxy.google.com/~r/PentestTools/~3/3GWRhgE0P_Y/vulnado-purposely-vulnerable-java.html)
- [Orbit v2.0 - Blockchain Transactions Investigation Tool](http://feedproxy.google.com/~r/PentestTools/~3/wMLiz7Gx-5I/orbit-v20-blockchain-transactions.html)
- [Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail](http://feedproxy.google.com/~r/PentestTools/~3/DUH7fx0yK74/cloudcheck-checks-using-test-string-if.html)
- [grapheneX - Automated System Hardening Framework](http://feedproxy.google.com/~r/PentestTools/~3/1c8Pd15Q3f0/graphenex-automated-system-hardening.html)
- [O365-Attack-Toolkit - A Toolkit To Attack Office365](http://feedproxy.google.com/~r/PentestTools/~3/5YBArQY7xbI/o365-attack-toolkit-toolkit-to-attack.html)
- [Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework](http://feedproxy.google.com/~r/PentestTools/~3/M1JRpVeqmzc/pyattck-python-module-to-interact-with.html)
- [Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting](http://feedproxy.google.com/~r/PentestTools/~3/vNwEzZybqkk/evil-winrm-ultimate-winrm-shell-for.html)
- [Airopy - Get Clients And Access Points](http://feedproxy.google.com/~r/PentestTools/~3/_2hr62fH7Rc/airopy-get-clients-and-access-points.html)
- [AMIRA - Automated Malware Incident Response & Analysis](http://feedproxy.google.com/~r/PentestTools/~3/n9b89NWONDo/amira-automated-malware-incident.html)
- [VulnWhisperer - Create Actionable Data From Your Vulnerability Scans](http://feedproxy.google.com/~r/PentestTools/~3/F0Myf7GiesM/vulnwhisperer-create-actionable-data.html)
- [Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers](http://feedproxy.google.com/~r/PentestTools/~3/WbwiCRF568Y/dockernymous-script-used-to-create.html)
- [HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)](http://feedproxy.google.com/~r/PentestTools/~3/GTRsshv5Lcs/hiddeneye-modern-phishing-tool-with.html)
- [SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo](http://feedproxy.google.com/~r/PentestTools/~3/grcbPtCQkyg/sudokiller-tool-to-identify-and-exploit.html)
- [Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!](http://feedproxy.google.com/~r/PentestTools/~3/V6_EesPs7B0/hvazard-remove-short-passwords.html)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦NEW PENTEST TUTORIALS & TOOLS :
- [WeebDNS - DNS Enumeration With Asynchronicity](http://feedproxy.google.com/~r/PentestTools/~3/aj8iNTv76KM/weebdns-dns-enumeration-with.html)
- [RedGhost v3.0 - Linux Post Exploitation Framework Written In Bash Designed To Assist Red Teams In Persistence, Reconnaissance, Privilege Escalation And Leaving No Trace](http://feedproxy.google.com/~r/PentestTools/~3/r5pc37rjXcE/redghost-v30-linux-post-exploitation.html)
- [Recon-ng v5.0.0 - Open Source Intelligence Gathering Tool Aimed At Reducing The Time Spent Harvesting Information From Open Sources](http://feedproxy.google.com/~r/PentestTools/~3/aJ03REwtdTs/recon-ng-v500-open-source-intelligence.html)
- [Uncompyle6 - A Cross-Version Python Bytecode Decompiler](http://feedproxy.google.com/~r/PentestTools/~3/4BqkUdipfRA/uncompyle6-cross-version-python.html)
- [OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X](http://feedproxy.google.com/~r/PentestTools/~3/iIrDdkpfB3I/osxcollector-forensic-evidence.html)
- [Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops](http://feedproxy.google.com/~r/PentestTools/~3/3GWRhgE0P_Y/vulnado-purposely-vulnerable-java.html)
- [Orbit v2.0 - Blockchain Transactions Investigation Tool](http://feedproxy.google.com/~r/PentestTools/~3/wMLiz7Gx-5I/orbit-v20-blockchain-transactions.html)
- [Cloudcheck - Checks Using A Test String If A Cloudflare DNS Bypass Is Possible Using CloudFail](http://feedproxy.google.com/~r/PentestTools/~3/DUH7fx0yK74/cloudcheck-checks-using-test-string-if.html)
- [grapheneX - Automated System Hardening Framework](http://feedproxy.google.com/~r/PentestTools/~3/1c8Pd15Q3f0/graphenex-automated-system-hardening.html)
- [O365-Attack-Toolkit - A Toolkit To Attack Office365](http://feedproxy.google.com/~r/PentestTools/~3/5YBArQY7xbI/o365-attack-toolkit-toolkit-to-attack.html)
- [Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework](http://feedproxy.google.com/~r/PentestTools/~3/M1JRpVeqmzc/pyattck-python-module-to-interact-with.html)
- [Evil-Winrm - The Ultimate WinRM Shell For Hacking/Pentesting](http://feedproxy.google.com/~r/PentestTools/~3/vNwEzZybqkk/evil-winrm-ultimate-winrm-shell-for.html)
- [Airopy - Get Clients And Access Points](http://feedproxy.google.com/~r/PentestTools/~3/_2hr62fH7Rc/airopy-get-clients-and-access-points.html)
- [AMIRA - Automated Malware Incident Response & Analysis](http://feedproxy.google.com/~r/PentestTools/~3/n9b89NWONDo/amira-automated-malware-incident.html)
- [VulnWhisperer - Create Actionable Data From Your Vulnerability Scans](http://feedproxy.google.com/~r/PentestTools/~3/F0Myf7GiesM/vulnwhisperer-create-actionable-data.html)
- [Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers](http://feedproxy.google.com/~r/PentestTools/~3/WbwiCRF568Y/dockernymous-script-used-to-create.html)
- [HiddenEye - Modern Phishing Tool With Advanced Functionality (Android-Support-Available)](http://feedproxy.google.com/~r/PentestTools/~3/GTRsshv5Lcs/hiddeneye-modern-phishing-tool-with.html)
- [SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules Misconfigurations And Vulnerabilities Within Sudo](http://feedproxy.google.com/~r/PentestTools/~3/grcbPtCQkyg/sudokiller-tool-to-identify-and-exploit.html)
- [Hvazard - Remove Short Passwords & Duplicates, Change Lowercase To Uppercase & Reverse, Combine Wordlists!](http://feedproxy.google.com/~r/PentestTools/~3/V6_EesPs7B0/hvazard-remove-short-passwords.html)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
KitPloit - PenTest & Hacking Tools
WeebDNS - DNS Enumeration With Asynchronicity
Forwarded from iUNDERCODE - iOs JAILBREAK & MODS
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NEW TOP IPHONE SECRET KEYS :
*#06# β Displays IMEI
*3001#12345#* + βCallβ β Accesses a hidden Field Test menu
*#43# + βCallβ β Displays call waiting status
*43# + βCallβ β Enables call waiting
#43# + βCallβ β Disables call waiting
*#21# β Displays call forwarding status
##002# + βCallβ β Disables all call forwarding
*33*pin# β Enables call barring
#33*pin# β Disables call barring
#31#phone-number + βCallβ β Blocks caller ID for the current phone call
*3370# + βCallβ β Enables βEnhanced Full Rateβ and improves voice quality on GSM networks (may impact battery life)
*#5005*7672# + βCallβ β Displays your carrierβs message center phone number
> Here are two notable ones β the first will work on most Android phones and the second will work on all Android phones:
*#*#4636#*#* β Accesses a hidden test menu with sections for network, battery information and usage stats.
(powered by wiki sources)
@iUndercode
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NEW TOP IPHONE SECRET KEYS :
*#06# β Displays IMEI
*3001#12345#* + βCallβ β Accesses a hidden Field Test menu
*#43# + βCallβ β Displays call waiting status
*43# + βCallβ β Enables call waiting
#43# + βCallβ β Disables call waiting
*#21# β Displays call forwarding status
##002# + βCallβ β Disables all call forwarding
*33*pin# β Enables call barring
#33*pin# β Disables call barring
#31#phone-number + βCallβ β Blocks caller ID for the current phone call
*3370# + βCallβ β Enables βEnhanced Full Rateβ and improves voice quality on GSM networks (may impact battery life)
*#5005*7672# + βCallβ β Displays your carrierβs message center phone number
> Here are two notable ones β the first will work on most Android phones and the second will work on all Android phones:
*#*#4636#*#* β Accesses a hidden test menu with sections for network, battery information and usage stats.
(powered by wiki sources)
@iUndercode
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE SECURITY
S3 Bucket Misconfiguration_ From Basics to Pawn.pdf
1.4 MB
S3 Bucket Misconfiguration: From Basics to Pawn
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 #Anonymizers
Web traffic anonymizers for analysts.
[Anonymouse.org](http://anonymouse.org/) - A free, web based anonymizer.
OpenVPN - VPN software and hosting solutions.
[Privoxy](http://www.privoxy.org/) - An open source proxy server with some
privacy features.
Tor - The Onion Router, for browsing the web
without leaving traces of the client IP.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 #Anonymizers
Web traffic anonymizers for analysts.
[Anonymouse.org](http://anonymouse.org/) - A free, web based anonymizer.
OpenVPN - VPN software and hosting solutions.
[Privoxy](http://www.privoxy.org/) - An open source proxy server with some
privacy features.
Tor - The Onion Router, for browsing the web
without leaving traces of the client IP.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
OpenVPN
Business VPN For Secure Networking | OpenVPN
OpenVPN provides secure remote access for businesses. Our self-hosted and cloud-managed solutions offer zero trust network access built on the leading OpenVPN protocol.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOP #Malware
Malware samples collected for analysis.
[Contagio](http://contagiodump.blogspot.com/) - A collection of recent
malware samples and analyses.
Exploit Database - Exploit and shellcode
samples.
[Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
[Javascript Mallware Collection](https://github.com/HynekPetrak/javascript-malware-collection) - Collection of almost 40.000 javascript malware samples
Malpedia - A resource providing
rapid identification and actionable context for malware investigations.
[Malshare](https://malshare.com) - Large repository of malware actively
scrapped from malicious sites.
Open Malware Project - Sample information and
downloads. Formerly Offensive Computing.
[Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
crawler with pre-analysis and reporting functionalities
theZoo - Live malware samples for
analysts.
[Tracker h3x](http://tracker.h3x.eu/) - Agregator for malware corpus tracker
and malicious download sites.
vduddu malware repo - Collection of
various malware files and source code.
[VirusBay](https://beta.virusbay.io/) - Community-Based malware repository and social network.
ViruSign - Malware database that detected by
many anti malware programs except ClamAV.
[VirusShare](https://virusshare.com/) - Malware repository, registration
required.
VX Vault - Active collection of malware samples.
[Zeltser's Sources](https://zeltser.com/malware-sample-sources/) - A list
of malware sample sources put together by Lenny Zeltser.
Zeus Source Code - Source for the Zeus
trojan leaked in 2011.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TOP #Malware
Malware samples collected for analysis.
[Contagio](http://contagiodump.blogspot.com/) - A collection of recent
malware samples and analyses.
Exploit Database - Exploit and shellcode
samples.
[Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis.
InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
[Javascript Mallware Collection](https://github.com/HynekPetrak/javascript-malware-collection) - Collection of almost 40.000 javascript malware samples
Malpedia - A resource providing
rapid identification and actionable context for malware investigations.
[Malshare](https://malshare.com) - Large repository of malware actively
scrapped from malicious sites.
Open Malware Project - Sample information and
downloads. Formerly Offensive Computing.
[Ragpicker](https://github.com/robbyFux/Ragpicker) - Plugin based malware
crawler with pre-analysis and reporting functionalities
theZoo - Live malware samples for
analysts.
[Tracker h3x](http://tracker.h3x.eu/) - Agregator for malware corpus tracker
and malicious download sites.
vduddu malware repo - Collection of
various malware files and source code.
[VirusBay](https://beta.virusbay.io/) - Community-Based malware repository and social network.
ViruSign - Malware database that detected by
many anti malware programs except ClamAV.
[VirusShare](https://virusshare.com/) - Malware repository, registration
required.
VX Vault - Active collection of malware samples.
[Zeltser's Sources](https://zeltser.com/malware-sample-sources/) - A list
of malware sample sources put together by Lenny Zeltser.
Zeus Source Code - Source for the Zeus
trojan leaked in 2011.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Exploit-Db
OffSecβs Exploit Database Archive
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Open Source #Threat Intelligence
#Tools for creating Malwares & resources :
Harvest and analyze IOCs.
[AbuseHelper](https://github.com/abusesa/abusehelper) - An open-source
framework for receiving and redistributing abuse feeds and threat intel.
AlienVault Open Threat Exchange - Share and
collaborate in developing Threat Intelligence.
[Combine](https://github.com/mlsecproject/combine) - Tool to gather Threat
Intelligence indicators from publicly available sources.
Fileintel - Pull intelligence per file hash.
[Hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host.
IntelMQ -
A tool for CERTs for processing incident data using a message queue.
[IOC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) -
A free editor for XML IOC files.
iocextract - Advanced Indicator
of Compromise (IOC) extractor, Python library and command-line tool.
[ioc_writer](https://github.com/mandiant/ioc_writer) - Python library for
working with OpenIOC objects, from Mandiant.
MalPipe - Malware/IOC ingestion and
processing engine, that enriches collected data.
[Massive Octo Spice](https://github.com/csirtgadgets/massive-octo-spice) -
Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs
from various lists. Curated by the
[CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).
MISP - Malware Information Sharing
Platform curated by The MISP Project.
[Pulsedive](https://pulsedive.com) - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
PyIOCe - A Python OpenIOC editor.
[RiskIQ](https://community.riskiq.com/) - Research, connect, tag and
share IPs and domains. (Was PassiveTotal.)
threataggregator -
Aggregates security threats from a number of sources, including some of
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Open Source #Threat Intelligence
#Tools for creating Malwares & resources :
Harvest and analyze IOCs.
[AbuseHelper](https://github.com/abusesa/abusehelper) - An open-source
framework for receiving and redistributing abuse feeds and threat intel.
AlienVault Open Threat Exchange - Share and
collaborate in developing Threat Intelligence.
[Combine](https://github.com/mlsecproject/combine) - Tool to gather Threat
Intelligence indicators from publicly available sources.
Fileintel - Pull intelligence per file hash.
[Hostintel](https://github.com/keithjjones/hostintel) - Pull intelligence per host.
IntelMQ -
A tool for CERTs for processing incident data using a message queue.
[IOC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) -
A free editor for XML IOC files.
iocextract - Advanced Indicator
of Compromise (IOC) extractor, Python library and command-line tool.
[ioc_writer](https://github.com/mandiant/ioc_writer) - Python library for
working with OpenIOC objects, from Mandiant.
MalPipe - Malware/IOC ingestion and
processing engine, that enriches collected data.
[Massive Octo Spice](https://github.com/csirtgadgets/massive-octo-spice) -
Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs
from various lists. Curated by the
[CSIRT Gadgets Foundation](http://csirtgadgets.org/collective-intelligence-framework).
MISP - Malware Information Sharing
Platform curated by The MISP Project.
[Pulsedive](https://pulsedive.com) - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
PyIOCe - A Python OpenIOC editor.
[RiskIQ](https://community.riskiq.com/) - Research, connect, tag and
share IPs and domains. (Was PassiveTotal.)
threataggregator -
Aggregates security threats from a number of sources, including some of
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - abusesa/abusehelper: A framework for receiving and redistributing abuse feeds
A framework for receiving and redistributing abuse feeds - abusesa/abusehelper
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Client installation under Windows
#Fast Tip
Let's look at what happens when you install the client on Windows. No matter how hidden the process of installing the server, some initial data will still have to be set, explicitly requesting it from the user or setting some default values.
During the installation process of the InterBase client, you need to specify the directory where InterBase will be installed
> let's call it <InterBase root>. Client installation includes the following steps:
1)Copy files included in the client.
2) Register files for sharing.
3) Create registry keys.
4)Registration of the TCP / IP service.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Client installation under Windows
#Fast Tip
Let's look at what happens when you install the client on Windows. No matter how hidden the process of installing the server, some initial data will still have to be set, explicitly requesting it from the user or setting some default values.
During the installation process of the InterBase client, you need to specify the directory where InterBase will be installed
> let's call it <InterBase root>. Client installation includes the following steps:
1)Copy files included in the client.
2) Register files for sharing.
3) Create registry keys.
4)Registration of the TCP / IP service.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#MALWARES Threat intelligence and IOC resources.
[Autoshun](https://www.autoshun.org/) ([list](https://www.autoshun.org/files/shunlist.csv)) -
Snort plugin and blocklist.
Bambenek Consulting Feeds -
OSINT feeds based on malicious DGA algorithms.
[Fidelis Barncat](https://www.fidelissecurity.com/resources/fidelis-barncat) -
Extensive malware config database (must request access).
CI Army (list) -
Network security blocklists.
[Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
Cybercrime tracker - Multiple botnet active tracker.
[FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
shared publicly by FireEye.
FireHOL IP Lists - Analytics for 350+ IP lists
with a focus on attacks, malware and abuse. Evolution, Changes History,
Country Maps, Age of IPs listed, Retention Policy, Overlaps.
[HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.
hpfeeds - Honeypot feed protocol.
[Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
[InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
Internet Storm Center (DShield) - Diary and
searchable incident database, with a web API.
(unofficial Python library).
[malc0de](http://malc0de.com/database/) - Searchable incident database.
Malware Domain List - Search and share
malicious URLs.
[MetaDefender Threat Intelligence Feed](https://www.opswat.com/developers/threat-intelligence-feed) -
List of the most looked up file hashes from MetaDefender Cloud.
OpenIOC -
Framework for sharing threat intelligence.
[Proofpoint Threat Intelligence](https://www.proofpoint.com/us/products/et-intelligence) -
Rulesets and more. (Formerly Emerging Threats.)
Ransomware overview
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#MALWARES Threat intelligence and IOC resources.
[Autoshun](https://www.autoshun.org/) ([list](https://www.autoshun.org/files/shunlist.csv)) -
Snort plugin and blocklist.
Bambenek Consulting Feeds -
OSINT feeds based on malicious DGA algorithms.
[Fidelis Barncat](https://www.fidelissecurity.com/resources/fidelis-barncat) -
Extensive malware config database (must request access).
CI Army (list) -
Network security blocklists.
[Critical Stack- Free Intel Market](https://intel.criticalstack.com) - Free
intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
Cybercrime tracker - Multiple botnet active tracker.
[FireEye IOCs](https://github.com/fireeye/iocs) - Indicators of Compromise
shared publicly by FireEye.
FireHOL IP Lists - Analytics for 350+ IP lists
with a focus on attacks, malware and abuse. Evolution, Changes History,
Country Maps, Age of IPs listed, Retention Policy, Overlaps.
[HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation.
hpfeeds - Honeypot feed protocol.
[Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service.
InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
[InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
Internet Storm Center (DShield) - Diary and
searchable incident database, with a web API.
(unofficial Python library).
[malc0de](http://malc0de.com/database/) - Searchable incident database.
Malware Domain List - Search and share
malicious URLs.
[MetaDefender Threat Intelligence Feed](https://www.opswat.com/developers/threat-intelligence-feed) -
List of the most looked up file hashes from MetaDefender Cloud.
OpenIOC -
Framework for sharing threat intelligence.
[Proofpoint Threat Intelligence](https://www.proofpoint.com/us/products/et-intelligence) -
Rulesets and more. (Formerly Emerging Threats.)
Ransomware overview
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A list of ransomware overview with details, detection and prevention !!
[STIX - Structured Threat Information eXpression](http://stixproject.github.io)
Standardized language to represent and share cyber threat information.
Related efforts from [MITRE](https://www.mitre.org/):
- [CAPEC - Common Attack Pattern Enumeration and Classification](http://capec.mitre.org/)
- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)
- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)
- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)
SystemLookup - SystemLookup hosts a collection of lists that provide information on
the components of legitimate and potentially unwanted programs.
[ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
intelligence, with search.
threatRECON - Search for indicators, up to 1000
free per month.
[Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
ZeuS Tracker - ZeuS
blocklists.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A list of ransomware overview with details, detection and prevention !!
[STIX - Structured Threat Information eXpression](http://stixproject.github.io)
Standardized language to represent and share cyber threat information.
Related efforts from [MITRE](https://www.mitre.org/):
- [CAPEC - Common Attack Pattern Enumeration and Classification](http://capec.mitre.org/)
- [CybOX - Cyber Observables eXpression](http://cyboxproject.github.io)
- [MAEC - Malware Attribute Enumeration and Characterization](http://maec.mitre.org/)
- [TAXII - Trusted Automated eXchange of Indicator Information](http://taxiiproject.github.io)
SystemLookup - SystemLookup hosts a collection of lists that provide information on
the components of legitimate and potentially unwanted programs.
[ThreatMiner](https://www.threatminer.org/) - Data mining portal for threat
intelligence, with search.
threatRECON - Search for indicators, up to 1000
free per month.
[Yara rules](https://github.com/Yara-Rules/rules) - Yara rules repository.
ZeuS Tracker - ZeuS
blocklists.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
capec.mitre.org
CAPEC -
Common Attack Pattern Enumeration and Classification (CAPECβ’)
Common Attack Pattern Enumeration and Classification (CAPECβ’)
Common Attack Pattern Enumeration and Classification (CAPEC) is a list of software weaknesses.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Detection and Classification
#MALWARES 2020
Antivirus and other malware identification tools
[AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
variety of tools for reporting on Windows PE files.
Assemblyline - A scalable
distributed file analysis framework.
[BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of
YARA rules.
chkrootkit - Local Linux rootkit detection.
[ClamAV](http://www.clamav.net/) - Open source antivirus engine.
Detect It Easy(DiE) - A
program for
determining types of files.
[Exeinfo PE](http://exeinfo.pe.hu/) - Packer, compressor detector, unpack
info, internal exe tools.
ExifTool - Read, write and
edit file metadata.
[File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
[hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
HashCheck - Windows shell extension
to compute hashes with a variety of algorithms.
[Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
Malfunction - Catalog and
compare malware at a function level.
[Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
MASTIFF - Static analysis
framework.
[MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
Nauz File Detector(NFD) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
[nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
up hashes in NIST's National Software Reference Library database.
packerid - A cross-platform
Python alternative to PEiD.
[PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
files.
PEframe - PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
[PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
files, providing feature-rich tools for proper analysis of suspicious binaries.
PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
[Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System
Rootkit Hunter - Detect Linux rootkits.
[ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
totalhash.py -
Python script for easy searching of the TotalHash.cymru.com
database.
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
#Detection and Classification
#MALWARES 2020
Antivirus and other malware identification tools
[AnalyzePE](https://github.com/hiddenillusion/AnalyzePE) - Wrapper for a
variety of tools for reporting on Windows PE files.
Assemblyline - A scalable
distributed file analysis framework.
[BinaryAlert](https://github.com/airbnb/binaryalert) - An open source, serverless
AWS pipeline that scans and alerts on uploaded files based on a set of
YARA rules.
chkrootkit - Local Linux rootkit detection.
[ClamAV](http://www.clamav.net/) - Open source antivirus engine.
Detect It Easy(DiE) - A
program for
determining types of files.
[Exeinfo PE](http://exeinfo.pe.hu/) - Packer, compressor detector, unpack
info, internal exe tools.
ExifTool - Read, write and
edit file metadata.
[File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
[hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
HashCheck - Windows shell extension
to compute hashes with a variety of algorithms.
[Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
Malfunction - Catalog and
compare malware at a function level.
[Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
MASTIFF - Static analysis
framework.
[MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
Nauz File Detector(NFD) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
[nsrllookup](https://github.com/rjhansen/nsrllookup) - A tool for looking
up hashes in NIST's National Software Reference Library database.
packerid - A cross-platform
Python alternative to PEiD.
[PE-bear](https://hshrzd.wordpress.com/pe-bear/) - Reversing tool for PE
files.
PEframe - PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
[PEV](http://pev.sourceforge.net/) - A multiplatform toolkit to work with PE
files, providing feature-rich tools for proper analysis of suspicious binaries.
PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
[Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System
Rootkit Hunter - Detect Linux rootkits.
[ssdeep](https://ssdeep-project.github.io/ssdeep/) - Compute fuzzy hashes.
totalhash.py -
Python script for easy searching of the TotalHash.cymru.com
database.
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - hiddenillusion/AnalyzePE: Wraps around various tools and provides some additional checks/information to produce a centralizedβ¦
Wraps around various tools and provides some additional checks/information to produce a centralized report of a PE file. - hiddenillusion/AnalyzePE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Online #Scanners and #Sandboxes topic
Web-based multi-AV scanners, and malware sandboxes for automated analysis.
[anlyz.io](https://sandbox.anlyz.io/) - Online sandbox.
any.run - Online interactive sandbox.
[AndroTotal](https://andrototal.org/) - Free online analysis of APKs
against multiple mobile antivirus apps.
AVCaesar - Malware.lu online scanner and
malware repository.
[BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
Sandbox malware lab using Packer and Vagrant.
Cryptam - Analyze suspicious office documents.
[Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
sandbox and automated analysis system.
cuckoo-modified - Modified
version of Cuckoo Sandbox released under the GPL. Not merged upstream due to
legal concerns by the author.
[cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A
Python API used to control a cuckoo-modified sandbox.
DeepViz - Multi-format file analyzer with
machine-learning classification.
[detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do
traffic analysis of Linux malwares and capturing IOCs.
DRAKVUF - Dynamic malware analysis
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Online #Scanners and #Sandboxes topic
Web-based multi-AV scanners, and malware sandboxes for automated analysis.
[anlyz.io](https://sandbox.anlyz.io/) - Online sandbox.
any.run - Online interactive sandbox.
[AndroTotal](https://andrototal.org/) - Free online analysis of APKs
against multiple mobile antivirus apps.
AVCaesar - Malware.lu online scanner and
malware repository.
[BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo
Sandbox malware lab using Packer and Vagrant.
Cryptam - Analyze suspicious office documents.
[Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted
sandbox and automated analysis system.
cuckoo-modified - Modified
version of Cuckoo Sandbox released under the GPL. Not merged upstream due to
legal concerns by the author.
[cuckoo-modified-api](https://github.com/keithjjones/cuckoo-modified-api) - A
Python API used to control a cuckoo-modified sandbox.
DeepViz - Multi-format file analyzer with
machine-learning classification.
[detux](https://github.com/detuxsandbox/detux/) - A sandbox developed to do
traffic analysis of Linux malwares and capturing IOCs.
DRAKVUF - Dynamic malware analysis
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
app.any.run
Interactive Online Malware Analysis Sandbox - ANY.RUN
Cloud-based malware analysis service. Take your information security to the next level. Analyze suspicious and malicious activities using our innovative tools.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Domain Analysis Topic resources 2020
Inspect domains and IP addresses.
[AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
badips.com - Community based IP blacklist service.
[boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed for consistent and safe capture of off network web resources.
Cymon - Threat intelligence tracker, with IP/domain/hash search.
[Desenmascara.me](http://desenmascara.me) - One click tool to retrieve as much metadata as possible for a website and to assess its good standing.
Dig - Free online dig and other
network tools.
[dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation
engine for detecting typo squatting, phishing and corporate espionage.
IPinfo - Gather information
about an IP or domain by searching online resources.
[mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
temporary email detection library.
MaltegoVT - Maltego transform
for the VirusTotal API. Allows domain/IP research, and searching for file
hashes and scan reports.
[Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
confirmed reverse DNS lookup over more than 300 RBLs.
NormShield Services - Free API Services
for detecting possible phishing domains, blacklisted ip addresses and breached
accounts.
[PhishStats](https://phishstats.info/) - Phishing Statistics with search for
IP, domain and website title
Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
[SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
historical and current DNS records, similar domains, certificate information
and other domain and IP related API and tools.
SpamCop - IP based spam block list.
[SpamHaus](https://www.spamhaus.org/lookup/) - Block list based on
domains and IPs.
Sucuri SiteCheck - Free Website Malware
and Security Scanner.
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#Domain Analysis Topic resources 2020
Inspect domains and IP addresses.
[AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
badips.com - Community based IP blacklist service.
[boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed for consistent and safe capture of off network web resources.
Cymon - Threat intelligence tracker, with IP/domain/hash search.
[Desenmascara.me](http://desenmascara.me) - One click tool to retrieve as much metadata as possible for a website and to assess its good standing.
Dig - Free online dig and other
network tools.
[dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation
engine for detecting typo squatting, phishing and corporate espionage.
IPinfo - Gather information
about an IP or domain by searching online resources.
[mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
temporary email detection library.
MaltegoVT - Maltego transform
for the VirusTotal API. Allows domain/IP research, and searching for file
hashes and scan reports.
[Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
confirmed reverse DNS lookup over more than 300 RBLs.
NormShield Services - Free API Services
for detecting possible phishing domains, blacklisted ip addresses and breached
accounts.
[PhishStats](https://phishstats.info/) - Phishing Statistics with search for
IP, domain and website title
Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
[SecurityTrails](https://securitytrails.com/) - Historical and current WHOIS,
historical and current DNS records, similar domains, certificate information
and other domain and IP related API and tools.
SpamCop - IP based spam block list.
[SpamHaus](https://www.spamhaus.org/lookup/) - Block list based on
domains and IPs.
Sucuri SiteCheck - Free Website Malware
and Security Scanner.
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Abuseipdb
AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time
AbuseIPDB is an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦File #Carving #Mlawares
carving tool.
EVTXtract - Carve Windows
Event Log files from raw binary data.
[Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force.
hachoir3 - Hachoir is a Python library
to view and edit a binary stream field by field.
[Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool.
SFlock - Nested archive
extraction/unpacking (used in Cuckoo Sandbox).
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦File #Carving #Mlawares
extracting files from inside disk and memory images.[bulk_extractor](https://github.com/simsong/bulk_extractor) - Fast file
carving tool.
EVTXtract - Carve Windows
Event Log files from raw binary data.
[Foremost](http://foremost.sourceforge.net/) - File carving tool designed
by the US Air Force.
hachoir3 - Hachoir is a Python library
to view and edit a binary stream field by field.
[Scalpel](https://github.com/sleuthkit/scalpel) - Another data carving
tool.
SFlock - Nested archive
extraction/unpacking (used in Cuckoo Sandbox).
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - simsong/bulk_extractor: This is the development tree. Production downloads are at:
This is the development tree. Production downloads are at: - simsong/bulk_extractor
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHEN SANDBOX BECOME A MALWARE ?
#FastTip
Nearly every malware analysis sandbox looks at the system call interface or the Windows API when monitoring the behavior of a user mode process. ...
> In other words, a sandbox may see a malware read from a script, but it can not tell how the malware actually handles the data.
π¦WHEN SANDBOX BECOME A MALWARE ?
#FastTip
Nearly every malware analysis sandbox looks at the system call interface or the Windows API when monitoring the behavior of a user mode process. ...
> In other words, a sandbox may see a malware read from a script, but it can not tell how the malware actually handles the data.
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Essential malware analysis reading material #resources
#Malware/
[Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
[Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
Practical Malware Analysis - The Hands-On
Guide to Dissecting Malicious Software.
[Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) -
Intermediate Reverse Engineering.
Real Digital Forensics - Computer
Security and Incident Response.
[Rootkits and Bootkits](https://www.amazon.com/dp/1593277164) - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
The Art of Memory Forensics - Detecting
Malware and Threats in Windows, Linux, and Mac Memory.
[The IDA Pro Book](https://amzn.com/dp/1593272898) - The Unofficial Guide
to the World's Most Popular Disassembler.
The Rootkit Arsenal - The Rootkit Arsenal:
Escape and Evasion in the Dark Corners of the System
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Essential malware analysis reading material #resources
#Malware/
[Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
[Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
Practical Malware Analysis - The Hands-On
Guide to Dissecting Malicious Software.
[Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) -
Intermediate Reverse Engineering.
Real Digital Forensics - Computer
Security and Incident Response.
[Rootkits and Bootkits](https://www.amazon.com/dp/1593277164) - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
The Art of Memory Forensics - Detecting
Malware and Threats in Windows, Linux, and Mac Memory.
[The IDA Pro Book](https://amzn.com/dp/1593272898) - The Unofficial Guide
to the World's Most Popular Disassembler.
The Rootkit Arsenal - The Rootkit Arsenal:
Escape and Evasion in the Dark Corners of the System
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Packt
Learning Malware Analysis | Packt
Understand malware analysis and its practical implementation
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #Awesome repo Lists new :
[Android Security](https://github.com/ashishb/android-security-awesome)
AppSec
[CTFs](https://github.com/apsdehal/awesome-ctf)
Forensics
["Hacking"](https://github.com/carpedm20/awesome-hacking)
Honeypots
[Industrial Control System Security](https://github.com/hslatman/
awesome-industrial-control-system-security)
Incident-Response
[Infosec](https://github.com/onlurking/awesome-infosec)
PCAP Tools
[Pentesting](https://github.com/enaqx/awesome-pentest)
Security
[Threat Intelligence](https://github.com/hslatman/awesome-threat-
intelligence)
YARA
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ #Awesome repo Lists new :
[Android Security](https://github.com/ashishb/android-security-awesome)
AppSec
[CTFs](https://github.com/apsdehal/awesome-ctf)
Forensics
["Hacking"](https://github.com/carpedm20/awesome-hacking)
Honeypots
[Industrial Control System Security](https://github.com/hslatman/
awesome-industrial-control-system-security)
Incident-Response
[Infosec](https://github.com/onlurking/awesome-infosec)
PCAP Tools
[Pentesting](https://github.com/enaqx/awesome-pentest)
Security
[Threat Intelligence](https://github.com/hslatman/awesome-threat-
intelligence)
YARA
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ashishb/android-security-awesome: A collection of android security related resources
A collection of android security related resources - ashishb/android-security-awesome