β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MISC/UNSORTED
#Resources 2020
http://www.ikkisoft.com/stuff/SMH_XSS.txt
Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/
Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
Http://www.sensepost.com/blog/4552.html
Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
Http://carnal0wnage.attackresearch.com/node/410
Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
ENJOYβ€οΈππ»
β sources git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MISC/UNSORTED
#Resources 2020
http://www.ikkisoft.com/stuff/SMH_XSS.txt
Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/
Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
Http://www.sensepost.com/blog/4552.html
Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
Http://carnal0wnage.attackresearch.com/node/410
Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
ENJOYβ€οΈππ»
β sources git 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
Whatthefuckismyinformationsecuritystrategy
What The Fuck Is My Information Security Strategy?
Making up information security strategies so you don't have to
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Why all hackers should study C ++ ? Who is C ++ for
#FastTips
1) C ++ is considered a mid-level language as it includes a combination of high-level and low-level language features.
2) C ++ is widely used to write device drivers, operating system kernels, critical OS programs, and other software that rely on direct manipulation of hardware in real time.
3) C ++ is widely used for teaching and research because it is clear enough to successfully teach basic concepts.
4) In application writing, C ++ is used when performance is key. C ++ programs run faster and take up less space when compared to many other programming languages.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Why all hackers should study C ++ ? Who is C ++ for
#FastTips
1) C ++ is considered a mid-level language as it includes a combination of high-level and low-level language features.
2) C ++ is widely used to write device drivers, operating system kernels, critical OS programs, and other software that rely on direct manipulation of hardware in real time.
3) C ++ is widely used for teaching and research because it is clear enough to successfully teach basic concepts.
4) In application writing, C ++ is used when performance is key. C ++ programs run faster and take up less space when compared to many other programming languages.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The report says the emails of local election officials in the United States may be affected by phishing attacks
#News
> According to a new report from the Wall Street Journal, the e-mail system that many election officials across the United States are using may make them more vulnerable to phishing attacks. Area 1 Security found that less than 20% of the 10,000 state and local election management agencies in the United States have advanced anti-phishing control measures, and about 666 election officials rely on personal email addresses to handle election-related matters.
> According to reports, judicial agencies in several states are using a version of the free Exim software, and Russiaβs GRU intelligence agency has launched online attacks against the software in 2019. However, security experts say that weak email security is unlikely to cause votes to be hacked because the email system is not connected to the vote-counting system.
> But this raises concerns that local election officials may be insufficiently prepared for possible intrusions into email systems. In 2016, GRU was accused of stealing and leaking emails from the Hillary Clinton presidential campaign team; in 2018, GRU registered a network domain name that appeared to be a fake government website, ostensibly for phishing purposes. Microsoft seized these domain names before it was officially deemed to have caused any damage.
> According to reports, this year foreign hackers have targeted the personal email accounts of staff working for the presumed Democratic candidate Joe Biden and President Trumpβs campaigns. For example, Iranian hackers allegedly targeted emails from Trump campaign staff. Google, which reported these attempts, said last month that it had not seen evidence of the success of these attacks.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The report says the emails of local election officials in the United States may be affected by phishing attacks
#News
> According to a new report from the Wall Street Journal, the e-mail system that many election officials across the United States are using may make them more vulnerable to phishing attacks. Area 1 Security found that less than 20% of the 10,000 state and local election management agencies in the United States have advanced anti-phishing control measures, and about 666 election officials rely on personal email addresses to handle election-related matters.
> According to reports, judicial agencies in several states are using a version of the free Exim software, and Russiaβs GRU intelligence agency has launched online attacks against the software in 2019. However, security experts say that weak email security is unlikely to cause votes to be hacked because the email system is not connected to the vote-counting system.
> But this raises concerns that local election officials may be insufficiently prepared for possible intrusions into email systems. In 2016, GRU was accused of stealing and leaking emails from the Hillary Clinton presidential campaign team; in 2018, GRU registered a network domain name that appeared to be a fake government website, ostensibly for phishing purposes. Microsoft seized these domain names before it was officially deemed to have caused any damage.
> According to reports, this year foreign hackers have targeted the personal email accounts of staff working for the presumed Democratic candidate Joe Biden and President Trumpβs campaigns. For example, Iranian hackers allegedly targeted emails from Trump campaign staff. Google, which reported these attempts, said last month that it had not seen evidence of the success of these attacks.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
Dump LAPS passwords with ldapsearch.pdf
113.8 KB
Dump LAPS passwords with ldapsearch
#requested
#requested
Detecting and Tracking the Red-Team.pdf
1.5 MB
Detecting and Tracking #Tips
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Terms related to ss/encrypt/OpenSSL that we will use:
genpkey (replaces genrsa , gendh and gendsa ) - generates private keys
req - utility for creating certificate signing requests and for generating self-signed PKCS # 10 certificates
x509 - utility for signing certificates and for showing properties of certificates
rsa - utility for working with RSA keys, for example, for converting
keys to various formats
enc - various actions with symmetric ciphers
pkcs12 - Create and parse PKCS # 12 files
crl2pkcs7 - program for converting CRL to PKCS # 7
pkcs7 - Performs operations on PKCS # 7 files in DER or PEM format
verify - program for verifying certificate chains
s_client - This command implements an SSL / TLS client that connects to a remote host using SSL / TLS. This is a very useful diagnostic tool for SSL servers
ca - is a minimal CA application. It can be used to sign various forms of certificate requests and generate CRLs. It also maintains a text database of issued certificates and their status
rand - This command generates the specified number of random bytes using a cryptographically secure pseudo-random number generator (CSPRNG)
rsautl - command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm
smime - the command processes S / MIME mail. It can encrypt, decrypt, sign and verify S / MIME messages
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Terms related to ss/encrypt/OpenSSL that we will use:
genpkey (replaces genrsa , gendh and gendsa ) - generates private keys
req - utility for creating certificate signing requests and for generating self-signed PKCS # 10 certificates
x509 - utility for signing certificates and for showing properties of certificates
rsa - utility for working with RSA keys, for example, for converting
keys to various formats
enc - various actions with symmetric ciphers
pkcs12 - Create and parse PKCS # 12 files
crl2pkcs7 - program for converting CRL to PKCS # 7
pkcs7 - Performs operations on PKCS # 7 files in DER or PEM format
verify - program for verifying certificate chains
s_client - This command implements an SSL / TLS client that connects to a remote host using SSL / TLS. This is a very useful diagnostic tool for SSL servers
ca - is a minimal CA application. It can be used to sign various forms of certificate requests and generate CRLs. It also maintains a text database of issued certificates and their status
rand - This command generates the specified number of random bytes using a cryptographically secure pseudo-random number generator (CSPRNG)
rsautl - command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm
smime - the command processes S / MIME mail. It can encrypt, decrypt, sign and verify S / MIME messages
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦COMMUN METHODES HACK NETFLIX FOR BEGINERS
#fASTtIPS
> Unfortunately, password theft is very common within cyber security, especially for Netflix accounts.
> With over 75 million subscribers, Netflix passwords grant cyber criminals to both access user accounts without paying for a subscription, or even worseβ¦
> sell the userβs password details and payment information on the Deep Web.
π¦How do they do it? β Some examples
1) Phishing
Hackers often use phishing campaigns to obtain access to userβs device. They accomplish this by tricking users (often via a malicious email link that leads the user to a fake Netflix login page).
Once the user clicks on the link, the malware steals their account information.
2) Keyloggers
Keylogging is a password-theft tactic that resides in a deviceβs system memory, runs every time you startup your PC, and logs all your keystrokes. The logs are then sent to the hacker.
3) Trojan Horse Viruses
Trojan horses are sent to victims via malicious links or file attachments that trick users into downloading malicious software onto their device. Once downloaded this malware can take full control of the computer. Its main goal is to damage, disrupt, steal or damage your data or network.
> Once installed, it can extract user logins of any website or software that the infected computer uses, way more than just Netflix accounts; Skype, Facebook, Emails, and more.
> Unfortunately, computer passwords arenβt really a safety measure against hackers who access your device remotely, as they access the system through other tactics.
> Computer passwords are more of a protection against physical theft so that somebody whose obtained physical possession of your PC cannot login to the device.
ENJOYβ€οΈππ»
deepwiki
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦COMMUN METHODES HACK NETFLIX FOR BEGINERS
#fASTtIPS
> Unfortunately, password theft is very common within cyber security, especially for Netflix accounts.
> With over 75 million subscribers, Netflix passwords grant cyber criminals to both access user accounts without paying for a subscription, or even worseβ¦
> sell the userβs password details and payment information on the Deep Web.
π¦How do they do it? β Some examples
1) Phishing
Hackers often use phishing campaigns to obtain access to userβs device. They accomplish this by tricking users (often via a malicious email link that leads the user to a fake Netflix login page).
Once the user clicks on the link, the malware steals their account information.
2) Keyloggers
Keylogging is a password-theft tactic that resides in a deviceβs system memory, runs every time you startup your PC, and logs all your keystrokes. The logs are then sent to the hacker.
3) Trojan Horse Viruses
Trojan horses are sent to victims via malicious links or file attachments that trick users into downloading malicious software onto their device. Once downloaded this malware can take full control of the computer. Its main goal is to damage, disrupt, steal or damage your data or network.
> Once installed, it can extract user logins of any website or software that the infected computer uses, way more than just Netflix accounts; Skype, Facebook, Emails, and more.
> Unfortunately, computer passwords arenβt really a safety measure against hackers who access your device remotely, as they access the system through other tactics.
> Computer passwords are more of a protection against physical theft so that somebody whose obtained physical possession of your PC cannot login to the device.
ENJOYβ€οΈππ»
deepwiki
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦NMAP USEFUL COMMANDS :
Scan network for live hosts
(nmap/zenmap)
For NMAP β
nmap -vv -sP 192.168.0.1-254 -oG hosts_up.txt
cat hosts_up.txt | grep -i βupβ
nmap -PN 192.168.9.200-254
(this will also show open ports for each host)
Identify OS
(nmap/zenmap)
For NMAP β
nmap -O 192.168.0.100 (just OS fingerprint)
nmap -A 192.168.9.201 (runs an βaggressiveβ scan β scan,OS fingerprint, version scan, scripts and traceroute)
Check hosts for services
(nmap/zenmap)
For NMAP
- nmap -sS 192.168.9.254 (TCP)
- nmap -sU 192.168.9.254 (UDP)
(Could be better to do this in zenmap and group servers by services)
FOR SNMP
- snmpwalk -c public -v1 192.168.9.254 1 |grep hrSWRunName|cut -dβ β -f
For a known port
- nmap β p 139 192.168.9.254
DNS Lookups/Hostnames
host -l <domain> <dns server>
e.g. host -l acme.local 192.168.0.220
Banner grab/Version services
(nmap/zenmap/SNMP)
Check versions of software/services against milw0rm and security focus)
For NMAP
- nmap -sV 192.168.9.254
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NMAP USEFUL COMMANDS :
Scan network for live hosts
(nmap/zenmap)
For NMAP β
nmap -vv -sP 192.168.0.1-254 -oG hosts_up.txt
cat hosts_up.txt | grep -i βupβ
nmap -PN 192.168.9.200-254
(this will also show open ports for each host)
Identify OS
(nmap/zenmap)
For NMAP β
nmap -O 192.168.0.100 (just OS fingerprint)
nmap -A 192.168.9.201 (runs an βaggressiveβ scan β scan,OS fingerprint, version scan, scripts and traceroute)
Check hosts for services
(nmap/zenmap)
For NMAP
- nmap -sS 192.168.9.254 (TCP)
- nmap -sU 192.168.9.254 (UDP)
(Could be better to do this in zenmap and group servers by services)
FOR SNMP
- snmpwalk -c public -v1 192.168.9.254 1 |grep hrSWRunName|cut -dβ β -f
For a known port
- nmap β p 139 192.168.9.254
DNS Lookups/Hostnames
host -l <domain> <dns server>
e.g. host -l acme.local 192.168.0.220
Banner grab/Version services
(nmap/zenmap/SNMP)
Check versions of software/services against milw0rm and security focus)
For NMAP
- nmap -sV 192.168.9.254
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE HACKING
3 Billiar combo.rar
15.4 MB
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 SITES FOR CRACKED APK
β https://acmarket.net/
β https://www.apkwhale.com/
β https://apkmb.com/
β https://ihackedit.com/
β https://apk4free.net/
β https://rexdl.com/
β https://www.revdl.com
β https://aptoide.com
β https://www.apk4fun.com/
β https://apkpure.com
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 SITES FOR CRACKED APK
β https://acmarket.net/
β https://www.apkwhale.com/
β https://apkmb.com/
β https://ihackedit.com/
β https://apk4free.net/
β https://rexdl.com/
β https://www.revdl.com
β https://aptoide.com
β https://www.apk4fun.com/
β https://apkpure.com
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
acmarket.net
ACMarket - Cracked Apps, Games, Mods for Android
How to bypass AMSI and execute ANY malicious Powershell code.pdf
398 KB
the most #requested tutorial
How to bypass AMSI and execute ANY malicious Powershell code
How to bypass AMSI and execute ANY malicious Powershell code
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦METASPLOIT MODULES & HACKING :
Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
Http://seclists.org/metasploit/
Http://pauldotcom.com/2010/03/nessus-scanning-through-
a-meta.html
Http://meterpreter.illegalguy.hostzi.com/
Http://blog.metasploit.com/2010/03/automating-metasploit-console.html
Http://www.workrobot.com/sansfire2009/561.html
Http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/
MeterpreterClient#download
Http://vimeo.com/16852783
Http://milo2012.wordpress.com/2009/09/27/xlsinjector/
Http://www.fastandeasyhacking.com/
Http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Http://www.irongeek.com/i.php?page=videos/metasploit-class
Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
Http://vimeo.com/16925188
Http://www.ustream.tv/recorded/13396511
Http://www.ustream.tv/recorded/13397426
Http://www.ustream.tv/recorded/13398740
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦METASPLOIT MODULES & HACKING :
Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://code.google.com/p/msf-hack/wiki/WmapNikto
Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
Http://seclists.org/metasploit/
Http://pauldotcom.com/2010/03/nessus-scanning-through-
a-meta.html
Http://meterpreter.illegalguy.hostzi.com/
Http://blog.metasploit.com/2010/03/automating-metasploit-console.html
Http://www.workrobot.com/sansfire2009/561.html
Http://www.securitytube.net/video/711
http://en.wikibooks.org/wiki/Metasploit/
MeterpreterClient#download
Http://vimeo.com/16852783
Http://milo2012.wordpress.com/2009/09/27/xlsinjector/
Http://www.fastandeasyhacking.com/
Http://trac.happypacket.net/
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Http://www.irongeek.com/i.php?page=videos/metasploit-class
Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
Http://vimeo.com/16925188
Http://www.ustream.tv/recorded/13396511
Http://www.ustream.tv/recorded/13397426
Http://www.ustream.tv/recorded/13398740
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
Markbaggett
Mark Baggett - In Depth Defense
A collection of articles, python tools, interviews and talk about information security, hacking, forensics, and defense using python coding
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE NEW COURSES :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/
csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE NEW COURSES :
Http://pentest.cryptocity.net/
Http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://samsclass.info/124/124_Sum09.shtml
Http://www.cs.ucsb.edu/~vigna/courses/cs279/
Http://crypto.stanford.edu/cs142/
Http://crypto.stanford.edu/cs155/
Http://cseweb.ucsd.edu/classes/wi09/cse227/
Http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://security.ucla.edu/pages/Security_Talks
Http://www.cs.rpi.edu/academics/courses/spring10/
csci4971/
Http://cr.yp.to/2004-494.html
Http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
Https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
Http://stuff.mit.edu/iap/2009/#websecurity
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
trailofbits.github.io
Introduction Β· CTF Field Guide
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB VECTORS XSS
#RESOURCES
Http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
Http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
Http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
Http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
Http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
Http://heideri.ch/jso/#javascript
Http://www.reddit.com/r/xss/
Http://sla.ckers.org/forum/list.php?2
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB VECTORS XSS
#RESOURCES
Http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.technicalinfo.net/papers/CSS.html
Http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
Http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
Http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
Http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
Http://heideri.ch/jso/#javascript
Http://www.reddit.com/r/xss/
Http://sla.ckers.org/forum/list.php?2
enjoyβ€οΈππ»
β GIT 2020
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Tens of thousands of MSSQL servers have been invaded by blasting and have become Monero mining machines
#News
> a mining Trojan targeting MS SQL server attacks. The mining Trojan mainly targeted MS SQL services to blast weak password attacks. After successful blasting, Monero mining Trojans will be implanted for mining.
> At the same time, the attacker downloads the frpc intranet penetration tool to install the backdoor, and will add users to facilitate the intruder to log in to the server remotely.
> Judging from the HFS server count of the mining Trojan, tens of thousands of MS SQL servers have been implanted with the mining Trojan, and dozens of servers have been installed with backdoors.
> The attacker installs intranet penetration tools on the compromised server will further increase the risk of hacker intrusion, and the compromise of the corporate database server will lead to serious information leakage incidents.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Tens of thousands of MSSQL servers have been invaded by blasting and have become Monero mining machines
#News
> a mining Trojan targeting MS SQL server attacks. The mining Trojan mainly targeted MS SQL services to blast weak password attacks. After successful blasting, Monero mining Trojans will be implanted for mining.
> At the same time, the attacker downloads the frpc intranet penetration tool to install the backdoor, and will add users to facilitate the intruder to log in to the server remotely.
> Judging from the HFS server count of the mining Trojan, tens of thousands of MS SQL servers have been implanted with the mining Trojan, and dozens of servers have been installed with backdoors.
> The attacker installs intranet penetration tools on the compromised server will further increase the risk of hacker intrusion, and the compromise of the corporate database server will lead to serious information leakage incidents.
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
Information Gathering With Cobalt Strike.pdf
1.3 MB
Information Gathering With Cobalt Strike full tutorial