β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Root cause analysis
1) Integrating and analyzing various event data on a network performance monitoring tool can form an automated root cause analysis function.
2) If a problem occurs in the network, and then it triggers events of multiple components, many network performance monitoring tools will use artificial intelligence technology to analyze the correlation of these events, and finally determine the root cause of the problem.
3) This is one of the complex functions that need to be configured because it requires all equipment and monitoring systems to be properly configured.
> For example, if the device time is not synchronized through the Network Time Protocol (Network Time Protocol), the time found by the event will be wrong. This will negatively affect the accuracy of the root cause analysis engine.
4) However, once it is created and the correct maintenance measures are taken, automated root cause analysis tools can save a lot of time in troubleshooting.
Written by
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Root cause analysis
1) Integrating and analyzing various event data on a network performance monitoring tool can form an automated root cause analysis function.
2) If a problem occurs in the network, and then it triggers events of multiple components, many network performance monitoring tools will use artificial intelligence technology to analyze the correlation of these events, and finally determine the root cause of the problem.
3) This is one of the complex functions that need to be configured because it requires all equipment and monitoring systems to be properly configured.
> For example, if the device time is not synchronized through the Network Time Protocol (Network Time Protocol), the time found by the event will be wrong. This will negatively affect the accuracy of the root cause analysis engine.
4) However, once it is created and the correct maintenance measures are taken, automated root cause analysis tools can save a lot of time in troubleshooting.
Written by
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
WinDbg Malware Analysis Cheat Sheet.pdf
2 MB
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to skip Face ID unlocking on iPhone while wearing a mask ?
Apple has released the latest version of the iOS system for developers. There are not many new features here, apart from a few related to the coronavirus. IOS 13.5 beta 3 contains a new API from Apple and Google. This interface should show whether you have been in contact with infected people or not.
Here's how it works: Using Bluetooth, the iPhone securely shares randomly generated IDs with nearby devices and retrieves their IDs. This allows the app to notify you if you have been exposed to a virus. You can also share your coronavirus diagnosis anonymously.
This update also makes it easier to bypass Face ID unlocking on your iPhone if you're wearing a mask. Since you must have a password that is created when you set up Face ID, the device will use this password to log in to the system.
π¦How to bypass Face ID while wearing a mask ?
Apple has enabled these features to work by default on the iPhone. This means that the machine recognizes you faster, regardless of whether you are wearing a mask or not. Prior to iOS 13.5, a failed face scan had to be performed a couple of times before a password could be entered.
The process was quite tedious, but now you can immediately swipe up the screen to unlock. When you do this, the iPhone automatically opens the lock screen where you can enter a passcode. If you are wearing a mask, lift the device as usual, gesture upward as you would when unlocking with Face ID. A password entry field will appear.
π¦How to turn off COVID-19 notifications on iOS :
As stated above, Apple and Google have teamed up to notify people that they have spoken with someone infected with the coronavirus. These notifications use a unique API. Applications of medical organizations can take advantage of it.
These applications do not contain personal information, but there may be people who want to disable them.
1) open iPhone Settings.
2) Scroll down and select "Privacy".
3) Click "Health".
4) Select COVID-19 Exposure Notifications.
5) Press the switch so that it is in the off position.
6) This feature can be useful these days. Apple should release the final version of iOS 13.5 soon and it will be available to everyone.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to skip Face ID unlocking on iPhone while wearing a mask ?
Apple has released the latest version of the iOS system for developers. There are not many new features here, apart from a few related to the coronavirus. IOS 13.5 beta 3 contains a new API from Apple and Google. This interface should show whether you have been in contact with infected people or not.
Here's how it works: Using Bluetooth, the iPhone securely shares randomly generated IDs with nearby devices and retrieves their IDs. This allows the app to notify you if you have been exposed to a virus. You can also share your coronavirus diagnosis anonymously.
This update also makes it easier to bypass Face ID unlocking on your iPhone if you're wearing a mask. Since you must have a password that is created when you set up Face ID, the device will use this password to log in to the system.
π¦How to bypass Face ID while wearing a mask ?
Apple has enabled these features to work by default on the iPhone. This means that the machine recognizes you faster, regardless of whether you are wearing a mask or not. Prior to iOS 13.5, a failed face scan had to be performed a couple of times before a password could be entered.
The process was quite tedious, but now you can immediately swipe up the screen to unlock. When you do this, the iPhone automatically opens the lock screen where you can enter a passcode. If you are wearing a mask, lift the device as usual, gesture upward as you would when unlocking with Face ID. A password entry field will appear.
π¦How to turn off COVID-19 notifications on iOS :
As stated above, Apple and Google have teamed up to notify people that they have spoken with someone infected with the coronavirus. These notifications use a unique API. Applications of medical organizations can take advantage of it.
These applications do not contain personal information, but there may be people who want to disable them.
1) open iPhone Settings.
2) Scroll down and select "Privacy".
3) Click "Health".
4) Select COVID-19 Exposure Notifications.
5) Press the switch so that it is in the off position.
6) This feature can be useful these days. Apple should release the final version of iOS 13.5 soon and it will be available to everyone.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is the Pokki virus?
Pokki is essentially not a virus, as it is just an adware that is legally installed on a PC only after the user's consent. Meanwhile, as a result of its installation, many intrusive ads appear, which are shown in the form of sudden pop-up browser windows, as well as new buttons on the "Toolbar" and "Taskbar" begin to appear.
Most virus scanners now identify "Pokki" as a program that poses a moderate threat to your computer. Unlike real viruses, which try to take your computer under full remote control in order to obtain important confidential information, adware simply annoys users with the constant appearance of various banners and links. However, the Pokki utility can also negatively affect the performance of your hardware, just like regular viruses.
π¦How does the Pokki virus work?
Pokki.com is actually a legitimate site that distributes an adware utility that can drastically change the look of the Windows Start menu, making it look like a mobile operating system.
Since this application is usually installed along with other software, you may not even notice that you are downloading it to your computer. In addition, this utility will subsequently constantly receive unknown automatic updates, downloading along with them alternative potentially dangerous programs (PUP). This usually leads to incorrect operation of the browser, in which many links to other malicious Internet resources appear.
At the same time, more and more anti-virus applications classify Pokki as an object that does not pose a serious threat to the PC. In summary, while the software in question does not harm your operating system or files, it can display potentially malicious content that increases the chances of an aggressive virus infecting your computer.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is the Pokki virus?
Pokki is essentially not a virus, as it is just an adware that is legally installed on a PC only after the user's consent. Meanwhile, as a result of its installation, many intrusive ads appear, which are shown in the form of sudden pop-up browser windows, as well as new buttons on the "Toolbar" and "Taskbar" begin to appear.
Most virus scanners now identify "Pokki" as a program that poses a moderate threat to your computer. Unlike real viruses, which try to take your computer under full remote control in order to obtain important confidential information, adware simply annoys users with the constant appearance of various banners and links. However, the Pokki utility can also negatively affect the performance of your hardware, just like regular viruses.
π¦How does the Pokki virus work?
Pokki.com is actually a legitimate site that distributes an adware utility that can drastically change the look of the Windows Start menu, making it look like a mobile operating system.
Since this application is usually installed along with other software, you may not even notice that you are downloading it to your computer. In addition, this utility will subsequently constantly receive unknown automatic updates, downloading along with them alternative potentially dangerous programs (PUP). This usually leads to incorrect operation of the browser, in which many links to other malicious Internet resources appear.
At the same time, more and more anti-virus applications classify Pokki as an object that does not pose a serious threat to the PC. In summary, while the software in question does not harm your operating system or files, it can display potentially malicious content that increases the chances of an aggressive virus infecting your computer.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How can I get rid of Pokki virus?
The most effective way to get rid of any tricky software on your computer is to use a strong anti-virus program that can solve a wide range of adware and virus-related issues. The system verification process, depending on the integrated hardware, can take a long time, but this is the best method to get rid of such programs.
In other cases, you can do the following manipulations to remove "Pokki":
Try to erase the Pokki virus manually by Pokki simply by deleting certain applications and files associated with it. Both Windows and macOS have built-in tools to centrally uninstall programs you no longer want to use.
If you suspect that the installation of the Pokki virus was the result of the activity of another malicious object, then try to delete it as well. However, in most cases, antivirus software is required to remove these types of infiltrations.
1) If the "Pokki" virus has begun to control your browser, then the first step is to remove suspicious add-ons and extensions from it.
2) If the problem is with a mobile device, then you may need to use other methods to remove the virus from Android.
3) If none of these tips helped solve the problem, then we recommend using System Restore to go back to an earlier backup point when you did not have the Pokki virus on your computer. In this case, be sure to select the time period in which you know for sure that the virus was absent in the system
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How can I get rid of Pokki virus?
The most effective way to get rid of any tricky software on your computer is to use a strong anti-virus program that can solve a wide range of adware and virus-related issues. The system verification process, depending on the integrated hardware, can take a long time, but this is the best method to get rid of such programs.
In other cases, you can do the following manipulations to remove "Pokki":
Try to erase the Pokki virus manually by Pokki simply by deleting certain applications and files associated with it. Both Windows and macOS have built-in tools to centrally uninstall programs you no longer want to use.
If you suspect that the installation of the Pokki virus was the result of the activity of another malicious object, then try to delete it as well. However, in most cases, antivirus software is required to remove these types of infiltrations.
1) If the "Pokki" virus has begun to control your browser, then the first step is to remove suspicious add-ons and extensions from it.
2) If the problem is with a mobile device, then you may need to use other methods to remove the virus from Android.
3) If none of these tips helped solve the problem, then we recommend using System Restore to go back to an earlier backup point when you did not have the Pokki virus on your computer. In this case, be sure to select the time period in which you know for sure that the virus was absent in the system
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Suricata intrusion detection system on Linux?
1) Install Suricata IDS on Linux
Might as well build Suricata from source code. You have to install a few required dependencies first, as shown below.
Install dependencies on Debian, Ubuntu or Linux Mint
$ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
2) install dependencies on CentOS, Fedora or RHEL
$ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
3) Once you have installed all the necessary packages, you can now install Suricata , As shown below.
4) First, download the latest Suricata source code from http://suricata-ids.org/download/ and compile the code. As of this writing, the latest version is 2.0.8.
This is a sample output of the configuration.
5) Now compile and install it.
$ make
$ sudo make install
Suricata source code comes with default configuration files. May wish to install these default configuration files as shown below.
$ sudo make install-conf
As you know, Suricata is useless without the IDS rule set. Conveniently, the Makefile comes with IDS rules installation options. To install IDS rules, just run the following command.
$ sudo make install-rules The
above rule installation command will install the latest snapshot of the available community rule sets from EmergingThreats.net ( https://www.bro.org ) and store them under /etc/suricata/rules.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Suricata intrusion detection system on Linux?
1) Install Suricata IDS on Linux
Might as well build Suricata from source code. You have to install a few required dependencies first, as shown below.
Install dependencies on Debian, Ubuntu or Linux Mint
$ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
2) install dependencies on CentOS, Fedora or RHEL
$ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
3) Once you have installed all the necessary packages, you can now install Suricata , As shown below.
4) First, download the latest Suricata source code from http://suricata-ids.org/download/ and compile the code. As of this writing, the latest version is 2.0.8.
This is a sample output of the configuration.
5) Now compile and install it.
$ make
$ sudo make install
Suricata source code comes with default configuration files. May wish to install these default configuration files as shown below.
$ sudo make install-conf
As you know, Suricata is useless without the IDS rule set. Conveniently, the Makefile comes with IDS rules installation options. To install IDS rules, just run the following command.
$ sudo make install-rules The
above rule installation command will install the latest snapshot of the available community rule sets from EmergingThreats.net ( https://www.bro.org ) and store them under /etc/suricata/rules.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WANNACRY FOR BEGINERS :
WannaCry encrypts most or even all of the files on your computer. The software then displays a specific message on the computer screen asking for a $ 300 ransom to decrypt your files. The payment must be made to the Bitcoin wallet. If the user does not pay the ransom in 3 days, the amount is doubled to $ 600. After 7 days, the virus will delete all encrypted files and all your data will be lost.
Who is behind this or the origin of the virus
The exact origin of the virus has not yet been established. But our editor was able to find the 3 most basic versions.
1)Russian hackers
Yes, friends, how can you not bypass such a resonant virus without all your favorite "Russian hackers". The incident may be linked to recent warnings from the Shadow Brokers group to US President Donald Trump following his approved missile strikes in Syria.
2) US intelligence services
On May 15, Russian President Vladimir Putin called the US intelligence services the source of the virus and said that "Russia has absolutely nothing to do with it." Microsoft executives have also stated that the US intelligence services are the primary source of this virus.
3)Government of the DPRK
Representatives of the antivirus companies Symantec and Kaspersky Lab said that cybercriminals from the Lazarus Group were involved in cyber attacks using the WanaCrypt0r 2.0 virus, which hit thousands of computers in 150 countries .
DOWNLOAD : https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.WannaCry
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WANNACRY FOR BEGINERS :
WannaCry encrypts most or even all of the files on your computer. The software then displays a specific message on the computer screen asking for a $ 300 ransom to decrypt your files. The payment must be made to the Bitcoin wallet. If the user does not pay the ransom in 3 days, the amount is doubled to $ 600. After 7 days, the virus will delete all encrypted files and all your data will be lost.
Who is behind this or the origin of the virus
The exact origin of the virus has not yet been established. But our editor was able to find the 3 most basic versions.
1)Russian hackers
Yes, friends, how can you not bypass such a resonant virus without all your favorite "Russian hackers". The incident may be linked to recent warnings from the Shadow Brokers group to US President Donald Trump following his approved missile strikes in Syria.
2) US intelligence services
On May 15, Russian President Vladimir Putin called the US intelligence services the source of the virus and said that "Russia has absolutely nothing to do with it." Microsoft executives have also stated that the US intelligence services are the primary source of this virus.
3)Government of the DPRK
Representatives of the antivirus companies Symantec and Kaspersky Lab said that cybercriminals from the Lazarus Group were involved in cyber attacks using the WanaCrypt0r 2.0 virus, which hit thousands of computers in 150 countries .
DOWNLOAD : https://github.com/ytisf/theZoo/tree/master/malwares/Binaries/Ransomware.WannaCry
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ computer file anti-leakage systems :
1) The computer file anti-leakage system based on C/S architecture usually installs the management terminal on a computer in the LAN, installs the client on the controlled computer in the LAN, and then actively connects to the client through the management terminal and sends the computer to the client File encryption instruction, the client computer file is encrypted to prevent leakage of computer files.
2) Aiming at the channel for computer file leakage, the current mainstream computer file anti-leakage system in China usually effectively controls the external computer equipment. It prevents the passage by prohibiting the computer USB port, disabling optical drive burning, and prohibiting Bluetooth and PCI devices. Such external devices leaked secrets.
3) For the leakage of network channels, similar computer file anti-leakage systems, on the one hand, set to prohibit computers from accessing the Internet, on the other hand, it encrypts external files to prevent files from being sent through mailboxes, network disks, chat software, and other network channels. The computer file was sent out and the secret was leaked.
4) Many traditional computer file anti-leakage systems use the clipboard of the HOOK client computer to prevent the copying of computer files. However, because many copying and cutting actions of third-party software do not need to be implemented through the clipboard, it directly leads to The failure of this control method.
don't clone our tutorials
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ computer file anti-leakage systems :
1) The computer file anti-leakage system based on C/S architecture usually installs the management terminal on a computer in the LAN, installs the client on the controlled computer in the LAN, and then actively connects to the client through the management terminal and sends the computer to the client File encryption instruction, the client computer file is encrypted to prevent leakage of computer files.
2) Aiming at the channel for computer file leakage, the current mainstream computer file anti-leakage system in China usually effectively controls the external computer equipment. It prevents the passage by prohibiting the computer USB port, disabling optical drive burning, and prohibiting Bluetooth and PCI devices. Such external devices leaked secrets.
3) For the leakage of network channels, similar computer file anti-leakage systems, on the one hand, set to prohibit computers from accessing the Internet, on the other hand, it encrypts external files to prevent files from being sent through mailboxes, network disks, chat software, and other network channels. The computer file was sent out and the secret was leaked.
4) Many traditional computer file anti-leakage systems use the clipboard of the HOOK client computer to prevent the copying of computer files. However, because many copying and cutting actions of third-party software do not need to be implemented through the clipboard, it directly leads to The failure of this control method.
don't clone our tutorials
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β