▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How UChecker works
Uchecker works with all modern Linux distributions starting from version 6.

It is free JSON software and is open for distribution and / or modification under the terms of the GNU General Public License.

Uchecker detects processes that are using old (i.e. unpatched) shared libraries.

It detects and reports obsolete libraries that are being used by running processes.

Its detection capabilities are based on BuildID comparisons.

As a result, the tool knows about deleted or replaced files.

The Uchecker tool can determine the process ID and name, as well as the names of the shared libraries that are not patched, as well as their build IDs.

Uchecker gets the latest BuildIDs from KC resources.

It then starts the process by iterating over / proc / and gets the associated shared library from / proc / <pid> / maps.

At this point, Uchecker asks if the shared library has been replaced or removed.

F E A T U R E S :

Uchecker allows you to update your FOSS libraries.

You can avoid the usual hassle of rebooting servers because you don't know which processes need to be restarted.

This is true for OpenSSL and GNU C (glibc) libraries, among others.

Thanks to technologies such as KernelCare +, it is now even possible to hot fix vulnerabilities in core user space libraries in addition to the Linux kernel libraries.

You can update apps without affecting their working state.

No restarts or reboots required.

Download script:
https://github.com/cloudlinux/kcare-uchecker
Depending on the answer, the program will either parse ELF from the file system or parse ELF from mapped memory.

Uchecker then collects the BuildID from the .note.gnu.build-id.

Detecting obsolete in-memory libraries with UChecker
No installation required!

🦑Just run the Uchecker script to find the unpatched libraries on your Linux server:

# curl -s -L https://kernelcare.com/checker | python

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is DevSecOps?
#Forbeginers :)))

DevSecOps is security as a code culture where you integrate security tools into the DevOps lifecycle.

Security as part of the DevOps process is the only way to mitigate risk.

It is a transformational shift that includes the culture, practices, and security tools at every stage of the DevOps process.

It removes silos between development, security, and admin teams.

It follows a 'shift to the left' approach, which means implementing security processes early in the design / planning phase to provide security awareness for development and administration teams and meet cybersecurity requirements.

Here's how DevSecOps is implemented:

Security and development team collaboration on a threat model
Integration of security tools into the development pipeline
Prioritize security requirements as part of the product backlog
Reviewing infrastructure-related security policies prior to deployment
Security experts evaluate automated tests.
Modern technological innovation plays a vital role in DevSecOps.

Security as code, compliance as code, and infrastructure as code can eliminate many of the manual security steps and improve overall efficiency.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔒Vault Tutorial Hacking :

1) While Vault can be installed on a variety of platforms (www.vaultproject.io/downloads.html), there is one very smart approach that will work for later cloud migration is to use a published Docker container.

2) To get started, you still need to download the Vault binary for your local machine in order to use the Vault client.

$ docker run -p 8200:8200
--cap-add=IPC_LOCK -d --name=dev-vault vault

3) If you've run it in the past but don't see it working with Docker PS, just run: If you want to force the token (for automation later this will come in handy)

$ docker run vault


$ docker run -p 8200:8200
--cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=5l8v34FMhOVBozD9IAAkHREj' vault
==> Vault server configuration:

Api Address: http://0.0.0.0:8200
Cgo: disabled
Cluster Address: https://0.0.0.0:8201
Once started, make sure your container is listening on 8200, log in with the vault login.

define IP

4) docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
44597b284377 vault "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 0.0.0.0:8200->8200/tcp vigorous_darwin


5) vault login -address=http://0.0.0.0:8200
Token (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.

Key Value
--- -----
token 5lxyundercode
token_accessor asdfsadundercode
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]
You can create a credential file (plain text) and pass it with "-" for non-interactive sessions.
You can also use the REST API to log in non-interactively (anything you can do in the CLI can be done through the API).

6) One of the nice things about running a Vault container is that you can run multiple instances at the same time in developer mode by simply using different container IP addresses.

using pod ip

docker inspect zen_chatterjee | grep IPAddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
$ sudo ifconfig lo0 alias 172.17.0.2
$ sudo vi /etc/hosts
$ cat /etc/hosts | grep vault.local
172.17.0.2 vault.local

$ vault login -address=http://vault.local:8200
Token (will be hidden):
Success! You are now authenticated.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 Burp Bounty: BurpSuite extension to improve active and passive scanner ?

Burp Bounty - Scan Check Builder
This Burp Suite extension allows you to quickly and easily improve your active and passive burpsuite scanner with personalized rules through a very intuitive GUI.
XSS rendered and saved
SQL injection based on errors
Blind SQL Injection
Blind SQL injection based on time
XXE
Blind XXE
SSRF
CRLF
Information disclosure
Nginx off-by-slash by Orange Tsai
Command injection
Poisoning the web cache
Blind command injection
Open redirect
Including files locally
Remote file inclusion
Traversing the path
LDAP injection
XML injection
SSI Injection
XPath Injection
etc.

Security headers
Cookie Attributes
Extract endpoints
Software versions
Error lines
In general, any string or regular expression in the response.
Passive request scanning
Interesting parameters and values
In general, any string or regular expression in a request.


Download & use
https://github.com/wagiro/BurpBounty/releases/


ENJOY :)

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑iOs Hacking apps list 3 :

https://spytomobile.com/ru

https://phonespector.com/

https://hellospy.soft112.com/

https://www.cocospy.com/iphone-spy-app.html

https://www.elcomsoft.com/eppb.html

https://github.com/GeoSn0w/Myriam

https://github.com/BishopFox/iSpy

https://www.cydiahacks.net/xsellize-repo-source.html

https://www.veracode.com/resources?assettype=toolkit#resources-results

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Windows Hacking tools :

http://www.ettercap-project.org/

https://www.wireshark.org/

https://intruder.io/?utm_source=referral&utm_campaign=softwaretestinghelp-ethical-hacking-tools

https://www.metasploit.com/

https://www.softwaretestinghelp.com/Kiuwan-Hacking

https://www.acunetix.com/vulnerability-scanner/

https://www.paterva.com/web6/products/maltego.php

https://www.netsparker.com/web-vulnerability-scanner/

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 IP address and DNS Lookup Tools :

- [bgp](https://bgp.he.net/)
- [Bgpview](https://bgpview.io/)
- [DataSploit (IP Address Modules)](https://github.com/DataSploit/datasploit/tree/master/ip)
- [Domain Dossier](https://centralops.net/co/domaindossier.aspx)
- [Domaintoipconverter](http://domaintoipconverter.com/)
- [Googleapps Dig](https://toolbox.googleapps.com/apps/dig/)
- [Hurricane Electric BGP Toolkit](https://bgp.he.net/)
- [ICANN Whois](https://whois.icann.org/en)
- [Massdns](https://github.com/blechschmidt/massdns)
- [Mxtoolbox](https://mxtoolbox.com/BulkLookup.aspx)
- [Ultratools ipv6Info](https://www.ultratools.com/tools/ipv6Info)
- [Viewdns](https://viewdns.info/)
- [Umbrella (OpenDNS) Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html)

git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

An dangerous vulnerability was discovered in OpenStack blazar.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑bUILD YOUR OWN OTP :
building massively scalable soft real-time systems with requirements on high availability.

Binary Distributions
Erlang/OTP is available as pre-built binary packages by most OS package managers.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) apt-get install erlang
Compiling from source

2) git clone https://github.com/erlang/otp.git

3) cd otp

4) ./otp_build autoconf

5) ./configure

6) make

7) make install

🦑EXAMPLE :

-module(hello).
-export([world/0]).

world() -> io:format("Hello, world\n").
Save the file as hello.erl and run erl to enter the Erlang shell to compile the module.

Erlang/OTP 19 [erts-8.2] [source] [64-bit] [smp:4:4] [async-threads:10] [hipe] [kernel-poll:false] [dtrace]

Eshell V8.2 (abort with ^G)
1> c(hello).
{ok,hello}
2> hello:world().
Hello, world
ok

git 2020
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁