▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How can A variant of the CTB-Locker Trojan for Websites detected ?

1) After several months of relative calm, the CTB-Locker malware, also known as Critroni, has returned to the attention of cybersecurity experts. Researchers have discovered a new variant of the Trojan and named it “CTB-Locker for Websites”. Unlike earlier versions, which encrypt files on victims' computers, this type encrypts content of Internet resources.

2) According to the owner of the BleepingComputer website cyber security expert Lawrence Abrams, hackers compromise the servers of hosting providers and replace the original index.php or index.html with the new index.php. The new index.php is used to encrypt data on the site with 256-bit AES and display a new home page demanding ransom for decryption.

3) Abrams estimates that CTB-Locker for Websites has infected over 100 resources so far. The original CTB-Locker for Windows peaked and now it is not as popular as TeslaCrypt, CryptoWall and Locky ransomware. According to the researcher, the new variant of the Trojan will not succeed in gaining the fame of its predecessor, since the data on the sites always have backups that allow them to be easily restored without paying a ransom.

Errors exploited to infect CTB-Locker sites remain unknown. However, experts do not rule out the possibility of resource infection using vulnerabilities in WordPress


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crypt / Why? / Types / Issue price :

1) This is the process of modifying the code of your file (exe / dll) in such a way that the file itself remains operational and all antiviruses will consider that the file is harmless to the system.

2) This is accomplished in a variety of ways. The simplest ones are adding garbage sections or false calls and jumps to the file code. This simplest method has long lost its relevance due to the development of antiviruses and logistic methods of file analysis (heuristic analysis).

3) Now more complex methods are used, which include a huge complex of file file modifications. And the more sophisticated the methods, the longer your file will remain "clean" for AB.

🦑There are two types of such crypts:
Manual - this is when your file is modified manually, individually for the task. It is believed that this method gives a better quality result and the file stays "clean" longer.

4) With the help of a cryptor, this is an automatic method in which a program is written in advance, which produces a number of modifications standard for each file. This method is considered less reliable because the procedures performed on the file are the same for all files. This, in turn, means that if one of the files is caught by the AV, then all the others will soon begin to be detected (identified by AV as malicious).
With each such modification (process), the file size increases by a certain number of kilobytes. This size is different for each service / cryptor and can vary from 5kb to 300kb. Less is better. The extra dimension is called STAB. The price ranges from $ 5 - $ 50. Automatic (using a crypter costs $ 5-15), manual costs $ 25-50.


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Random tips :

The advantages of using AJAX (XMLHttpRequest) for AJAX (XMLHttpRequest) Support are:

1) cleaner and thinner client-side lib

2) no issues with "busy" indicators

3) pure XML data exchange (iso JavaScript callbacks)

🦑Pay attention to 4 points:
1: Version 2.0.2
2: Mode pull
3: Format xml-strict
4: File ajax-pushlet-client.js

🦑In fact, Pushlet officially has examples
demos-Pushlets-AJAX
Click to run and you can see that the content returned by the server is, please look at the above 6 points:

p_event=join-listen-ack
p_mode=pull
p_time=1380021729
p_id=qabynopuvu
p_format=xml-strict
p_sid=vyrel

» Then open the source code of the page to see the referenced files:
<script type="text/javascript" src="../../lib/ajax-pushlet-client.js"></script>
If you open ajax-pushlet-client.js and take a look, you can see:

NV_P_FORMAT:'p_format=xml-strict'
In other words, the default is xml-strict

So, referring to this example, you can organize your own applications under XMLHttpRequest adaptation

don't copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 improve your Wi-Fi signal :

1) Update the firmware on the router

2) Find the best place for your router

3) What frequency does your router operate on?
Review your network admin interface - the router should be configured for optimal performance. If your router is dual band, then you have the opportunity to get better bandwidth by switching to the 5 GHz band instead of the more common 2.4 GHz band.

4) Change the channel
Interference is a big problem, especially for those living in densely populated areas. Signals from other wireless networks can significantly affect connection speed, not to mention wireless phone systems, microwave ovens, and other electronic devices.

5) Control the quality
Most modern routers are equipped with Quality of Service (QoS) tools to limit the bandwidth used by applications.

6) Don't rely on outdated hardware
Everyone wants to get the most out of their hardware, but if you are using an older device it would be foolish to expect high performance from it. If you bought your router a few years ago, chances are it is using the older, slower 802.11n standard (or maybe 802.11g at all).

7) Add an antenna
If your router uses an internal antenna then it makes sense to add an external antenna as it sends out a stronger signal.

8) Install a Wi-Fi signal booster
Distance is one of the most obvious problems, as each router has its own specific optimum area that it can cover. If your network needs to cover a larger area than the router can cover, or if there are many obstacles and walls in its path, then expect a bad signal.

don't copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Choose a Bitcoin Wallet: A Beginner's Guide :

hen choosing a reliable Bitcoin wallet, software or hardware, you need to adhere to the following criteria:

1) Management of private keys . You must control your keys.

2) Back up and security features . I need backup keys and pin codes.

3) Community of developers . People to actively maintain the wallet.

4) Hot or cold wallets .

5) Ease of use . Convenient user interface for quick access.

6) Compatibility with different operating systems.

7) HD Wallet . Wallets that generate new addresses themselves.

8) KYC . Wallets that do not require additional documents.

don't copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best wallets for Android :

https://coinsutra.com/go/coinomi/

https://coinsutra.com/go/samouraiwallet/

https://play.google.com/store/apps/details?id=co.edgesecure.app

https://play.google.com/store/apps/details?id=com.mycelium.wallet

https://play.google.com/store/apps/details?id=com.kryptokit.jaxx

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Watch Two Videos Simultaneously on Galaxy Note 20 and Galaxy Note 20 Ultra:

1) Install SoundAssistant
To do this, you need to install the Samsung SoundAssistant app. If this program is not yet available on your Galaxy Note 20, you can download it here . Using the application, you can start two videos, change the volume step, add an equalizer to the volume bar, etc.


2) Step 2. Activating Multi Sound
Launch the app and activate the Multi Sound switch. You will need to select an application. On the new page, select the application to broadcast the videos you want to watch simultaneously. Once selected, this app will play audio even if you have started a video from another source.

3) Step 3. Splitting audio
Return to the SoundAssistant main page and select Separate app sound under the previous option. Activate the switch on the next page and click Select. You will see the page as in step 2. Select the same application from the list as in step 2.

4) Once selected, this application will be able to output audio to a separate audio device. Without enabling this function, when you play two videos, the sound of two applications will be output from one speaker or headphones at the same time. Any Bluetooth-connected audio device is set by default. Do not change this setting.

5) Check the result
Connect the Bluetooth device to your smartphone and launch the video viewing application that you set in the Multi Sound and Separate app sound settings. Play the video. The sound should be output to the Bluetooth device as usual. Use split screen mode to open another app and play the video there. The sound will come from the smartphone speaker.

6) It should be noted that the audio from the speaker cannot use the Samsung Dual Audio function to output to another speaker or Bluetooth headphones. If you want to split audio but don't want it to come from your smartphone speaker, plug in a pair of headphones via USB-C. For example, these are included with these smartphones. The sound will be the same as that coming from the smartphone speaker, but different compared to Bluetooth.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to enable YouTube picture-in-picture mode on iOS 14 ?

For example, you can use the Pocket program. With an account in it and an extension, you can share YouTube videos from a browser or application to your Pocket account. In the Pocket app, you can play saved videos and use the Picture-in-Picture mode as it should work on iOS.

Alternative method using Shortcuts
If you don't want to rely on Pocket or another app to save YouTube videos, you can create a command to make things easier. This allows you to immediately play YouTube videos in Picture-in-Picture mode and gain control over quality, speed, and more.

Step 1. Installing Scriptable
Install the free Scriptable app before creating your team. It is an automation tool that lets you write scripts with native functionality from iOS apps like Files, Calendars, Reminders, and more.



Step 2. Install Shortcut
There are many versions of the required command, but the original version could be from Reddit user Farlingmandag89. The team is called YouTube PiP and the latest version is currently the fourth. You can install it from the RoutineHub page https://routinehub.co/shortcut/6622/, where the latest version of the command is always available, or from iCloud https://www.icloud.com/shortcuts/601ba6e4d49247c08037dd7e5d9e821e.

Any of these links will require you to click Get Shortcut. If Shortcuts displays an error stating that you cannot open a command, go to Settings> Shortcuts, activate the Trust Unknown Commands radio button, and try again. When the Shortcuts app starts up, you can test the entire picture-in-picture mode before using it. At the bottom, click "Trust Unknown Commands" to add it to the Shortcuts library.



Step 3. Allowing access
On the My Teams tab in the Shortcuts app, click the (•••) icon on the YouTube PiP card. Scroll down and click "Allow Access" on the Scriptable action card.


In the window that appears, click OK, then on the card you will see "Run with configuration". If you click Show More, you can view the script for the Scriptable.



Step 4. Play YouTube video in Picture-in-Picture mode
Now you can start. Find the video you want on YouTube in your browser or in the YouTube mobile app. Open the Share panel. To do this, in the Safari browser, click on the "Share" icon in the toolbar, and not under the video. In the YouTube app, click the Share button below the video.





How to share on Safari (left) and YouTube app (right)

In the Share panel, find YouTube PiP in the list. If you want to make it easier to access, scroll down the list, click Edit Actions, click the + icon next to YouTube PiP to add to your favorites list. Click "Done" and YouTube PiP will appear in the front row of the Share panel.



Click YouTube PiP and the Scriptable app will open. The video player appears and the desired video in Picture-in-Picture mode. You can change the playback speed and quality of some videos by choosing between 360p and 720p. There is a button to jump 10 seconds forward and backward. The previous version of the command had a Download button.

Then you can go back to the home screen and select another app, or use the app switcher from Scriptable. The Picture-in-Picture window will continue to work and you can interact with it like any other in iOS 14.



Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FTP FOR BEGINERS :

A multi-transmission protocol, equivalent to an encrypted version of FTP. When you send and receive files on an FTP server, you face two risks. The first risk is to encrypt the file when uploading it. The second risk is that these files will stay on the FTP server while you are waiting for the recipient to download them.

> How do you keep these files safe? Your second option (creating an FTP server that supports SSL) enables your host to upload these files using an FTPS connection. This includes the use of an SSL layer under the FTP protocol to encrypt control and data channels. An alternative to FTPS is the Secure File Transfer Protocol (SFTP).

> This protocol uses the SSH file transfer protocol to encrypt the FTP connection from the client to the server.
FTPS is an enhanced FTP protocol that uses standard FTP protocols and commands at the secure socket layer, adding SSL security functions to the FTP protocol and data channels. FTPS is also called "FTP-SSL" and "FTP-over-SSL". SSL is a protocol for encrypting and decrypting data in a secure connection between a client and a server with SSL function.

> When using FTPS to connect to the server, there are two methods: explicit and implicit.
simply put:

1) The display is also called FTPES. The FTPS client and the FTPS server must explicitly use the same encryption method. If the client does not require encryption, the server also allows unencrypted communication.

2) Implicitly, the client directly contacts the server through TSL/SSL encryption. If the server does not respond, the communication is stopped.

3) FTP4J supports FTPS/FTPES secured connection. The original 21 port is used for FTPES, port 990 is used for FTPS, and port 22 is used for SFTP. The following does not include SFTP content.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best spy apps to track text messages :

A ) Why are message tracking spy apps so popular?
Sometimes we would give everything to be able to read other people's minds. Unfortunately, this is impossible, but we can hack the phone and get all the information we need from it. For example, thanks to free spy apps, you can read messages. Today, millions of people use spyware to view other people's messages.

With these programs, you can be sure that your children are safe and not going to do anything inappropriate behind your back. These applications will also be useful for employers - they will be able to see if their employees are selling any confidential information about the company. This useful tool gives you full access to the target device with the ability to view received, sent and deleted messages, and also provides access to the call log.

B) WORKING AND VERIFIED :

https://www.flexispy.com/?a_aid=1004&offer_id=3&transaction_id=102fc026f6004d3434831ef8fc5038

https://mspy.xyz/?region=BA&aff_id=ho_10850&utm_source=HasOffers&utm_medium=ho_10850&c=LB&city=Beirut&gAdwordsID=&offer_id=70&transaction_id=1028be72f6099fdb4ca3034899ffe3&goal=rs&aff_sub=&aff_sub2=5f8c0172851a7d00010fba0d&aff_sub3=&aff_sub4=&aff_sub5=&utm_campaign=

https://highstermobile.com/

https://ru.ikeymonitor.com/ (don't install en version)

https://www.phonesheriff.com/



Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Wing FTP 4.3.8 Authenticated Command Execution Vulnerability :

A) The embedded lua interpreter in the admin web interface is the insecure component of Wing FTP 4.3.8. Only an Authorized Administrator user may access this section of the program. The intruder is able to use os.execute) (in the case of Wing FTP on Windows by providing a specially designed HTTP POST request or just accessing the Web Administrator screen. In the lua parser, the os.execute) (function will then be used for executing arbitrary device commands on the target host. The executed commands would be located in the background of the user running the insecure program while exploiting this vulnerability. In the case of Wing FTP 4.3.8 on Windows, device rights are executed with arbitrary orders

B)We need to have admin keys to log into the admin panel before we can execute orders. Depending about how they are built and used, there are several options to get a hold of web application credentials. Many samples of ways to recover passwords are available. One of them is when credentials are stored in a database through SQL injection. Another choice is to use local data while they are saved in the server's data. Let's take a look first at how administrator credentials are stored by Wing FTP version 4.3.8. We'll then take a look at how we can use the lua interpreter in the administrator panel to manually execute system commands. Finally, using Metasploit, we can show how to exploit this flaw.


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Another facebook bruteforce tool:

Facebook-BruteForce
Bruteforce attack for Facebook Account
Install Requirements(Linux)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

>> apt-get install git python3 python3-pip python python-pip
Run commands one by one
>> git clone https://github.com/IAmBlackHacker/Facebook-BruteForce
>> cd Facebook-BruteForce
>> pip3 install requests bs4
>> pip install mechanize
>> python3 fb.py or python fb2.py


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

free port forward :

>LOCALHOST

>LOCALXPOSE (https://localxpose.io)

> SERVEO (https://serveo.net/)

> NGROK (https://ngrok.com/)

> LOCALTUNNEL (Package Version) (https://localtunnel.me)

> OPENPORT (https://openport.io/)

> PAGEKITE (https://pagekite.net/)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Good for your students:

Free set of challenge based hackathons that can be hosted in-person or virtually via Microsoft Teams.

https://github.com/microsoft/WhatTheHack