β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Install Suricata IDS on Linux
Might as well build Suricata from source code. You have to install a few required dependencies first, as shown below.
Install dependencies on Debian, Ubuntu or Linux Mint
1) $ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
install dependencies on CentOS, Fedora or RHEL
2) $ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
3) Once you have installed all the necessary packages, you can now install Suricata , As shown below.
First, download the latest Suricata source code from http://suricata-ids.org/download/ and compile the code.
4) Now compile and install it.
$ make
$ sudo make install
Suricata source code comes with default configuration files. May wish to install these default configuration files as shown below.
$ sudo make install-conf
5) As you know, Suricata is useless without the IDS rule set. Conveniently, the Makefile comes with IDS rules installation options. To install IDS rules, just run the following command.
$ sudo make install-rules
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Install Suricata IDS on Linux
Might as well build Suricata from source code. You have to install a few required dependencies first, as shown below.
Install dependencies on Debian, Ubuntu or Linux Mint
1) $ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
install dependencies on CentOS, Fedora or RHEL
2) $ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
3) Once you have installed all the necessary packages, you can now install Suricata , As shown below.
First, download the latest Suricata source code from http://suricata-ids.org/download/ and compile the code.
4) Now compile and install it.
$ make
$ sudo make install
Suricata source code comes with default configuration files. May wish to install these default configuration files as shown below.
$ sudo make install-conf
5) As you know, Suricata is useless without the IDS rule set. Conveniently, the Makefile comes with IDS rules installation options. To install IDS rules, just run the following command.
$ sudo make install-rules
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD ANDROID APPS FOR RECOVER LOST DATA"
https://play.google.com/store/apps/details?id=com.wondershare.drfone
https://play.google.com/store/apps/dev?id=6817647156581849686
https://play.google.com/store/apps/details?id=com.easeus.mobisaver
https://play.google.com/store/apps/developer?id=EaseUS+Data+Recovery+Software
https://play.google.com/store/apps/details?id=video.recovery
https://play.google.com/store/apps/developer?id=Tasty+Blueberry+PI
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
https://play.google.com/store/apps/developer?id=Defiant+Technologies,+LLC
https://play.google.com/store/apps/details?
id=com.greatstuffapps.digdeep
https://play.google.com/store/apps/developer?id=GreatStuffApps
https://play.google.com/store/apps/details?id=photo.recovery
https://play.google.com/store/apps/developer?id=Tasty+Blueberry+PI
https://play.google.com/store/apps/details?id=com.auntec.photo
https://play.google.com/store/apps/developer?id=Suzhou+Aunbox+Software+Co.+Ltd.
https://play.google.com/store/apps/details?id=com.baloota.dumpster
https://play.google.com/store/apps/dev?id=5104976176358171231
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME GOOD ANDROID APPS FOR RECOVER LOST DATA"
https://play.google.com/store/apps/details?id=com.wondershare.drfone
https://play.google.com/store/apps/dev?id=6817647156581849686
https://play.google.com/store/apps/details?id=com.easeus.mobisaver
https://play.google.com/store/apps/developer?id=EaseUS+Data+Recovery+Software
https://play.google.com/store/apps/details?id=video.recovery
https://play.google.com/store/apps/developer?id=Tasty+Blueberry+PI
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
https://play.google.com/store/apps/developer?id=Defiant+Technologies,+LLC
https://play.google.com/store/apps/details?
id=com.greatstuffapps.digdeep
https://play.google.com/store/apps/developer?id=GreatStuffApps
https://play.google.com/store/apps/details?id=photo.recovery
https://play.google.com/store/apps/developer?id=Tasty+Blueberry+PI
https://play.google.com/store/apps/details?id=com.auntec.photo
https://play.google.com/store/apps/developer?id=Suzhou+Aunbox+Software+Co.+Ltd.
https://play.google.com/store/apps/details?id=com.baloota.dumpster
https://play.google.com/store/apps/dev?id=5104976176358171231
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Mod your own apk
#fastTips
source code: https://github.com/kaleemullah360/android-APK-Mods
1) Load APK
java -jar apktool.jar if application-name.apk
2) Decode APK
java -jar apktool.jar decode application-name.apk
3) Recompile APK
java -jar apktool.jar b application-name.apk
4) Add signature using APK Signer
java -jar apk-signer-1.8.5.jar certificate.pem key.pk8 application-name.apk
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Mod your own apk
#fastTips
source code: https://github.com/kaleemullah360/android-APK-Mods
1) Load APK
java -jar apktool.jar if application-name.apk
2) Decode APK
java -jar apktool.jar decode application-name.apk
3) Recompile APK
java -jar apktool.jar b application-name.apk
4) Add signature using APK Signer
java -jar apk-signer-1.8.5.jar certificate.pem key.pk8 application-name.apk
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - kaleemullah360/android-APK-Mods: Hack into android applications, some tools and instructions. decode, modify and recompileβ¦
:sparkles: Hack into android applications, some tools and instructions. decode, modify and recompile APK :sparkles: - GitHub - kaleemullah360/android-APK-Mods: Hack into android applications, some ...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Speedup mega download and more:
Get file details and information
Download the file
Read file and Decrypt it
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
first download https://github.com/BaseMax/MegaDownloader
step 1: make api call to mega api server get info about the file with download link api return filename,filesize,download link filename is encrypted string
step 2: we download the encrypted file using the url returned in step 1 api response
step 3: after download decrypt the file
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Speedup mega download and more:
Get file details and information
Download the file
Read file and Decrypt it
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
first download https://github.com/BaseMax/MegaDownloader
step 1: make api call to mega api server get info about the file with download link api return filename,filesize,download link filename is encrypted string
step 2: we download the encrypted file using the url returned in step 1 api response
step 3: after download decrypt the file
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - BaseMax/MegaDownloader: A script to download file from Mega.n and read it. (Using PHP)
A script to download file from Mega.n and read it. (Using PHP) - BaseMax/MegaDownloader
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What can XSS do?
Before we learn the use of XSS, it is necessary for us to know what XSS can do? Or what kind of harm:
Β· Alter the page, modify the content of the page
Β· Phishing
Β· Steal user cookies
Β· Hijack user (browser) sessions
Β· Hang ads, brush traffic
Β· DDoS
Β· Web page hanging horse
Β· Get ββclient information (such as UA, IP, open port)
Β· Spread XSS Worm
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What can XSS do?
Before we learn the use of XSS, it is necessary for us to know what XSS can do? Or what kind of harm:
Β· Alter the page, modify the content of the page
Β· Phishing
Β· Steal user cookies
Β· Hijack user (browser) sessions
Β· Hang ads, brush traffic
Β· DDoS
Β· Web page hanging horse
Β· Get ββclient information (such as UA, IP, open port)
Β· Spread XSS Worm
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use the system's built-in commands to get manual antivirus ?
1) Start point Before doing it yourself, remember to be prepared-use TaskList to backup system processes
New viruses have learned to use processes to hide themselves, so we'd better back up the computer's process list when the system is normal. Of course, it's best to back up without running any programs when entering Windows, so that the computer will feel abnormal in the future. You can find the process that may be a virus by comparing the process list.
Enter at the command prompt:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list in csv format to the "zc.csv" file, g: is the disk you want to save to, and you can open the file with Excel.
2) When you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a virus epidemic recently, then it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files of the current process, and then enter:
FC g:\zccsv g:\yc.csy
After pressing Enter, you can see the difference between the front and rear list files. Through comparison, it is found that the computer has an extra abnormal process named "Winion0n.exe" (here we take this process as an example) and not "Winionon.exe".
3) When making a judgment, remember that the evidence is conclusive-use Netstat to view open ports
For such a suspicious process, how to judge whether it is a virus? According to most viruses (especially Trojan horses) will spread the virus through the port to connect to the outside, you can check the port occupancy.
Enter at the command prompt:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all port information that establishes a connection with the host
n: Display the PID code of the process of opening the port
o: Display address and port information in digital format
After you press Enter, you can see all open ports and external connection processes. Here, a process with PID 1756 (take this as an example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is "Winion0n" through the task manager. .exe", you can judge that this is an illegal connection by checking the network program running on this machine!
The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected yet, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means the end of this connection.
It indicates that the port has been accessed once, but the access is over. It is used to determine whether an external computer is connected to the machine.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use the system's built-in commands to get manual antivirus ?
1) Start point Before doing it yourself, remember to be prepared-use TaskList to backup system processes
New viruses have learned to use processes to hide themselves, so we'd better back up the computer's process list when the system is normal. Of course, it's best to back up without running any programs when entering Windows, so that the computer will feel abnormal in the future. You can find the process that may be a virus by comparing the process list.
Enter at the command prompt:
TaskList /fo:csv>g:zc.csv
The function of the above command is to output the current process list in csv format to the "zc.csv" file, g: is the disk you want to save to, and you can open the file with Excel.
2) When you do it yourself, you must be eye-catching-use FC to compare process list files
If you feel that your computer is abnormal, or you know that there is a virus epidemic recently, then it is necessary to check it.
Enter the command prompt and enter the following commands:
TaskList /fo:csv>g:yc.csv
Generate a list of yc.csv files of the current process, and then enter:
FC g:\zccsv g:\yc.csy
After pressing Enter, you can see the difference between the front and rear list files. Through comparison, it is found that the computer has an extra abnormal process named "Winion0n.exe" (here we take this process as an example) and not "Winionon.exe".
3) When making a judgment, remember that the evidence is conclusive-use Netstat to view open ports
For such a suspicious process, how to judge whether it is a virus? According to most viruses (especially Trojan horses) will spread the virus through the port to connect to the outside, you can check the port occupancy.
Enter at the command prompt:
Netstat -ano
The meaning of the parameters is as follows:
a: Display all port information that establishes a connection with the host
n: Display the PID code of the process of opening the port
o: Display address and port information in digital format
After you press Enter, you can see all open ports and external connection processes. Here, a process with PID 1756 (take this as an example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is "Winion0n" through the task manager. .exe", you can judge that this is an illegal connection by checking the network program running on this machine!
The meaning of the connection parameters is as follows:
LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected yet, only the service port of the TCP protocol can be in the LISTENINC state.
ESTABLISHED means to establish a connection.
Indicates that the two machines are communicating.
TIME-WAIT means the end of this connection.
It indicates that the port has been accessed once, but the access is over. It is used to determine whether an external computer is connected to the machine.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦JavaScript email attachments may carry malicious code ?
Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.
The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host in Windows can also directly execute .js files.
Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESETβs Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages ββby default. But RAA is different. This is malware written entirely in JavaScript.
Experts in the BleepingComputer.com technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.
Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.
Lawrence Abrams, the founder of BleepingComputer.com, said in a blog: "In the current situation, there is no way to decrypt it except for payment.
According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if its target is a Russian computer, its proliferation is only a matter of time.
It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦JavaScript email attachments may carry malicious code ?
Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.
The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host in Windows can also directly execute .js files.
Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESETβs Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages ββby default. But RAA is different. This is malware written entirely in JavaScript.
Experts in the BleepingComputer.com technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.
Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.
Lawrence Abrams, the founder of BleepingComputer.com, said in a blog: "In the current situation, there is no way to decrypt it except for payment.
According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if its target is a Russian computer, its proliferation is only a matter of time.
It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β