β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π¦ ThreatHunt: PowerShell Repository for Teaching Threat Search Skills :
A) Application scenario
Let's say you've just started your threat hunting career, or you've already been hunting for threats, but your organization has implemented Endpoint Detection Response (EDR) or SIEM.
In both cases, you need a safe haven where you can issue safety warnings and start analyzing the data.
This is where ThreatHunt can come in handy, as it doesn't have any malicious files and it just simulates a lot of suspicious activity.
B) πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
ThreatHunt has been tested on Windows 10 1809+. However, it is likely that it will work with most versions of Windows 10.
The script is based on the Microsoft Defender ATP (Attack Protection, Antivirus and Endpoint Detection Response (EDR) package).
ThreatHunt doesn't teach you about hacking. Therefore, some scenarios require domain credentials (username, password), IP ranges, and O365 email credentials (email address and password).
> git clone https://github.com/MiladMSFT/ThreatHunt.git
run then choose option from numbers
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π¦ ThreatHunt: PowerShell Repository for Teaching Threat Search Skills :
A) Application scenario
Let's say you've just started your threat hunting career, or you've already been hunting for threats, but your organization has implemented Endpoint Detection Response (EDR) or SIEM.
In both cases, you need a safe haven where you can issue safety warnings and start analyzing the data.
This is where ThreatHunt can come in handy, as it doesn't have any malicious files and it just simulates a lot of suspicious activity.
B) πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
ThreatHunt has been tested on Windows 10 1809+. However, it is likely that it will work with most versions of Windows 10.
The script is based on the Microsoft Defender ATP (Attack Protection, Antivirus and Endpoint Detection Response (EDR) package).
ThreatHunt doesn't teach you about hacking. Therefore, some scenarios require domain credentials (username, password), IP ranges, and O365 email credentials (email address and password).
> git clone https://github.com/MiladMSFT/ThreatHunt.git
run then choose option from numbers
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - miladaslaner/ThreatHunt: ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills. - GitHub - miladaslaner/ThreatHunt: ThreatHunt is a PowerShell repository that allows you to train your th...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to limit / decrease rsync transfer speed on Linux:
A) If you are using the rsync utility to synchronize your backups between servers or your local computer, you might want to prevent the script from using too much network bandwidth.
The point of limiting bandwidth is to keep your backup scripts from clogging up your network connection.
B) Naturally limiting the bandwidth your backups use will make them run slower.
Here's a common rsync command:
$ rsync βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
What you need to do is use the βbwlimit parameter with a KB / s value, for example:
$ rsync βbwlimit = [kb / second] βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
Thus, if you want to limit the transfer rate to 10,000 KB / s (9.7 MB / s), enter:
$ rsync βbwlimit = 10000 βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
Here's a real world example:
rsync βbwlimit = 10000 βavz -e 'ssh' / backup / root@192.168.0.51: / backup /
In this example rsync will be capped at 10,000 kbps, or about 9.7 MB / s.
Using trickle
C) There is an alternative to the -bwlimit option.
You can also use the "trickle" command to limit the bandwidth of any application you run.
The trickle command syntax is:
$ trickle -u | -d [uploadLimit | downloadLimit] [app]
Where:
-u uploadLimit -> limits the upload bandwidth
-d downloadLimit -> limits the download bandwidth
app -> this is the application for which you want to limit the bandwidth, for example Rsync .
Thus, in our case, we will limit the bandwidth usage of the rsync command to 10,000KB / s using the following commands:
$ trickle -s -u 10000 -d 10000 rsync βavz -e 'ssh' / backup / root@192.168.0.51: / backup /
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to limit / decrease rsync transfer speed on Linux:
A) If you are using the rsync utility to synchronize your backups between servers or your local computer, you might want to prevent the script from using too much network bandwidth.
The point of limiting bandwidth is to keep your backup scripts from clogging up your network connection.
B) Naturally limiting the bandwidth your backups use will make them run slower.
Here's a common rsync command:
$ rsync βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
What you need to do is use the βbwlimit parameter with a KB / s value, for example:
$ rsync βbwlimit = [kb / second] βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
Thus, if you want to limit the transfer rate to 10,000 KB / s (9.7 MB / s), enter:
$ rsync βbwlimit = 10000 βavz -e 'ssh' / path / to / source user @ remotehost: / path / to / dest /
Here's a real world example:
rsync βbwlimit = 10000 βavz -e 'ssh' / backup / root@192.168.0.51: / backup /
In this example rsync will be capped at 10,000 kbps, or about 9.7 MB / s.
Using trickle
C) There is an alternative to the -bwlimit option.
You can also use the "trickle" command to limit the bandwidth of any application you run.
The trickle command syntax is:
$ trickle -u | -d [uploadLimit | downloadLimit] [app]
Where:
-u uploadLimit -> limits the upload bandwidth
-d downloadLimit -> limits the download bandwidth
app -> this is the application for which you want to limit the bandwidth, for example Rsync .
Thus, in our case, we will limit the bandwidth usage of the rsync command to 10,000KB / s using the following commands:
$ trickle -s -u 10000 -d 10000 rsync βavz -e 'ssh' / backup / root@192.168.0.51: / backup /
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Should you use the Raspberry Pi 3 Model B + IN NETWORK HACKING ?
This model is also suitable for the purposes described above, since the Pi 3 Model B + has even more power compared to its younger brother, but we chose the Orange Pi Zero for the following reasons:
1) the cost of this gadget is almost 2 times lower than that of the Pi 3 Model B +, with similar characteristics, so its loss in case of detection or failure will not be as significant
2) the connection to the target router will be made via an Ethernet port, which the Pi Zero does not have, but here you can configure a gigabit network connection via a USB 2.0 port by purchasing an Ethernet-USB adapter
3) during testing, Orange Pi Zero shows much better performance compared to Raspberry Pi Zero, surpassing the Raspberry Pi 2 model, which has a larger form factor, in all respects, despite the fact that the price of these devices is about the same
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Should you use the Raspberry Pi 3 Model B + IN NETWORK HACKING ?
This model is also suitable for the purposes described above, since the Pi 3 Model B + has even more power compared to its younger brother, but we chose the Orange Pi Zero for the following reasons:
1) the cost of this gadget is almost 2 times lower than that of the Pi 3 Model B +, with similar characteristics, so its loss in case of detection or failure will not be as significant
2) the connection to the target router will be made via an Ethernet port, which the Pi Zero does not have, but here you can configure a gigabit network connection via a USB 2.0 port by purchasing an Ethernet-USB adapter
3) during testing, Orange Pi Zero shows much better performance compared to Raspberry Pi Zero, surpassing the Raspberry Pi 2 model, which has a larger form factor, in all respects, despite the fact that the price of these devices is about the same
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BITCOIN EARNING & MANAGEMENTS APPLICATIONS:
https://play.google.com/store/apps/details?id=com.tapgen.featurepoints&hl=en_US
https://itunes.apple.com/us/app/featurepoints/id1409722949?mt=8
https://play.google.com/store/apps/details?id=com.cakecodes.bitmaker
https://itunes.apple.com/us/app/storm-play/id1420545397
https://play.google.com/store/apps/details?id=weekend.bitcoin.free&hl=en_US
https://itunes.apple.com/us/app/bitcoin-free/id999004027?mt=8
https://play.google.com/store/apps/details?id=bitcoin.blockchain.game&hl=en_US
https://play.google.com/store/apps/details?id=bitcoin.alien.run&hl=en_US
https://itunes.apple.com/us/app/bitcoin-alien-run/id1161356630?mt=8
https://play.google.com/store/apps/details?id=app.bitcoin.abundance
https://play.google.com/store/apps/details?id=my.mine.btc&hl=en_US
https://play.google.com/store/apps/details?id=com.cryptbase.supersatoshi&hl=en_US
https://itunes.apple.com/us/app/lympo-walk-run-earn/id1423003823?mt=8
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BITCOIN EARNING & MANAGEMENTS APPLICATIONS:
https://play.google.com/store/apps/details?id=com.tapgen.featurepoints&hl=en_US
https://itunes.apple.com/us/app/featurepoints/id1409722949?mt=8
https://play.google.com/store/apps/details?id=com.cakecodes.bitmaker
https://itunes.apple.com/us/app/storm-play/id1420545397
https://play.google.com/store/apps/details?id=weekend.bitcoin.free&hl=en_US
https://itunes.apple.com/us/app/bitcoin-free/id999004027?mt=8
https://play.google.com/store/apps/details?id=bitcoin.blockchain.game&hl=en_US
https://play.google.com/store/apps/details?id=bitcoin.alien.run&hl=en_US
https://itunes.apple.com/us/app/bitcoin-alien-run/id1161356630?mt=8
https://play.google.com/store/apps/details?id=app.bitcoin.abundance
https://play.google.com/store/apps/details?id=my.mine.btc&hl=en_US
https://play.google.com/store/apps/details?id=com.cryptbase.supersatoshi&hl=en_US
https://itunes.apple.com/us/app/lympo-walk-run-earn/id1423003823?mt=8
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
FeaturePoints: Get Rewarded - Apps on Google Play
Earn Rewards by Trying Apps, Playing Games, Completing Surveys and more...
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best Bitcoin Wallets:
https://coinbase-consumer.sjv.io/c/328256/830083/9251?subId1=4160642&subId2=balance&subId3=link&dd_pm=affiliate&dd_pm_cat=brokerage&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://trezor.io/
https://www.ledger.com/
https://refer.sofi.com/c/328256/864359/11190?adcampaigngroup=wealth&adnetwork=BD&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://robinhood.c3me6x.net/c/328256/748415/10402?subId1=4160642&subId2=balance&sharedid=balance&dd_pm=affiliate&dd_pm_cat=brokerage&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://edge.app/
https://www.exodus.io/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best Bitcoin Wallets:
https://coinbase-consumer.sjv.io/c/328256/830083/9251?subId1=4160642&subId2=balance&subId3=link&dd_pm=affiliate&dd_pm_cat=brokerage&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://trezor.io/
https://www.ledger.com/
https://refer.sofi.com/c/328256/864359/11190?adcampaigngroup=wealth&adnetwork=BD&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://robinhood.c3me6x.net/c/328256/748415/10402?subId1=4160642&subId2=balance&sharedid=balance&dd_pm=affiliate&dd_pm_cat=brokerage&subid1=nfaa0a068a4ed4e6eb5bd3e1edc7aad1508&subid2=thebalance&subid3=link
https://edge.app/
https://www.exodus.io/
β β β Uππ»βΊπ«Δπ¬πβ β β β
trezor.io
Trezor Hardware Wallet (Official) | Bitcoin & Crypto Security
The safest cold storage wallets for crypto security and financial independence. Easily use, store, and protect Bitcoins.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
All Microsoft Windows Users should update their systems.
A New Dangerous Microsoft Windows Print Spooler Vulnerability
#Vulnerabilities
A New Dangerous Microsoft Windows Print Spooler Vulnerability
#Vulnerabilities
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Free Credit card Updated 2020 :
https://www.oxigenwallet.com/
http://tracking.payoneer.com/SH2J0
https://revolut.ngih.net/c/393170/584909/9626?subId1=
https://www.microsoft.com/en-us/p/mb-way/9nblggh3vcn3?
https://www.vcpay.co.za/
https://www.zeta.tech/
https://www.freecharge.in/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Free Credit card Updated 2020 :
https://www.oxigenwallet.com/
http://tracking.payoneer.com/SH2J0
https://revolut.ngih.net/c/393170/584909/9626?subId1=
https://www.microsoft.com/en-us/p/mb-way/9nblggh3vcn3?
https://www.vcpay.co.za/
https://www.zeta.tech/
https://www.freecharge.in/
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODER
Advised on caution on smishing text messages for iPhone hijacking from Naver account.
#Vulnerabilities
MORE INFO - https://undercodenews.com/advised-on-caution-on-smishing-text-messages-for-iphone-hijacking-from-naver-account/12/11/2020/
#Vulnerabilities
MORE INFO - https://undercodenews.com/advised-on-caution-on-smishing-text-messages-for-iphone-hijacking-from-naver-account/12/11/2020/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK HACKING :
SUBDOMAINE TAKE OVER...
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) DOWNLOAD:
https://github.com/mhmdiaa/second-order
2) go get github.com/mhmdiaa/second-order
This will download the code, compile it, and leave a second-order binary in $GOPATH/bin.
π¦Command line options
-base string
Base link to start scraping from (default "http://127.0.0.1")
-config string
Configuration file (default "config.json")
-debug
Print visited links in real-time to stdout
-output string
Directory to save results in (default "output")
π¦Example
> go run second-order.go -base https://example.com -config
config.json -output example.com -concurrency 10
Configuration File
π¦Example configuration file included (config.json)
F E A T U R E S :
Headers: A map of headers that will be sent with every request.
Depth: Crawling depth.
LogCrawledURLs: If this is set to true, Second Order will log the URL of every crawled page.
LogQueries: A map of tag-attribute queries that will be searched for in crawled pages. For example, βaβ: βhrefβ means log every
href attribute of every a tag.
LogURLRegex: A list of regular expressions that will be matched against the URLs that are extracted using the queries in
LogQueries; if left empty, all URLs will be logged.
LogNon200Queries: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they donβt return a 200 status code.
ExcludedURLRegex: A list of regular expressions whose matching URLs will not be accessed by the tool.
ExcludedStatusCodes: A list of status codes; if any page responds with one of these, it will be excluded from the results of
LogNon200Queries; if left empty, all non-200 pagesβ URLs will be logged.
LogInlineJS: If this is set to true, Second Order will log the contents of every script tag that doesnβt have a src attribute.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NETWORK HACKING :
SUBDOMAINE TAKE OVER...
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) DOWNLOAD:
https://github.com/mhmdiaa/second-order
2) go get github.com/mhmdiaa/second-order
This will download the code, compile it, and leave a second-order binary in $GOPATH/bin.
π¦Command line options
-base string
Base link to start scraping from (default "http://127.0.0.1")
-config string
Configuration file (default "config.json")
-debug
Print visited links in real-time to stdout
-output string
Directory to save results in (default "output")
π¦Example
> go run second-order.go -base https://example.com -config
config.json -output example.com -concurrency 10
Configuration File
π¦Example configuration file included (config.json)
F E A T U R E S :
Headers: A map of headers that will be sent with every request.
Depth: Crawling depth.
LogCrawledURLs: If this is set to true, Second Order will log the URL of every crawled page.
LogQueries: A map of tag-attribute queries that will be searched for in crawled pages. For example, βaβ: βhrefβ means log every
href attribute of every a tag.
LogURLRegex: A list of regular expressions that will be matched against the URLs that are extracted using the queries in
LogQueries; if left empty, all URLs will be logged.
LogNon200Queries: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they donβt return a 200 status code.
ExcludedURLRegex: A list of regular expressions whose matching URLs will not be accessed by the tool.
ExcludedStatusCodes: A list of status codes; if any page responds with one of these, it will be excluded from the results of
LogNon200Queries; if left empty, all non-200 pagesβ URLs will be logged.
LogInlineJS: If this is set to true, Second Order will log the contents of every script tag that doesnβt have a src attribute.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mhmdiaa/second-order: Second-order subdomain takeover scanner
Second-order subdomain takeover scanner. Contribute to mhmdiaa/second-order development by creating an account on GitHub.