▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Tips to Improve your Application Security :

1)Be concerned about securing your API


The Application Programming Interface, or API can be said, is an important part of backend development, supporting applications to communicate with each other.

But since they are obvious, they can be a security issue.

2) Don't forget about Back-end security
A significant number of internal APIs suggest that it is unlikely that an application that is reported to have access will be able to communicate with it.

Internal servers must have security systems installed to protect against malicious attacks.

Therefore, you must ensure that all APIs are authenticated based on the mobile platform, as transport processes and API authentication can differ from platform to platform.

3) Use tokens
A token is "a small hardware device controlled by a way to authorize a login to a system account."

In today's world of applications, developers use tokens to handle user sessions more efficiently.

4) High-level authentication
As discussed above, many security breaches are due to weak authentication.
Hence, it becomes more and more important to use stronger authentication.
Authentication often refers to passwords.
As an application developer, your job is to support your users with passwords.
For example, you can design your application so that it only accepts strong alphanumeric passwords that can be recovered every three months.
Two-factor authentication is also a great idea for securing a mobile app.
If your application allows two-factor authentication, the user will previously be required to enter a code delivered to his or her texts or email upon login.
If we talk more about modern authentication methods, then it includes biometric data such as retinal scans. and fingerprints.

5) Run the best encryption tools and techniques
The number one challenge for stronger encryption is choosing key management.
Store your keys in secure containers.
Never host them locally on the server.

6) Testing the program


It is shocking that many developers do not validate their code.

This is a necessary part of developing quality code.

This is why only part of the app security process is focused on building a great mobile app.

To get a secure application, the team must regularly evaluate the code and analyze the security loopholes that can arise from a data breach.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Review of "LIFEBOOK UH-X / E3", a 13.3-inch notebook PC weighing only 634g.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The main ways to distribute your Trojan:
#fastTips

1. Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.

2. The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.

3. Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it, the Trojan starts, well, of course, music / film, you can also run it to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.

4. Distribution by mail with the extension .src, you can spam by mail like there: "You received an invoice!"

5. Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.

6. Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.

7. Phishing sites, such as update adob, chrome, etc.

8. Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Be aware from this critical Kubernetes Vulnerability.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Data Hacking Project:
"Hacking in the sense of deconstructing an idea, hardware, anything and getting it to do something it wasn’t intended or to better understand how something works." (BSides CFP)

So hacking here means we want to quickly deconstruct data, understand what we've got and how to best utilize it for the problem at hand.

The primary motivation for these exercises is to explore the nexus of IPython, Pandas and Scikit Learn on security data of various kinds. The exercises will often intentionally show common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general we're trying to capture what worked and what didn't, not only is that more realistic but often much more informative to the reader

🦑HOW TO USE ?

Most of the notebooks will have relative paths to some resources, data files or images. In general the easiest way we found to run ipython on the notebooks is to change into that project directory and run ipython with this alias (put in your .bashrc or whatever):

alias ipython='ipython notebook --FileNotebookManager.notebook_dir=pwd'
$ cd data_hacking/fun_with_syslog
$ ipython

For download: https://github.com/SuperCowPowers/data_hacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Improper authorization processing vulnerability for multiple Sensormatic Electronics products.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🌐 Using Tor with Python:

How to use TOR with Python

1) For this tutorial we need Python and PIP

Additionally, we need the TOR expert package.

2) After this tutorial, you should be able to use TOR and Python together.

3) Download Tor
Download and install the TOR expert package on your system

https://www.torproject.org/download/tor/

4) Install Python requests
We need Python requests

5) You can install it using the following commands:

pip install requests
pip install requests [socks]
pip install requests [security]
Python code working with TOR
The following Python code allows you to run TOR and Python together.

We will use the requests library to execute requests.

Make sure you have TOR running before running the code.

import requests

domain = "https://itsecforu.ru"
#define your proxies
#the socks5h method allows the socks server to translate the #hostname. So make sure that you add 'socks5h'.
proxies = {
'http': 'socks5h://127.0.0.1:9050',
'https': 'socks5h://127.0.0.1:9050'
}
a = requests.get(domain.strip(), proxies=proxies).text
print(a)
When can you use this
There can be various reasons why you might want to use TOR and Python together.

Python itself is just a programming language, and if it works in Python, then most likely the same approach will work in other programming languages ​​as well.

use case 1: crawler
You can use this code to create your own Python crawler via TOR.

Just create a list or dictionary of URLs you want to visit and instruct the tool to use your list.

myurls = ['url1','url2','url3','url4']
for url in myurls:
#dosomething
use case 2: Forensics
In some cases, you may only be interested in the text.

The code allows you to load entire pages without viewing visual content.

This can be a big advantage in some use cases.

my_interest = ['keyword1','keyword2','keyword3','keyword4']
for keyword in my_interest:
if keyword in a:
#dosomething

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Vietnam announced to stop production and import of 2/3G mobile phones to promote 4G and 5G.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How terrible is the ancient attack technique called Typosquatting [misplantation]
The interesting thing about this is that the target of Tschacher's attack is not ordinary end users, but developers. If Tschacher really intends to attack and implants malicious code, the attack surface and spread speed are not comparable to ordinary phishing websites. Any attack initiated by developers can always spread rapidly in a short period of time, because if malicious code is implanted in the development process without even knowing it, then the end user will be attacked as a matter of course.


🦑For example, we want to visit a website whose domain name is n.com. Its binary expression is like this:

n . c o m
01101110 0101110 01100011 01101111 01101101
If a bit error occurs in the memory module and a bit error occurs, it will be as follows. When you visit the domain name n.com, the binary data needs to be stored once, but in the end, what we visit is actually o.com. This process is truly unconscious. If someone registers an o.com domain name to imitate the n.com website, the phishing success rate can reach almost 100%.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Pluton Processor is launched by Microsoft to include new Windows PC security features.
#Updates #Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bruteforce password protected rar / zip files:

1) Linux
Clone rarPasswordCracker

git clone https://github.com/GauthamGoli/rarPasswordCracker.git

2) Change to the rarPasswordCracker directory.

cd rarPasswordCracker

3) Replace RARFILE.rar with the path to the .rar file you want to brute-force

4) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6

🦑Sintakis

1) python bruteforce.py --fr filetocrack.rar -c charset -n sizeofpassword

2) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6

3) python bruteforce.py --fz ZIPFILE.zip -c charset -n sizeofpassword

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

CAB-J renewed pay TV contact rate survey in April next year, expanding survey area nationwide.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top problems with Android 11 Beta and should you install it :

1) Google Pay doesn't work
The current version of Android 11 is not fully compatible with SafetyNet. Among other things, this means no access to Google Pay. You can run this application, but you cannot set a credit card there. Everything looks fine at first, but then the message "Unable to complete installation for payment in stores" appears.

2) New power menu is worse without Google Home
Many praise the power menu in Android 11. There are switches for controlling home appliances. If you don't use the Google Home app or don't have smart appliances, the menu gets worse.

a)You cannot click on an empty space to close the menu, you must use the back gesture.
b)The Restart and Shutdown buttons are at the very top and are difficult to reach due to the empty space where the buttons for household appliances could be.
c)The Lock button is hidden behind another menu to make room for fixture buttons you don't have.
d)The menu supports smart home applications, but applications do not yet support this menu.

3) Custom launchers can be reset
This bug will be fixed in future beta versions, but now the system periodically returns to the Pixel Launcher on its own instead of the launcher you installed. Usually, the screen turns off and on, after which your launcher returns.

4) The shape of the new icons does not fit the new context document

If you are using icons with new shapes from the Styles and Wallpapers section, they interfere with another cool new feature. If you define a new contextual dock when you apply a theme with one of five new icon shapes (pebble, beveled rectangle, vessel, hexagon, and flower), the responsive dock icons will revert to static versions.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁