Forwarded from UNDERCODE NEWS
π¦Security Awareness Campaigns (Lite)
Lite version of Security Awareness Campaigns training
Basic Security Aspects covered in an awareness campaign
4.1 rating
https://www.udemy.com/course/security-awareness-campaigns/
Lite version of Security Awareness Campaigns training
Basic Security Aspects covered in an awareness campaign
4.1 rating
https://www.udemy.com/course/security-awareness-campaigns/
Udemy
Free Cybersecurity Tutorial - Security Awareness Campaigns (Lite)
This is the "lite" version of Security Awareness Campaigns and is meant to give you an idea of the full course. - Free Course
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Reverse Engineering Tools
The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION(https://github.com/The-Art-of-Hacking/art-of-hacking/blob/master/reverse_engineering/README.md) for more references.
* Ghidra(https://ghidra-sre.org/) - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
* Interactive Disassembler (IDA Pro)(https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free(https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* WDK/WinDbg(https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* OllyDbg(http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* Radare2(http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
* x64dbg(http://x64dbg.com/) - Open source x64/x32 debugger for windows.
* Immunity Debugger(http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.
* Evan's Debugger(http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* Medusa(https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
* plasma(https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Reverse Engineering Tools
The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION(https://github.com/The-Art-of-Hacking/art-of-hacking/blob/master/reverse_engineering/README.md) for more references.
* Ghidra(https://ghidra-sre.org/) - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
* Interactive Disassembler (IDA Pro)(https://www.hex-rays.com/products/ida/) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free(https://www.hex-rays.com/products/ida/support/download_freeware.shtml).
* WDK/WinDbg(https://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx) - Windows Driver Kit and WinDbg.
* OllyDbg(http://www.ollydbg.de/) - x86 debugger for Windows binaries that emphasizes binary code analysis.
* Radare2(http://rada.re/r/index.html) - Open source, crossplatform reverse engineering framework.
* x64dbg(http://x64dbg.com/) - Open source x64/x32 debugger for windows.
* Immunity Debugger(http://debugger.immunityinc.com/) - Powerful way to write exploits and analyze malware.
* Evan's Debugger(http://www.codef00.com/projects#debugger) - OllyDbg-like debugger for GNU/Linux.
* Medusa(https://github.com/wisk/medusa) - Open source, cross-platform interactive disassembler.
* plasma(https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
h4cker/reverse_engineering/README.md at master Β· The-Art-of-Hacking/h4cker
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), ar...
Forwarded from UNDERCODE NEWS
New Vulnerability BigBlueButton allow a user to vote more than once in a single poll.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is HTTP Basic and Digest Authentication
two types of authentication are quite different. The algorithm of authentication through the web login form is approximately the following:
1) the user enters data into a web page and they are transmitted, usually by the POST method to the web server
2) the web server passes the received data to the web application
3) the web application compares the submitted credentials with those stored in the database
4) if the username and password are correct, then a token (token) of any kind is sent to the user, which makes it possible to distinguish the user, and the web browser is instructed to save it in cookies
5) the web browser stores this token in a cookie
the site also remembers the token and the user to whom it is assigned
6) on each subsequent request, the web browser sends, among other HTTP headers, and the token from the cookie
now the website verifies not the login and password, but the token from the cookies - if it matches, then this is an authorized user and he can be shown content restricted for access
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is HTTP Basic and Digest Authentication
two types of authentication are quite different. The algorithm of authentication through the web login form is approximately the following:
1) the user enters data into a web page and they are transmitted, usually by the POST method to the web server
2) the web server passes the received data to the web application
3) the web application compares the submitted credentials with those stored in the database
4) if the username and password are correct, then a token (token) of any kind is sent to the user, which makes it possible to distinguish the user, and the web browser is instructed to save it in cookies
5) the web browser stores this token in a cookie
the site also remembers the token and the user to whom it is assigned
6) on each subsequent request, the web browser sends, among other HTTP headers, and the token from the cookie
now the website verifies not the login and password, but the token from the cookies - if it matches, then this is an authorized user and he can be shown content restricted for access
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
The winner of the biggest Sberbank-classified Microsoft program in the history of state procurement has been decided.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ GAMES HACKING ANDROID& IOS :
1) Xmodgames
2) HackerBot
3) Cheat Engine
4) Nox
5) Bluestacks
6) GameCih
7) Using Mods with Private Servers
8) File Manager
9) Lucky Patcher (Root/No Root)
10) Creehack
11) SB Game Hacker
12) LeoPlay Card
13) Game Killer
14) Game Guardian
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ GAMES HACKING ANDROID& IOS :
1) Xmodgames
2) HackerBot
3) Cheat Engine
4) Nox
5) Bluestacks
6) GameCih
7) Using Mods with Private Servers
8) File Manager
9) Lucky Patcher (Root/No Root)
10) Creehack
11) SB Game Hacker
12) LeoPlay Card
13) Game Killer
14) Game Guardian
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Kaspersky asked Putin to quickly transfer banks and government agencies to Russian software.
#international
#international
Forwarded from UNDERCODE NEWS
Microsoft continues to improve the Chromium browser core is beneficial to the entire browser industry.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for pro hackers Detailed explanation of MyBatis query method with parameters :
{}Placeholder
Similar to the way of operating through PreparedStatement in jdbc, the position of the required parameter in the SQL statement will be occupied by ?, and then the parameter will be bound by the passed in parameter. ? All bindings are values, and you cannot specify the columns of the table. When converted to sql, the table name will be treated as a string, which will cause errors to prevent sql injection.
select username,age,password from 'tb_user'
Simple type parameter
Simple types refer to: basic data types, packaging types, String, java.sql.*. When the parameter is a simple type, MyBatis will ignore the number of parameters in the SQL statement and the name of the placeholder, and then automatically bind the parameter. The parameterType attribute can define the type of the parameter. If defined, the parameter type must be required when passing the parameter. It is consistent with the specified type, otherwise ClassCastException is thrown.
<select id="selBaseType" resultType="pojo.User" parameterType="java.lang.Integer">
select * from tb_users where id=#{id}
</select>
User user=sqlSession.selectOne("selBaseType",1);
Map type parameters
When the parameter is a Map collection, the #{} in the SQL statement should write the key value of the Map collection. MyBatis will find only the value through the key and then bind the parameters. If the key does not exist, no error will be reported, and null will be used for parameter binding.
<select id="selByMap" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
Map<String,String> map=new HashMap<>();
map.put("username","zhangsan");
map.put("password","123456");
User user=sqlSession.selectOne("selByMap",map);
Object type parameter passing
When the parameter is an object type, the property name corresponding to the getter method of the object should be written in #{} in the SQL statement. When the getter method does not exist, an exception is thrown.
<select id="selByObject" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
User user1=new User();
user1.setUsername("lisi");
user1.setPassword("123456");
User user=sqlSession.selectOne("selByObject",user1);
${}
Similar to the way of operating through Statement in jdbc, the passed parameters and SQL statements are directly connected to the string. Generally used when the structure of the SQL statement is uncertain.
When the table name is uncertain, the condition is uncertain, and the sorting rule is uncertain, #{} cannot be used, and ${} should be replaced. For simple data types, you should try to use #{} to avoid errors.
${} needs to add'' to the incoming parameter to become a string, otherwise it will be treated as a column name.
select * from tb_users where username='${username}' and password='${password}'
If ${123} will be used as an integer number replacement placeholder, the parameter passed in is invalid at this time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for pro hackers Detailed explanation of MyBatis query method with parameters :
{}Placeholder
Similar to the way of operating through PreparedStatement in jdbc, the position of the required parameter in the SQL statement will be occupied by ?, and then the parameter will be bound by the passed in parameter. ? All bindings are values, and you cannot specify the columns of the table. When converted to sql, the table name will be treated as a string, which will cause errors to prevent sql injection.
select username,age,password from 'tb_user'
Simple type parameter
Simple types refer to: basic data types, packaging types, String, java.sql.*. When the parameter is a simple type, MyBatis will ignore the number of parameters in the SQL statement and the name of the placeholder, and then automatically bind the parameter. The parameterType attribute can define the type of the parameter. If defined, the parameter type must be required when passing the parameter. It is consistent with the specified type, otherwise ClassCastException is thrown.
<select id="selBaseType" resultType="pojo.User" parameterType="java.lang.Integer">
select * from tb_users where id=#{id}
</select>
User user=sqlSession.selectOne("selBaseType",1);
Map type parameters
When the parameter is a Map collection, the #{} in the SQL statement should write the key value of the Map collection. MyBatis will find only the value through the key and then bind the parameters. If the key does not exist, no error will be reported, and null will be used for parameter binding.
<select id="selByMap" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
Map<String,String> map=new HashMap<>();
map.put("username","zhangsan");
map.put("password","123456");
User user=sqlSession.selectOne("selByMap",map);
Object type parameter passing
When the parameter is an object type, the property name corresponding to the getter method of the object should be written in #{} in the SQL statement. When the getter method does not exist, an exception is thrown.
<select id="selByObject" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
User user1=new User();
user1.setUsername("lisi");
user1.setPassword("123456");
User user=sqlSession.selectOne("selByObject",user1);
${}
Similar to the way of operating through Statement in jdbc, the passed parameters and SQL statements are directly connected to the string. Generally used when the structure of the SQL statement is uncertain.
When the table name is uncertain, the condition is uncertain, and the sorting rule is uncertain, #{} cannot be used, and ${} should be replaced. For simple data types, you should try to use #{} to avoid errors.
${} needs to add'' to the incoming parameter to become a string, otherwise it will be treated as a column name.
select * from tb_users where username='${username}' and password='${password}'
If ${123} will be used as an integer number replacement placeholder, the parameter passed in is invalid at this time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦kaliLinux on android in few steps:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install wget
2) wget -O install-nethunter-termux https://offs.ec/2MceZWr
3) chmod +x install-nethunter-termux
4) ./install-nethunter-termux
F E A T U R E S :
features
Kali NetHunter app
The main screen is a panel of general information, network interfaces and the status of the HID device.
Kali Chroot Manager - for managing chroot metapackage installations.
Kali Services - start / stop various chrooted services. Enable or disable them at boot time.
Custom Commands - Add your own commands and functions to the launcher.
MAC Changer - change the Wi-Fi MAC address (only on certain devices)
KeX Manager - Set up an instant VNC session with your Kali chroot.
USB Arsenal - Manage USB Gadgets Configurations
HID [Attacks] - Various HID attacks, Teensy style.
DuckHunter HID - Rubber Ducky Hidden Attacks
BadUSB MITM Attack
MANA Wireless Toolkit - Configure a malicious hotspot with one click.
MITM..
π¦kaliLinux on android in few steps:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install wget
2) wget -O install-nethunter-termux https://offs.ec/2MceZWr
3) chmod +x install-nethunter-termux
4) ./install-nethunter-termux
F E A T U R E S :
features
Kali NetHunter app
The main screen is a panel of general information, network interfaces and the status of the HID device.
Kali Chroot Manager - for managing chroot metapackage installations.
Kali Services - start / stop various chrooted services. Enable or disable them at boot time.
Custom Commands - Add your own commands and functions to the launcher.
MAC Changer - change the Wi-Fi MAC address (only on certain devices)
KeX Manager - Set up an instant VNC session with your Kali chroot.
USB Arsenal - Manage USB Gadgets Configurations
HID [Attacks] - Various HID attacks, Teensy style.
DuckHunter HID - Rubber Ducky Hidden Attacks
BadUSB MITM Attack
MANA Wireless Toolkit - Configure a malicious hotspot with one click.
MITM..
Forwarded from UNDERCODE NEWS
83% of Chrome users do not update despite Google's successive zero-day announcement.
#Vulnerabilities #international
#Vulnerabilities #international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL8.0 method to set remote access permissions:
1. Log in to MySQL
mysql -u root -p
Enter your password
2. Choose mysql database
use mysql;
Because the user table of user information is stored in the mysql database.
3. View the relevant information of the current root user in the user table of the mysql database
select host, user, authentication_string, plugin from user;
After executing the above command, a table will be displayed
Check the host of the root user in the table. The default localhost should be displayed, which only supports local access and does not allow remote access.
4. Authorize all permissions of the root user and set up remote access
GRANT ALL ON *.* TO 'root'@'%';
GRANT ALL ON means all permissions,% means that all hosts are wildcarded and can access remotely.
5. Refresh permissions
After all operations should be performed
flush privileges;
6. View the host of the root user
Perform step 2 again, you will find that the root user's host has become %, indicating that our modification has been successful and can be accessed remotely.
7. Access the database
There are many visualization tools for remote access to the database, such as Navicat, SQLyog, MySQL workbench, etc
Enter the host and password for access, and a 2059 error is reported. This is because the encryption rules of MySql8.0 version and 5.0 are different, and the current visualization tool only supports the old encryption method.
There are two ways to solve this problem, one is to update Navicat driver to solve this problem, the other is to modify the encryption rule of MySQL user login to mysql_native_password, the first method I tried did not work, I use the second method Kind of method.
8. Modify encryption rules
ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER;
password is your current password.
9. Update root user password
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
password is your newly set password.
10. Refresh permissions
FLUSH PRIVILEGES;
OK, the setting is complete, use Navicat again to connect to the database
So far, this article on the method of setting remote access permissions for MySQL 8.0 is introduced.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL8.0 method to set remote access permissions:
1. Log in to MySQL
mysql -u root -p
Enter your password
2. Choose mysql database
use mysql;
Because the user table of user information is stored in the mysql database.
3. View the relevant information of the current root user in the user table of the mysql database
select host, user, authentication_string, plugin from user;
After executing the above command, a table will be displayed
Check the host of the root user in the table. The default localhost should be displayed, which only supports local access and does not allow remote access.
4. Authorize all permissions of the root user and set up remote access
GRANT ALL ON *.* TO 'root'@'%';
GRANT ALL ON means all permissions,% means that all hosts are wildcarded and can access remotely.
5. Refresh permissions
After all operations should be performed
flush privileges;
6. View the host of the root user
Perform step 2 again, you will find that the root user's host has become %, indicating that our modification has been successful and can be accessed remotely.
7. Access the database
There are many visualization tools for remote access to the database, such as Navicat, SQLyog, MySQL workbench, etc
Enter the host and password for access, and a 2059 error is reported. This is because the encryption rules of MySql8.0 version and 5.0 are different, and the current visualization tool only supports the old encryption method.
There are two ways to solve this problem, one is to update Navicat driver to solve this problem, the other is to modify the encryption rule of MySQL user login to mysql_native_password, the first method I tried did not work, I use the second method Kind of method.
8. Modify encryption rules
ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER;
password is your current password.
9. Update root user password
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
password is your newly set password.
10. Refresh permissions
FLUSH PRIVILEGES;
OK, the setting is complete, use Navicat again to connect to the database
So far, this article on the method of setting remote access permissions for MySQL 8.0 is introduced.
β β β Uππ»βΊπ«Δπ¬πβ β β β