β β β Uππ»βΊπ«Δπ¬πβ β β β
Quick install tools for kali/debian Angr:
A) Angr (Android)
1) Angr is a Python framework for analyzing binaries. It is useful for both static and dynamic symbolic ("concolic") analysis. In other words: given a binary and a requested state, Angr will try to get to that state, using formal methods (a technique used for static code analysis) to find a path, as well as brute forcing. Using angr to get to the requested state is often much faster than taking manual steps for debugging and searching the path towards the required state. Angr operates on the VEX intermediate language and comes with a loader for ELF/ARM binaries, so it is perfect for dealing with native code, such as native Android binaries.
2) Angr allows for disassembly, program instrumentation, symbolic execution, control-flow analysis, data-dependency analysis, decompilation and more, given a large set of plugins.
3) Since version 8, Angr is based on Python 3, and can be installed with pip on *nix operating systems, macOS and Windows:
$ pip install angr
4) Some of angr's dependencies contain forked versions of the Python modules Z3 and PyVEX, which would overwrite the original versions. If you're using those modules for anything else, you should create a dedicated virtual environment with Virtualenv. Alternatively, you can always use the provided docker container. See the installation guide for more details.
B) Frida
Frida is a free and open source dynamic code instrumentation toolkit written by Ole AndrΓ© Vadla RavnΓ₯s that works by injecting the QuickJS JavaScript engine (previously Duktape and V8) into the instrumented process. Frida lets you execute snippets of JavaScript into native apps on Android and iOS (as well as on other platforms).
To install Frida locally, simply run:
$ pip install frida-tools
Code can be injected in several ways. For example, Xposed permanently modifies the Android app loader, providing hooks for running your own code every time a new process is started. In contrast, Frida implements code injection by writing code directly into process memory. When attached to a running app:
1) Frida uses ptrace to hijack a thread of a running process. This thread is used to allocate a chunk of memory and populate it with a mini-bootstrapper.
2) The bootstrapper starts a fresh thread, connects to the Frida debugging server that's running on the device, and loads a shared library that contains the Frida agent (frida-agent.so).
3) The agent establishes a bi-directional communication channel back to the tool (e.g. the Frida REPL or your custom Python script).
The hijacked thread resumes after being restored to its original state, and process execution continues as usual.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Quick install tools for kali/debian Angr:
A) Angr (Android)
1) Angr is a Python framework for analyzing binaries. It is useful for both static and dynamic symbolic ("concolic") analysis. In other words: given a binary and a requested state, Angr will try to get to that state, using formal methods (a technique used for static code analysis) to find a path, as well as brute forcing. Using angr to get to the requested state is often much faster than taking manual steps for debugging and searching the path towards the required state. Angr operates on the VEX intermediate language and comes with a loader for ELF/ARM binaries, so it is perfect for dealing with native code, such as native Android binaries.
2) Angr allows for disassembly, program instrumentation, symbolic execution, control-flow analysis, data-dependency analysis, decompilation and more, given a large set of plugins.
3) Since version 8, Angr is based on Python 3, and can be installed with pip on *nix operating systems, macOS and Windows:
$ pip install angr
4) Some of angr's dependencies contain forked versions of the Python modules Z3 and PyVEX, which would overwrite the original versions. If you're using those modules for anything else, you should create a dedicated virtual environment with Virtualenv. Alternatively, you can always use the provided docker container. See the installation guide for more details.
B) Frida
Frida is a free and open source dynamic code instrumentation toolkit written by Ole AndrΓ© Vadla RavnΓ₯s that works by injecting the QuickJS JavaScript engine (previously Duktape and V8) into the instrumented process. Frida lets you execute snippets of JavaScript into native apps on Android and iOS (as well as on other platforms).
To install Frida locally, simply run:
$ pip install frida-tools
Code can be injected in several ways. For example, Xposed permanently modifies the Android app loader, providing hooks for running your own code every time a new process is started. In contrast, Frida implements code injection by writing code directly into process memory. When attached to a running app:
1) Frida uses ptrace to hijack a thread of a running process. This thread is used to allocate a chunk of memory and populate it with a mini-bootstrapper.
2) The bootstrapper starts a fresh thread, connects to the Frida debugging server that's running on the device, and loads a shared library that contains the Frida agent (frida-agent.so).
3) The agent establishes a bi-directional communication channel back to the tool (e.g. the Frida REPL or your custom Python script).
The hijacked thread resumes after being restored to its original state, and process execution continues as usual.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Sony, Microsoft and Nintendo have rarely joined together to maintain network security for cross-platform games.
#Updates #international
#Updates #international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦COLLECTIONS IOS HACKING TUTORIALS :
* [Basic iOS Apps Security Testing lab](https://medium.com/@ehsahil/basic-ios-apps-security-testing-lab-1-2bf37c2a7d15)
* [IOS Application security Γ’β¬β Setting up a mobile pentesting platform](https://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/#gref)
* [Collection of the most common vulnerabilities found in iOS applications](https://github.com/felixgr/secure-ios-app-dev)
* [IOS_Application_Security_Testing_Cheat_Sheet](https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet)
* [OWASP iOS Basic Security Testing](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06b-basic-security-testing)
* [Dynamic analysis of iOS apps w/o Jailbreak](https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8)
* [iOS Application Injection](https://arjunbrar.com/post/ios-application-injection)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦COLLECTIONS IOS HACKING TUTORIALS :
* [Basic iOS Apps Security Testing lab](https://medium.com/@ehsahil/basic-ios-apps-security-testing-lab-1-2bf37c2a7d15)
* [IOS Application security Γ’β¬β Setting up a mobile pentesting platform](https://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/#gref)
* [Collection of the most common vulnerabilities found in iOS applications](https://github.com/felixgr/secure-ios-app-dev)
* [IOS_Application_Security_Testing_Cheat_Sheet](https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet)
* [OWASP iOS Basic Security Testing](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06b-basic-security-testing)
* [Dynamic analysis of iOS apps w/o Jailbreak](https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8)
* [iOS Application Injection](https://arjunbrar.com/post/ios-application-injection)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Medium
Basic iOS Apps Security Testing lab β 1
Hi Everyone,
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Working spoof call apps and fake call apps for Android :
https://play.google.com/store/apps/details?id=me.dingtone.app.im
https://play.google.com/store/apps/details?id=eu.mobitop.fakemeacall
https://play.google.com/store/apps/details?id=com.tiggzi.project54500
https://play.google.com/store/apps/details?id=com.talkatone.android
https://play.google.com/store/apps/details?id=com.gogii.textplus
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Working spoof call apps and fake call apps for Android :
https://play.google.com/store/apps/details?id=me.dingtone.app.im
https://play.google.com/store/apps/details?id=eu.mobitop.fakemeacall
https://play.google.com/store/apps/details?id=com.tiggzi.project54500
https://play.google.com/store/apps/details?id=com.talkatone.android
https://play.google.com/store/apps/details?id=com.gogii.textplus
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Second Number for Call & Text - Apps on Google Play
Second phone number for phone calls & texts. Text & SMS me now with a 2nd number
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Ten U.S. states are filing antitrust litigation against Google against internet advertisement providers.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
FREE ANTI SPAM SOFTWARES :
https://spamassassin.apache.org/
https://www.mailscanner.info/
https://bogofilter.sourceforge.io/
https://sourceforge.net/projects/assp/
https://rspamd.com/
http://www.scrolloutf1.com/
F E A T U R E S :
TLS encryption (2048 bits RSA).
Virus scanning for inbound and outbound emails.
Different Quarantine per domain.
Different scores per domain for Tagging & Blocking.
Provides DMARC record: get notified when domain names are exploited.
Additional SMTP ports.
Spam scanning for inbound and outbound emails originated from non-intranet server.
Powerful and innovative geographic filtering for Sender IP, Server IP, URL IP and TLDs.
Verify Sender IP against weighted white/blacklist providers (score RBL).
Spammer database pollution by deploying unlimited spam traps for your website.
Innovative, easy to use (drag & drop) spam feeder using IMAP clients (as Outlook).
Various validations for hostname, domain, IP, helo/ehlo commands and more.
Verifies incoming emails for DKIM and signs outgoing emails (2048 bits RSA).
Automatic temporary parking of flooding hosts.
Protection against fake messages that appear to come from your domain or from yourself.
Built-in rules for newsletters and other messages generated by automated systems.
Protection against executable files, malicious content, scripts and more.
Eliminates a large amount of junk emails sent by infected or hijacked computers.
Various tests for embedded pictures.
Protection against forged domains like (fake) yahoo.com, gmail.com etc.
Protection against wifi, dynamic, invalid or unknown hosts.
Easy to replicate messages across the world by typing a backup (sub)domain.
Whitelist [sender domain] using drag & drop emails (with MS Outlook).
Blacklist [sender address] using drag & drop emails (with MS Outlook).
Reduce storage cost by redirecting multimedia messages (archived or hidden).
Relay outgoing messages through a global or per sender domain ISP (smarthost).
Lite DLP for MS Word, Excel, PowerPoint, PDF and scanned images (archived or hidden).
Assign an outbound IP address per domain.
Disclaimer per domain.
Simple web interface with guidelines.
β β β Uππ»βΊπ«Δπ¬πβ β β β
FREE ANTI SPAM SOFTWARES :
https://spamassassin.apache.org/
https://www.mailscanner.info/
https://bogofilter.sourceforge.io/
https://sourceforge.net/projects/assp/
https://rspamd.com/
http://www.scrolloutf1.com/
F E A T U R E S :
TLS encryption (2048 bits RSA).
Virus scanning for inbound and outbound emails.
Different Quarantine per domain.
Different scores per domain for Tagging & Blocking.
Provides DMARC record: get notified when domain names are exploited.
Additional SMTP ports.
Spam scanning for inbound and outbound emails originated from non-intranet server.
Powerful and innovative geographic filtering for Sender IP, Server IP, URL IP and TLDs.
Verify Sender IP against weighted white/blacklist providers (score RBL).
Spammer database pollution by deploying unlimited spam traps for your website.
Innovative, easy to use (drag & drop) spam feeder using IMAP clients (as Outlook).
Various validations for hostname, domain, IP, helo/ehlo commands and more.
Verifies incoming emails for DKIM and signs outgoing emails (2048 bits RSA).
Automatic temporary parking of flooding hosts.
Protection against fake messages that appear to come from your domain or from yourself.
Built-in rules for newsletters and other messages generated by automated systems.
Protection against executable files, malicious content, scripts and more.
Eliminates a large amount of junk emails sent by infected or hijacked computers.
Various tests for embedded pictures.
Protection against forged domains like (fake) yahoo.com, gmail.com etc.
Protection against wifi, dynamic, invalid or unknown hosts.
Easy to replicate messages across the world by typing a backup (sub)domain.
Whitelist [sender domain] using drag & drop emails (with MS Outlook).
Blacklist [sender address] using drag & drop emails (with MS Outlook).
Reduce storage cost by redirecting multimedia messages (archived or hidden).
Relay outgoing messages through a global or per sender domain ISP (smarthost).
Lite DLP for MS Word, Excel, PowerPoint, PDF and scanned images (archived or hidden).
Assign an outbound IP address per domain.
Disclaimer per domain.
Simple web interface with guidelines.
β β β Uππ»βΊπ«Δπ¬πβ β β β
spamassassin.apache.org
Apache SpamAssassin: Welcome
Apache SpamAssassin is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam.
Forwarded from UNDERCODE NEWS
2 years later, surpassing mechanical hard drives, Intel bets on PLC flash memory: 1PB SSD is beckoning
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Supporting Netflix' chaos process' that AWS even practices, a new service that purposely triggers errors
#Updates
#Updates
Forwarded from UNDERCODE NEWS
Latest features demo of new Windows 10 21H2: lock screen, laptop, webcam, etc are all highly configured
#Updates
#Updates
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ The meaning of sniffer and sniffer
Sniffers (sniffers) have almost as long a history as the internet. Sniffer is a commonly used method of collecting useful data. These data can be user account numbers and passwords, or some commercial confidential data. With the increasing popularity of the Internet and e-commerce, the security of the Internet has received more and more attention. Sniffer, which plays an important role in Internet security risks, has attracted more and more attention, so today I want to introduce Sniffer and how to stop it.
Most hackers only want to detect hosts on the intranet and gain control. Only those "ambitious" hackers will install Trojan horses and backdoor programs and clear records in order to control the entire network. The technique they often use is to install sniffers.
On the intranet, if hackers want to quickly obtain a large number of accounts (including user names and passwords), the most effective method is to use the "sniffer" program. This method requires that the host running the Sniffer program and the monitored host must be on the same Ethernet segment, so running the sniffer on an external host has no effect. Furthermore, you must use the sniffer program as root to be able to monitor the data flow on the Ethernet segment. When it comes to Ethernet sniffers, you must talk about Ethernet sniffing.
So what is an Ethernet
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ The meaning of sniffer and sniffer
Sniffers (sniffers) have almost as long a history as the internet. Sniffer is a commonly used method of collecting useful data. These data can be user account numbers and passwords, or some commercial confidential data. With the increasing popularity of the Internet and e-commerce, the security of the Internet has received more and more attention. Sniffer, which plays an important role in Internet security risks, has attracted more and more attention, so today I want to introduce Sniffer and how to stop it.
Most hackers only want to detect hosts on the intranet and gain control. Only those "ambitious" hackers will install Trojan horses and backdoor programs and clear records in order to control the entire network. The technique they often use is to install sniffers.
On the intranet, if hackers want to quickly obtain a large number of accounts (including user names and passwords), the most effective method is to use the "sniffer" program. This method requires that the host running the Sniffer program and the monitored host must be on the same Ethernet segment, so running the sniffer on an external host has no effect. Furthermore, you must use the sniffer program as root to be able to monitor the data flow on the Ethernet segment. When it comes to Ethernet sniffers, you must talk about Ethernet sniffing.
So what is an Ethernet
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
AhnLab was selected by Frost & Sullivan as the Korean Endpoint Security Business of the Year.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π How to check the OpenSSH version:
1) How to find out the OpenSSH version
The SSH command provides the ability to check the version of the local SSH server as well as on remote systems.
Use the following commands to check the version of OpenSSH running on local or remote systems.
Checking the OpenSSH version on the local system
Use the following command to check the version of OpenSSH running on your local system.
ssh -V
2) Let's check the OpenSSH version on the remote system -
You can also find a version of OpenSSH server running on remote servers.
This can be done by connecting the remote server via SSH in detail.
The connection log shows the version of the SSH server on the local system, as well as the version of OpenSSH running on the remote computer.
ssh -v localhost
β β β Uππ»βΊπ«Δπ¬πβ β β β
π How to check the OpenSSH version:
1) How to find out the OpenSSH version
The SSH command provides the ability to check the version of the local SSH server as well as on remote systems.
Use the following commands to check the version of OpenSSH running on local or remote systems.
Checking the OpenSSH version on the local system
Use the following command to check the version of OpenSSH running on your local system.
ssh -V
2) Let's check the OpenSSH version on the remote system -
You can also find a version of OpenSSH server running on remote servers.
This can be done by connecting the remote server via SSH in detail.
The connection log shows the version of the SSH server on the local system, as well as the version of OpenSSH running on the remote computer.
ssh -v localhost
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Germany passes a security bill conditionally permitting the usage of Huawei devices on 5G networks.
#Technologies
#Technologies
