▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CENTOS SECURITY TIPS :

1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.

Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.

# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:

# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:

# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.

Run the find command below to get a list of files or directories without users and groups.

# find / -nouser -o -nogroup -exec ls -l {} \;


2) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.

Run the command below to display writable files other than symbolic links which are always writable to everyone.

# find / -path / proc -prune -o -perm -2! -type l –ls


3) Create strong passwords
Create a password that is at least eight characters long.

Password must contain numbers, special characters and capital letters.

Use pwmake to generate a 128-bit password from / dev / urandom.

# pwmake 128
25. Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:

password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.

To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:

minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

BMC’s comment on the changes to TOGG management.
#Technologies

Rockstar Games canceled Bully 2 to make GTA VI.
#Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TAKE A LOOK:

Hack and creative and unusual things that can be done with the Windows API :

Disabled the close, maximimize and minimize buttons
Removed the drop down menu (View, Edit, Help)
Changed the width and height of the Window borders
Changed the title

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) download https://github.com/LazoCoder/Windows-Hacks

2) Make sure you have Visual Studio and .NET Framework 4.5.2.

3) Download the zip.

4) Unzip it.

5) Open WindowsHacks.sln in Visual Studio.

6) Press F5 to run it.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Musk: "The inhabitants on Mars will use cryptocurrency"
#International

LG will announce the new QNED Mini LED TV series at CES 2021.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Damn Small SQLi Scanner FREE :


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽:

1) https://github.com/stamparm/DSSS

2) cd stamparm/DSSS

3) $ python3 dsss.py -h
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)

4) $ python3 dsss.py -u "http://testphp.vulnweb.com/artists.php?artist=1"
Damn Small SQLi Scanner (DSSS) < 100 LoC (Lines of Code) #v0.3a
by: Miroslav Stampar (@stamparm)

5) scanning GET parameter 'artist'
(i) GET parameter 'artist' could be error SQLi vulnerable (MySQL)
(i) GET parameter 'artist' appears to be blind SQLi vulnerable (e.g.: 'http://t
estphp.vulnweb.com/artists.php?artist=1%20AND%2061%3E60')

scan results: possible vulnerabilities found

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

India, a nation emerging as an anti-hacking force.
#CyberAttacks

Next year, high-end iPhone 13 versions are rumored to use 120Hz LTPO panels.
#Technologies

Apple and Prepear are expected to end the dispute over the pear design trademark.
#Updates

Big investor demands for the dismemberment and selling of Intel.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑fREE Code metrics for Javascript/any os support npm packages :

1) download: https://github.com/calmh/yardstick
Or
2) % sudo npm install -g yardstick

3) Run it on one or more code files:

% yardstick mole.js
Scope CC Ar Cd Cm Cm/Cd
mole.js 79 - 415 162 39
anon@55 1 1 3 0 0
readCert 2 0 11 3 27
init 2 1 8 5 63
register 2 1 17 12 71
anon@274 1 1 10 5 50
token 2 1 9 2 22
anon@307 1 1 3 0 0
...

4) Reported Metrics
CC: Estimated cyclomatic complexity. "Estimated", since this is a hard nut to crack on Javascript without actually running the code. The estimate is fairly good however and the point being "higher number => higer complexity => not necessarily so good" is still valid.

Ar: Arity of the function.

Cd: Number of lines of code, excluding blanks and comments.

Cm: Number of lines of comments.

Cm/Cd: Ratio of comments to code, as a percentage. So 100 means there are as many lines of comments as there are lines of code, while 25 means there are four times as many lines of code.

5) But metrics such as cyclomatic complexity and number of comments are useless!
By themselves, possibly. But they can be a handy guide for evaluating areas of code that could use some love. It's a tool like anything else.

6) The cyclomatic complexity reported by yardstick differs from $othertool!

7) Like I said, calculating CC for JS code is nontrivial. A common approach for other languages is to simply count branching keywords. That doesn't give anything like the the full picture in JS since many common control structures are instead expressed as function calls. Consider:

for (var i = 0; i < 5; i++) {
/* ... */
}
vs

[0, 1, 2, 3, 4].forEach(function (i) {
/* ... */
});
Any tool that doesn't recognize those as the same structure is broken. Likewise:

someEventEmitter.on('something', function (d) {
/* ... */
}).on('error', function (e) {
/* ... */
});
Not to mention:

someEventEmitter.on('something', declaredElsewhere)
.on('error', alsoDeclaredElseWhere);

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

PS5: Sony aims to boost the production of units.
#Technologies

Behind the SEC's accusations and Ripple's declassification on exchanges.
#International

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Interactive network scanner with autocomplete:


Suitable for everyday and professional tasks,
Capable of host discovery, port scans and service enumeration (integrates many tools such as: EyeWitness, Hydra, nikto, etc.)
Scanning is performed in the background, in case of connection loss you can download the results asynchronously (no need to restart the process, data can be imported at different stages),
Supports all major stages of network enumeration,
and much more.
External Integrations Service Support
ARP: nmap
DNS: nmap, dnsrecon, dnsenum, host
FINGER: nmap, finger-user-enum
FTP: nmap, ftp-user-enum, hydra AGGRESIVE
HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
RDP: nmap, EyeWitness
SMB: nmap, enum4linux, nbtscan, samrdump
SMTP: nmap, smtp-user-enum
SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
SSH: hydra AGGRESIVE
SQL: nmap
VNC: EyeWitnes


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

» Building from source

Clone the repo: If you want to create a multiplatform binary, run:

1) $ git clone https://github.com/marco-lancini/goscan.git
Change to the GoScan directory and build it:

2) $ cd goscan / goscan /

3) $ make setup

4) $ make build
If you want to create a multiplatform binary, run:

5) $ make cross

» Installing the binary
This is the recommended installation method.

 $ wget https://github.com/marcolancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip
Then put the executable in PATH:

2) $ chmod + x goscan

3) $ sudo mv ./goscan / usr / local / bin / goscan

» Install via Docker
$ git clone https://github.com/marco-lancini/goscan.git
$ cd goscan /
$ docker-compose up --build

example usage take a look at video before this chat

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Tesla and SpaceX: all about the two firms' new achievements.
#Technologies