Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦11 WEEKS NETWORK HACKING/CRACKING LESSONS :/Created & uploaded to git
T O P I C S :
Week 1 Lessons:
Setting Up A Penetration Testing Environment - This will focus on setting up a lab environment, specifically VMWare, Kali Linux, and our lab VMs. The lesson will briefly introduce important aspects of each set up (e.g. Snapshots in VMWare, the Kali Linux toolset, etc.) with the intention to build upon those aspects in later lessons.
How to Keep Notes Effectively - This lesson will cover the importance of note taking from a pentester standpoint. The lesson will introduce the Kali Linux built-in note-taking application, KeepNote, and discuss how to take notes effectively. Taking notes during a penetration test is incredibly important as it allows a pentester reference points when writing their final report, discussing timelines with their team or manager, or even discussing specifics of a pentest with a client.
Week 2 & 3 Lessons:
Introductory Python - Similar to Linux, we will spend some time learning basic Python scripting, which will be essential to our future endeavors as penetration testers.
Week 4 Lessons:
The Art of Reconnaissance - This lesson will discuss reconnaissance in depth and cover common tools used in the process. Some of the tools that will be covered are the OSINT Framework, SET, theHarvester, Bluto, Google Dorks, and Shodan. More tools will likely be added as the lesson is written.
Week 5 Lesson:
Week 6 Lesson:
Enumeration for the win - The intent of this lesson is to provide an overview of basic enumeration tactics and then dive deep into specific tools used for common ports found in penetration testing. For example, if we find port 80 open on a scan (HTTP), we will likely want to know what service is running and enumerate that service for potential exploits at a high level.
Week 7 Lesson:
Gaining a Shell with Metasploit - This lesson will cover how to use Metasploit to gain shell access to a vulnerable machine. This builds upon the introductory Metasploit from section 8 as we move from the auxiliary/scanning portion of Metasploit to the exploit portion. This lesson is important as Metasploit is a common tool in nearly every penetration testers toolkit, especially at the beginner level.
Compiling Exploits - This lesson will add to exploitation learned in section 9, except that the exploitation is now done manually, without Metasploit. This will teach the reader how to safely download exploits from the web, generate shellcode, compile the exploit if necessary, and execute it against a vulnerable machine.
Week 8, 9, and 10 (Internal Pentesting):
Hello Enumeration, My Old Friend - This lesson will cover post-exploitation enumeration.
Active Directory Exploitation - This lesson focuses on the recognition of vulnerabilities and exploitation tactics in an internal Active Directory environment. Attacks that will be introduced include: LLMNR poisoning/hash cracking, SMB hash relaying, pass the hash, token impersonation, kerberoasting, GPP/c-password attacks, and PowerShell attacks. More attacks will likely be added as the lesson is written, but the most common have been provided.
Week 11 Lessons:
Maintaining Access / Pivoting / Cleanup - This lesson will discuss methods of maintaining access on a network, pivoting into other networks, and how to properly clean up as you exit a network.
Β«StartΒ» :
https://github.com/hmaverickadams/Beginner-Network-Pentesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦11 WEEKS NETWORK HACKING/CRACKING LESSONS :/Created & uploaded to git
T O P I C S :
Week 1 Lessons:
Setting Up A Penetration Testing Environment - This will focus on setting up a lab environment, specifically VMWare, Kali Linux, and our lab VMs. The lesson will briefly introduce important aspects of each set up (e.g. Snapshots in VMWare, the Kali Linux toolset, etc.) with the intention to build upon those aspects in later lessons.
How to Keep Notes Effectively - This lesson will cover the importance of note taking from a pentester standpoint. The lesson will introduce the Kali Linux built-in note-taking application, KeepNote, and discuss how to take notes effectively. Taking notes during a penetration test is incredibly important as it allows a pentester reference points when writing their final report, discussing timelines with their team or manager, or even discussing specifics of a pentest with a client.
Week 2 & 3 Lessons:
Introductory Python - Similar to Linux, we will spend some time learning basic Python scripting, which will be essential to our future endeavors as penetration testers.
Week 4 Lessons:
The Art of Reconnaissance - This lesson will discuss reconnaissance in depth and cover common tools used in the process. Some of the tools that will be covered are the OSINT Framework, SET, theHarvester, Bluto, Google Dorks, and Shodan. More tools will likely be added as the lesson is written.
Week 5 Lesson:
Week 6 Lesson:
Enumeration for the win - The intent of this lesson is to provide an overview of basic enumeration tactics and then dive deep into specific tools used for common ports found in penetration testing. For example, if we find port 80 open on a scan (HTTP), we will likely want to know what service is running and enumerate that service for potential exploits at a high level.
Week 7 Lesson:
Gaining a Shell with Metasploit - This lesson will cover how to use Metasploit to gain shell access to a vulnerable machine. This builds upon the introductory Metasploit from section 8 as we move from the auxiliary/scanning portion of Metasploit to the exploit portion. This lesson is important as Metasploit is a common tool in nearly every penetration testers toolkit, especially at the beginner level.
Compiling Exploits - This lesson will add to exploitation learned in section 9, except that the exploitation is now done manually, without Metasploit. This will teach the reader how to safely download exploits from the web, generate shellcode, compile the exploit if necessary, and execute it against a vulnerable machine.
Week 8, 9, and 10 (Internal Pentesting):
Hello Enumeration, My Old Friend - This lesson will cover post-exploitation enumeration.
Active Directory Exploitation - This lesson focuses on the recognition of vulnerabilities and exploitation tactics in an internal Active Directory environment. Attacks that will be introduced include: LLMNR poisoning/hash cracking, SMB hash relaying, pass the hash, token impersonation, kerberoasting, GPP/c-password attacks, and PowerShell attacks. More attacks will likely be added as the lesson is written, but the most common have been provided.
Week 11 Lessons:
Maintaining Access / Pivoting / Cleanup - This lesson will discuss methods of maintaining access on a network, pivoting into other networks, and how to properly clean up as you exit a network.
Β«StartΒ» :
https://github.com/hmaverickadams/Beginner-Network-Pentesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - hmaverickadams/Beginner-Network-Pentesting: Notes for Beginner Network Pentesting Course
Notes for Beginner Network Pentesting Course. Contribute to hmaverickadams/Beginner-Network-Pentesting development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Oppia is an online learning platform showing a new bug:
https://dailycve.com/oppia-online-learning-platform-showing-new-bug
https://dailycve.com/oppia-online-learning-platform-showing-new-bug
Dailycve
Oppia is an online learning platform showing a new bug | CVE
Description:
Oppia is an open application framework for learning that allows everyone to build and upload immersive games (called 'explorations') quickly. These exercises mimic a one-on-one interaction with a teacher, enabling learners to learn and gainingβ¦
Oppia is an open application framework for learning that allows everyone to build and upload immersive games (called 'explorations') quickly. These exercises mimic a one-on-one interaction with a teacher, enabling learners to learn and gainingβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
FBI warns, "Swating with Internet of Things equipment is over"
#CyberAttacks
#CyberAttacks
UNDERCODE COMMUNITY
Photo
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple random DNS, HTTP/S internet traffic noise generator:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install requests if you do not have it already installed, using pip:
2) pip install requests
1) git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory
3)cd noisy
4) Run the script
python noisy.py --config config.json
The program can accept a number of command line arguments:
$ python noisy.py --help
5) usage: noisy.py [-h] [--log -l] --config -c [--timeout -t]
optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds
only the config file argument is required.
Output
$ docker run -it noisy --config config.json --log debug
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Simple random DNS, HTTP/S internet traffic noise generator:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install requests if you do not have it already installed, using pip:
2) pip install requests
1) git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory
3)cd noisy
4) Run the script
python noisy.py --config config.json
The program can accept a number of command line arguments:
$ python noisy.py --help
5) usage: noisy.py [-h] [--log -l] --config -c [--timeout -t]
optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds
only the config file argument is required.
Output
$ docker run -it noisy --config config.json --log debug
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - 1tayH/noisy: Simple random DNS, HTTP/S internet traffic noise generator
Simple random DNS, HTTP/S internet traffic noise generator - 1tayH/noisy
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Kong wordpress plugin, ssl revoked & outdated, data leak:
https://dailycve.com/kong-wordpress-plugin-ssl-revoked-outdated-data-leak
https://dailycve.com/kong-wordpress-plugin-ssl-revoked-outdated-data-leak
Dailycve
Kong wordpress plugin, ssl revoked & outdated, data leak | CVE
Details:
This plugin allows Kong to apply certificates from Let's Encrypt or any other ACMEv2 service and serve dynamically. Renewal is handled with a configurable threshold time.A bug could cause a possible leak of data due to outdated and revoqued ssl.β¦
This plugin allows Kong to apply certificates from Let's Encrypt or any other ACMEv2 service and serve dynamically. Renewal is handled with a configurable threshold time.A bug could cause a possible leak of data due to outdated and revoqued ssl.β¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
A new online registry website will be created by Russia ministry, for repeat traffic offenders.
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
New release for this hacking tool :
ARP Poisoning and Sniffing
DHCP Discover and Starvation
Subdomains Identification
Certificate Cloning
TCP Analysis (ISN, Flags)
Username check on social networks
Web Techonologies Identification
and a lot more!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ python3 -m pip install --upgrade git+https://github.com/fportantier/habu.git
2) This must works on any system that has Python 3 installed.
Note: On some systems (like Microsoft Windows) you must adjust the command to point to the correct path of the Python executable.
3) Upgrade
Now we have a command to upgrade directly from the Git repo and clean any old command that not longer exists or that has been renamed.
$ habu.upgrade
Β»for example usage:
https://github.com/fportantier/habu
β β β Uππ»βΊπ«Δπ¬πβ β β β
New release for this hacking tool :
ARP Poisoning and Sniffing
DHCP Discover and Starvation
Subdomains Identification
Certificate Cloning
TCP Analysis (ISN, Flags)
Username check on social networks
Web Techonologies Identification
and a lot more!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ python3 -m pip install --upgrade git+https://github.com/fportantier/habu.git
2) This must works on any system that has Python 3 installed.
Note: On some systems (like Microsoft Windows) you must adjust the command to point to the correct path of the Python executable.
3) Upgrade
Now we have a command to upgrade directly from the Git repo and clean any old command that not longer exists or that has been renamed.
$ habu.upgrade
Β»for example usage:
https://github.com/fportantier/habu
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - fportantier/habu: Hacking Toolkit
Hacking Toolkit. Contribute to fportantier/habu development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Google workers declared the formation of a labor union and tensions between management have increased.
#International
#International
Forwarded from DailyCVE
π΅chromium:Multiple vulnerabilities debian, kali CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 :
https://dailycve.com/chromiummultiple-vulnerabilities-debian-kali-cve-2019-8075-cve-2020-6510-cve-2020-6511-cve-2020
https://dailycve.com/chromiummultiple-vulnerabilities-debian-kali-cve-2019-8075-cve-2020-6510-cve-2020-6511-cve-2020
Dailycve
chromium:Multiple vulnerabilities debian, kali CVE-2019-8075 CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 | CVE
Details:
Debian Security Advisory DSA-4824-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2021 https://www.debian.org/security/faq
- - ----------------β¦
Debian Security Advisory DSA-4824-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2021 https://www.debian.org/security/faq
- - ----------------β¦