X Hires Media Strategy Head Amidst Turbulent Times

https://undercodenews.com/x-hires-media-strategy-head-amidst-turbulent-times/

@Undercode_News

🚨 China's Persistent Cyber Threat: Salt Typhoon's Ongoing Intrusion

https://undercodenews.com/chinas-persistent-cyber-threat-salt-typhoons-ongoing-intrusion/

@Undercode_News

The Rise of #AI Advertising: A Double-Edged Sword

https://undercodenews.com/the-rise-of-ai-advertising-a-double-edged-sword/

@Undercode_News

⚡️ Methane GPT: A New Tool to Combat Climate Change

https://undercodenews.com/methane-gpt-a-new-tool-to-combat-climate-change/

@Undercode_News

🚨 #AI Deepfakes: A Non-Threat to Elections

https://undercodenews.com/ai-deepfakes-a-non-threat-to-elections/

@Undercode_News

#AI's Next Frontier: Turning 2D Images into 3D Worlds

https://undercodenews.com/ais-next-frontier-turning-2d-images-into-3d-worlds/

@Undercode_News

🔐 Hackers Shift Tactics: From #Ransomware to Disruption

https://undercodenews.com/hackers-shift-tactics-from-ransomware-to-disruption/

@Undercode_News

🦑 Tool: OWASP ZAP - Zed Attack Proxy

OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner. It is used to identify vulnerabilities in web applications through automated scanning and manual testing. ZAP helps detect issues like SQL injection, cross-site scripting (XSS), and more.

---

### Basic Usage Command:
1. Start OWASP ZAP by running the following command (after installing it):

zap.sh

Explanation:
- zap.sh: Launches the OWASP ZAP application from the command line.

---

### Example: Automated Scan Using ZAP's API

zap-cli quick-scan -u http://example.com

Explanation:
- zap-cli quick-scan: Initiates a quick scan of the web application.
- -u http://example.com: Specifies the target URL to be scanned.

---

### Example: Start ZAP in Headless Mode for Automation

zap.sh -daemon -port 8080 -host 127.0.0.1

Explanation:
- -daemon: Starts ZAP in headless (non-GUI) mode, which is suitable for automation.
- -port 8080: Sets the port for the ZAP proxy to listen on (default is 8080).
- -host 127.0.0.1: Sets the host address to localhost.

---

### Example: Scan with Specific Context

zap-cli spider -c -u http://example.com

Explanation:
- spider: Crawls the target website to discover pages.
- -c: Continues crawling from any previously discovered URLs.
- -u http://example.com: The URL to start the crawl from.

---

### Important Notes:
1. OWASP ZAP is highly customizable and can be extended with a variety of plugins to enhance its functionality.
2. It's great for both beginners and experienced penetration testers, thanks to its automated scanning and manual testing features.
3. Ensure you have authorization to test the application before running ZAP on a target website.

Nate Bargatze: Your Hilarious Co-Pilot on Waze

https://undercodenews.com/nate-bargatze-your-hilarious-co-pilot-on-waze/

@Undercode_News

Improved Merge Experience on #GitHub Pull Requests

https://undercodenews.com/improved-merge-experience-on-github-pull-requests/

@Undercode_News

🔗 Disney+ Expands: ESPN Joins the Party

https://undercodenews.com/disney-expands-espn-joins-the-party/

@Undercode_News

⚡️ Password Security: A New Era

https://undercodenews.com/password-security-a-new-era/

@Undercode_News

🦑 Tool: SSLUnpinning - SSL Pinning Bypass Tool for Android

SSLUnpinning is a tool designed to bypass SSL pinning on Android applications. SSL pinning is a security technique that prevents man-in-the-middle (MITM) attacks by ensuring that the client only trusts a predefined certificate or public key. SSLUnpinning helps in bypassing this mechanism during security assessments or penetration testing.

---

### Basic Usage Command:
To use SSLUnpinning, you typically need to decompile the APK, patch it, and then recompile it. Here's the general approach:

1. Decompile the APK (using tools like APKTool or jadx):

   apktool d app.apk
   

2. Patch the APK with SSLUnpinning:
- Use the provided SSLUnpinning script or modify the decompiled code to disable SSL pinning manually.

3. Recompile the APK:

   apktool b app -o app_modified.apk
   

4. Sign the APK (to ensure it can be installed on a device):

   jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.jks app_modified.apk alias_name
   

5. Install the patched APK:

   adb install app_modified.apk
   

---

### Important Notes:
- SSL Pinning Bypass is useful when testing applications for vulnerabilities but can only be performed if you have authorization to do so.
- Repackaging and patching APKs may break other functionality or be detected by the application if additional protections are in place.

🔵 Checkmk Multiple Vulnerabilities (#CVE-2023-43277, #CVE-2023-43278, #CVE-2023-43279)

https://dailycve.com/checkmk-multiple-vulnerabilities-cve-2023-43277-cve-2023-43278-cve-2023-43279/

@daily_cve

🟠 PDF-XChange Editor, Information Disclosure Vulnerability, #CVE-2024-27328 (Medium)

https://dailycve.com/pdf-xchange-editor-information-disclosure-vulnerability-cve-2024-27328-medium/

@daily_cve

🟠 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20762) - MEDIUM

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20762-medium/

@daily_cve

🔴 Zabbix Server, Code Injection Vulnerability, #CVE-2024-22116 (Critical)

https://dailycve.com/zabbix-server-code-injection-vulnerability-cve-2024-22116-critical/

@daily_cve

🔴 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20797) - Critical

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20797-critical/

@daily_cve

🔴 PDF-XChange Editor, Remote Code Execution, #CVE-2024-27327 (Critical)

https://dailycve.com/pdf-xchange-editor-remote-code-execution-cve-2024-27327-critical/

@daily_cve

🔵 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20796) - Important

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20796-important/

@daily_cve