🦑 Tool: OWASP ZAP - Zed Attack Proxy

OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner. It is used to identify vulnerabilities in web applications through automated scanning and manual testing. ZAP helps detect issues like SQL injection, cross-site scripting (XSS), and more.

---

### Basic Usage Command:
1. Start OWASP ZAP by running the following command (after installing it):

zap.sh

Explanation:
- zap.sh: Launches the OWASP ZAP application from the command line.

---

### Example: Automated Scan Using ZAP's API

zap-cli quick-scan -u http://example.com

Explanation:
- zap-cli quick-scan: Initiates a quick scan of the web application.
- -u http://example.com: Specifies the target URL to be scanned.

---

### Example: Start ZAP in Headless Mode for Automation

zap.sh -daemon -port 8080 -host 127.0.0.1

Explanation:
- -daemon: Starts ZAP in headless (non-GUI) mode, which is suitable for automation.
- -port 8080: Sets the port for the ZAP proxy to listen on (default is 8080).
- -host 127.0.0.1: Sets the host address to localhost.

---

### Example: Scan with Specific Context

zap-cli spider -c -u http://example.com

Explanation:
- spider: Crawls the target website to discover pages.
- -c: Continues crawling from any previously discovered URLs.
- -u http://example.com: The URL to start the crawl from.

---

### Important Notes:
1. OWASP ZAP is highly customizable and can be extended with a variety of plugins to enhance its functionality.
2. It's great for both beginners and experienced penetration testers, thanks to its automated scanning and manual testing features.
3. Ensure you have authorization to test the application before running ZAP on a target website.

Nate Bargatze: Your Hilarious Co-Pilot on Waze

https://undercodenews.com/nate-bargatze-your-hilarious-co-pilot-on-waze/

@Undercode_News

Improved Merge Experience on #GitHub Pull Requests

https://undercodenews.com/improved-merge-experience-on-github-pull-requests/

@Undercode_News

🔗 Disney+ Expands: ESPN Joins the Party

https://undercodenews.com/disney-expands-espn-joins-the-party/

@Undercode_News

⚡️ Password Security: A New Era

https://undercodenews.com/password-security-a-new-era/

@Undercode_News

🦑 Tool: SSLUnpinning - SSL Pinning Bypass Tool for Android

SSLUnpinning is a tool designed to bypass SSL pinning on Android applications. SSL pinning is a security technique that prevents man-in-the-middle (MITM) attacks by ensuring that the client only trusts a predefined certificate or public key. SSLUnpinning helps in bypassing this mechanism during security assessments or penetration testing.

---

### Basic Usage Command:
To use SSLUnpinning, you typically need to decompile the APK, patch it, and then recompile it. Here's the general approach:

1. Decompile the APK (using tools like APKTool or jadx):

   apktool d app.apk
   

2. Patch the APK with SSLUnpinning:
- Use the provided SSLUnpinning script or modify the decompiled code to disable SSL pinning manually.

3. Recompile the APK:

   apktool b app -o app_modified.apk
   

4. Sign the APK (to ensure it can be installed on a device):

   jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore my-release-key.jks app_modified.apk alias_name
   

5. Install the patched APK:

   adb install app_modified.apk
   

---

### Important Notes:
- SSL Pinning Bypass is useful when testing applications for vulnerabilities but can only be performed if you have authorization to do so.
- Repackaging and patching APKs may break other functionality or be detected by the application if additional protections are in place.

🔵 Checkmk Multiple Vulnerabilities (#CVE-2023-43277, #CVE-2023-43278, #CVE-2023-43279)

https://dailycve.com/checkmk-multiple-vulnerabilities-cve-2023-43277-cve-2023-43278-cve-2023-43279/

@daily_cve

🟠 PDF-XChange Editor, Information Disclosure Vulnerability, #CVE-2024-27328 (Medium)

https://dailycve.com/pdf-xchange-editor-information-disclosure-vulnerability-cve-2024-27328-medium/

@daily_cve

🟠 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20762) - MEDIUM

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20762-medium/

@daily_cve

🔴 Zabbix Server, Code Injection Vulnerability, #CVE-2024-22116 (Critical)

https://dailycve.com/zabbix-server-code-injection-vulnerability-cve-2024-22116-critical/

@daily_cve

🔴 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20797) - Critical

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20797-critical/

@daily_cve

🔴 PDF-XChange Editor, Remote Code Execution, #CVE-2024-27327 (Critical)

https://dailycve.com/pdf-xchange-editor-remote-code-execution-cve-2024-27327-critical/

@daily_cve

🔵 #Adobe Animate Out-of-Bounds Read Vulnerability (#CVE-2024-20796) - Important

https://dailycve.com/adobe-animate-out-of-bounds-read-vulnerability-cve-2024-20796-important/

@daily_cve

📱 Ubisoft Shuts Down XDefiant: A Disappointing End

https://undercodenews.com/ubisoft-shuts-down-xdefiant-a-disappointing-end/

@Undercode_News

🚨 Veeam Patches Critical Vulnerability Exposing Service Providers to Remote Code Execution

https://undercodenews.com/veeam-patches-critical-vulnerability-exposing-service-providers-to-remote-code-execution/

@Undercode_News

Waze: Revolutionizing the Way We Navigate

https://undercodenews.com/waze-revolutionizing-the-way-we-navigate/

@Undercode_News

🎮 #Intel's XeSS 2: A Leap Forward in #Gaming Performance

https://undercodenews.com/intels-xess-2-a-leap-forward-in-gaming-performance/

@Undercode_News

🦑 Tool: Reaver - WPS PIN Brute-Forcing Tool

Reaver is a powerful tool designed to exploit vulnerabilities in Wi-Fi Protected Setup (WPS) to recover the PIN used for authentication in wireless routers. It allows attackers to brute-force the WPS PIN and gain access to the target network.

---

### Basic Usage Command:

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv

Explanation:
- reaver: Runs the Reaver tool.
- -i wlan0: Specifies the wireless network interface to use (replace wlan0 with your network interface name).
- -b XX:XX:XX:XX:XX:XX: Specifies the target router's BSSID (MAC address).
- -vv: Enables verbose output to display more information during the attack.

---

### Example: Specify a WPS PIN to Brute-Force

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -p 12345670 -vv

Explanation:
- -p 12345670: Attempts a specific WPS PIN, instead of brute-forcing the entire PIN.
- -vv: Provides detailed output for monitoring progress.

---

### Example: Save Results to a File

reaver -i wlan0 -b XX:XX:XX:XX:XX:XX -vv -o /path/to/output.txt

Explanation:
- -o /path/to/output.txt: Saves the output to a specified file for later analysis.

---

### Important Notes:
1. Reaver works only on routers with WPS enabled, and the attack may take several hours to complete depending on the router's implementation of WPS.
2. Legal Considerations: Always ensure that you have explicit permission to perform wireless network penetration testing on the target system. Unauthorized use of Reaver is illegal.

⚡️ Scaling Enterprise Governance: A New Control

https://undercodenews.com/scaling-enterprise-governance-a-new-control/

@Undercode_News

Creating and Using an #Amazon Baby Registry: A Step-by-Step Guide

https://undercodenews.com/creating-and-using-an-amazon-baby-registry-a-step-by-step-guide/

@Undercode_News