Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Banking Dynasty: The Dozie Brothers Branch Out
https://undercodenews.com/banking-dynasty-the-dozie-brothers-branch-out/
@Undercode_News
https://undercodenews.com/banking-dynasty-the-dozie-brothers-branch-out/
@Undercode_News
UNDERCODE NEWS
Banking Dynasty: The Dozie Brothers Branch Out - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Nestlรฉ Faces Cyberattack: R00TK1T Claims Responsibility
https://undercodenews.com/nestle-faces-cyberattack-r00tk1t-claims-responsibility/
@Undercode_News
https://undercodenews.com/nestle-faces-cyberattack-r00tk1t-claims-responsibility/
@Undercode_News
UNDERCODE NEWS
Nestlรฉ Faces Cyberattack: R00TK1T Claims Responsibility - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โ ๏ธ #AI-Powered Deception: FIN7's Deepfake #Malware Trap
https://undercodenews.com/ai-powered-deception-fin7s-deepfake-malware-trap/
@Undercode_News
https://undercodenews.com/ai-powered-deception-fin7s-deepfake-malware-trap/
@Undercode_News
UNDERCODE NEWS
AI-Powered Deception: FIN7's Deepfake Malware Trap - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ง Russian Intelligence Using Children for Sabotage in Ukraine
https://undercodenews.com/russian-intelligence-using-children-for-sabotage-in-ukraine/
@Undercode_News
https://undercodenews.com/russian-intelligence-using-children-for-sabotage-in-ukraine/
@Undercode_News
UNDERCODE NEWS
Russian Intelligence Using Children for Sabotage in Ukraine - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ Hackers Exploit #YouTube Creators with Malicious Brand Deals
https://undercodenews.com/hackers-exploit-youtube-creators-with-malicious-brand-deals/
@Undercode_News
https://undercodenews.com/hackers-exploit-youtube-creators-with-malicious-brand-deals/
@Undercode_News
UNDERCODE NEWS
Hackers Exploit YouTube Creators with Malicious Brand Deals - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ #YouTube Creators Beware: Phishing Campaign Steals Accounts to Spread Scams
https://undercodenews.com/youtube-creators-beware-phishing-campaign-steals-accounts-to-spread-scams/
@Undercode_News
https://undercodenews.com/youtube-creators-beware-phishing-campaign-steals-accounts-to-spread-scams/
@Undercode_News
UNDERCODE NEWS
YouTube Creators Beware: Phishing Campaign Steals Accounts to Spread Scams - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ต๏ธ Serbian Authorities Spy on Journalists and Activists
https://undercodenews.com/serbian-authorities-spy-on-journalists-and-activists/
@Undercode_News
https://undercodenews.com/serbian-authorities-spy-on-journalists-and-activists/
@Undercode_News
UNDERCODE NEWS
Serbian Authorities Spy on Journalists and Activists - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ MTN Gears Up for Full-Blown Banking in South Africa: Doubling Down on Mobile Money
https://undercodenews.com/mtn-gears-up-for-full-blown-banking-in-south-africa-doubling-down-on-mobile-money/
@Undercode_News
https://undercodenews.com/mtn-gears-up-for-full-blown-banking-in-south-africa-doubling-down-on-mobile-money/
@Undercode_News
UNDERCODE NEWS
MTN Gears Up for Full-Blown Banking in South Africa: Doubling Down on Mobile Money - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ Serbia's #Digital Surveillance: A Threat to Civil Liberties
https://undercodenews.com/serbias-digital-surveillance-a-threat-to-civil-liberties/
@Undercode_News
https://undercodenews.com/serbias-digital-surveillance-a-threat-to-civil-liberties/
@Undercode_News
UNDERCODE NEWS
Serbia's Digital Surveillance: A Threat to Civil Liberties - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Nigeria's Booming Internet: Top Providers Offering Unlimited Data
https://undercodenews.com/nigerias-booming-internet-top-providers-offering-unlimited-data/
@Undercode_News
https://undercodenews.com/nigerias-booming-internet-top-providers-offering-unlimited-data/
@Undercode_News
UNDERCODE NEWS
Nigeria's Booming Internet: Top Providers Offering Unlimited Data - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ A Stealthy Threat: The BADBOX #Malware Operation
https://undercodenews.com/a-stealthy-threat-the-badbox-malware-operation/
@Undercode_News
https://undercodenews.com/a-stealthy-threat-the-badbox-malware-operation/
@Undercode_News
UNDERCODE NEWS
A Stealthy Threat: The BADBOX Malware Operation - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ #Cybercrime Marketplace Rydox Seized, Administrators Arrested
https://undercodenews.com/cybercrime-marketplace-rydox-seized-administrators-arrested/
@Undercode_News
https://undercodenews.com/cybercrime-marketplace-rydox-seized-administrators-arrested/
@Undercode_News
UNDERCODE NEWS
Cybercrime Marketplace Rydox Seized, Administrators Arrested - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ Borrowing with Confidence: A Guide to FCCPC and CBN-Approved Loan Apps in Nigeria
https://undercodenews.com/borrowing-with-confidence-a-guide-to-fccpc-and-cbn-approved-loan-apps-in-nigeria/
@Undercode_News
https://undercodenews.com/borrowing-with-confidence-a-guide-to-fccpc-and-cbn-approved-loan-apps-in-nigeria/
@Undercode_News
UNDERCODE NEWS
Borrowing with Confidence: A Guide to FCCPC and CBN-Approved Loan Apps in Nigeria - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ A Dark Web Threat Looms Over the Jewelry Industry
https://undercodenews.com/a-dark-web-threat-looms-over-the-jewelry-industry/
@Undercode_News
https://undercodenews.com/a-dark-web-threat-looms-over-the-jewelry-industry/
@Undercode_News
UNDERCODE NEWS
A Dark Web Threat Looms Over the Jewelry Industry - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Nigerian Comedy Reigns Supreme on #YouTube in 2022!
https://undercodenews.com/nigerian-comedy-reigns-supreme-on-youtube-in-2022/
@Undercode_News
https://undercodenews.com/nigerian-comedy-reigns-supreme-on-youtube-in-2022/
@Undercode_News
UNDERCODE NEWS
Nigerian Comedy Reigns Supreme on YouTube in 2022! - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Vodafone Idea Brings 5G to India: A Closer Look
https://undercodenews.com/vodafone-idea-brings-5g-to-india-a-closer-look/
@Undercode_News
https://undercodenews.com/vodafone-idea-brings-5g-to-india-a-closer-look/
@Undercode_News
UNDERCODE NEWS
Vodafone Idea Brings 5G to India: A Closer Look - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ๐๐๐ง๐ญ๐๐ฌ๐ญ๐ข๐ง๐ ๐๐๐-๐๐๐ ๐๐ฉ๐ฉ๐ฌ ๐
Recently I had the "honor" to pentest an app using GWT-RPC requests
GWT-RPC stands for Google Web Toolkit Remote Procedure Calls
You can think about it as an alternative to JSON, XML and forms data
So if you see something like the image below, you are dealing with GWT-RPC
----
H๐จ๐ฐ ๐๐จ ๐ฐ๐ ๐ฉ๐๐ง๐ญ๐๐ฌ๐ญ ๐ข๐ญ?
1. ๐๐ข๐๐๐๐ง ๐ ๐ฎ๐ง๐๐ญ๐ข๐จ๐ง๐ฌ -> using the GWTMap tool, enumerate all functions available in the obfuscated {hex} . cache . js file. If you have new functions, use the --rpc flag and send direct commands to them as there's a high chance that they are not protected
2. ๐๐ซ๐จ๐ค๐๐ง ๐๐๐๐๐ฌ๐ฌ ๐๐จ๐ง๐ญ๐ซ๐จ๐ฅ -> chances are developers would assume the protocol is too complicated and hard to read (i.e: it uses some obfuscation). Using two different accounts, replay the requests generated by the app using both session cookies. If it works -> Broken Access Control
3. ๐๐ง๐ฃ๐๐๐ญ๐ข๐จ๐ง -> all values that look like user controlled data in the String Table and Payload sections can (and should) be fuzzed for common injections attacks, including SQLi, command injection, SSRF, SSTI, etc. but avoid changing the indexes as this might generate an invalid GWT-RCP format
4. ๐๐๐ซ๐ข๐๐ฅ๐ข๐ณ๐๐ญ๐ข๐จ๐ง - the String Table + Payloads are used together to define and serialize the data provided through the request. Insecure deserialization attacks are an attack vector worth considering
Ref: Andrei Agape
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Recently I had the "honor" to pentest an app using GWT-RPC requests
GWT-RPC stands for Google Web Toolkit Remote Procedure Calls
You can think about it as an alternative to JSON, XML and forms data
So if you see something like the image below, you are dealing with GWT-RPC
----
H๐จ๐ฐ ๐๐จ ๐ฐ๐ ๐ฉ๐๐ง๐ญ๐๐ฌ๐ญ ๐ข๐ญ?
1. ๐๐ข๐๐๐๐ง ๐ ๐ฎ๐ง๐๐ญ๐ข๐จ๐ง๐ฌ -> using the GWTMap tool, enumerate all functions available in the obfuscated {hex} . cache . js file. If you have new functions, use the --rpc flag and send direct commands to them as there's a high chance that they are not protected
2. ๐๐ซ๐จ๐ค๐๐ง ๐๐๐๐๐ฌ๐ฌ ๐๐จ๐ง๐ญ๐ซ๐จ๐ฅ -> chances are developers would assume the protocol is too complicated and hard to read (i.e: it uses some obfuscation). Using two different accounts, replay the requests generated by the app using both session cookies. If it works -> Broken Access Control
3. ๐๐ง๐ฃ๐๐๐ญ๐ข๐จ๐ง -> all values that look like user controlled data in the String Table and Payload sections can (and should) be fuzzed for common injections attacks, including SQLi, command injection, SSRF, SSTI, etc. but avoid changing the indexes as this might generate an invalid GWT-RCP format
4. ๐๐๐ซ๐ข๐๐ฅ๐ข๐ณ๐๐ญ๐ข๐จ๐ง - the String Table + Payloads are used together to define and serialize the data provided through the request. Insecure deserialization attacks are an attack vector worth considering
Ref: Andrei Agape
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ Silo Renewed for Seasons 3 and 4, Wrapping Up the Series Adaptation
https://undercodenews.com/silo-renewed-for-seasons-3-and-4-wrapping-up-the-series-adaptation/
@Undercode_News
https://undercodenews.com/silo-renewed-for-seasons-3-and-4-wrapping-up-the-series-adaptation/
@Undercode_News
UNDERCODE NEWS
Silo Renewed for Seasons 3 and 4, Wrapping Up the Series Adaptation - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ