Winnti Group's Glutton: A Multi-Layered PHP Backdoor with a Twist

https://undercodenews.com/winnti-groups-glutton-a-multi-layered-php-backdoor-with-a-twist/

@Undercode_News

Farewell, Dragon! #SpaceX Cargo Ship Departs Space Station

https://undercodenews.com/farewell-dragon-spacex-cargo-ship-departs-space-station/

@Undercode_News

Dragon Departs the International Space Station: Witness Its Undocking Live on #NASA+!

https://undercodenews.com/dragon-departs-the-international-space-station-witness-its-undocking-live-on-nasa/

@Undercode_News

🚨 Internet-Exposed HMIs: A Growing Threat to Water and Wastewater Systems

https://undercodenews.com/internet-exposed-hmis-a-growing-threat-to-water-and-wastewater-systems/

@Undercode_News

🦑 𝟏𝟎 𝐁𝐥𝐮𝐞 𝐓𝐞𝐚𝐦 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐅𝐑𝐄𝐄 𝐂𝐨𝐮𝐫𝐬𝐞𝐬

1- Cybersecurity for Students: lnkd.in/g4YmXP9J
2- SOC Fundamentals: lnkd.in/gVfUGNR3
3- Phishing Email Analysis: lnkd.in/giQWrn3a
4- Detecting Web Attacks: lnkd.in/gUTFXRzM
5- Malware Traffic Analysis with Wireshark: lnkd.in/g5Ze-iwU
6- Linux for Blue Team: lnkd.in/gvpWMdea
7-Building a Malware Analysis Lab: lnkd.in/gGXunp4q
8-📊 Splunk for SOC: lnkd.in/gkZMam_n
9-🔐 Introduction to Cryptology: lnkd.in/g3jbE84W
10-💼 Job Hunting: lnkd.in/g9MeH9P7

Ref: Mohamed Hamdi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🚨 Rhode Island's RIBridges System Compromised in #Ransomware Attack

https://undercodenews.com/rhode-islands-ribridges-system-compromised-in-ransomware-attack/

@Undercode_News

🛡️ Agile Business, Agile Security: How #AI and Zero Trust Work Together

https://undercodenews.com/agile-business-agile-security-how-ai-and-zero-trust-work-together/

@Undercode_News

🖥️ Beware Graphic Designers: Malicious Ads Targeting You with Fake #Software

https://undercodenews.com/beware-graphic-designers-malicious-ads-targeting-you-with-fake-software/

@Undercode_News

🚨 Iranian Cyberweapon Targets Critical Infrastructure: Decoding the IOCONTROL Threat

https://undercodenews.com/iranian-cyberweapon-targets-critical-infrastructure-decoding-the-iocontrol-threat/

@Undercode_News

🔧 GOWATT MagSafe Dock: A Sleek and Functional Charging Solution

https://undercodenews.com/gowatt-magsafe-dock-a-sleek-and-functional-charging-solution/

@Undercode_News

⚡️ #iOS 183 Beta Released: What's New?

https://undercodenews.com/ios-183-beta-released-whats-new/

@Undercode_News

⚡️ #Apple Releases Beta 1 for visionOS 23, tvOS 183, watchOS 113, and More

https://undercodenews.com/apple-releases-beta-1-for-visionos-23-tvos-183-watchos-113-and-more/

@Undercode_News

🦑Free For You :)) Android SSL Pinning Bypass using Noxer🚨

Automate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!

>> DOWNLOAD <<

Clone this repository to your local machine.

git clone https://github.com/AggressiveUser/noxer.git

Navigate to the project directory.

cd noxer

Install the dependencies from the requirements.txt file using pip.

pip install -r requirements.txt

You are now set to run the NOXER script.

python noxer.py

#Android Enterprise: A Catalyst for Modern Workplaces

https://undercodenews.com/android-enterprise-a-catalyst-for-modern-workplaces/

@Undercode_News

🔐 How #Android Enterprise Empowers ADMR to Protect Patient Data

https://undercodenews.com/how-android-enterprise-empowers-admr-to-protect-patient-data/

@Undercode_News

⚡️ Meta Appoints New Chief Revenue Officer and Restructures Business Leadership

https://undercodenews.com/meta-appoints-new-chief-revenue-officer-and-restructures-business-leadership/

@Undercode_News

🦑𝟮𝗙𝗔 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 𝗧𝗶𝗽𝘀 𝗳𝗼𝗿 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗛𝘂𝗻𝘁𝗲𝗿𝘀

1. Status Code Changes
Check if altering response or status codes (e.g., 200, 403) during 2FA verification allows bypass.

2. Brute-Force OTP
Test if the application allows repeated attempts to guess OTPs without blocking.

3. OTP Reuse
Verify if the OTP can be reused after it's already been used once.

4. Cross-Account Token Test
Request two OTPs for different accounts and see if you can use one account's OTP in another account.

5. Direct Dashboard Access
Try accessing the dashboard URL directly without completing 2FA. If blocked, include the 2FA page as a referrer header and retry.

6. Search for 2FA Codes
Use tools like Burp Suite to search response or JavaScript files for exposed 2FA codes.

7. CSRF/Clickjacking on 2FA
Test if attackers can disable 2FA using CSRF (cross-site request forgery) or clickjacking attacks.

8. Session Persistence
Check if enabling 2FA logs out all active sessions. If not, report it.

9. OAuth 2FA Bypass
See if using OAuth logins bypasses the need for 2FA. (This is rare.)

10. Disabling 2FA Without Verification
Test if 2FA can be disabled without entering a 2FA code.

11. Password Reset Without 2FA
Try resetting the account password using "Forgot Password" to bypass 2FA.

12. Test 000000 OTP
Enter "000000" (or similar default codes) to see if the app accepts it as a valid OTP.

13. Request Manipulation
Manipulate JSON requests to bypass 2FA:
- Send a null value.
- Change "otprequired": true to false.
- Remove the 2FA-related code or parameter.
- Use unexpected inputs (e.g., an email as an array).

14. OpenID Misconfiguration
Test for misconfigurations in OpenID that might allow bypassing 2FA.

15. OTP Expiry Check
Verify if OTPs remain valid for an excessive amount of time (e.g., more than a few minutes).

16. Backup Code Abuse
After logging in, generate a backup code request and check if it leaks valid codes.

17. Sensitive Info Exposure
Check if the 2FA page reveals sensitive information (e.g., phone numbers or email addresses).

18. Permanent Denial of Service (DoS) on Accounts
Abuse the system to lock an account:
- Create an account with someone else's email (if email verification isn't required) and enable 2FA.
- If verification is required, use a verified account to enable 2FA, then change the email to the victim's.

19. Authenticated Actions Without 2FA
Test if you can perform authenticated actions (e.g., update profile, create API tokens) without solving 2FA.

20. Bulk OTP Testing in JSON
Send multiple OTP values in a single request:

 {
 "code": ["1000", "1001", "1002", ..., "9999"]
 }
 

21. Backup Code Misuse
Explore any other ways to misuse or generate backup codes.

Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🖥️ Israel's Quantum Leap: A Nation's First Domestic Quantum #Computer

https://undercodenews.com/israels-quantum-leap-a-nations-first-domestic-quantum-computer/

@Undercode_News