Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ง GOWATT MagSafe Dock: A Sleek and Functional Charging Solution
https://undercodenews.com/gowatt-magsafe-dock-a-sleek-and-functional-charging-solution/
@Undercode_News
https://undercodenews.com/gowatt-magsafe-dock-a-sleek-and-functional-charging-solution/
@Undercode_News
UNDERCODE NEWS
GOWATT MagSafe Dock: A Sleek and Functional Charging Solution - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ #iOS 183 Beta Released: What's New?
https://undercodenews.com/ios-183-beta-released-whats-new/
@Undercode_News
https://undercodenews.com/ios-183-beta-released-whats-new/
@Undercode_News
UNDERCODE NEWS
iOS 183 Beta Released: What's New? - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ #Apple Releases Beta 1 for visionOS 23, tvOS 183, watchOS 113, and More
https://undercodenews.com/apple-releases-beta-1-for-visionos-23-tvos-183-watchos-113-and-more/
@Undercode_News
https://undercodenews.com/apple-releases-beta-1-for-visionos-23-tvos-183-watchos-113-and-more/
@Undercode_News
UNDERCODE NEWS
Apple Releases Beta 1 for visionOS 23, tvOS 183, watchOS 113, and More - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆFree For You :)) Android SSL Pinning Bypass using Noxer๐จ
Automate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
>> DOWNLOAD <<
Clone this repository to your local machine.
Navigate to the project directory.
Install the dependencies from the requirements.txt file using pip.
You are now set to run the NOXER script.
Automate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
>> DOWNLOAD <<
Clone this repository to your local machine.
git clone https://github.com/AggressiveUser/noxer.git
Navigate to the project directory.
cd noxer
Install the dependencies from the requirements.txt file using pip.
pip install -r requirements.txt
You are now set to run the NOXER script.
python noxer.py
GitHub
GitHub - AggressiveUser/noxer: Noxer is a powerful Python script designed for automating Android penetration testing tasks withinโฆ
Noxer is a powerful Python script designed for automating Android penetration testing tasks within the Nox Player emulator. - AggressiveUser/noxer
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Android Enterprise: A Catalyst for Modern Workplaces
https://undercodenews.com/android-enterprise-a-catalyst-for-modern-workplaces/
@Undercode_News
https://undercodenews.com/android-enterprise-a-catalyst-for-modern-workplaces/
@Undercode_News
UNDERCODE NEWS
Android Enterprise: A Catalyst for Modern Workplaces - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ How #Android Enterprise Empowers ADMR to Protect Patient Data
https://undercodenews.com/how-android-enterprise-empowers-admr-to-protect-patient-data/
@Undercode_News
https://undercodenews.com/how-android-enterprise-empowers-admr-to-protect-patient-data/
@Undercode_News
UNDERCODE NEWS
How Android Enterprise Empowers ADMR to Protect Patient Data - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ Meta Appoints New Chief Revenue Officer and Restructures Business Leadership
https://undercodenews.com/meta-appoints-new-chief-revenue-officer-and-restructures-business-leadership/
@Undercode_News
https://undercodenews.com/meta-appoints-new-chief-revenue-officer-and-restructures-business-leadership/
@Undercode_News
UNDERCODE NEWS
Meta Appoints New Chief Revenue Officer and Restructures Business Leadership - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ๐ฎ๐๐ ๐ง๐ฒ๐๐๐ถ๐ป๐ด ๐ง๐ถ๐ฝ๐ ๐ณ๐ผ๐ฟ ๐๐๐ด ๐๐ผ๐๐ป๐๐ ๐๐๐ป๐๐ฒ๐ฟ๐
1. Status Code Changes
Check if altering response or status codes (e.g., 200, 403) during 2FA verification allows bypass.
2. Brute-Force OTP
Test if the application allows repeated attempts to guess OTPs without blocking.
3. OTP Reuse
Verify if the OTP can be reused after it's already been used once.
4. Cross-Account Token Test
Request two OTPs for different accounts and see if you can use one account's OTP in another account.
5. Direct Dashboard Access
Try accessing the dashboard URL directly without completing 2FA. If blocked, include the 2FA page as a referrer header and retry.
6. Search for 2FA Codes
Use tools like Burp Suite to search response or JavaScript files for exposed 2FA codes.
7. CSRF/Clickjacking on 2FA
Test if attackers can disable 2FA using CSRF (cross-site request forgery) or clickjacking attacks.
8. Session Persistence
Check if enabling 2FA logs out all active sessions. If not, report it.
9. OAuth 2FA Bypass
See if using OAuth logins bypasses the need for 2FA. (This is rare.)
10. Disabling 2FA Without Verification
Test if 2FA can be disabled without entering a 2FA code.
11. Password Reset Without 2FA
Try resetting the account password using "Forgot Password" to bypass 2FA.
12. Test 000000 OTP
Enter "000000" (or similar default codes) to see if the app accepts it as a valid OTP.
13. Request Manipulation
Manipulate JSON requests to bypass 2FA:
- Send a null value.
- Change
- Remove the 2FA-related code or parameter.
- Use unexpected inputs (e.g., an email as an array).
14. OpenID Misconfiguration
Test for misconfigurations in OpenID that might allow bypassing 2FA.
15. OTP Expiry Check
Verify if OTPs remain valid for an excessive amount of time (e.g., more than a few minutes).
16. Backup Code Abuse
After logging in, generate a backup code request and check if it leaks valid codes.
17. Sensitive Info Exposure
Check if the 2FA page reveals sensitive information (e.g., phone numbers or email addresses).
18. Permanent Denial of Service (DoS) on Accounts
Abuse the system to lock an account:
- Create an account with someone else's email (if email verification isn't required) and enable 2FA.
- If verification is required, use a verified account to enable 2FA, then change the email to the victim's.
19. Authenticated Actions Without 2FA
Test if you can perform authenticated actions (e.g., update profile, create API tokens) without solving 2FA.
20. Bulk OTP Testing in JSON
Send multiple OTP values in a single request:
21. Backup Code Misuse
Explore any other ways to misuse or generate backup codes.
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1. Status Code Changes
Check if altering response or status codes (e.g., 200, 403) during 2FA verification allows bypass.
2. Brute-Force OTP
Test if the application allows repeated attempts to guess OTPs without blocking.
3. OTP Reuse
Verify if the OTP can be reused after it's already been used once.
4. Cross-Account Token Test
Request two OTPs for different accounts and see if you can use one account's OTP in another account.
5. Direct Dashboard Access
Try accessing the dashboard URL directly without completing 2FA. If blocked, include the 2FA page as a referrer header and retry.
6. Search for 2FA Codes
Use tools like Burp Suite to search response or JavaScript files for exposed 2FA codes.
7. CSRF/Clickjacking on 2FA
Test if attackers can disable 2FA using CSRF (cross-site request forgery) or clickjacking attacks.
8. Session Persistence
Check if enabling 2FA logs out all active sessions. If not, report it.
9. OAuth 2FA Bypass
See if using OAuth logins bypasses the need for 2FA. (This is rare.)
10. Disabling 2FA Without Verification
Test if 2FA can be disabled without entering a 2FA code.
11. Password Reset Without 2FA
Try resetting the account password using "Forgot Password" to bypass 2FA.
12. Test 000000 OTP
Enter "000000" (or similar default codes) to see if the app accepts it as a valid OTP.
13. Request Manipulation
Manipulate JSON requests to bypass 2FA:
- Send a null value.
- Change
"otprequired": true to false.- Remove the 2FA-related code or parameter.
- Use unexpected inputs (e.g., an email as an array).
14. OpenID Misconfiguration
Test for misconfigurations in OpenID that might allow bypassing 2FA.
15. OTP Expiry Check
Verify if OTPs remain valid for an excessive amount of time (e.g., more than a few minutes).
16. Backup Code Abuse
After logging in, generate a backup code request and check if it leaks valid codes.
17. Sensitive Info Exposure
Check if the 2FA page reveals sensitive information (e.g., phone numbers or email addresses).
18. Permanent Denial of Service (DoS) on Accounts
Abuse the system to lock an account:
- Create an account with someone else's email (if email verification isn't required) and enable 2FA.
- If verification is required, use a verified account to enable 2FA, then change the email to the victim's.
19. Authenticated Actions Without 2FA
Test if you can perform authenticated actions (e.g., update profile, create API tokens) without solving 2FA.
20. Bulk OTP Testing in JSON
Send multiple OTP values in a single request:
{
"code": ["1000", "1001", "1002", ..., "9999"]
}
21. Backup Code Misuse
Explore any other ways to misuse or generate backup codes.
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฅ๏ธ Israel's Quantum Leap: A Nation's First Domestic Quantum #Computer
https://undercodenews.com/israels-quantum-leap-a-nations-first-domestic-quantum-computer/
@Undercode_News
https://undercodenews.com/israels-quantum-leap-a-nations-first-domestic-quantum-computer/
@Undercode_News
UNDERCODE NEWS
Israel's Quantum Leap: A Nation's First Domestic Quantum Computer - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ Ray-Ban Meta Smart Glasses Get a Major Upgrade
https://undercodenews.com/ray-ban-meta-smart-glasses-get-a-major-upgrade/
@Undercode_News
https://undercodenews.com/ray-ban-meta-smart-glasses-get-a-major-upgrade/
@Undercode_News
UNDERCODE NEWS
Ray-Ban Meta Smart Glasses Get a Major Upgrade - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ Hidden Vulnerabilities: How Weak Device Security Threatens Your Business at Every Stage
https://undercodenews.com/hidden-vulnerabilities-how-weak-device-security-threatens-your-business-at-every-stage/
@Undercode_News
https://undercodenews.com/hidden-vulnerabilities-how-weak-device-security-threatens-your-business-at-every-stage/
@Undercode_News
UNDERCODE NEWS
Hidden Vulnerabilities: How Weak Device Security Threatens Your Business at Every Stage - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ Winnti's New PHP Backdoor: A Stealthy Threat
https://undercodenews.com/winntis-new-php-backdoor-a-stealthy-threat/
@Undercode_News
https://undercodenews.com/winntis-new-php-backdoor-a-stealthy-threat/
@Undercode_News
UNDERCODE NEWS
Winnti's New PHP Backdoor: A Stealthy Threat - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Elon Musk Finds Another Ally in the Fight for Fiscal Responsibility
https://undercodenews.com/elon-musk-finds-another-ally-in-the-fight-for-fiscal-responsibility/
@Undercode_News
https://undercodenews.com/elon-musk-finds-another-ally-in-the-fight-for-fiscal-responsibility/
@Undercode_News
UNDERCODE NEWS
Elon Musk Finds Another Ally in the Fight for Fiscal Responsibility - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ #Apple Brings Genmoji to the Mac with #macOS Sequoia 153 Beta
https://undercodenews.com/apple-brings-genmoji-to-the-mac-with-macos-sequoia-153-beta/
@Undercode_News
https://undercodenews.com/apple-brings-genmoji-to-the-mac-with-macos-sequoia-153-beta/
@Undercode_News
UNDERCODE NEWS
Apple Brings Genmoji to the Mac with macOS Sequoia 153 Beta - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ1)15 vulnerabilities in one public bbp
https://lnkd.in/ggi4T39C
2)How I got access to Credentials easily
https://lnkd.in/gcnNE8hs
3)Bug Bounty Tips Series: 10 Ways To Find HTTP Host Header Injection Vulnerability
https://lnkd.in/gnji_rts
4)๐จ Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability ๐จ
https://lnkd.in/gNHZMnXY
5)Exploiting and Remediating Access Control Vulnerabilities
https://lnkd.in/gasczeCV
6)20 Bug Bounty CrowdSourced Platforms
https://lnkd.in/g24uCdbQ
7)The Ninja Hacker Academy - A full guide to your graduation
https://lnkd.in/g86dxzSQ
8)Lookup โ TryHackMe CTF Writeup {FOR BEGINNERS}
https://lnkd.in/gK9Vd6_i
9)TRYHACKME : Dav
https://lnkd.in/ggpStJn2
10)CTFs Network Section Walkthrough
https://lnkd.in/gC79pVfS
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
https://lnkd.in/ggi4T39C
2)How I got access to Credentials easily
https://lnkd.in/gcnNE8hs
3)Bug Bounty Tips Series: 10 Ways To Find HTTP Host Header Injection Vulnerability
https://lnkd.in/gnji_rts
4)๐จ Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability ๐จ
https://lnkd.in/gNHZMnXY
5)Exploiting and Remediating Access Control Vulnerabilities
https://lnkd.in/gasczeCV
6)20 Bug Bounty CrowdSourced Platforms
https://lnkd.in/g24uCdbQ
7)The Ninja Hacker Academy - A full guide to your graduation
https://lnkd.in/g86dxzSQ
8)Lookup โ TryHackMe CTF Writeup {FOR BEGINNERS}
https://lnkd.in/gK9Vd6_i
9)TRYHACKME : Dav
https://lnkd.in/ggpStJn2
10)CTFs Network Section Walkthrough
https://lnkd.in/gC79pVfS
Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
Forwarded from DailyCVE
๐ต Concrete CMS, Stored XSS in the Search Field, #CVE-2024-3181 (Low)
https://dailycve.com/concrete-cms-stored-xss-in-the-search-field-cve-2024-3181-low/
@DailyCVE
https://dailycve.com/concrete-cms-stored-xss-in-the-search-field-cve-2024-3181-low/
@DailyCVE
DailyCVE
Concrete CMS, Stored XSS in the Search Field, CVE-2024-3181 (Low) - DailyCVE
2024-12-16 : Concrete CMS versions before 9.2.8 and 8.5.16 are vulnerable to a Stored XSS attack. A malicious administrator can [โฆ]
Forwarded from DailyCVE
๐ Concrete CMS, Stored Cross-site Scripting, #CVE-2024-4353 (Medium)
https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/
@Daily_CVE
https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/
@Daily_CVE
DailyCVE
Concrete CMS, Stored Cross-site Scripting, CVE-2024-4353 (Medium) - DailyCVE
2024-12-16 Vulnerability : Concrete CMS versions 9.0.0 through 9.3.2 are vulnerable to a stored Cross-site Scripting (XSS) attack. An attacker [โฆ]