🔐 How #Android Enterprise Empowers ADMR to Protect Patient Data

https://undercodenews.com/how-android-enterprise-empowers-admr-to-protect-patient-data/

@Undercode_News

⚡️ Meta Appoints New Chief Revenue Officer and Restructures Business Leadership

https://undercodenews.com/meta-appoints-new-chief-revenue-officer-and-restructures-business-leadership/

@Undercode_News

🦑𝟮𝗙𝗔 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 𝗧𝗶𝗽𝘀 𝗳𝗼𝗿 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗛𝘂𝗻𝘁𝗲𝗿𝘀

1. Status Code Changes
Check if altering response or status codes (e.g., 200, 403) during 2FA verification allows bypass.

2. Brute-Force OTP
Test if the application allows repeated attempts to guess OTPs without blocking.

3. OTP Reuse
Verify if the OTP can be reused after it's already been used once.

4. Cross-Account Token Test
Request two OTPs for different accounts and see if you can use one account's OTP in another account.

5. Direct Dashboard Access
Try accessing the dashboard URL directly without completing 2FA. If blocked, include the 2FA page as a referrer header and retry.

6. Search for 2FA Codes
Use tools like Burp Suite to search response or JavaScript files for exposed 2FA codes.

7. CSRF/Clickjacking on 2FA
Test if attackers can disable 2FA using CSRF (cross-site request forgery) or clickjacking attacks.

8. Session Persistence
Check if enabling 2FA logs out all active sessions. If not, report it.

9. OAuth 2FA Bypass
See if using OAuth logins bypasses the need for 2FA. (This is rare.)

10. Disabling 2FA Without Verification
Test if 2FA can be disabled without entering a 2FA code.

11. Password Reset Without 2FA
Try resetting the account password using "Forgot Password" to bypass 2FA.

12. Test 000000 OTP
Enter "000000" (or similar default codes) to see if the app accepts it as a valid OTP.

13. Request Manipulation
Manipulate JSON requests to bypass 2FA:
- Send a null value.
- Change "otprequired": true to false.
- Remove the 2FA-related code or parameter.
- Use unexpected inputs (e.g., an email as an array).

14. OpenID Misconfiguration
Test for misconfigurations in OpenID that might allow bypassing 2FA.

15. OTP Expiry Check
Verify if OTPs remain valid for an excessive amount of time (e.g., more than a few minutes).

16. Backup Code Abuse
After logging in, generate a backup code request and check if it leaks valid codes.

17. Sensitive Info Exposure
Check if the 2FA page reveals sensitive information (e.g., phone numbers or email addresses).

18. Permanent Denial of Service (DoS) on Accounts
Abuse the system to lock an account:
- Create an account with someone else's email (if email verification isn't required) and enable 2FA.
- If verification is required, use a verified account to enable 2FA, then change the email to the victim's.

19. Authenticated Actions Without 2FA
Test if you can perform authenticated actions (e.g., update profile, create API tokens) without solving 2FA.

20. Bulk OTP Testing in JSON
Send multiple OTP values in a single request:

 {
 "code": ["1000", "1001", "1002", ..., "9999"]
 }
 

21. Backup Code Misuse
Explore any other ways to misuse or generate backup codes.

Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🖥️ Israel's Quantum Leap: A Nation's First Domestic Quantum #Computer

https://undercodenews.com/israels-quantum-leap-a-nations-first-domestic-quantum-computer/

@Undercode_News

⚡️ Ray-Ban Meta Smart Glasses Get a Major Upgrade

https://undercodenews.com/ray-ban-meta-smart-glasses-get-a-major-upgrade/

@Undercode_News

🚨 Hidden Vulnerabilities: How Weak Device Security Threatens Your Business at Every Stage

https://undercodenews.com/hidden-vulnerabilities-how-weak-device-security-threatens-your-business-at-every-stage/

@Undercode_News

🚨 Winnti's New PHP Backdoor: A Stealthy Threat

https://undercodenews.com/winntis-new-php-backdoor-a-stealthy-threat/

@Undercode_News

🔍 Elon Musk Finds Another Ally in the Fight for Fiscal Responsibility

https://undercodenews.com/elon-musk-finds-another-ally-in-the-fight-for-fiscal-responsibility/

@Undercode_News

📱 #Apple Brings Genmoji to the Mac with #macOS Sequoia 153 Beta

https://undercodenews.com/apple-brings-genmoji-to-the-mac-with-macos-sequoia-153-beta/

@Undercode_News

🦑1)15 vulnerabilities in one public bbp
https://lnkd.in/ggi4T39C

2)How I got access to Credentials easily
https://lnkd.in/gcnNE8hs

3)Bug Bounty Tips Series: 10 Ways To Find HTTP Host Header Injection Vulnerability
https://lnkd.in/gnji_rts

4)🚨 Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability 🚨
https://lnkd.in/gNHZMnXY

5)Exploiting and Remediating Access Control Vulnerabilities
https://lnkd.in/gasczeCV

6)20 Bug Bounty CrowdSourced Platforms
https://lnkd.in/g24uCdbQ

7)The Ninja Hacker Academy - A full guide to your graduation
https://lnkd.in/g86dxzSQ

8)Lookup — TryHackMe CTF Writeup {FOR BEGINNERS}
https://lnkd.in/gK9Vd6_i

9)TRYHACKME : Dav
https://lnkd.in/ggpStJn2

10)CTFs Network Section Walkthrough
https://lnkd.in/gC79pVfS

Ref: Saumadip MandalSaumadip Mandal
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵 Concrete CMS, Stored XSS in the Search Field, #CVE-2024-3181 (Low)

https://dailycve.com/concrete-cms-stored-xss-in-the-search-field-cve-2024-3181-low/

@DailyCVE

🟠 Concrete CMS, Stored Cross-site Scripting, #CVE-2024-4353 (Medium)

https://dailycve.com/concrete-cms-stored-cross-site-scripting-cve-2024-4353-medium/

@Daily_CVE

🟠 Concrete CMS, Stored XSS, #CVE-2024-3180 (Medium)

https://dailycve.com/concrete-cms-stored-xss-cve-2024-3180-medium/

@Daily_CVE

🟠 Mattermost Data Amplification Vulnerability (Moderate)

https://dailycve.com/mattermost-data-amplification-vulnerability-moderate/

@Daily_CVE

🛒 #Tesla Surges in South Korea's EV Market, Poised to Break Sales Record

https://undercodenews.com/tesla-surges-in-south-koreas-ev-market-poised-to-break-sales-record/

@Undercode_News

🔴 Cosmos SDK: Transaction Decoding Vulnerabilities (ASA-2024-0012 & ASA-2024-0013) - High Severity

https://dailycve.com/cosmos-sdk-transaction-decoding-vulnerabilities-asa-2024-0012-asa-2024-0013-high-severity/

@Daily_CVE

🤖 #iOS 183 Beta Brings HomeKit Support for Robot Vacuums

https://undercodenews.com/ios-183-beta-brings-homekit-support-for-robot-vacuums/

@Undercode_News

🦑ANDROID PIN CRACKING - Live Video Demonstration

This document presents a functional Proof-of-Concept (PoC) for a novel attack vector targeting #Android #smartphones running the latest Android version and #security patches. This attack has been successfully validated on over 20 popular brands, including Google Pixel and OnePlus devices. The PoC demonstrates the ability to compromise both standard 4-digit and 6-digit PINs, as well as pattern locks and PINs required for device boot-up.

1️⃣The attack leverages a physical Rubber Ducky device, which exploits the Human Interface Device (HID) protocol to emulate keyboard input. By employing a brute-force approach, the device systematically attempts PIN combinations from 0000 to 9999, saving the correct PIN upon successful authentication. To mitigate detection mechanisms, the attack is designed to halt after five unsuccessful attempts and a 30-minute timeout. Furthermore, the device's configuration and scripting capabilities can be tailored to specific target devices.

> Beyond PIN cracking, the #RubberDucky can be programmed to enable USB debugging, opening the door to a wider range of potential attacks. This includes reverse shell connections, binding shell sessions, and camera exploitation, ultimately exposing the device to data leakage and other security risks.

⚛Here is a working Proof of concept of the latest attack discovered by me that exploits Android Smartphones working on the latest version of Android and the latest security patches that can break Android PIN (4-digit PIN and 6-digit PIN) tested on 20 brands including the Google Pixel series and OnePlus devices. The demonstration can crack PIN patterns and also the PIN that is required before the device is turned on. The device is a rubber ducky that uses an HID exploit that can work like a keyboard and use brute force attack i.e. trying PIN from 0000 to 9999 and also saving the PIN once unlocked. The device is configured to work with a timeout of 30 minutes after 5 attempts and the scripts can be configured based on the device we are working on. It can store 5MB of Python Script which is executed after the Arduino firmware is complete. It works on ATMega chipset and allows the user to also enable USB debugging which can further enable other attacks like reverse shell and binding connections exposing users to Camera exploits and even data leaks.

Ref: Priyank Gada
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁