Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔍 A Greener Search: #Firefox Partners with Ecosia
https://undercodenews.com/a-greener-search-firefox-partners-with-ecosia/
@Undercode_News
https://undercodenews.com/a-greener-search-firefox-partners-with-ecosia/
@Undercode_News
UNDERCODE NEWS
A Greener Search: Firefox Partners with Ecosia - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Nvidia's RTX 5060: A Controversial 8GB VRAM Rumor
https://undercodenews.com/nvidias-rtx-5060-a-controversial-8gb-vram-rumor/
@Undercode_News
https://undercodenews.com/nvidias-rtx-5060-a-controversial-8gb-vram-rumor/
@Undercode_News
UNDERCODE NEWS
Nvidia's RTX 5060: A Controversial 8GB VRAM Rumor - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from Exploiting Crew (Pr1vAt3)
🦑🔍 Mastering DNS & DHCP Penetration Testing: Protect Your Network’s Core!
DNS (Domain Name System) and DHCP (Dynamic Host Configuration Protocol) are foundational to network operations. However, their vulnerabilities can make them prime targets for cyberattacks. Understanding how to test and secure these protocols is a critical skill for any cybersecurity professional.
Common DNS Vulnerabilities & Attacks:
1️⃣ DNS Spoofing/Poisoning: Alters DNS responses to redirect users to malicious websites.
2️⃣ DNS Tunneling: Exfiltrates data or establishes backdoors via DNS queries.
3️⃣ Cache Poisoning: Manipulates DNS cache entries to disrupt or redirect traffic.
4️⃣ Zone Transfer Exploitation: Misuses misconfigured servers to access sensitive DNS records.
Common DHCP Vulnerabilities & Attacks:
1️⃣ DHCP Starvation Attack: Exhausts IP leases, causing network disruptions.
2️⃣ Rogue DHCP Server Attack: Deploys unauthorized DHCP servers to provide malicious configurations.
3️⃣ Man-in-the-Middle (MITM) Attacks: Exploits DHCP to intercept sensitive data.
4️⃣ IP Address Spoofing: Mimics authorized devices to gain network access.
Steps to Perform DNS & DHCP Penetration Testing:
1️⃣ Reconnaissance:
• Use tools like Dig, DNSRecon, and Fierce to identify DNS configurations.
• Scan for active DHCP servers using DHCPig or Yersinia.
2️⃣ Vulnerability Analysis:
• Check for weak configurations in DNS records (e.g., open zone transfers).
• Identify rogue DHCP servers or insufficient IP allocations.
3️⃣ Exploitation:
• Simulate DNS Spoofing or Cache Poisoning to test resilience.
• Perform DHCP Starvation or Rogue Server attacks in a controlled environment.
4️⃣ Remediation:
• Harden DNS configurations (disable unused services, restrict zone transfers).
• Enable DHCP snooping and IP source guard to prevent rogue DHCP servers.
Pro Tip for Defenders:
• Implement DNSSEC (Domain Name System Security Extensions) to validate DNS responses.
• Regularly monitor and test DHCP and DNS servers for vulnerabilities.
📌 Remember: Always test ethically with proper authorization!
🔐 DNS and DHCP are the backbone of every network. Securing them not only prevents breaches but ensures smooth operations for businesses.
DNS (Domain Name System) and DHCP (Dynamic Host Configuration Protocol) are foundational to network operations. However, their vulnerabilities can make them prime targets for cyberattacks. Understanding how to test and secure these protocols is a critical skill for any cybersecurity professional.
Common DNS Vulnerabilities & Attacks:
1️⃣ DNS Spoofing/Poisoning: Alters DNS responses to redirect users to malicious websites.
2️⃣ DNS Tunneling: Exfiltrates data or establishes backdoors via DNS queries.
3️⃣ Cache Poisoning: Manipulates DNS cache entries to disrupt or redirect traffic.
4️⃣ Zone Transfer Exploitation: Misuses misconfigured servers to access sensitive DNS records.
Common DHCP Vulnerabilities & Attacks:
1️⃣ DHCP Starvation Attack: Exhausts IP leases, causing network disruptions.
2️⃣ Rogue DHCP Server Attack: Deploys unauthorized DHCP servers to provide malicious configurations.
3️⃣ Man-in-the-Middle (MITM) Attacks: Exploits DHCP to intercept sensitive data.
4️⃣ IP Address Spoofing: Mimics authorized devices to gain network access.
Steps to Perform DNS & DHCP Penetration Testing:
1️⃣ Reconnaissance:
• Use tools like Dig, DNSRecon, and Fierce to identify DNS configurations.
• Scan for active DHCP servers using DHCPig or Yersinia.
2️⃣ Vulnerability Analysis:
• Check for weak configurations in DNS records (e.g., open zone transfers).
• Identify rogue DHCP servers or insufficient IP allocations.
3️⃣ Exploitation:
• Simulate DNS Spoofing or Cache Poisoning to test resilience.
• Perform DHCP Starvation or Rogue Server attacks in a controlled environment.
4️⃣ Remediation:
• Harden DNS configurations (disable unused services, restrict zone transfers).
• Enable DHCP snooping and IP source guard to prevent rogue DHCP servers.
Pro Tip for Defenders:
• Implement DNSSEC (Domain Name System Security Extensions) to validate DNS responses.
• Regularly monitor and test DHCP and DNS servers for vulnerabilities.
📌 Remember: Always test ethically with proper authorization!
🔐 DNS and DHCP are the backbone of every network. Securing them not only prevents breaches but ensures smooth operations for businesses.
Forwarded from Exploiting Crew (Pr1vAt3)
DNS&DHCP_HACK.pdf
2.1 MB
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ #Windows 11 Gets a Much-Needed Webcam Upgrade
https://undercodenews.com/windows-11-gets-a-much-needed-webcam-upgrade/
@Undercode_News
https://undercodenews.com/windows-11-gets-a-much-needed-webcam-upgrade/
@Undercode_News
UNDERCODE NEWS
Windows 11 Gets a Much-Needed Webcam Upgrade - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ A Transatlantic Dream: Musk's Vision for a New York-London Tunnel
https://undercodenews.com/a-transatlantic-dream-musks-vision-for-a-new-york-london-tunnel/
@Undercode_News
https://undercodenews.com/a-transatlantic-dream-musks-vision-for-a-new-york-london-tunnel/
@Undercode_News
UNDERCODE NEWS
A Transatlantic Dream: Musk's Vision for a New York-London Tunnel - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from Exploiting Crew (Pr1vAt3)
🦑Cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication:
>> How Does it work?
Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine
Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting
For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser
You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript
>> For HTTPS?
Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa
*SSLstrip --> https://github.com/moxie0/sslstrip.git
Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
>> How Does it work?
Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine
Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting
For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser
You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript
>> For HTTPS?
Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa
*SSLstrip --> https://github.com/moxie0/sslstrip.git
Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication
🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :
1️⃣ git clone https://github.com/vrikodar/Big-Papa.git
2️⃣cd Big-Papa
3️⃣chmod +x install.sh
4️⃣ ./install.sh
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
A tool for exploiting Moxie Marlinspike's SSL "stripping" attack. - moxie0/sslstrip
🐙Do you think quantum computers will spell the end of Tor anonymity?
Anonymous Quiz
100%
Yes, it's inevitable
0%
No, Tor will adapt
0%
Not sure / Need more info
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 Why Breaches Happen: Uncovering the Hidden Vulnerabilities
https://undercodenews.com/why-breaches-happen-uncovering-the-hidden-vulnerabilities/
@Undercode_News
https://undercodenews.com/why-breaches-happen-uncovering-the-hidden-vulnerabilities/
@Undercode_News
UNDERCODE NEWS
Why Breaches Happen: Uncovering the Hidden Vulnerabilities - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🛡️ Shield Your Etsy Shop: A Guide to Outsmarting Scammers
https://undercodenews.com/shield-your-etsy-shop-a-guide-to-outsmarting-scammers/
@Undercode_News
https://undercodenews.com/shield-your-etsy-shop-a-guide-to-outsmarting-scammers/
@Undercode_News
UNDERCODE NEWS
Shield Your Etsy Shop: A Guide to Outsmarting Scammers - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
A Glimpse into the Future: Innovation, Challenges, and #AI
https://undercodenews.com/a-glimpse-into-the-future-innovation-challenges-and-ai/
@Undercode_News
https://undercodenews.com/a-glimpse-into-the-future-innovation-challenges-and-ai/
@Undercode_News
UNDERCODE NEWS
A Glimpse into the Future: Innovation, Challenges, and AI - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ The Wall Street Journal Launches a New Brand Campaign
https://undercodenews.com/the-wall-street-journal-launches-a-new-brand-campaign/
@Undercode_News
https://undercodenews.com/the-wall-street-journal-launches-a-new-brand-campaign/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Climate Change and the Urgent Need for Action
https://undercodenews.com/climate-change-and-the-urgent-need-for-action/
@Undercode_News
https://undercodenews.com/climate-change-and-the-urgent-need-for-action/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 A New Stealthy Threat: Borealis Stealer
https://undercodenews.com/a-new-stealthy-threat-borealis-stealer/
@Undercode_News
https://undercodenews.com/a-new-stealthy-threat-borealis-stealer/
@Undercode_News
UNDERCODE NEWS
A New Stealthy Threat: Borealis Stealer - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚡️ #WhatsApp for #iOS 242580: A New Era for Photo and Video Albums
https://undercodenews.com/whatsapp-for-ios-242580-a-new-era-for-photo-and-video-albums/
@Undercode_News
https://undercodenews.com/whatsapp-for-ios-242580-a-new-era-for-photo-and-video-albums/
@Undercode_News
UNDERCODE NEWS
WhatsApp for iOS 242580: A New Era for Photo and Video Albums - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Threads Surges: Daily Active Users Exceed 100 Million
https://undercodenews.com/threads-surges-daily-active-users-exceed-100-million/
@Undercode_News
https://undercodenews.com/threads-surges-daily-active-users-exceed-100-million/
@Undercode_News
UNDERCODE NEWS
Threads Surges: Daily Active Users Exceed 100 Million - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…