Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆCookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication:
>> How Does it work?
Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine
Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting
For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser
You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript
>> For HTTPS?
Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa
*SSLstrip --> https://github.com/moxie0/sslstrip.git
Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
>> How Does it work?
Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine
Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting
For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser
You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript
>> For HTTPS?
Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa
*SSLstrip --> https://github.com/moxie0/sslstrip.git
Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃ git clone https://github.com/vrikodar/Big-Papa.git
2๏ธโฃcd Big-Papa
3๏ธโฃchmod +x install.sh
4๏ธโฃ ./install.sh
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
A tool for exploiting Moxie Marlinspike's SSL "stripping" attack. - moxie0/sslstrip
๐Do you think quantum computers will spell the end of Tor anonymity?
Anonymous Quiz
100%
Yes, it's inevitable
0%
No, Tor will adapt
0%
Not sure / Need more info
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ Why Breaches Happen: Uncovering the Hidden Vulnerabilities
https://undercodenews.com/why-breaches-happen-uncovering-the-hidden-vulnerabilities/
@Undercode_News
https://undercodenews.com/why-breaches-happen-uncovering-the-hidden-vulnerabilities/
@Undercode_News
UNDERCODE NEWS
Why Breaches Happen: Uncovering the Hidden Vulnerabilities - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ก๏ธ Shield Your Etsy Shop: A Guide to Outsmarting Scammers
https://undercodenews.com/shield-your-etsy-shop-a-guide-to-outsmarting-scammers/
@Undercode_News
https://undercodenews.com/shield-your-etsy-shop-a-guide-to-outsmarting-scammers/
@Undercode_News
UNDERCODE NEWS
Shield Your Etsy Shop: A Guide to Outsmarting Scammers - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
A Glimpse into the Future: Innovation, Challenges, and #AI
https://undercodenews.com/a-glimpse-into-the-future-innovation-challenges-and-ai/
@Undercode_News
https://undercodenews.com/a-glimpse-into-the-future-innovation-challenges-and-ai/
@Undercode_News
UNDERCODE NEWS
A Glimpse into the Future: Innovation, Challenges, and AI - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ The Wall Street Journal Launches a New Brand Campaign
https://undercodenews.com/the-wall-street-journal-launches-a-new-brand-campaign/
@Undercode_News
https://undercodenews.com/the-wall-street-journal-launches-a-new-brand-campaign/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Climate Change and the Urgent Need for Action
https://undercodenews.com/climate-change-and-the-urgent-need-for-action/
@Undercode_News
https://undercodenews.com/climate-change-and-the-urgent-need-for-action/
@Undercode_News
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ A New Stealthy Threat: Borealis Stealer
https://undercodenews.com/a-new-stealthy-threat-borealis-stealer/
@Undercode_News
https://undercodenews.com/a-new-stealthy-threat-borealis-stealer/
@Undercode_News
UNDERCODE NEWS
A New Stealthy Threat: Borealis Stealer - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
โก๏ธ #WhatsApp for #iOS 242580: A New Era for Photo and Video Albums
https://undercodenews.com/whatsapp-for-ios-242580-a-new-era-for-photo-and-video-albums/
@Undercode_News
https://undercodenews.com/whatsapp-for-ios-242580-a-new-era-for-photo-and-video-albums/
@Undercode_News
UNDERCODE NEWS
WhatsApp for iOS 242580: A New Era for Photo and Video Albums - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Threads Surges: Daily Active Users Exceed 100 Million
https://undercodenews.com/threads-surges-daily-active-users-exceed-100-million/
@Undercode_News
https://undercodenews.com/threads-surges-daily-active-users-exceed-100-million/
@Undercode_News
UNDERCODE NEWS
Threads Surges: Daily Active Users Exceed 100 Million - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ๐ฆ๐ข๐ฃ๐ (๐ฆ๐๐ฎ๐ป๐ฑ๐ฎ๐ฟ๐ฑ ๐ข๐ฝ๐ฒ๐ฟ๐ฎ๐๐ถ๐ผ๐ป ๐ฃ๐ฟ๐ผ๐ฐ๐ฒ๐ฑ๐๐ฟ๐ฒ๐) / ๐ฃ๐น๐ฎ๐๐ฏ๐ผ๐ผ๐ธ๐ / ๐ฅ๐๐ป๐ฏ๐ผ๐ผ๐ธ๐โจ
A playbook, also known as a standard operating procedure (SOP), consists of a set of guidelines to handle security incidents and alerts in the SOC.
Incident response methodologies typically involve creating standard operating procedures (SOPs), playbooks, and runbooks to guide teams through the incident response process.
These gudelines provide easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved.
Source: https://lnkd.in/eudq_jJi
Thanks to Societe Generale
โ Worm Infection: https://lnkd.in/ez-kq98Y
โ Social Engineering: https://lnkd.in/e_FJbxDP
โ Information Leakage: https://lnkd.in/eeN8KX8g
โ Insider Abuse: https://lnkd.in/ep4p_THk
โ Customer Phishing: https://lnkd.in/ekTfY7vz
โ Scam: https://lnkd.in/eUHwG3fF
โ Trademark infringement: https://lnkd.in/e3P3xfeb
โ Phishing: https://lnkd.in/eYTi3RQ8
โ Ransomware: https://lnkd.in/eRkctdQn
โ Large_scale_compromise: https://lnkd.in/eYFF43b4
โ 3rd-party_compromise: https://lnkd.in/e8SAu5MT
โ Windows Intrusion: https://lnkd.in/eXCpcx9V
โ Unix Linux lntrusionDetection: https://lnkd.in/eHkm6MMe
โ DDOS: https://lnkd.in/eQ7zZzVt
โ MaliciousNetworkBehaviour: https://lnkd.in/ewVZy2cs
โ Website-Defacement: https://lnkd.in/eraNiHcH
โ WindowsMalwareDetection: https://lnkd.in/ewEx_C6Y
โ Blackmail: https://lnkd.in/eW3zGcPs
โ SmartphoneMalware.pdf: https://lnkd.in/ezjyY4G9
Ref:
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
A playbook, also known as a standard operating procedure (SOP), consists of a set of guidelines to handle security incidents and alerts in the SOC.
Incident response methodologies typically involve creating standard operating procedures (SOPs), playbooks, and runbooks to guide teams through the incident response process.
These gudelines provide easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved.
Source: https://lnkd.in/eudq_jJi
Thanks to Societe Generale
โ Worm Infection: https://lnkd.in/ez-kq98Y
โ Social Engineering: https://lnkd.in/e_FJbxDP
โ Information Leakage: https://lnkd.in/eeN8KX8g
โ Insider Abuse: https://lnkd.in/ep4p_THk
โ Customer Phishing: https://lnkd.in/ekTfY7vz
โ Scam: https://lnkd.in/eUHwG3fF
โ Trademark infringement: https://lnkd.in/e3P3xfeb
โ Phishing: https://lnkd.in/eYTi3RQ8
โ Ransomware: https://lnkd.in/eRkctdQn
โ Large_scale_compromise: https://lnkd.in/eYFF43b4
โ 3rd-party_compromise: https://lnkd.in/e8SAu5MT
โ Windows Intrusion: https://lnkd.in/eXCpcx9V
โ Unix Linux lntrusionDetection: https://lnkd.in/eHkm6MMe
โ DDOS: https://lnkd.in/eQ7zZzVt
โ MaliciousNetworkBehaviour: https://lnkd.in/ewVZy2cs
โ Website-Defacement: https://lnkd.in/eraNiHcH
โ WindowsMalwareDetection: https://lnkd.in/ewEx_C6Y
โ Blackmail: https://lnkd.in/eW3zGcPs
โ SmartphoneMalware.pdf: https://lnkd.in/ezjyY4G9
Ref:
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
EU Slams the Brakes on Russian Cyber Warfare
https://undercodenews.com/eu-slams-the-brakes-on-russian-cyber-warfare/
@Undercode_News
https://undercodenews.com/eu-slams-the-brakes-on-russian-cyber-warfare/
@Undercode_News
UNDERCODE NEWS
EU Slams the Brakes on Russian Cyber Warfare - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ก๏ธ Generative #AI: A Double-Edged Sword for Cybersecurity
https://undercodenews.com/generative-ai-a-double-edged-sword-for-cybersecurity/
@Undercode_News
https://undercodenews.com/generative-ai-a-double-edged-sword-for-cybersecurity/
@Undercode_News
UNDERCODE NEWS
Generative AI: A Double-Edged Sword for Cybersecurity - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
The Remote Work Backlash: A Closer Look
https://undercodenews.com/the-remote-work-backlash-a-closer-look/
@Undercode_News
https://undercodenews.com/the-remote-work-backlash-a-closer-look/
@Undercode_News
UNDERCODE NEWS
The Remote Work Backlash: A Closer Look - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#AI: The Business Catalyst of 2025
https://undercodenews.com/ai-the-business-catalyst-of-2025/
@Undercode_News
https://undercodenews.com/ai-the-business-catalyst-of-2025/
@Undercode_News
UNDERCODE NEWS
AI: The Business Catalyst of 2025 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE TESTING
๐ฆFree AI image to video + Offline models :
https://huggingface.co/collections/neox1969/image-to-video-65471876af5d7944323566f5
https://huggingface.co/collections/neox1969/image-to-video-65471876af5d7944323566f5
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ #Apple Faces Criminal Charges Over Alleged Use of Conflict Minerals
https://undercodenews.com/apple-faces-criminal-charges-over-alleged-use-of-conflict-minerals/
@Undercode_News
https://undercodenews.com/apple-faces-criminal-charges-over-alleged-use-of-conflict-minerals/
@Undercode_News
UNDERCODE NEWS
Apple Faces Criminal Charges Over Alleged Use of Conflict Minerals - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Samsung Gears Up for #Galaxy S25 Launch and Beyond
https://undercodenews.com/samsung-gears-up-for-galaxy-s25-launch-and-beyond/
@Undercode_News
https://undercodenews.com/samsung-gears-up-for-galaxy-s25-launch-and-beyond/
@Undercode_News
UNDERCODE NEWS
Samsung Gears Up for Galaxy S25 Launch and Beyond - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ