▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 First, modify the configuration file
T.me/UndercOdeTesting

1) Modify the configuration file / etc / ssh / sshd_config

vim / etc / ssh / sshd_config

modify

#Port 22
#ListenAddress 0.0.0.0
#ListenAddress ::
for

Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::

2) As above, uncomment Port 22 and add a line below it Port 23456


3) The default listening port of SSH is 22, if it is not mandatory, "Port 22" is commented or uncommented, port 22 remote login will be opened by default.

> The above is uncommented and port 22 is reserved to prevent possible permissions and configuration problems that cause port 22 to be inaccessible, which is awkward.

4) Added a line of Port 23456, which is to replace the default port 22. When you modify the port, you should choose a port number between 10000 and 65535. Below 10000 is easy to be occupied by the system or some special software, or newly installed Applications may occupy this port, so do not use port numbers below 10000.

5) Make the sshd configuration take effect

> Execute the following command to make the sshd configuration take effect.

a) CentOS 7.x or above, execute the command

systemctl restart sshd.service

b) CentOS 6.x or below, execute the command

/etc/init.d/sshd restart


6) After taking effect, log in with the new port number

ssh root@47.106.126.167 -p 23456

# ssh root@47.106.126.167 -p 23456
root@47.106.126.167's password:

7) Enter password to login successfully

Note: At this time, both ports 22 and 23456 can successfully log in to ssh.

8) Confirm that the new port can log in, comment out port 22

vim / etc / ssh / sshd_config

Comment out port 22, the final configuration is as follows

#Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::

10) Finally, do n’t forget to modify the configuration file to make it take effect

11 ) CentOS 7.x or above, execute the command

systemctl restart sshd.service

12) CentOS 6.x or below, execute the command

/etc/init.d/sshd restart

13) Third, the firewall allows new port numbers

When using Cloud example, prior to CentOS 7 and enabling the default firewall iptables, you should note that iptables does not block access by default

14) If you configured iptables rules, you need to execute the command to allow new ports:

iptables -A INPUT -p tcp --dport 23456 -j ACCEPT

15) Then execute the restart firewall command

service iptables restart

> Explanation :

16) Firewalld is installed by default after CentOS 7

First, check if the firewall has opened the port number 23456.

> firewall-cmd --permanent --query-port = 23456 / tcp

17) If the print result is no, it means that the 23456 port number is not open, then add the allow new port number and run the command

> firewall-cmd --permanent --add-port = 23456 / tcp

18) If the result is success, the TCP 23456 port number is released.

Next, reload the firewall policy for the configuration to take effect

> firewall-cmd --reload

19) Finally, check again if port 23456 is open

> firewall-cmd --permanent --add-port = 23456 / tcp

20) If a new port number is opened, yes will be printed at this time

> Fourth, the policy group allows new port numbers

21) any cloud server vendors such as Alibaba Cloud and Tencent Cloud have security group policies. If the firewall opens a new port number, but the security group does not open a new port number, it will not be possible to log in via ssh. Therefore, you need to open a new port number in the security group

21) Log in to the ECS Management Console , locate the instance, select Network and Security Group

22) On the Security Group Rule page, click Add Security Group Rule to define the security rule according to the actual usage scenario and allow the newly configured remote port to connect.

written by UNdercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 from yesterday,NEW BUG

> Guardicore's security researchers have revealed a sophisticated malware attack that successfully destroyed more than 800 devices belonging to mid-sized companies in the medical technology industry. The malware masquerades as a WAV file and contains a Monero mining software that uses the infamous EternalBlue vulnerability to compromise devices on the network.

> The only bug in this malware was that it eventually caused the Blue Screen of Death (BSOD) of the infected computer and displayed the relevant error code, which eventually caused the victim to suspect and triggered an in-depth investigation of the incident.

> Researchers said that BSOD was first discovered on October 14 when the machine at the time of the fatal crash was trying to execute a long command line (actually a base-64 encoded PowerShell script). After decoding the script, the researchers obtained a readable Powershell script that was used to deploy the malware. The script first checks the system architecture (based on pointer size). It then reads the value stored in the above registry subkey and loads the value into memory using the Windows API function WriteProcessMemory. The researchers noted that the malware payload is executed by obtaining and calling function pointer delegates.

> The malware tried to spread to other devices on the network using an EternalBlue-based vulnerability, which is the same vulnerability used by WannaCry in 2017 and infected thousands of computers worldwide. After reverse engineering the malware, the researchers found that the malware actually hides the Monero mining module disguised as a WAV file and uses the CryptonightR algorithm to mine the Monero virtual currency. In addition, the malware utilizes steganography and hides its malicious modules in a clear-looking WAV file. "

> Researchers found that the complete removal of malware, including termination of malicious processes, prevented BSOD from occurring on the victim device.
🦑this post from twitter.com/UndercOdeTC, you can get more updates from their

written by UNdercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How install ubuntu server On pc full :
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) go to the the official Ubuntu mirror download page on a separate computer. (Not the one you are turning into a server)

2) Make sure you are under the “Server Install Image” section and download either the 32-bit or 64-bit version of Ubuntu Server.

3) A rule of thumb: If your computer has over 2gb of RAM, the 64 bit version will work fine. You can also check to see if your processor is a 64-bit processor. Most made within the last 8 years are fine. If not, use the 32 bit version which will be slower, but it works with almost all machines.

4) (WINDOWS ONLY) Once downloaded, you burn the Ubuntu Server image file to either a USB drive or a CD

5) Download Rufus to write the iso file to a USB drive.
In Rufus, leave everything as is except change “Create bootable disk using” to “Iso Image” and click the disk icon to select the Ubuntu Server image you downloaded.

6) Click Start to begin writing the image. Agree to all downloads and press OK if a dialog pops up.

7) Download ImgBurn to burn the iso file to a DVD.

8) After going through the installation wizard, open ImgBurn and File >

9) Open the Ubuntu Server iso file. Make sure you have the right drive selected, and click the big button on the bottom to burn to the DVD.
(LINUX ONLY) If you are running Linux, you should already know what you’re doing… Just use dd or Brasero to burn the image.
(OSX ONLY) Use Disk Utility to burn to a DVD.

10) Now that you have you have the Ubuntu Disk on your USB drive or DVD, safely eject from your computer.

11) Plug in the computer, monitor, the keyboard (and the USB drive) to back side of the the old computer. Often the USB drive cannot boot when in the front USB ports.

12) Turn on the computer. When it first turns on, a screen should flash that will give you a key to press to enter into the BIOS/startup menu. Some common keys are ESC, F2, F3, F10, F12. Repeatedly press the keys to enter the BIOS.

13) Often times, you have to go to extra lengths to enable the USB boot. Look for “Hard Drive Boot Sequence” or “Enable USB Drive Boot” or something similar. If you have no luck booting from a USB device, switch to DVD.

14) After saving your changes, the computer will probably restart and boot into Ubuntu this time

15) now install like any linux os
choose partitions and install

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to Install Nginx on Ubuntu :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Install Nginx on Your Ubuntu Server

Nginx is available in the Ubuntu package repositories simple. First, update the apt cache with the following command:

sudo apt update

and install Nginx by issuing:

sudo apt install nginx

Once the installation is completed Nginx will be automatically started.
You can make sure that Nginx service is running with the following command:

sudo systemctl status nginx

The output should look like below:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-03-31 01:50:44 CDT; 8s ago
Main PID: 716 (nginx)
CGroup: /system.slice/nginx.service
├─716 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
├─717 nginx: worker process
├─718 nginx: worker process
├─719 nginx: worker process
└─720 nginx: worker process

2) Open Firewall Ports

If you are using ufw you need to open HTTP port 80 and/or HTTPS port 433. Ufw comes with profiles based on the default ports of most common daemons and programs.

To open both Nginx ports run the following command:

sudo ufw allow 'Nginx Full'

To verify the change run:

sudo ufw status

The output should look like below:

Status: active

To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)

You can now open your browser, enter your server IP address into your browser address bar and you should see the default Nginx page.

3) Managing Nginx Service

You can manage the Nginx service same as any other systemd unit.

Start the nginx service with the following command:

sudo systemctl start nginx

Stop the service with:

sudo systemctl stop nginx

Restart the service with:

sudo systemctl restart nginx

Check the status of the service with:

sudo systemctl status nginx

Enable the service on system boot with:

sudo systemctl enable nginx

Disable the service on system boot with:

sudo systemctl disable nginx

4) Create a New Server Block

The default Nginx installation will have one server block enabled with a document root set to /var/www/html.
In this guide, we will create a new server block for the domain example.com and set the document root to /var/www/example.com.

First, create the domain document root with the following command:

sudo mkdir -p /var/www/example.com

and then create an index.html file with the following content:

sudo vim /var/www/example.com/index.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>example.com</title>
</head>
<body>
<h1>example.com server block</h1>
</body>
</html>

Next, create a new server block with the following content:

sudo vim /etc/nginx/sites-available/example.com.conf

server {
listen 80;
listen [::]:80;

server_name example.com www.example.com;

root /var/www/example.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

Activate the server block by creating a symbolic link :

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

5) Restart Nginx

Test the Nginx configuration and restart nginx:

sudo nginx -t
sudo systemctl restart nginx

6) Now if you enter example.com into your browser address bar you should see example.com server block.

this post Powered by Wiki
Tested by UndercOde on Lastest Version of Ubuntu
e n j o y
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Securing ubuntu server System
Setting up the Firewall
instagram.com/UnderCodeTestingCompany

🦑 Reference: "IPTables :

1) Linux has a built-in Firewall called netfilter, which works via the iptables tool. It uses 3 so-called iptables:

the filter table for filtering the IP packets,
the nat table for network address translation, and
the mangle table for modifying the IP packets.

2) Each table contains a set of chains. Each chain has rules.

3) For the filter table, there are 3 chains (of rules): INPUT (applied to incoming packets), OUTPUT (applied to the outgoing packets), and FORWARD (applied to incoming packets destined for another system). You can list all the current filter rules via the following command:

$ sudo iptables -L // -L to list the current filtering rules.
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// The filter table has 3 chains with no rules

4) The iptables tool is complex. But, we are only concerned about the incoming IP packets, i.e., the INPUT chain of the filter table. To setup incoming packet-filtering via Webmin:

5) Goto "Webmin" ⇒ "Networking" ⇒ "Linux Firewall" ⇒ Select the option "Allow all traffic" and check "Enable firewall at boot time" ⇒ "Setup Firewall".

6) Select the iptable "Packet filtering (filter)". On a fresh installation, there shall be no rules under all the 3 chains: INPUT, OUTPUT and FORWARD.
}
7) Add the following rules, which are necessary for proper operations of the network interface.

8) Under "Incoming packets (INPUT)":
"Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Connection states", select "Equals" for both "Established" and "Related" ⇒ "Create".

9) This rule is necessary to allow incoming packets that are part of an already established IP connection. We will set the rules for new connection later.

10 ) The corresponding Unix command is:

$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
// -A INPUT: append this rule to the INPUT chain
// -m conntrack:
// -ctstate ESTABLISHED,RELATED: connection state
// -j ACCEPT: accept the packet


11) "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Network protocol", select "Equals" for "ICMP" ⇒ "Create".

12) This rule allows incoming packets for ICMP diagnostics such as ping and traceroute.

13) "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Incoming interface", select "Equals" for "lo" (local) ⇒ "Create".

14) This rule allows incoming packets for local loopback interface (or, localhost).

15)Next, create rules for each of the protocol services that are permitted to access the server. This depends on your specific environment.
Under "Incoming packets (INPUT)":

16) To allow incoming SSH connection, which runs on TCP port 22 by default: "Add Rule" ⇒ Set "Action to take" to "Accept" ⇒ For "Network protocol", select "Equals" for "TCP" ⇒ For "Destination TCP or UDP port", select "Equals" and set "Port(s)" to 22 ⇒ For "Connection states", select "Equals" for "NEW".

17) The corresponding Unix command is:

$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
// -A INPUT: append this rule to INPUT chain
// -p tcp: network protocol of tcp
// --dport ssh: ssh default port number (22)
// -j ACCEPT: accept the packet

18) To allow incoming Webmin connection, which runs on TCP port 10000 by default: repeat the above, but choose port 10000.


19) Similarly, you can allow incoming connection for services such as HTTP (default on TCP port 80), HTTPS (default on TCP port 443), Usermin (default on TCP port 20000) Samba (UDP Ports 137-139, TCP ports 137, 139 and 445), PhpMyAdmin (...) ...

20) Finally, set the INPUT chain's default policy to drop packets that don't match any rules.

21) Select "Default action" to "Drop", and click "Set Default Action To" button.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Speed ​​optimization-enable hard disk DMA support Enabling hard-ssd disk DMA support
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it.

1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.

2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
We can use hdparm -Tt / dev / hda to test the effect before and after joining.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Malware collection gd list by UNdercOde
pinterest.com/UndercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Capture and collect your own samples

1) Conpot -ICS / SCADA Honeypot

2) Cowrie -Kippo-based SSH honeypot

3) Dionaea -Honeypot to catch malware

4) Glastopf -Web Application Honeypot

5) Honeyd -Create a virtual honeypot

6) HoneyDrive -Linux distribution for honeypot packages
Mnemosyne -Honeypot data standardization supported by Dinoaea

7) Thug -Low-interaction honeypot for investigating malicious websites
Malware Sample Library

🦑 Collect malware samples for analysis

1) Clean MX -Real-time database of malware and malicious domains

2 )Contagio -Collection of recent malware samples and analysis

3) Exploit Database -Exploit and shellcode samples

4) Malshare -A large library of malicious samples obtained on malicious websites.

5) MalwareDB -Malware sample library

6) Open Malware Project -Sample Information and Download

7)-Ragpicker -A plugin based on the malware crawler.

8) the Zoo -Real-time malicious sample library for analysts

9) Tracker h3x -Agregator's malware tracking and download address
V
10) iruSign -Database of malware detected by anti-virus programs other than ClamAV

11) VirusShare -Malware library

12) VX Vault -Active Collection of Malware Samples

13) Zeltser's Sources -List of malware sample sources compiled by Lenny Zeltser

14) Zeus Source Code -Zeus source code leaked in 2011

🦑 Will write tutorial for each one

written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & SHARE
T.me/UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Disadvantage of kali linux :
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) easy to be hacked

In a normal Linux system, the normal user has an account, and the root user also has a separate account. This is not the case in Kali Linux. Kali Linux uses the root account by default and does not provide a normal user account. This is because almost all security tools available in Kali require root privileges, and to avoid asking you for the root password every minute, this is the design.
>even the root user can be cracked eaaly

2) kALI is not exactly the most search (as in research), and training oriented Linux. You need to find and see Wiki sources

3) In the process of using KALI for NORMAL, you may Trash some of KALI’s specialized settings for it’s own security.

4) there are a few caveats. If you're using a GPU for hash cracking you won't be able to utilize it from the VM and wifi related tools like aircrack-ng obviously need direct access to the hardware. I've tried USB pass through in VBox with USB wifi adapters in Kali and it worked for the most part, but it did get wonky sometimes. If you're doing wifi stuff I would avoid using a VM. Other thing to keep in mind is using pen testing and network analysis tools on local networks. The host OS is going to be visible and chatting away on the local net, which is a bad thing when you're pen testing and it generates spurious traffic you have to filter when you're doing network analysis.

🦑 Still a good Os :
> and refered as weapon for hackers

written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑To run an external (third party, copied) "WORKING" php script : On Termux
Twitter.com/UndercOdeTc
After installing php

1) Pkg updates

2) Sudo pkg install php

3) save your (executable) script.php in /storage/
example : in /storage/emulated/0/Documents/...FULL...PATH.../
(and other files.txt used by the script, if necessary)


4) Then in Termux App,
>
cd /storage/emulated/0/Documents/...FULL...PATH.../
>
php script.php

5) BUT ... before,
"It is necessary to grant storage permission for Termux on [your device with] Android 6 and higher.
Use 'Settings>Apps>Termux>Permissions>Storage' and set to true."

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 malwares Setup 2020
An SSH Honeypot >Cowrie is a medium interaction SSH and Telnet honeypot, which can log brute force attacks and an attacker’s shell interaction
pinterest.com/UndercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Change the Port You’ll Use to Administer the Server
Cowrie will be listening for SSH connections on port 22. You’ll want to configure the SSH service to listen on a different port for you to connect to and administer the server.

2)sudo vi /etc/ssh/sshd_config
Under # What ports, IPs and protocols we listen for, change the port number to 3393 or your preferred port number.

3) Write your changes and quit vi.
Ctrl + C

4) Restart the SSH service.

5) service ssh restart

6) By running the command below, you can see that the server is now listening for connections on port 3393.

7) netstat -tan

> Proto Recv-Q Send-Q Local Address Foreign Address State
tcp0 0 0.0.0.0:3393 0.0.0.0:* LISTEN

🦑 Install and Configure Cowrie

1) Download updated package lists.

> sudo apt-get update

2) Install Cowrie’s dependencies.

> sudo apt-get install python2.7 git virtualenv libmpfr-dev libssl-dev libmpc-dev libffi-dev build-essential libpython-dev python-pip

3) Add a new user named, cowrie.

4) sudo adduser — disabled-password cowrie

5) Switch to the new user, cowrie

> sudo su — cowrie

6) Navigate to the home directory of user, cowrie, and clone the cowrie git repository.
> git clone https://github.com/micheloosterhof/cowrie.git

7) Create a new Python virtual environment for cowrie.

8) cd cowrie

9) virtualenv cowrie-env

10) Activate the virtual environment.

> source cowrie-env/bin/activate

11) The terminal will display (cowrie-env) before the username, cowrie.

12) Install pycrypto, Crypto and other requirements.

13) pip install pycrypto Crypto
(cowrie-env)$ pip install -r requirements.txt

14) Generate a key for the cowrie instance.

15) cd data
ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
cd ..

16) export PYTHONPATH=/home/cowrie/cowrie
Additional Cowrie Configuration

17) Make a copy of the config file for your new cowrie instance.

18) cd /home/cowrie/cowrie/

19) cp cowrie.cfg.dist cowrie.cfg
vi ./cowrie.cfg

20) Set the hostname in the configuration file to a server name of your choice. E.g. fileserver4

21) Change the Port to listen for incoming SSH connections to port 22.

22) Write your changes and quit vi.
Ctrl + C
:wq

23) Enable authbind in cowrie’s start.sh file.
sudo vi /home/cowrie/cowrie/start.sh

Change line 2 to read:
AUTHBIND_ENABLED=yes

24) sudo apt-get install authbind

25) sudo touch /etc/authbind/byport/22

26) sudo chown cowrie /etc/authbind/byport/22

27) sudo chmod 777 /etc/authbind/byport/22

🦑 Start Cowrie

1) Execute the following commands to start Cowrie.

2) sudo su cowrie

3) cd /home/cowrie/cowrie/
source cowrie-env/bin/activate

4) ./start.sh

5) Verify cowrie is listening on port 22 by running the command below.
netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

6) Execute the following command to stop Cowrie.
./stop.sh

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Usefull Tools for IDS / IPS / Host IDS / Host IPS 2020
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Snort - Snort is a free, open source intrusion prevention system (NIPS) and network intrusion detection system (NIDS), created by Martin Roche Snort is currently under development. Sourcefire, founded by Roesch and CTO. In 2009, Snort entered the OpenWork InfoWorld Hall of

2) Fame as one of the “greatest [open source] software samples of all time”.

3) Bro - Bro is a powerful network analysis infrastructure that is very different from the typical IDS you may know.

4) OSSEC - Integrated HIDS open source. Not for the faint of heart. It takes a little to understand how this works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time notification, and an active response. It works on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX, and Windows. Lots of reasonable documentation. Sweet spot - medium to large deployment.

5) Suricata - Suricata is a high-performance mechanism for monitoring
network IDS, IPS and network security. Open Source and belongs to the public non-profit foundation Open Foundation Security Foundation (OISF). Suricata was developed by OISF and its suppliers.

6) Security Onion - Security Onion is a Linux distribution for intrusion detection, network security monitoring and log management. It is based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert,

7) Snorby, ELSA, Xplico, NetworkMiner and many other security tools. The easy-to-use installation wizard allows you to create an army of distributed sensors for your enterprise in minutes!

8) sshwatch - IPS for SSH is similar to DenyHosts written in Python. It can also collect information about an attacker during an attack in a log.

9) Stealth - Check file integrity, which leaves virtually no residue. The controller starts from another computer, which makes it difficult for an attacker to know that the file system is checked at certain pseudorandom intervals via SSH. Highly recommended for small to medium deployments.

11) AIEngine - AIEngine is an interactive / programmable next-generation Python / Ruby / Java / Lua package checker with training capabilities without any human intervention, NIDS (network intrusion detection) System) functionality, DNS domain classification, network collector, network forensics and much more.

12) Denyhosts - Prevent SSH dictionary attacks and brute force attacks.
Fail2Ban - scans log files and performs actions at IP addresses that show malicious behavior.

13) SSHGuard - a service security software in addition to SSH written in C
Lynis is an open source security audit tool for Linux / Unix.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 COMMUN VIRUS-MALWARES 2020 top
twitter.com/UndercodeTC

1) Damn Simple Honeypot (DSHP) - Honeypot framework with pluggable handlers.

2) NOVA - uses honeypots as detectors, looks like a complete system.

3) OpenFlow Honeypot (OFPot) - Redirects traffic for unused IP addresses to a honeypot built on POX.

4) OpenCanary - A modular and decentralized honeypot daemon that runs several Canary versions of services and warns when (ab) is in use.
low- ciscoasa_honeypot Honeypot for a Cisco ASA that can detect CVE-2018-0101, DoS vulnerabilities, and remote code execution.
miniprint - Honeypot mid-interaction printer.

🦑 Botnet C2 Tools

1) Hale - Botnet management and control monitor.

2) dnsMole - analyzes DNS traffic and potentially detects botnet commands and monitors server activity, as well as infected hosts.

3) IPv6 attack detection tool

ipv6 attack detector is a Google Summer of Code 2012 project supported by the Honeynet Project.
dynamic code toolkit

4)Frida - Add JavaScript to explore native applications on Windows, Mac, Linux, iOS, and Android.
A tool for converting a site into server decoys

5) HIHAT - Convert arbitrary PHP applications to high-level Honeypots web interfaces.
malware collector

6) Kippo-Malware is a Python script that downloads all malicious files stored as URLs in the Kippo SSH honeypot database.
Distributed Deployment Sensor

7) Modern Honey Network - Multiple snort and honeypot sensor management, uses a network of virtual machines, small SNORT installations, hidden dioneas and a centralized server for management.

🦑Network analysis tool

1) Tracexploit - play network packets.

2) Anonymizer Journal

3) LogAnon - Anonymous logging library that helps ensure anonymous logs are consistent between logs and network captures.
Low-interaction Honeypot (router back door)

4) Honeypot-32764 - Honeypot for the back door of the router (TCP 32764).

5) WAPot - Honeypot that can be used to monitor traffic directed to home routers.

6) Honeynet Farm Traffic Redirector

Honeymole - Deploying multiple sensors that redirect traffic to a centralized collection of honey pots.

7) HTTPS Proxy

mitmproxy - allows you to intercept, verify, modify and play traffic flows.

🦑System hardware

1) Sysdig - An open-source system-level study allows you to record the status and activity of a system from a running GNU / Linux instance, and then save, filter, and analyze the results.

2) Fibratus - A tool for researching and tracking the Windows kernel.
Honeypot for malware distribution via USB

3) Ghost-usb - Honeypot for malware spreading through USB storage devices.

🦑 Data collection

1) Kippo2MySQL - Extracts some very simple statistics from Kippo text log files and inserts them into a MySQL database.

2) Kippo2ElasticSearch is a Python script for transferring data from the

3) Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster).

4) Passive Network Audit Framework Parser

[Passive Network Audit Infrastructure (pnaf)] ( https://github.com/jusafing/pnaf ) is a platform that combines several passive and automated analysis methods to provide an assessment of the security of network platforms.

🦑 VM monitoring and tools

1) Antivmdetect - Script to create templates for use with VirtualBox to make VM detection more difficult.

2) VMCloak - Automatically create a virtual machine and mask for a cuckoo sandbox.
[vmitools] ( http://libvmi.com/ ) is a C library with Python bindings that makes it easy to track the low-level details of a running virtual machine.

🦑 binary debugger

1) Hexgolems - the server part of the debugger Pint - the server part of the debugger and the LUA shell for the PIN code.

2) Hexgolems - external interface of the debugger Schem - external interface of the debugger.

ALL THOSE AVAIBLE AT GITHUB WILL WROTE SOME TUTORIALS FOR those
Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁