β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy ) :
π¦REQUIREMENTS :
Arduino Software
TeensyDuino
Linux udev rules
π¦INSTALLISATION & RUN :
1) Copy and paste the PaensyLib folder inside your Arduino\libraries
> git clone https://github.com/Screetsec/Brutal.git
2) cd Brutal
3) chmod +x Brutal.sh
4) sudo ./Brutal.sh or sudo su ./Brutal.sh
π¦Tested by undercode
> parrot-kali
> rooted termux
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,powershell attack , virus attack and launch listener for a Human Interface Device ( Payload Teensy ) :
π¦REQUIREMENTS :
Arduino Software
TeensyDuino
Linux udev rules
π¦INSTALLISATION & RUN :
1) Copy and paste the PaensyLib folder inside your Arduino\libraries
> git clone https://github.com/Screetsec/Brutal.git
2) cd Brutal
3) chmod +x Brutal.sh
4) sudo ./Brutal.sh or sudo su ./Brutal.sh
π¦Tested by undercode
> parrot-kali
> rooted termux
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - screetsec/Brutal: Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HIDβ¦
Payload for teensy like a rubber ducky but the syntax is different. this Human interfaes device ( HID attacks ). Penetration With Teensy . Brutal is a toolkit to quickly create various payload,pow...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Process injections in action- examples :
1) DoublePulsar
An analysis of the kernel mode payload of the famous DoublePulsar code by F-Secure revealed that it utilizes a form of DLL injection to load a DLL into a target process (in this case, lsass.exe) using an Asynchronous Procedure Call (APC). It did not utilize the standard Windows API commands such as LoadLibrary and did not write the DLL to disk, making it stealthier.
2) Cobalt Strike
Cobalt Strike is a penetration testing software that was designed to execute targeted attacks and emulate post-exploitations actions of advanced threat actors through a listener called a beacon.
> Cobalt Strike commands such as keylogger, screenshot and so on were designed to be injected into another process for it to work. The listener is injected into a specific process (a personal favorite is explorer.exe because the process is always running in a GUI environment) and the keystroke logger will monitor all keystrokes via the infected process. It then reports them to the beacon console without writing to disk. This only stops when the process terminates or the keystroke logger job is terminated by the user.
3) Lazarus Group
The Lazarus Group (also known as βHidden Cobraβ) is a threat group headquartered in North Korea whose malicious activities span across multiple years, as far back as 2009. Since 2016, the group has been conducting βFASTCashβ attacks β stealing money from ATMs from target banks in Africa and Asia. The target bankβs network is compromised and a malware known as Trojan.Fashcash is deployed on the network.
> An analysis of the malware reveals that malicious Advanced Interactive eXecutive (βAIXβ) executable files are injected into legitimate processes on the payment application servers used in handling ATM transactions. The executable allows the group to monitor, intercept and generate responses to fraudulent transaction requests using fake ISO 8583 (standard used for financial transaction messaging) messages. This allows attempts to withdraw cash via an ATM to be successful.
4) APT41
APT41 is a threat group headquartered in China and known for carrying out Chinese state-sponsored espionage campaigns dating as far back as 2012.
π¦The group is known for its software supply chain attacks, where TTPs developed from accessing video game production environments are utilized. These TTPs are used to compromise software companies and malicious codes are injected into software updates distributed to victim organizations.
5) WINTERLOVE is a backdoor used by the group to load and execute remote code in a running process (e.g., iexplorer.exe) and can be used to enumerate system files and directories.
6) Mitigation/prevention
DLL injection is not necessarily a bad technique as many applications use it for legitimate purposes such as your Antivirus/Endpoint Detection and Response (βEDRβ)7 solutions which inject their own codes/agents into running processes in order to monitor the process and detect abnormal activities. Therefore, making it hard to detect especially since it runs under a legitimate process.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Process injections in action- examples :
1) DoublePulsar
An analysis of the kernel mode payload of the famous DoublePulsar code by F-Secure revealed that it utilizes a form of DLL injection to load a DLL into a target process (in this case, lsass.exe) using an Asynchronous Procedure Call (APC). It did not utilize the standard Windows API commands such as LoadLibrary and did not write the DLL to disk, making it stealthier.
2) Cobalt Strike
Cobalt Strike is a penetration testing software that was designed to execute targeted attacks and emulate post-exploitations actions of advanced threat actors through a listener called a beacon.
> Cobalt Strike commands such as keylogger, screenshot and so on were designed to be injected into another process for it to work. The listener is injected into a specific process (a personal favorite is explorer.exe because the process is always running in a GUI environment) and the keystroke logger will monitor all keystrokes via the infected process. It then reports them to the beacon console without writing to disk. This only stops when the process terminates or the keystroke logger job is terminated by the user.
3) Lazarus Group
The Lazarus Group (also known as βHidden Cobraβ) is a threat group headquartered in North Korea whose malicious activities span across multiple years, as far back as 2009. Since 2016, the group has been conducting βFASTCashβ attacks β stealing money from ATMs from target banks in Africa and Asia. The target bankβs network is compromised and a malware known as Trojan.Fashcash is deployed on the network.
> An analysis of the malware reveals that malicious Advanced Interactive eXecutive (βAIXβ) executable files are injected into legitimate processes on the payment application servers used in handling ATM transactions. The executable allows the group to monitor, intercept and generate responses to fraudulent transaction requests using fake ISO 8583 (standard used for financial transaction messaging) messages. This allows attempts to withdraw cash via an ATM to be successful.
4) APT41
APT41 is a threat group headquartered in China and known for carrying out Chinese state-sponsored espionage campaigns dating as far back as 2012.
π¦The group is known for its software supply chain attacks, where TTPs developed from accessing video game production environments are utilized. These TTPs are used to compromise software companies and malicious codes are injected into software updates distributed to victim organizations.
5) WINTERLOVE is a backdoor used by the group to load and execute remote code in a running process (e.g., iexplorer.exe) and can be used to enumerate system files and directories.
6) Mitigation/prevention
DLL injection is not necessarily a bad technique as many applications use it for legitimate purposes such as your Antivirus/Endpoint Detection and Response (βEDRβ)7 solutions which inject their own codes/agents into running processes in order to monitor the process and detect abnormal activities. Therefore, making it hard to detect especially since it runs under a legitimate process.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is the system shutdown/reboot attack technique?
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
π¦What is MITRE ATT&CK?
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ EDU ACCOUNTS β
β
:
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Microsoft
Free Microsoft Office online, Word, Excel, PowerPoint, formerly Office Online
With Microsoft 365 for the web (formally Office 365) you can edit and share Word, Excel, PowerPoint, and OneNote files on your devices using a web browser.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Troubleshooting Slow Networks with Wireshark 956 MB
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
Pluralsight
Troubleshooting Slow Networks with Wireshark
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exclusive sharing, STM32 series ID number encryption cracking method -For Experts @UndercodeTesting
1) Read the complete program segment, search the keyword section "E8F7FF 1F", because the unique
96-bit (12 byte) ID base address of STM32 is located at 0x1FFF7E8, if the ID
verification is involved in the program segment , the ID index in the chip will be read The address. .
2) Read the 96-bit (12-byte) ID code of the address of this chip with an anal device, find the empty area,
3) write to this address, and change the index address: for example, the chip ID code is "34 FF DA 05 4E50 38
31 19 65 18 43 "select the starting address area 0x80000020, enter" 34
FF 1843 " in the first four bytes , and enter" 34 FF DA 05 4E 50 38 31 19 65 18 43 "in the last 12 bytes
, the index" E8F7FF1F "in the chip All are changed to "20000008"
> This is a common method of removing soft encryption
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exclusive sharing, STM32 series ID number encryption cracking method -For Experts @UndercodeTesting
1) Read the complete program segment, search the keyword section "E8F7FF 1F", because the unique
96-bit (12 byte) ID base address of STM32 is located at 0x1FFF7E8, if the ID
verification is involved in the program segment , the ID index in the chip will be read The address. .
2) Read the 96-bit (12-byte) ID code of the address of this chip with an anal device, find the empty area,
3) write to this address, and change the index address: for example, the chip ID code is "34 FF DA 05 4E50 38
31 19 65 18 43 "select the starting address area 0x80000020, enter" 34
FF 1843 " in the first four bytes , and enter" 34 FF DA 05 4E 50 38 31 19 65 18 43 "in the last 12 bytes
, the index" E8F7FF1F "in the chip All are changed to "20000008"
> This is a common method of removing soft encryption
β β β ο½ππ»βΊπ«Δπ¬πβ β β β