β β β Uππ»βΊπ«6π¬πβ β β β
π¦crackle cracks BLE Encryption (AKA Bluetooth Smart).
crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£download or clone https://github.com/mikeryan/crackle
2οΈβ£In Crack TK mode, crackle requires a PCAP file that contains a BLE pairing event. The best way to generate such a file is to use an Ubertooth to capture a pairing event between a master and a slave.
3οΈβ£To check if your PCAP file contains all the necessary packets, run crackle with the -i option:
> crackle -i <file.pcap>
4οΈβ£crackle will analyze each connection in the input file and output the results of its analysis to stdout. If you have all the components of a pairing conversation, the output will look like this:
> Analyzing connection 0:
xx:xx:xx:xx:xx:xx (public) -> yy:yy:yy:yy:yy:yy (p
.........
5οΈβ£To decrypt all packets, add the -o option:
> crackle -i <file.pcap> -o <output.pcap>
π¦FOR MORE INFO https://github.com/mikeryan/crackle/blob/master/FAQ.md
> https://lacklustre.net/bluetooth/crackle-sample.tgz
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦crackle cracks BLE Encryption (AKA Bluetooth Smart).
crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£download or clone https://github.com/mikeryan/crackle
2οΈβ£In Crack TK mode, crackle requires a PCAP file that contains a BLE pairing event. The best way to generate such a file is to use an Ubertooth to capture a pairing event between a master and a slave.
3οΈβ£To check if your PCAP file contains all the necessary packets, run crackle with the -i option:
> crackle -i <file.pcap>
4οΈβ£crackle will analyze each connection in the input file and output the results of its analysis to stdout. If you have all the components of a pairing conversation, the output will look like this:
> Analyzing connection 0:
xx:xx:xx:xx:xx:xx (public) -> yy:yy:yy:yy:yy:yy (p
.........
5οΈβ£To decrypt all packets, add the -o option:
> crackle -i <file.pcap> -o <output.pcap>
π¦FOR MORE INFO https://github.com/mikeryan/crackle/blob/master/FAQ.md
> https://lacklustre.net/bluetooth/crackle-sample.tgz
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - mikeryan/crackle: Crack and decrypt BLE encryption
Crack and decrypt BLE encryption. Contribute to mikeryan/crackle development by creating an account on GitHub.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TOR SERVER MANUA INSTALL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install torctl on Kali Linux
1) sudo apt install tor macchanger secure-delete
2) git clone https://github.com/BlackArch/torctl
3) cd torctl
4) sudo mv service/* /etc/systemd/system/
5) Sudo mv bash-completion/torctl /usr/share/bash-completion/completions/torctl
6) sed -i 's/start_service iptables//' torctl
7) sed -i 's/TOR_UID="tor"/TOR_UID="debian-tor"/' torctl
8) sudo mv torctl /usr/bin/torctl
9) cd .. && rm -rf torctl/
10) torctl --help
11) Install torctl in BlackArch
12) sudo pacman -S torctl
13) To find out your current IP, do:
> torctl ip
14) To start Tor as a transparent proxy:
15) sudo torctl start
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TOR SERVER MANUA INSTALL :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Install torctl on Kali Linux
1) sudo apt install tor macchanger secure-delete
2) git clone https://github.com/BlackArch/torctl
3) cd torctl
4) sudo mv service/* /etc/systemd/system/
5) Sudo mv bash-completion/torctl /usr/share/bash-completion/completions/torctl
6) sed -i 's/start_service iptables//' torctl
7) sed -i 's/TOR_UID="tor"/TOR_UID="debian-tor"/' torctl
8) sudo mv torctl /usr/bin/torctl
9) cd .. && rm -rf torctl/
10) torctl --help
11) Install torctl in BlackArch
12) sudo pacman -S torctl
13) To find out your current IP, do:
> torctl ip
14) To start Tor as a transparent proxy:
15) sudo torctl start
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - BlackArch/torctl: Script to redirect all traffic through tor network including dns queries for anonymizing entire system
Script to redirect all traffic through tor network including dns queries for anonymizing entire system - BlackArch/torctl
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ North Korean hackers are plundering credit card details from online shoppers
#NEWS
>Hackers related to the infamous North Korean Lazarus Group are breaking into online stores and stealing customer credit card details when customers visit the checkout page. These attacks, known as "web looting" or "Magecart attacks," have been ongoing since May 2019 and attacked large retailers such as international fashion chain Claire's.
>Dutch cybersecurity company SanSec reported these attacks. It writes that digital predatory technology has been growing since 2015, and although traditionally used by Russian and Indonesian-language hacker organizations, North Korean criminals supported by the government are now intercepting credit card details in online stores.
>The attack involves obtaining access to the back-end server of the online store, usually by sending a booby-mail to employees to obtain their password. Hackers sneaked into the jewelry store Claire's website in April and June. Once the website is compromised, the malicious script will be loaded on the checkout page and stolen when the credit card details are entered into the form. Once the transaction is completed, the intercepted data will be sent to a collection server controlled by the hacker organization and sold on the dark web.
>The group has established a global penetration network to profit from predatory operations. This includes hijacking and reusing legitimate websites, disguising as criminal activity, and delivering stolen assets. A model agency in Milan, an antique music store in Tehran, and a family-run bookstore in New Jersey are all part of the network.
>Researchers at Sansec discovered that there was a link between the activity and previous North Korean hacking operations. The evidence points to Hidden Cobra, also known as the Lazarus Group, which was behind the 2014 Sony Pictures hacking and the Bangladesh Bank robbery in 2016, and is widely regarded as the initiator of WannaCry malware.
#news
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ North Korean hackers are plundering credit card details from online shoppers
#NEWS
>Hackers related to the infamous North Korean Lazarus Group are breaking into online stores and stealing customer credit card details when customers visit the checkout page. These attacks, known as "web looting" or "Magecart attacks," have been ongoing since May 2019 and attacked large retailers such as international fashion chain Claire's.
>Dutch cybersecurity company SanSec reported these attacks. It writes that digital predatory technology has been growing since 2015, and although traditionally used by Russian and Indonesian-language hacker organizations, North Korean criminals supported by the government are now intercepting credit card details in online stores.
>The attack involves obtaining access to the back-end server of the online store, usually by sending a booby-mail to employees to obtain their password. Hackers sneaked into the jewelry store Claire's website in April and June. Once the website is compromised, the malicious script will be loaded on the checkout page and stolen when the credit card details are entered into the form. Once the transaction is completed, the intercepted data will be sent to a collection server controlled by the hacker organization and sold on the dark web.
>The group has established a global penetration network to profit from predatory operations. This includes hijacking and reusing legitimate websites, disguising as criminal activity, and delivering stolen assets. A model agency in Milan, an antique music store in Tehran, and a family-run bookstore in New Jersey are all part of the network.
>Researchers at Sansec discovered that there was a link between the activity and previous North Korean hacking operations. The evidence points to Hidden Cobra, also known as the Lazarus Group, which was behind the 2014 Sony Pictures hacking and the Bangladesh Bank robbery in 2016, and is widely regarded as the initiator of WannaCry malware.
#news
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack.chat
hack.chat is a minimal, distraction-free, accountless, logless, disappearing chat service which is easily deployable as your own service. The current client comes bundled with LaTeX rendering provided by KaTeX and code syntax highlighting provided by highlight.js
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Clone the repository: git clone https://github.com/hack-chat/main.git
2οΈβ£Change the directory: cd main
3οΈβ£Install the dependencies: npm install
4οΈβ£Launch: npm start
5οΈβ£If you change the websocketPort option during the config setup then these changes will need to be reflected on line 60 of client.js.
6οΈβ£The commands are to be sent through a websocket to the URL wss://hack.chat/chat-ws (everything sent and received are JSON). If you are sending messages locally or to another domain, replace 'hack.chat' with the respective domain. If you're running your own instance of hack.chat, you can retain backwards-compatibility in order to ensure that software created for the main server will work on yours too.
All commands sent must be JSON objects with the command specified in the "cmd" key. For example:
{
"cmd": "join",
"channel": "programming",
"nick": "john#doe"
}
7οΈβ£FOR MORE USAGE :
https://github.com/hack-chat/main/blob/master/documentation/DOCUMENTATION.md
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack.chat
hack.chat is a minimal, distraction-free, accountless, logless, disappearing chat service which is easily deployable as your own service. The current client comes bundled with LaTeX rendering provided by KaTeX and code syntax highlighting provided by highlight.js
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Clone the repository: git clone https://github.com/hack-chat/main.git
2οΈβ£Change the directory: cd main
3οΈβ£Install the dependencies: npm install
4οΈβ£Launch: npm start
5οΈβ£If you change the websocketPort option during the config setup then these changes will need to be reflected on line 60 of client.js.
6οΈβ£The commands are to be sent through a websocket to the URL wss://hack.chat/chat-ws (everything sent and received are JSON). If you are sending messages locally or to another domain, replace 'hack.chat' with the respective domain. If you're running your own instance of hack.chat, you can retain backwards-compatibility in order to ensure that software created for the main server will work on yours too.
All commands sent must be JSON objects with the command specified in the "cmd" key. For example:
{
"cmd": "join",
"channel": "programming",
"nick": "john#doe"
}
7οΈβ£FOR MORE USAGE :
https://github.com/hack-chat/main/blob/master/documentation/DOCUMENTATION.md
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - hack-chat/main: a minimal, distraction-free chat application
a minimal, distraction-free chat application. Contribute to hack-chat/main development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Kali Linux with Termux on Android-Root original meth :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Get permission pkg install proot
> termux-chroot
2οΈβ£Install git and get atilo
> pkg install git
3οΈβ£git clone https://github.com/YadominJinta/atilo
4οΈβ£Go to atilo and get permission
> cd atilo/
5οΈβ£chmod +x atilo
6οΈβ£Install kali ./atilo install kali
well done
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Kali Linux with Termux on Android-Root original meth :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£Get permission pkg install proot
> termux-chroot
2οΈβ£Install git and get atilo
> pkg install git
3οΈβ£git clone https://github.com/YadominJinta/atilo
4οΈβ£Go to atilo and get permission
> cd atilo/
5οΈβ£chmod +x atilo
6οΈβ£Install kali ./atilo install kali
well done
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - YadominJinta/atilo: Linux installer for termux
Linux installer for termux. Contribute to YadominJinta/atilo development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦full Install graphical interface for Termux original methodes
#forbeginers
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£get termux playstore- get lastest version
2οΈβ£Update the source, fonts, interface, etc. There are very detailed and detailed tutorials online, you can search for a search, there are many, because there is no way to say too much in a hurry.
3οΈβ£How install desktop for termux ?
> Install various packages
1) Openbox (window manager)
Openbox is a lightweight window manager running on GNU/Linux with X11. Openbox uses the GPL protocol to open source code and is free and free software. Openbox is based on Blackbox, which is considered one of the original window managers (ie, the code itself). [From Baidu Encyclopedia]
2) PyPanel is a lightweight panel/task bar written in Python and C for the X11 window manager. It can be easily customized to match any desktop theme or taste. PyPanel works with EWMH compatible WMS (Openbox, PekWM, FVWM, etc.). And it is distributed under the GNU General Public License v2.
3) xorg-xsetroot Description: A classic X utility that sets the root window background to a given mode or color
4) PyXDG is a
unique python terminal emulator for accessing freedesktop.org
5) Install tigervnc (you can also install other remote desktops, take tigervnc as an example) to realize remote desktop control
> pkg install tigervnc
> vi startvnc
6οΈβ£Write a configuration file :
#!/bin/bash -e
export DISPLAY=:10
Xvnc --SecurityTypes=None $DISPLAY &
sleep 1s
openbox-session
xsetroot -solid gray
pypanel
aterm
startxfce4
7οΈβ£chmod +x startvnc
8οΈβ£./startvnc
You can connect to the remote desktop boringly! ! ! !
Sprinkle flowers Sprinkle flowers ~~
Click Android vnc and
enter localhost:5910
ENJOYβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦full Install graphical interface for Termux original methodes
#forbeginers
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£get termux playstore- get lastest version
2οΈβ£Update the source, fonts, interface, etc. There are very detailed and detailed tutorials online, you can search for a search, there are many, because there is no way to say too much in a hurry.
3οΈβ£How install desktop for termux ?
> Install various packages
1) Openbox (window manager)
Openbox is a lightweight window manager running on GNU/Linux with X11. Openbox uses the GPL protocol to open source code and is free and free software. Openbox is based on Blackbox, which is considered one of the original window managers (ie, the code itself). [From Baidu Encyclopedia]
2) PyPanel is a lightweight panel/task bar written in Python and C for the X11 window manager. It can be easily customized to match any desktop theme or taste. PyPanel works with EWMH compatible WMS (Openbox, PekWM, FVWM, etc.). And it is distributed under the GNU General Public License v2.
3) xorg-xsetroot Description: A classic X utility that sets the root window background to a given mode or color
4) PyXDG is a
unique python terminal emulator for accessing freedesktop.org
5) Install tigervnc (you can also install other remote desktops, take tigervnc as an example) to realize remote desktop control
> pkg install tigervnc
> vi startvnc
6οΈβ£Write a configuration file :
#!/bin/bash -e
export DISPLAY=:10
Xvnc --SecurityTypes=None $DISPLAY &
sleep 1s
openbox-session
xsetroot -solid gray
pypanel
aterm
startxfce4
7οΈβ£chmod +x startvnc
8οΈβ£./startvnc
You can connect to the remote desktop boringly! ! ! !
Sprinkle flowers Sprinkle flowers
enter localhost:5910
ENJOYβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Analysing meterpreter payload with Ghidra.pdf
1.1 MB
meterpreter payload with Ghidra (analysing)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GOOD NEW RESOURCES FOR PROFITE & INCREASING YOUR SKILLS :
Hopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.
Learning Exploitation with Offensive Computer Security 2.0 | blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind Maps | Information Security related Mind Maps
MIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurity | academic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risks | free courseware, requires account
SecurityTube | tube-styled content, "megaprimer" videos covering various topics, no readable content on site.
Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings
TryHackMe | Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦GOOD NEW RESOURCES FOR PROFITE & INCREASING YOUR SKILLS :
Hopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.
Learning Exploitation with Offensive Computer Security 2.0 | blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind Maps | Information Security related Mind Maps
MIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurity | academic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risks | free courseware, requires account
SecurityTube | tube-styled content, "megaprimer" videos covering various topics, no readable content on site.
Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings
TryHackMe | Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.hoppersroppers.org
Roppers Security Courses
Free training on computing and security fundamentals.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦reactjs npm commun error & fix :
D:\vuedemo\day23\react-study>npm start
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! react-study@0.1.0 start:
npm ERR!
WELL DONE !
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦reactjs npm commun error & fix :
D:\vuedemo\day23\react-study>npm start
> react-study@0.1.0 start D:\vuedemo\day23\react-study
> react-scripts start
There might be a problem with the project dependency tree.
It is likely not a bug in Create React App, but something you need to fix locally.
π¦The react-scripts package provided by Create React App requires a dependency: "babel-eslint": "10.1.0"
Don't try to install it manually: your package manager does it automatically.
However, a different version of babel-eslint was detected higher up in the tree:
D:\node_modules\babel..
Manually installing incompatible versions is known to cause hard-to-debug issues.
If you would prefer to ignore this check, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That will permanently disable this message but you might encounter other issues.
π¦ To fix the dependency tree, try following the steps below in the exact order: 1) Delete package-lock.json (not package.json!) and/or yarn.lock in your project folder.
2) Delete node_modules in your project folder.
3) Remove "babel-eslint" from dependencies and/or devDependencies in the package.json file in your project folder.
4) Run npm install or yarn, depending on the package manager you use.
In most cases, this should be enough to fix the problem.
If this has not helped, there are a few other things you can try:
5) If you used npm, install yarn (http://yarnpkg.com/) and repeat the above steps with it instead.
This may help because npm has known issues with package hoisting which may get resolved in future versions.
6) Check if D:\node_modules\babel-eslint is outside your project directory.
For example, you might have accidentally installed something in your home folder.
7) Try running npm ls babel-eslint in your project folder.
This will tell you which other package (apart from the expected react-scripts) installed babel-eslint.
If nothing else helps, add SKIP_PREFLIGHT_CHECK=true to an .env file in your project.
That would permanently disable this preflight check in case you want to proceed anyway.
P.S. We know this message is long but please read the steps above :-) We hope you find them helpful!npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! react-study@0.1.0 start:
react-scripts start
npm ERR! Exit status 1npm ERR!
WELL DONE !
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Reverse Engineering, Buffer Overflow and Exploit Development
A Course on Intermediate Level Linux Exploitation | as the title says, this course isn't for beginners
Analysis and exploitation (unprivileged) | huge collection of RE information, organized by type.
Binary hacking | 35 "no bullshit" binary videos along with other info
Buffer Overflow Exploitation Megaprimer for Linux | Collection of Linux Rev. Engineering videos
Corelan tutorials | detailed tutorial, lots of good information about memory
Exploit tutorials | a series of 9 exploit tutorials,also features a podcast
Exploit development | links to the forum's exploit dev posts, quality and post style will vary with each poster
flAWS challenge | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account required
Lena's Reversing for Newbies (Complete) | listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levels
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Reverse Engineering, Buffer Overflow and Exploit Development
A Course on Intermediate Level Linux Exploitation | as the title says, this course isn't for beginners
Analysis and exploitation (unprivileged) | huge collection of RE information, organized by type.
Binary hacking | 35 "no bullshit" binary videos along with other info
Buffer Overflow Exploitation Megaprimer for Linux | Collection of Linux Rev. Engineering videos
Corelan tutorials | detailed tutorial, lots of good information about memory
Exploit tutorials | a series of 9 exploit tutorials,also features a podcast
Exploit development | links to the forum's exploit dev posts, quality and post style will vary with each poster
flAWS challenge | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account required
Lena's Reversing for Newbies (Complete) | listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levels
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - nnamon/linux-exploitation-course: A Course on Intermediate Level Linux Exploitation
A Course on Intermediate Level Linux Exploitation. Contribute to nnamon/linux-exploitation-course development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Advanced usage of bitcoin
#ExpertsUsers
> Bitcoin The official Bitcoin client has two versions: one is a graphical interface version, usually called Bitcoin (capital), and one A concise command line version (called bitcoind). They are compatible with each other, have the same command line parameters, read the same configuration file, and read and write the same data file. You can run one of the Bitcoin client or bitcoind client on a computer (if you accidentally try to run another client at the same time, it will prompt you that there is already a client running and automatically quit).
1οΈβ£SSL options:
-rpcssl uses OpenSSL (https) JSON-RPC connection
-rpcsslcertificatechainfile=<file.cert> server certificate file (default: server.cert)
-rpcsslprivatekeyfile=<file.pem> server private key file (default: server.pem)
-rpcsslciphers=<password> Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)
2οΈβ£bitcoin.conf configuration file
All command-line parameters except -datadir and -conf can be set through a configuration file, and all options in the configuration file can also be set on the command line. The value set by the command line parameter will override the setting in the configuration file.
The configuration file is a list in the format "setting=value", one per line. You can also use the # symbol to write comments.
The configuration file is not created automatically; you can use your favorite plain text editor to create it. By default, Bitcoin (or bitcoind) will look for a file named "bitcoin.conf" under the Bitcoin data folder, but the path of the data folder and configuration file can be passed through the -datadir and -conf command line parameters, respectively Specify separately.
operating system
Default data folder
Configuration file path
Windows
%APPDATA%\Bitcoin\
(Windows XP) C:\Documents and Settings\username\Application Data\Bitcoin\bitcoin.conf
(Windows 7,8,10) C:\Users\username\AppData\Roaming\Bitcoin\bitcoin.conf
Linux
$HOME/.bitcoin/
/home/username/.bitcoin/bitcoin.conf
Mac OSX
$HOME/Library/Application Support/Bitcoin/
/Users/username/Library/Application Support/Bitcoin/bitcoin.conf
Note: If the Bitcoin client testnet mode is running, the client will automatically create a subfolder named "testnet" under the data folder.
bitcoin.conf example
# bitcoin.conf configuration file. Lines beginning with # are comments.
3οΈβ£# User interface options:
# Minimize the launch of the Bitcoin client
#min=1
# Minimize to system tray
#minimizetotray=1
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Advanced usage of bitcoin
#ExpertsUsers
> Bitcoin The official Bitcoin client has two versions: one is a graphical interface version, usually called Bitcoin (capital), and one A concise command line version (called bitcoind). They are compatible with each other, have the same command line parameters, read the same configuration file, and read and write the same data file. You can run one of the Bitcoin client or bitcoind client on a computer (if you accidentally try to run another client at the same time, it will prompt you that there is already a client running and automatically quit).
1οΈβ£SSL options:
-rpcssl uses OpenSSL (https) JSON-RPC connection
-rpcsslcertificatechainfile=<file.cert> server certificate file (default: server.cert)
-rpcsslprivatekeyfile=<file.pem> server private key file (default: server.pem)
-rpcsslciphers=<password> Acceptable ciphers (default: TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH)
2οΈβ£bitcoin.conf configuration file
All command-line parameters except -datadir and -conf can be set through a configuration file, and all options in the configuration file can also be set on the command line. The value set by the command line parameter will override the setting in the configuration file.
The configuration file is a list in the format "setting=value", one per line. You can also use the # symbol to write comments.
The configuration file is not created automatically; you can use your favorite plain text editor to create it. By default, Bitcoin (or bitcoind) will look for a file named "bitcoin.conf" under the Bitcoin data folder, but the path of the data folder and configuration file can be passed through the -datadir and -conf command line parameters, respectively Specify separately.
operating system
Default data folder
Configuration file path
Windows
%APPDATA%\Bitcoin\
(Windows XP) C:\Documents and Settings\username\Application Data\Bitcoin\bitcoin.conf
(Windows 7,8,10) C:\Users\username\AppData\Roaming\Bitcoin\bitcoin.conf
Linux
$HOME/.bitcoin/
/home/username/.bitcoin/bitcoin.conf
Mac OSX
$HOME/Library/Application Support/Bitcoin/
/Users/username/Library/Application Support/Bitcoin/bitcoin.conf
Note: If the Bitcoin client testnet mode is running, the client will automatically create a subfolder named "testnet" under the data folder.
bitcoin.conf example
# bitcoin.conf configuration file. Lines beginning with # are comments.
3οΈβ£# User interface options:
# Minimize the launch of the Bitcoin client
#min=1
# Minimize to system tray
#minimizetotray=1
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Traversing the Path to RCE.pdf
252.5 KB
Traversing the Path to RCE
#requested
#requested
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Mozilla Network Security Services (NSS)
#FastTips
> Network Security Services (NSS) is a set of libraries designed to support cross-platform development of secure client and server applications. Applications built using NSS can use SSL v2 and v3, TLS, PKCS # 5, PKCS # 7, PKCS # 11, PKCS # 12, S / MIME, X.509 v3 certificates and other security standards.
> Unlike OpenSSL, NSS uses database files as a certificate store.
> NSS starts with a hard-coded CA list of trusted certificates inside the libnssckbi.so file . This list can be viewed from any application using NSS that can display (and manipulate) the trust certificate store, for example, Chrome-compatible or Firefox-compatible browsers.
> Some applications using the NSS library use a different certificate store than recommended. Mozilla's own Firefox is a prime example of this.
> Your distribution most likely already has the NSS package installed, in some distributions it is called libnss3 (Debian and derivatives) in some distributions - nss (Arch Linux, Gentoo and derivatives).
> If you want to view and modify NSS certificate stores, you need the certutil utility . On Arch Linux, this utility is included in the nss package and, therefore, is preinstalled on Arch Linux
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Mozilla Network Security Services (NSS)
#FastTips
> Network Security Services (NSS) is a set of libraries designed to support cross-platform development of secure client and server applications. Applications built using NSS can use SSL v2 and v3, TLS, PKCS # 5, PKCS # 7, PKCS # 11, PKCS # 12, S / MIME, X.509 v3 certificates and other security standards.
> Unlike OpenSSL, NSS uses database files as a certificate store.
> NSS starts with a hard-coded CA list of trusted certificates inside the libnssckbi.so file . This list can be viewed from any application using NSS that can display (and manipulate) the trust certificate store, for example, Chrome-compatible or Firefox-compatible browsers.
> Some applications using the NSS library use a different certificate store than recommended. Mozilla's own Firefox is a prime example of this.
> Your distribution most likely already has the NSS package installed, in some distributions it is called libnss3 (Debian and derivatives) in some distributions - nss (Arch Linux, Gentoo and derivatives).
> If you want to view and modify NSS certificate stores, you need the certutil utility . On Arch Linux, this utility is included in the nss package and, therefore, is preinstalled on Arch Linux
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦THE DANGEROUS XKEYSTORE WHAT IS ?
You've never heard of XKeyscore, but it definitely knows you.
> The National Security Agency's top-secret program essentially makes available everything you've ever done on the Internet β browsing history, searches, content of your emails, online chats, even your metadata β all at the tap of the keyboard.
> The Guardian exposed the program on Wednesday in a follow-up piece to its groundbreaking report on the NSA's surveillance practices. Shortly after publication, Edward Snowden, a 29-year-old former Booz Allen Hamilton employee who worked for the NSA for four years, came forward as the source.
> This latest revelation comes from XKeyscore training materials, which Snowden also provided to The Guardian. The NSA sums up the program best: XKeyscore is its "widest reaching" system for developing intelligence from the Internet.
> The program gives analysts the ability to search through the entire database of your information without any prior authorization β no warrant, no court clearance, no signature on a dotted line. An analyst must simply complete a simple onscreen form, and seconds later, your online history is no longer private. The agency claims that XKeyscore covers "nearly everything a typical user does on the Internet."
> As The Guardian points out, this program crystallizes one of Snowden's most infamous admissions from his video interview on June 10:
"I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email."
Snowden's dad: Revelations 'shocking'
> While United States officials denied this claim, the XKeyscore program, as the public understands it, proves Snowden's point. The law requires the NSA to obtain FISA warrants on U.S. citizens, but this is pushed aside for Americans with foreign targets β and this program gives the NSA the technology to do so. The training materials claim XKeyscore assisted in capturing 300 terrorists by 2008.
cnn report
β β β Uππ»βΊπ«6π¬πβ β β β
π¦THE DANGEROUS XKEYSTORE WHAT IS ?
You've never heard of XKeyscore, but it definitely knows you.
> The National Security Agency's top-secret program essentially makes available everything you've ever done on the Internet β browsing history, searches, content of your emails, online chats, even your metadata β all at the tap of the keyboard.
> The Guardian exposed the program on Wednesday in a follow-up piece to its groundbreaking report on the NSA's surveillance practices. Shortly after publication, Edward Snowden, a 29-year-old former Booz Allen Hamilton employee who worked for the NSA for four years, came forward as the source.
> This latest revelation comes from XKeyscore training materials, which Snowden also provided to The Guardian. The NSA sums up the program best: XKeyscore is its "widest reaching" system for developing intelligence from the Internet.
> The program gives analysts the ability to search through the entire database of your information without any prior authorization β no warrant, no court clearance, no signature on a dotted line. An analyst must simply complete a simple onscreen form, and seconds later, your online history is no longer private. The agency claims that XKeyscore covers "nearly everything a typical user does on the Internet."
> As The Guardian points out, this program crystallizes one of Snowden's most infamous admissions from his video interview on June 10:
"I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email."
Snowden's dad: Revelations 'shocking'
> While United States officials denied this claim, the XKeyscore program, as the public understands it, proves Snowden's point. The law requires the NSA to obtain FISA warrants on U.S. citizens, but this is pushed aside for Americans with foreign targets β and this program gives the NSA the technology to do so. The training materials claim XKeyscore assisted in capturing 300 terrorists by 2008.
cnn report
β β β Uππ»βΊπ«6π¬πβ β β β