▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Simple Bash Scripting :

+ nano Shortcuts
ctrl v Next page.
ctrl y Previous page.
ctrl w Where is (find).
ctrl k Cut that line of test.
ctrl x Exit editor.

+ Create a text file:
touch file Creates an empty file.
ifconfig > tmp pipe the output of a command
nano file

+ Create a file and append text to it:
ifconfig > tmp
echo >> tmp
ping google.com -c3 >> tmp

+ How to view a file:
cat file Show entire contents of file.
more file Show one page at a time. Space bar for next page and (q) to exit.
head file Show the first 10 lines.
head -15 file Show the first 15 lines.
tail file Show the last 10 lines.
tail -15 file Show the last 15 lines.
tail -f file Useful when viewing the output of a log file.

+ pipe
cat tmp | grep Bcast Feeds the output of one process to the input of another process.

+ Processes
ps aux Show all running process for all users.
kill -9 PID Nicely kill a PID.

+ Word Count
wc -l tmp2 Count the number of lines in a file

+ cut
-d delimiter
-f fields

+ sort
Sort by unique sort -u file
sort IP addresses correct sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
cat tmp2 | cut -d '(' -f2 | cut -d ')' -f1 | sort -u Isolate the IP address

+ awk
awk '{print $1}' file Show the 1st column.
awk '{print $1,$5}' file Show the 1st and 5th columns.

+ grep
grep -v Remove a single string.
grep -v 'red' file

+ egrep -v
Remove multiple strings egrep -v '(red|white|blue)' file

+ sed
sed 's/FOO/BAR/g' file Replace FOO with BAR.
sed 's/FOO//g' file Replace FOO with nothing.
sed '/^FOO/d' file Remove lines that start with FOO.

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Create a Bash Scripts Example :

+ Simple bash script:
#!/bin/bash
clear
echo
echo
print "Hello world."

+ Make a file executable.
chmod +x file
chmod 755 file

+ Variables
name=Bob
echo $name
user=$(whoami)
echo $user
echo 'Hello' $name. 'You are running as' $user.

#!/bin/bash
clear
echo "Hello World"
name=Bob
ip=ifconfig | grep "Bcast:" | cut -d":" -f2 | cut -d" " -f1
echo "Hello" $name "Your IP address is:" $ip

+ User Input
read -p "Domain: " domain

#!/bin/bash
echo "Please input your domain:"
read -p "Domain:" domain
ping -c 5 $domain

+ Check For No User Input
if -z $domain ; then
echo
echo "#########################"
echo
echo "Invalid choice."
echo
exit
fi

+ For loops
#!/bin/bash

for host in $(cat hosts.txt)
do
command $host
done

+ One Liners

Port Scan:
for port in $(cat Ports.txt); do nc -nzv 192.168.0.1 $port & sleep 0.5; done

Use a bash loop to find the IP address behind each host:
for url in $(cat list.txt); do host $url; done


+ Condition Onliner


any command && if work || if not work
type -p massdns && massdns -r resolver.txt -t A -o S sub.txt -w sub.mass || echo "MassDns not installed"


+ Condition Onliner with multiple action


any command && { if work; also this; also this } || { if not work; also this; also this }
type -p massdns && { massdns -r resolver.txt -t A -o S sub.txt -w sub.mass; cat sub.mass } || { echo "MassDns not installed"; echo "Install MassDns" }

enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 A good guide helpful Build Review :


+ Main tasks:

Any third party installed software and all associated versions.
Password policy applied locally via net accounts commands.
Domain policy applied, including domain password policy.
Logging settings.
Running services and unquoted service paths.
Permissions set on services.
List of patches and hotfixes installed.
Efficacy of AV solutions. May require import of a benign Eicar test file.
USB policy and removable media access (including firewire, CD etc).
Disk encryption (if relevant)
BIOS passwords set.
Proxy settings (if relevant).
Nessus Scan (With Credentials).

+ Windows Hosts:

+ Server Roles
+ Server Manager
+ System Properties
+ Default Domain Policy
+ Global Domain Policy

+ Net accounts/Users/groups/Administrators
+ IPConfig/Routing

+ Installed Programs
+ Installed System Updates
+ AV Version/Definition Dates
+ Check Computer folders

+ Firewall Configuration
+ Audit Policy
+ Password/Lockout Policy
+ Security Policy
+ User Rights Policy


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Helpful systeminfo command
#requested

1️⃣BIOS password
boot to usb
file system
- encrypted?
- grab /Windows/System32/config/SAM SECURITY SYSTEM
- put C:\Program.exe (eg calc)

2️⃣Control Panel
- Windows Firewall
- enabled
- editable
- logs
- System Info
- Windows Update

3️⃣Anti-Virus
- config
- logs
- version
- dates
- EICAR

4️⃣cmd.exe
script.cmd
- ipconfig /all
- netstat
- net accounts
- net accounts /domain (review password policy)
- net user hacker Password@1 /add
- regedit
- ping
- sched
- tracert
- net use \\IP addressorhost name\ipc$ "" /user:"" # null session
- net use
- net view
- net start
- tasklist

5️⃣mount usb
usb autostart

6️⃣copy over files
- nc
- enum
- nmap
- DIRE
- EICAR


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Locate ubuntu files
> SAM files in backtrack

/Windows/System32/config/SAM SECURITY SYSTEM

# mounting on desktop review
# mount <target> <mydir>
# sda1 = client hdd, sdb2 = my usb part 2
# mkdir /mnt/client-hdd
# mount /dev/sda1 /mnt/client-hdd
# mkdir /mnt/win-usb
# mount /dev/sdb2 /mnt/win-usb

hosts file C:\Windows\System32\drivers\etc\hosts.txt

SYSVOL GPO preference item, check for obscured passwords in xml
http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx

🦑The history file is readable by any authenticated user, as shown below:

C:\Users\All Users\Microsoft\Group Policy\History\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml
The same Group Policy Preference XML configuration file is also accessible via the following UNC path on the Domain Controller, again by any authenticated user:
\\DomainController\sysvol\DomainName\Policies\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml


enjoy❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The developer added a series of RISC-V UEFI support patches for Linux:
#NEWS

> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed, forming a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, developers have submitted a series of patches to solve a large number of problems and add some new capabilities to support RISC-V UEFI under Linux.

> Developer Atish Patra comes from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that can fix some common efi and riscv issues; patches 7-9 add The efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different codes; patch 11 adds runtime services to RISC-V.

🦑 In summary, the main contributions of this series of patches are:

1) Added full ioremap support.

2) Added efi runtime service support.

3) Fixed the mm problem.

4) At present, the patch has been verified by using the bootefi command in U-Boot on Qemu, and it has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems with the EDK2 code on RISC-V are still being solved, mainly related to SPI and network drivers.

> This series of patches are applied to the Linux kernel 5.8-rc2 and is currently in PR status, waiting for code review. If the related problems are solved and finally accepted, they should be visible when Linux 5.8 is released.


@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑McAfee VirusScan console user unlock password forgotten solutions:

1) If the user unlocking password of the McAfee VirusScan console is forgotten, the following solutions can be taken:

2) restart the computer, enter the safe mode, and then open the registry, find

>HKEYLOCALMACHINE\SOFTWARE\McAfee\DesktopProtection
3) in the registry, and then find the UIP subkey, delete the subkey To restart.

4) Or I have
installed McAfee 8.5i, and the password cannot be unlocked if I forget the password. Look at the Internet and say that delete

>HKEYLOCALMACHINE\SOFTWARE\McAfee\DesktopProtection\UIP in safe mode. If

5) we don’t have that condition, we will try to modify the original one and replace it with a known one.

admin:19a2854144b63a8f7617a6f225019b12

6) If modification is forbidden, try ice blade, but it doesn't work, call the computer room to reinstall the system.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Your safety first see our small tips
#FastTips


How should I use Wi-Fi when I go out?

1) Refusing to connect to Wi-Fi from unknown sources. Hackers mostly take advantage of the fact that users want to surf the Internet for free. They should be cautious in using free Wi-Fi without passwords. Many merchants have places that provide free internet, but we also have to keep an eye on it and we must ask for detailed names to avoid being deceived by fake Wi-Fi such as "Starbucks-1";

2) Be cautious when logging in online banking and online shopping with your mobile phone. For the safety of your funds, you should use 3/4G Internet access mode to do so!

3) Turn off the "Select automatic connection" option in the phone settings, because if this function is turned on, the phone will automatically scan when it enters an area with a Wi-Fi network and connect to a network that does not require a password. Greatly increase the chance of mistakenly connecting to "fishing Wi-Fi".

4) Refuse to use Wi-Fi connection and password acquisition tools such as "Wi-Fi Master Key". This is because they share the Wi-Fi information that you or others have connected to based on the principle of data upload and sharing. If someone has connected "Fishing Wi-Fi" or "Trojan Wi-Fi", it happens that you are also nearby, then congratulations, you are also recruited!

5)How to prevent your own routing from being compromised?

Just now, the editor and my friends vowed to bet that he would never be able to break the router he is currently using. As a result, the technical man reimbursed the high-end router he had spent thousands of dollars on with an Android phone. ! And it's so easy and simple, just a few commonly used apps for testing, such as Wi-Fi analyzers, Wi-Fi master keys and other tools.

> The process is also very simple. First, crack the router's password, perform DNS hijacking on the router, and then steal all kinds of information from the editor as you wish.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share ❤️👍🏼

T.me/UndercodeSecurity

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How should medical equipment resist hacker attacks ?
#news


> Since 2020, the scale of cyber attacks has increased by 300% compared to last year. Institutions such as hospitals, pharmacies, and medical equipment suppliers that concern everyone's life and health are facing greater security risks than ever before. Even though this series of attacks are sometimes not directly targeted at a certain medical Internet of Things (IoMT) device, it can also pass through the hospital’s internal network to infect devices used to diagnose and treat patients, such as intravenous pumps, patient monitors, and breathing. Machine and x-ray machine.

> As John Riggi, senior consultant for cyber security and risk of the American Hospital Association (AHA), said: "The worst case is that these life-saving medical equipment may be unusable directly after being infected."

>For hospitals, the best way to prevent cyber attacks and protect IoMT equipment from infection is to isolate the most vulnerable and critical equipment from each other or maintain a virtual distance, which is the so-called network segmentation.

🦑Hospitals can take the following practical steps to segment the clinical network, reduce the attack surface, and protect patients from cyber attacks:

1. Make clear who is responsible first

Traditionally, medical equipment safety has always been the responsibility of biomedical engineering equipment experts.

However, with the increasing popularity of IoMT equipment and the increase in cyber attacks against healthcare, the IT team of the hospital information department has to invest more energy in the security of medical equipment. Therefore, the information department and the biomedical engineering research team need to work closely together to design and implement safe and effective security policies for clinical networks.

In order to ensure the safety of medical equipment and integrate the IT and biomedical teams across departments, a separate and final IoMT network security policy decision maker is needed at this time. Some large organizations have even added the role of Medical Device Security Officer (MDSO), who is directly responsible for the security of medical devices in the entire clinical network of the hospital.

2. Create a reliable equipment list

If you do not have enough in-depth knowledge of the medical equipment connected to the hospital, the configuration files on the equipment, and the communication mode, you cannot set a network segmentation strategy.

Automated inventory tools must also be able to continuously analyze the equipment while understanding the behavior, criticality, and vulnerability of the IoMT equipment.

3. Assess the risk of each device

The risk score should be calculated based on the degree of criticality and medical impact that the equipment may cause. Risk assessment should be conducted continuously and abnormal network behavior should be continuously monitored. In order to assess the risk, the following factors must be considered:

Communication with external servers required for normal device functions (i.e. vendor communication)
The device needs to store and send ePHI, and for what purpose?
Device usage pattern
Does the device run an unsupported operating system or have any known vulnerabilities? If so, do you use patches or network segmentation methods to protect the equipment?
4. Follow regulatory guidelines and rules in real time

If the hospital does not comply with federal and state regulatory standards, it will face a fine of millions of dollars. Regardless of monetary loss, failure to comply with cybersecurity guidelines puts medical equipment at risk and may endanger patient safety, business integrity, and hospital reputation.

The guidelines and regulations concerning healthcare and medical equipment are updated regularly. In order to maintain compliance, hospitals must pay close attention to regulatory standards and updates issued by state and federal agencies, including:

U.S. Food and Drug Administration (FDA)
Medical Device Information Sharing and Analysis (MDISS) Initiative
Health Insurance Portability and Accountability Act (HIPAA)
5. Design, verify and execute segmentation strategies

Segmentation strategies are used to reduce the attack surface and prevent potential threats. Network segmentation can also help the network run more smoothly by restricting traffic to designated areas and reducing network load.

> However, before implementing any segmentation strategy on the clinical network, its safety and effectiveness should be tested. The hospital security team should always verify the segmentation strategy and then execute it on the network to ensure the continuity of medical services and clinical operations.

Share US❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How should medical equipment resist hacker attacks ?