▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Analysis of the OpenSSL program concept and the "heart bleeding" vulnerability that shocked the industry

Public key/private key/signature/verify signature/encryption/decryption/asymmetric encryption

1) Our general encryption is to use a password to encrypt a file, and then decrypt it with the same password. This is easy to understand, this is a symmetric encryption.

2) In some encryption, one password is used for encryption, and another set of passwords is used for decryption. This is called Asymmetric encryption means that the encryption and decryption passwords are not the same.

3) People who are in contact for the first time may not understand it anyway. In fact, this is an application of the principle of mathematics for the product of prime numbers. If you must understand, Baidu has a big You can see a lot of data, and the result is to use one of this set of keys to encrypt data, and you can use the other to unlock it.

4) Yes, yes, both public and private keys can be used to encrypt data. The other is to unlock, the public key encrypts the data, and then the private key decrypts it is called encryption and decryption, the private key encrypts the data, and the public key decryption is generally called signature and verification signature.

5) Because the data encrypted by the public key can only be unlocked by its corresponding private key, you can give the public key to the person and the person, and let him encrypt the data he wants to send to you. This data can only reach you with the private key. , It can be unlocked into useful data. Others get it and understand the content. Similarly, if you sign the data with your private key, then this data can only be unlocked by the paired public key. There is this private key. The key is only you, so if the paired public key unlocks the data, it means that the data was sent by you, on the contrary, it is not. This is called a signature.


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Cyber Security Awareness - Malware Explained

https://mega.nz/folder/ap0RTbIS#R3flkOZ7o-N9JIxwP5Yjfw

1. Introduction
https://mega.nz/folder/u1lFFLTT#wfhjchscdbcKKEedRN65kg

2. Malware Background
https://mega.nz/folder/jh9nHJhL#900EX1GSgkLc58Yha0mLlw

3. Malware Risks and Implications
https://mega.nz/folder/XgsFFZqa#cryB6zIx9sQBzGUQe2K8cA

4. Protection from Malware
https://mega.nz/folder/CltDRTDR#PJgoE3zSv8H9kDGgu9fLdQ

5. Wrapping Up
https://mega.nz/folder/LtkDWJYB#Yv59y2fHHpcSNr6bePfsZQ

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FOR ANY REAL WIFI HACKING -TERMUX
HOW TTO Acquiring monitor mode on device?

Running command "airodump-ng mon0" (SSIDs/MACs are censored).
You will need an utility "iw" to be installed which lately will be used to modify Wi-Fi module configuration:

1) pkg upgrade

2) pkg install root-repo

3) pkg install iw

4) Plug in the Wi-Fi USB stick and execute next command:

5) iw phy phy1 interface add mon0 type monitor

6) There shouldn't be any error if kernel is properly configured and drivers support monitor mode.

7) To check whether monitor mode is active, use iw dev.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to use DSRM password synchronization to persist domain management authority ?

1) Modify the registry to allow remote access to DSRM accounts

2) Modify the value of DSRMAdminLogonBehavior under the registry HKLM\System\CurrentControlSet\Control\Lsa path to 2.

PS: DSRMAdminLogonBehavior does not exist by default, please add it manually.

3) Use HASH to remotely log in to the domain controller

In any host in the domain, start the Frenchman artifact and execute

Privilege::debug

sekurlsa::pth /domain:WIN2K8-DC /user:Administrator /ntlm:bb559cd28c0148b7396426a80e820e20

4) A CMD will pop up, as shown in the lower right corner of the figure below. This CMD has the authority to access the domain control. The CMD in the lower left corner is a local CMD started directly by Ctrl+R, and you can see that you do not have permission to access the domain control.

A note
5) The DSRM account is the local administrator account of the domain controller, not the domain administrator account. Therefore, the DSRM password synchronization will not affect the domain administrator account. In addition, the value of NTLM remains valid until the next DSRM password synchronization. Therefore, in order to ensure the persistence of permissions, especially in multinational domains or large intranets with hundreds or thousands of domains, it is best to filter the event log with the event ID 4794 in the security events of the event viewer to determine whether the domain management is frequent Perform DSRM password synchronization operations.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST HOME SECURITY APPS :

https://play.google.com/store/apps/details?id=com.androidauthority.app

https://play.google.com/store/apps/details?id=com.androidauthority.app

https://play.google.com/store/apps/details?id=com.androidauthority.app

https://play.google.com/store/apps/details?id=com.androidauthority.app

https://play.google.com/store/apps/details?id=com.ivideon.client&hl=en

https://play.google.com/store/apps/details?id=com.mcu.reolink

https://play.google.com/store/apps/details?id=com.ivuu&hl=en

https://play.google.com/store/apps/details?id=com.surveillancesystem.isecurity&hl=en

https://itunes.apple.com/us/app/reolink/id995927563?mt=8

https://itunes.apple.com/us/app/presence-free-smart-home-motion/id618598211?mt=8

https://itunes.apple.com/us/app/isentry/id396777365?mt=8

https://itunes.apple.com/us/app/athome-camera-mobile-home/id305567000?mt=8

https://itunes.apple.com/us/app/alarm.com/id315010649?mt=8

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Network sniffing :

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as possible by default.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) apt install debian-keyring

2) gpg -a --export --keyring /usr/share/keyrings/debian-maintainers.gpg git@rxv.cc | apt-key add -
apt-key adv --keyserver keyserver.ubuntu.com --refresh-keys git@rxv.cc

3) echo deb http://apt.vulns.sexy stable main > /etc/apt/sources.list.d/apt-vulns-sexy.list

4) apt update

5) apt install sniffglue

6) sniff with default filters (dhcp, dns, tls, http)
sniffglue enp0s25

7) increase the filter sensitivity (arp)
sniffglue -v enp0s25

8) increase the filter sensitivity (cjdns, ssdp, dropbox, packets with valid utf8)
sniffglue -vv enp0s25

9) almost everything
sniffglue -vvv enp0s25

10) everything
sniffglue -vvvv enp0s25

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

HTML & CSS Course —9.18 GB-

https://mega.nz/#F!A4AjiC7A!jGX2AFthSBCr9dALXIYVZg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LEARN PROGRAMMING VIA IOS/ANDROID APPLICATIONS :

https://play.google.com/store/apps/details?id=com.zenva.codemurai&hl=en_US

https://play.google.com/store/apps/details?id=com.zenva.codemurai&hl=en_US

https://apps.apple.com/us/app/codehub-github-for-ios/id707173885?ls=1

https://apps.apple.com/in/app/programming-hub-learn-to-code/id1049691226

https://play.google.com/store/apps/details?id=com.freeit.java&hl=en_IN

https://itunes.apple.com/app/apple-store/id469863705?pt=698519&ct=website%20footer&mt=8

https://play.google.com/store/apps/details?id=org.khanacademy.android&referrer=utm_source%3Dwebsite%2520footer%26utm_medium%3Dwebsite%2520footer%26utm_campaign%3Dwebsite%2520footer

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME NEW KEYLOGGERS IOS SPECIALIST:

• Keylogging;
• Monitor calls — both call logs and recordings;
• Monitor texts, emails, browsing history;
• Monitor instant messaging and social media apps — Facebook, WhatsApp, Viber, Yahoo;
• View contacts, media files, app usage;
• Track GPS location.

http://mspy.go2cloud.org/aff_c?offer_id=2&aff_id=4774&url_id=99

http://www.mobile-spy.com/iphone.html

http://maxxspy.com/

https://highstermobile.com/

https://www.flexispy.com/

https://xnspy.com/

https://spyera.com/#nvlv

https://www.spyzie.com/

https://pumpic.com/keylogger-for-iphone.html

https://store.payproglobal.com/r?u=https://ikeymonitor.com/&a=2378

ENJOY❤️👍🏻
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Pro Linux Foundation Certified Engineer 2019-2020 —3.24 GB—

https://mega.nz/#F!7xkzhQID!9KFPQdQfrToABn-W7g6gww

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HEX EDITORS FOR TERMUX :

hexcurse
Use pkg install hexcurse to install a console hex editor.

Homepage: https://github.com/LonnyGomes/hexcurse

ired
Use pkg install ired to install a minimalist hexadecimal editor.

Homepage: https://github.com/radare/ired

radare2
Use pkg install radare2 to install an advanced hexadecimal editor.

Homepage: https://rada.re

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁