β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§CentOS Server Security Tips :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
2) Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
3) To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
4) To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
5) Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
6) Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
7) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
8) Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
9) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
10) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you enter a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
11) To force users to use a password that is at least 8 characters long, including all character classes, sequential character checking, add the following lines to the /etc/security/pwquality.conf file:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
12) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§CentOS Server Security Tips :
1) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.
2) Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.
# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
3) To clear the setuid bit, run the following command:
# chmod us / path / to / binary_file
4) To clear the setgid bit, run the following command:
# chmod gs / path / to / binary_file
5) Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.
6) Run the below find command to list files or directories without users and groups.
# find / -nouser -o -nogroup -exec ls -l {} \;
7) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.
8) Run the command below to display writable files other than symbolic links which are always writable to everyone.
# find / -path / proc -prune -o -perm -2! -type l βls
9) Create strong passwords
Create a password that is at least eight characters long.
Password must contain numbers, special characters and capital letters.
Use pwmake to generate a 128-bit password from / dev / urandom.
# pwmake 128
10) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:
password required pam_pwquality.so retry = 3
By adding this line, you enter a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.
11) To force users to use a password that is at least 8 characters long, including all character classes, sequential character checking, add the following lines to the /etc/security/pwquality.conf file:
minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian
Use password aging
The chage command can be used to control the age of a user's password.
To set the age of a user's password to 45 days, use the following command:
# chage -M 45 username
To disable password expiration use the command:
# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username
12) Blocking accounts
User accounts can be locked out by running passwd or usermod command:
# passwd -l username
# usermod -L username
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Merge Fonts Using a FontForge in LINUX
1) Create a new file named βmergefonts.shβ and paste the following code in it:
#!/usr/bin/fontforge
Open($1)
SelectAll()
ScaleToEm(1024)
Generate("1.ttf")
Close()
Open($2)
SelectAll()
ScaleToEm(1024)
Generate("2.ttf")
Close()
Open("1.ttf")
MergeFonts("2.ttf")
Generate("my_custom_font.ttf")
Close()
2) The code is pretty straight forward. The β$1β argument is for your primary font while the β$2β argument is for your secondary font. Fonts are first scaled to a uniform size and then merged to generate a new font. If you do not scale them to a common size, you may get uneven text rendering from the final merged font.
3) To check the size of a font in βemβ units, run the command below (replace βfont.ttfβ with name of your own font file):
$ fontforge -lang=ff -c 'Open($1); Print($em); Close()' font.ttf
You will get some output like this:
4) The glyph named f_i is mapped to U+F001.
But its name indicates it should be mapped to U+FB01.
2048
5) Change βScaleToEm(1024)β lines in the script above with your desired value. You can also edit the script and put an extra β$3β argument to specify the size value from the command line.
6) Now to merge the two fonts, specify fonts as arguments while running βmergefonts.shβ script. The order of these arguments is important as the font specified as the second argument ($2) will be merged into the font specified as first argument ($1). The first argument should be of your main font that you intend to use in your project. Put the βmergefonts.shβ script and two fonts in a folder, launch a new terminal window from the folder and run the following command to merge the fonts:
$ ./mergefonts.sh font1.ttf font2.ttf
7) After running the script, you will find the new merged font as βmy_custom_font.ttfβ in the working directory. You may see some warnings and errors in the terminal after running the command above. These errors wonβt stop the merging process of the fonts. If they are simple warnings, you can ignore them. However, if there are conflicts and errors during the merging process, you may need to review them and fix them individually by manually modifying the glyphs in FontForge GUI app. It totally depends on the kind of fonts you choose for merging and you may not get any errors at all.
8) Note that the very first line in the script is the location of the FontForge binary as shebang. This allows you to directly run the script in the terminal without having to manually specify the FontForge command in the terminal. To check the location of FontForge binary in your system, run the command below:
$ which fontforge
Alternatively, you can run any FontForge script using the β-scriptβ argument.
$ fontforge -script mergefonts.sh font1.ttf font2.ttf
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Merge Fonts Using a FontForge in LINUX
1) Create a new file named βmergefonts.shβ and paste the following code in it:
#!/usr/bin/fontforge
Open($1)
SelectAll()
ScaleToEm(1024)
Generate("1.ttf")
Close()
Open($2)
SelectAll()
ScaleToEm(1024)
Generate("2.ttf")
Close()
Open("1.ttf")
MergeFonts("2.ttf")
Generate("my_custom_font.ttf")
Close()
2) The code is pretty straight forward. The β$1β argument is for your primary font while the β$2β argument is for your secondary font. Fonts are first scaled to a uniform size and then merged to generate a new font. If you do not scale them to a common size, you may get uneven text rendering from the final merged font.
3) To check the size of a font in βemβ units, run the command below (replace βfont.ttfβ with name of your own font file):
$ fontforge -lang=ff -c 'Open($1); Print($em); Close()' font.ttf
You will get some output like this:
4) The glyph named f_i is mapped to U+F001.
But its name indicates it should be mapped to U+FB01.
2048
5) Change βScaleToEm(1024)β lines in the script above with your desired value. You can also edit the script and put an extra β$3β argument to specify the size value from the command line.
6) Now to merge the two fonts, specify fonts as arguments while running βmergefonts.shβ script. The order of these arguments is important as the font specified as the second argument ($2) will be merged into the font specified as first argument ($1). The first argument should be of your main font that you intend to use in your project. Put the βmergefonts.shβ script and two fonts in a folder, launch a new terminal window from the folder and run the following command to merge the fonts:
$ ./mergefonts.sh font1.ttf font2.ttf
7) After running the script, you will find the new merged font as βmy_custom_font.ttfβ in the working directory. You may see some warnings and errors in the terminal after running the command above. These errors wonβt stop the merging process of the fonts. If they are simple warnings, you can ignore them. However, if there are conflicts and errors during the merging process, you may need to review them and fix them individually by manually modifying the glyphs in FontForge GUI app. It totally depends on the kind of fonts you choose for merging and you may not get any errors at all.
8) Note that the very first line in the script is the location of the FontForge binary as shebang. This allows you to directly run the script in the terminal without having to manually specify the FontForge command in the terminal. To check the location of FontForge binary in your system, run the command below:
$ which fontforge
Alternatively, you can run any FontForge script using the β-scriptβ argument.
$ fontforge -script mergefonts.sh font1.ttf font2.ttf
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦
1) Make sure your application is free of vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.
Make sure there are no known vulnerabilities in your application.
It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.
2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.
Security testing doesn't slow down the development process.
Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.
Therefore, consider checking the security of your applications before going into production.
3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.
This program allows your organization to find and fix bugs before they become known to the public or known hackers.
This way you can prevent incidents.
4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.
Knowledge of cybersecurity can help your organization counter the threats of your applications.
5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.
Consider using an automated scanner to scan that will run tests daily.
You can also use vulnerability scanning tools that are automated.
Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.
6) Think Before Using Open Source In Your Application
open source can be vulnerable.
Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.
So think twice before using open source in your application.
7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.
8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.
Penetration testing is useful for protecting cybercriminal applications.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦
1) Make sure your application is free of vulnerabilities.
The most dangerous threat to an application is its own vulnerabilities and flaws.
Make sure there are no known vulnerabilities in your application.
It can be as a web application, mobile application, or desktop application, and the vulnerability remediation will help prevent threats.
2) Consider testing the security of your application before shipping it to production.
To eliminate the vulnerability, you can conduct security testing of your applications.
Security testing doesn't slow down the development process.
Security testing helps you find and fix vulnerabilities in your application, as well as make your applications more efficient.
Therefore, consider checking the security of your applications before going into production.
3) Bug Bounty program
Many large companies such as Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft are organizing Bug Bounty programs to identify vulnerabilities in their applications.
This program allows your organization to find and fix bugs before they become known to the public or known hackers.
This way you can prevent incidents.
4) Train your organization on application security best practices.
You can also protect your apps by educating your employees about their security.
Knowledge of cybersecurity can help your organization counter the threats of your applications.
5) Use an automatic scanner to keep the application secure.
Scanning your entire application is also a good security measure.
Consider using an automated scanner to scan that will run tests daily.
You can also use vulnerability scanning tools that are automated.
Vulnerability scanning tools will search your applications for vulnerabilities such as cross-site scripting, SQL injection, command injection, path traversal, etc.
6) Think Before Using Open Source In Your Application
open source can be vulnerable.
Thus, using open source code in your application can leave your applications vulnerable to cyber attacks.
So think twice before using open source in your application.
7) Consider encrypting your application source code.
Source code encryption ensures that an attacker cannot gain access to the source code of your applications.
8) Penetration testing also helps protect your applications
Penetration testing is also a pentest.
Penetration testing is useful for protecting cybercriminal applications.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is UChecker ?
1) UChecker, short for Userspace Checker, is a free open source scanner that detects which of your processes are still using outdated libraries and need to be restarted.
The tool was created by KernelCare during live patching development for shared libraries.
With Uchecker, you can identify vulnerable FOSS libraries and fix them.
2) You will have to reboot the affected processes (unless you are using the library update services without rebooting), but by scanning for vulnerabilities, you can determine which processes need attention and which do not.
3) As a result, you avoid unnecessary server reboots that lead to degraded service and / or crashes, as well as creating access vulnerabilities, since libraries are left unpatched until a reboot is scheduled.
4) In fact, you may not even know which services are using which libraries, so it is tempting to just reboot the server to update everything, or restart the core services.
5) This practice can be just as devastating as rebooting.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) https://github.com/cloudlinux/kcare-uchecker
2) # curl -s -L https://kernelcare.com/checker | python
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is UChecker ?
1) UChecker, short for Userspace Checker, is a free open source scanner that detects which of your processes are still using outdated libraries and need to be restarted.
The tool was created by KernelCare during live patching development for shared libraries.
With Uchecker, you can identify vulnerable FOSS libraries and fix them.
2) You will have to reboot the affected processes (unless you are using the library update services without rebooting), but by scanning for vulnerabilities, you can determine which processes need attention and which do not.
3) As a result, you avoid unnecessary server reboots that lead to degraded service and / or crashes, as well as creating access vulnerabilities, since libraries are left unpatched until a reboot is scheduled.
4) In fact, you may not even know which services are using which libraries, so it is tempting to just reboot the server to update everything, or restart the core services.
5) This practice can be just as devastating as rebooting.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) https://github.com/cloudlinux/kcare-uchecker
2) # curl -s -L https://kernelcare.com/checker | python
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - cloudlinux/kcare-uchecker: A simple tool to detect outdated shared libraries
A simple tool to detect outdated shared libraries. Contribute to cloudlinux/kcare-uchecker development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Windows 10 update removes the need to remember passwords with Windows Hello and FIDO2:
Say goodbye to passwords
Microsoft knows what everyone thinks about passwords, noting that "no one likes passwords (except hackers)."
Since the advent of the computer systems that we all use, we have had to remember passwords - for computer systems, websites, applications, devices, and the like.
βPeople don't like passwords because we have to remember them,β Microsoft explained.
"As a result, we often create passwords that are easy to guess β making them the first target for hackers trying to gain access to your computer or network."
The need for confidentiality meant passwords for everything.
This increased need has led to different types of passwords.
Instead of your birthday, anniversary, dog name, street name, etc., you were forced to remember more complex passwords or have a password manager.
π¦Windows Hello and FIDO2 integration :
You can take advantage of Windows Hello with FIDO2 by updating Windows 10 to version 1903.
Microsoft Edge, Google Chrome and Mozilla Firefox will support biometrics and PINs.
Other Microsoft products such as Office 365, Skype, and Xbox Live can also authenticate using Windows Hello.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Windows 10 update removes the need to remember passwords with Windows Hello and FIDO2:
Say goodbye to passwords
Microsoft knows what everyone thinks about passwords, noting that "no one likes passwords (except hackers)."
Since the advent of the computer systems that we all use, we have had to remember passwords - for computer systems, websites, applications, devices, and the like.
βPeople don't like passwords because we have to remember them,β Microsoft explained.
"As a result, we often create passwords that are easy to guess β making them the first target for hackers trying to gain access to your computer or network."
The need for confidentiality meant passwords for everything.
This increased need has led to different types of passwords.
Instead of your birthday, anniversary, dog name, street name, etc., you were forced to remember more complex passwords or have a password manager.
π¦Windows Hello and FIDO2 integration :
You can take advantage of Windows Hello with FIDO2 by updating Windows 10 to version 1903.
Microsoft Edge, Google Chrome and Mozilla Firefox will support biometrics and PINs.
Other Microsoft products such as Office 365, Skype, and Xbox Live can also authenticate using Windows Hello.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§5 best CLI tools for finding words using regular expressions:
1) Grep command
First of all comes the utility tool grep, which stands for Global Regular Expression Print, a powerful command line tool that comes in handy when searching for a specific string or pattern in a file.
Grep comes by default with modern Linux distributions and gives you the ability to return different search results.
With grep, you can perform a wide variety of functions such as:
Search for strings or matching patterns in the file.
Search for strings or matching patterns in Gzip files.
Count the number of string matches.
Print line numbers containing a string or pattern.
Recursive search for a string in directories.
Perform a reverse search (that is, display results for rows that do not match your search criteria).
Ignore case sensitivity when searching for strings.
The syntax for using the grep command is pretty simple:
$ grep pattern FILE
For example, to find the string "itsecforu" in a file, say hello.txt, ignoring case, run the command:
$ grep -i itsecforu hello.txt
2) sed command
Sed, short for Stream Editor, is another useful command line tool for manipulating text in a text file.
Sed searches, filters, and replaces lines in a given file in a non-interactive way.
By default, the sed command prints the output to STDOUT (standard output), implying that the output is written to the terminal rather than saved to a file.
The Sed command is invoked as follows:
$ sed -OPTIONS command [file]
For example, to replace all instances of "Unix" with "Linux", issue the command:
$ sed 's / Unix / Linux' hello.txt
If you want to redirect the output rather than display it on the terminal, use the redirection sign (>) as follows:
$ sed 's / Unix / Linux' hello.txt> output.txt
The output of the command will be saved in the file output.txt, rather than being printed to the screen.
Check the man pages again for other options that you can use.
$ man sed
3) Team Ack
Ack is a fast and portable command line tool written in Perl.
Ack is considered a convenient replacement for grep, and displays results in a visually appealing form.
The Ack command searches a file or directory for strings that match the search criteria.
Then it highlights the corresponding line.
Ack has the ability to differentiate between files based on their extensions and, to a certain extent, the content in the files.
Ack command syntax:
$ ack [options] PATTERN [FILE ...]
$ ack -f [options] [DIRECTORY ...]
For example, to find the word itsecforu, run:
$ ack itsecforu hello.txt
To install ask on your system, run the command:
$ sudo apt install ack-grep [On Debian / Ubuntu]
$ sudo dnf install ack-grep [On CentOS / RHEL]
4) Team Awk
Awk is a complete scripting language, word processing and data manipulation tool.
It looks for files or programs that contain a search pattern.
When a string or pattern is found, awk performs the action on the match or string and prints the results to STDOUT.
The AWK pattern is enclosed in curly braces, and the entire program is enclosed in single quotes.
Let's take the simplest example.
Suppose you are displaying your system date as shown below:
$ date
Suppose you only want to display the first value, that is, the day of the week.
In this case, pipe the output to awk as shown below:
$ date | awk '{print $ 1}'
To display subsequent values, separate them with a comma, as shown below:
$ date | awk '{print $ 1, $ 2}'
The above command will display the day of the week and date .
5) Silver Searcher
Silver Searcher is a cross-platform open source code search tool similar to ack but with a focus on speed.
It makes it easy to find a specific string in files in no time at all:
$ ag OPTIONS search_pattern / path / to / file
For example, to find the string "Linux" in hello.txt, run the command:
$ ag Linux hello.txt
For additional options:
$ man ag
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§5 best CLI tools for finding words using regular expressions:
1) Grep command
First of all comes the utility tool grep, which stands for Global Regular Expression Print, a powerful command line tool that comes in handy when searching for a specific string or pattern in a file.
Grep comes by default with modern Linux distributions and gives you the ability to return different search results.
With grep, you can perform a wide variety of functions such as:
Search for strings or matching patterns in the file.
Search for strings or matching patterns in Gzip files.
Count the number of string matches.
Print line numbers containing a string or pattern.
Recursive search for a string in directories.
Perform a reverse search (that is, display results for rows that do not match your search criteria).
Ignore case sensitivity when searching for strings.
The syntax for using the grep command is pretty simple:
$ grep pattern FILE
For example, to find the string "itsecforu" in a file, say hello.txt, ignoring case, run the command:
$ grep -i itsecforu hello.txt
2) sed command
Sed, short for Stream Editor, is another useful command line tool for manipulating text in a text file.
Sed searches, filters, and replaces lines in a given file in a non-interactive way.
By default, the sed command prints the output to STDOUT (standard output), implying that the output is written to the terminal rather than saved to a file.
The Sed command is invoked as follows:
$ sed -OPTIONS command [file]
For example, to replace all instances of "Unix" with "Linux", issue the command:
$ sed 's / Unix / Linux' hello.txt
If you want to redirect the output rather than display it on the terminal, use the redirection sign (>) as follows:
$ sed 's / Unix / Linux' hello.txt> output.txt
The output of the command will be saved in the file output.txt, rather than being printed to the screen.
Check the man pages again for other options that you can use.
$ man sed
3) Team Ack
Ack is a fast and portable command line tool written in Perl.
Ack is considered a convenient replacement for grep, and displays results in a visually appealing form.
The Ack command searches a file or directory for strings that match the search criteria.
Then it highlights the corresponding line.
Ack has the ability to differentiate between files based on their extensions and, to a certain extent, the content in the files.
Ack command syntax:
$ ack [options] PATTERN [FILE ...]
$ ack -f [options] [DIRECTORY ...]
For example, to find the word itsecforu, run:
$ ack itsecforu hello.txt
To install ask on your system, run the command:
$ sudo apt install ack-grep [On Debian / Ubuntu]
$ sudo dnf install ack-grep [On CentOS / RHEL]
4) Team Awk
Awk is a complete scripting language, word processing and data manipulation tool.
It looks for files or programs that contain a search pattern.
When a string or pattern is found, awk performs the action on the match or string and prints the results to STDOUT.
The AWK pattern is enclosed in curly braces, and the entire program is enclosed in single quotes.
Let's take the simplest example.
Suppose you are displaying your system date as shown below:
$ date
Suppose you only want to display the first value, that is, the day of the week.
In this case, pipe the output to awk as shown below:
$ date | awk '{print $ 1}'
To display subsequent values, separate them with a comma, as shown below:
$ date | awk '{print $ 1, $ 2}'
The above command will display the day of the week and date .
5) Silver Searcher
Silver Searcher is a cross-platform open source code search tool similar to ack but with a focus on speed.
It makes it easy to find a specific string in files in no time at all:
$ ag OPTIONS search_pattern / path / to / file
For example, to find the string "Linux" in hello.txt, run the command:
$ ag Linux hello.txt
For additional options:
$ man ag
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Too much hacker news & security warning in T.me/UndercodeNews, if you interested join
follow Undercode News:
Twitter.com/UndercodeNews
Fb.com/UndercodeNews
instagram.com/UndercodeNews
follow Undercode News:
Twitter.com/UndercodeNews
Fb.com/UndercodeNews
instagram.com/UndercodeNews
Telegram
UNDERCODE NEWS
Daily News, Hacking News, Tech News, Analytiques and more...
For Updates: UndercodeNews.com
instagram.com/UndercodeNews
Twitter.com/UndercodeNews
For Support: Support@UndercodeNews.com
For Feedback: Feedback@UndercodeNews.com
More:
undercode.help
For Updates: UndercodeNews.com
instagram.com/UndercodeNews
Twitter.com/UndercodeNews
For Support: Support@UndercodeNews.com
For Feedback: Feedback@UndercodeNews.com
More:
undercode.help
Forwarded from UNDERCODE COMMUNITY
Presentation_Social_Engineering.pdf
3.4 MB
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME INTERESTING HACKING COURSES FROM YOUTUBE
1) 9 hours hacking
https://www.youtube.com/watch?v=dz7Ntp7KQGA
2) 1 HOUR BURPSUITE :
https://www.youtube.com/watch?v=vKudm1kDu8k
3) 14 HOURS HACKING :
https://www.youtube.com/watch?v=3Kq1MIfTWCE
4) 40 MINUTES MOBILE HACKING :
https://www.youtube.com/watch?v=3XUo7UBn28o
5) 24 MINUTES jAVA Course Objects& Classes
https://youtu.be/84hGoR9HjAY
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME INTERESTING HACKING COURSES FROM YOUTUBE
1) 9 hours hacking
https://www.youtube.com/watch?v=dz7Ntp7KQGA
2) 1 HOUR BURPSUITE :
https://www.youtube.com/watch?v=vKudm1kDu8k
3) 14 HOURS HACKING :
https://www.youtube.com/watch?v=3Kq1MIfTWCE
4) 40 MINUTES MOBILE HACKING :
https://www.youtube.com/watch?v=3XUo7UBn28o
5) 24 MINUTES jAVA Course Objects& Classes
https://youtu.be/84hGoR9HjAY
β β β Uππ»βΊπ«Δπ¬πβ β β β
YouTube
Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours | Ethical Hacking Tutorial | Edureka
π₯Certified Ethical Hacking Course - CEH v12 Training : https://www.edureka.co/ceh-ethical-hacking-certification-course
π₯CompTIA Security+ Certification Training: https://www.edureka.co/comptia-security-plus-certification-training
This Edureka video on "Ethicalβ¦
π₯CompTIA Security+ Certification Training: https://www.edureka.co/comptia-security-plus-certification-training
This Edureka video on "Ethicalβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Install Xrdp Server (Remote Desktop) on Ubuntu 20.04 :
1) Install a Desktop Environment
Unless you are using Ubuntu for desktop (in which case you may ignore this step), you will need to download an externally available desktop environment to get started. For this demonstration, Gnome will be used as the desktop environment, as it is the default environment for newer versions of Ubuntu. So, this guide will be easy to follow for those who are already using an Ubuntu desktop.
$ sudo apt update
$ sudo apt install ubuntu-desktop
2) Install Xrdp
To download and install Xrdp from the standard Ubuntu repositories, enter the following command:
$ sudo apt install xrdp
Verify the install by entering the following command:
$ sudo systemctl status xrdp
3) There is a file in the /etc/ssl/private/ directory named ssl-cert-snakeoil.key that is fundamental to the functions of the Xrdp services. This file must be made readable for an xrdp user. To do so, use the following command:
$ sudo adduser xrdp ssl-cert
4) To make these modifications permanent, reboot the Xrdp service:
$ sudo systemctl restart xrdp
5) Getting Started with Xrdp
Configuring Firewall with Xrdp
We will now open up the Xrdp port, which is port 3389, by configuring the firewall. Enter the following command to allow access from a certain IP range:
$ sudo ufw allow from 192.168.33.0/24 to any port 3389
π¦Connect to the Xrdp Server (for Windows OS)
With the installation and firewall configurations taken care of, you may now connect to the Xrdp server. The following steps show you how to connect to the Xrdp server:
1) Head over to the windows search bar.
Type in βremote.β
2) Select βRemote Desktop Connectionβ to load the RDP client.
3) Navigate to the field labeled βcomputer.β
4) Paste the server IP address.
5) Hit the connect button.
6) The login screen will display, into which you will put your user credentials.
7) Click βok.β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Install Xrdp Server (Remote Desktop) on Ubuntu 20.04 :
1) Install a Desktop Environment
Unless you are using Ubuntu for desktop (in which case you may ignore this step), you will need to download an externally available desktop environment to get started. For this demonstration, Gnome will be used as the desktop environment, as it is the default environment for newer versions of Ubuntu. So, this guide will be easy to follow for those who are already using an Ubuntu desktop.
$ sudo apt update
$ sudo apt install ubuntu-desktop
2) Install Xrdp
To download and install Xrdp from the standard Ubuntu repositories, enter the following command:
$ sudo apt install xrdp
Verify the install by entering the following command:
$ sudo systemctl status xrdp
3) There is a file in the /etc/ssl/private/ directory named ssl-cert-snakeoil.key that is fundamental to the functions of the Xrdp services. This file must be made readable for an xrdp user. To do so, use the following command:
$ sudo adduser xrdp ssl-cert
4) To make these modifications permanent, reboot the Xrdp service:
$ sudo systemctl restart xrdp
5) Getting Started with Xrdp
Configuring Firewall with Xrdp
We will now open up the Xrdp port, which is port 3389, by configuring the firewall. Enter the following command to allow access from a certain IP range:
$ sudo ufw allow from 192.168.33.0/24 to any port 3389
π¦Connect to the Xrdp Server (for Windows OS)
With the installation and firewall configurations taken care of, you may now connect to the Xrdp server. The following steps show you how to connect to the Xrdp server:
1) Head over to the windows search bar.
Type in βremote.β
2) Select βRemote Desktop Connectionβ to load the RDP client.
3) Navigate to the field labeled βcomputer.β
4) Paste the server IP address.
5) Hit the connect button.
6) The login screen will display, into which you will put your user credentials.
7) Click βok.β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The connotation of safety :
#fAStTips
The security of the system includes the following aspects:
β Protect various resources in the system from natural and man-made damage;
β‘ Estimate various threats in the operating system and its special
problems;
β’ Effective development and implementation security policies to minimize the risks faced by the system;
β£ prepare appropriate contingency measures to enable the system to return to normal as soon as the destruction or attacks;
β€ regularly check the implementation of various security management measures.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The connotation of safety :
#fAStTips
The security of the system includes the following aspects:
β Protect various resources in the system from natural and man-made damage;
β‘ Estimate various threats in the operating system and its special
problems;
β’ Effective development and implementation security policies to minimize the risks faced by the system;
β£ prepare appropriate contingency measures to enable the system to return to normal as soon as the destruction or attacks;
β€ regularly check the implementation of various security management measures.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Communication line and network security
#FastTips
Such as:
- destroy or delete the message,
- read the message, watch the message and its transmission mode
- change, delay, reorder or copy, forge the message
π¦System security features
Different computer operating systems have different security requirements, but in general the system should have the following characteristics:
(1) Confidentiality (Security) is accessed by authorized persons
(2) Integrity is changed by authorized persons
(3) ) Availability (Availability) Available to authorized persons
(3) Reliability (Authenticity) Can verify the user's identity
π¦Security threats-threat source
The threats to the security of computer systems mainly come from the following three aspects:
(1) accidental
(2) natural disasters
(3) man-made attacks-active threats
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Communication line and network security
#FastTips
Such as:
- destroy or delete the message,
- read the message, watch the message and its transmission mode
- change, delay, reorder or copy, forge the message
π¦System security features
Different computer operating systems have different security requirements, but in general the system should have the following characteristics:
(1) Confidentiality (Security) is accessed by authorized persons
(2) Integrity is changed by authorized persons
(3) ) Availability (Availability) Available to authorized persons
(3) Reliability (Authenticity) Can verify the user's identity
π¦Security threats-threat source
The threats to the security of computer systems mainly come from the following three aspects:
(1) accidental
(2) natural disasters
(3) man-made attacks-active threats
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Functions involved in operating system security
β User identification.
β‘ Memory protection.
β’ File and I/O device access control.
β£ Carry out distribution and access control to general entities, and implement certain control and protection on them.
β€ Sharing constraints.
β₯ While considering the security mechanism of the operating system, it is also necessary to ensure that system users enjoy fair services without permanent waiting services; it is also necessary to ensure that the operating system provides timely responses for process synchronization and asynchronous communication.
π¦Confidential and secure operating system design principles
The design principle of the safe OS, the
least privilege, the least privilege, the economy of the general security mechanism, the open design, the security strategy, the integrity of the
privilege separation
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Functions involved in operating system security
β User identification.
β‘ Memory protection.
β’ File and I/O device access control.
β£ Carry out distribution and access control to general entities, and implement certain control and protection on them.
β€ Sharing constraints.
β₯ While considering the security mechanism of the operating system, it is also necessary to ensure that system users enjoy fair services without permanent waiting services; it is also necessary to ensure that the operating system provides timely responses for process synchronization and asynchronous communication.
π¦Confidential and secure operating system design principles
The design principle of the safe OS, the
least privilege, the least privilege, the economy of the general security mechanism, the open design, the security strategy, the integrity of the
privilege separation
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β