Forwarded from Backup Legal Mega
SPOTIFY + MULTI BIN
BIN : 519472xxxxxxxxxx
IP : Algeria
CHANGE SPOTIFY COUNTRY TO TUNISIA πΉπ³
β CREDIT : Mrklez01
BIN : 519472xxxxxxxxxx
IP : Algeria
CHANGE SPOTIFY COUNTRY TO TUNISIA πΉπ³
β CREDIT : Mrklez01
Forwarded from Backup Legal Mega
BIN APPSTORE (itunes)
| BIN: 49157350117xxxxx
| FECHA: 11/23
| CVV: Generado
| IP: MEXICO
| BIN: 49157350117xxxxx
| FECHA: 11/23
| CVV: Generado
| IP: MEXICO
Forwarded from Backup Legal Mega
LEARNING CRACKING Professional WI-FI PASSWORD KEYS --WEP/WPAWPA2
https://mega.nz/folder/YyglXD5C#LcziK011TVYLKj3oHXs5VQ/folder/Ur4nSBoQ
https://mega.nz/folder/YyglXD5C#LcziK011TVYLKj3oHXs5VQ/folder/Ur4nSBoQ
mega.nz
File folder on MEGA
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Common errors leading to deanonymization:
1. Anonymity in social networks
If you are registered in vk (social network) by entering your phone number. Then they connected to vk via Tor in order to write βNikiforov S.S. thief". Does this mean that you are anonymous - did you use Tor?
No, it doesnβt. If only because a phone number is tied to your social network account. And for your identification, the IP address is not particularly needed.
2. Anonymity and cookies
Cookies are small pieces of information that are stored in your web browser after the site sends them to you.
If you went to the site, received your cookies, then reconnected via Tor and wrote in the comments something like βdeputy of the second convocation of the City Duma Petrov D.S. also a thief β, then cookies can link the author of a comment and a user who has previously logged in with a different IP address.
Cookies are designed to identify the user regardless of your IP address.
3. Many sites store the IP of previous actions
For example, I registered a VPN account to which I will connect through Tor. But I registered it from my IP (βbecause Tor is slow, and indeed that site does not accept connections from the Tor network). Will I be anonymous if I connect to a VPN via Tor? No, because information about previous operations with the IP address is saved.
4. I WILL BUY a VPN (or VPS server to configure OpenVPN) and will be anonymous
Even if you read the third paragraph and went to register through Tor, but use wallets that can lead to you, then there is no question of any anonymity. Moreover, when buying one-time SIM cards and when entering the wallet sites, you also need to remember about your anonymity, otherwise it is all just meaningless.
That is why just Tor is more anonymous than Tor + OpenVPN. It is quite difficult to buy something without leaving a trace.
5. OpenVPN is very good, but not for anonymity
If we recall the original purpose of VPN networks, then this is an organization of virtual private networks, inside of which computers scattered around the world, can access each other's local network resources. At the same time, traffic exchange is encrypted, but this traffic is encrypted only for an external observer, but not for the server and clients of the OpenVPN network.
For this reason, if you purchased a free or paid VPN account, then be prepared that the server owner can do with your traffic WHAT PLEASANT and keeps activity logs - what requests were made from which client.
6. There are 1000 and 1 ways to find out the real IP address of a remote user
Options are from the simplest to send a link to a controlled site and see the IP (if communicating through an anonymous messenger) or a file with a trojan to completely sophisticated methods.
7. If you use any software with closed source code for illegal activities, then there is 100% backdoor installed
Backdoors can also be in legitimate software with closed source code - as a hard-to-detect vulnerability that the manufacturer knows about, or just an ordinary backdoor that is dumb like a cork - these were found, for example, in the official firmware of routers.
As for the illegal software with closed source code that is distributed anonymously, please tell me, well, why not install a backdoor there? The owner does not know anything, and even if he finds out what he will do? Heβll go to the police and say: I bought scripts to crack the protection of stolen phones, and they installed a virus there ... Itβs unlikely that he will.
8. Misunderstanding of the simplest technical aspects of the operation of networks, servers, applications, information accumulated and available in open sources
In my articles, the links to which I gave above, I found the sites of the attacker simply by analyzing where the POST request goes. Why did the attacker leave scripts on this site in the archive? Apparently, I just did not know that it is very easy to track where the POST request goes even if the HTML code is obfuscated.
π¦Common errors leading to deanonymization:
1. Anonymity in social networks
If you are registered in vk (social network) by entering your phone number. Then they connected to vk via Tor in order to write βNikiforov S.S. thief". Does this mean that you are anonymous - did you use Tor?
No, it doesnβt. If only because a phone number is tied to your social network account. And for your identification, the IP address is not particularly needed.
2. Anonymity and cookies
Cookies are small pieces of information that are stored in your web browser after the site sends them to you.
If you went to the site, received your cookies, then reconnected via Tor and wrote in the comments something like βdeputy of the second convocation of the City Duma Petrov D.S. also a thief β, then cookies can link the author of a comment and a user who has previously logged in with a different IP address.
Cookies are designed to identify the user regardless of your IP address.
3. Many sites store the IP of previous actions
For example, I registered a VPN account to which I will connect through Tor. But I registered it from my IP (βbecause Tor is slow, and indeed that site does not accept connections from the Tor network). Will I be anonymous if I connect to a VPN via Tor? No, because information about previous operations with the IP address is saved.
4. I WILL BUY a VPN (or VPS server to configure OpenVPN) and will be anonymous
Even if you read the third paragraph and went to register through Tor, but use wallets that can lead to you, then there is no question of any anonymity. Moreover, when buying one-time SIM cards and when entering the wallet sites, you also need to remember about your anonymity, otherwise it is all just meaningless.
That is why just Tor is more anonymous than Tor + OpenVPN. It is quite difficult to buy something without leaving a trace.
5. OpenVPN is very good, but not for anonymity
If we recall the original purpose of VPN networks, then this is an organization of virtual private networks, inside of which computers scattered around the world, can access each other's local network resources. At the same time, traffic exchange is encrypted, but this traffic is encrypted only for an external observer, but not for the server and clients of the OpenVPN network.
For this reason, if you purchased a free or paid VPN account, then be prepared that the server owner can do with your traffic WHAT PLEASANT and keeps activity logs - what requests were made from which client.
6. There are 1000 and 1 ways to find out the real IP address of a remote user
Options are from the simplest to send a link to a controlled site and see the IP (if communicating through an anonymous messenger) or a file with a trojan to completely sophisticated methods.
7. If you use any software with closed source code for illegal activities, then there is 100% backdoor installed
Backdoors can also be in legitimate software with closed source code - as a hard-to-detect vulnerability that the manufacturer knows about, or just an ordinary backdoor that is dumb like a cork - these were found, for example, in the official firmware of routers.
As for the illegal software with closed source code that is distributed anonymously, please tell me, well, why not install a backdoor there? The owner does not know anything, and even if he finds out what he will do? Heβll go to the police and say: I bought scripts to crack the protection of stolen phones, and they installed a virus there ... Itβs unlikely that he will.
8. Misunderstanding of the simplest technical aspects of the operation of networks, servers, applications, information accumulated and available in open sources
In my articles, the links to which I gave above, I found the sites of the attacker simply by analyzing where the POST request goes. Why did the attacker leave scripts on this site in the archive? Apparently, I just did not know that it is very easy to track where the POST request goes even if the HTML code is obfuscated.
And there can be many such βtechnicalβ punctures: a simple SSH connection password (βno one knows where my server isβ), a misunderstanding of what information the researcher can get on the server, a misunderstanding why Cloudflare is needed, etc.
9. The big picture
Example: infrastructure objects and IP traces are attacked and other indirect signs lead to somewhere far away. But at the same time, the objects and methods of attack are similar to those used by the well-known hacker group. At least there is reason to think.
10. Metadata in files
ENJOYβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
9. The big picture
Example: infrastructure objects and IP traces are attacked and other indirect signs lead to somewhere far away. But at the same time, the objects and methods of attack are similar to those used by the well-known hacker group. At least there is reason to think.
10. Metadata in files
ENJOYβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦OSCP_Helpful_Links.md
OSCP Course Review
Offensive Securityβs PWB and OSCP β My Experience
http://www.securitysift.com/offsec-pwb-oscp/
OSCP Journey
https://scriptkidd1e.wordpress.com/oscp-journey/
Down with OSCP
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
Jolly Frogs - Tech Exams (Very thorough)
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
OSCP Inspired VMs and Walkthroughs
https://www.hackthebox.eu/
https://www.root-me.org/
https://www.vulnhub.com/
Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam
https://highon.coffee/blog/tr0ll-1-walkthrough/
Another walk through for Tr0ll-1
https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Taming the troll - walkthrough
https://leonjza.github.io/blog/2014/08/15/taming-the-troll/
Troll download on Vuln Hub
https://www.vulnhub.com/entry/tr0ll-1,100/
Sickos - Walkthrough:
https://highon.coffee/blog/sickos-1-walkthrough/
Sickos - Inspired by Labs in OSCP
https://www.vulnhub.com/series/sickos,70/
Lord of the Root Walk Through
https://highon.coffee/blog/lord-of-the-root-walkthrough/
Lord Of The Root: 1.0.1 - Inspired by OSCP
https://www.vulnhub.com/series/lord-of-the-root,67/
Tr0ll-2 Walk Through
https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/
Tr0ll-2
https://www.vulnhub.com/entry/tr0ll-2,107/
Cheat Sheets
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md
OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets
CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf
Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/
Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/
Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/
Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/
MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/
Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6
Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5
Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦OSCP_Helpful_Links.md
OSCP Course Review
Offensive Securityβs PWB and OSCP β My Experience
http://www.securitysift.com/offsec-pwb-oscp/
OSCP Journey
https://scriptkidd1e.wordpress.com/oscp-journey/
Down with OSCP
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
Jolly Frogs - Tech Exams (Very thorough)
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
OSCP Inspired VMs and Walkthroughs
https://www.hackthebox.eu/
https://www.root-me.org/
https://www.vulnhub.com/
Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam
https://highon.coffee/blog/tr0ll-1-walkthrough/
Another walk through for Tr0ll-1
https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Taming the troll - walkthrough
https://leonjza.github.io/blog/2014/08/15/taming-the-troll/
Troll download on Vuln Hub
https://www.vulnhub.com/entry/tr0ll-1,100/
Sickos - Walkthrough:
https://highon.coffee/blog/sickos-1-walkthrough/
Sickos - Inspired by Labs in OSCP
https://www.vulnhub.com/series/sickos,70/
Lord of the Root Walk Through
https://highon.coffee/blog/lord-of-the-root-walkthrough/
Lord Of The Root: 1.0.1 - Inspired by OSCP
https://www.vulnhub.com/series/lord-of-the-root,67/
Tr0ll-2 Walk Through
https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/
Tr0ll-2
https://www.vulnhub.com/entry/tr0ll-2,107/
Cheat Sheets
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md
OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets
CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf
Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/
Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/
Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/
Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/
MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/
Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6
Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5
Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Security Sift
Offensive Security's PWB and OSCP - My Experience - Security Sift
My experience with the Offensive Security Penetration Testing with Backtrack (PWB) course and achieving the OSCP certification.
Forwarded from Backup Legal Mega
π¦Crypto Tading :
#Requested
https://academy.investopedia.com/products/crypto-trading
https://mega.nz/folder/aAxURAZD#DX76HLJpyvTXjJTJMH7TNw
#Requested
https://academy.investopedia.com/products/crypto-trading
https://mega.nz/folder/aAxURAZD#DX76HLJpyvTXjJTJMH7TNw
Investopedia
Investopedia Academy
Investopedia Academy was shut down at the end of June 2024, this page contains instructions for downloading any purchased courses.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Do I need to use Tor with VPN, proxy, SSH?
> This is a common question in different variations. And there is no definite answer to it. Suppose in my country or my Internet service provider is blocking access to the Tor network, then not so much good as the only solution is to use VPN + Tor. At the same time,
> so i must clearly understand the risks of a VPN, which is designed for organizing virtual private networks, and not anonymity. If I DO NOT understand the risks of adding different intermediate nodes, and I just do it because I read something better on some forum, then this is a bad idea: there is no working technology to find out the real IP address of a Tor network user, but VPN βhoneypot "Will know everything about you:
1οΈβ£your real IP address
2οΈβ£what sites did you make requests to
what answers received
3οΈβ£Further translation from the pages of the official Tor Project documentation. I agree with these views, provided that there is trust in the Tor network. I do NOT have 100% trust in the Tor network, but of the other options for hiding my IP, this is the best solution.
π¦Sources:
https://support.torproject.org/faq/faq-5/
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Do I need to use Tor with VPN, proxy, SSH?
> This is a common question in different variations. And there is no definite answer to it. Suppose in my country or my Internet service provider is blocking access to the Tor network, then not so much good as the only solution is to use VPN + Tor. At the same time,
> so i must clearly understand the risks of a VPN, which is designed for organizing virtual private networks, and not anonymity. If I DO NOT understand the risks of adding different intermediate nodes, and I just do it because I read something better on some forum, then this is a bad idea: there is no working technology to find out the real IP address of a Tor network user, but VPN βhoneypot "Will know everything about you:
1οΈβ£your real IP address
2οΈβ£what sites did you make requests to
what answers received
3οΈβ£Further translation from the pages of the official Tor Project documentation. I agree with these views, provided that there is trust in the Tor network. I do NOT have 100% trust in the Tor network, but of the other options for hiding my IP, this is the best solution.
π¦Sources:
https://support.torproject.org/faq/faq-5/
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
support.torproject.org
Can I use a VPN with Tor? | Tor Project | Support
Defend yourself against tracking and surveillance. Circumvent censorship. | Can I use a VPN with Tor?
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Anonymity and privacy
> You can very much violate your anonymity by using VPN / SSH in addition to Tor. (Proxies are described below.) But if you know what you are doing, then you can increase anonymity, security, and privacy.
> VPN / SSH providers keep a history of financial transactions and you will leave traces if you do not choose a truly anonymous payment method. VPN / SSH acts as a permanent ingress or as a persistent egress node. This may solve some problems, but create new risks.
> Who is your opponent? Against a global adversary with unlimited resources, adding new intermediate nodes makes passive attacks (a bit) harder, but active attacks become easier as you provide more surface to attack and send more data that you can use.
> Adding hosts strengthens you against collusion between Tor hosts and against blackhack hackers who target the Tor client code (especially if Tor and VPN work on two different systems).
> If the VPN / SSH server is under the control of an attacker, you are weakening the protection provided by Tor. If the server is trustworthy, you can increase the anonymity and / or privacy (depending on the settings) provided by Tor.
> VPN / SSH can also be used to circumvent Tor censorship (if your ISP blocks access to Tor or if the end node blocks connections from the Tor network).
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Anonymity and privacy
> You can very much violate your anonymity by using VPN / SSH in addition to Tor. (Proxies are described below.) But if you know what you are doing, then you can increase anonymity, security, and privacy.
> VPN / SSH providers keep a history of financial transactions and you will leave traces if you do not choose a truly anonymous payment method. VPN / SSH acts as a permanent ingress or as a persistent egress node. This may solve some problems, but create new risks.
> Who is your opponent? Against a global adversary with unlimited resources, adding new intermediate nodes makes passive attacks (a bit) harder, but active attacks become easier as you provide more surface to attack and send more data that you can use.
> Adding hosts strengthens you against collusion between Tor hosts and against blackhack hackers who target the Tor client code (especially if Tor and VPN work on two different systems).
> If the VPN / SSH server is under the control of an attacker, you are weakening the protection provided by Tor. If the server is trustworthy, you can increase the anonymity and / or privacy (depending on the settings) provided by Tor.
> VPN / SSH can also be used to circumvent Tor censorship (if your ISP blocks access to Tor or if the end node blocks connections from the Tor network).
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Microsoft Office β DDE Attacks.pdf
693.1 KB
MS OFFICE DDE ATTACK -TUTORIAL
β β β Uππ»βΊπ«6π¬πβ β β β
π¦VPN / SSH vs proxy :
> The connection between you and the VPN / SSH is encrypted, but not always.
> On the other hand, the connection between you and OpenProxy is not encrypted. The "SSL proxy" in most cases is the only http proxy that supports the connect method. The connect method was originally designed so that you can use SSL connections to web servers, but other interesting things are possible, such as connecting to IRC, SSH, etc.
> Another disadvantage of http (s) proxies is that some of them, even depending on your network settings, even pass your IP through the βhttp forwarded forβ header . (Such proxies are also called βnon-anonymous proxies.β Although the word βanonymousβ should be understood with caution in any case, OpenProxy alone is much worse than Tor.)
π¦VPN vs SSH or proxy :
> VPN works at the network level. The SSH tunnel can offer socks5 proxies. Proxies work at the application level. These technical details create their own problems when combined with Tor.
> The problem for many VPN users is the complicated setup. They connect to the VPN on a machine that has direct access to the Internet.
> VPN user may forget to connect to VPN first
Without special precautions, when a VPN connection is disconnected (VPN server reboot, network problems, VPN process failure, etc.), direct connections without VPN will be performed.
To solve this problem, you can try something like VPN-Firewall.
> When working at the application level (using socks5 SSH tunnels or proxy servers), the problem is that many applications do not comply with the proxy server settings.
> The most secure solution to resolve these problems is to use a transparent proxy, which is possible for VPN, SSH and proxies.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦VPN / SSH vs proxy :
> The connection between you and the VPN / SSH is encrypted, but not always.
> On the other hand, the connection between you and OpenProxy is not encrypted. The "SSL proxy" in most cases is the only http proxy that supports the connect method. The connect method was originally designed so that you can use SSL connections to web servers, but other interesting things are possible, such as connecting to IRC, SSH, etc.
> Another disadvantage of http (s) proxies is that some of them, even depending on your network settings, even pass your IP through the βhttp forwarded forβ header . (Such proxies are also called βnon-anonymous proxies.β Although the word βanonymousβ should be understood with caution in any case, OpenProxy alone is much worse than Tor.)
π¦VPN vs SSH or proxy :
> VPN works at the network level. The SSH tunnel can offer socks5 proxies. Proxies work at the application level. These technical details create their own problems when combined with Tor.
> The problem for many VPN users is the complicated setup. They connect to the VPN on a machine that has direct access to the Internet.
> VPN user may forget to connect to VPN first
Without special precautions, when a VPN connection is disconnected (VPN server reboot, network problems, VPN process failure, etc.), direct connections without VPN will be performed.
To solve this problem, you can try something like VPN-Firewall.
> When working at the application level (using socks5 SSH tunnels or proxy servers), the problem is that many applications do not comply with the proxy server settings.
> The most secure solution to resolve these problems is to use a transparent proxy, which is possible for VPN, SSH and proxies.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
My Top 5 Web Hacking Tools.pdf
320.5 KB
TOP 5 WEB HACKING TOOLS & METHODES VIA PICTURES
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Top 2020 #MITM tools :
BetterCAP | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
Burp Suite | GUI based tool for testing Web application security.
Ettercap | Ettercap is a comprehensive suite for man in the middle attacks
Evilginx | Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
MITMf | Framework for Man-In-The-Middle attacks
mitmproxy | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Top 2020 #MITM tools :
BetterCAP | MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
Burp Suite | GUI based tool for testing Web application security.
Ettercap | Ettercap is a comprehensive suite for man in the middle attacks
Evilginx | Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
MITMf | Framework for Man-In-The-Middle attacks
mitmproxy | An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
portswigger.net
Burp - Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some popular Search Engine for leaks & bugs.. for Penetration Tester
Spyse | Spyse collects valuable data from all open source internet and stores it in its own database to provide instant access to the data.
Censys | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan | Shodan is the world's first search engine for Internet-connected devices.
WiGLE | Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
Zoomeye | search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some popular Search Engine for leaks & bugs.. for Penetration Tester
Spyse | Spyse collects valuable data from all open source internet and stores it in its own database to provide instant access to the data.
Censys | Censys continually monitors every reachable server and device on the Internet, so you can search for and analyze them in real time
Shodan | Shodan is the world's first search engine for Internet-connected devices.
WiGLE | Maps and database of 802.11 wireless networks, with statistics, submitted by wardrivers, netstumblers, and net huggers.
Zoomeye | search engine for cyberspace that lets the user find specific network components(ip, services, etc.)
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Source Code Analysis & decryption Tools
pyup | Automated Security and Dependency Updates
RIPS | PHP Security Analysis
Retire.js | detecting the use of JavaScript libraries with known vulnerabilities
Snyk | find & fix vulnerabilities in dependencies, supports various languages
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Source Code Analysis & decryption Tools
pyup | Automated Security and Dependency Updates
RIPS | PHP Security Analysis
Retire.js | detecting the use of JavaScript libraries with known vulnerabilities
Snyk | find & fix vulnerabilities in dependencies, supports various languages
β β β Uππ»βΊπ«6π¬πβ β β β
Getsafety
Safety | Software Supply Chain Firewall & Security
Prevent vulnerable and malicious packages from entering your software supply chain with Safety's AI-powered platform. Protection for Python, Java, and JavaScript ecosystems.
Tracking Users_ From Cookies to DeviceFingerprinting.pdf
320.4 KB
Tracking via cookies methode
β β β Uππ»βΊπ«6π¬πβ β β β
π¦DANGEROUS EXPLOIT TOOLS-USE CVE:
LinEnum | Scripted Local Linux Enumeration & Privilege Escalation Checks
CVE-2017-5123 | Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
Oracle Privilege Escalation via Deserialization | CVE-2018-3004 Oracle Privilege Escalation via Deserialization
linux-exploit-suggester | The tool is meant to assist the security analyst in his testing for privilege escalation opportunities on Linux machine
BeRoot Project | BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
yodo: Local Privilege Escalation | yodo proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
Share usβ€οΈππ»
β GIT SOURCES 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦DANGEROUS EXPLOIT TOOLS-USE CVE:
LinEnum | Scripted Local Linux Enumeration & Privilege Escalation Checks
CVE-2017-5123 | Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
Oracle Privilege Escalation via Deserialization | CVE-2018-3004 Oracle Privilege Escalation via Deserialization
linux-exploit-suggester | The tool is meant to assist the security analyst in his testing for privilege escalation opportunities on Linux machine
BeRoot Project | BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
yodo: Local Privilege Escalation | yodo proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
Share usβ€οΈππ»
β GIT SOURCES 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
Scripted Local Linux Enumeration & Privilege Escalation Checks - rebootuser/LinEnum