⚔️ A collection of cool tools used by Web hackers.
Happy hacking , Happy bug-hunting
https://github.com/hahwul/WebHackersWeapons
@geekcode #github
Happy hacking , Happy bug-hunting
https://github.com/hahwul/WebHackersWeapons
@geekcode #github
GitHub
GitHub - hahwul/WebHackersWeapons: ⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy…
⚔️ Web Hacker's Weapons / A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting - hahwul/WebHackersWeapons
Forwarded from GeekCode
Best Tools to protect your online privacy these days
Privacy should be the top priority of anyone doing their business online, especially on Telegram , Darknet
Most of you may know many of the tools mentioned in this post but I feel compiling a good list never hurts
Step 1 - VPN
Staying anonymous should be a second nature to everyone online. You can use free/paid software for that.
One should look for a VPN that does not keep logs and even the country they are based from is also know for pro-privacy rules.
Top free software:
TOR/TAILS
Your own proxy/vpn setup using linux scripts and VPS
Top paid VPN software:
iPredator (Sweden)
Mullvad (Sweden)
ProtonVPN (Switzerland)
ExpressVPN (British Virgin Islands)
NordVPN (Panama) - LQ but adding it
Step 2 - Emails
Use email providers that protect user privacy and also have encryption methods implemented in their mail system.
You can use any of the above emails to register on forums, buy subscriptions and even for personal use irl to protect your privacy:
Protonmail.com
Tutanota.com
Yandex.com
Posteo.de
Mailfence
Hushmail
Step 3 - Payments
Always try to use cryptocurrencies for payments, as much as you can. One should even consider using XMR (Monero) as it is completely anonymous and there is no public track on its blockchain. Howeven, If you use standard crypto, make sure you use a desktop version wallet and have taken a privacy steps first so you actually use it without exposing your real IP.
Step 4 - Purchasing Domains / Hosting
Njal.la is your best bet for domain registry. They use their own information to register the domain name for you. Fees are high, but worth every single cent when you view at this at the long term .
Best domain extensions for privacy:
Avoid using .com / .net / .org etc common domain extensions. Always try to use domain extensions from islands nations that are not covered by most digital worldwide laws.
Some examples include .is, .gd, .la
More info on domain extensions can be found on wikipedia here
Additional Pointers
1) Always get WHOIS privacy even if you'll have to pay extra for it
2) Use a sandbox / rdp to test any program and always scan (can use virustotal) and keep your system clean of malwares. Malwarebytes is a must and keys are not that expensive
3) It never hurts to use Virustotal to scan any programs etc for all kinds of stuff people jack in them
@geekcode
Privacy should be the top priority of anyone doing their business online, especially on Telegram , Darknet
Most of you may know many of the tools mentioned in this post but I feel compiling a good list never hurts
Step 1 - VPN
Staying anonymous should be a second nature to everyone online. You can use free/paid software for that.
One should look for a VPN that does not keep logs and even the country they are based from is also know for pro-privacy rules.
Top free software:
TOR/TAILS
Your own proxy/vpn setup using linux scripts and VPS
Top paid VPN software:
iPredator (Sweden)
Mullvad (Sweden)
ProtonVPN (Switzerland)
ExpressVPN (British Virgin Islands)
NordVPN (Panama) - LQ but adding it
Step 2 - Emails
Use email providers that protect user privacy and also have encryption methods implemented in their mail system.
You can use any of the above emails to register on forums, buy subscriptions and even for personal use irl to protect your privacy:
Protonmail.com
Tutanota.com
Yandex.com
Posteo.de
Mailfence
Hushmail
Step 3 - Payments
Always try to use cryptocurrencies for payments, as much as you can. One should even consider using XMR (Monero) as it is completely anonymous and there is no public track on its blockchain. Howeven, If you use standard crypto, make sure you use a desktop version wallet and have taken a privacy steps first so you actually use it without exposing your real IP.
Step 4 - Purchasing Domains / Hosting
Njal.la is your best bet for domain registry. They use their own information to register the domain name for you. Fees are high, but worth every single cent when you view at this at the long term .
Best domain extensions for privacy:
Avoid using .com / .net / .org etc common domain extensions. Always try to use domain extensions from islands nations that are not covered by most digital worldwide laws.
Some examples include .is, .gd, .la
More info on domain extensions can be found on wikipedia here
Additional Pointers
1) Always get WHOIS privacy even if you'll have to pay extra for it
2) Use a sandbox / rdp to test any program and always scan (can use virustotal) and keep your system clean of malwares. Malwarebytes is a must and keys are not that expensive
3) It never hurts to use Virustotal to scan any programs etc for all kinds of stuff people jack in them
@geekcode
👍2❤1
Two Factor Authentication Bypass On Facebook
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
@geekcode
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
@geekcode
Medium
Two Factor Authentication Bypass On Facebook
Summary: I discovered the lack of rate-limiting issue in instagram which could have allowed an attacker to bypass two factor authentication…
👍1
ChatGPT - for RedTeam and BlueTeam
Good article with good examples
Read OpenAI ChatGPT for Cyber Security
If there is no OpenAI account, you can try your hand at our bot
#openAI
@geekcode
Good article with good examples
Read OpenAI ChatGPT for Cyber Security
If there is no OpenAI account, you can try your hand at our bot
#openAI
@geekcode
Android Pentest 101
A list of Android Security materials and resources for pentesters and bug hunters
https://github.com/dn0m1n8tor/AndroidPentest101
@geekcode
A list of Android Security materials and resources for pentesters and bug hunters
https://github.com/dn0m1n8tor/AndroidPentest101
@geekcode
GitHub
GitHub - dn0m1n8tor/AndroidPentest101: The motive to build this repo is to help beginner to start learn Android Pentesting by providing…
The motive to build this repo is to help beginner to start learn Android Pentesting by providing a roadmap. - dn0m1n8tor/AndroidPentest101
How to avoid phishing attacks😈
📌Block known bad websites. Malwarebytes DNS filtering blocks malicious websites used for phishing attacks, as well as websites used to spread or control malware.
📌Don't take things at face value. Phishing attacks often seem to come from people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
📌Take action. If you receive a phishing attempt at work, report it to your IT or security team. I you fall for a phish, make your data useless: If you entered a password, change it, if you entered credit card details, cancel the card.
📌Use a password manager. Password managers can create, remember, and fill in passwords for you. They protect you against phishing because they won't enter your credentials into a fake site.
📌Use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Don't forget to share & support us ❤️
@geekcode 😈
📌Block known bad websites. Malwarebytes DNS filtering blocks malicious websites used for phishing attacks, as well as websites used to spread or control malware.
📌Don't take things at face value. Phishing attacks often seem to come from people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
📌Take action. If you receive a phishing attempt at work, report it to your IT or security team. I you fall for a phish, make your data useless: If you entered a password, change it, if you entered credit card details, cancel the card.
📌Use a password manager. Password managers can create, remember, and fill in passwords for you. They protect you against phishing because they won't enter your credentials into a fake site.
📌Use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Don't forget to share & support us ❤️
@geekcode 😈
👍1
Kali Linux 2023 Purple Distro for defensive security 💜🥳
Details :
https://www.bleepingcomputer.com/news/security/kali-linux-20231-introduces-purple-distro-for-defensive-security/
@geekcode ❤️
Details :
https://www.bleepingcomputer.com/news/security/kali-linux-20231-introduces-purple-distro-for-defensive-security/
@geekcode ❤️
BleepingComputer
Kali Linux 2023.1 introduces 'Purple' distro for defensive security
Offensive Security has released Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security.
Cloud Hacking: Common Attacks & Vulnerabilities
https://www.youtube.com/watch?v=d6QYhkzUQZ8
@geekcode 😈
https://www.youtube.com/watch?v=d6QYhkzUQZ8
@geekcode 😈
YouTube
Cloud Hacking: Common Attacks & Vulnerabilities
Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free $100 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on…
Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
https://twitch.tv/nahamsec
Free $100 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
Follow me on…
👍1