#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--

#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.

The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.

#Link:-

https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/


#Google Confirms #Critical #Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat:--

#CVE-2019-2232 has been rated as the most severe of three critical #vulnerabilities addressed in the #December Android #Security #Bulletin. The official #NIST National Vulnerability #Database description of the vulnerability says that improper input validation in the "handleRun of TextLine.java" could create a "possible application crash." In other words, a maliciously-crafted message could cause a denial of service to your Android device. A permanent denial of service attack that could effectively kibosh your #smartphone. "User interaction is not needed for exploitation," the description continues, and the remote denial of service attack needs "no additional execution #privileges," for good measure.

The vulnerability applies to Android 8.0, Android 8.1, Android 9 and Android 10 versions.

#Link:-

https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/

Photos from National Cyber Security Services's post


Searpy:-- #Search #Engine #Toolkit.

Batch search tool for #acquisition during #infiltration.

search engine:-
1. #Shodan
2. #Fofa
3. #Zoomeye
4. #Google
5. #Baidu
6. #Bing
7. 360so
8. goo

#Usage:-

python Searpy.py --fofa -s "app:jboss" -p 1
python Searpy.py --shodan -s "weblogic" -l 10
python Searpy.py --google -s "inurl:login.action" -p 1

#Download #Link:-

https://github.com/j3ers3/Searpy

Flynet:-- A #powerful #TCP/ #UDP tool, which support #socks5 proxy by tcp and udp, #http #proxy and #NAT traversal. This tool can help you #bypass #gfw easily.

#flynet Is a command-line tool written in #Golang language, currently supported features include：

1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal

#Download #Link:-

https://github.com/asche910/flynet


Flynet:-- A #powerful #TCP/ #UDP tool, which support #socks5 proxy by tcp and udp, #http #proxy and #NAT traversal. This tool can help you #bypass #gfw easily.

#flynet Is a command-line tool written in #Golang language, currently supported features include：

1. Http proxy
2. Local Socks5 proxy
3. C/S mode of Socks5 proxy by TCP
4. C/S mode of Socks5 proxy by UDP
5. NAT traversal

#Download #Link:-

https://github.com/asche910/flynet

Photos from National Cyber Security Services's post


Android-Security-Evaluation-Environment:-- An #emulated, disposable, efficient #Android #pentesting and #security evaluation #environment.

Creating a #penetration #testing environment using Android Studio: Android #Virtual #Devices (#AVD)

#Downlaod #Link:-

https://github.com/TheSeanis/Android-Security-Evaluation-Environment

#ImgBackdoor:-- #Hide your #payload into .jpg file.

This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.

This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.

All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.

#Download #Link:-

https://github.com/kennedy69/ImgBackdoor


#ImgBackdoor:-- #Hide your #payload into .jpg file.

This #module takes one existing image.jpg and one payload.ps1 (input by the user) and
builds a new payload (agent.jpg.exe) that if executed it will trigger the download of
the 2 previous files stored into apache2 (image.jpg + payload.ps1) and execute them.

This module also changes the agent.exe Icon to match one file.jpg Then uses the spoof
'Hide #extensions for known file types' method to hide the agent.exe extension.

All payloads (user input) will be downloaded from our #apache2 #webserver
and #executed into target #RAM. The only extension (payload input by the user)
that requires to write the payload to disk are .exe binaries.

#Download #Link:-

https://github.com/kennedy69/ImgBackdoor

Photos from National Cyber Security Services's post


CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.

This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.

#Download #Link:-

https://github.com/noperator/CVE-2019-18935

Assembly:-- A #modern front-end #development #framework for UI-friendly rapid #prototyping.

#Download #Link:-

https://github.com/Kuipr/Assembly


Assembly:-- A #modern front-end #development #framework for UI-friendly rapid #prototyping.

#Download #Link:-

https://github.com/Kuipr/Assembly

wallet-core:-- Cross-platform, cross-blockchain #wallet library.

Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).

#Download #Link:-

https://github.com/trustwallet/wallet-core


wallet-core:-- Cross-platform, cross-blockchain #wallet library.

Trust Wallet Core is a cross-platform library that implements low-level #cryptographic wallet functionality for all supported #blockchains. Most of the code is C++ with a set of strict exported C interfaces. The library provides idiomatic interfaces for all supported #languages (currently #Swift for #iOS and #Java for #Android).

#Download #Link:-

https://github.com/trustwallet/wallet-core

ننوه أننا فقدنا امكانية الوصول الى القنوات التالية
مما يعني أننا لن نتمكن من نشر المزيد من الشروحات على قنواتنا التالية ...
@Black_hat_islamic
@Termuxx
@Anonymous_ARAB
@CEH_44
@termuux
@Spider_Team1

للإستمرار بمتابعة شروحاتنا يرجى الاشتراك في ....

@CEH_33
@Programmer_Tech
@PythonP
@Java_AR
@hackersoa
@hackerlibrary
@mr_lunixes

Mr Robot--------مسلسل
Season 1-------الجزء الاول
حصريا علي
@mr_lunixes

لا تنشر بدون ذكر المصدر