1. AhMyth Android RAT

The Remote Access Tool that can be used to remotely take complete control of another Android device.

Install it entering this command on the terminal:
git clone https://github.com/AhMyth/AhMyth-Android-RAT.git

This will only work if you already have the package "git" installed, if you don't, install it using pkg install git or apt-get install git, then try again.

2. Weeman

This tool can be used to create phishing (fake login) pages of websites. When you send the link to the fake page to your victim, and their enter their login credentials, their login and password will be sent to you.

Install "python" or "python2" first: pkg install python or pkg install python2, you can use apt-get as well, it works just as good as pkg

Now install weeman by cloning the github repository:
git clone https://github.com/evait-security/weeman

3. Metasploit

Remember when we hacked Facebook using Kali, and we used metasploit? Well, it's the same here, except this has been ported to Android.

Installing metasploit is a bit trickier than most packages, it requires a whole new tutorial of itself, but we'll use the easy method, cloning the git repo, metasploit is a big archive so you need at least 4GB free space and a fast, stable internet connection:

• Clone the github repo > git clone https://github.com/verluchie/termux-metasploit

• Get into the directory
cd termux-metasploit

• Give the required permissions for "install.sh"
chmod 777 install.sh

• Install it
sh install.sh

• After the installation, run metasploit
msfconsole

4. Hydra

This is a network login cracker and password bruteforcer. Supports multiple protocols and custom wordlists.

pkg install hydra

5. Nmap

Utility for network discovery and security auditing.

pkg install nmap

These are my top 5 picks. There are others too, but these work best. I'll provide in-depth tutorials for each one of these tools soon.

Contact me in case you have questions or know a package that you think deserves to be on this list.

💢 WhatsApp Group Chats Can Easily Be Infiltrated

ℹ️A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.

Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.

The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service. 


In other words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.

However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.

Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.

As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.

That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.

As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat. 


What's more? If you are wondering that adding a new member to the group will show a visual notification to other members, it is not the case.

According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.

"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads. 

"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."

WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.

"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired. 

"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.

Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrat

​​Have a Telegram channel📢, group💬 or bot🤖 you want to get more followers👥 to? Or maybe it's your brand new YouTube channel, Instagram or Twitter fanpage?

👍I got you covered, I'll advertise your products on my Telegram platforms for a very affordable price and make sure you reach that target you set. Gather loads of views, visits, likes, follows or subs depending on your advert.

💰I accept payments via PayPal, Bitcoin, Etherium or M-Pesa💵

Simply contact me on Telegram or on any of my social media handles for pricing and advertising.

Special NEW YEAR deal for regular clients: Get upto 25% off an advertising package!!

- @romL3N #RLad

How to set socks in Mozilla Firefox 
Run firefox  Go to Options  Advanced
setting  Network 
Now the screen will pop up various options
like : 1. No proxy; 2.Auto Detect; 3.Use system
proxy; 4. Manual proxy configuration.
You mark 4. Manual proxy configuration. Now
type in socks host IP you have, example Socks
Host: 141.0.8.24 Port: 1080
Press ok and restart firefox. Now you are
connected to secure socks5..
When you buy SOCKS always match with card
holder address.
Ex. If CC holder from Delhi,India then u also
buy socks with same address. Atleast
matching State, Country

Where is Elon Musk's Tesla Roadster?

On February 6th, 2018, at 2045 UTC, the first Falcon Heavy was launched into space. It contained a very special payload, a Tesla Roadster with Starman. But where is the car?

The current location is about 2100 miles away from Earth. The car was launched into space to orbit into Mars' path.

To track it, visit their aptly named website, whereisroadster.com

Jumia Kenya is offering huge discounts and deals on smartphones. Checking out the best phones under Ksh 10,000 and stand a chance to win massive prizes.

https://goo.gl/jgkhgs

Summary of the cryptocurrency news.

Summary of last week of various news and developments related to cryptocurrencies.

➣ New developments:

Santander uses Ripple technology to launch a blockchain payment app

Spanish banking giant Banco Santander recently used Ripple's xCurrent to launch a blockchain-based payment app called "One Pay FX". Reportedly, Santander is now the first bank to implement a blockchain-based international payment service to retail customers in multiple countries simultaneously. The app is available in Spain, Brazil, Poland and the United Kingdom. In the future it will be distributed in other countries. Through a press release, the executive president of the financial institution Ana Botin said:

• "One Pay FX uses blockchain-based technology to provide a fast, simple and secure way to transfer money internationally - offering value, transparency and trust and services that customers expect from a bank like Santander. customers in the UK can use One Pay to transfer money to Europe and the US In Spain, customers can move to the United Kingdom and the United States, while customers in Brazil and Poland can move to the UK. "

➣ World affairs:

Venezuela claims that the ban on Petro di Trump has doubled the number of interested investors

According to reports, the executive secretary of Venezuela's Blockchain Observatory, Daniel Peña, said in an interview that the US Petro (PTR) ban Donald Trump, excluding US citizens and residents from the purchase of cryptocurrency supported by oil, it was actually advantageous as it doubled the number of buyers trying to buy it. Peña implied that if an important person like Trump spent his time dealing with the Petro, it just meant that the country was going in the right direction by throwing it.

According to his words, Venezuela had more or less 400 customers trying to buy the cryptocurrency supported by oil a day before the ban on Petro di Trump. After the ban, the number doubled to 800.

➣ Financial:

Bitcoin at $ 8.046, the market starts to recover

Last week the cryptocurrency market recovered and Bitcoin rose to $ 1,000 in about 30 minutes. The flagship criptovaluta has therefore surprisingly maintained its earnings and managed to remain around $ 8,000. Bitcoin was trading at $ 8.046 last week, while its market capitalization is $ 132 billion.
@TechByte

Techbyte
Arrested 26-year-old carder in Cagliari

On the day of 13/04/2018 the young 26 year-old from Cagliari was caught in fragrant during the delivery of his last order purchased with a cloned card. The scammer had cloned a credit card held by a company based in the province of Turin and used it to make several online purchases of fairly expensive products including Rolex.

The 26-year-old specialized in computer intrusion, stolen and fraud and worked for several years in the sector with illicit profits that reached almost 50 thousand euros. He cloned credit cards in his home and then used them to make online purchases and cryptovalute which he used to use the illegal services of the deep web. He also bought some Rolex models in the darknet.

The carabinieri of Cagliari Villanova after a complex investigation and a long period of activity of information and observation of the subject have discovered that the scammer was making several purchases in both clearnet and darknet with a card that had cloned to a joint stock company in Turin.

The young man had the products he purchased purchased from a courier directly at home

The Agents intervened during the delivery of the last package, surprising the man and identifying him. From the home and personal search, the electronic computer equipment used, as admitted by the same, emerged to complete its illicit traffic on the web. In the house of the boy were also found the different products that he bought including a Rolex Oystedate worth almost 2000 euros.

"The damage in this case is 5000 euros if we consider the cloned paper. However, the subject has been operating for years in the sector with illicit profits that reach € 50 thousand. He is a card cloning specialist who then uses to buy cryptocurrencies and online products. He also bought some products from illegal deepweb services using cryptocurrencies that he bought with stolen cards.
@Techbyte

Bitcoin web wallet addresses generated with a vulnerable library are exposed to brute-force attacks

Multiple vulnerabilities in the SecureRandom () function expose Bitcoin wallet web addresses generated by a library vulnerable to brute-force attacks.

The old Bitcoin Web portfolio addresses generated by browsers or JavaScript-based applications could be affected by a cryptographic vulnerability that could be exploited by attackers to steal funds.

According to experts, the famous JavaScript library SecureRandom () is not secure, this means that an attacker can launch brute-force attacks against private keys.

The flaw concerns the JavaScript SecureRandom () function that is used to generate a random Bitcoin address and its corresponding private key.

"It generates cryptographic keys that, despite their length, have less than 48 bits of entropy, [...] so its output will have no more than 48 bits of entropy even if its seed has more," he said. system administrator David Gerard.

"SecureRandom () then uses the number that gets through the obsolete RC4 algorithm, which is known to be more predictable than it should be, ie it has less bit of entropy," added Gerard. "So the key is predictable".

Gerard concluded that all Bitcoin addresses generated with the SecureRandom () function are vulnerable to brute force attacks.

"The conclusion seems to be that at least all the portfolios generated by JavaScript tools within browsers are affected by the weakness of Math.random, the vulnerability Math.random or RC4 (Chrome) between 2011 and 2013, and the weakness of RC4 for Chrome users until the end of 2015, "Gerard continues.

Gerard explained that several web-based applications or clients have used the SecureRandom () function. The expert said that all Bitcoin addresses possibly affected are:
BitAddress before 2013;
bitcoinjs before 2014;
current software using old repositories found on Github.

A user has launched the same warning in the Linux Foundation mailing list:
"A significant number of past and present cryptocurrency products contains a JavaScript class called SecureRandom (), which contains both a collection of entropy and a PRNG. The entropy collection and the same RNG are both deficient to the point that the key can be recovered from third parties with an average complexity ", reads the notice.

Researcher Mustafa Al-Bassam added that several older web-based implementations and client-side Bitcoin wallet applications have exploited the jsbn.js cryptographic library to generate Bitcoin addresses. Unfortunately, the jsbn.js cryptographic library used the SecureRandom () function, which means that the private keys of Bitcoin addresses have been exposed to attacks.

"I think the disclosure of the vulnerability refers to a pre-2013 version of jsbn, a library of JavaScript encryption," added Al-Bassam.

In any case, if you use a Bitcoin wallet address generated with tools that use vulnerable functions, you must generate a new Bitcoin address and transfer the funds to the new address.
Join us-@TechByte

Tutorial: XMPP / Jabber OTR

In this article we will discuss how to chat securely and securely using the XMPP / Jabber messaging protocol.
XMPP (Extensible Messaging and Presence Protocol) (formerly known as Jabber) is a set of open source instant messaging protocols. XMPP-based software is popular on thousands of servers on the Internet.

To start using XMPP the first thing to download is the XMPP client called Pidgin. Once downloaded, proceed with the installation until completion.

Now it is necessary to install OTR (Off-the-Record Messaging). OTR is a cryptographic protocol that provides end-to-end encryption to instant messaging conversations. The OTR plugin for Pidgin can be downloaded from https://otr.cypherpunks.ca
Make sure the Pidgin application is closed before installing OTR.

The first thing we have to do is make the OTR plugin active in Pidgin. To do this, open Pidgin, click on "Tools", select "Plugin" and click on the box next to "Off-the-Record Messaging".

Once we're done with this, we can enter the details of our XMPP account and start chatting, or create a new account.
For example, we will create a new account with the https://xmpp.dk service. You can register directly through Pidgin.

To create a new account you need to go to account -> manage accounts -> add.
The first step in registering from the client will be to select XMPP as the protocol and enter the username, password and domain. The username and password will be your choice, but the domain in this case will be xmpp.dk. The "Resource" box must be left blank. Then check the "Create this new account on server" box at the bottom of the window. Username and password will be requested again.

The next step to increase anonymity will be to set up Tor as a SOCKS5 proxy, so that not only will messages be encrypted with OTR, but all traffic will be encrypted with Tor. To do so, click on the "Proxy" tab when creating the account and set "Host" and "Port" accordingly. Make sure that Tor is also running, otherwise connection errors will occur.

If you get an error, do not worry. Sometimes there is an error with the server and you will need to register directly on the website of the XMPP host you are using.

Once you've done all this, you need to add a new contact to chat with another user. All you have to do is click on "contacts" -> "add contact" and enter the username of the user with whom you want to chat.
@TechByte

❗️❗️ATTENTION MEMBERS ❗️❗️

DO NOT LOG IN TO myetherwallet to access your coins using your private key or Json + password.

Their DNS was compromised by hackers. If you haven't logged in the last 4 hours, your coins will be there. If you want to check to make sure, just look up your Eth address instead of logging in.
Credit for Alt coin Signal

3 Cashout Method Carders Should Know
Set up a real Paypal account using your real a credit card (Verified).
Get an anonymous SIM card.
Register yourself to liqpay.
From Paypal account create a donation button.
Using CC's deposit some money using the donation button. ( ...
Now buy bitcoins using the PayPal card by liqpay.
Transfer your money to your BTC address.

HOW TO BYPASS PAYMENT ERRORS // SENDING AND RECEIVING



WE CAN’T SEND YOUR PAYMENT RIGHT NOW



To everyone who uses PayPal, you know how frustrating this is. Be it you’re a legitimate user or just someone who wants to cashout big dirty funds. We all know that, if you contact PayPal either by phone or email. You will get the same response. They don’t know what/ how this is triggered because it’s automatically denied by their system.

This could mean a lot of things. I have done quite a lot of research on this. I’ve done this on accounts on different countries with different accounts types. Person, Premier, Business, Verified, Non-Verified, etc. Unfortunately, this error will always occur no matter if you earn $1M/day with PayPal or not. This will always happen. PayPal is doing its best to avoid high-risk transaction because they are greedy. They don’t want to lose money, if anything they want to take your money away. However, the most common factor that triggers this error is when you move the funds too fast. Let’s say you receive funds today, when you try to send it right away, most likely you’ll get this error. Other reasons are when you send money to someone relatively new. Let’s say the account is from the US, most of the time you send your funds to other US-based accounts as well. Now, PayPal will find it suspicious that you will send a payment to a guy in Uganda. So, to prevent this, try to have the same pattern of sending payments. Goods/ Services to the same country PayPal account. You get the point.

I have gathered quite a bit of information on how to bypass this without having to call PayPal (which is our last resort). So, first thing’s first, there are 3 ways to approach PayPal payment sending.

You use their website on your desktop
You use their website on your desktop with a different user agent. (Use user agent switcher on Mozilla)
You use their mobile application. (This is different than #2 because you’re using their gateway which is used in their PayPal Phone app.). This has the most success rate out of all 3.
Also, try to regularly exercise the following operations to have better success on sending funds:

Clean your stuff. Use CCleaner clean each option (unless you have something you don’t want to be deleted). And then Bleachbit after CCleaner to make sure everything is clean.
If you have a bank account or a credit/debit card attached to your account, try to remove them and then add them again. And then send afterwards.
Try to utilized some of PayPal’s features. You can send an invoice to the account you want the money from or you can setup a Donation/ Buy Now button and have them pay there. Also, you can use third party payment processors like GoFundMe/ FundRazr and such.
Try not to send $1000 right away. Instead, do 5 increments of $200.
If you have tried the 3 steps of sending (Points #1, #2 and #3) and still failed. Try to use different browsers, if you use Mozilla, try Chrome/ IE
PayPal will do automated fraud check on each and every account, if yours do not pass, then you can’t send the payment. However, if you are cleared, then you will have no problems with them. However, since this is automated, I can’t find out what their looking at in each account to flag it or not. One of the easiest ways for this to let the funds site. This way, you act like a regular user and your activity is not that suspicious. Always remember, PayPal doesn’t want to lose money. So, you must think of ways on how to make them think you are not trying to steal from them.
The last resort for this is to call them and verify your information with them. If you run a business on group, you must give them the papers. If you run a business on a group, you must give them the papers. If you run a business as an individual, then you must provide them the documents needed to verify your information. This works most of the time but I always avoid doing this.
Try to use your account on a different user, use it on VPS/RDP, or you use a VPN, try to get dedicated IP just for that account.
If the receiver’s primary currency is dollar,

try to send the payment as dollar. Or at least make your primary currency to dollar and then try to send again.
Check your account. All accounts have their own sending/ receiving limits unless you have verified your account to a certain level. Most countries only requires you to verify the account to lift those limits.
IP Address. Try to use the same IP Address you use for your transaction. It’s best that you have 1 dedicated static IP Address per account
If I want to send you a code to your mobile phone, make sure you are not using free ones available in the internet. Use a burner phone, that way you are receiving from non-blacklisted #.
Make a payment while you are on the phone with PayPal. I have done this once before and I was successful. If you are still getting that error, call PayPal, explain to them what you want and where the money is going. They adjust certain “patterns” in your account for you to be able to send money again.
Join Us @TechByte
Contact us @anonyguy
@roml3n

PAYPAL RECEIVING PROBLEM + SOLUTIONS



Everyone who uses PayPal will eventually come to a time where they can’t accept payments from their customers. However, this is quite rare if the receiving PayPal account is in perfect standing.

First thing to make sure you have a good account is to turn your account into a Business type account. This is easy and doesn’t require anything to upgrade from personal/ Premier. However, there are pros and cons in everything. With a business account, PayPal will ask you about the nature of your business, some invoices, your business income etc. But let me tell you, once your account has been limited and you provided all the information they need, this account can receive a lot of cash and can delay chargebacks, PayPal protects people who use them in their business. For example, www.gyft.com is a big gift card site. When people try to dispute, most of the time they win because they are big and established financial institution.

If your business account has a credit/ debit card linked to it, this how to optimize your account to receive payments from credit/ debit cards:

Login to your account
Click on profile
Click on My Selling Tools on the left side of the screen
Look for the option called “Web Preference” and then click update
You can see a feature called “PaypPal Account Optional” make sure it’s ON!
Save
NOTE: In some countries, even with a Business account, PayPal will require your customers to pay using PayPal account. To confirm this, please contact PayPal support team.



If your customers can’t send payment to your account even though your account is in perfect standing, the problem is on their side now: THE CARD YOU ENTERED CANNOT BE USED FOR THIS PAYMENT/ WE CAN’T SEND YOUR PAYMENT RIGHT NOW

The card used has exceeded PayPal’s guest checkout limit which is $4000
The card used has exceeded PayPal’s guest checkout limit of 15 times
The card used for the payment is attached to a PayPal account
The card has been previously used on a fraudulent transaction in PayPal
The payment was done on blacklisted IP in PayPal
The card has insufficient funds
The card’s bank has restricted it to make a payment on PayPal
The card’s bank has restricted the card to be used on online purchases
The card has been reported as lost/stolen
The card’s bank requires further verification and authorization to proceed on the final payment
The email address used raises red flags in PayPal
@TECHByte