3⃣ Application Layer DDoS Attacks:

This category of attack targets specific vulnerabilities in the targeted system's Layer 7
(Application Layer) network protocol stack, such as a web server or a database.

》This type of attack aims to disrupt the normal function of the targeted system by sending a high volume of requests to specific application functions or features. Application Layer attacks are sophisticated and challenging to identify and mitigate, as they often appear
as legitimate requests, and security measures such as firewalls may not be able to
help distinguish them from genuine traffic

🦑Incident Response Steps
If your organisation is a victim of a DoS or DDoS attack, the following steps may assist in containment, remediation, and system recovery:

Step 1: Identify the Attack

• Verify that the suspicious traffic is indeed a DDoS attack by checking system logs and network traffic data

o Ensure that the loss of service is not due to other factors such as an internal server fault, or an Internet/Cloud Service Provider outage

o Check if the organisation is expecting a large volume of traffic (i.e. New dervice or product launch, time-limited promotions, etc.)

• Identify the critical assets such as servers and databases that are being targeted by the attack

o Obtain the IP addresses of the systems being targeted

o Obtain the network diagram for the targeted systems

o Identify the services that the system provides (i.e. Web Server, DNS, Mail Server, etc.)

• Identify the type of DDoS attack (Volumetric, Amplification, Syn Flood, Protocol, etc.)

o Get more details on the malicious packets (OSI layer, Destination Port Number, Communication Protocol, etc.

Step 2: Contain the Attack
1. Identify the exploited service or port. Disable the service or close the port if not essential.
Command:

   sudo ufw deny <port_number>
   sudo systemctl stop <service_name>
   

2. Retrieve and block the IP addresses of incoming malicious packets.
Command:

   sudo iptables -A INPUT -s <malicious_IP> -j DROP
   

3. Enable rate-limiting to restrict packet frequency from single IPs.
Command:

   sudo iptables -A INPUT -p tcp --dport <port> -m limit --limit 10/second --limit-burst 20 -j ACCEPT
   

Step 3: Acquire Forensic Evidence for Root Cause Analysis
1. Collect network traffic logs from firewalls, routers, and switches.
Command:

   sudo tcpdump -i <interface> -w /path/to/log/file.pcap
   

2. Export system logs for anomaly analysis.
Command:

   sudo journalctl > /path/to/system/logs.log
   

3. Capture packet data for payload analysis.
Command:

   sudo tcpdump -i <interface> host <malicious_IP> -w /path/to/packets.pcap
   

Step 4: Harden Your Systems
1. Set up a Web Application Firewall (WAF).
Command:

   sudo apt-get install modsecurity-crs
   

2. Block known malicious IP ranges.
Command:

   sudo ipset create blacklist hash:ip
   sudo ipset add blacklist <malicious_IP>
   sudo iptables -I INPUT -m set --match-set blacklist src -j DROP
   

3. Update software and apply security patches.
Command:

   sudo apt update && sudo apt upgrade -y

🦑Set of custom CVE (Common Vulnerabilities and Exposures) commands to help assess, mitigate, and secure your systems against vulnerabilities:

1. Check CVE Database for Known Vulnerabilities
Command:
Search for CVEs affecting your system or software versions.

searchsploit <software_name> <version>

For example:

searchsploit apache 2.4.57

2. Verify CVE Impact on the System
Command:
Match installed software with known vulnerabilities.

dpkg -l | grep <software_name>

For CentOS/RHEL:

rpm -qa | grep <software_name>

3. Mitigate Vulnerabilities
A. Update Affected Software
Command:

sudo apt update && sudo apt install --only-upgrade <package_name>

For RHEL-based systems:

sudo yum update <package_name>

B. Disable Vulnerable Services
Command:

sudo systemctl stop <service_name>
sudo systemctl disable <service_name>

C. Patch the Vulnerability (Manual Fix)
Apply a specific patch from the CVE database.
Command:

wget <patch_url>
sudo patch -p1 < <patch_file>

4. Monitor Vulnerability Exploits

A. Scan System for CVE Exploits
Install and run a CVE scanner like Lynis or OpenVAS.
Command:

sudo apt install lynis
sudo lynis audit system

B. Block Exploit Attempts
Dynamically block IPs attempting exploits.
Command:

sudo fail2ban-client set <jail_name> addignoreip <malicious_IP>

5. Harden Against Future CVEs
A. Enable Automatic Updates
Command:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

B. Apply Kernel Live Patches
For Ubuntu:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable <token>

C. Use Firewall Rules to Limit Exploitation
Command:

sudo ufw allow from <trusted_IP> to any port <port_number>
sudo ufw deny <vulnerable_port>

6. Research Specific CVE Details
Command:
Fetch CVE descriptions, impacts, and fixes.

curl -s https://cve.circl.lu/api/cve/<CVE-ID>

For example:

curl -s https://cve.circl.lu/api/cve/CVE-2024-12345

These commands should give you a proactive way to address CVEs while improving your overall cybersecurity posture! Let me know if you'd like adjustments or advanced automation.

🦑Roblox user support method leaked 2024:

MADE BY @iska / ROBLOX @dab4dy

Make a account like TheoWorkhmassetwitch, TheoWorkhmasset, MatheoWorkhmasset ( add numbers like this MatheoWorkhmasset83 or TheoWorkhmasset26 with numbers for be credible, )
Put a email on the account
Join my group ( https://www.roblox.com/groups/33647974/Croix-Rouge#!/about ) and past "@terrorism is bad it should stop rip to everyone who died" ( PAST AND REPAST LIKE 3X )
Report yourself for Innapropriate Language and Bullying harassment 10+
Wait to your account got banned for get "roblox _ user __"
And now go to the support roblox (https://www.roblox.com/support)
Description of issue

Hello Roblox Support,

I trust this message finds you well. I'm reaching out to address the suspension of my account due to an inappropriate username. I want to clarify that my account has no connection to terrorism or extremism. The inclusion of the term "hmasset" was unintentional, and I was unaware of it. It was not my intention to use such a term.

I'm disappointed that my account was banned for expressing opposition to terrorism. It seems contradictory that advocating for peace and condemning terrorism is not welcomed on the platform. This creates concerns about the platform potentially endorsing violence.

I kindly request a reconsideration and the removal of the ban on my account. I genuinely hope you understand the unintentional mistake with my username.

...(your name)

This works regardless of the "IPS VERIFY" shit he was talking about. That doesn't exist.

Source: Pastebin🤠

🦑your go-to list for mastering ceh certifications with comprehensive notes and guides:

🔗 OSCP-PWK Notes
• https://lnkd.in/g6FxfX8E
• https://lnkd.in/ghgucHas
• https://lnkd.in/gJa76GPK
• https://lnkd.in/g6MM6XCk

🔗 AWAE-OSWE Notes
• https://lnkd.in/g2ryHz3e
• https://lnkd.in/gYaMjxQa
• https://lnkd.in/gXfgMii5

🔗 OSWP Notes
• https://lnkd.in/gEfuSCS6
• https://lnkd.in/g8NeRaFD
• https://lnkd.in/gVfCCtZa

🔗 OSED Notes
• https://lnkd.in/g7R-Xpd7
• https://lnkd.in/gTErMaG7

🔗 OSEP Notes
• https://lnkd.in/gx2QYYiq
• https://lnkd.in/gicUKZKy

🔗 OSWA Notes
• https://lnkd.in/gkEXePVN
• https://lnkd.in/gjUqBDH3

🔗 OffSec Reporting
• https://lnkd.in/gW-5NiUw

Thank you Semih Tüfekçi 👏

Chrome Extensions for Bug Bounty

LoL

🦑ARP vulnerabilities:

Address Resolution Protocol (ARP) was designed when network security was underdeveloped.

Therefore the protocol is clear text with no embedded security. It does not validate ARP packets and even accepts ARP Responses even if an ARP Request has never been sent out. By default, no mechanism validates whether a rouge host sends malicious ARP messages or intercepts and alters ARP Requests/Replies. Several well-known attacks use the same process called ARP spoofing. The ultimate goal of the attackers is to get in the data path, as shown in, and steal private data.

🦑Top 1300+ hacking gadgets to watch for in 2024:

https://pastebin.com/jsi747Uk

🦑 AI-Chat-App-Hack-Vision integrating GPT-4 and Vision:

Overview
This project combines GPT-4 with Vision Studio using Azure services. It uses the sample nature dataset from Vision Studio and is inspired by the [Azure Search OpenAI Demo](https://github.com/Azure/azure-search-openai-demo).

Requirements

Azure Account
1. Azure Free Account: Sign up for free Azure credits.
2. Permissions:
- Role-Based Access Control (RBAC):
- Microsoft.Authorization/roleAssignments/write permissions.
- Subscription or resource group access is mandatory.
- Azure OpenAI Access:
- Request access via [this form](https://aka.ms/oai/access).

Local Environment
1. Tools:
- Azure Developer CLI
- Python 3.9–3.11 (ensure python --version works).
- Node.js 14+
- Git
- PowerShell 7+ (Windows only).

2. Setup:
- Install dependencies.
- Ensure Python and PowerShell paths are configured.



Azure Deployment

Steps
1. Prepare Local Code:
- Create a folder and navigate to it in your terminal.
- Authenticate: azd auth login.
- Initialize project:
azd init -t https://github.com/mattgotteiner/AI-Chat-App-Hack-Vision.

2. Deploy Resources:
- Run azd up to provision and deploy all resources.
- Monitor for costs! Stop unused resources to avoid charges:
- azd down or delete resources manually.
- After deployment, access the app via the provided URL.

Deployment Details
- Resources Deployed:
- Azure App Service (Basic Tier, 1 CPU core, 1.75 GB RAM).
- Azure OpenAI (Standard tier, GPT-4 model).
- Azure AI Search (Standard tier, 1 replica).
- Azure Blob Storage (ZRS).
- Azure Monitor (Pay-as-you-go).

- Cost Optimization:
- Use free SKUs where possible.
- Refer to the [Azure Pricing Calculator](https://azure.microsoft.com/en-us/pricing/calculator/) for estimates.



Running Locally
1. Ensure successful deployment with azd up.
2. Authenticate: azd auth login.
3. Start app:
- Navigate to the app directory.
- Run ./start.ps1 or use VS Code's "Run & Debug".
- Open [http://localhost:50505](http://localhost:50505) in your browser.

Clean Up
To avoid unnecessary costs:
1. Run azd down.
2. Confirm cleanup by entering y when prompted.

For more details, refer to the [project repository](https://github.com/mattgotteiner/AI-Chat-App-Hack-Vision).

🦑Damm G2a should patch this ..

https://drive.google.com/file/d/1QJygOCFebxM5GVIk3-Z67YeoFITJ-xJL/view?pli=1

🦑Network Protocol and Traffic Analyzers:

Wireshark - https://www.wireshark.org/

tcpdump - https://www.tcpdump.org/

EtherApe - http://etherape.sourceforge.net/

Capsa Free - https://www.colasoft.com/capsa-free/

Nmap - https://nmap.org/

Netcat (nc) - https://nc110.sourceforge.io/

🦑Network Performance Monitoring:

Nagios - https://www.nagios.org/

PRTG Network Monitor - https://www.paessler.com/prtg

Zabbix - https://www.zabbix.com/

SolarWinds Network Performance Monitor -
https://www.solarwinds.com/network-performance-monitor

ManageEngine OpManager - https://www.manageengine.com/network-monitoring/

Cacti - https://www.cacti.net/

Network Security Analysis

Snort - https://www.snort.org/

Suricata - https://suricata.io/

Zeek (formerly Bro) - https://zeek.org/

OpenVAS (now Greenbone Vulnerability Manager) - https://www.greenbone.net/en/vulnerability-management/

AlienVault OSSIM - https://cybersecurity.att.com/products/ossim

🦑Wireless Network Analysis:

Kismet - https://kismetwireless.net/

Acrylic WiFi - https://www.acrylicwifi.com/

inSSIDer - https://www.metageek.com/products/inssider/

Ekahau HeatMapper - https://www.ekahau.com/heatmapper/

WiFi Analyzer (Microsoft Store) - https://www.microsoft.com/en-us/p/wifi-analyzer/9nblggh33n0n

🦑Network Diagnostics and Troubleshooting:

PingPlotter - https://www.pingplotter.com/

MTR (My Traceroute) - https://github.com/traviscross/mtr

Angry IP Scanner - https://angryip.org/

This is a beautiful malicous BadUSB implant photo. One of the best parts of #RedTeaming is going into an office and secretly swapping out USB cables on folks desks.

⬇️ 💻 Thanks to Lumafield’s Neptune industrial x-ray CT scanner, we can see the O.MG USB-C Cable isn’t just a regular USB cable. At its core, the O.MG Cable uses an ultra compact ESP32 Pico allow for keystroke injection attacks, remote control via wifi, hardware keylogging, ID/PID spoofing as well as remote command and control.

These are not really that new, and have existed in various forms and lesser capabilities at higher prices for almost ten years now.

Source: Linkedin

🦑Hack with 1 Plug:

Duckyspark v.0.4.1
Translator from USB-Rubber-Ducky payloads (Ducky script) to a Digispark code.

Usage:

python3 Duckyspark_translator.py [payload.txt] [output_file]
or
python3 Duckyspark_translator.py [payload.txt]

in this case the translated payload will be saved in the file "digipayload.ino"

Ducky payloads you can find here: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

or here: https://github.com/CedArctic/DigiSpark-Scripts

Or, you can simply write your own payloads using Ducky script

Ducky script syntax: https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript

Recently we found the video "Digispark Flashing Guide & Ducky Payload Converters" that shows how to flash Digispark using the payloads generated by our script: https://www.youtube.com/watch?v=Lrn_hgckhGw&lc

Our site: https://awake.pro/

Upd: added 3d models of USB flesh drive to hide Digispark.

You could edit 3d model, or just print on 3d printer ready-for-print .stl models

Commands

🦑 Example of sFTP Credentials Leak in Private Program

Target Sub-Domain: trc[•]example[•]com

Impact: Full FTP Server Access Obtained

Details: sftp-config.json exposed sensitive credentials.

Severity: 🔴 Critical (9.6)

💡 Stay vigilant for exposed configuration files!

🦑Top ChatGPT extensions for enhancing your productivity and web browsing experience:

1. Monica AI Copilot: A versatile assistant powered by GPT-4, offering functionalities like email drafting, web summaries, PDF chatting, and AI image generation, all while integrating with real-time web browsing.

2. AIPRM for ChatGPT: A powerful tool for marketers and content creators, featuring over 4,500 professional prompts for generating blog titles, ad copy, SEO strategies, and more.

3. Superpower ChatGPT: Adds features like organizing chat folders, custom prompt saving, and downloadable conversations. It’s a great organizational tool for frequent ChatGPT users.

4. Wiseone: Designed for readers, this extension simplifies complex text by providing definitions, context, and summaries directly within your browser.

5. YouTube Summary with ChatGPT & Claude: Summarizes YouTube videos and supports multilingual summaries, complete with timestamps for key points.

6. ChatGPT Writer: Specializes in creating emails and messages based on context, perfect for streamlining communication tasks.

7. Compose AI: Assists with sentence completion, rephrasing, and email replies, making it ideal for improving your writing speed and clarity.

These extensions are available on the Chrome Web Store and are useful for professionals, students, and casual users alike. Let me know if you'd like help with installation or exploring any of these!