🦑Cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication:

>> How Does it work?
Big-Papa utilizes malicious javascript code injection...and then makes a GET Request(with cookies) to the Python Web server running on the attacker machine

Note That you need to be man in the middle in order to inject the malicious javascript Code and then steal cookies of the website that the victim is currently visting

For testing purposes copy the Javascript code from the bgp.js file without the script tags and execute in the console of the browser

You can use Bettercap in-order to become man-in-the-middle using bettercap or use arp spoof and then run Big-Papa to inject Javascript

>> For HTTPS?
Big-Papa will work Perfectly against HTTP websites but For HTTPS you can use sslstrip to Downgrade it to HTTP and then utilize Big-Papa

*SSLstrip --> https://github.com/moxie0/sslstrip.git

Still some websites use HTTP and thus their data including Passwords can be read in Clear text but we need to steal cookies in some cases in order to Bypass 2-Factor-Authentication

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣ git clone https://github.com/vrikodar/Big-Papa.git

2️⃣cd Big-Papa

3️⃣chmod +x install.sh

4️⃣ ./install.sh

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Useful ?

🦑𝗦𝗢𝗣𝘀 (𝗦𝘁𝗮𝗻𝗱𝗮𝗿𝗱 𝗢𝗽𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗣𝗿𝗼𝗰𝗲𝗱𝘂𝗿𝗲𝘀) / 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸𝘀 / 𝗥𝘂𝗻𝗯𝗼𝗼𝗸𝘀✨

A playbook, also known as a standard operating procedure (SOP), consists of a set of guidelines to handle security incidents and alerts in the SOC.

Incident response methodologies typically involve creating standard operating procedures (SOPs), playbooks, and runbooks to guide teams through the incident response process.

These gudelines provide easy to use operational incident best practices. These cheat sheets are dedicated to incident handling and cover multiple fields in which a CERT team can be involved.

Source: https://lnkd.in/eudq_jJi
Thanks to Societe Generale

✅Worm Infection: https://lnkd.in/ez-kq98Y
✅Social Engineering: https://lnkd.in/e_FJbxDP
✅Information Leakage: https://lnkd.in/eeN8KX8g
✅Insider Abuse: https://lnkd.in/ep4p_THk
✅Customer Phishing: https://lnkd.in/ekTfY7vz
✅Scam: https://lnkd.in/eUHwG3fF
✅Trademark infringement: https://lnkd.in/e3P3xfeb
✅Phishing: https://lnkd.in/eYTi3RQ8
✅Ransomware: https://lnkd.in/eRkctdQn
✅Large_scale_compromise: https://lnkd.in/eYFF43b4
✅3rd-party_compromise: https://lnkd.in/e8SAu5MT
✅Windows Intrusion: https://lnkd.in/eXCpcx9V
✅Unix Linux lntrusionDetection: https://lnkd.in/eHkm6MMe
✅DDOS: https://lnkd.in/eQ7zZzVt
✅MaliciousNetworkBehaviour: https://lnkd.in/ewVZy2cs
✅Website-Defacement: https://lnkd.in/eraNiHcH
✅WindowsMalwareDetection: https://lnkd.in/ewEx_C6Y
✅Blackmail: https://lnkd.in/eW3zGcPs
✅SmartphoneMalware.pdf: https://lnkd.in/ezjyY4G9

Ref:
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free AI image to video + Offline models :

https://huggingface.co/collections/neox1969/image-to-video-65471876af5d7944323566f5

🦑𝐀 𝐅𝐫𝐞𝐞 𝐀𝐜𝐭𝐢𝐯𝐞 𝐃𝐢𝐫𝐞𝐜𝐭𝐨𝐫𝐲 𝐏𝐞𝐧𝐭𝐞𝐬𝐭 𝐋𝐀𝐁𝐬!

Game of Active Directory is an Open-Source project developed by Orange Cyber Defense that provides a vulnerable Active Directory environment.

It's designed for security professionals to practice and improve their skills in a controlled setting:

• Hands-on learning without risking a production environment.
• Opportunity to explore advanced attack and defense techniques.
• Offers a cost-effective way to build cybersecurity expertise.
• Facilitates a deeper understanding of AD security best practices.

Source: https://lnkd.in/gxN-_nTw

Kindly note that GOAD is intentionally designed to be highly vulnerable. It is strongly advised to refrain from replicating its configuration for production environments.

GOAD helps threat hunters simulate AD attacks, refine detection skills, and test response strategies in a safe, controlled environment.

Discover over 10+ essential data analysis techniques for effective threat hunting in my "Cyber Threat Hunt 101" YouTube series, explained simply: https://lnkd.in/gkVB6B2j

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free 3D models urls List:

https://sketchfab.com/
https://www.cgtrader.com/free-3d-models
https://www.turbosquid.com/
https://free3d.com/
https://www.thingiverse.com/
https://www.blendswap.com/
https://polyhaven.com/
https://threedscans.com/
https://grabcad.com/
https://3dwarehouse.sketchup.com/
https://archive3d.net/
https://www.models-resource.com/
https://clara.io/
https://3dsky.org/
https://www.renderhub.com/free-3d-models
https://www.sharecg.com/
https://3drt.com/
https://www.yeggi.com/
https://www.cadnav.com/
https://3dmdb.com/

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Real Ethical Hacking in 43 Hours: Your Fast-Track to Cybersecurity Mastery
Elevate your cybersecurity career with our comprehensive ethical hacking course.
Key Topics Covered:

* Ethical Hacking Foundations
* Introduction to Ethical Hacking
* Ethical Hacking Steps
* Creating Your Ethical Hacking Lab
* Operating System Fundamentals
* Vulnerability Assessment
* OSINT Techniques
* Storage Media
* Linux Basics
* Linux Shell
* Linux Processes
* Linux Permissions
* Network Security Concepts
* Packet Management Systems
* Network Security
* Linux File System
* Working with Archives
* Working with Processes
* Working with Users
* Networking Fundamentals
* Network Capture
* Network Scanning
* Advanced Networking Topics
* Information Gathering
* Web Application Hacking
* Detecting Web Vulnerabilities
* The Importance of Programming
* C++ and C
* SQL and Relational Databases
* Functions in C++
* Ethical Hacking for Data Scientists
* Ethical Hacking for SQL Datatypes
* Learning Python for Ethical Hacking

Gain hands-on experience with industry-standard tools like Kali Linux, Metasploit, and Nmap. Prepare for and ace certifications like CSEH and CEH.

Download Link: https://lnkd.in/dnXx6G6H

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑1)JS-Tap: Weaponizing JavaScript for Red Teams
https://lnkd.in/gKUUNrKN

2)Automating the Setup of a Bug Bounty Toolkit
https://lnkd.in/gkAN5KJh

3)VOIP Penetration Testing Checklist
https://lnkd.in/gz6iJqG8

4)Find Website Vulnerabilities with One Hacking Tool
https://lnkd.in/giNT2tGr

5)Easy Way To Root Your Virtual Device :)
https://lnkd.in/gTCX9_Zk

6)LetsDefend Walkthrough: Kernel Exploit Challenge
https://lnkd.in/gWjzjUaN

7)TryHackMe Writeup — Corridor
https://lnkd.in/g462KWdP

8)HTB: Editorial Writeup / Walkthrough
https://lnkd.in/gCQgrzy4

9)Lookup THM Walkthrough
https://lnkd.in/gk87hb_H

10)ITI + CyberTalents DFIR Bootcamp CTF Write ups
https://lnkd.in/gpTJuVim

Ref: Saumadip Mandal
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE Videos for Learning ICS/OT Cyber Security! 📽

Learning doesn't have to be hard!

My YouTube channel now hosts 42 videos on ICS/OT cyber security.

Just to help you!

Haven't checked out my YouTube channel yet?

Here's where to start...

1. Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 1 (Course Introduction)

https://lnkd.in/ee6QjZEn

2. OSINT for ICS/OT - Complete 10+ Hour Course - Part 1 (Course Introduction)

https://lnkd.in/eia63NDc

3. Industrial (ICS/OT) Cyber Security Certifications

https://lnkd.in/eErhErQJ

4. Hacking ICS/OT (& IT) with ChatGPT

https://lnkd.in/ebiidVry

5. Nmap Scanning for ICS/OT (& IT) - Part 1

https://lnkd.in/eHvMD2zJ

6. Getting Started in ICS/OT Cyber Security - 20+ Hours - Part 10 (Intro to ICS/OT Penetration Testing)

https://lnkd.in/eeSm7rxD

7. ICS/OT Packet Analysis Tools

https://lnkd.in/e4nSThTm

8. Using Shodan to Find ICS/OT (& IT) Assets

https://lnkd.in/eQgJ-xKa

9. Getting Started in ICS/OT Cyber Security - LIVE Recruiter Edition

https://lnkd.in/eACU5WNQ

10. Learn ICS/OT Incident Response w/ Backdoors & Breaches

https://lnkd.in/ePgnwPbA

Ref: Mike Holcomb
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AICaller

is a simple-to-use automated bulk calling solution that uses the latest Generative AI technology to trigger phone calls for you and get things done. It can do things like lead qualification, data gathering over phone calls, and much more. It comes with a powerful API, low cost pricing and free trial.

https://aicaller.io/

https://youtu.be/1MEK5Q_Yyao

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AI Phone Answering Service (Trial)

https://heyrosie.com/

https://youtu.be/8UZ-EvJ2p8Q

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁