🦑Most people don’t know where to find remote jobs.

I found 26 websites to make it easier for you.

You’re going to want to save this list:

1. JustRemote (justremote.co)

2. FlexJobs (flexjobs.com)

3. Remote Co (remote.co)

4. Job Board Search (jobboardsearch.com)

5. We Work Remotely (weworkremotely.com)

6. Remote OK (remoteok.com)

7. JS Remotely (jsremotely.com)

8. AngelList (angel.co)

9. LinkedIn (linkedin.com)

10. Upwork (upwork.com)

11 Freelancer (freelancer.com)

12. Working Nomads (workingnomads.com)

13. Himalayas (himalayas.app)

14. SimplyHired (simplyhired.com)

15. Jobspresso (jobspresso.co)

16. Freelance Writing (freelancewriting.com)

17. Virtual Vocations (virtualvocations.com)

18. Stack Overflow Jobs (stackoverflow.com/jobs)

19. Indeed (indeed.com)

20. Outsourcely (outsourcely.com)

21. Problogger (problogger.com)

22. Toptal (toptal.com)

23. Skip The Drive (skipthechive.com)

24. NoDesk (nodesk.co)

25. RemoteHabits (remotehabits.com)

26. Remotive (remotive.com)

Ref: Roni Rahman
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google Dorks for Bug Bounty. This cheat sheet provides powerful dorks to uncover:

PHP extensions with parameters

Disclosed XSS and open redirects

Juicy file extensions (.log, .env, .bak, etc.)

Code leaks on platforms like Pastebin, JSFiddle, and Codepen

Cloud storage exposures (S3, Google Drive, OneDrive, etc.)

These dorks can help identify publicly exposed sensitive information during your bug hunting journey.

More: https://taksec.github.io/google-dorks-bug-bounty/

Ref: Amit Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Resources Available! 🎉

UndercodeUtilities GitHub Repository:

This repository includes a variety of FREE resources for pentesting, bug bounty hunting, and AI jailbreak exploration. It is frequently updated with new tools, commands, and techniques, and provides useful collections to aid in vulnerability testing.

Key Updates:

1️⃣ 2025 Access List: An updated and expanded access list with new entries and improvements, particularly for tools, combos, and passwords.

2️⃣ Webshell Detection: Methods to detect webshells dropped on Microsoft Exchange servers after a 0day exploit.

3️⃣ Infinite Loop Fuzzing: Identifies infinite loop vulnerabilities in TensorFlow Lite.

4️⃣ Combos: Updated mail:pass combos for 2025.

5️⃣ Additional Tools: The repository also includes wordlists, dorks, and various pentesting tools to enhance your testing and security assessments.

6️⃣New AI Jailbreak Commands and Bug Bounty Dorks: Fresh additions to AI jailbreak tools and bug bounty resources.

7️⃣"More resources and updates will be added regularly."🙈

> Get It FREE Here! < 💥

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Useful Video Tools List:

_IntelligenceX: YouTube - https://intelx.io/tools?tab=youtube
Anilyzer: Watch Videos Frame by Frame - http://anilyzer.com
Annotate.tv - https://annotate.tv
Aware Online: YouTube Search Tool - https://www.aware-online.com/osint-tools/youtubesearch-tool
Bookmark It - https://bookmark-it.happydevelopers.co
DF Tube - https://chrome.google.com/webstore/detail/df-tubedistraction-free/mjdepdfccjgcndkmemponafgioodelna
Download Subtitles - https://downsub.com
Frame by Frame - https://chrome.google.com/webstore/detail/frame-byframe-foryoutub/elkadbdicdciddfkdpmaolomehalghio?hl=en-GB
Hadzy - https://hadzy.com
hashcut - http://www.hashcut.com
hooktube - https://hooktube.com
HypeAuditor - https://hypeauditor.com
InstantView for YouTube - https://chrome.google.com/webstore/detail/instantviewfor-youtube/pababfeapfpjaghmlfipkcoioeflpbio?hl=en
InVID - http://www.invid-project.eu/tools-and-services/invidverification-plugin
Invideo for YouTube - https://chrome.google.com/webstore/detail/invideo-foryoutube/iacbjlffnpbhgkgknabhkfmlcpdcigab?
Kodi - https://kodi.tv/addon/plugins-video-add-ons/youtube
Looper - https://chrome.google.com/webstore/detail/looper-foryoutube/iggpfpnahkgpnindfkdncknoldgnccdg
NSFW YouTube - https://www.nsfwyoutube.com
OwlZoom - https://addons.mozilla.org/enUS/firefox/addon/owlzoom-youtube/ | https://github.com/LionRoar/WebExt-OwlZoom
RocketNote - https://getrocketnote.com
Slowtube - https://www.dkthehuman.com/slowtube
Softorino YouTube Converter - https://softorino.com/youtube-converter-2
Tiny.video - http://tiny.video
Transpose - https://chrome.google.com/webstore/detail/transpose-%E2%96%B2%E2%96%BC-pitch-%E2%96%B9-spee/ioimlbgefgadofblnajllknopjboejda?hl=en
Trinding - https://trinding.com
Turn Off the Lights - https://chrome.google.com/webstore/detail/turn-off-thelights/bfbmjmiodbnnpllbbbfblcplfjjepjdn
Unlisted Videos - https://unlistedvideos.com
vidnote - http://www.vdnote.com
viewpure - http://www.viewpure.com
VLC - https://www.videolan.org/vlc
Watch Frame by Frame - http://www.watchframebyframe.com
Y2mate - https://y2mate.com
Yotter - https://github.com/ytorg/Yotter
Yout - https://yout.com
Yout-ube - https://www.yout-ube.com
YouTube Converter - https://youtubeconvert.cc
YouTube Data Tools - https://tools.digitalmethods.net/netvizz/youtube
YouTube DataViewer - https://www.amnestyusa.org/citizenevidence
YouTube Geofind - https://mattw.io/youtube-geofind/location
YouTube Multi Downloader Online - https://youtubemultidownloader.net
YouTube Restriction Check - http://polsy.org.uk/stuff/ytrestrict.cgi?ytid=vg7wh_zf2X0
YouTube Thumbnail Graber - https://boingboing.net/features/getthumbs
youtube_tool - https://github.com/nlitsme/youtube_tool
YTtool - https://github.com/nlitsme/youtube_tool
Youtube-dl - https://rg3.github.io/youtube-dl
Youtube-dlc - https://github.com/blackjack4494/youtube-dlc


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Deep Fake Guides :

1. Focus on AI/ML Vulnerabilities
Deepfakes heavily rely on machine learning and AI, so learning about common vulnerabilities in AI models is key:

Data Poisoning: Deepfake models can be affected by poisoned datasets. Understanding this type of vulnerability will help you test AI systems more effectively.
Adversarial Attacks: These attacks manipulate the input data to trick AI systems. Learn how to craft inputs that could trick facial recognition or voice recognition systems used in secure authentication.
2. Automate Deepfake Detection
Automating the process of detecting deepfakes can be a valuable skill in bug bounty programs:

Use Existing Detection Tools: Tools like Deepware Scanner or Microsoft Video Authenticator can help detect deepfakes. Set up scripts to automatically analyze videos or images for authenticity.
API Integration: If you’re testing a service that involves user-uploaded media (e.g., social media platforms or login systems using facial recognition), integrate deepfake detection APIs into your testing workflow.
3. Understand How Deepfakes Impact Authentication Systems
Facial recognition and voice authentication systems are vulnerable to deepfake attacks. Here’s how to test them:

Test for Vulnerabilities: Try bypassing authentication systems that use facial or voice recognition with deepfake technologies. Report any weaknesses you find (e.g., systems that don’t use multi-factor authentication).
Biometric Spoofing: Deepfakes can spoof biometric data. Ensure the systems you test require additional authentication factors beyond just a face or voice (e.g., PIN, password, or device-based verification).
4. Social Engineering and Phishing Defense
Deepfakes can be used for social engineering and phishing:

Impersonation of Executives or Employees: Attackers could use deepfake videos or audio to impersonate high-level individuals and manipulate employees. Test systems for susceptibility to such attacks.
Deepfake Phishing Campaigns: Look for vulnerabilities in email or messaging platforms where attackers might insert deepfake videos or audios as part of phishing campaigns.
5. Analyze Media Content on Websites
Look for websites that rely on user-generated content (UGC) such as images and videos:

Media Validation: Test media validation processes to see if they’re susceptible to deepfakes. If a platform doesn't have strong checks in place, this could be a bug you can report.
Metadata Inspection: Learn how to inspect metadata of images and videos. A deepfake might not leave obvious artifacts but might have inconsistencies in metadata (e.g., creation date, editing software).
6. Perform Threat Modelling
Understanding the threats posed by deepfakes in the context of a system’s security is crucial:

Threat Intelligence: Study how attackers could exploit deepfake technology in a targeted way. Develop models to anticipate attack vectors in your bug bounty research.
Look for AI Training Data Exposure: If AI models are trained with insecure or easily accessible datasets, they may be more susceptible to deepfake manipulation. Test for data security flaws in model training pipelines.
7. Stay Updated on Deepfake Trends
Deepfake technology is rapidly evolving. To stay ahead, you need to keep up with the latest developments:

Follow AI and Security Blogs: Subscribe to AI and cybersecurity blogs or research papers to learn about new vulnerabilities, detection methods, and deepfake advancements.
Monitor Deepfake News: Stay informed about deepfake-related incidents. Understanding how attackers are using deepfakes in real-world situations can give you insights into the kinds of vulnerabilities you might find.
8. Learn from Real-World Deepfake Cases
Study real-world cases where deepfakes were used for malicious purposes to understand how they were detected or prevented:

Famous Deepfake Scandals: Look at how governments and companies responded to deepfake incidents, such as the use of deepfakes in disinformation campaigns or political manipulation.
Bug Reports and Security Audits: Explore past bug bounty reports related to deepfakes or AI systems. Learning from these cases will sharpen your skills in identifying similar vulnerabilities.
9. Report Findings Responsibly
If you find vulnerabilities related to deepfakes in a bug bounty program, be sure to:

Provide Detailed Evidence: Document your findings with clear, reproducible steps. For example, if a facial recognition system can be bypassed with a deepfake, include details on how the attack works.
Ethical Considerations: Always follow ethical guidelines. Do not exploit deepfake vulnerabilities maliciously—use them solely to improve security.

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Search for Leaked Zoom Meeting Links via Wayback Machine

1. Target URL:

Use Wayback Machine to search for archived Zoom meeting links of the target, e.g., target.zoom.us.



2. Wayback Machine URL:

Visit archive links like:

https://web(.)archive(.)org/web/*/https://target(.)zoom(.)us/*




3. Find Meeting Links:

Look for URLs with meeting IDs and passwords, such as: http://target(.)zoom(.)us/j/3122529044?pwd=xxxxxx



4. Check Activity:

If the link contains pwd=xxxx, test if it is still active.

Active links grant access to private meetings.




Risk: This can expose sensitive company information, leading to significant security breaches.

You can also find a shared link to the recorded video to demonstrate greater impact.

Risks Highlighted in the Report:

1. Unauthorized Access:

Leaked Zoom links allow attackers to join private LinkedIn meetings without authorization.

2. Anonymity of Attackers:

The anonymity option in Zoom enables malicious actors to participate undetected.

3. Sensitive Information Exposure:

Attackers can gain access to confidential LinkedIn discussions and sensitive data.

4. Impersonation Threat:

Malicious actors can impersonate LinkedIn for phishing, fraudulent recruitment, or advertising scams.

5. Content Hijacking:

Attackers with knowledge of meeting times can claim host privileges and disrupt meetings by sharing obscene or inappropriate content.

6. Scalability of Attack:

LinkedIn’s enterprise Zoom plan allows attackers to add numerous unauthorized participants, amplifying the potential damage.

7. Reputational & Financial Damage:

Breach of internal meetings can harm LinkedIn’s reputation and result in financial exploitation.

https://x.com/MrRajputHacker/status/1879423022769336570?t=57L3i_dLYPUbH2Mgagohbw&s=19
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑More Free Cybersecurity Certificates

added to

https://undercodenews.com/top-2025-free-certified-cybersecurity-courses-recommended-by-undercode/

🦑Disabling EDRs by File Rename Junctions (Crowdstrike)

PendingFileRenameOperations allows applications to create file rename operations by creating a registry entry under the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager. Initially I attempted to create this entry, pointing it towards the EDR binary as such in PowerShell, based on the StackOverflow thread.

➡️ Powershell start :

new-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name "PendingFileRenameOperations" -Value $($((Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name PendingFileRenameOperations -ErrorAction SilentlyContinue).PendingFileRenameOperations) + "\??\C:\Program Files\<EDR_PATH>.exe`0`0") -type MultiString -Force | Out-Null

➡️ Powershell end.

⚠️ This works for AVs/EDRs without anti-tampering. Security products with anti-tampering can use [CmRegisterCallbackEx](https://lnkd.in/dmCGSwnX) to monitor and block registry operations from the kernel. A kernel driver could block registry keys from being created if they referenced their core services.

Using a reparse point (junction) - kudos again to sixtyvividtails - we can create a junction from: C:\program-files -> C:\Program Files\

And yet again we can create our PendingFileRenameOperations, pointing the key at the EDR binary pathed through our junction, something that most EDRs do not check. All of this of course requires Admin privileges. On the next reboot, any core EDR binaries will be renamed to "", in turn being deleted.

Ref: Simon Ngoy
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK-RF BLUETOOTH SPAM?

Most people don’t know that before Flipper zero came, Hackrf was and is still doing Bluetooth spamming and crushing iOS devices. I’m doing this POC on my iPhone 13 with 18.2.1 update and as you can see is working even with Bluetooth is off. The HackRF is bigger than the Flipper Zero in the context of Bluetooth spoofing because it provides greater flexibility, power, and signal control for professional-grade research and exploitation. You can do on both iOS, windows and Android 🤝


Ref: Daniel Anyemedu
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑XSS Attack Simulation Using DVWA and Metasploit

In this simulation, I demonstrated how Cross-Site Scripting (XSS) attacks work using Kali Linux, Metasploit, and the Damn Vulnerable Web Application (DVWA).

Here’s a breakdown of what I did:

1. Set up the target environment: DVWA was configured to demonstrate how vulnerable web apps can be.

2. Launched the attack: Using Metasploit, I injected a malicious script into a vulnerable input field on the DVWA platform.

3. Observed the impact: The script executed successfully, proving how attackers can use XSS to steal sensitive information or manipulate web content.

Attackers use XSS to hijack user sessions, steal cookies, or manipulate data, all without the user knowing. It’s one of the most common vulnerabilities in web applications.

Hence, it's important to
1. Validate and sanitize all user inputs.
2. Implement strong Content Security Policies (CSP).
3. Regularly test your web applications for vulnerabilities using tools like DVWA.
4. Educate developers and organizations on secure coding practices.

This is a reminder of why secure coding and constant vulnerability testing are critical for protecting web applications.

Ref: Kate Amarachukwu Igwilo
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Check If Someone Is Spying On Your Computer! 🧑‍💻🥷 (Level: Basic- Mac)

1️⃣ Go to System Preferences: Open the Apple menu and click on "System Preferences."

2️⃣ Check Users & Groups: Click on "Users & Groups" to see the list of accounts on your Mac.

3️⃣ Look for Suspicious Users: Review the list and ensure all accounts are familiar. If there’s an account you don’t recognize, it could be a sign of unauthorized access.

4️⃣ Check for Sharing Settings: Go back to "System Preferences" and click on "Sharing." Ensure only the services you intentionally turned on (like file sharing) are enabled, and verify the users who have access.

5️⃣ Audit Your Applications: Open "Activity Monitor" and check the running processes. Look out for any apps or processes you don’t recognize. Google their names if you’re unsure.

Ref: Caitlin Sarian
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Proof of concept & details for Outlook RTF Vuln:

https://github.com/ynwarcs/CVE-2025-21298

🦑 After revolutionizing the cyber and tech news landscape with UndercodeNews.com and building a rapidly growing vulnerability database at DailyCVE.com, now attracting hundreds of human visitors daily, we proudly present our latest venture: UndercodeTesting.com

An AI-powered cybersecurity platform designed to monitor hacker feeds, serve as a hacker-centric search engine, and provide cutting-edge tools.

Updated and upgraded daily/weekly, it’s your go-to destination for the future of cybersecurity intelligence!

☁️ #Windows Internals: The Implementation of the #Windows Operating Environment

https://undercodetesting.com/windows-internals-the-implementation-of-the-windows-operating-environment/

@Undercode_testing

🔐 Advanced Attack Scenario With Full Analysis From Both The Attacker’s Perspective And Defensive Actions

https://undercodetesting.com/advanced-attack-scenario-with-full-analysis-from-both-the-attackers-perspective-and-defensive-actions/

@Undercode_testing