🦑Cisco is Offering FREE Cyber Security Courses + official Badges!
Start Your Cybersecurity Career with these in demand courses!

⭕1. Introduction to Cybersecurity

- Course Duration: 6 HOURS
- Level: BEGINNER
- Lab: 7 LABS
- Delivery Type: SELF-PACED

Course Link: https://lnkd.in/eh5MTBwT

⭕2. Cyber Threat Management

- Course Duration: 16 HOURS
- Level: INTERMEDIATE
- Lab: 16 LABS
- Delivery Type: SELF-PACED

Course Link: https://lnkd.in/ehwb_Hsh

⭕3. Endpoint Security

- Course Duration: 27 HOURS
- Level: Intermediate
- Labs: 31 LABS
- Delivery Type: SELF-PACED

Course Link: https://lnkd.in/eV2UB7xy

⭕4. Network Defense

- Course Duration: 27 HOURS
- Level: INTERMEDIATE
- Lab: 29 LABS
- Delivery Type: SELF-PACED

Course Link: https://lnkd.in/ekTpuvyn

Source: Linkedin

🦑Reverse Engineering iOS Applications:

> Here's a streamlined approach to obtain the required tools and set up your environment for iOS reverse engineering, as described. The provided GitHub repository is an excellent resource for guidance.

### Key Tools and Instructions

1. iTunnel
- Download: Allows SSH over USB.
- Usage:

     itnl --lport 2222 --iport 22
     ssh -p 2222 root@localhost
     

2. Cydia Impactor
- Download: Lets you sideload iOS apps using a developer certificate.

3. Hopper
- Download: Reverse engineering tool for disassembly, decompilation, and debugging.
- Trial version is sufficient.

4. Cycript
- Download: Enables runtime modification of app behavior via a console.

5. Frida
- Install:

     sudo pip install frida-tools
     

- Purpose: Scripting to change app behavior at runtime.

6. Bettercap
- Download: Perform MITM (Man-in-the-Middle) attacks.

7. class-dump-z
- Download: Dumps ObjC classes (for ObjC apps).

8. momdec
- Download: Decompiles CoreData models.

9. Ghidra
- Download: Alternative reverse engineering tool.

---

### iOS-Specific Tools

#### iOS 10.x
- Clutch
- Use for decrypting iOS applications.

#### iOS 11.x+
- bfinject
- Extract apps using Cycript and Clutch.
- Install dependencies:

    sudo pip install -r requirements.txt --upgrade
    

#### iOS 12.x
- frida-ios-dump
- Decrypt apps and auto-transfer to your computer.

---

### Device Setup

1. On iOS < 11.0
- Jailbreak and install via Cydia:
- Cycript
- Apple File Conduit "2"
- Frida (Source: https://build.frida.re)

- Test SSH:

     itnl --lport 2222 --iport 22
     ssh -p 2222 root@localhost
     

2. On iOS > 11.0
- Create required directories:

     cd / && mkdir jb
     mkdir /jb/bfinject && cd /jb/bfinject
     

- Transfer and extract bfinject:

     scp -P 2222 ~/Downloads/bfinject.tar root@localhost:/jb/bfinject
     tar xvf bfinject.tar
     

3. On iOS 12.x
- Install Frida via Cydia (Source: https://build.frida.re).


For more details and resources, check the GitHub repository: [RE-iOS-Apps](https://github.com/ivRodriguezCA/RE-iOS-Apps).

Curated list of data leaks around the world:

https://github.com/inspektor-dev/awesome-data-leak

🦑Ethical Hacking in 12 Hours:

https://youtu.be/fNzpcB7ODxQ

🦑 Markov Chain Overview and Its Application in Hashcat

What is a Markov Chain?
A Markov chain is a statistical model used to describe a stochastic process. It is characterized by the principle that the probability of transitioning to the next state depends only on the current state and not on the sequence of preceding states. This property is known as the Markov property.

#### Example:
Imagine you're playing a game where each "punch" is randomly determined:
1. The first three outcomes: "scissors," "paper," "rock."
2. For the fourth punch:
- "Rock" has a probability of 0.2,
- "Paper" has 0.3,
- "Scissors" has 0.5.

The outcome of the fourth punch depends only on the probabilities and not on the earlier punches.

---

### Markov Chains in Hashcat
Hashcat utilizes Markov chains to optimize brute-force password cracking in its Mask attack mode (attack mode = 3). Instead of enumerating every possible combination, Hashcat prioritizes password candidates based on their likelihood.

#### How It Works:
- Hashcat computes the Markov chain probability model of common passwords beforehand and stores it in a .hcstat2 file.
- When cracking, the stored probabilities help determine the order in which potential passwords are tested, with more likely combinations appearing first.
- For example, "s" often follows "t," and "q" often follows "u." These probabilities guide the cracking process.

This approach doesn’t reduce the total number of possibilities (keyspace) but improves efficiency by testing likely combinations first.

---

### Markov Chain Parameters in Hashcat
1. `--markov-hcstat2`
Specifies the .hcstat2 file with precomputed probabilities. Default: /usr/share/hashcat/hashcat.hcstat2.

2. `--markov-disable`
Disables Markov chains, reverting to classic brute-force.

3. `--markov-classic`
Uses traditional Markov chains without considering character positions.

4. `--markov-inverse`
Prioritizes less common character combinations, reversing the probability model.

5. `--markov-threshold=<NUM>`
Limits the number of candidates based on probability. For example, a threshold of 2 considers only the two most likely characters for each position.

---

### Per-Position Markov Chains
Hashcat includes a per-position Markov model to improve accuracy by considering the position of each character:
- Example:
- In the first position, "s" is likely followed by "t."
- In the seventh position, "s" might be followed by "e."

This method enables better tailoring of password candidates based on position-specific probabilities.

---

### Practical Demonstration
1. Without Markov chains:

   $ hashcat -a 3 --stdout --markov-disable ?l
   a
   b
   c
   ...
   z
   

2. With Markov chains:

   $ hashcat -a 3 --stdout ?l
   s
   m
   c
   ...
   x
   

3. With `--markov-inverse`:

   $ hashcat -a 3 --markov-inverse --stdout ?l
   x
   u
   q
   ...
   s
   

---

Summary
Hashcat's implementation of Markov chains enhances brute-force attacks by prioritizing password candidates based on likelihood, derived from precomputed statistical models. Parameters like --markov-threshold and --markov-inverse allow further customization, making the cracking process faster without reducing complexity.

By leveraging common user behavior, such as frequent patterns in passwords, Hashcat increases the efficiency of password cracking—a crucial tool for penetration testing and cybersecurity research.

🦑All Linux Commands in 1 place:

https://github.com/yzf750/custom-fuzzing/blob/master/linux-commands-merged.txt

🦑Google Hacking Dorks For Webserver (1) :
"About Mac OS Personal Web Sharing"
"AnWeb/1.42h" intitle:index.of
"Application Blocked!" "Google bot"
"CERN httpd 3.0B (VAX VMS)"
"Cisco Systems, Inc. All Rights Reserved." -cisco.com filetype:jsp
"I have been invoked by servletToJSP"
"JRun Web Server" intitle:index.of
"MaXX/3.1" intitle:index.of
"Microsoft-IIS/* server at" intitle:index.of
"Microsoft-IIS/4.0" intitle:index.of
"Microsoft-IIS/5.0 server at"
"Microsoft-IIS/6.0" intitle:index.of
"NTRIP Caster Table Contents" "This is a SNIP NTRIP Caster"
"Netware * Home" inurl:nav.html
"Novell, Inc" WEBACCESS Username Password "Version *.*" Copyright -inurl:help -guides|guide
"OmniHTTPd/2.10" intitle:index.of
"OpenSA/1.0.4" intitle:index.of
"PHP Credits" "Configuration" "PHP Core" ext:php inurl:info
"Powered by 123LogAnalyzer"
"Powered by BOINC"
"Powered by phpBB" inurl:"index.php?s" OR inurl:"index.php?style"
"Powered by vShare"
"Powered by"
"Proudly created with Wix.com"
"RDServer Product information" | inurl:"/rdagent.jsp"
"Red Hat Secure/2.0"
"Red Hat Secure/3.0 server at"
"Switch to table format" inurl:table|plain
"This server is operated by OpenX."
"Wowza Streaming Engine 4 Developer Edition"
"httpd+ssl/kttd" * server at intitle:index.of
"index of /private" -site:net -site:com -site:org
"powered by openbsd" +"powered by apache"
"powered by" "shoutstats" hourly daily
"seeing this instead" intitle:"test page for apache"
"var miner = new CoinHive" intext:document.domain
(intitle:"502 Proxy Error")|(intitle:"503 Proxy Error") "The proxy server could not handle the request" -topic -mail -4suite -list -site:geocrawler.co
(inurl:81-cobalt | inurl:cgi-bin/.cobalt)
-pub -pool intitle:"index of" "Served by" "Web Server"
Coldbox | contentbox | commandbox "Powered by ContentBox"
Fwd: intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report"
HTTP_USER_AGENT=Googlebot
Powered.by.RaidenHTTPD intitle:index.of
XAMPP "inurl:xampp/index"
aboutprinter.shtml
allintext:"Index Of" "sftp-config.json"
allintext:"Powered by LionMax Software" "WWW File Share"
allintitle:"Pi-hole Admin Console"
allintitle:Netscape FastTrack Server Home Page
allinurl:".nsconfig" -sample -howto -tutorial
ext:php | intitle:phpinfo "published by the PHP Group"
ext:svc inurl:wsdl
filetype:asmx inurl:(_vti_bin|api|webservice)
filetype:axd inurl:/elmah.axd
fitweb-wwws * server at intitle:index.of
i_index.shtml Ready
intext:" - 2019 Cott Systems, Inc."
intext:"404 Object Not Found" Microsoft-IIS/5.0
intext:"Brought to you by eVetSites"
intext:"Healthy" + "Product model" + " Client IP" + "Ethernet"
intext:"Powered by (Quantum | Quantum CMS | CMS)
intext:"Powered by Abyss Web Server"
intext:"Powered by GetSimple" -site:get-simple.info
intext:"Powered by Nesta"
intext:"Powered by Sentora" -github.com
intext:"Powered by Typesetter"
intext:"Powered by phpSQLiteCMS" | intitle:"phpSQLiteCMS - A simple & lightweight CMS"
intext:"SonarQube" + "by SonarSource SA." + "LGPL v3"
intext:"Target Multicast Group" "beacon"
intext:"This is the default welcome page used to test the correct operation of the Apache2 server"
intext:"Welcome to CodeIgniter!"
intext:"index of /" "Index of" access_log
intext:Apache/2.2.29 (Unix) mod_ssl/2.2.29 | intitle:"Index of /"
intitle: "Welcome to nginx!" + "Thank you for using nginx."
intitle:"300 multiple choices"
intitle:"Accueil WAMPSERVER" intext:"Configuration Serveur"
intitle:"Apache HTTP Server" intitle:"documentation"
intitle:"Apache Status" "Apache Server Status for"
intitle:"Apache Status" | intext:"Apache Server Status"
intitle:"Apache2 Debian Default Page: It works"
intitle:"Apache2 Ubuntu Default Page: It works"
intitle:"Axis Happiness Page" "Examining webapp configuration"
intitle:"BadBlue: the file-sharing web server anyone can use"
intitle:"Current Network Status" "Nagios"
intitle:"Directory Listing, Index of /*/"
intitle:"Document title goes here" intitle:"used by web search tools" " example of a simple Home Page"
intitle:"Domain Default page" "Parallels IP Holdings GmbH"
intitle:"GlassFish Server - Server Running"

🦑Google Hacking Dorks For Webserver 2 :
intitle:"IIS Windows Server" -inurl:"IIS Windows Server"
intitle:"IPC@CHIP Infopage"
intitle:"Icecast Streaming Media Server"
intitle:"Index of *" mode links bytes last-changed name
intitle:"Index of /" "Proudly Served by Surftown at"
intitle:"Index of" "Apache/2.4.7 (Ubuntu) Server"
intitle:"Index of" site:.gov intext:"Server at"
intitle:"Lists Web Service"
intitle:"Lotus Domino Go Webserver:" "Tuning your webserver" -site:ibm.com
intitle:"Microsoft Internet Information Services 8" -IIS
intitle:"Miniweb Start Page" | "/CSS/Miniweb.css"
intitle:"Monsta ftp" intext:"Lock session to IP"
intitle:"Object not found!" intext:"Apache/2.0.* (Linux/SuSE)"
intitle:"Object not found" netware "apache 1.."
intitle:"Open WebMail" "Open WebMail version (2.20|2.21|2.30) "
intitle:"Page rev */*/*" inurl:"admin
intitle:"Resin Default Home Page"
intitle:"SOGo" site:webmail.*
intitle:"STEP by STIBO Systems" "Launch STEPworkbench" "Web UI Component Report"
intitle:"Server Backup Manager SE"
intitle:"Shoutcast Administrator"
intitle:"Shoutcast server" inurl:"/index.html" "SHOUTcast Server"
intitle:"Success!" intext:"Your new web server is ready to use."
intitle:"Sucuri WebSite Firewall - Access Denied"
intitle:"Test Page for Apache"
intitle:"Test Page for Apache" "It Worked!"
intitle:"Test Page for Apache" "It Worked!" "on this web"
intitle:"Test Page for the Apache HTTP Server on Fedora Core" intext:"Fedora Core Test Page"
intitle:"Test Page for the HTTP Server on Fedora"
intitle:"WAMPSERVER homepage" "Server Configuration" "Apache Version"
intitle:"WATASHI SERVICE"
intitle:"Web Server's Default Page" intext:"hosting using Plesk" -www
intitle:"Welcome To Xitami" -site:xitami.com
intitle:"Welcome To Your WebSTAR Home Page"
intitle:"Welcome to 602LAN SUITE *"
intitle:"Welcome to IIS 4.0"
intitle:"Welcome to JBoss"
intitle:"Welcome to OpenResty!"
intitle:"Welcome to WildFly" intext:"Administration Console"
intitle:"Welcome to Windows 2000 Internet Services"
intitle:"Welcome to Windows Small Business Server 2003"
intitle:"Welcome to Your New Home Page!" "by the Debian release"
intitle:"Welcome to nginx!" intext:"Welcome to nginx on Debian!" intext:"Thank you for"
intitle:"Welcome to the Advanced Extranet Server, ADVX!"
intitle:"Welcome" intext:"LiteSpeed Technologies, Inc. All Rights Reserved."
intitle:"apache tomcat/" "Apache Tomcat examples"
intitle:"apache tomcat/" + "Find additional important configuration information in:"
intitle:"error 404" "From RFC 2068 "
intitle:"index of" "/homedir/etc/"
intitle:"index of" "Served by Sun-ONE"
intitle:"index of" "debug.log" OR "debug-log"
intitle:"index of" "docker.yml"
intitle:"index of" "powered by apache " "port 80"
intitle:"index of" "server at"
intitle:"index of" AND inurl:magento AND inurl:/dev
intitle:"index of" site:.gov.in
intitle:"miniProxy"
intitle:"nPerfServer"
intitle:”PHP Version” intext:”PHP Version”
intitle:"web server login" intext:"site ip"
intitle:"welcome to mono xsp"
intitle:AnswerBook2 inurl:ab2/ (inurl:8888 | inurl:8889)
intitle:HTTP Server Test Page powered by CentOS
intitle:Snap.Server inurl:Func=
intitle:Snoop Servlet
intitle:Test Page for the Nginx HTTP Server on Fedora
intitle:livezilla "Server Time"
inurl *:8080/login.php
inurl: /ftp intitle:"office"
inurl:"/app/kibana#"
inurl:"/domcfg.nsf" " Web Server Configuration"
inurl:"/phpmyadmin/user_password.php
inurl:"/web-console/" intitle:"Administration Console"
inurl:":8088/cluster/apps"
inurl:"WebPortal?bankid"
inurl:"id=*" & intext:"warning mysql_fetch_array()"
inurl:"server-status" "Server Version: Apache/" "Server Built: " "Server uptime:" "Total accesses" "CPU Usage:"
inurl:"web/database/selector"
inurl:/Portal0000.htm
inurl:/_catalogs
inurl:/_hcms/
inurl:/config/device/wcd
inurl:/iisstart.htm intitle:"IIS7"
inurl:/javax.faces.resource/
inurl:/php/info.php
inurl:/phpPgAdmin/browser.php
inurl:/phpmyadmin/changelog.php -github -gitlab
inurl:/pub/ inurl:_ri_
inurl:/server-status + "Server MPM:"
inurl:/uploads/affwp-debug.log
inurl:/xprober ext:php
inurl:2506/jana-admin

🦑Google Hacking Dorks For Webserver 3 :
inurl:CFIDE/adminapi
inurl:OrganizationChart.cc
inurl:_vti_bin/Authentication.asmx
inurl:composer.json codeigniter -site:github.com
inurl:domcfg.nsf
inurl:jsmol.php
inurl:nnls_brand.html OR inurl:nnls_nav.html
inurl:oraweb -site:oraweb.org
inurl:phpinfo.php intext:build 2600
inurl:phpmyadmin/themes intext:"pmahomme"
inurl:phpsysinfo/index.php?disp=dynamic
inurl:readme.md intext:"Laravel"
inurl:readme.md intext:"typo3"
inurl:readme.rst intext:"CodeIgniter"
inurl:rvsindex.php & /rvsindex.php?/user/login
inurl:tech-support inurl:show Cisco
inurl:tests/mocks intext:autoloader
inurl:user_guide intext:"CodeIgniter User Guide"
inurl:wl.exe inurl:?SS1= intext:"Operating system:" -edu -gov -mil
sEDWebserver * server +at intitle:index.of
site:*/*.asp
site:*/server-status intext:"Apache server status for"
site:ftp.*.com "Web File Manager"
site:vps-*.vps.ovh.net
yaws.*.server.at
intitle:"index of" "debian.cnf"
intitle:"index of" "debian.conf"
intitle:\"Welcome to nginx!\" intext:\"Welcome to nginx on Debian!\" intext:\"Thank you for\"

🦑google dorks for finding aws s3:

site:http://s3.amazonaws.com intitle:index.of.bucket
site:http://amazonaws.com inurl:".s3.amazonaws.com/"
site:.s3.amazonaws.com "Company"
intitle:index.of.bucket
site:http://s3.amazonaws.com intitle:Bucket loading
site:*.amazonaws.com inurl:index.html
Bucket Date Modified

🦑Pegasus (spyware) samples decompiled & recompiled:
Pegasus is one of the smartest and best spyware on earth

https://github.com/byt3n33dl3/EXAPegasus

🦑Dark Websites - TOP 50:

A portal containing lists of links autom skunksworkedp2cg.onion

Apples 4 Bitcoin tfwdi3izigxllure.onion

AYB – ur mum XDDDDDDD allyour4nert7pkh.onion

ccpal – ccs – cvv2s – paypal 3dbr5t4pygahedms.onion

Concerned Cocaine Citizens cocaineo5z66elwy.onion

costeira.i2p.onion – Servidor de download costeirazb2xecgs.onion

Darkmarket Market darkmarabrstwfuh.onion

Darknet Hacking Services x7bwsmcore5fmx56.onion

DeepDotWeb – Surfacing the News deepdot35wvmeyd5.onion

DeepLink deeplinkdeatbml7.onion

Dream Market – Dark web market lchudifyeqm4ldjj.onion

Dream Market – Dark web market featuring 7ep7acrkunzdcw3l.onion

Dream Market – Dark web market featuring jd6yhuwcivehvdt4.onion

Dream Market – Dark web market featuring t3e6ly3uoif4zcw2.onion

DreamMarket Forum tmskhzavkycdupbr.onion

Fantom urls – Forum for paranoids fantomwf4luxar7u.onion

French Deep Web fdwocbsnity6vzwd.onion

Galaxy2 Social network w363zoq3ylux5rf5.onion

Grams grams7enufi7jmdl.onion

HANSA Market hansamkt2rr6nfg3.onion

HD Wiki hdwikicorldcisiy.onion

Hidden Wiki – Outdated and filled with scam ntcixulmms4275vi.onion

HQER – High Quality Euro Counterfeits y3fpieiezy2sin4a.onion

Krang Hidden Base in Tor. Technodrome. B 54ogum7gwxhtgiya.onion

LINKS Onion Web Link Directory – Your co linkskgiymtyszdb.onion

main.paraZite # Anarchy files and Underground kpynyvym6xqi7wz2.onion

On my website you can upload/download fi tt3j2x4k5ycaa5zt.onion

Onion Identity abbujjh5vqtq77wg.onion

OnionDir – Deep Web Link Directory dirnxxdraygbifgc.onion

PT-BR: Site oficial do roothit EN-US: We roothitpesjylrta.onion

Runion – Russian Forum lwplxqzvmgu43uff.onion

R´adio CBS – Comunica¸c˜oes Brasileira de S radiocbsi2q27tob.onion

Silkkitie Market silkkitiehdg5mug.onion

SleepWalker slpwlkryjujyjhct.onion

Store bankshopiweol3mv.onion

Store mystorew25hgytln.onion

The Hidden Wiki wikitorcwogtsifs.onion

The Hidden Wiki – Outdated, full of scam zqktlwi4fecvo6ri.onion

This is ChatTor, the only 100% anonymous chattorci7bcgygp.onion

TORCH: Tor Search Engine xmh57jrzrnw6insl.onion

TorLinks — .onion Link List torlinkbgs6aabns.onion

TorShops shopsat2dotfotbs.onion

TorVPS torvps7kzis5ujfz.onion

UK Guns and Ammo Store tuu66yxvrnn3of7l.onion

Valhalla Market valhallaxmn3fydu.onion

Wall Street Market wallstyizjhkrvmj.onion

Welcome To A New Site n2ha26oplph454e6.onion

Welcome To Dark Web Links & More! rbaco5flcou46wpd.onion

🦑x64dbg is the good debugger for Windows operating systems.

F E A T U R E S :

Open-source
Intuitive and familiar, yet new user interface
C-like expression parser
Full-featured debugging of DLL and EXE files (TitanEngine)
IDA-like sidebar with jump arrows
IDA-like instruction token highlighter (highlight registers, etc.)
Memory map
Symbol view
Thread view
Source code view
Graph view
Content-sensitive register view
Fully customizable color scheme
Dynamically recognize modules and strings
Import reconstructor integrated (Scylla)
Fast disassembler (Zydis)
User database (JSON) for comments, labels, bookmarks, etc.
Plugin support with growing API
Extendable, debuggable scripting language for automation
Multi-datatype memory dump
Basic debug symbol (PDB) support
Dynamic stack view
Built-in assembler (XEDParse/asmjit)
Executable patching
Analysis

> Download <

🦑WPA3-Attacks-IDS:

The drivers for most popular wireless adapters come pre-compiled with Kali Linux and there shouldn’t be a need to install them specifically. If one uses Ubuntu instead of Kali, they may need to install additional drivers for the NICs as required for proper functioning. Some of the attacks require our wireless card to have the ability to acknowledge frames sent to spoofed MAC addresses. For this we use the ath_masker kernel module by Vanhoefm, available at https://github.com/vanhoefm/ath_masker. Simply clone the git repository and then run ./load.sh in that folder from the terminal.

We need to install some necessary packages which can be done by running the below mentioned commands:

$ sudo apt-get install autoconf automake libtool shtool libssl-dev pkg-config
$ apt install pkg-config
$ apt install libnl-3-dev
$ apt install libssl-dev
$ apt install libnl-genl-3-dev

"


Several useful commands
To disable Wi-Fi in your network manager run

$ sudo airmon-ng check kill
$ sudo service network-manager stop
$ sudo rfkill unblock wifi

"

To check the list of connected NICs run

$ sudo airmon-ng

"

To put a particular NIC, say ’wlan0’, in monitor mode run

$ sudo ifconfig wlan0 down
$ sudo iw wlan0 set type monitor
$ sudo ifconfig wlan0 up
We can sniff the network and start a capture session in order to get important information such as the mac address of the access points(APs), the clients connected to it, the SSID’s present in the network, the channels on which the APs are operating, the supported authentication mechanism of the APs, etc. To do this put the NIC, say wlan0, in monitor mode and then run:

$ sudo airodump-ng wlan0
Installing and setting up Hostapd v2.9
Download and extract Hostapd v2.9 from https://w1.fi/releases/hostapd-2.9.tar.gz Next compile it by:

"

$ cd hostapd-2.9/hostapd
$ cp defconfig .config
$ make -j 2

"

We can set our configuration for hostapd in a .conf file . A file included in this repo, named ’wpa3.conf’ is an example of one such configuration.

We can then finally run hostapd as follows, #First disable Wi-Fi in the network manager. Then put the Alfa NIC in monitor mode. Then simply run:

$ sudo ./hostapd wpa3.conf -dd -K

"