underground.org.mx
0
  • Enero 18, 2020, 02:56:12 am
  • Bienvenido(a), Visitante
Por favor ingresa o regístrese.

Ingresar con nombre de usuario, contraseña y duración de la sesión
Búsqueda Avanzada  
Páginas: [1] 2 3 ... 7
 1 
 on: Enero 17, 2020, 08:36:53 am 
Iniciado por Kukulcan84 - Último mensaje por hkm
Hola Kukulcan84. Bienvenido al foro. Gracias por compartir el video.

Les recuerdo que si quieren embedir videos de Youtube es solo cuestion que usen el BBCode [html]. Si quieren un video de como hacerlo se los dejo aquí. Esta un poco largo el video, en realidad solo es copiar el codigo de Youtube y pegarlo entre tags de [html] ... [/html]


 2 
 on: Enero 16, 2020, 06:26:52 pm 
Iniciado por Kukulcan84 - Último mensaje por Kukulcan84
Saludos! 8)

Aquí les comparto este interesante vídeo sobre la historia del hackeo a la consola híbrida de la gran N, espero les guste. Pronto compartiré la segunda parte.



 3 
 on: Enero 15, 2020, 12:20:51 pm 
Iniciado por bl4sph3m - Último mensaje por hkm
Bienvenido bl4sph3m!

Gracias por crear este tipo de iniciativas, es una forma divertida de aprender sobre herramientas y técnicas de OSINT y Cyber Threat Intelligence.

Saludos.

 4 
 on: Enero 15, 2020, 10:21:57 am 
Iniciado por bl4sph3m - Último mensaje por bl4sph3m
Buenos días a todos!!

Año nuevo, proyectos nuevos.....


Hace poco me incorporé de lleno al mundo de Cyber Threat Intelligence, durante ya varios años me he desenvuelto en varios campos de la Seguridad Informática (Análisis forense, Hacking Etico, Desarrollo, Threat Hunting, etc...) y como ya lo he comentado en el tema de Inteligencia de Amenazas.


Y como regularmente sucede cuando uno comienza con algo nuevo e investigando acerca de recursos o fuentes de Ciberinteligencia, me encontré con una cuenta en Twitter en donde diariamente se publican retos para verificar el origen de una imagen, la hora del día en la que fue tomada, la ubicación exacta etc... Todo con el uso de herramientas OSINT, la gente que participa en ese foro, comparte la solución del reto transcurrido un tiempo definido de manera pública lo que ayuda al resto de los participantes a aprender de alguna nueva técnica o herramienta de investigación.


El concepto como tal está muy bueno, sólo que, no vi mucha participación de la comunidad latina en estos retos.  Por tal motivo decidí en conjunto con otros colaboradores esta iniciativa, tomando las bases de esa dinámica pero con el objetivo de impulsar la participación de los profesionales de Latinoamérica en estos retos.


Para estos efectos he creado la cuenta de twitter https://twitter.com/RetOsint donde publicaremos periódicamente retos (imágenes, videos o cualquier otro recurso) que ponga a prueba los conocimientos de los más desenvueltos en el campo y a su vez permita aprender las técnicas y herramientas empleadas para los mas nuevos.


Para conocer más acerca de la dinámica o como participar, visita nuestra cuenta de Twitter.  ;D


 5 
 on: Enero 14, 2020, 05:01:40 pm 
Iniciado por hkm - Último mensaje por hkm
Lista de las mejores técnicas de hacking web del 2019

Exploiting SSRF in AWS Elastic Beanstalk
Get pwned by scanning QR Code
Exploiting Null Byte Buffer Overflow for a $40,000 bounty
Infiltrating Corporate Intranet Like NSA: Pre-Auth RCE On Leading SSL VPNs
Unveiling vulnerabilities in WebSocket APIs
Reverse proxies & Inconsistency
Abusing HTTP hop-by-hop request headers
DOMPurify 2.0.0 bypass using mutation XSS
PHP-FPM RCE(CVE-2019-11043)
Security analysis of portal element
Exploiting prototype pollution - RCE in Kibana
At Home Among Strangers
HostSplit: Exploitable
Finding and Exploiting .NET Remoting over HTTP using Deserialisation
Microsoft Edge (Chromium) - Elevation of Privilege to Potential RCE
Remote Code Execution via Insecure Deserialization in Telerik UI
Cross-Site Leaks por SirDarckCat
Exploiting Spring Boot Actuators
Owning The Clout Through Server Side Request Forgery
The world of Site Isolation and compromised renderer
XSS in GMail's AMP4Email via DOM Clobbering
Common Security Issues in Financially-Oriented Web Applications
A Tale of Exploitation in Spreadsheet File Conversions
Uploading web.config for Fun and Profit 2
Far Side of Java Remote Protocols
All is XSS that comes to the .NET
The Cookie Monster in Your Browsers
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
Exploring Continuous Integration Services as a Bug Bounty Hunter
Exploiting Deserialisation in ASP.NET via ViewState
Don't open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, ...
Bypassing SOP Using the Browser Cache
SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP
Exploiting JNDI Injections in Java
Reusing Cookies
Abusing autoresponders and email bounces
HTTP Desync Attacks: Request Smuggling Reborn
Let's Make Windows Defender Angry: Antivirus can be an oracle!
SSO Wars: The Token Menace
XSS-Auditor — the protector of unprotected and the deceiver of protected
DoS via Web Cache Poisoning
Facebook Messenger server random memory exposure through corrupted GIF
Exploiting padding oracles with fixed IVs
Getting Shell with XAMLX Files
Apache Solr Injection Research
ESI Injection Part 2: Abusing specific implementations
Backchannel Leaks on Strict Content-Security Policy
Google Search XSS
IIS Application vs. Folder Detection During Blackbox Testing

Fuente y votación por el Top 10: https://portswigger.net/polls/top-10-web-hacking-techniques-2019
*La votación termina el 27 de enero.

 6 
 on: Enero 14, 2020, 08:05:49 am 
Iniciado por hkm - Último mensaje por hkm
"Getting Started With ATT&CK" es un Ebook (PDF) que contiene un compilado de publicaciones de MITRE sobre como utilizar correctamente el framework.


...during summer 2019 we decided to write a series of blog posts around getting
started with ATT&CK. The posts, inspired by Katie Nickels’ Sp4rkcon talk “Putting MITRE
ATT&CK into Action with What You Have, Where You Are,” were written by members of
the ATT&CK team and focused on what we consider ATT&CK’s four primary use cases.
For each use case, the authors laid out advice on how an organization could get started
with ATT&CK based on available resources and overall maturity.
This publication pulls together their collective wisdom, originally posted on Medium, into
a single package. We hope you read it and get some new ideas on getting started with
ATT&CK. Let us know what you think—we’d love to hear your feedback.

Adam Pennington
Principal Cybersecurity Engineer
ATT&CK Blog Editor in Chief
MITRE


https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf

 7 
 on: Enero 13, 2020, 10:34:51 pm 
Iniciado por electronicats - Último mensaje por electronicats




Description
Is she the goddess of cats? It’s Bast Pro Mini M0 !!! , with a powerful SAMD21E chip, a microcontroller based on ARM Cortex-M0 with low power consumption and high performance, makes it ideal for endless applications.

This chip operates at 48MHz, with 256KB programming memory, 32KB SRAM, works at a voltage of 1.6v to 3.6v, and is capable of working at temperatures from -40 ° to 85 ° !!! , is an impressive device.

This member of the Bast family. It has 19 pins, 6 of them are analog pins, 14 are digital, it is fully compatible with the pinout of the famous Arduino Pro Mini, it is also possible to carry out the programming of Bast Pro Mini M0 with a variety of programming languages such as Arduino, Circuit Python and Makecode thanks to the fact that it takes on board the Microsoft UF2 bootloader

Open Hardware Certified


Fully Arduino compatible


PINOUT
You can access to all this functionalities with Arduino Circuit python and MakeCode!


Comprar y más información en:

https://electroniccats.com/producto/bast-pro-mini-m0/



ELECTRONIC CATS ES UN EMPRESA QUE DISEÑA Y FABRICA SISTEMAS EMBEBIDOS PARA PUBLICO EN GENERAL Y EL SECTOR PRIVADO




 8 
 on: Enero 13, 2020, 10:30:09 pm 
Iniciado por electronicats - Último mensaje por electronicats




Description
Hunter Cat works detecting the quantity of magnetic stripe heads inside the card reader. Giving the user information by LEDs on the same Hunter Cat board. The scan process is simple. The user just have to insert and remove the Hunter Cat normally before inserting the bank card. The Hunter will take a second to process the information and giving the reading status with three different LEDs: Ok, Warning and Dangerous. With this information, the user could proceed or not depending on the alert LEDs.

How Hunter Cat Works

Hardware

The Hunter Cat runs over a SAMD11 with a CR2032 3V battery. According to Atmel SAM D11 datasheet, SAM D11 is a series of low-power microcontrollers using the 32-bit ARM® Cortex®-M0+ processor, and ranging from 14- to 24-pins with 16KB Flash and 4KB of SRAM. The SAM D11 devices operate at a maximum frequency of 48MHz and reach 2.46 Coremark/MHz.

The Hunter Cat board design has the same dimensions of a bank card. The only difference is that the Hunter Cat board is a little bit longer. The position of the magstripe hunters are in the same position of a normal magnetic stripe. The design follows the most important physical characteristics of ISO 7810/7816 for positioning. The Hunter Cat has four small pieces of metal in the front side. Those will be useful to interact with the sensors at some ATMs that detect the chip metal as trigger to open the compartment to insert the card.

The position of the magstripe triggers and the pieces of metal in the front side of the board will not affect the ATM reader or magstripe reader functionality. The pieces of metal that act as chip trigger to trick the ATM sensor are NOT connected to any voltage or signal to avoid any issues internally.

Understanding the Hunter Cat and its LEDs

Hunter Cat works detecting the quantity of magnetic stripe heads inside the card reader. The scan process is simple. Before inserting the bank card, the user just has to insert and remove the Hunter Cat like it was a normal card. The Hunter Cat will take a second to process the information and giving the reading results with three LEDs on the same board: Ok, Warning or Dangerous. With this information, the user could proceed or not, depending on the alert LED.

When the user inserts the battery for the first time, the three LEDs on the board will flash together four times. This indicates that Hunter Cat is ready to interact with magstripe readers.

If the Hunter Cat is not used in a lapse of 15 seconds, it will change from ready mode to sleep mode to save battery. When this transition occurs, the LEDs will flash separately one by one two times.

After the Hunter Cat is in sleep mode, the only way to wake it up is pressing the reset button or removing and inserting the battery. With this process, the Hunter Cat will be ready again to process more magstripe readings.

Note: If the user inserts and remove the Hunter Cat in a magstripe card reader, and the board does not flash any LED that means that none readers was detected at all.

Reading Process

After pressing the reset button or after inserting the battery, the LEDs will flash four times simultaneously, and the Hunter Cat will be ready to interact with magstripe readers. Inserting and removing the Hunter Cat is a normal process like using a normal card. This process takes less than a second to be completed.

The question is why the Hunter Cat has to be inserted and removed in a second or less? This will avoid that the ATM intersect the card and take it all the way into the ATM. Also as preventive mechanism, the Hunter Cat is longer in size that the normal card; adding that the battery holder could block this process as well.

Another important reason to insert and remove the Hunter Cat in less than a second is because the firmware calculates an average reading in one way and confirming on the way back. This gives a better and more accurate reading.


Comprar y más información en:

https://electroniccats.com/producto/huntercat/



ELECTRONIC CATS ES UN EMPRESA QUE DISEÑA Y FABRICA SISTEMAS EMBEBIDOS PARA PUBLICO EN GENERAL Y EL SECTOR PRIVADO




 9 
 on: Enero 13, 2020, 10:26:29 pm 
Iniciado por electronicats - Último mensaje por electronicats





Description
The new and more modern version of our famous magspoof has arrived, version 3 of this security tool has new features to highlight such as a USB port for charging via arduino, 32-bit ARM microcontroller and lipo battery charger.

Emulate magnetic bands in an easy and simple way, to audit terminals or card readers, the evolution of the famous tool created by Samy Kamkar now available to everyone, happy hacking!

The new in magspoof v3 is:
– Programming USB via Arduino IDE
– Microcontroller SAMD11 ARM 32 bit Cortex M0
– More Memory RAM and Flash
– Smaller size
– Coil included
– Charger battery lipo 3.7v

Comprar y más información en:

https://electroniccats.com/producto/magspoof-v3/



ELECTRONIC CATS ES UN EMPRESA QUE DISEÑA Y FABRICA SISTEMAS EMBEBIDOS PARA PUBLICO EN GENERAL Y EL SECTOR PRIVADO




 10 
 on: Enero 13, 2020, 10:19:29 pm 
Iniciado por electronicats - Último mensaje por electronicats





Are you interested in learning how LoRa works at the package level? Debugging your own LoRa hardware and trying to detect where something is wrong? Or maybe you’re writing a custom application for your Internet of Things (IoT) network with LoraWAN? We have the perfect tool for you!

This **CatWAN USB Stick** is programmed with a special firmware image that makes it an easy-to-use LoRa sniffer. You can passively capture the data exchanges between two LoRa devices, capturing with our “LoRa Sniffer” the open source network analysis tool that we have created to use together.

This device can work in networks LoRaWAN compatible with classes A, B and C, although we currently do not have a firmware for this way of working. The CatWAN firmware is completely open source and you can find it in our repository along with the schematic. If you want to reprogram this device you can do it through Arduino IDE and its USB port or if you do not have to use a J-Link. ATMEL-ICE or a DIY SWD programmer

This device has a SAMM21 ARM Cortex microcontroller at 48Mhz with native USB 2.1, with 256Kb for programming, compatible with Arduino and Circuit Python.

Check our repository for more details and software downloads!

***WARNING: This is a beta device, use it at your own risk***
**NOTE:** Basic Firmware is Blink, for [LoRa Sniffer upload firmware via Arduino](https://github.com/ElectronicCats/CatWAN_USB_Stick/blob/master/Fw/LoRa_PHY_Sniffer/LoRa_PHY_Sniffer.ino)

**Main characteristics**

– Works with any PC, Raspberry Pi or BeagleBone, even a smartphone or tablet
– Supports packet mode LoRa® (package mode) or LoRaWAN ™ Class A, B and C
– Compatible with The Things Network and other LoRaWAN networks
– Based on the RFM95
– RX LED as reception indicator, programmable by the user
– Easy reprogramming compatible with Arduino and Circuit Python
– Compatible with the [LoRaSniffer App](https://github.com/ElectronicCats/LoRa_Sniffer/releases)
– Open Source

**Specifications**

– Connectivity: USB 2.1
– Power Consumption: 140 ma typical TX, 20 ma idle (with power LED)
– Dimensions: 80 mm x 25 mm x 12 mm (without antenna)
– Receiver Sensitivity: down to -146 dBm
– TX Power: adjustable up to +18.5 dBm
– Range: up to 15 km coverage in suburban and up to 5 km coverage in urban areas


Comprar y más información en:

https://electroniccats.com/producto/catwan_usb-stick/



ELECTRONIC CATS ES UN EMPRESA QUE DISEÑA Y FABRICA SISTEMAS EMBEBIDOS PARA PUBLICO EN GENERAL Y EL SECTOR PRIVADO




Páginas: [1] 2 3 ... 7