-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. GUI to Manage Software Restriction Policies and harden Windows Home OS.
Hard_Configurator ver. 6.0.0.0 (October 2021)
This version supports also Windows 11.
Please note: From the ver. 5.1.1.1, the Recommended Settings on Windows 8+ works differently as compared to ver. 5.0.0.0 (and prior). From the ver. 5.1.1.1, the Recommended Settings and some other predefined setting profiles use = ON, which whitelists the EXE and MSI files in ProgramData and user AppData folders (other files are blocked like in ver. 5.0.0.0). If one is happy with blocking the EXE and MSI files in ProgramData and user AppData folders, then it is necessary to set = OFF.
From version 4.1.1.1 (July 2019) Hard_Configurator installer and all its executables are signed with "Certum Code Signing CA SHA2" certificate (Open Source Developer Andrzej Pluta).
Version 6.0.0.0 (stable)
1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON
Restrictions> change the background color from green to blue.
2. Fixed some minor bugs.
3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler,
mscorsvw, ngen, ngentask, vbc.
5. Added SLK and ELF file extensions to the default protected extensions in SRP and RunBySmartscreen.
6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be
used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should
be used only by very experienced users.
7. New version of ConfigureDefender:
- Added some useful information to the Help and manual.
- Added "Send All" setting to Automatic Sample Submission.
- Updated ASR rules (1 new rule added).
- Added the Warn mode to ASR rules.
- Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
- Added the <Info> button next to the Protection Levels buttons. It displays information about which settings are enabled in DEFAULT,
HIGH, INTERACTIVE, and MAX Protection Levels.
- Redesigned slightly the layout of the Exploit Guard section.
- Added support for event Id=1120.
- Added CFA setting BDMO = Block Disk Modifications Only - folders will not be protected, but some important disk sectors will be
still protected (Id = 1127).
8. Added support for Windows 11.
Hidden Content
Give reaction to this post to see the hidden content. -
By dEEpEst
WifiPhisher – WiFi Crack and Phishing Framework
Wifiphisher is an open source framework that can be utilised for red team engagements for wireless networks through Man in the Middle attacks. The tool is capable of using the modern wifi association techniques, such as Known Beacons, KARMA, and Evil Twin. With the ‘Known Beacons’ technique, Wifiphisher broadcasts ESSIDs that are known to the audience. KARMA is a masquerading technique where Wifiphisher acts like a public network. Evil Twin is the most common technique where rogue access points are created. Moreover, the tool can also be used to launch phishing attacks for stealing social account credentials and payload injections against wifi clients.
Wifiphisher Installation
wifiphisher clonning Wifiphisher requires a wireless network adapter that must be capable of packet injection and support monitoring mode. Wifiphisher is supported by Linux OS with Kali Linux as the officially supported distribution. The installation can be performed by cloning the tool from Github using the following command:
git clone https://github.com/wifiphisher/wifiphisher.git After cloning the tool, move to the Wifiphiser directory and run the installation file using the following command.
cd wifiphisher sudo python setup.py install wifiphisher-installation
How Wifiphisher Works
Wifiphisher can be launched with or without any parameters or options. To run the tool without setting any options, just type wifiphisher or python bin/wifiphisher in the terminal. The tool looks for the appropriate wifi interface and opens in a GUI mode as shown in the following screenshot.
wifiphisher searching for access points After the GUI interface is open, the tool searches for available wifi networks (ESSIDs) in the surrounding area. The target ESSID can be selected through the up/down arrow keys.
wifiphisher found aps As mentioned earlier, the tool is capable of performing all the modern MITM WiFi attacks. KARMA and Evil Twin are the default attack modes of Wifiphisher. The Evil Twin attack can be performed by running the tool with the following command options.
wifiphisher -aI wlan0 -jI wlan1 -p firmware-upgrade --handshake-capture handshake.pcap The above command uses wlan0 interface as a rogue access point where victims can connect. The wlan1 with –jI flag is used to launch a Denial of Service (DoS) attack. The DoS attack prevents users from connecting to the real access point. The firmware-upgrade option is displayed to the users to enter the wifi key to connect and upgrade the (fake) firmware. The handshake argument in the command verifies that the user provided key is authentic.
wifiphisher firm-upgrade attack Wifiphisher is not limited to stealing WiFi credentials. It can be used to inject malicious code/malware into a victim’s machine using plugin-update scenario.
wifiphisher --essid Office_Wifi -p plugin_update -pK <Pre-shared Key> The above command sends a plugin update option to the ESSID named as Office_Wifi. The WiFi key (pre-shared key) is known to the attacker in this scenario. Victims who perform the plugin update task actually download malicious code in their machines. The code can be a malware or a shell that can provide remote access to the attacker. Similarly, Wifiphisher can also be used to steal social network credentials of the users.
wifiphisher --noextensions --essid "Free wifi" -p oauth-login -kB The above command asks the users to connect to the Free wifi ESSID by entering their social account credentials like FB.
wifiphisher stealing social credentials -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Creating a Dev Environment in AWS with Terraform by Philip Afable
If you work in Azure development, this course from CloudSkills.io can show you some best practices for setting up a development environment in AWS. Instructor Philip Afable introduces you to Terraform and shows you how to download and start using it. Philip covers the Lambda function, including how to set it up, write it, troubleshoot it, and update it. He explains how to create a Simple Queue Service (SQS) queue and link this new queue to your Lambda function. Philip concludes with how you can use WorkSpaces and manage regions in your development and production environments.
Note: This course was created by CloudSkills.io. We are pleased to host this training in our library.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Disclaimer
Any actions and or activities related to Zphisher is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law.
This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way.
This Tool is made for educational purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here!
It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someones social media. However you may try out this at your own risk.
Features
Latest and updated login pages.
Mask URL support
Beginners friendly
Docker support (checkout docker-legacy branch)
Multiple tunneling options
Localhost
Ngrok (With or without hotspot)
Cloudflared (Alternative of Ngrok)
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Simplest Multi-currency wallet for WordPress. (step by step guide here). You can add any token from https://etherscan.io/tokens, https://bscscan.io/tokens (or your own ERC20 or BEP20 token), Matic tokens. All other cryptocurrencies are not supported.
Hidden Content
Give reaction to this post to see the hidden content.
Hidden Content
Give reaction to this post to see the hidden content.
-
