Lazy Hacker

  Mr. Robot (TV Series 2015-2019) Citizenfour (2014) CyberHell (Exposing An Internet Horror) Hacker 2016 Live Free or Die Hard 2007 Snowden 2016 Blackhat 2015 Who AM I 2014 Trust No One: The Hunt for the Crypto King Web of Make Believe: Death, Lies and the Internet

Regular phishing awareness should be done in the organization. Regular 2FA/MFA hacking awareness should be done in the organization. The Phishing campaign should be run internally in the organization to check the employee's awareness. Reward the employees if they successfully pass the phishing internal check . So that all other employees remember it. Reward the employees who tell about the phishing email or any phishing activity. This creates a positive impact in the organization and the team. The common misconception people have with the standard form of MFA (SMS, Touch, Push) is that it prevents social engineering . Although it MFA protects against an attack, it's commonly still vulnerable to a MITM phishing attack . Check the example of Uber Hack 2022   Take a regular quiz related to phishing and reward some of the employees who pass the quiz. This will motivate others. Always check the domain name while entering the username and password. Make this a habit. Block ph

The company has reported that it is investigating a cyber security incident and also alerted the law-enforcement authorities. Uber is on high alert after a hacker claimed that the ride-hailing giant has suffered a data breach. The alleged breach had reportedly forced Uber to take several internal communications and engineering systems offline. Screenshot from Twitter  vxunderground How this attack worked initially (According to news and Twitter): You all are thinking that how the attacker bypassed the MFA?  An extremely common misconception people have with standard forms of MFA (push/touch/mobile) is that it prevents social engineering. Although MFA can protect against an attacker who only has the victim's credentials, it is commonly still vulnerable to MiTM attacks. Check the analysis of the Uber attack, he has explained it clearly https://mobile.twitter.com/BillDemirkapi/status/1570602097640607744 Some mitigation to avoid these hacks: Regular phishing awareness should be done in

Introduction to Cybersecurity Cybersecurity Essentials Networking Essentials Android Bug Bounty Hunting: Hunt Like a Rat Ethical Hacking Essentials (EHE) Digital Forensics Essentials (DFE) Network Defense Essentials (NDE) Introduction to Dark Web, Anonymity, and Cryptocurrency AWS Skill Builder Introduction to Cybersecurity Building a Cybersecurity Toolkit Cyber Aces Free Cyber Security Training Course Introduction to Information Security Penetration Testing - Discovering Vulnerabilities

Let's Contribute All Together For Creating a Questions Dump What are the vulnerabilities you have to test in the Login form, Payment gateway? What is clickjacking? What is the mitigation of clickjacking? What is CSRF? How to mitigate CSRF? Let's take an example, If a developer implements a CSRF token in a cookie, will it mitigate the CSRF issue? Is it possible to mitigate the CSRF by header? If yes why, if No why? If the data is in JSON format, how you will check the CSRF issue and what are the ways of exploitation? Where to implement the CSRF token and why? If the client doesn't want to change the UI or doesn't want to implement the CSRF tokens, and headers then what mitigation you recommended to the client for CSRF? What is the problem with the per-request token? Is login CSRF possible? Explain login CSRF? Have you ever exploited it? What is the mitigation for login CSRF? Suppose, in an application csrf token is implemented in each request and every request, except th

  A new version is here now: So now the solution is here: Access my Github URL  https://github.com/crazywifi/Veracode_XML_Report_To_Excel_File_Converter Download any file [Python or EXE]. Copy the EXE file/Python file to the Veracode XML report file folder. Run the command “Veracode_XML_to_Excel.exe Veracode_XML_File.xml” or “python3 Veracode_XML_to_Excel.py Veracode_XML_File.xml” The output report will generate by the name “Veracodeout.xlsx” Features of this script: 1. You can convert the XML file to Excel. 2. The Excel file includes: * Severity * Vulnerability Name * IssueID * Description * Remediation * SourcePath * Line Number * Mitigation Status *  Vulnerability severity name with color *  Mitigation Status 3. Remediation is in a separate column 4. The Severity is converted to strings like Critical, High, Medium, Low, and Informational. I hope this tool will make your life a little easier 😀

This tool is used to run binaries through Burp, tools like SSLscan, Nmap, FFUF, etc. The binaries that give the output on the terminal can be used in this Burp extension. I am not sure if this Burp extender will make your life easy or not. I have made it for learning purpose. Download:   https://github.com/crazywifi/BurpBinaryRunner

Copied from Kaspersky ATM Hack ATM is a jackpot for criminals, it is a metal box that contains lots of cash. ATM is just a computer often a windows computer with an input device like a touch screen and buttons. It also has  cassettes which hold lots of cash. In older days and in today's time, the easy tactic is to steal the cassette. 😀 Check this video , how the security researcher hack the ATM  A true story of 2013: Bank & ATM Hack Just imagine, how you feel when ATM starts dispensing cash without your touch. It feels like magic. What we don't understand, we think it's magic or some supernatural phenomenon, but I think if we don't understand that doesn't mean that there is no science or technical process behind it, just we don't know about that.  This story is about ATM and bank hacking. In late 2013 an ATM started dispensing cash at random time more often at night. No one had touched or put in the card, the cameras capture that scene. A guy came with a du

  Steps: 1. Install WSL2 Open Powershell as Administrator and run the below command. If it's already installed, it will show you WSL options. Restart the system. wsl --install   https://docs.microsoft.com/en-us/windows/wsl/install 2. On Powershell run the below command and restart the system. Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux 3. In Powershell run the below command. dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart 4. Download the Linux kernel and install it. https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi 5. Open Powershell and run the below command to set WSL2 as the default version. wsl --set-default-version 2 6. Recheck the WSL version in Powershell. wsl --list --verbose 7. Install your Linux distribution from the Microsoft store. https://aka.ms/wslstore Ubuntu 18.04 LTS Ub

Hello Everyone,  Finally, after one week of work, I learned many new things in Jython as well as in Java. When you will see the functionality of this Burp extension, it looks like it needs only one day of development, but for me, it took 1 week because I had zero knowledge of it but yes I know a little bit of Python. But now after one week of time, I can make this type of Burp extender that automates the process and make our life easy. What are the problems I faced while developing it, don't judge me, some are dumb questions to myself: How to create a Burp extension in Jython? What is JPanel and how to use it? How to run Tor proxy in Windows? How to run Tor Proxy in the background? How to kill the process in Windows? How to create a button in Jython? How to change color? etc....etc.....etc...... Download:   https://github.com/crazywifi/TOR_Proxy_Burp_Extension