Why transfer data in HTTP headers :

1) Usually, predictable technical information is conveyed in HTTP headers, so not all programs for logging and traffic analysis have the function of saving the contents of HTTP headers. For example, Apache usually (it depends on the setting of the log format) stores such HTTP header fields as Referer and User-Agent . If you want, you can configure Apache to save the data submitted by the POST method, but this is usually not done, since the logs begin to take up too much space.

2) As for storing other HTTP header fields, this is in principle possible, but this requires enabling and configuring the mod_log_forensic module , this also happens infrequently, plus storing a large amount of practically unnecessary data.

3) Therefore, there are certain reasons to use HTTP headers for data transfer, since GET requests are saved almost always, POST requests are rarely saved, and HTTP headers are almost never saved.

4) Among the popular applications that use the HTTP header field to transfer data, you can at first recall PhpSploit - "a hidden framework for subsequent exploitation", in short, a Trojan, a PHP backdoor for web servers.

BY ABSHQ

Create OpenSSL Certificate with Ansible

 Create OpenSSL Certificate with Ansible :

1) When working with OpenSSL, public keys are derived from the corresponding private key.

The first step will always be to generate a private key using a specific algorithm.

2) For production use, you need a Certification Authority (CA) or Certification Authority that is responsible for signing a certificate that you can trust on the Internet.

Since we are talking about Dev and Lab use cases, we are creating a self signed certificate.

3) Create OpenSSL Certificate with Ansible
In the examples shown in this article, the private key is named hostname_privkey.pem, the certificate file is hostname_fullchain.pem, and the CSR file is hostname.csr, where hostname is the actual DNS for which the certificate was generated.
Before we start

$ sudo dnf install ansible

$ sudo yum -y install epel-release
$ sudo yum install ansible

$ sudo apt update
$ sudo apt install software-properties-common
$ sudo apt-add-repository --yes --update ppa:ansible/ansible
$ sudo apt install ansible

$ echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
$ sudo apt update
$ sudo apt install ansible

$ pacman -S ansible
Confirm the Ansible installation by checking the version.

$ ansible --version
ansible --version
ansible 2.9.11
config file = None
configured module search path = ['/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.9.11/libexec/lib/python3.8/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 3.8.5 (default, Jul 21 2020, 10:48:26) [Clang 11.0.3 (clang-1103.0.32.62)]
Install dependencies
pyOpenSSL is required to generate keys and certificates using Ansible.

$ sudo pip install pyOpenSSL

$ sudo pip3 install pyOpenSSL
Writing an Ansible playbook to generate a self signed certificate
With the dependencies installed, we need to start creating the certificate using Ansible.

We will make a single playbook with tasks for creating a private key, CSR and certificate.

I'll walk through each feature block by block, and later we'll combine everything to get a working playbook.

Create project folders:

$ mkdir -p ~/projects/ansible/{certificates,files,templates}
$ cd ~/projects/
$ tree
.
`-- ansible
|-- certificates
|-- files
`-- templates

4 directories, 0 files
Create a playbook template

$ vim ~/projects/ansible/openssl_certificates.yml
Add standard sections.
---
- hosts: localhost
vars:

BY ANONYMOUS BLACK SEC

 Types and behaviors of hackers According :

　　
1) To my understanding, "hackers" should be roughly divided into two categories: "positive" and "evil". Decent hackers rely on their knowledge to help system administrators find loopholes in the system and To be improved, and evil sect hackers use various hacking skills to attack, invade, or do other things harmful to the network, because evil sect hackers are engaged in things that violate the "Hacker Code", so their real names It is called "Cracker" instead of "Hacker", which is what we often hear of "Cacker" and "Hacker".

2) Regardless of the type of hacker, their initial learning content will be the content involved in this part, and the basic skills they master will be the same. Even if they each embarked on a different path in the future, they did the same thing, but the starting point and purpose were different.

3) Many people once asked me: "What do you usually do as a hacker?

» Isn't it very exciting?" Some people understand hackers as "doing boring and repetitive things every day." In fact, these are misunderstandings. Hackers usually need to spend a lot of time to learn. I don’t know if this process has an end or not. I only know "the more the better." Since learning hackers is entirely out of personal hobbies, there is no such thing as "boring"; repetition is inevitable, because "practice makes perfect". Only through constant contact and practice can one experience something that can only be expected and unspeakable.

4) In addition to learning, hackers should apply their knowledge to practice. No matter what kind of hackers do, the fundamental purpose is to master what they have learned in practice.

By ABSHQ

What is Cybercrime? Types, Tools, Examples

 What is Cybercrime? Types, Tools, Examples:beginner:

:cycloneIn this tutorial, you will learn :

• What is Cybercrime?
• Example of Cybercrime
• Cybercrime Attack Types
• Cyber Crime Tools

:o: Link :

https://telegra.ph/What-is-Cybercrime-Types-Tools-Examples-10-17

:sparkles:This tutorial is for beginners not for professionals

Share and Support :heart:

How to block .git in Apache, Nginx and Cloudflare?

 

How to block .git in Apache, Nginx and Cloudflare?

A) Nginx
If you are using Nginx you can add the following location directive in nginx.conf file

location ~ /\.git {
deny all;
}

Alternatively, you can return a 404 error if you don't want an attacker to assume that you have .git on your server.
location ~ /\.git {
return 404;
}
In this case, the server will return an HTTP 404 status code.
Whatever you choose, remember to restart Nginx after changing the configuration.

> service nginx restart

B) Apache HTTP
Let's see how to block access to .git on Apache web server.

You can use RedirectMatch or DirectoryMatch for this.

Using RedirectMatch is probably the easiest.

You just need to add the following to your httpd.conf or .htaccess file.

RedirectMatch 404 /\.git
The above setting will give 404 when someone accesses .git and the following will show 403.

RedirectMatch 403 /\.git
Then let's try using the DirectoryMatch rule by adding the following to the httpd.conf file.
<DirectoryMatch "^/.*/\.git/">
Deny from all
</Directorymatch>
Restart Apache and try to access the url including .git; it will show the server a 403 Forbidden error.

C) Cloudflare
But as you can guess, this will only work if your site is running over the Cloudflare network.

Sign in to Cloudflare
Go to Firewall >> Firewall Rules >> Create a Firewall rule tab.
Name the rule - GIT
Select field –- URI
Operator - contains
Value - .git
Choose an action - Block and save
It will take approximately 1 minute to propagate the rule to all Cloudflare datacenters.
After that, Cloudflare will do the rest.

BY ABSHQ

Does your phone have ROOT? Mobile phone vulnerabilities after ROOT cannot be prevented

 Does your phone have ROOT? Mobile phone vulnerabilities after ROOT cannot be prevented :

1) Maybe your phone ROOT is just to install a game and install a tool. To us ordinary people, ROOT represents convenience and freedom. In fact, what you don't know is that it also brings convenience and freedom for hackers to violate your privacy. See how the mobile phone after ROOT opens the door for loopholes.

2) Even when all the information is disclosed, Android Root application developers still have an unknown side.

🦑ROOT also opens the door for vulnerability exploitation

The latest research found that by promoting powerful root applications, the few app distributors are putting millions of Android users in a very dangerous situation. Root programs can easily be reverse engineered, allowing malware to use exploit tools to bypass important security checks on Android.

1) On Thursday, researchers from the University of California, Riverside, published a report entitled " Android Root and its suppliers: a double-edged sword " at the ACM Computer and Communication Security Conference . They spent a month of free time reverse engineering A Root tool contains 167 vulnerabilities. In the end, the researchers concluded that by providing a large variety of highly customized vulnerabilities, root vendors can easily lead to reverse engineering and are difficult to detect, which raises the security risk for all Android users.

2) ROOT: a double-edged sword

Researchers from the University of California, Riverside put forward in the paper:

"We found that they are not only working hard to integrate and integrate known exploits, but also to develop new exploits in order to remain competitive. However, these exquisite exploits are not well protected. Once they fall into the wrong hands, they will Cause extremely dangerous effects."

New Way Hacking

Leaked By ABSHQ

Create Netflix Accounts Using OrangeTV | New Method

 Create Netflix Accounts Using OrangeTV | New Method:beginner:

:cycloneMethod To Create Private Netflix Accounts With OrangeTV

:o:Link:

https://bit.ly/3kcub4X

:small_red_triangle:Share And Support Us:small_red_triangle_down:

Smart Checker V0.1 – Fast Minecraft Checker

 :beginner:Smart Checker V0.1 – Fast Minecraft Checker:beginner:

:cyclone:Fast Minecraft Checker
:cyclone:Good With Public Proxies

:o:Link:

https://anonfiles.com/B6F986d4pf/SmartChecker_v0.1_by_patko250705_8211_rar

:small_red_triangle:Share And Support Us:small_red_triangle_down:

How To Make Azure RDP For 1 Hour | Repeatable You Can Create Unlimited RDPs

  How To Make Azure RDP For 1 Hour | Repeatable You Can Create Unlimited RDPs

But it is not easy For Everyone So I found one method by which you can Create Unlimited Azure RDP With any specs Only Problem is : 

This RDP only work for 1 Hours. But it is Repeatable So You Can Create New RDP Every Hour.

It is Working I just tested now. 

Method: 

1. Open New Incognito Window in Chrome.

2. Open This Link : https://docs.microsoft.com/en-us/learn/modules/create-windows-virtual-machine-in-azure/

3. Click on Blue "Start" Button.

4. Scroll Down and Click Blue "Continue" till You Reach on Unit 3 of 7.

5. Click on White "Sign in to activate sandbox" Button. It will Redirect You to Microsoft Page.

6. Click on "Create One!" Button

7. Now You have 2 Options Whether You Choose to Sign up through outlook or Hotmail or You Can Use Temp Mail From Tempm.com

8. Fill All necessary Details, Solve Puzzle and Make New Account.

9. Wait 1-2 Second Than Click on Next Button and Choose any Display Name & Country.

10. Select "Student" In Roles and "Beginner" in Level and "Azure" in Products and click ok.

11. Now Scroll and Click Continue till you reach Unit 5 of 7.

12. Now scroll Little bit and find and Click on Azure Portal written in blue under "Download the RDP file" Heading.

13. It will open new tab. Now sign in with Same Account Here and than click on subscription button on azure portal.

14. As You can see there is not any active subscription. So go back to fast tab and scroll up and click on White "Activate Sandbox" Button.

15. Now wait for some loading than scroll down and click on continue till you finish topic and than go back to 2nd tab and reload You will Get Subscription For 1 Hour Now You can Create RDP with This Method.

P.S It shows sometime error that Sandbox Suspended Because of unusual activity. No Worry just change IP or wait for 1-2 hours It will Work again. (You can also make new RDP on old RDP It will save you from suspension )

By Anonymous Black Sec

334,777X OPEN SOURCE PROJECTS - FREE - SEARCH ENABLED GREAT WEBSITE | TONS OF CODE

 :fire: 334,777X OPEN SOURCE PROJECTS - FREE - SEARCH ENABLED GREAT WEBSITE | TONS OF CODE

Find Open Source By Searching, Browsing and Combining 7,000 Topics Across 59 Categories And 334,777 Projects
Search, browse and combine topics

User Interface Components x514
Become A Software Engineer At Top Companies x Sponsored
Security x396
Machine Learning x347
User Interface x330
Networking x315
Data Processing x276
Programming Languages x245
Media x239
Frameworks x215
Control Flow x213
Web User Interface x210
Applications x192
Content Management x175
Learning Resources x166
Hardware x152
Text Processing x136
Data Storage x135
Software Quality x133
Libraries x129
Games x129
Application Programming Interfaces x124
Operations x121
Build Tools x113
Graphics x110
Runtime Environments x100
Messaging x98
Operating Systems x89
Community x83
Computer Science x80
Cloud Computing x80
Data Formats x78
Artificial Intelligence x78
Blockchain x73
Software Development x72
Software Architecture x72
Virtualization x71
Mapping x64
Economics x64
Compilers x63
Companies x60
Software Performance x58
Package Managers x55
Mathematics x55
Text Editors x49
Integrated Development Environments x49
Command Line Interface x49
Web Browsers x42
Science x42
Configuration Management x42
Collaboration x32
Version Control x30
Legal x29
Code Quality x28
Social Media x27
Web Servers x26
Lists Of Projects x22
Marketing x15
Advertising x10

:link: Link: https://awesomeopensource.com/

Ano:fire:

By

An

x22 Hotstar Premium Accounts

  x22 Hotstar Premium Accounts

by PremiumHost

Leaked By ABSHQ

 jogi4795@gmail.com:Vicky@4u
Plan: Disney+ Hotstar VIP
This Acc. reached its Screen Limit,Use it Later

Expires On: 02 Aug, 2021 [308 Days Left]
Telegram id: @PremiumHostTG - 
================
drnnkmmc@gmail.com:Kalpanaa1
Plan: Disney+ Hotstar VIP
Expires On: 28 May, 2021 [242 Days Left]
Telegram id: @PremiumHostTG - 
================
dilipkumark71@gmail.com:kr4830dk
Plan: Disney+ Hotstar VIP
Expires On: 01 Sep, 2021 [338 Days Left]
Telegram id: @PremiumHostTG - 
================
p.murari23@gmail.com:new.2905
Plan: Disney+ Hotstar VIP
This Acc. reached its Screen Limit,Use it Later

Expires On: 20 Jun, 2021 [265 Days Left]
Telegram id: @PremiumHostTG - 
================
sandydoll.dolls@gmail.com:moon@123
Plan: Disney+ Hotstar VIP
This Acc. reached its Screen Limit,Use it Later

Expires On: 14 Sep, 2021 [351 Days Left]
Telegram id: @PremiumHostTG - 
================
gsaran136@gmail.com:ammu1994@01
Plan: Disney+ Hotstar VIP
Expires On: 15 Apr, 2021 [199 Days Left]
Telegram id: @PremiumHostTG - 
================
pawangaur2010@gmail.com:pawan@143
Plan: Disney+ Hotstar VIP
Expires On: 21 Sep, 2021 [358 Days Left]
Telegram id: @PremiumHostTG - 
================
nitinkapoor003@gmail.com:Sachincpw
Plan: Disney+ Hotstar All Sports
This Acc. reached its Screen Limit,Use it Later

Expires On: 27 Jan, 2021 [121 Days Left]
Telegram id: @PremiumHostTG -