Wednesday, June 24, 2020

at No comments:

Protestor storm the people's palace in kinshasha

The governor of the city of Kinshasa, Gentiny Ngobila Happy, tried to calm the protesters this Wednesday, June 2020, 24 around the People's Palace in Kinshasa.
The latter, despite the intervention of the city's first citizen, continued their protest movement against the bills introduced by national MPs Aubin Minaku and Garry Sakata on justice reform.
Protesters simply demand the rejection by the office of the lower house of Parliament of these bills, which they call unconstitutional.
at No comments:

Unidentified armed men attack mungamba and 3 FARDC soldiers believed to had died in that attack!!!

Unidentified armed men attacked Mungamba, a town on the border between Irumu and Mambasa territories more than 60 km south of Bunia in Ituri.

According to Maître Laurent Kieya of the NGO Convention for the Defense of Forest Peoples, CODEPEF which quotes the administrator of the Irumu territory, it is since the evening of Tuesday to Wednesday June 24, 2020 that the attack began .
At least 3 FARDC soldiers are believed to have died in the incident, the source said, a figure not yet confirmed by the military.

"It is since last night that we learned that there was an attack n by unidentified elements in one of the localities between the territories of Mambasa and Irumu," as he elaborated to news outlets in the territory.

For the moment, reports Maître Laurent, traffic is suspended on the national road number 04 going from Beni to Kisangani where this attacked village is located.

"The population is tumbling, commercial activities are slowing down, shops and stores have not opened," he said.

This new attack comes only a few days before the installation in the area of ​​a FARDC position following an express request from the local population.
at No comments:

1 FARDC soldier dies , 8 CODECO militia men captured by FARDC in an intense fighting in Dyaro in the territory of Djugu

The armed Forces of the Democratic Republic of Congo, FARDC announced this Wednesday June 24, 2020 to have captured eight CODECO militiamen in Dyaro, the afternoon of Tuesday June 23 in the sector of walendu-Pitsi, territory of Djugu.
"Yesterday in Dyaro in the territory of Djugu in the Walendu-Pitsi sector, the armed forces were attacked by a group of CODECO attackers and this attack ended in bitter failure and strong FARDC military pressure on the rebels. Crude information shows a great CODECO commander by the name of Ndekote neutralized with eight other elements, "said, lieutenant Jules Ngongo, army spokesperson in Ituri.

During the fighting, one FARDC element lost their lives and others were injured, the source said.

Lieutenant Jules Ngongo also reassured control of the situation by the regular army before calling on the militiamen not to be obstinate and to lay down their arms to avoid what he called "supreme punishment of the armed forces".

The population asked the officer to continue to trust and work with the regular army to put an end to the activism of armed groups in Ituri province.
at No comments:

AL-Shabab has claimed the suicide bomber detonated inside the Turkish military training base in Somalia’s capital Mogadishu that left two civilians dead on Tuesday.



“The attack occurred as new military cadets were doing their morning drills”. Col. Ahmednor Abdulle, a Somali military officer said.
This was the first time attack targeted by Turkey’s largest overseas military base in Somalia since the Turkish government launched military camp supporting Somali military to fight Shabab strongholds militant based in Somalia
The Turkish Defense Ministry in a statement said a Somali citizen was killed and one other person was wounded. It said no Turkish personnel were hurt and there was no damage to the barracks.
“Terrorist organization and its supporters who carried out this cowardly attack and We will not leave our Somali brothers alone in their fight against terrorist organizations,” said Turkish Defense Minister in a statement.
According to the initial information, the assailant tried to enter the base but later shot by the guards after he refused the commands by the Somali soldiers in front of the main gate.
at No comments:

Tuesday, June 23, 2020

Fully automated offensive security framework for reconnaissance and vulnerability scanning plus threat intelligence.

 Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
Installation
cd Osmedeus
./install.sh
This install only focuses on Kali Linux, check more install on the Usage page .
NOTE: You might need to do sudo su before installing or using this otherwise you might get issues with dependency problems.
Using Docker:
If you have no idea what are you doing just type the command below or check out the
Advanced Usage
./osmedeus.py -t example.com
Features
Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Separate workspaces to store all scan output and details logging.
REST API.
React Web UI.
Support Continuous Scan.
Slack notifications.
Easily view report from the command line.
INSTALLATION
For Kali Linux 
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
For unix OS 
Change default shell and package manager on top of the install file and you will be fine to run.
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
For MacOS 
Install golang officially or use homebrew and nmap, masscan. Change default shell and package manager on top of the install file and you will be fine to run.
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
Using Docker 
Check out docker-osmedeus by mabnavarrete for docker installation.
TL;DR
Run this command to pull the container and install Osmedeus.
Installation 
docker run -d --net host --name osmedeus mablanco/osmedeus
Simple usage 
docker exec -it osmedeus ./osmedeus.py --client -t example.com
or access container through bash then navigate to ~/ and you’re good to go.
docker exec -it osmedeus /bin/bash -i
Access the UI 
Credentials by default will place in
~/.osmedeus/config.conf . Make sure to change the Remote API in the Configuration tab to your interface that you’re running docker.
Setup REST API server on the remote server 
Open your tmux or whatever and run the API server persistence by using this command
python3 server/manage.py runserver
or
python3 server/manage.py runserver 0.0.0.0:8000
if you want to bind this server on other IP and port.
Run osmedeus client 
Open your tmux or whatever and run on that machine too (recommendation)
./osmedeus -t example.com
or if you really want to run a client on your server just do
./osmedeus -t example.com --remote http://your_remote_ip:port
Check out sercurity concern to protect your server.
Osmedeus use Django authentication system to manage users and create a token.
You directly create a new user by using this command below.
python3 server/manage.py createsuperuser
These users also used to login on Web UI.
Example Commands
# normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt
# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'
# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'
# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"
./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder
# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder
# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full
at No comments:

VLC vulnerability, CVE-2020-13428!! Your VLC media player may place your computer to security risks.

The well-known open-source media player VLC  recently released (read full vulnerability report here)a security bulletin and released a new version. This security bulletin contains a high-risk level security vulnerability.
This security vulnerability can trigger the remote execution of arbitrary code. Of course, the vulnerability has been fixed before disclosure, so users need to upgrade to a new version. The security
vulnerability is CVE-2020-13428.
The vulnerability mainly affects the hardware accelerated codec that comes with the VLC player, and the codec with the vulnerability is only used on macOS and iOS.
This means that versions such as Windows, Linux, and Android are not affected. Of course, other vulnerabilities are fixed this time so all users need to perform the upgrade.
In terms of vulnerability exploitation, the attacker only needs to create a targeted media file and induce the user to play this media file, as long as the user uses VLC to play.
Of course, we should remind everyone here that files of unknown daily origin should not be opened easily, even media files such as videos or music.
at No comments:
Subscribe to: Comments (Atom)