🌐 Safepay #Ransomware Group Targets City of Marlow Website

https://undercodenews.com/safepay-ransomware-group-targets-city-of-marlow-website/

@Undercode_News

⚠️ #HP Wolf Security Study Uncovers Hidden Security Gaps in Devices: Are Your Endpoints at Risk?

https://undercodenews.com/hp-wolf-security-study-uncovers-hidden-security-gaps-in-devices-are-your-endpoints-at-risk/

@Undercode_News

🦑105 Windows SIEM Use Cases

1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379

ref: Shahaz Mz
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔧 Secret Blizzard Leverages #Cybercrime Tools to Target Ukraine

https://undercodenews.com/secret-blizzard-leverages-cybercrime-tools-to-target-ukraine/

@Undercode_News

🚨 Critical Vulnerability in Hunk Companion Plugin Enables Malicious Attacks

https://undercodenews.com/critical-vulnerability-in-hunk-companion-plugin-enables-malicious-attacks/

@Undercode_News

🔐 Phone Phishing Gang Disrupted: International Arrest Sweep

https://undercodenews.com/phone-phishing-gang-disrupted-international-arrest-sweep/

@Undercode_News

🦑 AI-powered ethical hacking :

: Features

- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.

» Supported Ethical Hacking Tools :

1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.

» Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.



System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.

» Dependencies
- Linux (Debian-based) :
- Installations:

    sudo apt -y install exploitdb libreadline-dev wget nmap crackmapexec nuclei
    

- Git-based exploitdb:

    sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
    sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
    

»Installation
Docker Installation
1. Pulling the image :

   docker pull berylliumsec/nebula:latest
   

2. Running without GPU :

   docker run --rm -it berylliumsec/nebula:latest
   

3. Running with GPU :

   docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
   

4. Autonomous mode :
- Default vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --targets_list /app/targets.txt
     

- Custom NMAP vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt
     

PIP Installation
1. Install:

   pip install nebula-ai
   

2. Run:

   nebula
   

3. For elevated privileges:

   sudo pip install nebula-ai
   sudo nebula

» Linux Post-Installation
1. Add the installation path to your .zshrc:

   export PATH="$HOME/.local/bin:$PATH"
   

Nebula-Watcher (Optional Component)
PIP Installation

pip3 install nebula-watcher

Docker Installation
1. Pull the image:

   docker pull berylliumsec/nebula_watcher:latest
   

2. Run:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest
   

Customize diagram name:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name

   

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Google's Project Astra: A Glimpse into the Future of #AI

https://undercodenews.com/googles-project-astra-a-glimpse-into-the-future-of-ai/

@Undercode_News

⚡️ The Intersection of CTMU and QCI: A New Frontier in Emergent Intelligence

https://undercodenews.com/the-intersection-of-ctmu-and-qci-a-new-frontier-in-emergent-intelligence/

@Undercode_News

🔋 aarnâ Launches #AI-Powered #Crypto Investment Product, âfi 802

https://undercodenews.com/aarna-launches-ai-powered-crypto-investment-product-afi-802/

@Undercode_News

🦑 Bitcoin Core Integration and Development:

>> What is Bitcoin Core?
Bitcoin Core is the reference implementation of Bitcoin, connecting to the peer-to-peer Bitcoin network. Its primary functions include:
- Downloading and fully validating blocks and transactions.
- Serving as a wallet.
- Providing an optional graphical user interface (GUI).

Binary versions are available for immediate use at [Bitcoin Core Downloads](https://bitcoincore.org/en/download/).

>> Licensing
Bitcoin Core is licensed under the MIT License, allowing free use and modification. Details can be found in the COPYING file or at the [MIT License site](https://opensource.org/licenses/MIT).

>> Development Process
- Master Branch: Continuously built and tested but may not always be stable.
- Release Branches and Tags: Created regularly to mark stable releases.
- GUI Development: Exclusively managed in the [bitcoin-core/gui repository](https://github.com/bitcoin-core/gui). This repository mirrors the monotree's master branch and does not have release branches or tags.

>># Contribution
Developers can follow the workflow in CONTRIBUTING.md. Additional insights and guidelines are in doc/developer-notes.md.

>> Testing and Quality Assurance
>># Automated Testing:
1. Unit Tests: Recommended for all new code and improvements to existing code. Use ctest to compile and run unit tests.
2. Regression and Integration Tests: Written in Python, executed with:

   build/test/functional/test_runner.py
   

3. CI Systems: Automatically test pull requests across Windows, Linux, and macOS platforms.

>># Manual Testing:
- Requires a reviewer distinct from the code author, particularly for substantial or high-risk changes.
- Adding a clear test plan in pull request descriptions is encouraged for complex changes.


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛠️ #Google's Quantum Leap: Willow Chip and Error Correction Breakthrough

https://undercodenews.com/googles-quantum-leap-willow-chip-and-error-correction-breakthrough/

@Undercode_News

🚨 #Data Breach Exposes Sensitive Information of 446,000 Patients at Center for Vein Restoration

https://undercodenews.com/data-breach-exposes-sensitive-information-of-446000-patients-at-center-for-vein-restoration/

@Undercode_News

🛡️ Chinese Hacker Charged for Targeting Sophos Firewalls

https://undercodenews.com/chinese-hacker-charged-for-targeting-sophos-firewalls/

@Undercode_News

🦑100% FREE classes for a pathway into cybersecurity and ethical hacking

Foundations:
Help Desk
➡️TCM Security Academy – Practical Help Desk (https://lnkd.in/geDEvt6d)
➡️Professor Messer – 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)

Networking
➡️Professor Messer – N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
➡️Cisco Networking Academy – Packet Tracer (https://lnkd.in/guGibYx6)

Linux
➡️TCM Security Academy – Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
➡️Linux Journey (https://linuxjourney.com/)
➡️OverTheWire – Bandit (https://lnkd.in/gRwPsump)

Programming
➡️TCM Security – Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
➡️FreeCodeCamp (https://lnkd.in/gbaHhV34)
➡️Codecademy (https://lnkd.in/gxAHnTFD)

Security Essentials
➡️Professor Messer – SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)

Hacking Essentials
➡️Ethical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
➡️Ethical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
➡️TryHackMe (https://tryhackme.com/)

Active Directory Hacking
➡️How to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
➡️Hacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)

Web Application Hacking
➡️PortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
➡️Hacker101 (https://www.hacker101.com/)
➡️Bugcrowd University (https://lnkd.in/g_aPUcD8)

Ref: Heath Adams
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ #Google Workspace: A New #AI-Powered Productivity

https://undercodenews.com/google-workspace-a-new-ai-powered-productivity/

@Undercode_News

Informative #Samsung #Galaxy S23 Series: A Closer Look at the Exynos 2200 Chipset

https://undercodenews.com/informative-samsung-galaxy-s23-series-a-closer-look-at-the-exynos-2200-chipset/

@Undercode_News

🔋 #Tesla Stock Charges Towards Record Highs as 2024 Nears Close

https://undercodenews.com/tesla-stock-charges-towards-record-highs-as-2024-nears-close/

@Undercode_News