Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Year in Search 2024: The Breakout Searches of the Year
https://undercodenews.com/year-in-search-2024-the-breakout-searches-of-the-year/
@Undercode_News
https://undercodenews.com/year-in-search-2024-the-breakout-searches-of-the-year/
@Undercode_News
UNDERCODE NEWS
Year in Search 2024: The Breakout Searches of the Year - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Unleashing the Power of #Android's Hidden Notification History Shortcut
https://undercodenews.com/unleashing-the-power-of-androids-hidden-notification-history-shortcut/
@Undercode_News
https://undercodenews.com/unleashing-the-power-of-androids-hidden-notification-history-shortcut/
@Undercode_News
UNDERCODE NEWS
Unleashing the Power of Android's Hidden Notification History Shortcut - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐จ A Critical Vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) Products
https://undercodenews.com/a-critical-vulnerability-in-privileged-remote-access-pra-and-remote-support-rs-products/
@Undercode_News
https://undercodenews.com/a-critical-vulnerability-in-privileged-remote-access-pra-and-remote-support-rs-products/
@Undercode_News
UNDERCODE NEWS
A Critical Vulnerability in Privileged Remote Access (PRA) and Remote Support (RS) Products - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#Tesla Revamps its Star: Refreshed Model Y Juniper Set for China Launch
https://undercodenews.com/tesla-revamps-its-star-refreshed-model-y-juniper-set-for-china-launch/
@Undercode_News
https://undercodenews.com/tesla-revamps-its-star-refreshed-model-y-juniper-set-for-china-launch/
@Undercode_News
UNDERCODE NEWS
Tesla Revamps its Star: Refreshed Model Y Juniper Set for China Launch - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ #AI-Powered Neurophysiology: Nervio Appoints Dr Richard Vogel as US CEO
https://undercodenews.com/ai-powered-neurophysiology-nervio-appoints-dr-richard-vogel-as-us-ceo/
@Undercode_News
https://undercodenews.com/ai-powered-neurophysiology-nervio-appoints-dr-richard-vogel-as-us-ceo/
@Undercode_News
UNDERCODE NEWS
AI-Powered Neurophysiology: Nervio Appoints Dr Richard Vogel as US CEO - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#OpenAI's 12 Days of Innovation: A Recap
https://undercodenews.com/openais-12-days-of-innovation-a-recap/
@Undercode_News
https://undercodenews.com/openais-12-days-of-innovation-a-recap/
@Undercode_News
UNDERCODE NEWS
OpenAI's 12 Days of Innovation: A Recap - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ ๏ธ #Intel Core Ultra 200S: A Patchy Performance Fix
https://undercodenews.com/intel-core-ultra-200s-a-patchy-performance-fix/
@Undercode_News
https://undercodenews.com/intel-core-ultra-200s-a-patchy-performance-fix/
@Undercode_News
UNDERCODE NEWS
Intel Core Ultra 200S: A Patchy Performance Fix - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ฑ #Apple's M1 MacBook Air: Still a Steal at 49
https://undercodenews.com/apples-m1-macbook-air-still-a-steal-at-49/
@Undercode_News
https://undercodenews.com/apples-m1-macbook-air-still-a-steal-at-49/
@Undercode_News
UNDERCODE NEWS
Apple's M1 MacBook Air: Still a Steal at 49 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE TESTING
๐ฆ๐ก๐๐๐ฅ๐ฐ๐๐ซ๐ ๐๐ง๐๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐๐ข๐ฉ: ๐๐ฉ๐จ๐ญ๐ญ๐ข๐ง๐ ๐๐ง๐ญ๐ข-๐๐ข๐ฌ๐๐ฌ๐ฌ๐๐ฆ๐๐ฅ๐ฒ ๐๐ซ๐ข๐๐ค๐ฌ ๐ก
While analyzing malware, a common anti-disassembly technique to watch for is the use of a ๐๐จ๐ง๐๐ข๐ญ๐ข๐จ๐ง๐๐ฅ ๐ฃ๐ฎ๐ฆ๐ฉ ๐ฐ๐ข๐ญ๐ก ๐ ๐๐จ๐ง๐ฌ๐ญ๐๐ง๐ญ ๐๐จ๐ง๐๐ข๐ญ๐ข๐จ๐ง.
Take the snippet below as an example:
The code starts with ๐๐๐ ๐๐๐, ๐๐๐, which clears the ๐ฌ๐จ๐ฟ register and, as a result, sets the zero flag (๐๐ญ).
Immediately after, a conditional jump (๐๐) checks the state of the zero flag.
Since ๐๐๐ ๐๐๐, ๐๐๐ guarantees ZF will ๐๐๐๐๐๐ be set, the jump is effectively unconditional. However, to automated tools or disassemblers, it may appear as conditional, complicating static analysis.
๐ ๐พ๐๐ ๐ ๐๐๐ ๐๐๐๐ ๐๐๐๐๐๐?
Malware authors use this technique to:
โ Obfuscate control flow.
โ Confuse disassembly tools.
โ Make reverse engineering more time-consuming.
Ref: AIT ICHOU Mustapha
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
While analyzing malware, a common anti-disassembly technique to watch for is the use of a ๐๐จ๐ง๐๐ข๐ญ๐ข๐จ๐ง๐๐ฅ ๐ฃ๐ฎ๐ฆ๐ฉ ๐ฐ๐ข๐ญ๐ก ๐ ๐๐จ๐ง๐ฌ๐ญ๐๐ง๐ญ ๐๐จ๐ง๐๐ข๐ญ๐ข๐จ๐ง.
Take the snippet below as an example:
The code starts with ๐๐๐ ๐๐๐, ๐๐๐, which clears the ๐ฌ๐จ๐ฟ register and, as a result, sets the zero flag (๐๐ญ).
Immediately after, a conditional jump (๐๐) checks the state of the zero flag.
Since ๐๐๐ ๐๐๐, ๐๐๐ guarantees ZF will ๐๐๐๐๐๐ be set, the jump is effectively unconditional. However, to automated tools or disassemblers, it may appear as conditional, complicating static analysis.
๐ ๐พ๐๐ ๐ ๐๐๐ ๐๐๐๐ ๐๐๐๐๐๐?
Malware authors use this technique to:
โ Obfuscate control flow.
โ Confuse disassembly tools.
โ Make reverse engineering more time-consuming.
Ref: AIT ICHOU Mustapha
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Secret Weapon: #Tesla's Cybertruck Wiper Unveils Hidden Efficiency Boost
https://undercodenews.com/secret-weapon-teslas-cybertruck-wiper-unveils-hidden-efficiency-boost/
@Undercode_News
https://undercodenews.com/secret-weapon-teslas-cybertruck-wiper-unveils-hidden-efficiency-boost/
@Undercode_News
UNDERCODE NEWS
Secret Weapon: Tesla's Cybertruck Wiper Unveils Hidden Efficiency Boost - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE TESTING
๐ฆ The Complete Shodan Guide โ A Treasure Trove for Cybersecurity Professionals! ๐๐
Thrilled to share The Complete Shodan Guide, an essential resource for anyone interested in exploring the depths of the internet using Shodan, the search engine for connected devices.
This guide is packed with:
โ Step-by-step instructions for using Shodan effectively.
โ Techniques to uncover exposed devices and vulnerabilities.
โ Practical use cases for penetration testing and threat analysis.
Ref: Dhikonda GopiDhikonda Gopi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Thrilled to share The Complete Shodan Guide, an essential resource for anyone interested in exploring the depths of the internet using Shodan, the search engine for connected devices.
This guide is packed with:
โ Step-by-step instructions for using Shodan effectively.
โ Techniques to uncover exposed devices and vulnerabilities.
โ Practical use cases for penetration testing and threat analysis.
Ref: Dhikonda GopiDhikonda Gopi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
๐ Israeli Court to Hear US Extradition Request for Alleged LockBit Developer
https://undercodenews.com/israeli-court-to-hear-us-extradition-request-for-alleged-lockbit-developer/
@Undercode_News
https://undercodenews.com/israeli-court-to-hear-us-extradition-request-for-alleged-lockbit-developer/
@Undercode_News
UNDERCODE NEWS
Israeli Court to Hear US Extradition Request for Alleged LockBit Developer - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andโฆ
Forwarded from UNDERCODE TESTING
๐ฆ105 Windows Event IDs For SIEM Monitoring
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Izzmier Izzuddin ZulkepliIzzmier Izzuddin Zulkepli
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Izzmier Izzuddin ZulkepliIzzmier Izzuddin Zulkepli
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from DailyCVE
๐ด OpenShift Must Gather Operator, Improper Input Validation (Snyk-GOLANG-GITHUBCOMOPENSHIFTMUSTGATHEROPERATORCONTROLLERSMUSTGATHER-7278175) - High
https://dailycve.com/openshift-must-gather-operator-improper-input-validation-snyk-golang-githubcomopenshiftmustgatheroperatorcontrollersmustgather-7278175-high/
@Daily_CVE
https://dailycve.com/openshift-must-gather-operator-improper-input-validation-snyk-golang-githubcomopenshiftmustgatheroperatorcontrollersmustgather-7278175-high/
@Daily_CVE
DailyCVE
OpenShift Must Gather Operator, Improper Input Validation (Snyk-GOLANG-GITHUBCOMOPENSHIFTMUSTGATHEROPERATORCONTROLLERSMUSTGATHERโฆ
2024-12-20 Vulnerability : This article describes a high severity vulnerability in the OpenShift Must Gather Operator. An improper input validation [โฆ]
Forwarded from DailyCVE
๐ด Spring Framework, Path Traversal, #CVE-XXXX-XXXX (High)
https://dailycve.com/spring-framework-path-traversal-cve-xxxx-xxxx-high/
@DailyCVE
https://dailycve.com/spring-framework-path-traversal-cve-xxxx-xxxx-high/
@DailyCVE
DailyCVE
Spring Framework, Path Traversal, CVE-XXXX-XXXX (High) - DailyCVE
2024-12-20 : A critical vulnerability, classified as a Path Traversal, has been identified in the Spring Framework. This vulnerability allows [โฆ]
Forwarded from DailyCVE
๐ Logback-core Expression Language Injection Vulnerability (#CVE-TBD) - Moderate
https://dailycve.com/logback-core-expression-language-injection-vulnerability-cve-tbd-moderate/
@Daily_CVE
https://dailycve.com/logback-core-expression-language-injection-vulnerability-cve-tbd-moderate/
@Daily_CVE
DailyCVE
Logback-core Expression Language Injection Vulnerability (CVE-TBD) - Moderate - DailyCVE
2024-12-20 This article describes a moderate severity vulnerability (CVE-ID pending) in QOS.CH logback-core versions up to 1.5.12. This vulnerability allows [โฆ]
Forwarded from DailyCVE
๐ต QOSch logback-core, Server-Side Request Forgery (SSRF), #CVE-2024-12801 (Low)
https://dailycve.com/qosch-logback-core-server-side-request-forgery-ssrf-cve-2024-12801-low/
@Daily_CVE
https://dailycve.com/qosch-logback-core-server-side-request-forgery-ssrf-cve-2024-12801-low/
@Daily_CVE
DailyCVE
QOSch logback-core, Server-Side Request Forgery (SSRF), CVE-2024-12801 (Low) - DailyCVE
2024-12-20 What Undercode Says: This blog post highlights a Server-Side Request Forgery (SSRF) vulnerability (CVE-2024-12801) identified in QOS.ch logback-core version [โฆ]