🚨 The Evolving Threat of BADBOX: A Global #Malware Epidemic

https://undercodenews.com/the-evolving-threat-of-badbox-a-global-malware-epidemic/

@Undercode_News

🦑Windows Event IDs For SIEM Monitoring

1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379

Ref: Moham Hamadi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛡️ Albanian Government Bans #TikTok for a Year to Improve School Safety

https://undercodenews.com/albanian-government-bans-tiktok-for-a-year-to-improve-school-safety/

@Undercode_News

Killsec #Ransomware Group Targets Davis Products Company Inc

https://undercodenews.com/killsec-ransomware-group-targets-davis-products-company-inc/

@Undercode_News

🔋 Killsec #Ransomware Targets Greene Supply Company

https://undercodenews.com/killsec-ransomware-targets-greene-supply-company/

@Undercode_News

Killsec #Ransomware Group Targets Blome International

https://undercodenews.com/killsec-ransomware-group-targets-blome-international/

@Undercode_News

Killsec #Ransomware Targets Two Businesses

https://undercodenews.com/killsec-ransomware-targets-two-businesses/

@Undercode_News

🔋 Killsec #Ransomware Targets GPM Lawn Sprinkler Supply

https://undercodenews.com/killsec-ransomware-targets-gpm-lawn-sprinkler-supply/

@Undercode_News

Killsec #Ransomware Group Targets Bright Bolt Enterprises Inc

https://undercodenews.com/killsec-ransomware-group-targets-bright-bolt-enterprises-inc/

@Undercode_News

SQream CEO Steps Down After 14 Years, Company Restructures

https://undercodenews.com/sqream-ceo-steps-down-after-14-years-company-restructures/

@Undercode_News

🛡️ Houthi Missiles Challenge Israeli Air Defenses

https://undercodenews.com/houthi-missiles-challenge-israeli-air-defenses/

@Undercode_News

🦑 Step-by-step breakdown of the journey of a URL:

1️⃣ DNS Resolution:
🔸 Your browser doesn’t understand domain names like mypage.com. It first queries a DNS (Domain Name System) to translate the human-readable domain into an IP address, so it knows where to find the server.

2️⃣ Cache Check:
🔸 Before the DNS query, the system checks local caches (browser, operating system, router, etc.) to see if the IP address is already stored for faster access.

3️⃣ TCP/IP Handshake:
Once the server IP is found, a TCP (Transmission Control Protocol) connection is established. This involves a three-step handshake:
🔸 SYN: Your browser says, "Can we connect?"
🔸 SYN-ACK: The server responds, "Sure, let’s connect!"
🔸 ACK: Your browser confirms, "Great, let’s proceed!"

4️⃣ HTTP Request:
🔸 Your browser sends an HTTP/HTTPS request to the server for the specific resource (e.g., HTML, CSS, JavaScript, images).

5️⃣ Server Response:
🔸 The server processes the request and responds with a status code (e.g., 200 OK, 404 Not Found, 500 Server Error) along with the requested data.

6️⃣ Rendering the Web Page:
🔸 The browser engine parses the HTML to build a DOM (Document Object Model) tree.
🔸 It parses CSS to create a CSSOM (CSS Object Model) tree.
🔸 JavaScript is executed, the DOM is updated, and the layout is computed.
🔸 Finally, the render tree is painted on the screen, turning raw code into the visual content you see.

✨ All this happens in seconds or less!
This process is a beautiful blend of networking, systems engineering, and browser technologies, working seamlessly to bring the internet to life.

Ref: Fadi Kazdar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛡️ XTEND Secures 8 Million Pentagon Contract for Cutting-Edge #AI-Powered #Drones

https://undercodenews.com/xtend-secures-8-million-pentagon-contract-for-cutting-edge-ai-powered-drones/

@Undercode_News

The Enduring Legacy of Mysore Sandal Soap: A Timeless Fragrance

https://undercodenews.com/the-enduring-legacy-of-mysore-sandal-soap-a-timeless-fragrance/

@Undercode_News

🤖 The #AI-Powered Sales Revolution: How Intelligent Agents Are Transforming B2B

https://undercodenews.com/the-ai-powered-sales-revolution-how-intelligent-agents-are-transforming-b2b/

@Undercode_News

A Multi-Player Game: #Microsoft CEO on the Competitive #AI Landscape

https://undercodenews.com/a-multi-player-game-microsoft-ceo-on-the-competitive-ai-landscape/

@Undercode_News

Can a Tweet Derail a 00 Million Cyber-Tech Deal?

https://undercodenews.com/can-a-tweet-derail-a-00-million-cyber-tech-deal/

@Undercode_News

🖥️ Israeli Fintech Morning Acquired by Italy's TeamSystem for 50 Million

https://undercodenews.com/israeli-fintech-morning-acquired-by-italys-teamsystem-for-50-million/

@Undercode_News

Extract all endpoints from a JS File and take your bug Method