The Office Returns: #AT&T Mandates In-Person Work, But Lacks Desks

https://undercodenews.com/the-office-returns-att-mandates-in-person-work-but-lacks-desks/

@Undercode_News

🦑Video Link Injection Vulnerability:

The application is vulnerable to a link injection attack in the email content generated from the contact form. This vulnerability allows an attacker to inject malicious links into form fields, such as the "First Name" field, which are then included in the system-generated email. A successful exploitation can lead to phishing attacks, where users are redirected to fraudulent websites that may steal sensitive information like login credentials.

Ref: Aditay Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE LABS RED TEAM/BLUE TEAM and CTF SKILLS TO 2025:

Share with your network and friends.
· Attack-Defense - https://attackdefense.com
· Alert to win - https://alf.nu/alert1
· Buffer Overflow Labs - https://lnkd.in/eNbEWYh
· CryptoHack - https://cryptohack.org/
· CMD Challenge - https://cmdchallenge.com
· Cyberdefenders - https://lnkd.in/dVcmjEw8
· Damn Vulnerable Repository - https://lnkd.in/dEitQx6H
· Defend The Web - https://defendtheweb.net/
· Exploitation Education - https://exploit.education
· Google CTF - https://lnkd.in/e46drbz8
· HackTheBox - https://www.hackthebox.com
· Hacker101 - https://ctf.hacker101.com
· Hacking-Lab - https://hacking-lab.com/
· ImmersiveLabs - https://immersivelabs.com
· Infinity Learning CWL - https://lnkd.in/dbx-VhXu
· LetsDefend- https://letsdefend.io/
· NewbieContest - https://lnkd.in/ewBk6fU5
· OverTheWire - http://overthewire.org
· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
· Pentestlab - https://pentesterlab.com
· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
· PentestIT LAB - https://lab.pentestit.ru
· PicoCTF - https://picoctf.com
· PWNABLE - https://lnkd.in/eMEwBJzn
· Root-Me - https://www.root-me.org
· Red Team Exercises - https://lnkd.in/dMBfz-Sp
· Root in Jail - http://rootinjail.com
· SANS Challenger - https://lnkd.in/e5TAMawK
· SmashTheStack - https://lnkd.in/eVn9rP9p
· The Cryptopals Crypto Challenges - https://cryptopals.com
· Try Hack Me - https://tryhackme.com
· Vulnhub - https://www.vulnhub.com
· Vulnmachine - https://lnkd.in/eJ2e_kD
· W3Challs - https://w3challs.com
· WeChall - http://www.wechall.net
· Websploit - https://websploit.org/
· Zenk-Security - https://lnkd.in/ewJ5rNx2

Ref: Joas A Santos
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔒 #Ransomware Group Flocker Targets KS CORP

https://undercodenews.com/ransomware-group-flocker-targets-ks-corp/

@Undercode_News

OnePlus 13R Confirmed with Snapdragon 8 Gen 3 Ahead of India Launch

https://undercodenews.com/oneplus-13r-confirmed-with-snapdragon-8-gen-3-ahead-of-india-launch/

@Undercode_News

🦑🎄CyberAdvent Day 21: pyDescribeSDDL - Simplify Windows SDDL Analysis

🔐 Ever struggled with decoding SDDL strings during audits or pentests? With pyDescribeSDDL, you can transform Security Descriptor Definition Language (SDDL) strings into readable insights effortlessly!

🛠 What is pyDescribeSDDL?
pyDescribeSDDL is a Python tool designed to parse and describe the contents of SDDL strings, making it easier to analyze Access Control Entries (ACEs), Access Control Lists (ACLs), and associated SIDs and GUIDs.

🔑 Key Features
1️⃣ Human-readable summaries: Use the --summary option to output clear and concise access information.
2️⃣ ACE Parsing: Supports detailed analysis of all major ACE types
3️⃣ SID Resolution: Automatically resolve well-known SIDs to their human-readable names.
4️⃣ GUID Parsing: Decode well-known GUIDs for easier interpretation.

📂 Check out pyDescribeSDDL here: https://github.com/p0dalirius/pyDescribeSDDL

Ref: Rémi Gascou (Podalirius)Rémi Gascou
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🎮 #Amazon Prime Video: New Rules Limit TV Streaming to Two Devices

https://undercodenews.com/amazon-prime-video-new-rules-limit-tv-streaming-to-two-devices/

@Undercode_News

📱 The Lava Blaze Duo 5G: A Dual-Screen Smartphone Arrives in India

https://undercodenews.com/the-lava-blaze-duo-5g-a-dual-screen-smartphone-arrives-in-india/

@Undercode_News

🦑Web Vulnerability Resource - XSS

Unferstanding XSS Attack
https://lnkd.in/dg9THu25

XSS Filter Evasion by johnermac
https://lnkd.in/dk_gpSRP

Payloads XSs Evasion by citybasebrooks
https://lnkd.in/d4YQjBxE

XSS Resource by BruteLogic
https://lnkd.in/dcVG-RSX

XSS Challegens
https://lnkd.in/dhcbNe6d
https://lnkd.in/dif8SVjK

How to Find XSS by HackerOne
https://lnkd.in/dvqNm5bT

Learning about Cross Site Scripting (XSS)
https://lnkd.in/dYETX2VV

XSS CheatSheet by Portswigger Labs
https://lnkd.in/dAxxwj4

Hacktivity XSS by HackerOne
https://lnkd.in/dNNM86wx

XSS Explained by NahamSec
https://lnkd.in/dJiTs2td

XSS Stored, Blind, Reflected and DOM by InsiderPhD
https://lnkd.in/d9KzwBfd

Web Hacking Beyond Alert by Wild West
https://lnkd.in/djbgjFS8

XSS Tools
XSSTRIKE https://lnkd.in/dJkuhQ4X
Dalfox https://lnkd.in/dp_UnjGM
XSSMap https://lnkd.in/dgfqdEhj
FinDOM XSS https://lnkd.in/dffQm67D

Ref: Joas A SantosJoas A Santos
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

📊 Automating #CrowdStrike RFM Reporting with #AI in Tines

https://undercodenews.com/automating-crowdstrike-rfm-reporting-with-ai-in-tines/

@Undercode_News

🤖 US to Blacklist Sophgo After Chip Found in #Huawei #AI Processor

https://undercodenews.com/us-to-blacklist-sophgo-after-chip-found-in-huawei-ai-processor/

@Undercode_News

📱 The #Microsoft 365 App Gets a #Copilot-Centric Makeover

https://undercodenews.com/the-microsoft-365-app-gets-a-copilot-centric-makeover/

@Undercode_News

📚 Level Up Your Tech Skills: Free IT Training for Nigerians by the Government

https://undercodenews.com/level-up-your-tech-skills-free-it-training-for-nigerians-by-the-government/

@Undercode_News

🎮 Streamlining Success: 21 #Digital Marketing Strategies to Automate Repetitive Tasks

https://undercodenews.com/streamlining-success-21-digital-marketing-strategies-to-automate-repetitive-tasks/

@Undercode_News

🔐 20-Year Prison Sentence for Romanian Hacker Involved in NetWalker #Ransomware Attacks

https://undercodenews.com/20-year-prison-sentence-for-romanian-hacker-involved-in-netwalker-ransomware-attacks/

@Undercode_News

🖥️ #YouTube to Crack Down on Clickbait in India: A Step Towards a More Trustworthy Platform

https://undercodenews.com/youtube-to-crack-down-on-clickbait-in-india-a-step-towards-a-more-trustworthy-platform/

@Undercode_News

🦑[𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 - 𝐀𝐂𝐓𝐈𝐕𝐄 𝐃𝐈𝐑𝐄𝐂𝐓𝐎𝐑𝐘 𝐏𝐄𝐍𝐓𝐄𝐒𝐓]

Whether you are preparing for a certification or need to sharpen your skills for your pentests.

🤓Here is a list of resources 🤓:

𝐍𝐞𝐞𝐝 𝐭𝐨 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞?
👉Set up and AD home lab with this blog post from spookysec:
https://lnkd.in/d-Dt7PBA

👉You also have a script here to set up a Vulnerable AD lab by WazeHell
https://lnkd.in/dyZS6WWr

👉 Check out the dedicated section on Active Directory of PenTips
https://lnkd.in/dhTP_eyt

👉Here is a collection of various common attack scenarios on Microsoft Azure Active Directory by Cloud-Architekt:
https://lnkd.in/dnFfRRMM

👉Julien Provenzano ☁️ shared a great document full of resources here:
https://lnkd.in/d-skx-R3

👉Finally here is an Active Directory Exploitation Cheat Sheet by Integration-IT
https://lnkd.in/dBijrUjT

Resources Credit : Gabrielle
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SOC Architectures & Frameworks: Key to Cybersecurity! 🚨
As cyber threats grow, choosing the right Security Operations Center (SOC) and framework is crucial. Here’s a quick guide:
SOC Architectures:
Centralized SOC: One location, best for large organizations.
Decentralized SOC: Multiple locations, ideal for global companies.
Virtual SOC: Cloud-based, cost-effective for SMBs.
Hybrid SOC: Combines all models, offering flexibility.
Popular Frameworks:
NIST CSF: Risk-based, customizable.
MITRE ATT&CK: Helps improve threat detection.
ISO 27001: Compliance-focused, globally recognized.
CIS Controls: Simple, prioritized security controls.
Key Considerations: Budget, company size, risk level, and compliance needs. Make the right choice to protect your organization!

Ref: in pdf
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

𝐋𝐀𝐁 15 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬: 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫 𝐀𝐧𝐭𝐢-𝐃𝐢𝐬𝐚𝐬𝐬𝐞𝐦𝐛𝐥𝐲 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬