8️⃣Web Application Attacks
There are a variety of strategies for attacks on web applications. For example, SQL injection attacks manipulate queries by injecting unauthorized, malicious SQL statements. Typically SQL injections are used to find and read, change, or delete sensitive information they wouldn’t otherwise have access to. SIEM solutions can monitor activity from web applications, and can flag any abnormal activity, and use event correlation to see if any other changes took place during this event.

9️⃣Phishing
Phishing uses deceptive emails or other means of communication to get malware past the perimeter or access credentials. These emails often contain malicious links or attachments embedded in emails. Once an attacker has legitimate credentials, they can seemingly login to a system without issue and attempt to escalate their privileges to gain root access and full control of the system. However, SIEM solutions are able to monitor employee behavior. For example, a SIEM could track authentication activities. While an attacker’s credentials may be legitimate, their location or login time may be different. Any unusual authentication attempts would create an event in real time, enabling an analyst to lock out the user pending investigation.

🔟Centralizing Your Security with SIEM
Ultimately, SIEM solutions do more than just monitor your environment for these attacks. They centralize and normalize data streams, streamlining the investigation process for security analysts. By escalating only events that have been prioritized as truly risky, analysts don’t have to waste time looking into benign threats and can reduce dwell times and the risk of damage to the organization.

Source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LINUX FILE SYSTEM

Time to test your hashtag#Linux skills: What does /𝐮𝐬𝐫 mean?

The Linux file system used to resemble an unorganized town where individuals constructed their houses wherever they pleased. However, in 1994, the Filesystem Hierarchy Standard (FHS) was introduced to bring order to the Linux file system.

By implementing a standard like the FHS, software can ensure a consistent layout across various Linux distributions. Nonetheless, not all Linux distributions strictly adhere to this standard. They often incorporate their own unique elements or cater to specific requirements.

To become proficient in this standard, you can begin by exploring. Utilize commands such as "cd" for navigation and "ls" for listing directory contents. Imagine the file system as a tree, starting from the root (/). With time, it will become second nature to you, transforming you into a skilled Linux administrator.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑8 Popular Network Protocols

🦑Top CPUs for cracking in 2024:

1. AMD Ryzen 9 7950X3D – Best for gaming with 3D V-Cache technology.

2. Intel Core i9-14900K – High performance for multitasking and gaming.

3. AMD Ryzen 7 7800X3D – Great balance between performance and price.

4. Intel Core i7-14700K – A top choice for budget-conscious users.

5. AMD Ryzen 9 7900X – Excellent for content creation and heavy workloads.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑btc bruteforce:

A Go program designed to create private keys, derive corresponding public keys from the private keys, and then check that the generated wallet addresses have funds.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 skimmer!

A skimmer is a sneaky device placed over legitimate card readers—like ATMs or payment terminals—that steals your card info. Sometimes, there’s a PIN pad overlay too, recording every keystroke you make. Scary, right?

🔍 How to Spot a Skimmer:

1. Check for loose or bulky parts on the card reader.

2. Wiggle the card slot—if it moves, be suspicious.

3. Look for mismatched colors or anything that looks “off.”

4. Always cover your hand when entering your PIN.

Remember, these thieves thrive on speed and stealth. Stay sharp, stay secure!

source: Nathan House
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑105 Windows SIEM Use Cases

1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379

ref: Shahaz Mz
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 AI-powered ethical hacking :

: Features

- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.

» Supported Ethical Hacking Tools :

1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.

» Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.



System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.

» Dependencies
- Linux (Debian-based) :
- Installations:

    sudo apt -y install exploitdb libreadline-dev wget nmap crackmapexec nuclei
    

- Git-based exploitdb:

    sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
    sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
    

»Installation
Docker Installation
1. Pulling the image :

   docker pull berylliumsec/nebula:latest
   

2. Running without GPU :

   docker run --rm -it berylliumsec/nebula:latest
   

3. Running with GPU :

   docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
   

4. Autonomous mode :
- Default vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --targets_list /app/targets.txt
     

- Custom NMAP vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt
     

PIP Installation
1. Install:

   pip install nebula-ai
   

2. Run:

   nebula
   

3. For elevated privileges:

   sudo pip install nebula-ai
   sudo nebula

» Linux Post-Installation
1. Add the installation path to your .zshrc:

   export PATH="$HOME/.local/bin:$PATH"
   

Nebula-Watcher (Optional Component)
PIP Installation

pip3 install nebula-watcher

Docker Installation
1. Pull the image:

   docker pull berylliumsec/nebula_watcher:latest
   

2. Run:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest
   

Customize diagram name:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name

   

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bitcoin Core Integration and Development:

>> What is Bitcoin Core?
Bitcoin Core is the reference implementation of Bitcoin, connecting to the peer-to-peer Bitcoin network. Its primary functions include:
- Downloading and fully validating blocks and transactions.
- Serving as a wallet.
- Providing an optional graphical user interface (GUI).

Binary versions are available for immediate use at [Bitcoin Core Downloads](https://bitcoincore.org/en/download/).

>> Licensing
Bitcoin Core is licensed under the MIT License, allowing free use and modification. Details can be found in the COPYING file or at the [MIT License site](https://opensource.org/licenses/MIT).

>> Development Process
- Master Branch: Continuously built and tested but may not always be stable.
- Release Branches and Tags: Created regularly to mark stable releases.
- GUI Development: Exclusively managed in the [bitcoin-core/gui repository](https://github.com/bitcoin-core/gui). This repository mirrors the monotree's master branch and does not have release branches or tags.

>># Contribution
Developers can follow the workflow in CONTRIBUTING.md. Additional insights and guidelines are in doc/developer-notes.md.

>> Testing and Quality Assurance
>># Automated Testing:
1. Unit Tests: Recommended for all new code and improvements to existing code. Use ctest to compile and run unit tests.
2. Regression and Integration Tests: Written in Python, executed with:

   build/test/functional/test_runner.py
   

3. CI Systems: Automatically test pull requests across Windows, Linux, and macOS platforms.

>># Manual Testing:
- Requires a reviewer distinct from the code author, particularly for substantial or high-risk changes.
- Adding a clear test plan in pull request descriptions is encouraged for complex changes.


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁