▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 𝐈𝐎𝐓 𝐀𝐍𝐃 𝐇𝐀𝐑𝐃𝐖𝐀𝐑𝐄 𝐏𝐄𝐍𝐓𝐄𝐒𝐓 - 𝐔𝐏𝐃𝐀𝐓𝐄𝐃

#IoT and embedded devices are often used in critical infrastructure, such as healthcare devices or industrial control systems, which makes the security of these devices even more crucial.
💡𝑸𝒖𝒊𝒄𝒌 𝒓𝒆𝒎𝒊𝒏𝒅𝒆𝒓
Hardware refers to the physical components of a computer system or electronic device, while IoT refers to the network of connected devices that can communicate with each other over the internet.
While there is overlap between these concepts, they refer to different aspects of computer and electronic systems.

👉 𝐇𝐨𝐰 𝐭𝐨 𝐛𝐞𝐠𝐢𝐧?
🌟 A Red Team Guide for a Hardware Penetration Test by Adam Toscher
⭐Part 1: https://lnkd.in/eRUtq6Ne
⭐Part 2: https://lnkd.in/ezjwNuP6

🌟Hardware Hacking Curiosity by 👺 Adrien Lasalle
https://lnkd.in/eeDp-iq6

🌟 IoT Security 101 by V33RU
https://lnkd.in/eZ2QGhdJ

🌟 Awesome Hardware Hacking and IoT by Joas A Santos
https://lnkd.in/eyXnbKBv

🌟 IoT Village youtube channel
https://lnkd.in/eHEuww7w

🌟 UART Hardware Hacking Cheat Sheet by Marcel Rick-Cen
https://lnkd.in/edpyHG2B

🌟IoT Pentesting guide by Aditya Gupta and Attify
https://lnkd.in/ekBmcSNd

🌟 IoT Security Resources for beginner by Nayana Dhanesh
https://lnkd.in/eAmTvWnj

🌟 Firmware analysis on HackTricks
https://lnkd.in/eUvMqtAZ

👉 𝐅𝐞𝐞𝐥𝐢𝐧𝐠 𝐫𝐞𝐚𝐝𝐲 𝐭𝐨 𝐭𝐫𝐚𝐢𝐧?
🌟 Open Security Training
https://p.ost2.fyi/

🌟 Hackaday courses
https://lnkd.in/e3yhaZTB

🌟 Intro to IoT pentest on TryHackMe
https://lnkd.in/ewjUM-Tc

👉 𝐒𝐨𝐦𝐞 𝐢𝐧𝐭𝐞𝐫𝐞𝐬𝐭𝐢𝐧𝐠 𝐫𝐞𝐚𝐝𝐬
🌟 IOT Security Foundation
https://lnkd.in/ecGudjgn

🌟 Awesome IoT Hacks by nebgnahz
https://lnkd.in/eQk4UBrt

🌟 Hands on Internet of things hacking by Payatu
https://lnkd.in/eqEEJriu

👉 𝐓𝐎𝐎𝐋𝐒 𝐀𝐍𝐃 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒
🌟 Scared by eshard - side-channel analysis framework
https://lnkd.in/eZhb_we3

🌟NewAE Technology Inc.’s Github repo
https://lnkd.in/eiuZDCfb

🌟Ledger Donjon’s repo by Ledger Security research team
https://lnkd.in/eEhA4FMh

🌟IoT-PT an OS for IoT pentest by v33ru
https://lnkd.in/evuB7X_Z

👉 𝐖𝐡𝐚𝐭 𝐚𝐛𝐨𝐮𝐭 𝐭𝐡𝐞 𝐬𝐭𝐚𝐧𝐝𝐚𝐫𝐝𝐬?
🌟 The OWASP® Foundation IoT Project:
https://lnkd.in/ev7TrRf9

🌟 NIST Cybersecurity for IOT Program
https://lnkd.in/eq8k8BwG

🌟 Hardware Security Module NIST
https://lnkd.in/eXcGvAwV

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Support & Share: t.me/undercodecommunity

This is the hub for Ethical Hackers and tech enthusiasts:

》Topics We Cover:

1️⃣ CVE News & Databases

2️⃣ Hacker & Tech News

3️⃣ Cybersecurity, Hacking, and Secret Methods

🌟 Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.

🔗 Join now: bit.ly/joinundercode

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Popular Exploit development library:

》Pwntools (https://github.com/Gallopsled/pwntools) is a popular CTF (Capture The Flag) framework and exploit development library written in Python. It provides tools and features that streamline the process of writing, testing, and executing exploits, especially for binary exploitation challenges.

Key Features:

- Automated Exploit Scripts**: Easily interact with remote or local binaries.

- ROP (Return Oriented Programming): Simplifies creating ROP chains.

- Tubes: Abstraction for handling sockets, SSH, or processes.
- Assembler/Disassembler: Integrates tools like Capstone and Keystone.

- Debugging Utilities: Interfaces with GDB for dynamic analysis.

- Custom Shellcodes: Generate shellcode tailored to your needs.

Requirements:
Pwntools is compatible with Python 3 and can be installed via pip:

pip install pwntools
Example Usage:
Here’s a basic example of using Pwntools to exploit a binary:
from pwn import *

# Connect to the remote service
conn = remote('example.com', 1337)

# Send payload
payload = b'A' * 64 + b'\xdeadbeef'
conn.sendline(payload)

# Interact with the shell
conn.interactive()
Check out the repository for detailed documentation and examples.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑C++ scanner that retrieves tuples from a PostgreSQL database and scans them for malware:

Here’s a simple C++ scanner that connects to a PostgreSQL database to retrieve tuples and checks them for malware. In this example, I'll assume the tuples are strings that need to be compared against a predefined list of known malware signatures.

- Security: This example does not implement secure credential handling (such as using a .pgpass file) and lacks measures to protect against SQL injection.

- Malware Detection: The method for detecting malware here is quite basic. In a real application, you would want to employ more advanced techniques, potentially involving hash checks against a comprehensive database of malware signatures.

- Error Handling: It’s important to include proper error handling for code intended for production use.

- Dependencies: Make sure you have the libpqxx library installed, which provides the C++ API for PostgreSQL.

Ref: Maximilian Feldthusen
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑What is eBPF? 🤷♂️

With Cisco Hypershield being talked about EVERYWHERE, wouldn't it be great to know a little more about the technology that the solution is predominantly built around?

eBPF (extended Berkeley Packet Filter) is a technology that lets you run secure programs within the operating system kernel. This unlocks incredible power to monitor and control systems at a granular level, without the overhead of traditional methods.

Why eBPF Matters:

• 𝗨𝗻𝗹𝗲𝗮𝘀𝗵𝗲𝘀 𝗜𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻: eBPF allows developers to extend kernel functionality without modifying kernel code, enabling rapid innovation in networking, security, and observability.

• 𝗕𝗼𝗼𝘀𝘁𝘀 𝗣𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲: eBPF programs run with incredible efficiency, minimising performance impact and maximising resource utilisation.

• 𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: Gain deep visibility into system behavior, detect threats in real-time, and enforce granular security policies at the kernel level.

• 𝗦𝗶𝗺𝗽𝗹𝗶𝗳𝗶𝗲𝘀 𝗢𝗯𝘀𝗲𝗿𝘃𝗮𝗯𝗶𝗹𝗶𝘁𝘆: Collect rich, detailed data on system performance and application behavior for faster troubleshooting and optimisation.

Ref: Antony Owen
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Automated Wifi Hacking:

Wifite is a Python script designed for wireless network auditing, simplifying the use of wireless-auditing tools by automating their execution. It consolidates multiple attack methods to retrieve wireless passwords efficiently.

---

Features
- Attack Methods:
- WPS:
- Offline Pixie-Dust attack
- Online Brute-Force PIN attack
- WPA:
- Handshake Capture + offline cracking
- PMKID Hash Capture + offline cracking
- WEP:
- Fragmentation, chop-chop, aireplay, and other known attacks
- Automation:
- Select targets, and Wifite will handle the attack process automatically.
- 5GHz Support:
- Limited to compatible wireless cards (-5 switch).
- Cracked Password Storage:
- Saves results in the current directory with metadata.
- De-authentication Control:
- Disable deauths using --no-deauths.

---

Supported Operating Systems
- Designed for Kali Linux (latest version).
- Also supports ParrotSec.
- Other distributions may require manual updates of tools and wireless drivers.

---

Requirements
1. Wireless Card:
- Must support Monitor Mode and packet injection.
2. Essential Tools:
- Python (compatible with Python 2 & 3)
- Networking utilities:
- iwconfig, ifconfig
- Aircrack-ng Suite:
- airmon-ng, aircrack-ng, aireplay-ng, airodump-ng, packetforge-ng
3. Recommended Tools:
- tshark, reaver, bully, coWPAtty, pyrit, hashcat, hcxdumptool, hcxpcaptool

---

Installation
1. Clone the repository:

git clone https://github.com/derv82/wifite2.git
cd wifite2

2. Run Wifite directly:

sudo ./Wifite.py

3. Install Wifite system-wide:

sudo python setup.py install

- Installed to /usr/sbin/wifite.

4. Uninstallation:
Record and delete installed files:

sudo python setup.py install --record files.txt \
&& cat files.txt | xargs sudo rm \
&& rm -f files.txt

---

Usage
Run Wifite with default settings:
sudo ./Wifite.py
Optional arguments for specific attacks:
- PMKID capture:

--pmkid

- WPS Pixie-Dust attack:

--wps-only --pixie

- WPA handshake cracking:

--no-wps

- Disable deauth:

--no-deauths

---

Advanced Features
- Hidden SSID decloaking.
- Validation of handshakes with tools like pyrit, cowpatty, and aircrack-ng.
- WEP attack customization (e.g., replay, chopchop).
- Cracked passwords stored in the current directory with access point details.

Wifite simplifies wireless security assessments, making it an essential tool for pen testers using supported Linux distributions.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Why Hardware Tools Are Essential in 2024 For WIFI hacking ?

1⃣increased Security Standards:
Newer Wi-Fi standards like WPA3 implement enhanced encryption (e.g., SAE or Simultaneous Authentication of Equals) that resist traditional brute-force or offline cracking attacks.
WEP and WPA1 are now nearly obsolete, reducing opportunities for basic software-based attacks

2⃣Limitations of Built-In Laptop Wireless Cards:
Many laptop wireless cards lack support for Monitor Mode or packet injection, which are critical for capturing and injecting data during attacks.
Integrated cards are typically low-power, making them less effective for long-range or interference-prone environments.

3⃣Specialized Tools for Specific Tasks:
Capturing PMKIDs, deauthing access points, and brute-forcing PINs now require higher performance and specialized chipsets found in dedicated hardware tools.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Essential Hardware for Wireless Auditing Wireless Network Adapters:

1⃣USB-based adapters like the Alfa AWUS036ACH or Panda PAU09 support Monitor Mode and packet injection.

》Dual-band adapters (2.4GHz/5GHz) are necessary for modern Wi-Fi networks.

2⃣Portable Hacking Devices:

WiFi Pineapple:
A compact and powerful device for Wi-Fi auditing, man-in-the-middle attacks, and advanced monitoring.

》Raspberry Pi with Wireless Adapter:
A cost-effective, portable platform for running tools like Wifite, Aircrack-ng, and Reaver.

》HackRF One:
For advanced signal analysis, including software-defined radio (SDR) attacks

3⃣Long-Range Antennas:

High-gain antennas enhance the range and reliability of packet captures and injection.

4⃣ Battery-Powered Attack Platforms:

Devices like the Flipper Zero can execute simple wireless attacks without requiring a laptop.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 - 𝐋𝐈𝐍𝐔𝐗

To acquire the basics of pentesting, it is crucial to understand what an operating system is.
As an open-source, community-developed operating system, Linux plays an essential role here.
As well as being a powerful tool for system administrators, Linux is also a powerful tool for pentesters.

In this list, you'll find various resources designed to help you understand and start with Linux.

👉𝗪𝗛𝗔𝗧 𝗜𝗦 𝗟𝗜𝗡𝗨𝗫?
🌟What is Linux on TechTarget
https://lnkd.in/eAm2rHXj

🌟What is Linux on Linux.com
https://lnkd.in/eTwMHeCM

👉𝗟𝗜𝗡𝗨𝗫 𝗙𝗢𝗥 𝗕𝗘𝗚𝗜𝗡𝗡𝗘𝗥𝗦
🌟Linux journey by Cindy Quach
https://linuxjourney.com/

🌟Your linux guide by LinuxOpSys
https://linuxopsys.com/

🌟Crash Course for Beginners by freeCodeCamp
https://lnkd.in/eF9P79U4

🌟Linux Full Course for Beginners by FreeCodeCamp
https://lnkd.in/eGhw9Qy3

🌟How Linux Works by Gwyneth Peña-Siguenza
https://lnkd.in/eDZt4CKA

🌟NDG Linux Unhatched by Netacad
https://lnkd.in/ebmPF9ev

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑𝗕𝗔𝗦𝗛 𝗦𝗖𝗥𝗜𝗣𝗧𝗜𝗡𝗚
🌟What is Bash by opensource
https://lnkd.in/eVYjUxvD

🌟Bash for Beginners by Microsoft Developer
https://lnkd.in/eA7E9wTt

🌟Bash Scripting Full Course by linuxhint
https://lnkd.in/eFTJe3Dm

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑𝗛𝗔𝗖𝗞𝗜𝗡𝗚 𝗪𝗜𝗧𝗛 𝗟𝗜𝗡𝗨𝗫:

🌟Useful Commands and tools for pentest on Linux by C.S. by G.B.
https://lnkd.in/eUS5hi8w

🌟Linux for hackers by Chuck Keith aka NetworkChuck
https://lnkd.in/er4MJht9
🌟Learn Linux on Hackthebox (blog post)
https://lnkd.in/eXcX2fng

🌟Top Kali Linux Tools for hacking by IT’s Foss
https://lnkd.in/eDKjut6n

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to run OpenAI's CLI (Python-based Tool)

OpenAI also offers a CLI tool called openai, which you can install via pip and use to interact with their models directly from the command line. This is more structured than using curl and can be easily integrated into scripts.

Install the OpenAI CLI:

pip install openai

Usage:
After installing the openai package, you can use the openai command-line tool directly.

openai api completions.create -m text-davinci-003 -p "What is the capital of France?" --max-tokens 50

- -m specifies the model (text-davinci-003 in this case).


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑dark web links
A list of helpful links I found for the dark web


note: Some of the content here can lead you to some illegal websites. so the use of those links is on you!

The list:
Hidden wikis/ sites with links:
Darkweblink.com

http://dwltorbltw3tdjskxn23j2mwz2f4q25j4ninl5bdvttiy4xb6cqzikid.onion/
OnionLinks

http://s4k4ceiapwwgcm3mkb6e4diqecpo7kvdnfr5gg7sph7jjppqkvwwqtyd.onion
The Original Hidden Wiki

http://zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion/wiki/index.php/Main_Page
The Hidden Wiki

http://paavlaytlfsqyvkg3yqj7hflfg5jw2jdg2fgkza5ruf6lplwseeqtvyd.onion/
Another Hidden Wiki

http://2jwcnprqbugvyi6ok2h2h7u26qc6j5wxm7feh3znlh2qu3h6hjld4kyd.onion/
UnderDir

http://underdiriled6lvdfgiw4e5urfofuslnz7ewictzf76h4qb73fxbsxad.onion
TheDeepDarkNet

http://torlisthsxo7h65pd2po7kevpzkk4wwf3czylz3izcmsx4jzwabbopyd.onion/
DeepLink Onion Directory

http://deeeepv4bfndyatwkdzeciebqcwwlvgqa6mofdtsvwpon4elfut7lfqd.onion/
Pug's Ultimate Guide To The Dark Web

http://jgwe5cjqdbyvudjqskaajbfibfewew4pndx52dye7ug3mt3jimmktkid.onion/
Tor Links

http://torlinksge6enmcyyuxjpjkoouw4oorgdgeo7ftnq3zodj7g2zxi3kyd.onion/
Searching engine
Deep Search

http://search7tdrcvri22rieiwgi5g46qnwsesvnubqav2xakhezv4hjzkkad.onion/
Torch

http://xmh57jrknzkhv6y3ls3ubitzfqnkrwxhopf5aygthi7d6rplyvk3noyd.onion
Tor66

http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/
Ahmia

http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/
chat rooms
Ableonion

notbumpz34bgbz4yfdigxvd6vzwtxc3zpt5imukgl6bvip2nikdmdaad.onion
Black Hat Chat

http://blkhatjxlrvc5aevqzz5t6kxldayog6jlx5h7glnu44euzongl4fh5ad.onion

Source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cybersecurity Projects Ideas: From Beginners to Experts 🔐

Are you looking to kickstart your career in cybersecurity or take it to the next level? Whether you're a beginner or an experienced professional, hands-on projects are the ultimate way to enhance your skills. 🌟

🟢 Beginner-Level Projects
These are ideal for building foundational skills:
1️⃣ Honeypot Setup
2️⃣ Password Cracker
3️⃣ Packet Sniffer
4️⃣ Keylogger
5️⃣ Forensic Analysis
6️⃣ Home Lab Setup
7️⃣ Basic Cryptography
8️⃣ Phishing Campaign
9️⃣ Wi-Fi Security Analysis
🔟 Network Vulnerability Scanning

🟡 Intermediate-Level Projects
Challenge yourself with these impactful projects:
1️⃣1️⃣ Firewall Rules
1️⃣2️⃣ 2FA System
1️⃣3️⃣ Secure Web App
1️⃣4️⃣ Snort IDS
1️⃣5️⃣ DNS Spoofer
1️⃣6️⃣ Malware Reverse Engineering
1️⃣7️⃣ TLS Mutual Authentication
1️⃣8️⃣ Zero-Day Exploit Research

🔴 Advanced-Level Projects
For seasoned professionals seeking mastery:
2️⃣6️⃣ Malware Analysis Sandbox
2️⃣7️⃣ Full Disk Encryption
2️⃣8️⃣ IDS/IPS with ML
2️⃣9️⃣ Secure Cryptocurrency Wallet
3️⃣0️⃣ Threat Detection Using AI
3️⃣1️⃣ Firmware Reverse Engineering
3️⃣2️⃣ ICS Security
3️⃣3️⃣ Nation-State Malware Analysis
3️⃣4️⃣ Advanced Firewalls

Source: Linkedin
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What Types of Attacks Does SIEM Detect?

1️⃣Unauthorized Access
While unauthorized access isn’t a specific type of attack, it is typically indicative that one may be in progress. An external attacker may use something like brute force attack to attempt to crack a user’s password, but a SIEM solution can detect repeated access attempts. Once detected, a SIEM can escalate this information to a security analyst in real time, enabling them to investigate the event and lock the account if there aren’t already built-in parameters limiting the number of login attempts.

2️⃣Insider Attacks
There are two types of insider attackers: malicious and accidental. A malicious insider is either an unhappy or opportunistic employee that uses the access they have to steal or sabotage sensitive data. It may also be a former employee who has not yet had their credentials deleted. A SIEM can monitor employee behavior and flag any activity that is unexpected for that particular user or access level. For example, if an ex-employee’s account suddenly became active or if an employee is accessing files or databases they don’t need in order to do their job, these events would immediately be escalated to a security analyst.

3️⃣Accidental insider attacks are those who unintentionally help an external bad actor to pivot during an attack. For example, if an employee misconfigured a firewall, this would leave an organization more vulnerable to a breach. Since security configurations are so vital, a SIEM can create an event any time a change is made, escalating it to a security analyst to ensure that it was intentional and correctly implemented.

4️⃣Malware Infection
Malware is a broad term that generally includes any type of software that is created to disable or damage computer systems, like viruses, ransomware, worms, trojans, etc. While security logs may send out alerts that could indicate a breach, it could also just as easily be a false alarm. SIEM solutions use event correlation to better determine true infections and potential origin points of attack.

5️⃣Denial of Service Attacks
A denial-of-service (DoS) attack disrupts the standard operation of a system or device, like a network server. This attack floods the target with traffic, which blockades normal traffic and forces it to deny access. Such attacks typically result in a slowdown of service or a total crash. A SIEM would be able to flag such an abnormal event from web traffic logs, prioritizing the event and sending it to an analyst for further investigation.

6️⃣Hijacking
Hijacking is when an attacker seizes control of systems, networks, or applications. For example, session hijacking can take place when a threat actor intercepts session tokens to gain access to a user account. SIEM solutions monitor user behavior and can detect suspicious activity, like a user accessing systems they don’t typically use or having more than one active session. Additionally, any changes to root access are logged, so if a threat actor attempted to escalate privileges, a SIEM can escalate this information to the security team.

7️⃣Advanced Persistent Threats
Advanced Persistent Threats (APTs) are incredibly sophisticated attackers who use a high degree of stealth over a prolonged duration of time in order to compromise and retain access to a system. Because these attacks are so stealthy, they may not trigger alerts in certain parts of the system, or the alerts they do cause are dismissed as benign. Having event correlation in a SIEM solution helps demonstrate a pattern of abnormal behavior, flagging it as a true concern that security analysts should look into.

8️⃣Web Application Attacks
There are a variety of strategies for attacks on web applications. For example, SQL injection attacks manipulate queries by injecting unauthorized, malicious SQL statements. Typically SQL injections are used to find and read, change, or delete sensitive information they wouldn’t otherwise have access to. SIEM solutions can monitor activity from web applications, and can flag any abnormal activity, and use event correlation to see if any other changes took place during this event.

9️⃣Phishing
Phishing uses deceptive emails or other means of communication to get malware past the perimeter or access credentials. These emails often contain malicious links or attachments embedded in emails. Once an attacker has legitimate credentials, they can seemingly login to a system without issue and attempt to escalate their privileges to gain root access and full control of the system. However, SIEM solutions are able to monitor employee behavior. For example, a SIEM could track authentication activities. While an attacker’s credentials may be legitimate, their location or login time may be different. Any unusual authentication attempts would create an event in real time, enabling an analyst to lock out the user pending investigation.

🔟Centralizing Your Security with SIEM
Ultimately, SIEM solutions do more than just monitor your environment for these attacks. They centralize and normalize data streams, streamlining the investigation process for security analysts. By escalating only events that have been prioritized as truly risky, analysts don’t have to waste time looking into benign threats and can reduce dwell times and the risk of damage to the organization.

Source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LINUX FILE SYSTEM

Time to test your hashtag#Linux skills: What does /𝐮𝐬𝐫 mean?

The Linux file system used to resemble an unorganized town where individuals constructed their houses wherever they pleased. However, in 1994, the Filesystem Hierarchy Standard (FHS) was introduced to bring order to the Linux file system.

By implementing a standard like the FHS, software can ensure a consistent layout across various Linux distributions. Nonetheless, not all Linux distributions strictly adhere to this standard. They often incorporate their own unique elements or cater to specific requirements.

To become proficient in this standard, you can begin by exploring. Utilize commands such as "cd" for navigation and "ls" for listing directory contents. Imagine the file system as a tree, starting from the root (/). With time, it will become second nature to you, transforming you into a skilled Linux administrator.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑8 Popular Network Protocols