Forwarded from Exploiting Crew (Pr1vAt3)
8๏ธโฃWeb Application Attacks
There are a variety of strategies for attacks on web applications. For example, SQL injection attacks manipulate queries by injecting unauthorized, malicious SQL statements. Typically SQL injections are used to find and read, change, or delete sensitive information they wouldnโt otherwise have access to. SIEM solutions can monitor activity from web applications, and can flag any abnormal activity, and use event correlation to see if any other changes took place during this event.
9๏ธโฃPhishing
Phishing uses deceptive emails or other means of communication to get malware past the perimeter or access credentials. These emails often contain malicious links or attachments embedded in emails. Once an attacker has legitimate credentials, they can seemingly login to a system without issue and attempt to escalate their privileges to gain root access and full control of the system. However, SIEM solutions are able to monitor employee behavior. For example, a SIEM could track authentication activities. While an attackerโs credentials may be legitimate, their location or login time may be different. Any unusual authentication attempts would create an event in real time, enabling an analyst to lock out the user pending investigation.
๐Centralizing Your Security with SIEM
Ultimately, SIEM solutions do more than just monitor your environment for these attacks. They centralize and normalize data streams, streamlining the investigation process for security analysts. By escalating only events that have been prioritized as truly risky, analysts donโt have to waste time looking into benign threats and can reduce dwell times and the risk of damage to the organization.
Source
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
There are a variety of strategies for attacks on web applications. For example, SQL injection attacks manipulate queries by injecting unauthorized, malicious SQL statements. Typically SQL injections are used to find and read, change, or delete sensitive information they wouldnโt otherwise have access to. SIEM solutions can monitor activity from web applications, and can flag any abnormal activity, and use event correlation to see if any other changes took place during this event.
9๏ธโฃPhishing
Phishing uses deceptive emails or other means of communication to get malware past the perimeter or access credentials. These emails often contain malicious links or attachments embedded in emails. Once an attacker has legitimate credentials, they can seemingly login to a system without issue and attempt to escalate their privileges to gain root access and full control of the system. However, SIEM solutions are able to monitor employee behavior. For example, a SIEM could track authentication activities. While an attackerโs credentials may be legitimate, their location or login time may be different. Any unusual authentication attempts would create an event in real time, enabling an analyst to lock out the user pending investigation.
๐Centralizing Your Security with SIEM
Ultimately, SIEM solutions do more than just monitor your environment for these attacks. They centralize and normalize data streams, streamlining the investigation process for security analysts. By escalating only events that have been prioritized as truly risky, analysts donโt have to waste time looking into benign threats and can reduce dwell times and the risk of damage to the organization.
Source
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆLINUX FILE SYSTEM
Time to test your hashtag#Linux skills: What does /๐ฎ๐ฌ๐ซ mean?
The Linux file system used to resemble an unorganized town where individuals constructed their houses wherever they pleased. However, in 1994, the Filesystem Hierarchy Standard (FHS) was introduced to bring order to the Linux file system.
By implementing a standard like the FHS, software can ensure a consistent layout across various Linux distributions. Nonetheless, not all Linux distributions strictly adhere to this standard. They often incorporate their own unique elements or cater to specific requirements.
To become proficient in this standard, you can begin by exploring. Utilize commands such as "cd" for navigation and "ls" for listing directory contents. Imagine the file system as a tree, starting from the root (/). With time, it will become second nature to you, transforming you into a skilled Linux administrator.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Time to test your hashtag#Linux skills: What does /๐ฎ๐ฌ๐ซ mean?
The Linux file system used to resemble an unorganized town where individuals constructed their houses wherever they pleased. However, in 1994, the Filesystem Hierarchy Standard (FHS) was introduced to bring order to the Linux file system.
By implementing a standard like the FHS, software can ensure a consistent layout across various Linux distributions. Nonetheless, not all Linux distributions strictly adhere to this standard. They often incorporate their own unique elements or cater to specific requirements.
To become proficient in this standard, you can begin by exploring. Utilize commands such as "cd" for navigation and "ls" for listing directory contents. Imagine the file system as a tree, starting from the root (/). With time, it will become second nature to you, transforming you into a skilled Linux administrator.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆ8 Popular Network Protocols
๐ฆTop CPUs for cracking in 2024:
1. AMD Ryzen 9 7950X3D โ Best for gaming with 3D V-Cache technology.
2. Intel Core i9-14900K โ High performance for multitasking and gaming.
3. AMD Ryzen 7 7800X3D โ Great balance between performance and price.
4. Intel Core i7-14700K โ A top choice for budget-conscious users.
5. AMD Ryzen 9 7900X โ Excellent for content creation and heavy workloads.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1. AMD Ryzen 9 7950X3D โ Best for gaming with 3D V-Cache technology.
2. Intel Core i9-14900K โ High performance for multitasking and gaming.
3. AMD Ryzen 7 7800X3D โ Great balance between performance and price.
4. Intel Core i7-14700K โ A top choice for budget-conscious users.
5. AMD Ryzen 9 7900X โ Excellent for content creation and heavy workloads.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Tesla car Hacking and control it remotely + installisation:
https://github.com/teslamotors/vehicle-command
https://github.com/teslamotors/vehicle-command
Forwarded from Exploiting Crew (Pr1vAt3)
bitcoin-bruteforce-main.zip
8.6 KB
Forwarded from UNDERCODE COMMUNITY (UNDERCODER)
Secure BTC wallet- A to Z.pdf
108.5 KB
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆ skimmer!
A skimmer is a sneaky device placed over legitimate card readersโlike ATMs or payment terminalsโthat steals your card info. Sometimes, thereโs a PIN pad overlay too, recording every keystroke you make. Scary, right?
๐ How to Spot a Skimmer:
1. Check for loose or bulky parts on the card reader.
2. Wiggle the card slotโif it moves, be suspicious.
3. Look for mismatched colors or anything that looks โoff.โ
4. Always cover your hand when entering your PIN.
Remember, these thieves thrive on speed and stealth. Stay sharp, stay secure!
source: Nathan House
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
A skimmer is a sneaky device placed over legitimate card readersโlike ATMs or payment terminalsโthat steals your card info. Sometimes, thereโs a PIN pad overlay too, recording every keystroke you make. Scary, right?
๐ How to Spot a Skimmer:
1. Check for loose or bulky parts on the card reader.
2. Wiggle the card slotโif it moves, be suspicious.
3. Look for mismatched colors or anything that looks โoff.โ
4. Always cover your hand when entering your PIN.
Remember, these thieves thrive on speed and stealth. Stay sharp, stay secure!
source: Nathan House
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ105 Windows SIEM Use Cases
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
ref: Shahaz Mz
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
ref: Shahaz Mz
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ AI-powered ethical hacking :
: Features
- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.
ยป Supported Ethical Hacking Tools :
1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.
ยป Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.
System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.
ยป Dependencies
- Linux (Debian-based) :
- Installations:
- Git-based exploitdb:
ยปInstallation
Docker Installation
1. Pulling the image :
2. Running without GPU :
3. Running with GPU :
4. Autonomous mode :
- Default vulnerability scan:
- Custom NMAP vulnerability scan:
PIP Installation
1. Install:
2. Run:
3. For elevated privileges:
ยป Linux Post-Installation
1. Add the installation path to your
Nebula-Watcher (Optional Component)
PIP Installation
Docker Installation
1. Pull the image:
2. Run:
Customize diagram name:
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
: Features
- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.
ยป Supported Ethical Hacking Tools :
1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.
ยป Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.
System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.
ยป Dependencies
- Linux (Debian-based) :
- Installations:
sudo apt -y install exploitdb libreadline-dev wget nmap crackmapexec nuclei
- Git-based exploitdb:
sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
ยปInstallation
Docker Installation
1. Pulling the image :
docker pull berylliumsec/nebula:latest
2. Running without GPU :
docker run --rm -it berylliumsec/nebula:latest
3. Running with GPU :
docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
4. Autonomous mode :
- Default vulnerability scan:
docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --targets_list /app/targets.txt
- Custom NMAP vulnerability scan:
docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt
PIP Installation
1. Install:
pip install nebula-ai
2. Run:
nebula
3. For elevated privileges:
sudo pip install nebula-ai
sudo nebula
ยป Linux Post-Installation
1. Add the installation path to your
.zshrc:export PATH="$HOME/.local/bin:$PATH"
Nebula-Watcher (Optional Component)
PIP Installation
pip3 install nebula-watcher
Docker Installation
1. Pull the image:
docker pull berylliumsec/nebula_watcher:latest
2. Run:
docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest
Customize diagram name:
docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ