🦑btc bruteforce:

A Go program designed to create private keys, derive corresponding public keys from the private keys, and then check that the generated wallet addresses have funds.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 skimmer!

A skimmer is a sneaky device placed over legitimate card readers—like ATMs or payment terminals—that steals your card info. Sometimes, there’s a PIN pad overlay too, recording every keystroke you make. Scary, right?

🔍 How to Spot a Skimmer:

1. Check for loose or bulky parts on the card reader.

2. Wiggle the card slot—if it moves, be suspicious.

3. Look for mismatched colors or anything that looks “off.”

4. Always cover your hand when entering your PIN.

Remember, these thieves thrive on speed and stealth. Stay sharp, stay secure!

source: Nathan House
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑105 Windows SIEM Use Cases

1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379

ref: Shahaz Mz
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 AI-powered ethical hacking :

: Features

- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.

» Supported Ethical Hacking Tools :

1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.

» Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.



System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.

» Dependencies
- Linux (Debian-based) :
- Installations:

    sudo apt -y install exploitdb libreadline-dev wget nmap crackmapexec nuclei
    

- Git-based exploitdb:

    sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
    sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
    

»Installation
Docker Installation
1. Pulling the image :

   docker pull berylliumsec/nebula:latest
   

2. Running without GPU :

   docker run --rm -it berylliumsec/nebula:latest
   

3. Running with GPU :

   docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
   

4. Autonomous mode :
- Default vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --targets_list /app/targets.txt
     

- Custom NMAP vulnerability scan:

     docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt
     

PIP Installation
1. Install:

   pip install nebula-ai
   

2. Run:

   nebula
   

3. For elevated privileges:

   sudo pip install nebula-ai
   sudo nebula

» Linux Post-Installation
1. Add the installation path to your .zshrc:

   export PATH="$HOME/.local/bin:$PATH"
   

Nebula-Watcher (Optional Component)
PIP Installation

pip3 install nebula-watcher

Docker Installation
1. Pull the image:

   docker pull berylliumsec/nebula_watcher:latest
   

2. Run:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest
   

Customize diagram name:

   docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name

   

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bitcoin Core Integration and Development:

>> What is Bitcoin Core?
Bitcoin Core is the reference implementation of Bitcoin, connecting to the peer-to-peer Bitcoin network. Its primary functions include:
- Downloading and fully validating blocks and transactions.
- Serving as a wallet.
- Providing an optional graphical user interface (GUI).

Binary versions are available for immediate use at [Bitcoin Core Downloads](https://bitcoincore.org/en/download/).

>> Licensing
Bitcoin Core is licensed under the MIT License, allowing free use and modification. Details can be found in the COPYING file or at the [MIT License site](https://opensource.org/licenses/MIT).

>> Development Process
- Master Branch: Continuously built and tested but may not always be stable.
- Release Branches and Tags: Created regularly to mark stable releases.
- GUI Development: Exclusively managed in the [bitcoin-core/gui repository](https://github.com/bitcoin-core/gui). This repository mirrors the monotree's master branch and does not have release branches or tags.

>># Contribution
Developers can follow the workflow in CONTRIBUTING.md. Additional insights and guidelines are in doc/developer-notes.md.

>> Testing and Quality Assurance
>># Automated Testing:
1. Unit Tests: Recommended for all new code and improvements to existing code. Use ctest to compile and run unit tests.
2. Regression and Integration Tests: Written in Python, executed with:

   build/test/functional/test_runner.py
   

3. CI Systems: Automatically test pull requests across Windows, Linux, and macOS platforms.

>># Manual Testing:
- Requires a reviewer distinct from the code author, particularly for substantial or high-risk changes.
- Adding a clear test plan in pull request descriptions is encouraged for complex changes.


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑100% FREE classes for a pathway into cybersecurity and ethical hacking

Foundations:
Help Desk
➡️TCM Security Academy – Practical Help Desk (https://lnkd.in/geDEvt6d)
➡️Professor Messer – 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)

Networking
➡️Professor Messer – N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
➡️Cisco Networking Academy – Packet Tracer (https://lnkd.in/guGibYx6)

Linux
➡️TCM Security Academy – Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
➡️Linux Journey (https://linuxjourney.com/)
➡️OverTheWire – Bandit (https://lnkd.in/gRwPsump)

Programming
➡️TCM Security – Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
➡️FreeCodeCamp (https://lnkd.in/gbaHhV34)
➡️Codecademy (https://lnkd.in/gxAHnTFD)

Security Essentials
➡️Professor Messer – SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)

Hacking Essentials
➡️Ethical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
➡️Ethical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
➡️TryHackMe (https://tryhackme.com/)

Active Directory Hacking
➡️How to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
➡️Hacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)

Web Application Hacking
➡️PortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
➡️Hacker101 (https://www.hacker101.com/)
➡️Bugcrowd University (https://lnkd.in/g_aPUcD8)

Ref: Heath Adams
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Command Injection vulnerability in Cisco's CIMC:

>> Use it for testing purposes only !!!

CVE-2024-20356.py [-h] -t HOST -u USERNAME -p PASSWORD [-a ACTION] [-c CMD] [-v]
options:
  -h, --help            Show this help message and exit
  -t HOST, --host HOST  Target hostname or IP address (format 10.0.0.1 or 10.0.0.2:1337)
  -u USERNAME, --username USERNAME
                        Username (default: admin)
  -p PASSWORD, --password PASSWORD
                        Password (default: cisco)
  -a ACTION, --action ACTION
                        Action: test, cmd, shell, dance (default: test)
  -c CMD, --cmd CMD     OS command to run (Default: NONE)
  -v, --verbose         Displays more information about cimc

Example commands:

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -v

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -c 'id'

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a shell

CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a dance

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Safe CC Checkers :

Credit card checker (CC checker) sites are generally unsafe and pose serious risks, as they are commonly used for fraudulent purposes or involve illegal activities. Legitimate businesses and individuals should avoid such platforms to protect themselves legally and financially. Here's why these sites are risky:

Illegal Usage: Most CC checkers facilitate fraud by validating stolen credit card information.
Data Theft: Entering sensitive details on these platforms can lead to your personal data being stolen.
Malware Risks: Many such sites embed malware or phishing attempts.
Legal Issues: Accessing or using these sites can expose you to legal action.

S O :

To Check you CC Validity use only These URLS !!!


1️⃣Stripe
https://stripe.com
A powerful payment processing platform with fraud prevention features.

2️⃣PayPal
https://www.paypal.com
A widely used and secure platform for online transactions.

3️⃣Square
https://squareup.com
Offers payment solutions and tools for small businesses.

4️⃣Kount
https://kount.com
Fraud prevention and digital identity trust solutions.

5️⃣Fraud.net
https://fraud.net
Provides AI-powered fraud detection for businesses.

6️⃣Riskified
https://www.riskified.com
Fraud prevention and chargeback protection for eCommerce.

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SSO (Single Sign-On) Explained.

SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.

In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.

To fully understand the SSO process, 𝗹𝗲𝘁’𝘀 𝘁𝗮𝗸𝗲 𝗮 𝗹𝗼𝗼𝗸 𝗮𝘁 𝗵𝗼𝘄 𝗮 𝘂𝘀𝗲𝗿 𝘄𝗼𝘂𝗹𝗱 𝗹𝗼𝗴 𝗶𝗻𝘁𝗼 𝗟𝗶𝗻𝗸𝗲𝗱𝗜𝗻 𝘂𝘀𝗶𝗻𝗴 𝗚𝗼𝗼𝗴𝗹𝗲 𝗮𝘀 𝘁𝗵𝗲 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗿:

1️⃣ 𝗨𝘀𝗲𝗿 𝗿𝗲𝗾𝘂𝗲𝘀𝘁𝘀 𝗮𝗰𝗰𝗲𝘀𝘀

First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select "Sign in with Google".

2️⃣ 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗿𝗲𝗾𝘂𝗲𝘀𝘁

From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.

3️⃣ 𝗜𝗱𝗣 𝗰𝗵𝗲𝗰𝗸𝘀 𝗳𝗼𝗿 𝗮𝗰𝘁𝗶𝘃𝗲 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesn't find one, authentication will be requested.

4️⃣𝗨𝘀𝗲𝗿 𝘀𝘂𝗯𝗺𝗶𝘁𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).

5️⃣ 𝗜𝗱𝗣 𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝘀 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝘀

The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.

6️⃣ 𝗜𝗱𝗣 𝘀𝗲𝗻𝗱𝘀 𝘁𝗼𝗸𝗲𝗻 𝘁𝗼 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿

Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the user's identity. The user is now authenticated and can access the Service Provier (LinkedIn).

7️⃣ 𝗔𝗰𝗰𝗲𝘀𝘀 𝗴𝗿𝗮𝗻𝘁𝗲𝗱 𝘂𝘀𝗶𝗻𝗴 𝗲𝘅𝗶𝘀𝘁𝗶𝗻𝗴 𝘀𝗲𝘀𝘀𝗶𝗼𝗻

Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they won't need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.

SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.

ref: Sayed Jillani
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Scammers Actually Conduct Phishing Calls

- Secure yourself

ref: instagram
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁