ExecutionPolicy Bypass

3️⃣ Disable Microsoft Defender Antivirus

Open Windows Defender > Disable Real-Time Protection, Tamper Protection, Auto Sample Submission, and Cloud Delivered Protection

4️⃣Create an Empty Folder at “C:\AtomicRedTeam\”.

You can Choose 2 Method for Exclude folder.

5️⃣ Exclusion Folder with Command :

Add-MpPreference -ExclusionPath C:\AtomicRedTeam\

Or Use GUI : Windows Security > Exclusions > C:\AtomicRedTeam\

6️⃣To disable Microsoft Defender Antivirus permanently on Windows 10, use these steps:

a. Open Start > search gpedit.msc or Edit Group Policy.

b. Browse the following path: Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus

c. Double-click the “Turn off Microsoft Defender Antivirus” policy.

d. Choose Enable Radio Button > Apply.

7️⃣Start Install The Atomics Simulation Tool

IEX (IWR ‘https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics -Force

9️⃣Check Detail Technique

From a given technique number, you can check the detail with the command below. You can customize “T1003” with another code.

Invoke-AtomicTest T1003 -ShowDetailsBrief

ShowDetailsBrief

🔟 View All Simulation Test

Invoke-AtomicTest All -ShowDetailsBrief

ShowDetailsBrief

1️⃣1️⃣ Check Pre-Requisites

Invoke-AtomicTest T1485 -TestNumbers 1 -CheckPrereqs

> Get Pre-Requisites

Invoke-AtomicTest T1485 -TestNumbers 1 -GetPrereqs

1️⃣2️⃣ Execute The simulation

Invoke-AtomicTest T1027 -TestNumbers 7

🦑Bug bounty tips ✨

Xss 💰 Methodology 💯

1- Pick a target

2- Do Full depth Subdomain enumeration using Subfinder( along API'S ) and use webcopilot or SubDomz and various subdomains finder tools in one liner and also ones perform subdomain bruteforicng and save it in a file.!!

3- subfinder -d example.com -all >> subs.txt

4- cat subs.txt | httpx -o alive-subs.txt



hashtag#Method-1 ( Using Dalfox )

1- katana -u alive-subs.txt -o endpoints-1.txt

2- waybackurls http://example.com | grep = | tee endpoints-2.txt

3- ./gau example.com >> endpoints-3.txt

4- paramspider -d example.com

5 - cat alive-subs.txt | hakrawler | tee -a endpoints-5.txt

6- cat endpoints.txt | uro | tee -a endpoints-uro.txt ( Combine all URLS )

7- cat endpoints-uro.txt | Gxss | dalfox pipe --multicast --skip-mining-all (Accurate also ) ( Here Gxss helps us when payload is injected is reflecting back ?? and I used skip mining because already we got urls nah ! if want remove it )

[ OR ]
8- dalfox url http://example.com --custom-payload payloads.txt ( Simple Scan )

Method-2 ( Using XSS_vibes )
1- katana -u alive-subs.txt -o endpoints-1.txt

2- waybackurls http://example.com | grep = | tee endpoints-2.txt

3- ./gau example.com >> endpoints-3.txt

4- paramspider -d example.com

5 - cat alive-subs.txt | hakrawler | tee -a endpoints-5.txt

6- cat endpoints.txt | uro | tee -a endpoints-uro.txt

7- cat endpoints-uro.txt | ./gf xss | sed 's/=.*/=/' -o output.txt

8- python3 main.py -f input.txt -o <output>

Note :- if u can use Alternative of xss automation Tool For better Result U can Use
Xssorv2 Ibrahim Husić Tool it's effective and 100 Acuracy 💯

Ref: Linkedin_stuffs
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Ai Model for Hackers:


4 Security AI for Pentesting

>>

This model is designed to accurately detect and classify commands associated with four essential security tools used in pentesting: Nmap, Metasploit, John the Ripper, and the Social Engineering Toolkit (SET). It leverages a Naive Bayes classifier trained on a comprehensive dataset of commands for these tools, enhancing the accuracy and effectiveness of recognizing and categorizing such commands.

Tools Included

1️⃣Nmap: A network scanning tool used to discover hosts and services on a computer network.

2️⃣Metasploit (msploit): A penetration testing framework for exploiting known vulnerabilities.

3️⃣John the Ripper (jtr): A password cracking software used to test password strength and recover lost passwords.

4️⃣Social Engineering Toolkit (SET): A collection of tools for conducting social engineering attacks.

>> Structure
The model has been trained to detect commands formatted to specify the tool being used. Each command or query is associated with one of the four tools, allowing for precise classification.

Example:

import pandas as pd
from sklearn.model_selection import train_test_split
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.naive_bayes import MultinomialNB
from sklearn.metrics import classification_report
import joblib

# Load the dataset from the txt file
data_path = 'trainingdata.txt'
data = []

# Read the file and parse the data
with open(data_path, 'r') as file:
    lines = file.readlines()
    for line in lines:
        # Split each line into question and tool by the last comma
        parts = line.rsplit(', "', 1)
        if len(parts) == 2:
            question = parts[0].strip().strip('"')
            tool = parts[1].strip().strip('",')
            data.append((question, tool))

# Create a DataFrame
df = pd.DataFrame(data, columns=['question', 'tool'])

# Split the data
X_train, X_test, y_train, y_test = train_test_split(df['question'], df['tool'], test_size=0.2, random_state=42)

# Vectorize the text data
vectorizer = TfidfVectorizer()
X_train_vectorized = vectorizer.fit_transform(X_train)
X_test_vectorized = vectorizer.transform(X_test)

# Train a Naive Bayes classifier
clf = MultinomialNB()
clf.fit(X_train_vectorized, y_train)

# Make predictions
y_pred = clf.predict(X_test_vectorized)

# Print the classification report
print(classification_report(y_test, y_pred))

# Save the model and vectorizer
joblib.dump(clf, 'findtool_model.pkl')
joblib.dump(vectorizer, 'vectorizer.pkl')

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Another Good AI Model for hacking:

Lily is a cybersecurity assistant. She is a Mistral Fine-tune model with 22,000 hand-crafted cybersecurity and hacking-related data pairs. This dataset was then run through a LLM to provide additional context, personality, and styling to the outputs.

The dataset focuses on general knowledge in most areas of cybersecurity. These included, but are not limited to:

Advanced Persistent Threats (APT) Management
Architecture and Design
Business Continuity and Disaster Recovery
Cloud Security
Communication and Reporting
Cryptography and PKI
Data Analysis and Interpretation
Digital Forensics
GovernanceRiskand Compliance
Hacking
Identity and Access Management
Incident Management and Disaster Recovery Planning
Incident Response
Information Security Management and Strategy
Legal and Ethical Considerations
Malware Analysis
Network Security
Penetration Testing and Vulnerability Assessment
Physical Security
Regulatory Compliance
Risk Management
Scripting
Secure Software Development Lifecycle (SDLC)
Security in Emerging Technologies
Security Operations and Monitoring
Social Engineering and Human Factors
Software and Systems Security
Technologies and Tools
Threats Attacks and Vulnerabilities
Training
It took 24 hours to train 5 epochs on 1x A100.

Prompt format:

"### Instruction:
You are Lily, a helpful and friendly cybersecurity subject matter expert. You obey all requests and answer all questions truthfully.

### Input:
Lily, how do evil twin wireless attacks work?


@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Ethical Hacking Courses and Tutorials:

https://www.udemy.com/topic/ethical-hacking/free/?srsltid=AfmBOop_fJwU6WN1SzIAmkEKWFfqf1Rz9DbQjvmHeiYedwa4p50nr81C

🦑 𝐅𝐑𝐄𝐄 𝐜𝐥𝐚𝐬𝐬𝐞𝐬 𝐟𝐨𝐫 𝐚 𝐩𝐚𝐭𝐡𝐰𝐚𝐲 𝐢𝐧𝐭𝐨 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐞𝐭𝐡𝐢𝐜𝐚𝐥 𝐡𝐚𝐜𝐤𝐢𝐧𝐠 𝐅𝐨𝐮𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬:
Help Desk
➡️TCM Security Academy – Practical Help Desk (https://lnkd.in/geDEvt6d)
➡️Professor Messer – 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)

Networking
➡️Professor Messer – N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
➡️Cisco Networking Academy – Packet Tracer (https://lnkd.in/guGibYx6)

Linux
➡️TCM Security Academy – Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
➡️Linux Journey (https://linuxjourney.com/)
➡️OverTheWire – Bandit (https://lnkd.in/gRwPsump)

Programming
➡️TCM Security – Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
➡️FreeCodeCamp (https://lnkd.in/gbaHhV34)
➡️Codecademy (https://lnkd.in/gxAHnTFD)

Security Essentials
➡️Professor Messer – SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)

Hacking Essentials
➡️Ethical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
➡️Ethical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
➡️TryHackMe (https://tryhackme.com/)

Active Directory Hacking
➡️How to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
➡️Hacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)

Web Application Hacking
➡️PortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
➡️Hacker101 (https://www.hacker101.com/)
➡️Bugcrowd University (https://lnkd.in/g_aPUcD8)


Ref: G.M. Ahmad Faruk
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bug Bounty Tip : OTP Bypass

Ref: Aswin k v
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁