🦑Totally free courses.

Now, what's your excuse?

Here are 4 ways you can start today:

1-Cloud Essentials Learning Plan
https://lnkd.in/dGW6tg3S

2-Developer Learning Plan
https://lnkd.in/d44u8BpV

3-Networking Core Learning Plan
https://lnkd.in/dAzxDWft

4-Data Analytics Learning Plan
https://lnkd.in/dCgqbrsD

Ref: Felipe Carvalho
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The cyber skills gap isn't about talent.

It's about access. 👇

The cybersecurity learning curve can feel steep.

But here's something many people don't know:

You can get world-class training without spending a dime.

1. Start with the Basics:

- Google's Cybersecurity Professional Certificate walks you through:
* cyber foundations
* risk management
* essential coding skills.
You'll master Linux, SQL, and Python basics in under 6 months.

- The ISC2 Certified in Cybersecurity program is a gem.
The training and certification exam are free - you only pay a $50 annual fee after passing.

2. Level Up with Technical Skills (hands-on practice):

- Security Blue Team offers 6 beginner-friendly courses with real demonstrations.
It's like having a mentor guide you through your first steps.

- TryHackMe and Hack The Box offer hands-on practice in real environments.
You'll learn by doing, not just watching.

3. Build Specialized Knowledge

- The Python Institute is there will elevate your scripting skills.

- The CompTIA Security+ prep materials cover core principles you'll need for entry-level positions.

- SANS teaches you practical basic security concepts.

4. Master Advanced Topics:

- Dive into defensive security and cyber risk management.

- Learn the NIST CSF framework and practical strategies.

- Learn OSINT for smart ways to gather and use public data for defense.

Ref: Liviu Munteanu
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 - 𝐑𝐄𝐃 𝐓𝐄𝐀𝐌

Pentesting is primarily concerned with identifying and exploiting vulnerabilities within a specific target system, striving to uncover as many weaknesses as possible.
This process aids in shoring up an organization's defenses by pinpointing areas of vulnerability.

On the other hand, a red team engagement shifts its focus. Instead of merely finding vulnerabilities, it aims to assess an organization's defensive capabilities by simulating real-world attacks.
The goal is to evaluate how well the organization can detect and respond to these simulated threat actors.

You will find below a list of resources for Red Teaming.

👉𝗪𝗛𝗔𝗧 𝗜𝗦 𝗥𝗘𝗗 𝗧𝗘𝗔𝗠?
🌟Red Team definition, redteam guide by Joe Vest & James Tubberville
https://lnkd.in/eUaZcWvg

🌟Red Teaming Handbook, UK Ministry of Defense
https://lnkd.in/euUkwQRq

👉𝗪𝗛𝗔𝗧 𝗔𝗥𝗘 𝗥𝗘𝗗 𝗧𝗘𝗔𝗠 𝗘𝗫𝗘𝗥𝗖𝗜𝗦𝗘𝗦?
🌟NIST’s Definition of Red Team Exercise
https://lnkd.in/eZVzn5AW

🌟Red Team Plan by Magoo
https://lnkd.in/eFUBzxEY

👉𝗧𝗘𝗖𝗛𝗡𝗜𝗤𝗨𝗘𝗦 𝗔𝗡𝗗 𝗠𝗘𝗧𝗛𝗢𝗗𝗢𝗟𝗢𝗚𝗜𝗘𝗦
🌟MITRE ATT&CK Matrix for Enterprise
https://attack.mitre.org/

🌟Red Team Guides by Joe Vest & James Tubberville
https://lnkd.in/eXPxchUk

🌟Red Team Operations Part 1 and 2 Joas A Santos
https://lnkd.in/e7m3XzE7
https://lnkd.in/es7uSQA4

🌟Red Team Notes 2.0 by dmcxblue
https://lnkd.in/ekGaQASx

👉𝗖𝗢𝗨𝗥𝗦𝗘𝗦 𝗔𝗡𝗗 𝗛𝗔𝗡𝗗𝗦 𝗢𝗡
🌟Hackersploit Red Team Series (video and guide)
https://lnkd.in/ek5naA4Q
https://lnkd.in/e4U2tW2z

🌟Responsible Red Teaming by The Taggart Institute
https://lnkd.in/eur4_nFn

🌟Red Teaming rooms on TryHackMe
https://lnkd.in/e8G9eMS5
https://lnkd.in/eYa9mHmk
https://lnkd.in/eQcnuu-m

🌟Board games by Hadess | حادث
https://lnkd.in/ee2EEyEh

👉𝗧𝗢𝗢𝗟𝗦
🌟Red Teaming Toolkit by infosecn1nja
https://lnkd.in/e8VnsYVH

🌟Red Team tools by A-poc
https://lnkd.in/evPBDZRm

🌟Red Teaming Toolkit Collection by 0xsp
https://lnkd.in/eP7jNUE4

🌟Red Team Ops Cobalt
https://lnkd.in/euMjeFEx

👉𝗕𝗢𝗡𝗨𝗦
🌟Red Team Resources by J0hnBx
https://lnkd.in/eeYCQ-Db

🌟Red Team Village talks
https://lnkd.in/eHwKj5gB

🌟A Beginner's Guide to Obfuscation by BC Security
https://lnkd.in/e92JuwPR

Full credit: Gabrielle B.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Cybersecurity 101 in one picture
1. Introduction to Cybersecurity
2. The CIA Triad
3. Common Cybersecurity Threats
4. Basic Defense Mechanisms
5. Cybersecurity Frameworks
6. Cybersecurity Ecosystem

🦑ARP and DNS Spoofing:


> Network Penetration Testing: Assess the security of networks by identifying weaknesses in ARP protocols and DNS resolutions. 🔍🛡

>Security Auditing: Log and analyze network traffic to discover potential vulnerabilities and improve network defenses. 📊🔒

> Educational Purposes: Learn and teach network security concepts through practical, hands-on experience with ARP and DNS spoofing techniques. 🎓📚

>Traffic Analysis: Monitor and capture traffic for forensic investigations or to understand user behavior on a network. 🔍📈


Installation 🛠
To install and run BlackVenom, follow these simple steps:

1️⃣ Create a Python Virtual Environment 🐍
First, create a virtual environment to manage dependencies:

python -m venv BlackVenom-Kali

2️⃣ Activate the Virtual Environment 🔑
Activate the virtual environment:

source BlackVenom-Kali/bin/activate

3️⃣ Install Dependencies 📦
Now, install the necessary dependencies from the requirements.txt file:

pip install -r requirements.txt

> Run the Tool ⚡️ After installation, you can run BlackVenom using the provided CLI:
python black_venom_cli.py
Usage Examples
Example 1: Basic ARP Spoofing
This command performs a basic ARP spoofing attack between a target and a gateway without enabling packet logging or DNS spoofing. 🔗

sudo python black_venom_cli.py \
    --target_ip 192.168.11.128 \
    --gateway_ip 192.168.11.2 \
    --interface eth0

Example 2: ARP Spoofing with Traffic Logging
In this example, packet logging is enabled while performing ARP spoofing. 📝

sudo python black_venom_cli.py \
    --target_ip 192.168.11.128 \
    --gateway_ip 192.168.11.2 \
    --interface eth0 \
    --enable_logging \
    --log_file ~/Desktop/captured_packets.pcap
Example 3: ARP Spoofing and DNS Spoofing
This command enables both ARP spoofing and DNS spoofing, redirecting DNS requests for a specific domain. 🌐🔀

sudo python black_venom_cli.py \
    --target_ip 192.168.11.128 \
    --gateway_ip 192.168.11.2 \
    --interface eth0 \
    --enable_logging \
    --log_file ~/Desktop/captured_packets.pcap

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Spoofing Utilities:

DNS-Spoof by Mustafa Dalga:
https://github.com/mustafadalga/dns-spoof

MITM Attack Practice:
https://github.com/bilalz5-github/MITM-Attack_practice

ARP Spoof Detection Tool (Dr. Spoof):
https://github.com/Enixes/Dr.Spoof

AdBleed (DNS Redirection Tool):
https://github.com/arevaclier/AdBleed

DNS Packet Injection:
https://github.com/shreyasbhatia09/DNS-Packet-Injection

PyDNS (Python DNS Server):
https://github.com/Douile/pydns

Rock-DDOS (Includes ARP Spoofing):
https://github.com/MasonDye/Rock-DDOS

NetSpionage:
https://github.com/ANG13T/netspionage

Dead Drop (Network Steganography with Spoofing):
https://github.com/kerosene5/Dead_Drop

ATA-Shell (ARP Modular Shell):
https://github.com/shelbenheimer/ata-shell

Phishing with DNS Spoofing Demo:
https://github.com/chi-0828/Phishing-with-DNS-spoofing

RITM (Roast in the Middle for MITM):
https://github.com/Tw1sm/RITM

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑raditional Blue Team Techniques on Steroid with LLM Honeypots 🛡

Honeypots are not new. Still, you can re-innovate how it works with the technology - this time with LLM. Honeypots can be a critical tool for detecting and analyzing malicious activity. But what if we could take them to the next level? Enter LLM Honeypots—a groundbreaking approach leveraging the power of LLMs to create advanced, interactive traps for attackers.

🔍 What sets LLM Honeypots apart?

Traditional honeypots often rely on static or semi-dynamic environments. In contrast, LLMs introduce context-aware, adaptive interactions, enabling a honeypot to mimic real systems and user behaviors more convincingly. Imagine an attacker interacting with a "system" that not only responds but learns and adapts in real time.

💡 Key Innovations:

1️⃣ Dynamic Interaction: LLMs can simulate realistic system responses, mimicking human-like behavior.
2️⃣ Data Harvesting: They help collect rich telemetry, offering insights into attacker methodologies.
3️⃣ Deception at Scale: LLMs enhance deception, making it harder for adversaries to distinguish honeypots from legitimate systems.

🔐 Why It Matters: This approach can provide security teams with a treasure trove of intelligence, from understanding new attack vectors to proactively defending against them. It’s a leap forward in using AI to protect and outsmart attackers.

🧠 Future Implications: Integrating LLMs into honeypot systems could redefine cybersecurity strategies as AI evolves. From training SOC teams to crafting defense mechanisms, the possibilities are endless.

The use of LLM Honeypots to interact with attackers and gather insights. Here's a potential flow:
1️⃣ Attacker Interaction: The attacker interacts with the system, believing it legit.
2️⃣ Honeypot Interaction: The interaction is routed to a honeypot, a system designed to mimic real environments while capturing malicious behaviors.
3️⃣ Data Collection & Analysis: The honeypot collects telemetry, including input patterns and attacker strategies. Then, the data is processed and analyzed.
4️⃣ Model Integration: The analyzed data is leveraged to enhance machine learning models or decision systems, potentially an LLM.
5️⃣ Feedback: The refined model can improve its security posture & response.

Ref: Elli Shlomo
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Ever wondered how VPN tunneling works? 🌐

This infographic breaks down the process, step by step, showing how data remains secure and private during transit. A VPN tunnel encrypts your data, ensuring that even if intercepted, it stays protected from unauthorized access. 🚀

🔘 Here are some key points:

✅ A VPN creates a secure pathway between your device and a server.
✅ Encryption protocols like OpenVPN, IPsec, and WireGuard safeguard your data.
✅ The process ensures privacy while you browse, stream, or work online.

🔒 How Does VPN Tunneling Work? 🌐

Let’s dive into the step-by-step process of how a VPN ensures secure and private communication over the internet:

1️⃣ User Initiates a Request:
The process begins when a user takes an action, such as browsing a website or accessing an app. This request originates from their device.

2️⃣ Request Encryption:
The VPN software installed on the user’s device encrypts the request using a secure encryption protocol (like OpenVPN, IPsec, or WireGuard). This ensures the data is unreadable to anyone intercepting it.

3️⃣ Data Travels Through the VPN Tunnel:
The encrypted data is then transmitted securely over the internet through the VPN tunnel, safeguarding it from threats during transit.

4️⃣ Server Decrypts the Data:
The VPN server decrypts the incoming data and forwards the user’s request to the target destination (e.g., a web server).

5️⃣ Web Server Processes the Request:
The web server receives the request, processes it, and prepares a response (e.g., delivering a webpage or data).

6️⃣ Response Encryption & Delivery:
The VPN server encrypts the response from the web server and sends it back through the secure VPN tunnel. The user’s VPN client decrypts the data, displaying the secure and private result on their device.

🔘 By following these steps, VPNs ensure data privacy, integrity, and security throughout the communication process.


Ref: Fadi Kazdar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The potential of the LLM landscape

Have you ever wondered about the threats lurking beneath the surface? This high-level threat-mapping table exposes how LLM features intersect with risks, and the findings are eye-opening.

This table can be one of your LLM Risk guidance. From LLM-based
Controller to Tool Invocation, what are the potential threats? And which one affects you?

Ref: Elli Shlomo (IR)Elli Shlomo (IR)
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free AI Ethical Hacking :

> Get: https://github.com/berylliumsec/nebula

> Tutorial: https://www.youtube.com/watch?v=188QnOcXEAI

AI-SOC. Security Copilot & Tier 3.

In the realm of SOCs, Tier 3 analysts are the vanguard against sophisticated cyber threats, engaging in advanced threat hunting, in-depth incident analysis, and developing strategic defense mechanisms. Security Copilot enhances these critical functions by providing AI-driven insights and automation, thereby amplifying the capabilities of Tier 3 SOC operations.

While most organizations provide the Security Copilot as a "prompt tool" for all the various security teams, the idea is totally something else. The benefits from it will be to prepare it with features such as Prompt Book, Automation, etc.

I'm working with Security Copilot to complete the Radiant Security AI part and provide a complete AI-SOC flow for all tier levels.

Below are some of the benefits of Security Copilot:

1️⃣ Advanced Threat Hunting: Security Copilot proactively empowers Tier 3 analysts to identify and neutralize emerging threats. Analysts can unearth hidden threats and understand complex attack vectors more effectively by leveraging AI-generated queries and comprehensive threat intelligence.

2️⃣ In-Depth Incident Analysis: For incidents, Security Copilot offers detailed summaries, including attack timelines, affected assets, and indicators of compromise. This contextual information enables Tier 3 analysts to dissect incidents thoroughly, understand attacker methodologies, and devise robust mitigation strategies.

3️⃣ Script and File Analysis: Security Copilot simplifies the analysis of suspicious scripts and executables by translating code into natural language explanations. This feature allows Tier 3 analysts to quickly comprehend malicious code behavior and identify associated tactics, techniques, and procedures, streamlining the reverse-engineering process.

4️⃣ Config drift analysis: Security Copilot identifies deviations in Conditional Access policies or cloud security misconfig that attackers could exploit.

5️⃣ Behavioral anomaly detection: Detects and flags unusual access behaviors tied to privileged identities, enabling swift adjustments to access controls.

Security Copilot doesn’t just assist Tier 3—it elevates them:

> Reduced time-to-detect through automated alert correlation.
> Enhanced contextual awareness with AI-driven insights that unify identity, endpoint, and cloud signals.
> Precision actions are driven by deep integration with security tools.

💡 AI isn’t replacing analysts—it’s augmenting their expertise.

Ref: Elli Shlomo
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁