๐ฆ The Complete Shodan Guide โ A Treasure Trove for Cybersecurity Professionals! ๐๐
Thrilled to share The Complete Shodan Guide, an essential resource for anyone interested in exploring the depths of the internet using Shodan, the search engine for connected devices.
This guide is packed with:
โ Step-by-step instructions for using Shodan effectively.
โ Techniques to uncover exposed devices and vulnerabilities.
โ Practical use cases for penetration testing and threat analysis.
Ref: Dhikonda GopiDhikonda Gopi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Thrilled to share The Complete Shodan Guide, an essential resource for anyone interested in exploring the depths of the internet using Shodan, the search engine for connected devices.
This guide is packed with:
โ Step-by-step instructions for using Shodan effectively.
โ Techniques to uncover exposed devices and vulnerabilities.
โ Practical use cases for penetration testing and threat analysis.
Ref: Dhikonda GopiDhikonda Gopi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ105 Windows Event IDs For SIEM Monitoring
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Izzmier Izzuddin ZulkepliIzzmier Izzuddin Zulkepli
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Izzmier Izzuddin ZulkepliIzzmier Izzuddin Zulkepli
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ๐คบ Threat modeling GenAI Workloads: Don't Skip This โก๏ธ
Threat modeling is one of the oldest aspects of cybersecurity, as early as 1977 some form of threat models were leveraged to understand the risks against systems.
๐ค However, threat modeling is not commonly practiced because it is manual and time-intensive. But is it worth the time, effort & resources? Hell YES. The value of threat modeling continually increases as our systems become more complex.
Yes, your GenAI workloads aren't exempted ! ๐
๐ GOOD NEWS -> There are abundant resources that help streamline threat modeling by automating several steps.
The Threat Composer tool from Amazon Web Services (AWS) is one of such tools.
๐ฉ A recent AWS blog post, provides a recommended approach for threat modeling GenAI workloads using Threat Composer. Adam Shostack's four question framework is used as a guide.
๐ Check out the blog post here - https://lnkd.in/g6i4zSpN
Here is a quick summary:
1๏ธโฃ What are we working on?
Aims to get a detailed understanding of your business context & application architecture. Example outcomes are Data Flow Diagrams, assumptions, and key design decisions.
2๏ธโฃ What can go wrong?
Identify possible threats to your application using the context & information gathered from the previous question. Leverage info sources e.g. OWASP Top 10 For Large Language Model Applications & Generative AI, MITRE ATLAS
3๏ธโฃ What are we going to do about it?
Consider which controls would be appropriate to mitigate the risks associated with the threats identified in the previous question. Some info sources (per previous question) have sections for mitigations which could be super useful.
4๏ธโฃ Did we do a good enough job?
Contrary to popular opinions, threat modeling exercises do not end after the actual activity ! Its important to verify the effectiveness of the implemented mitigations to determine if the identified risks have been addressed. Use penetration testing, adversary emulation etc to proactively evaluate the effectiveness of implemented mitigations.
Ref: Kennedy T
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Threat modeling is one of the oldest aspects of cybersecurity, as early as 1977 some form of threat models were leveraged to understand the risks against systems.
๐ค However, threat modeling is not commonly practiced because it is manual and time-intensive. But is it worth the time, effort & resources? Hell YES. The value of threat modeling continually increases as our systems become more complex.
Yes, your GenAI workloads aren't exempted ! ๐
๐ GOOD NEWS -> There are abundant resources that help streamline threat modeling by automating several steps.
The Threat Composer tool from Amazon Web Services (AWS) is one of such tools.
๐ฉ A recent AWS blog post, provides a recommended approach for threat modeling GenAI workloads using Threat Composer. Adam Shostack's four question framework is used as a guide.
๐ Check out the blog post here - https://lnkd.in/g6i4zSpN
Here is a quick summary:
1๏ธโฃ What are we working on?
Aims to get a detailed understanding of your business context & application architecture. Example outcomes are Data Flow Diagrams, assumptions, and key design decisions.
2๏ธโฃ What can go wrong?
Identify possible threats to your application using the context & information gathered from the previous question. Leverage info sources e.g. OWASP Top 10 For Large Language Model Applications & Generative AI, MITRE ATLAS
3๏ธโฃ What are we going to do about it?
Consider which controls would be appropriate to mitigate the risks associated with the threats identified in the previous question. Some info sources (per previous question) have sections for mitigations which could be super useful.
4๏ธโฃ Did we do a good enough job?
Contrary to popular opinions, threat modeling exercises do not end after the actual activity ! Its important to verify the effectiveness of the implemented mitigations to determine if the identified risks have been addressed. Use penetration testing, adversary emulation etc to proactively evaluate the effectiveness of implemented mitigations.
Ref: Kennedy T
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
html injection.pdf
381.2 KB
๐ฆUnderstanding HTML Injection ๐
HTML injection is a type of attack where malicious HTML code is inserted into a website. This can lead to a variety of issues, from minor website defacement to serious data breaches. Unlike other web vulnerabilities, HTML injection targets the markup language that forms the backbone of most websites.
This attack differs from other web vulnerabilities that exploit server or database weaknesses because it focuses on manipulating the structure and content of a webpage
Ref: Mehedi Hasan Babu
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
HTML injection is a type of attack where malicious HTML code is inserted into a website. This can lead to a variety of issues, from minor website defacement to serious data breaches. Unlike other web vulnerabilities, HTML injection targets the markup language that forms the backbone of most websites.
This attack differs from other web vulnerabilities that exploit server or database weaknesses because it focuses on manipulating the structure and content of a webpage
Ref: Mehedi Hasan Babu
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆIAM vs. PAM: Understanding the Key Differences ๐
In todayโs rapidly evolving cybersecurity landscape, managing access and securing sensitive data is more critical than ever. Two foundational tools in this effort are Identity and Access Management (IAM) and Privileged Access Management (PAM). While both are essential, they serve distinct purposes:
๐ Identity and Access Management (IAM)
๐ป Focus: Managing identities and access rights for all users.
๐ป Scope: Broader, covering employees, contractors, partners, and even devices.
๐ป Key Functions: Authentication, Single Sign-On (SSO), user provisioning/de-provisioning, governance, and compliance reporting.
๐ป Goal: Streamlining access across the IT ecosystem while improving operational efficiency and ensuring compliance.
๐ Privileged Access Management (PAM)
๐ป Focus: Securing and controlling access to privileged accounts with elevated permissions.
๐ป Scope: Narrower, targeting administrators, IT staff, service accounts, and third-party vendors.
๐ป Key Functions: Credential vaulting, session monitoring, least privilege enforcement, and just-in-time access.
๐ป Goal: Protecting critical systems and sensitive data from breaches or abuse of high-risk accounts.
Implementing both IAM and PAM creates a layered security approach. IAM ensures proper access for all users, while PAM locks down high-risk areas, minimizing vulnerabilities and adhering to the Zero Trust framework.
๐ This visual summary (attached) simplifies the key differences and highlights how these tools work together to strengthen cybersecurity.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
In todayโs rapidly evolving cybersecurity landscape, managing access and securing sensitive data is more critical than ever. Two foundational tools in this effort are Identity and Access Management (IAM) and Privileged Access Management (PAM). While both are essential, they serve distinct purposes:
๐ Identity and Access Management (IAM)
๐ป Focus: Managing identities and access rights for all users.
๐ป Scope: Broader, covering employees, contractors, partners, and even devices.
๐ป Key Functions: Authentication, Single Sign-On (SSO), user provisioning/de-provisioning, governance, and compliance reporting.
๐ป Goal: Streamlining access across the IT ecosystem while improving operational efficiency and ensuring compliance.
๐ Privileged Access Management (PAM)
๐ป Focus: Securing and controlling access to privileged accounts with elevated permissions.
๐ป Scope: Narrower, targeting administrators, IT staff, service accounts, and third-party vendors.
๐ป Key Functions: Credential vaulting, session monitoring, least privilege enforcement, and just-in-time access.
๐ป Goal: Protecting critical systems and sensitive data from breaches or abuse of high-risk accounts.
Implementing both IAM and PAM creates a layered security approach. IAM ensures proper access for all users, while PAM locks down high-risk areas, minimizing vulnerabilities and adhering to the Zero Trust framework.
๐ This visual summary (attached) simplifies the key differences and highlights how these tools work together to strengthen cybersecurity.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆUnderstanding Modern Cybersecurity Tools: EDR, XDR, SOAR, SIEM, and Integrated Solutions ๐จ
Navigating the world of cybersecurity solutions can be complex. Each tool serves a unique purpose, but understanding their differences is crucial for building an effective security strategy. Here's a quick comparison:
โ EDR (Endpoint Detection and Response): Focuses on endpoint security by detecting/responding to threats on devices like laptops and servers. Great for organizations with endpoint-centric threats.
โ XDR (Extended Detection and Response): Expands visibility across endpoints, networks, and cloud environments, providing unified threat detection across domains.
โ SOAR (Security Orchestration, Automation, and Response): Automates and streamlines incident response processes, saving time and improving efficiency.
โ SIEM (Security Information and Event Management): Offers centralized log management and real-time monitoring for identifying and correlating security events.
โ Integrated Solution (EDR + XDR + SOAR + SIEM): Combines the strengths of all these tools for holistic threat detection, response, and seamless integration.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Navigating the world of cybersecurity solutions can be complex. Each tool serves a unique purpose, but understanding their differences is crucial for building an effective security strategy. Here's a quick comparison:
โ EDR (Endpoint Detection and Response): Focuses on endpoint security by detecting/responding to threats on devices like laptops and servers. Great for organizations with endpoint-centric threats.
โ XDR (Extended Detection and Response): Expands visibility across endpoints, networks, and cloud environments, providing unified threat detection across domains.
โ SOAR (Security Orchestration, Automation, and Response): Automates and streamlines incident response processes, saving time and improving efficiency.
โ SIEM (Security Information and Event Management): Offers centralized log management and real-time monitoring for identifying and correlating security events.
โ Integrated Solution (EDR + XDR + SOAR + SIEM): Combines the strengths of all these tools for holistic threat detection, response, and seamless integration.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ๐๐๐ ๐๐๐ Testing Method
While "DOM Invader" is not a new feature of Burp, I feel that alot of people don't use it enough (or are not aware of it)
It works by submiting a random string generated by Burp (named "canary") in existing input fields or URL parameters
Then "DOM Invader" will check how your input is processed, providing you with necessary context and sanitization details.
1. Start Burp Browser
2. Turn on the DOM Invader
3. Copy and Paste the canary in the target input field or URL parameter
4. Check the DOM Invader tab for "Interesting sinks"
5. Craft the payload or use the "Exploit" option to automate
Ref: Andrei Agape
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
While "DOM Invader" is not a new feature of Burp, I feel that alot of people don't use it enough (or are not aware of it)
It works by submiting a random string generated by Burp (named "canary") in existing input fields or URL parameters
Then "DOM Invader" will check how your input is processed, providing you with necessary context and sanitization details.
1. Start Burp Browser
2. Turn on the DOM Invader
3. Copy and Paste the canary in the target input field or URL parameter
4. Check the DOM Invader tab for "Interesting sinks"
5. Craft the payload or use the "Exploit" option to automate
Ref: Andrei Agape
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆMalwares Detection bypass:
๐ด๐๐๐๐๐๐๐ ๐บ๐๐๐๐๐๐๐๐๐ ๐ฌ๐๐๐๐๐๐๐๐ ๐ฏ๐๐๐ ๐๐๐๐ ๐ก
In malware analysis, one common anti-disassembly technique is ๐๐ญ๐ซ๐ฎ๐๐ญ๐ฎ๐ซ๐๐ ๐๐ฑ๐๐๐ฉ๐ญ๐ข๐จ๐ง ๐๐๐ง๐๐ฅ๐ข๐ง๐ (๐๐๐) manipulation.
SEH is a mechanism in Windows for managing exceptions, but it can also be exploited to confuse disassemblers and debuggers. By injecting fake exception records into the SEH chain, attackers can redirect program flow, making it difficult for static analysis tools to follow the actual execution path. This redirection not only complicates reverse engineering but also disrupts debugging processes, forcing tools to misinterpret or skip over key code sections.
Ref: Ait Ichou Mustapha
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ด๐๐๐๐๐๐๐ ๐บ๐๐๐๐๐๐๐๐๐ ๐ฌ๐๐๐๐๐๐๐๐ ๐ฏ๐๐๐ ๐๐๐๐ ๐ก
In malware analysis, one common anti-disassembly technique is ๐๐ญ๐ซ๐ฎ๐๐ญ๐ฎ๐ซ๐๐ ๐๐ฑ๐๐๐ฉ๐ญ๐ข๐จ๐ง ๐๐๐ง๐๐ฅ๐ข๐ง๐ (๐๐๐) manipulation.
SEH is a mechanism in Windows for managing exceptions, but it can also be exploited to confuse disassemblers and debuggers. By injecting fake exception records into the SEH chain, attackers can redirect program flow, making it difficult for static analysis tools to follow the actual execution path. This redirection not only complicates reverse engineering but also disrupts debugging processes, forcing tools to misinterpret or skip over key code sections.
Ref: Ait Ichou Mustapha
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ2025 ๐
๐๐๐ ๐๐๐๐ ๐๐๐๐ ๐๐๐๐๐ ๐๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐๐ (New Urls):
๐ HackerSploit Training Course -Part 1- (YouTube):
https://lnkd.in/eH3UYgp5
๐ HackerSploit Training Course -Part 2- (Linode Live):
https://lnkd.in/ebEGVdGY
๐ Network Defense/Digital Forensics (EC-Council):
https://lnkd.in/ewiVUkYt
๐ Introduction to Cyber Security -with Case Study: WhatsApp Attack- (Great Learning):
https://lnkd.in/eUdRn8Km
๐ Digital Forensics (Infosec Train):
https://lnkd.in/eR58kTPJ
๐ Introduction Courses (Security Blue Team):
https://lnkd.in/efuAKp4h
๐ Introduction to Cyber Security/Cloud Security/CISSP (Simplilearn):
https://lnkd.in/ey5TPBdr
๐ Network Security NSE1/NSE2/NSE3 (Fortinet NETWORK SECURITY):
https://lnkd.in/ehV9aUm7
๐ SOC Analyst (Splunk):
https://lnkd.in/esq4zFTg
๐ Proactive Security Operations Center (Picus Security Academy):
https://lnkd.in/eYA26eN5
๐ Certified in Cybersecurityโ - CC (ISC2):
https://lnkd.in/eq2E2ci8
๐ Cyber Aces (SANS Institute):
https://lnkd.in/eNCPrtdd
๐ Introduction to IT and Cybersecurity (Cybrary):
https://lnkd.in/emAES4i7
๐ SOC Analyst Pathway: LetsDefend https://letsdefend.io/
๐ Computer Systems Security (Massachusetts Institute of Technology):
https://lnkd.in/eUDQeT3v
Ref: Adnan AlamAdnan Alam
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ HackerSploit Training Course -Part 1- (YouTube):
https://lnkd.in/eH3UYgp5
๐ HackerSploit Training Course -Part 2- (Linode Live):
https://lnkd.in/ebEGVdGY
๐ Network Defense/Digital Forensics (EC-Council):
https://lnkd.in/ewiVUkYt
๐ Introduction to Cyber Security -with Case Study: WhatsApp Attack- (Great Learning):
https://lnkd.in/eUdRn8Km
๐ Digital Forensics (Infosec Train):
https://lnkd.in/eR58kTPJ
๐ Introduction Courses (Security Blue Team):
https://lnkd.in/efuAKp4h
๐ Introduction to Cyber Security/Cloud Security/CISSP (Simplilearn):
https://lnkd.in/ey5TPBdr
๐ Network Security NSE1/NSE2/NSE3 (Fortinet NETWORK SECURITY):
https://lnkd.in/ehV9aUm7
๐ SOC Analyst (Splunk):
https://lnkd.in/esq4zFTg
๐ Proactive Security Operations Center (Picus Security Academy):
https://lnkd.in/eYA26eN5
๐ Certified in Cybersecurityโ - CC (ISC2):
https://lnkd.in/eq2E2ci8
๐ Cyber Aces (SANS Institute):
https://lnkd.in/eNCPrtdd
๐ Introduction to IT and Cybersecurity (Cybrary):
https://lnkd.in/emAES4i7
๐ SOC Analyst Pathway: LetsDefend https://letsdefend.io/
๐ Computer Systems Security (Massachusetts Institute of Technology):
https://lnkd.in/eUDQeT3v
Ref: Adnan AlamAdnan Alam
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆAI Agents: The Security Approach ๐
AI agents are changing the game, helping us solve problems and innovate faster than ever. But with all this power comes many questions, some of them: How do we keep them safe? What should be the security considerations for each layer of this future AI framework?
*๏ธโฃ Input Layer
> Security Risk: Data poisoning and adversarial attacks could corrupt input data or manipulate real-time feedback loops.
> Tip: Implement data validation pipelines to sanitize incoming data.
Use secure APIs for real-time inputs and Continuously monitor for anomalies in user feedback patterns.
*๏ธโฃ Agent Orchestration Layer
> Security Risk: Inter-agent communication could be exploited for unauthorized data sharing or infiltration.
> Tip: Use end-to-end encryption for inter-agent communication. Employ RBAC to ensure agents only perform tasks for which theyโre authorized and Monitor orchestration processes for unexpected task allocation behaviors.
*๏ธโฃ AI Agents Layer
> Security Risk: Malicious actors could exploit self-learning loops to insert harmful behaviors or compromise models.
> Tip: Regularly test models with adversarial simulation frameworks to identify vulnerabilities. Log and review planning, reflection, and tool usage steps to detect anomalies and secure model updates to prevent injection attacks during retraining.
*๏ธโฃ Retrieval Layer
> Security Risk: Vector stores and knowledge graphs are high-value targets for attackers seeking to steal or manipulate critical information.
> Tip: Encrypt data at rest and in transit using robust protocols like AES-256. Apply zero-trust principles to storage accessโverify every request. Maintain immutable logs to track data access and modifications.
*๏ธโฃ Output Layer
> Security Risk: Unauthorized enrichment or synthetic data generation could leak sensitive information or introduce malicious payloads.
> Tip: Use watermarking and audit trails for enriched outputs. Apply strict controls to ensure customizable outputs donโt expose sensitive data and
Integrate DLP policies into output workflows.
*๏ธโฃ Service Layer
> Security Risk: Automated insight generation and multi-channel delivery could introduce phishing or unauthorized data dissemination risks.
> Tip: Implement AI-generated output verification to prevent spoofing or misinformation. Regularly audit multi-channel delivery systems for misconfigured endpoints. Enforce secure delivery protocols to safeguard automated insights.
๐ก Foundational Security Principles
> Ethics & Responsible AI: Regularly assess models for biases that attackers could exploit.
> Compliance: Align with frameworks like GDPR, CCPA, and AI-specific laws.
> Human-AI Collaboration: Build explainability into every decision to reduce the "black box" effect.
Ref: Elli Shlomo (IR)Elli Shlomo (IR)
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
AI agents are changing the game, helping us solve problems and innovate faster than ever. But with all this power comes many questions, some of them: How do we keep them safe? What should be the security considerations for each layer of this future AI framework?
*๏ธโฃ Input Layer
> Security Risk: Data poisoning and adversarial attacks could corrupt input data or manipulate real-time feedback loops.
> Tip: Implement data validation pipelines to sanitize incoming data.
Use secure APIs for real-time inputs and Continuously monitor for anomalies in user feedback patterns.
*๏ธโฃ Agent Orchestration Layer
> Security Risk: Inter-agent communication could be exploited for unauthorized data sharing or infiltration.
> Tip: Use end-to-end encryption for inter-agent communication. Employ RBAC to ensure agents only perform tasks for which theyโre authorized and Monitor orchestration processes for unexpected task allocation behaviors.
*๏ธโฃ AI Agents Layer
> Security Risk: Malicious actors could exploit self-learning loops to insert harmful behaviors or compromise models.
> Tip: Regularly test models with adversarial simulation frameworks to identify vulnerabilities. Log and review planning, reflection, and tool usage steps to detect anomalies and secure model updates to prevent injection attacks during retraining.
*๏ธโฃ Retrieval Layer
> Security Risk: Vector stores and knowledge graphs are high-value targets for attackers seeking to steal or manipulate critical information.
> Tip: Encrypt data at rest and in transit using robust protocols like AES-256. Apply zero-trust principles to storage accessโverify every request. Maintain immutable logs to track data access and modifications.
*๏ธโฃ Output Layer
> Security Risk: Unauthorized enrichment or synthetic data generation could leak sensitive information or introduce malicious payloads.
> Tip: Use watermarking and audit trails for enriched outputs. Apply strict controls to ensure customizable outputs donโt expose sensitive data and
Integrate DLP policies into output workflows.
*๏ธโฃ Service Layer
> Security Risk: Automated insight generation and multi-channel delivery could introduce phishing or unauthorized data dissemination risks.
> Tip: Implement AI-generated output verification to prevent spoofing or misinformation. Regularly audit multi-channel delivery systems for misconfigured endpoints. Enforce secure delivery protocols to safeguard automated insights.
๐ก Foundational Security Principles
> Ethics & Responsible AI: Regularly assess models for biases that attackers could exploit.
> Compliance: Align with frameworks like GDPR, CCPA, and AI-specific laws.
> Human-AI Collaboration: Build explainability into every decision to reduce the "black box" effect.
Ref: Elli Shlomo (IR)Elli Shlomo (IR)
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
๐ฆ The Data Privacy Checklist: 7 Must-Have Practices for Every Organization
Protecting data is no longer optional, it's a necessity. Whether you're a startup or a global enterprise, safeguarding sensitive information must be at the core of your operations. Here are 7 essential data privacy practices that every organization should implement:
๐ Data Encryption: Encrypt sensitive data at rest and in transit to shield it from unauthorized access.
๐ Regular Software Updates: Keep systems up to date to eliminate vulnerabilities.
๐ Strong Authentication: Implement multi-factor authentication (MFA) for robust security.
๐ฉโ๐ซ Employee Training: Educate your team on phishing, social engineering, and data protection protocols.
๐พ Backup and Recovery: Regularly back up data and establish a recovery plan for emergencies.
๐ค Third-Party Risk Management: Vet vendors to ensure their practices align with your standards.
โก๏ธ Incident Response Plan: Be ready to manage and mitigate breaches swiftly.
๐ By integrating these practices into your cybersecurity strategy, you can reduce risks and ensure compliance with data protection standards.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Protecting data is no longer optional, it's a necessity. Whether you're a startup or a global enterprise, safeguarding sensitive information must be at the core of your operations. Here are 7 essential data privacy practices that every organization should implement:
๐ Data Encryption: Encrypt sensitive data at rest and in transit to shield it from unauthorized access.
๐ Regular Software Updates: Keep systems up to date to eliminate vulnerabilities.
๐ Strong Authentication: Implement multi-factor authentication (MFA) for robust security.
๐ฉโ๐ซ Employee Training: Educate your team on phishing, social engineering, and data protection protocols.
๐พ Backup and Recovery: Regularly back up data and establish a recovery plan for emergencies.
๐ค Third-Party Risk Management: Vet vendors to ensure their practices align with your standards.
โก๏ธ Incident Response Plan: Be ready to manage and mitigate breaches swiftly.
๐ By integrating these practices into your cybersecurity strategy, you can reduce risks and ensure compliance with data protection standards.
Ref: Fadi Kazdar
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆ How to Hunt LFI Using Google Dorks - PoC ๐จ
Welcome to another exciting episode on HackWithRohit! ๐
In this video, weโll dive deep into:
๐ Local File Inclusion (LFI) vulnerabilities and how they can expose sensitive files on web servers.
๐ก Leveraging Google Dorks as a powerful tool to uncover vulnerable endpoints.
๐ A step-by-step demonstration of identifying and exploiting LFI in real-world scenarios.
๐ก Disclaimer:
This video is strictly for educational purposes only. Always ensure you have permission to test and follow ethical hacking guidelines. Unauthorized testing or exploitation is illegal and against the principles of ethical hacking.
๐ฌ Discussion Time:
Have you encountered LFI during your bug hunting journey?
Share your tips and tricks in the comments!
๐ Donโt forget to like, comment, and subscribe to stay updated on the latest bug bounty techniques and tools.
Ref: ROHITH SROHITH S
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Welcome to another exciting episode on HackWithRohit! ๐
In this video, weโll dive deep into:
๐ Local File Inclusion (LFI) vulnerabilities and how they can expose sensitive files on web servers.
๐ก Leveraging Google Dorks as a powerful tool to uncover vulnerable endpoints.
๐ A step-by-step demonstration of identifying and exploiting LFI in real-world scenarios.
๐ก Disclaimer:
This video is strictly for educational purposes only. Always ensure you have permission to test and follow ethical hacking guidelines. Unauthorized testing or exploitation is illegal and against the principles of ethical hacking.
๐ฌ Discussion Time:
Have you encountered LFI during your bug hunting journey?
Share your tips and tricks in the comments!
๐ Donโt forget to like, comment, and subscribe to stay updated on the latest bug bounty techniques and tools.
Ref: ROHITH SROHITH S
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ