🦑SOC Automation Matrix: Capabilities and Gaps!

A structured framework to evaluate and optimize SOC automation potential to pinpoint critical areas for automation, implement targeted strategies, and significantly enhance threat response capabilities.

The matrix is organized into categories containing various automation capabilities. Each capability includes:

• Description: A brief overview of the capability.
• Techniques: Technology-agnostic ideas for implementation.
• Examples: Relevant workflow templates.
• References: Additional research contributing to capability.

This tool offers a platform-agnostic approach and delivers an independent reference point for us to assess what security automation can achieve and plan the next steps.

Source: https://tinesio.notion.site/4fd14ccf93e7408c8faf96c5aca8c3fd?v=ec12309e0f42446e83c08565c5dc52b2

The SOC Automation Capability Matrix connects threat hunting with data analysis by automating how security data is collected, processed, and enriched.

Ref: Dr. Meisam Eslahi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Tested

🦑𝐅𝐑𝐄𝐄 100% off #cybersecurity udemy course.
🆓 Total 100+ hours learning content.

🚨coupon code limit 100 or 1000 enrolments only.

CompTIA IT Fundamentals Exam FC0-U61 Simplified
(coupon code: AD897D891A9EF032AC18)
https://lnkd.in/gAbDPmr3

The #ISO 26000 Master Class: Empowering Ethical Leadership (coupon code: 0EBD8F6DFC2FF2DD905C)
https://lnkd.in/gt-_n2sy

IP Addressing and Subnetting - Hands-on Learning Approach (coupon code: 50A2C30D761734BE585A)
https://lnkd.in/gvTMBrKK

#CompTIA A+ (220-1102) Core 2 Practice Exams (coupon code: B3CA5A52F5C136D00A0E)
https://lnkd.in/gdMWx2cU

CompTIA A+ (220-1101) Core 1 Practice Exams (coupon code: DEA036405FE7E1908703)
https://lnkd.in/gnfwPir5

The Complete ISO 9001:2015 Master Class (coupon code: C2EC38DEDFFCED88471C)
https://lnkd.in/gKEBXYBN

Ref: Ahmad Parvez
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Video Link Injection Vulnerability:

The application is vulnerable to a link injection attack in the email content generated from the contact form. This vulnerability allows an attacker to inject malicious links into form fields, such as the "First Name" field, which are then included in the system-generated email. A successful exploitation can lead to phishing attacks, where users are redirected to fraudulent websites that may steal sensitive information like login credentials.

Ref: Aditay Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE LABS RED TEAM/BLUE TEAM and CTF SKILLS TO 2025:

Share with your network and friends.
· Attack-Defense - https://attackdefense.com
· Alert to win - https://alf.nu/alert1
· Buffer Overflow Labs - https://lnkd.in/eNbEWYh
· CryptoHack - https://cryptohack.org/
· CMD Challenge - https://cmdchallenge.com
· Cyberdefenders - https://lnkd.in/dVcmjEw8
· Damn Vulnerable Repository - https://lnkd.in/dEitQx6H
· Defend The Web - https://defendtheweb.net/
· Exploitation Education - https://exploit.education
· Google CTF - https://lnkd.in/e46drbz8
· HackTheBox - https://www.hackthebox.com
· Hacker101 - https://ctf.hacker101.com
· Hacking-Lab - https://hacking-lab.com/
· ImmersiveLabs - https://immersivelabs.com
· Infinity Learning CWL - https://lnkd.in/dbx-VhXu
· LetsDefend- https://letsdefend.io/
· NewbieContest - https://lnkd.in/ewBk6fU5
· OverTheWire - http://overthewire.org
· Practical Pentest Labs - https://lnkd.in/esq9Yuv5
· Pentestlab - https://pentesterlab.com
· Penetration Testing Practice Labs - https://lnkd.in/e6wVANYd
· PentestIT LAB - https://lab.pentestit.ru
· PicoCTF - https://picoctf.com
· PWNABLE - https://lnkd.in/eMEwBJzn
· Root-Me - https://www.root-me.org
· Red Team Exercises - https://lnkd.in/dMBfz-Sp
· Root in Jail - http://rootinjail.com
· SANS Challenger - https://lnkd.in/e5TAMawK
· SmashTheStack - https://lnkd.in/eVn9rP9p
· The Cryptopals Crypto Challenges - https://cryptopals.com
· Try Hack Me - https://tryhackme.com
· Vulnhub - https://www.vulnhub.com
· Vulnmachine - https://lnkd.in/eJ2e_kD
· W3Challs - https://w3challs.com
· WeChall - http://www.wechall.net
· Websploit - https://websploit.org/
· Zenk-Security - https://lnkd.in/ewJ5rNx2

Ref: Joas A Santos
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🎄CyberAdvent Day 21: pyDescribeSDDL - Simplify Windows SDDL Analysis

🔐 Ever struggled with decoding SDDL strings during audits or pentests? With pyDescribeSDDL, you can transform Security Descriptor Definition Language (SDDL) strings into readable insights effortlessly!

🛠 What is pyDescribeSDDL?
pyDescribeSDDL is a Python tool designed to parse and describe the contents of SDDL strings, making it easier to analyze Access Control Entries (ACEs), Access Control Lists (ACLs), and associated SIDs and GUIDs.

🔑 Key Features
1️⃣ Human-readable summaries: Use the --summary option to output clear and concise access information.
2️⃣ ACE Parsing: Supports detailed analysis of all major ACE types
3️⃣ SID Resolution: Automatically resolve well-known SIDs to their human-readable names.
4️⃣ GUID Parsing: Decode well-known GUIDs for easier interpretation.

📂 Check out pyDescribeSDDL here: https://github.com/p0dalirius/pyDescribeSDDL

Ref: Rémi Gascou (Podalirius)Rémi Gascou
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web Vulnerability Resource - XSS

Unferstanding XSS Attack
https://lnkd.in/dg9THu25

XSS Filter Evasion by johnermac
https://lnkd.in/dk_gpSRP

Payloads XSs Evasion by citybasebrooks
https://lnkd.in/d4YQjBxE

XSS Resource by BruteLogic
https://lnkd.in/dcVG-RSX

XSS Challegens
https://lnkd.in/dhcbNe6d
https://lnkd.in/dif8SVjK

How to Find XSS by HackerOne
https://lnkd.in/dvqNm5bT

Learning about Cross Site Scripting (XSS)
https://lnkd.in/dYETX2VV

XSS CheatSheet by Portswigger Labs
https://lnkd.in/dAxxwj4

Hacktivity XSS by HackerOne
https://lnkd.in/dNNM86wx

XSS Explained by NahamSec
https://lnkd.in/dJiTs2td

XSS Stored, Blind, Reflected and DOM by InsiderPhD
https://lnkd.in/d9KzwBfd

Web Hacking Beyond Alert by Wild West
https://lnkd.in/djbgjFS8

XSS Tools
XSSTRIKE https://lnkd.in/dJkuhQ4X
Dalfox https://lnkd.in/dp_UnjGM
XSSMap https://lnkd.in/dgfqdEhj
FinDOM XSS https://lnkd.in/dffQm67D

Ref: Joas A SantosJoas A Santos
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑[𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 - 𝐀𝐂𝐓𝐈𝐕𝐄 𝐃𝐈𝐑𝐄𝐂𝐓𝐎𝐑𝐘 𝐏𝐄𝐍𝐓𝐄𝐒𝐓]

Whether you are preparing for a certification or need to sharpen your skills for your pentests.

🤓Here is a list of resources 🤓:

𝐍𝐞𝐞𝐝 𝐭𝐨 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐞?
👉Set up and AD home lab with this blog post from spookysec:
https://lnkd.in/d-Dt7PBA

👉You also have a script here to set up a Vulnerable AD lab by WazeHell
https://lnkd.in/dyZS6WWr

👉 Check out the dedicated section on Active Directory of PenTips
https://lnkd.in/dhTP_eyt

👉Here is a collection of various common attack scenarios on Microsoft Azure Active Directory by Cloud-Architekt:
https://lnkd.in/dnFfRRMM

👉Julien Provenzano ☁️ shared a great document full of resources here:
https://lnkd.in/d-skx-R3

👉Finally here is an Active Directory Exploitation Cheat Sheet by Integration-IT
https://lnkd.in/dBijrUjT

Resources Credit : Gabrielle
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SOC Architectures & Frameworks: Key to Cybersecurity! 🚨
As cyber threats grow, choosing the right Security Operations Center (SOC) and framework is crucial. Here’s a quick guide:
SOC Architectures:
Centralized SOC: One location, best for large organizations.
Decentralized SOC: Multiple locations, ideal for global companies.
Virtual SOC: Cloud-based, cost-effective for SMBs.
Hybrid SOC: Combines all models, offering flexibility.
Popular Frameworks:
NIST CSF: Risk-based, customizable.
MITRE ATT&CK: Helps improve threat detection.
ISO 27001: Compliance-focused, globally recognized.
CIS Controls: Simple, prioritized security controls.
Key Considerations: Budget, company size, risk level, and compliance needs. Make the right choice to protect your organization!

Ref: in pdf
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

𝐋𝐀𝐁 15 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐀𝐧𝐚𝐥𝐲𝐬𝐢𝐬: 𝐃𝐢𝐬𝐜𝐨𝐯𝐞𝐫 𝐀𝐧𝐭𝐢-𝐃𝐢𝐬𝐚𝐬𝐬𝐞𝐦𝐛𝐥𝐲 𝐓𝐞𝐜𝐡𝐧𝐢𝐪𝐮𝐞𝐬

🦑Webshell Testing for Defenders 💡

Having automated tools to spin up web servers isn’t just convenient—it’s a game-changer for defenders. Here's why:

🔍 Detection Opportunities:
Use these servers to validate analytic coverage for:

🗂 File modifications (webshell uploads)
⚙️ Process executions (commands from shells)
🎯 Suspicious behaviors triggered by shells

💻 How to Use:

1️⃣ Deploy your favorite tools (Sysmon, EDR, XDR, etc.)
2️⃣ Grab a webshell of choice, upload it, and start testing!
3️⃣Observe logs, alerts, and behaviors to identify gaps in your coverage.

🔥 Tools for Testing:

➡️ Apache Builder: https://github.com/MHaggis/notes/tree/master/utilities/ApachePHPBuild
➡️ IIS Builder: https://github.com/MHaggis/notes/tree/master/utilities/IISBuilder

Ref: Michael H.Michael H.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Zero Trust Security: The Future of Cyber Defense 🔒

In today’s rapidly evolving digital landscape, protecting organizational assets requires a fundamental shift in how we approach security. Zero Trust Security has emerged as a game-changing framework designed to minimize risks and protect against sophisticated cyber threats.

Here’s a quick Zero Trust Security Cheatsheet to break it down:

📌 What is Zero Trust?
It’s a security model based on the principle of "Never Trust, Always Verify." Every user, device, and application must continuously prove their identity and intent, regardless of whether they are inside or outside the network.

📌 Key Pillars of Zero Trust:

1️⃣ Authentication Types:
🔻 Single-Factor Authentication (SFA): Basic, but less secure.
🔻 Multi-Factor Authentication (MFA): A core requirement for enhanced security.

2️⃣ Verticals Leveraging Zero Trust:
🔻 Banking & Financial Services
🔻 Government & Defense
🔻 IT & Healthcare
🔻 Retail, E-commerce, and more.

3️⃣ Top Technologies and Applications:
🔻 Technologies: Microsegmentation, Zero Trust Network Access (ZTNA), MFA, Secure Access Service Edge (SASE).
🔻 Applications: AI-powered analytics, Identity & Access Management (IAM), Endpoint Security, and Network Access Control (NAC).

4️⃣ Core Security Areas:
🔻 Application Security: Safeguarding web apps and APIs with tools like WAF and runtime protection.
🔻 Cloud Security: Using CASB, CIAM, and CDLP to monitor cloud environments.
🔻 IoT Security: Securing IoT devices with firewalls and device management.
🔻 Data Security: Preventing breaches with DLP, encryption, and data masking.
🔻 Network Security: Employing IDS, IPS, and segmentation to protect networks.

Ref: Fadi Kazdar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cloud Security Attacks - Repositorys

https://github.com/CyberSecurityUP/GCP-Pentest-Checklist

https://github.com/CyberSecurityUP/Cloud-Security-Attacks

🦑Manipulation of OTP Email Content via User-Injected Parameters in SAP SuccessFactors Career Portal

Ref: Aditay Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Windows Event IDs For SIEM Monitoring

1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379

Ref: Moham Hamadi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁