🦑The following payloads are all valid e-mail addresses. we can use those payloads in our bug bounty journey

REf: Zlatan H.

🦑Essential Study Notes for CEH (Certified Ethical Hacker) Certification 📚

The Certified Ethical Hacker (CEH) certification is a benchmark for anyone looking to excel in ethical hacking and cybersecurity. To help you on your journey, here’s a detailed overview of what you’ll learn with these CEH study notes:

🛠 Key Topics Covered:

1️⃣ Footprinting and Reconnaissance: Learn how attackers gather information about a target system and how to counteract it.
2️⃣ Scanning Networks: Understand the tools and techniques used to identify vulnerabilities in networks.
3️⃣ Gaining Access: Dive into methods attackers use to exploit vulnerabilities and how to mitigate them.
4️⃣ Maintaining Access: Discover how attackers establish backdoors and how to detect and eliminate them.
5️⃣ Covering Tracks: Learn methods used by attackers to hide their activity and how to uncover these traces.
6️⃣ Malware Threats: Get insights into Trojans, viruses, worms, and other forms of malware.
7️⃣ Social Engineering: Explore techniques used to exploit human vulnerabilities and how to safeguard against them.
8️⃣ Web Application Security: Understand how web applications are exploited and the measures needed to secure them.
9️⃣ Wireless Network Security: Learn about Wi-Fi vulnerabilities and secure configurations.
🔟 Tools & Frameworks: Master the use of tools like Metasploit, Nmap, Burp Suite, and more.

🧠 Why CEH Notes are Important:
• Concise and Exam-Focused: Designed to help you grasp key concepts quickly.
• Real-World Relevance: Learn tactics used by ethical hackers in real scenarios.
• Practical Guidance: Tips for applying concepts to real-life cybersecurity challenges.

📈 Benefits of Studying CEH:
• Build foundational skills in penetration testing.
• Enhance your understanding of cybersecurity defense strategies.
• Gain recognition in the industry with a globally respected certification.

Ref: in pdf
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 These Microsoft Labs are an excellent way to deepen your knowledge and boost your exam readiness!

🔹 Enroll for the Azure Administrator AZ-104 Practice Test with Labs
🧪 https://lnkd.in/dJcSggXB

🔹 Course AZ-104T00
🔹 96-Hour Course
🧪 Course Link: https://lnkd.in/ds32UBjW
🔹 Practice Test with Labs
🧪 https://lnkd.in/dtPYNDef

🔹 Manage Azure Entra ID Identities
🧪 https://lnkd.in/diDaDxjX

🔹 Manage Subscriptions and RBAC
🧪 https://lnkd.in/dmuqpxUJ

🔹 Manage Governance via Azure Policy
🧪 https://lnkd.in/di3iBw6h

🔹 Manage Azure Resources by using the Azure Portal
🧪 https://lnkd.in/d9V2h2xd

🔹 Manage Azure resources by using Azure Resource Manage Templates
🧪 https://lnkd.in/dGnVX6dM

🔹 Manage Azure Resources by using Azure PowerShell
🧪 https://lnkd.in/dGS_V9St

🔹 Manage Azure resources by using the Azure CLI
🧪 https://lnkd.in/dqvrkGhY

🔹 Implement Virtual networking
🧪 https://lnkd.in/d6yejKdB

🔹 Implement inter site Connectivity
🧪 https://lnkd.in/dCGARJFp

🔹 Implement Traffic management
🧪 https://lnkd.in/dWJDZ4HD

🔹 Manage Azure Storage
🧪 https://lnkd.in/dbmGjkTi

Ref: Anuradha Samaranayake
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑One of the visualization tools that can help in detecting anomalies in large amounts of data that you may not know!

If you are in the cybersecurity field, you know the importance of analyzing large volumes of log data.. 😮‍💨

This tool is an open-source visualization software designed to interactively explore and understand massive amounts of tabular data!

𝐒𝐪𝐮𝐞𝐲

🔹It gives users an detailed yet intuitive multi-view representation of column-oriented data and can ingest from:
- Structured text files (CSV, logs, ...)
- Apache Parquet files
- Pcap files
- SQL databases
- Elasticsearch databases

🔹 It delivers value through its VISU approach:
- Visualize: Leverage various visual representations of raw data in combination with statistics.
- Investigate: Use filters to build an accurate understanding of millions of rows while switching instantly between capturing the big picture and focusing on the details.
- Spot the Unknown: As a structured understanding of the data emerges, identify unknowns and anomalies.

🔹 It can be used for many different purposes, such as:
Cybersecurity (to detect attacks and data leaks), BI and Big Data, IT troubleshooting, and Machine Learning.

🔗 To download: squey[.]org/download/
🔗 Documentation: doc[.]squey[.]org

🔴 If you want my advice, I would recommend installing it and solve a network forensics (PCAP file) challenge, to have an idea about it first 😉

🔴Note: To install it on Windows, you need to have installed and enabled WSL2.

Ref: Shbib
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2025 FREE Certification Courses!

No Fee, No Subscription, No Registration Required, Just Start Learning.
These Courses Includes Video Lectures, Tutorial and Easy Notes.
All courses are from the Microsoft Learn platform.
Microsoft Learn
.

1-Microsoft Azure Administrator
- Course AZ-104T00
- Course Link: https://lnkd.in/dUEGRTgq

2-Configuring and Operating Microsoft Azure Virtual Desktop
- Course AZ-140
- Course Link: https://lnkd.in/dWCUPjTC

3-Designing Microsoft Azure Infrastructure Solutions
- Course AZ-305T00
- Course Link: https://lnkd.in/dmvHyJ_z

4-Developing Solutions for Microsoft Azure
- Course AZ-204T00
- Course Link:https://lnkd.in/dtfBZBN6

5-Designing and Implementing Microsoft DevOps solutions
- Course AZ-400T00
- Course Link:https://lnkd.in/drCiHKgM

6-Designing and Implementing a Microsoft Azure AI Solution
- Course AI-102T00
- Course Link: https://lnkd.in/ducvr87J

7-Develop Generative AI Solutions with Azure OpenAI Service
- Course AI-050T00
- Course Link: https://lnkd.in/dJFW_PgR

8- Microsoft Security, Compliance, and Identity Fundamentals
- Course SC-900T00
- Course Link: https://lnkd.in/dRgx4EKG

9- Data Engineering on Microsoft Azure
- Course DP-203T00
- Course Link: https://lnkd.in/dSU6QmgT

10-Microsoft Security Operations Analyst
- Course SC-200T00
- Course Link: https://lnkd.in/d2EYRJph

11- Designing and Implementing Microsoft Azure Networking Solutions
- Course AZ-700T00
- Course Link: https://lnkd.in/dhDBjPaK

12-Designing and implementing a data science solution on Azure
- Course DP-100T01
- Course Link: https://lnkd.in/dUsB4GS6

13-Administering Microsoft Azure SQL Solutions
- Course DP-300T00
- Course Link:https://lnkd.in/d-5CzTDz

14-Microsoft Cybersecurity Architect
- Course SC-100T00
- Course Link: https://lnkd.in/dRhNSNsQ

15-Microsoft Azure Security Technologies
- Course AZ-500T00
- Course Link:https://lnkd.in/dPARyEZB

16-Azure Support Engineer Troubleshooting Azure Connectivity
- Course AZ-720T00
- Course Link: https://lnkd.in/d87-6RmC

17-Administering Windows Server Hybrid Core Infrastructure
- Course AZ-800T00
- Course Link:https://lnkd.in/dimC-puE

18-Configuring Windows Server Hybrid Advanced Services
- Course AZ-801T00
-Course Link:https://lnkd.in/dmXNAtP5

Ref: Shahzad MS
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bypassing CrowdStrike EDR with Hookchain and Custom Shellcode 🚨

🔍 Key Points:
- Utilizing the Hookchain technique for evasion of detection.
- Designing custom shellcode for discreet execution.
- Illustrating the necessity for robust detection methods surpassing traditional EDR capabilities.

This experiment sheds light on critical vulnerabilities that sophisticated attackers could exploit, emphasizing the significance of embracing multi-layered security approaches.

🛡️ Disclaimer: This exploration serves solely for educational purposes, aiming to deepen comprehension of EDR bypass strategies for enhanced defense mechanisms. The primary objective? Strengthening cybersecurity infrastructures.

Ref: Ammar. A
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Broken Access Control: From Password Reset to Mass Account Takeover

A critical vulnerability in the password reset functionality of an API endpoint (/api/u/resetPwd). Here’s how it unfolded:

1️⃣ The endpoint accepts a username parameter and sends a password reset link to the user's email.
2️⃣ The use of "u" in the endpoint (u=user) hinted that other roles like admin (a=admin) or superuser (su) might exist.
3️⃣ Attempts to reset admin passwords via /api/admin/resetPwd and /api/administrator/resetPwd failed.
4️⃣ However, /api/su/resetPwd worked, allowing me to reset the superuser password!
5️⃣ The reset mechanism generated predictable passwords like username + ab12*. For example, resetting for admin resulted in adminab12*.

🎯 Impact: This flaw allowed unauthorized access to critical accounts, leading to mass account takeover.

Ref: Amit Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Anti Forensic Techniques Repositories #1

Anti Forensic Techniques
https://lnkd.in/dWmF3ikg

Awesome Anti Forensic by Shadawck
https://lnkd.in/dm2MFpV6

Anti Forensic Techniques by Hacktricks
https://lnkd.in/dimT7PJb

Windows Anti Forensic Script by MikeHorn
https://lnkd.in/d2h39Kg2

Anti Forensic Detection Tool by kuritsutianu
https://lnkd.in/dq4-7T9m

Anti Forensics Tool For Red Teamers by PaulNorman01
https://lnkd.in/d9A7t_Tx

AntiForensic.NET :: Windows anti-forensics made easy by hsheric0210
https://lnkd.in/dMsRJRYR

Anti Forensic Study by CCDCOE
https://lnkd.in/djhFgdqz

Ref: Joas A Santos
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Awesome Security - A collection of awesome software, libraries, documents, books, and resources about security.

🔗https://lnkd.in/dGb2hzyY
Awesome Web Security - Web Security materials and resources for cutting-edge penetration techniques.

🔗https://lnkd.in/d3kxd9ik

⭕️Awesome Machine Learning for Cyber Security Tools and resources on machine learning for cybersecurity.

🔗https://lnkd.in/dZPtJmXV

⭕️awesome-web-hacking - Resources for learning about web application security.

🔗https://lnkd.in/dqmeXsgj

⭕️awesome-mobile-security - Maintained by @vaib25vicky with contributions from the security and developer communities.

🔗https://lnkd.in/dbbvfeYT

⭕️awesome-threat-intelligence - A curated list of awesome Threat Intelligence resources.

🔗https://lnkd.in/dSPyZAQn
awesome-security-hardening - Collection of security hardening guides, best practices, and tools.

🔗https://lnkd.in/de_PyRxH
security-hardening

⭕️Awesome Cyber Security - A collection of software, libraries, documents, and resources about security.

🔗https://lnkd.in/dXztUHKk

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑OTP Bypass on Register account via Response manipulation:

1. First Method
1. Register account with mobile number and request for OTP.
2. Enter incorrect OTP and capture the request in Burpsuite.
3. Do intercept response to this request and forward the request.
4. response will be
{"verificationStatus": false, "mobile": 9072346577", "profileld": "84673832"}
5. Change this response to
{"verificationStatus": true, "mobile": 9072346577", "profileId": "84673832" }
6. And forward the response.
7. You will be logged in to the account.

Impact: Account Takeover

2. Second Method.
1. Go to login and wait for OTP pop up.
2. Enter incorrect OTP and capture the request in Burpsuite.
3. Do intercept response to this request and forward the request.
4. response will be <error>
5. Change this response to
success
6. And forward the response.

Ref: Het Vikam
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁