๐ฆ Just Released: A comprehensive Active Directory threat hunting tool that makes detecting suspicious activities easier than ever!
โจ Key Features:
โข Real-time attack detection
โข Advanced timing analysis
โข Pattern recognition
โข Multi-format reporting (CSV/JSON/HTML)
โข Built-in attack simulation
๐ Detects:
โข Password spray attacks
โข Brute force attempts
โข Account lockouts
โข Off-hours activity
โข Geographically impossible logins
โข Service account misuse
โข Admin account abuse
โก๏ธ Smart Analysis:
โข Time-based attack correlation
โข Activity pattern matching
โข User behavior analysis
โข Configurable business hours
โข Customizable thresholds
๐งช Includes Test Framework:
โข Simulate various attack scenarios
โข Validate detection capabilities
โข Test environment readiness
โข Verify audit policies
๐ Get started: https://lnkd.in/gbuaaswB
Michael H.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โจ Key Features:
โข Real-time attack detection
โข Advanced timing analysis
โข Pattern recognition
โข Multi-format reporting (CSV/JSON/HTML)
โข Built-in attack simulation
๐ Detects:
โข Password spray attacks
โข Brute force attempts
โข Account lockouts
โข Off-hours activity
โข Geographically impossible logins
โข Service account misuse
โข Admin account abuse
โก๏ธ Smart Analysis:
โข Time-based attack correlation
โข Activity pattern matching
โข User behavior analysis
โข Configurable business hours
โข Customizable thresholds
๐งช Includes Test Framework:
โข Simulate various attack scenarios
โข Validate detection capabilities
โข Test environment readiness
โข Verify audit policies
๐ Get started: https://lnkd.in/gbuaaswB
Michael H.
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
This media is not supported in your browser
VIEW IN TELEGRAM
Free AD-ThreatHunting
WIN_fhacking.pdf
522.6 KB
๐ฆ๐พ๐๐๐
๐๐๐ ๐ณ๐๐๐๐๐๐ ๐ช๐๐๐๐ ๐บ๐๐๐๐ ๐ก
Effective logging is the cornerstone of a robust security posture. This "Windows Logging Cheat Sheet" is designed to guide you in setting up essential Windows ๐๐ฎ๐๐ข๐ญ ๐๐จ๐ฅ๐ข๐๐ข๐๐ฌ and ๐๐จ๐ ๐ ๐ข๐ง๐ to kickstart your Log Management Program.
Effective logging is the cornerstone of a robust security posture. This "Windows Logging Cheat Sheet" is designed to guide you in setting up essential Windows ๐๐ฎ๐๐ข๐ญ ๐๐จ๐ฅ๐ข๐๐ข๐๐ฌ and ๐๐จ๐ ๐ ๐ข๐ง๐ to kickstart your Log Management Program.
๐ฆCritical Security Bug in Meta Ecosystem โ Zero-Click Account Takeover ๐
As cybersecurity researchers, my buddy Musawer Khan and I uncovered a Zero-Click Account Takeover (ATO) vulnerability in Meta's ecosystem. This vulnerability involved chaining two endpointsโone being a password reset URL that was indexed on platforms like URLScan and Wayback Machine. These URLs should ideally expire after a reasonable timeframe, yet they remained active and exploitable.
Impact:
1. Without requiring any user interaction (zero-click), we were able to gain unauthorized access to multiple accounts by chaining an endpoint and a password reset link.
2. This demonstrates a serious flaw in how reset links are managed, as they should expire promptly to mitigate potential misuse.
Despite providing a detailed proof-of-concept (PoC) showcasing the exploit, Meta Meta Facebook security team declined to classify this as a vulnerability under their bug bounty program, stating that the URLs were publicly exposed before indexing. However, the persistence of these sensitive URLs and the ability to exploit them points to a systemic issue.
Our Responsibility:
As responsible researchers, Musawer Khan and I ensured that all live URLs were expired from our side before disclosing the findings publicly. Our goal is to raise awareness about the importance of securing password reset mechanisms and ensuring that sensitive URLs are time-bound and properly invalidated.
Key Takeaways:
Password reset URLs should automatically expire after a short duration or after first use.
Mohaseen Katika
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
As cybersecurity researchers, my buddy Musawer Khan and I uncovered a Zero-Click Account Takeover (ATO) vulnerability in Meta's ecosystem. This vulnerability involved chaining two endpointsโone being a password reset URL that was indexed on platforms like URLScan and Wayback Machine. These URLs should ideally expire after a reasonable timeframe, yet they remained active and exploitable.
Impact:
1. Without requiring any user interaction (zero-click), we were able to gain unauthorized access to multiple accounts by chaining an endpoint and a password reset link.
2. This demonstrates a serious flaw in how reset links are managed, as they should expire promptly to mitigate potential misuse.
Despite providing a detailed proof-of-concept (PoC) showcasing the exploit, Meta Meta Facebook security team declined to classify this as a vulnerability under their bug bounty program, stating that the URLs were publicly exposed before indexing. However, the persistence of these sensitive URLs and the ability to exploit them points to a systemic issue.
Our Responsibility:
As responsible researchers, Musawer Khan and I ensured that all live URLs were expired from our side before disclosing the findings publicly. Our goal is to raise awareness about the importance of securing password reset mechanisms and ensuring that sensitive URLs are time-bound and properly invalidated.
Key Takeaways:
Password reset URLs should automatically expire after a short duration or after first use.
Mohaseen Katika
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
This media is not supported in your browser
VIEW IN TELEGRAM
Security Bug in Meta Ecosystem โ Zero-Click Account Takeover
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆ Evade Kaspersky Total Security and Trend Micro Maximum Security and Windows Defender, tested on Windows 10 & 11. Using the following techniques.
๐กLoad custom DLL (API.dll) to obfuscate API calls.
๐กAES encryption to obfuscate shellcode
๐กDecrypt shellcode in memory to prevent static detection
๐กAllocate & execute shellcode with VirtualProtect to bypass memory protection
๐กLoad custom DLL (API.dll) to obfuscate API calls.
๐กAES encryption to obfuscate shellcode
๐กDecrypt shellcode in memory to prevent static detection
๐กAllocate & execute shellcode with VirtualProtect to bypass memory protection
UNDERCODE TESTING
Photo
๐ฆ4 FREE projects provided by the NSA.
Courses include lab files, links, and step-by-step guides.
1. NSA NCCP Course: Network Penetration Testing
-https://lnkd.in/gGcea5KN
-Modules Include: Introduction to Penetration Testing, Reconnaissance, Scanning, Exploitation, Password Attacks, Wireless Security
2.NSA NCCP Course: Digital Forensics
-https://lnkd.in/gM7YDxyH
-Modules Include: Introduction to Digital Forensics, First Response and Investigation, Digital Forensics Investigation Steps, Introduction to File System, Memory/Live Forensics, Tools for Filesystem Investigation
3.NSA NCCP Course: Computer Security
-https://lnkd.in/g6EDzaYE
-Modules Include: Intro to Computer Security, User Authentication, Cryptographic Tools, Malware, DOS Attacks, Buffer Overflow, Intrusion Detection, Access Controls
4. NSA NCCP Course: Machine Learning for Cybersecurity
-https://lnkd.in/gc95XzUX
-Modules Include: Creating a Safe Lab Environment, File Formats, The Windows API, Automated Sandboxes, Monitoring Tools, Malware Delivery Mechanisms, Basic Analysis Techniques, Detecting Packers and Code Obfuscation.
Ref: Mohamed Hamdi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Courses include lab files, links, and step-by-step guides.
1. NSA NCCP Course: Network Penetration Testing
-https://lnkd.in/gGcea5KN
-Modules Include: Introduction to Penetration Testing, Reconnaissance, Scanning, Exploitation, Password Attacks, Wireless Security
2.NSA NCCP Course: Digital Forensics
-https://lnkd.in/gM7YDxyH
-Modules Include: Introduction to Digital Forensics, First Response and Investigation, Digital Forensics Investigation Steps, Introduction to File System, Memory/Live Forensics, Tools for Filesystem Investigation
3.NSA NCCP Course: Computer Security
-https://lnkd.in/g6EDzaYE
-Modules Include: Intro to Computer Security, User Authentication, Cryptographic Tools, Malware, DOS Attacks, Buffer Overflow, Intrusion Detection, Access Controls
4. NSA NCCP Course: Machine Learning for Cybersecurity
-https://lnkd.in/gc95XzUX
-Modules Include: Creating a Safe Lab Environment, File Formats, The Windows API, Automated Sandboxes, Monitoring Tools, Malware Delivery Mechanisms, Basic Analysis Techniques, Detecting Packers and Code Obfuscation.
Ref: Mohamed Hamdi
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
lnkd.in
LinkedIn
This link will take you to a page thatโs not on LinkedIn
This media is not supported in your browser
VIEW IN TELEGRAM
๐ฆFind Hidden Endpoint with JS Bookmark
Ref: Sin4Yeganeh
Ref: Sin4Yeganeh
Pro for FREE.pdf
713.2 KB
๐ฆ 100 Free Security Tools for Ethical Hackers and Forensic Investigators ๐
Are you passionate about ethical hacking, digital forensics, or cybersecurity?
Iโm excited to share a free PDF resource containing 100 security tools designed for:
โ Ethical hackers
โ Forensic investigators
โ Cybersecurity enthusiasts
ยป This comprehensive guide includes tools for:
Digital Forensics: Autopsy, Sleuth Kit, Magnet AXIOM
Network Analysis: Wireshark, NetworkMiner, Tcpdump
Memory Forensics: Volatility, Rekall, Memoryze
OSINT and Recon: Shodan, Maltego, OSINT Framework
Data Recovery: TestDisk, PhotoRec, Scalpel
Whether youโre analyzing malware, securing networks, or investigating incidents, this toolkit is a game-changer for professionals and learners alike.
Ref: NADJIB BOUKERROUNI
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Are you passionate about ethical hacking, digital forensics, or cybersecurity?
Iโm excited to share a free PDF resource containing 100 security tools designed for:
โ Ethical hackers
โ Forensic investigators
โ Cybersecurity enthusiasts
ยป This comprehensive guide includes tools for:
Digital Forensics: Autopsy, Sleuth Kit, Magnet AXIOM
Network Analysis: Wireshark, NetworkMiner, Tcpdump
Memory Forensics: Volatility, Rekall, Memoryze
OSINT and Recon: Shodan, Maltego, OSINT Framework
Data Recovery: TestDisk, PhotoRec, Scalpel
Whether youโre analyzing malware, securing networks, or investigating incidents, this toolkit is a game-changer for professionals and learners alike.
Ref: NADJIB BOUKERROUNI
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ IP Threat Analysis: Exposing Malicious Activities Linked to IP 198.1.82.225
Explore a concise cyber threat intelligence report on IP address 198.1.82.225, flagged for spam, hacking attempts, and Trojan-Dropper malware activities. This report highlights key findings, behavioral insights, and actionable strategies to fortify cybersecurity defenses.
๐จ Key Threats Identified
IP: 198.1.82.225
Categories: Email Spam, Brute-Force Attacks, Malware Deployment
๐ Detection Tools Used: VirusTotal, Criminal IP
๐ก Actionable Recommendations: Block the IP, enhance monitoring systems, and conduct regular security audits.
Ref: Faiz Vazir
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Explore a concise cyber threat intelligence report on IP address 198.1.82.225, flagged for spam, hacking attempts, and Trojan-Dropper malware activities. This report highlights key findings, behavioral insights, and actionable strategies to fortify cybersecurity defenses.
๐จ Key Threats Identified
IP: 198.1.82.225
Categories: Email Spam, Brute-Force Attacks, Malware Deployment
๐ Detection Tools Used: VirusTotal, Criminal IP
๐ก Actionable Recommendations: Block the IP, enhance monitoring systems, and conduct regular security audits.
Ref: Faiz Vazir
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆVideo: latest version of G-700 Android RAT was allegedly added exploitation of the hashtag#EvilVideo Telegram vulnerability (CVE-2024-7014)
The exploit allows sending malicious APK files disguised as video:
EvilVideo: https://lnkd.in/eBVghZuR
G-700 RAT: https://lnkd.in/ebAFBmxw
Ref: Lukas Stefanko
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
The exploit allows sending malicious APK files disguised as video:
EvilVideo: https://lnkd.in/eBVghZuR
G-700 RAT: https://lnkd.in/ebAFBmxw
Ref: Lukas Stefanko
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆMost people donโt know where to find remote jobs.
I found 26 websites to make it easier for you.
Youโre going to want to save this list:
1. JustRemote (justremote.co)
2. FlexJobs (flexjobs.com)
3. Remote Co (remote.co)
4. Job Board Search (jobboardsearch.com)
5. We Work Remotely (weworkremotely.com)
6. Remote OK (remoteok.com)
7. JS Remotely (jsremotely.com)
8. AngelList (angel.co)
9. LinkedIn (linkedin.com)
10. Upwork (upwork.com)
11 Freelancer (freelancer.com)
12. Working Nomads (workingnomads.com)
13. Himalayas (himalayas.app)
14. SimplyHired (simplyhired.com)
15. Jobspresso (jobspresso.co)
16. Freelance Writing (freelancewriting.com)
17. Virtual Vocations (virtualvocations.com)
18. Stack Overflow Jobs (stackoverflow.com/jobs)
19. Indeed (indeed.com)
20. Outsourcely (outsourcely.com)
21. Problogger (problogger.com)
22. Toptal (toptal.com)
23. Skip The Drive (skipthechive.com)
24. NoDesk (nodesk.co)
25. RemoteHabits (remotehabits.com)
26. Remotive (remotive.com)
Ref: Roni Rahman
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
I found 26 websites to make it easier for you.
Youโre going to want to save this list:
1. JustRemote (justremote.co)
2. FlexJobs (flexjobs.com)
3. Remote Co (remote.co)
4. Job Board Search (jobboardsearch.com)
5. We Work Remotely (weworkremotely.com)
6. Remote OK (remoteok.com)
7. JS Remotely (jsremotely.com)
8. AngelList (angel.co)
9. LinkedIn (linkedin.com)
10. Upwork (upwork.com)
11 Freelancer (freelancer.com)
12. Working Nomads (workingnomads.com)
13. Himalayas (himalayas.app)
14. SimplyHired (simplyhired.com)
15. Jobspresso (jobspresso.co)
16. Freelance Writing (freelancewriting.com)
17. Virtual Vocations (virtualvocations.com)
18. Stack Overflow Jobs (stackoverflow.com/jobs)
19. Indeed (indeed.com)
20. Outsourcely (outsourcely.com)
21. Problogger (problogger.com)
22. Toptal (toptal.com)
23. Skip The Drive (skipthechive.com)
24. NoDesk (nodesk.co)
25. RemoteHabits (remotehabits.com)
26. Remotive (remotive.com)
Ref: Roni Rahman
@UndercodeCommunity
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ