🦑 Just Released: A comprehensive Active Directory threat hunting tool that makes detecting suspicious activities easier than ever!

✨ Key Features:
• Real-time attack detection
• Advanced timing analysis
• Pattern recognition
• Multi-format reporting (CSV/JSON/HTML)
• Built-in attack simulation

🔍 Detects:
• Password spray attacks
• Brute force attempts
• Account lockouts
• Off-hours activity
• Geographically impossible logins
• Service account misuse
• Admin account abuse

⚡️ Smart Analysis:
• Time-based attack correlation
• Activity pattern matching
• User behavior analysis
• Configurable business hours
• Customizable thresholds

🧪 Includes Test Framework:
• Simulate various attack scenarios
• Validate detection capabilities
• Test environment readiness
• Verify audit policies

🚀 Get started: https://lnkd.in/gbuaaswB

Michael H.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Free AD-ThreatHunting

🦑𝑾𝒊𝒏𝒅𝒐𝒘𝒔 𝑳𝒐𝒈𝒈𝒊𝒏𝒈 𝑪𝒉𝒆𝒂𝒕 𝑺𝒉𝒆𝒆𝒕 🛡

Effective logging is the cornerstone of a robust security posture. This "Windows Logging Cheat Sheet" is designed to guide you in setting up essential Windows 𝐀𝐮𝐝𝐢𝐭 𝐏𝐨𝐥𝐢𝐜𝐢𝐞𝐬 and 𝐋𝐨𝐠𝐠𝐢𝐧𝐠 to kickstart your Log Management Program.

🦑Critical Security Bug in Meta Ecosystem – Zero-Click Account Takeover 🔒

As cybersecurity researchers, my buddy Musawer Khan and I uncovered a Zero-Click Account Takeover (ATO) vulnerability in Meta's ecosystem. This vulnerability involved chaining two endpoints—one being a password reset URL that was indexed on platforms like URLScan and Wayback Machine. These URLs should ideally expire after a reasonable timeframe, yet they remained active and exploitable.

Impact:
1. Without requiring any user interaction (zero-click), we were able to gain unauthorized access to multiple accounts by chaining an endpoint and a password reset link.
2. This demonstrates a serious flaw in how reset links are managed, as they should expire promptly to mitigate potential misuse.

Despite providing a detailed proof-of-concept (PoC) showcasing the exploit, Meta Meta Facebook security team declined to classify this as a vulnerability under their bug bounty program, stating that the URLs were publicly exposed before indexing. However, the persistence of these sensitive URLs and the ability to exploit them points to a systemic issue.

Our Responsibility:
As responsible researchers, Musawer Khan and I ensured that all live URLs were expired from our side before disclosing the findings publicly. Our goal is to raise awareness about the importance of securing password reset mechanisms and ensuring that sensitive URLs are time-bound and properly invalidated.

Key Takeaways:
Password reset URLs should automatically expire after a short duration or after first use.


Mohaseen Katika
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Security Bug in Meta Ecosystem – Zero-Click Account Takeover

🦑 Evade Kaspersky Total Security and Trend Micro Maximum Security and Windows Defender, tested on Windows 10 & 11. Using the following techniques.

💡Load custom DLL (API.dll) to obfuscate API calls.

💡AES encryption to obfuscate shellcode

💡Decrypt shellcode in memory to prevent static detection

💡Allocate & execute shellcode with VirtualProtect to bypass memory protection

🦑4 FREE projects provided by the NSA.
Courses include lab files, links, and step-by-step guides.

1. NSA NCCP Course: Network Penetration Testing
-https://lnkd.in/gGcea5KN
-Modules Include: Introduction to Penetration Testing, Reconnaissance, Scanning, Exploitation, Password Attacks, Wireless Security

2.NSA NCCP Course: Digital Forensics
-https://lnkd.in/gM7YDxyH
-Modules Include: Introduction to Digital Forensics, First Response and Investigation, Digital Forensics Investigation Steps, Introduction to File System, Memory/Live Forensics, Tools for Filesystem Investigation

3.NSA NCCP Course: Computer Security
-https://lnkd.in/g6EDzaYE
-Modules Include: Intro to Computer Security, User Authentication, Cryptographic Tools, Malware, DOS Attacks, Buffer Overflow, Intrusion Detection, Access Controls

4. NSA NCCP Course: Machine Learning for Cybersecurity
-https://lnkd.in/gc95XzUX
-Modules Include: Creating a Safe Lab Environment, File Formats, The Windows API, Automated Sandboxes, Monitoring Tools, Malware Delivery Mechanisms, Basic Analysis Techniques, Detecting Packers and Code Obfuscation.

Ref: Mohamed Hamdi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑100 web vulnerabilities list

🦑Find Hidden Endpoint with JS Bookmark

Ref: Sin4Yeganeh

🦑 100 Free Security Tools for Ethical Hackers and Forensic Investigators 🔍
Are you passionate about ethical hacking, digital forensics, or cybersecurity?
I’m excited to share a free PDF resource containing 100 security tools designed for:
✅ Ethical hackers
✅ Forensic investigators
✅ Cybersecurity enthusiasts


» This comprehensive guide includes tools for:
Digital Forensics: Autopsy, Sleuth Kit, Magnet AXIOM
Network Analysis: Wireshark, NetworkMiner, Tcpdump
Memory Forensics: Volatility, Rekall, Memoryze
OSINT and Recon: Shodan, Maltego, OSINT Framework
Data Recovery: TestDisk, PhotoRec, Scalpel
Whether you’re analyzing malware, securing networks, or investigating incidents, this toolkit is a game-changer for professionals and learners alike.

Ref: NADJIB BOUKERROUNI
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 IP Threat Analysis: Exposing Malicious Activities Linked to IP 198.1.82.225

Explore a concise cyber threat intelligence report on IP address 198.1.82.225, flagged for spam, hacking attempts, and Trojan-Dropper malware activities. This report highlights key findings, behavioral insights, and actionable strategies to fortify cybersecurity defenses.

🚨 Key Threats Identified
IP: 198.1.82.225
Categories: Email Spam, Brute-Force Attacks, Malware Deployment
🛠 Detection Tools Used: VirusTotal, Criminal IP
💡 Actionable Recommendations: Block the IP, enhance monitoring systems, and conduct regular security audits.

Ref: Faiz Vazir
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Most people don’t know where to find remote jobs.

I found 26 websites to make it easier for you.

You’re going to want to save this list:

1. JustRemote (justremote.co)

2. FlexJobs (flexjobs.com)

3. Remote Co (remote.co)

4. Job Board Search (jobboardsearch.com)

5. We Work Remotely (weworkremotely.com)

6. Remote OK (remoteok.com)

7. JS Remotely (jsremotely.com)

8. AngelList (angel.co)

9. LinkedIn (linkedin.com)

10. Upwork (upwork.com)

11 Freelancer (freelancer.com)

12. Working Nomads (workingnomads.com)

13. Himalayas (himalayas.app)

14. SimplyHired (simplyhired.com)

15. Jobspresso (jobspresso.co)

16. Freelance Writing (freelancewriting.com)

17. Virtual Vocations (virtualvocations.com)

18. Stack Overflow Jobs (stackoverflow.com/jobs)

19. Indeed (indeed.com)

20. Outsourcely (outsourcely.com)

21. Problogger (problogger.com)

22. Toptal (toptal.com)

23. Skip The Drive (skipthechive.com)

24. NoDesk (nodesk.co)

25. RemoteHabits (remotehabits.com)

26. Remotive (remotive.com)

Ref: Roni Rahman
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google Dorks for Bug Bounty. This cheat sheet provides powerful dorks to uncover:

PHP extensions with parameters

Disclosed XSS and open redirects

Juicy file extensions (.log, .env, .bak, etc.)

Code leaks on platforms like Pastebin, JSFiddle, and Codepen

Cloud storage exposures (S3, Google Drive, OneDrive, etc.)

These dorks can help identify publicly exposed sensitive information during your bug hunting journey.

More: https://taksec.github.io/google-dorks-bug-bounty/

Ref: Amit Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁