π¦Cloud Security Attacks - Repositorys
https://github.com/CyberSecurityUP/GCP-Pentest-Checklist
https://github.com/CyberSecurityUP/Cloud-Security-Attacks
https://github.com/CyberSecurityUP/GCP-Pentest-Checklist
https://github.com/CyberSecurityUP/Cloud-Security-Attacks
GitHub
GitHub - CyberSecurityUP/GCP-Pentest-Checklist
Contribute to CyberSecurityUP/GCP-Pentest-Checklist development by creating an account on GitHub.
This media is not supported in your browser
VIEW IN TELEGRAM
π¦Manipulation of OTP Email Content via User-Injected Parameters in SAP SuccessFactors Career Portal
Ref: Aditay Kumar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Ref: Aditay Kumar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Windows Event IDs For SIEM Monitoring
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Moham Hamadi
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
1.Failed Login Attempts - Event ID: 4625
2.Account Lockouts - Event ID: 4740
3.Successful Login Outside Business Hours - Event ID: 4624
4.New User Creation - Event ID: 4720
5.Privileged Account Usage - Event ID: 4672
6.User Account Changes - Event IDs: 4722, 4723, 4724, 4725, 4726
7.Logon from Unusual Locations - Event ID: 4624 (with geolocation analysis)
8.Password Changes - Event ID: 4723 (change attempt), 4724 (successful reset)
9.Group Membership Changes - Event IDs: 4727, 4731, 4735, 4737
10.Suspicious Logon Patterns - Event ID: 4624 (anomalous logons)
11.Excessive Logon Failures - Event ID: 4625
12.Disabled Account Activity - Event ID: 4725
13.Dormant Account Usage - Event ID: 4624 (rarely used accounts)
14.Service Account Activity - Event IDs: 4624, 4672
15.RDP Access Monitoring - Event ID: 4624 (with RDP-specific filtering)
16.Lateral Movement Detection - Event ID: 4648 (network logons)
17.File and Folder Access - Event ID: 4663
18.Unauthorised File Sharing - Event IDs: 5140, 5145
19.Registry Changes - Event IDs: 4657
20.Application Installation and Removal - Event IDs: 11707, 1033
21.USB Device Usage - Event IDs: 20001, 20003 (from Device Management logs)
22.Windows Firewall Changes - Event IDs: 4946, 4947, 4950, 4951
23.Scheduled Task Creation - Event ID: 4698
24.Process Execution Monitoring - Event ID: 4688
25.System Restart or Shutdown - Event IDs: 6005, 6006, 1074
26.Event Log Clearing - Event ID: 1102
27.Malware Execution or Indicators - Event IDs: 4688, 1116 (from Windows Defender)
28.Active Directory Changes - Event IDs: 5136, 5141
29.Shadow Copy Deletion - Event ID: 524 (with VSSAdmin logs)
30.Network Configuration Changes - Event IDs: 4254, 4255, 10400
31.Execution of Suspicious Scripts - Event ID: 4688 (process creation with script interpreter)
32.Service Installation or Modification - Event ID: 4697
33.Clearing of Audit Logs - Event ID: 1102
34.Software Restriction Policy Violation - Event ID: 865
35.Excessive Account Enumeration - Event IDs: 4625, 4776
36.Attempt to Access Sensitive Files - Event ID: 4663
37.Unusual Process Injection - Event ID: 4688 (with EDR or Sysmon data)
38.Driver Installation - Event IDs: 7045 (Service Control Manager)
39.Modification of Scheduled Tasks - Event ID: 4699
40.Unauthorised GPO Changes - Event ID: 5136
41.Suspicious PowerShell Activity - Event ID: 4104 (from PowerShell logs)
42.Unusual Network Connections - Event ID: 5156 (network filtering platform)
43.Unauthorised Access to Shared Files - Event ID: 5145
44.DNS Query for Malicious Domains - Event ID: 5158 (DNS logs required)
45.LDAP Search Abuse - Event ID: 4662
46.Process Termination Monitoring - Event ID: 4689
47.Failed Attempts to Start a Service - Event ID: 7041
48.Audit Policy Changes - Event IDs: 4719, 1102
49.Time Change Monitoring - Event IDs: 4616, 520
50.BitLocker Encryption Key Changes - Event ID: 5379
Ref: Moham Hamadi
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Exploiting Crew (Pr1vAt3)
π¦ Step-by-step breakdown of the journey of a URL:
1οΈβ£ DNS Resolution:
πΈ Your browser doesnβt understand domain names like mypage.com. It first queries a DNS (Domain Name System) to translate the human-readable domain into an IP address, so it knows where to find the server.
2οΈβ£ Cache Check:
πΈ Before the DNS query, the system checks local caches (browser, operating system, router, etc.) to see if the IP address is already stored for faster access.
3οΈβ£ TCP/IP Handshake:
Once the server IP is found, a TCP (Transmission Control Protocol) connection is established. This involves a three-step handshake:
πΈ SYN: Your browser says, "Can we connect?"
πΈ SYN-ACK: The server responds, "Sure, letβs connect!"
πΈ ACK: Your browser confirms, "Great, letβs proceed!"
4οΈβ£ HTTP Request:
πΈ Your browser sends an HTTP/HTTPS request to the server for the specific resource (e.g., HTML, CSS, JavaScript, images).
5οΈβ£ Server Response:
πΈ The server processes the request and responds with a status code (e.g., 200 OK, 404 Not Found, 500 Server Error) along with the requested data.
6οΈβ£ Rendering the Web Page:
πΈ The browser engine parses the HTML to build a DOM (Document Object Model) tree.
πΈ It parses CSS to create a CSSOM (CSS Object Model) tree.
πΈ JavaScript is executed, the DOM is updated, and the layout is computed.
πΈ Finally, the render tree is painted on the screen, turning raw code into the visual content you see.
β¨ All this happens in seconds or less!
This process is a beautiful blend of networking, systems engineering, and browser technologies, working seamlessly to bring the internet to life.
Ref: Fadi Kazdar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
1οΈβ£ DNS Resolution:
πΈ Your browser doesnβt understand domain names like mypage.com. It first queries a DNS (Domain Name System) to translate the human-readable domain into an IP address, so it knows where to find the server.
2οΈβ£ Cache Check:
πΈ Before the DNS query, the system checks local caches (browser, operating system, router, etc.) to see if the IP address is already stored for faster access.
3οΈβ£ TCP/IP Handshake:
Once the server IP is found, a TCP (Transmission Control Protocol) connection is established. This involves a three-step handshake:
πΈ SYN: Your browser says, "Can we connect?"
πΈ SYN-ACK: The server responds, "Sure, letβs connect!"
πΈ ACK: Your browser confirms, "Great, letβs proceed!"
4οΈβ£ HTTP Request:
πΈ Your browser sends an HTTP/HTTPS request to the server for the specific resource (e.g., HTML, CSS, JavaScript, images).
5οΈβ£ Server Response:
πΈ The server processes the request and responds with a status code (e.g., 200 OK, 404 Not Found, 500 Server Error) along with the requested data.
6οΈβ£ Rendering the Web Page:
πΈ The browser engine parses the HTML to build a DOM (Document Object Model) tree.
πΈ It parses CSS to create a CSSOM (CSS Object Model) tree.
πΈ JavaScript is executed, the DOM is updated, and the layout is computed.
πΈ Finally, the render tree is painted on the screen, turning raw code into the visual content you see.
β¨ All this happens in seconds or less!
This process is a beautiful blend of networking, systems engineering, and browser technologies, working seamlessly to bring the internet to life.
Ref: Fadi Kazdar
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
This media is not supported in your browser
VIEW IN TELEGRAM
Video Proof of Unpatched MongoDB MFA Flaws
Forwarded from Exploiting Crew (Pr1vAt3)
cracking pass.pdf
332.6 KB
π¦HACKING TOOLS FOR CRACKING PASSWORDS
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from Exploiting Crew (Pr1vAt3)
π¦What is Azure Private Link?
Azure Private Link provides secure access to Azure PaaS services and customer-owned or partner-hosted services via a private endpoint within your virtual network. With Azure Private Link, all traffic between your virtual network and the connected service is routed through Microsoft's backbone network, ensuring enhanced security and performance. This eliminates the need to expose your service to the public internet, reducing vulnerabilities and safeguarding your data.
π Key Benefits of Azure Private Link
β Azure Private Link offers several key advantages
π Private Access to Azure Services: Use private endpoints to connect your virtual network to various Azure services. Providers can host services in their network, and consumers can access them from their own network. The Private Link platform ensures secure connectivity over the Azure backbone network.
π Easy Access from On-Premises and Peered Networks: Access Azure services from on-premises environments through ExpressRoute private peering, VPN tunnels, and peered virtual networks using private endpoints. No need for ExpressRoute Microsoft peering or internet traversal, making migration to Azure more secure.
π‘ Data Leakage Protection: Private endpoints map to specific instances of PaaS resources, restricting consumer access to just those resources and preventing access to others in the service. This reduces the risk of data leakage.
π Global Connectivity: Connect privately to services in different regions. Your virtual network in one region can connect to services behind Private Link in another region, providing global reach.
π Extend Private Link to Your Services: Offer your services privately using Azure Private Link. By placing your service behind an Azure Load Balancer, consumers can connect directly to it through private endpoints in their virtual network. Manage connection requests with an approval process, and enjoy compatibility across different Microsoft Entra tenants.
Ref: Anuradha Samaranayake
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Azure Private Link provides secure access to Azure PaaS services and customer-owned or partner-hosted services via a private endpoint within your virtual network. With Azure Private Link, all traffic between your virtual network and the connected service is routed through Microsoft's backbone network, ensuring enhanced security and performance. This eliminates the need to expose your service to the public internet, reducing vulnerabilities and safeguarding your data.
π Key Benefits of Azure Private Link
β Azure Private Link offers several key advantages
π Private Access to Azure Services: Use private endpoints to connect your virtual network to various Azure services. Providers can host services in their network, and consumers can access them from their own network. The Private Link platform ensures secure connectivity over the Azure backbone network.
π Easy Access from On-Premises and Peered Networks: Access Azure services from on-premises environments through ExpressRoute private peering, VPN tunnels, and peered virtual networks using private endpoints. No need for ExpressRoute Microsoft peering or internet traversal, making migration to Azure more secure.
π‘ Data Leakage Protection: Private endpoints map to specific instances of PaaS resources, restricting consumer access to just those resources and preventing access to others in the service. This reduces the risk of data leakage.
π Global Connectivity: Connect privately to services in different regions. Your virtual network in one region can connect to services behind Private Link in another region, providing global reach.
π Extend Private Link to Your Services: Offer your services privately using Azure Private Link. By placing your service behind an Azure Load Balancer, consumers can connect directly to it through private endpoints in their virtual network. Manage connection requests with an approval process, and enjoy compatibility across different Microsoft Entra tenants.
Ref: Anuradha Samaranayake
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Exploiting Crew (Pr1vAt3)
π¦Top 40 AI Tools You Need in 2025! π
π§ Audio
β Murf AI
β Descript
β Voicemaker
β PlayAI .
βοΈ Copywriting
β Copy.ai
β Jasper
β Writesonic
β Anyword
π Logo
β Looka
β Namecheap
β Canva
β DesignEvolve
π Marketing
β HubSpot
β Marketo
β Active Campaign
β Mailchimp
π Productivity
β Notion
β ClickUp
β Asana
β Trello
π Meeting
β Nottaο½AI meeting notes & audio transcription
β Otter.ai
β tl;dv - AI Meeting Assistant (tldv.io)
β Zoom
β Microsoft Teams
π Presentation
β Canva Presentations
β Prezi
β Microsoft PowerPoint
β Google Slides
π¬ Prompts
β Prompt Perfect
β GPT-3 Playground
β AI Dungeon
β CopyAI Prompts
π¨ Design
β Figma
β Adobe XD
β Sketch
β Gravit Designer
π€ Chatbot
β Kraya
β Mobile Monkey
β Landbot
β ManyChat
Ref: Md Riyazuddin
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π§ Audio
β Murf AI
β Descript
β Voicemaker
β PlayAI .
βοΈ Copywriting
β Copy.ai
β Jasper
β Writesonic
β Anyword
π Logo
β Looka
β Namecheap
β Canva
β DesignEvolve
π Marketing
β HubSpot
β Marketo
β Active Campaign
β Mailchimp
π Productivity
β Notion
β ClickUp
β Asana
β Trello
π Meeting
β Nottaο½AI meeting notes & audio transcription
β Otter.ai
β tl;dv - AI Meeting Assistant (tldv.io)
β Zoom
β Microsoft Teams
π Presentation
β Canva Presentations
β Prezi
β Microsoft PowerPoint
β Google Slides
π¬ Prompts
β Prompt Perfect
β GPT-3 Playground
β AI Dungeon
β CopyAI Prompts
π¨ Design
β Figma
β Adobe XD
β Sketch
β Gravit Designer
π€ Chatbot
β Kraya
β Mobile Monkey
β Landbot
β ManyChat
Ref: Md Riyazuddin
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β