Ts. Muhammad Haris Jafri

The week starts with the new Certified Ethical Hacking (CEHv12) weekend morning training batch!! #cybersecuritytraining #security #ceh

17

The week starts with the new Certified Ethical Hacking (CEHv12) weekend morning training batch!! #cybersecuritytraining #security #ceh

24

Here is my work on Wazuh, Inc. Lab 04 - FIM - File Integrity Monitoring (Windows & Linux) We have CIA traid, Confidentiality, Integrity and Availability, these three main elements of information security to ensure the security. Wazuh is providing Integrity Monitoring option to detect if any unauthorized changes in files. Read the document 📄 and learn how you can configure FIM in Wazuh. #wazuh #FIM #file #integrity #monitoring #CIA #informationsecurity #security #blueteam #soc #socanalyst #windows #linux #ubuntu #opensource #siem #cyber #cybersecurity

721

25 Komen

The Incident Handling Process module from HackTheBox offered a valuable primer on cybersecurity incident management. It delved into key stages such as preparation, where essential policies and tools were introduced. The module also touched upon detection & analysis, as well as steps for containment & eradication of threats. Highly informative for those seeking to bolster their understanding of incident response strategies. #cybersecurity #soc #ir #htb

30

2 Komen

🔍 Task 5 Complete: Network Scanning with Nmap 🔍 Just finished Task 5 of my #TechnoHacks internship! 🚀 In this task, I used Nmap to scan a network for open ports and vulnerable services on the target site https://lnkd.in/gyJtecJ9. Nmap is an essential tool for identifying potential weaknesses in networks, and this exercise helped me deepen my understanding of how to assess a system's exposure to attacks. Excited to keep learning and applying these skills! Stay tuned for the next task update. 📊 #NetworkScanning #Nmap #CyberSecurity #TechnoHacks #LearningInAction Sandip Gavit TechnoHacks EduTech Official

5

1 Komen

This is my second write up about Incident Response with Wazuh. I would like to thank MAHMUDUZZAMAN KAMOL and Saikha Assafa for being through out the implementation procedure and testing scenarios. Here is the link: https://lnkd.in/dv72gv5f

11

1 Komen

Another easy way to access security events in Wazuh SIEM. It is fast and very efficient, you can apply search filters to extract the exact event of interest. Try this! Josiah Umezurike Each1Teach1.Us

58

1 Komen

~~ 10th July 2024 ~~ "Just wrapped up the "Introduction to Python" module from TCM Security's Practical Ethical Hacking course! Excited to use Python for scripting and automation in my ethical hacking journey. Looking forward to what's next! 💻🔒" #TCMSecurity #Python #EthicalHacking

4

Alhamdulillah, Discovered TCM Security early this year and somehow managed to pass 2 of their junior certificates. From my point of view, as a beginner, the course provided (Practical Bug Bounty) simplifies the complexity of web penetration methodology. Thus, making it easier to understand. The exam was pretty straightforward but please, don't skip the study part. How easy it was? Can't say, sign an NDA.

5

2 Komen

I just received CVE-2024-38363 for Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte (https://airbyte.com). It got a CVSS 3.1 score of 8.6. My first CVE with Mantel Group, more to come. https://lnkd.in/gpzjjbP8 https://lnkd.in/gtpDAmAS

28

1 Komen

Day 16 / 31 SSL / TSL Delayed post🙈 it's better late than never right? Anyway, let's dive right in What is SSL? Secure Socket Layer (SSL) is a standard technology for securing internet connections by encrypting data sent between a website and a browser (or between two servers). It protects information from being intercepted or stolen by hackers, including personal and financial data. What is TLS? TLS (Transport Layer Security) is the successor to SSL (Secure Socket Layer) and it was developed as an improved version of SSL to address security vulnerabilities and enhance the protocol's performance and reliability. It is a cryptographic protocol that provides secure communications over a computer network. It is widely used in applications like email, instant messaging, and voice over IP, but is most commonly associated with securing HTTPS. TLS aims to ensure privacy, integrity, and authenticity using cryptographic methods, such as certificates, between communicating computer applications. SSL/TLS establishes an encrypted connection between a server and a client using certificates, ensuring that sensitive information like credit card details can be securely transmitted over the internet. These certificates include a public key that verifies the website's identity and enables encrypted data transfer through asymmetric (public-key) cryptography. The corresponding private key is kept secret on the server. Umanhonlen Gabriel, Tecon Media #cybersecurity #informationsecurity #ssl #tsl #datasecurity #womeintech #may

8

View my verified achievement from Fortinet: FCF Fundamentals In Cyber Security

1

🔒🛡️ Essential Guide for Cybersecurity Specialists! Excited to share this comprehensive Cheat Sheet for Designing Secure Systems that I found from ByteByteGo! It encapsulates core principles that every IT and cybersecurity professional should engrave into their daily practice. From Authentication to Disaster Recovery, this infographic illustrates 12 critical areas in cybersecurity: Authentication: Protect user logins and implement Multi-Factor Authentication (MFA). Authorization: Ensure proper user roles and adopt the least-privilege principle. Encryption: Focus on sensitive data protection and employ TLS for secure communications. Vulnerability: Perform regular vulnerability assessments and continuous monitoring. Audit & Compliance: Conduct regular audits and comply with GDPR, HIPAA. Network Security: Use firewalls, segregate networks, and deploy intrusion detection systems. Terminal Security: Secure employee laptops and manage device hard drives. Emergency Responses: Have a plan for DDoS attacks and breach responses. Container Security: Use trusted base images and scan containers. API Security: Protect public APIs and manage rate limiting. 3rd-Party Management: Assess vendor risks and monitor data sharing. Disaster Recovery: Plan for data backup and system redundancy. Each section offers both scenarios to protect against and design points to implement, providing a quick yet detailed reference for setting up or auditing a secure system. As the digital landscape grows, it's more important than ever to stay ahead of threats. Let's discuss how we can integrate these practices into our workflows to fortify our defenses. 💼💻🔐 #Cybersecurity #InfoSec #DataProtection #ITSecurity #DisasterRecovery #SecureDesign 📈 Feel free to share your thoughts and experiences on these security measures in the comments below! 👇

6

GIAC Cloud Threat Detection (GCTD) exam done. Good and useful course material. Enjoyed it a lot tbh. View my verified achievement from GIAC Certifications.

18

1 Komen

Alhamdulillah... yey, 2 Accounts I got a $150 bounty and a $300 bonus for quality reports on Ubiquiti Because I found an End point that is vulnerable to IDOR and not limited by Rate Limit, I was able to Brute Force the vulnerable End point and leak some customer emails Tips: * Always try to look for endpoints that respond with a lot of sensitive data and try to find a way to bypass cookies / authorization / ID (normal ID) * Sometimes you can bypass the JWT by looking and understanding the flow of the JWT being generated, always try to look for JS files that reveal how the company ID is generated, * Basically you also have to balance CIDR, Recon, Manual testing #bugbounty #ethicalhacking #infosec #informationsecurity #hackforgood #cybersec #cybersecurity

118

5 Komen

🔒 Are you a Security Operation Center Analyst looking to level up your career? Check out this cheat sheet to streamline your workflow and enhance your incident response skills! 🚀 From threat detection techniques to incident triage best practices, this cheat sheet covers it all. Stay ahead of the curve with these essential tips and tricks! 🛡️ Don't miss out on this invaluable resource that can help you navigate the complexities of today's threat landscape with confidence. Elevate your SOC game and download the cheat sheet now! #SOCAnalyst #CyberSecurity #ThreadIntelligence #CyberTrends #IncidentResponse #SecurityTools #EscalationProcess #CyberDefense #CyberIncident #RiskMitigation #AlertPrioritization #IncidentManagement #InfoSec #SecurityOperations #SecurityProfessionals 💼

692

10 Komen

~~ 12th July 2024 ~~ "Completed the "Scanning and Enumeration" module at TCM Security! Learned essential techniques like nmap scanning, HTTPs/HTTPS, SMB and SSH enumeration, and vulnerability research. Ready to detect and mitigate potential security risks effectively! 💻🌐" #TCMSecurity #CyberSecurity #EthicalHacking 

3