#TATA #ELECTRONICS hacked by #WorldLeaks #Ransomware - 630GB Security #EventLog from 2016 to 2022, DCC Log, Hard Disk Password Setting, MetaData, Employee Records, Internal IPs, Network Backups etc #security #infosec #hack #OSINT #darkweb #databreach @TimesInternet @htTweets

🔵 Windows Cybersecurity Commands: Event Logs & Monitoring 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Event logs are the best source of truth during investigations ⚠️ ⚡ Essential Commands 📜 Get-EventLog -LogName Security -Newest 20 → Recent security events 🖥 Get-EventLog -LogName System -Newest 20 → System log review 🔎 Get-WinEvent -LogName Security → Modern event querying 🚨 Get-WinEvent -FilterHashtable @{LogName='Security'; ID=4625} → Failed logons 📡 wevtutil qe Security /c:20 /f:text → Read security logs via CMD ⚠️ Get-WinEvent -FilterXPath "*[System[Level=1 or Level=2]]" → Critical & error events 📂 Get-WinEvent -ListLog * → List available event logs 💡 Monitoring Security, System & PowerShell logs helps detect brute force attacks, privilege escalation & malicious activity early ⚠️ Attackers often clear or tamper with logs — centralized logging & SIEM monitoring are critical #windows #cybersecurity #blueteam #siem #threathunting #powershell #infosec

🪤 What initially looked like a new #NanoCore RAT variant turned out to be something unusual: a NanoCore-branded RAT with experimental #ransomware features — distributed under different names, but sharing the same broken crypto and even the same Satoshi wallet as the “ransom” address. @Threatray’s code similarity engine helped connect the dots. The “ransomware” component appears non-functional. The BTC wallet 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa is Satoshi’s genesis address. The hardcoded AES IV NanoCoreIV67890 is 15 bytes (AES requires 16), so the encryption routine fails under standard execution. The contact email nanocore@onion.com also doesn’t resolve. Code similarity revealed a cluster of .NET samples from the same author under namespaces like ExtremeMalware, ExtremeRansomwareBotnet, and HighlyDetectableMalware — all reusing the same flawed crypto and ransom note. Indicators include an EventLog source named RansomwareSimulation, .encrypted files containing the literal string "FAKE", and beacons to AV test domains like wicar.org and zeltser.com. This points to a single development effort with reused components across multiple samples. 🧬 Find the #IOCs here: github.com/threatray/threat-…

「GHC eventlog をマルチスレッドのデバッグに活用する」 khibino.hatenadiary.jp/entry… GHC eventlog は threadscope の見るためだけのものではない、という話 #Haskell #プログラミング

Tracking Secure Boot certificate deployment across your fleet? Here is the TPM-WMI event ID cheat sheet you need. Four stages. Each stage has specific events that tell you exactly where the device is in the process. From certificates hitting the DB to SVN enforcement in firmware. Print it. Pin it. Share it with your team. Full breakdown at the workshop on April 8th. Register here: docs.kaidojarvemets.com/trai… #SecureBoot #UEFI #Windows #CyberSecurity #Intune #SCCM #Firmware #EventLog

EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969) dlvr.it/TRdh5p #cyber #threathunting #infosec

You don't need to spin up a VM with these machines. You just needed to connect with SSMS via TCP and via one line T-SQL commands you can do anything. EventLog, TSQL Log, DNS log, TCPIP log from router, it's all very easy to determine what happened. The data from Sydney Powell shows this.

EventLogin — CVE-2025-29969 A flaw in the MS-EVEN protocol. Low-privileged users can write arbitrary files to a remote machine, effectively bypassing the need for an administrator account for remote file writes 🔗 Source: github.com/SafeBreach-Labs/E… 🔗 Research: safebreach.com/blog/safebrea… #ad #windows #eventlog #rpc