Varshil

𝐎𝐟𝐟𝐢𝐜𝐞 𝐨𝐟 𝐭𝐡𝐞 𝐏𝐫𝐢𝐧𝐜𝐢𝐩𝐚𝐥 𝐒𝐜𝐢𝐞𝐧𝐭𝐢𝐟𝐢𝐜 𝐀𝐝𝐯𝐢𝐬𝐞𝐫 𝐭𝐨 𝐭𝐡𝐞 𝐆𝐨𝐯𝐞𝐫𝐧𝐦𝐞𝐧𝐭 𝐨𝐟 𝐈𝐧𝐝𝐢𝐚 𝐡𝐚𝐬 𝐫𝐞𝐥𝐞𝐚𝐬𝐞𝐝 𝐚 𝐖𝐡𝐢𝐭𝐞 𝐏𝐚𝐩𝐞𝐫 𝐨𝐧 𝐃𝐞𝐦𝐨𝐜𝐫𝐚𝐭𝐢𝐬𝐢𝐧𝐠 𝐀𝐜𝐜𝐞𝐬𝐬 𝐭𝐨 𝐀𝐈 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞. With AI becoming central to innovation and economic progress, access to compute, datasets, and model ecosystems must be made broad, affordable, and inclusive. These resources are concentrated in a few global firms and urban centres, limiting equitable participation. For India, democratising access means treating AI infrastructure as a shared national resource, empowering innovators across regions to build local-language tools, adapt assistive technologies, and create solutions aligned with India’s diverse needs. The White Paper highlights key enablers aligned with India’s AI governance vision: 🔹 Expanding access to high-quality, representative datasets 🔹 Providing affordable and reliable computing resources 🔹 Integrating AI with Digital Public Infrastructure (DPI) Read the White Paper here: https://t.co/KZbBuNXAAW

The National Police Agency (NPA) of Japan recent documentation of state-sponsored Threat Actors from China is interesting. A group they believe to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a .wsb configuration file and using it to spin up an instance of the Windows Sandbox. This is interesting because Windows Defender cannot access the Windows Sandbox (image 1). The payload enables folder sharing, network access, clipboard access, microphone access, and video access. tl;dr abusing the sandbox, sandbox as a c2

Discord Database Reportedly Leaked A recent leak allegedly exposes a Discord database, including official Discord account passwords as of December 2024. This raises significant concerns regarding user data security and platform vulnerabilities. https://t.co/iWIkCKGs9H #cybersecurity #databreach #Discord #privacy #security

Blue Team Roadmap🔵🎯 ├── Foundations │ ├── Basic Networking │ │ ├── TCP/IP │ │ ├── DNS │ │ ├── DHCP │ │ ├── Subnetting │ │ └── Network Topologies │ ├── Operating Systems │ │ ├── Windows │ │ │ ├── Active Directory │ │ │ ├── Group Policy │ │ │ └── Windows Event Logs │ │ └── Linux │ │ ├── File Permissions │ │ ├── Syslog │ │ └── Scripting (Bash, Python) │ └── Cybersecurity Fundamentals │ ├── CIA Triad │ ├── Risk Management │ ├── Threat Models │ └── Attack Vectors ├── Threat Intelligence │ ├── OSINT │ │ ├── Tools (Maltego, Recon-ng) │ │ └── Data Sources (Shodan, Censys) │ ├── Threat Hunting │ │ ├── Hypothesis-Driven Hunting │ │ ├── TTPs │ │ └── Use Cases Development │ └── IOCs │ ├── IP Addresses │ ├── Hash Values │ ├── Domains │ └── File Names ├── Security Operations │ ├── Monitoring and Logging │ │ ├── SIEM │ │ │ ├── Tools (Splunk, ELK Stack, QRadar) │ │ │ └── Log Parsing and Correlation │ │ └── Log Analysis │ │ ├── Log Sources (Windows Event Logs, Syslog) │ │ └── Log Aggregation and Storage │ ├── Incident Response │ │ ├── IR Plan Development │ │ ├── Incident Handling Procedures │ │ └── Digital Forensics │ │ ├── Memory Analysis │ │ └── Disk Forensics │ ├── EDR │ │ ├── Tools (CrowdStrike, Carbon Black) │ │ └── Endpoint Visibility and Control │ └── NSM │ ├── Tools (Zeek, Suricata) │ └── Traffic Analysis ├── Vulnerability Management │ ├── Vulnerability Assessment │ │ ├── Scanning Tools (Nessus, OpenVAS) │ │ └── Assessment Methodologies │ ├── Patch Management │ │ ├── Patch Deployment Strategies │ │ └── Patch Testing and Validation │ └── Configuration Management │ ├── Secure Configuration Guides │ └── Configuration Monitoring ├── Identity and Access Management │ ├── Authentication Methods │ │ ├── MFA │ │ └── SSO │ ├── Authorization │ │ ├── RBAC │ │ └── ABAC │ └── Identity Governance │ ├── User Lifecycle Management │ └── Access Reviews and Recertification ├── Secure Architecture │ ├── Network Segmentation │ │ ├── VLANs │ │ └── Microsegmentation │ ├── Zero Trust Architecture │ │ ├── Principles and Implementation │ │ └── Identity-Centric Security │ └── Encryption │ ├── Data at Rest │ │ ├── Disk Encryption │ │ └── Database Encryption │ └── Data in Transit │ ├── TLS/SSL │ └── VPNs ├── Awareness and Training │ ├── Security Awareness Programs │ │ ├── Regular Training Sessions │ │ └── Security Newsletters │ ├── Phishing Simulations │ │ ├── Phishing Campaigns │ │ └── Analysis of Results │ └── User Training │ ├── Role-Based Training │ └── Just-in-Time Training ├── Compliance and Governance │ ├── Regulatory Requirements │ │ ├── GDPR │ │ ├── HIPAA │ │ └── PCI-DSS │ └── Policy Development │ ├── Security Policies │ ├── Incident Response Policies │ └── Data Protection Policies ├── Advanced Defense Techniques │ ├── Deception Technologies │ │ ├── Honeypots │ │ └── Honeytokens follow for more- @harshleenchawl2