İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Jan.03-10, 2026) 1⃣  Cisco DNS Bug Reboot // The issue appears to be related to a change Cloudflare made in the order of CNAME records. Only users using 1 1 1 1 as a recursive resolver appear to be affected 2⃣  n8n vulnerabilities // In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for 3⃣  D-Link DSL Command Injection // A new vulnerability in very old D-Link DSL modems is currently being exploited 4⃣  ESXi Exploitation in the Wild // In Dec. 2025, sophisticated attackers exploited VMware ESXi vulns via a multi-stage, stealthy attack leveraging 0-days and custom backdoors, leading to full hypervisor control, emphasizing urgent patching and detection see 5⃣  EDR Startup Process Blocker // The article details a method using Windows Bindlink API and "bindflt.sys" to hijack DLL loading via EDRStartupHinder, preventing EDR/antivirus startup by redirecting DLLs and exploiting PPL protections, with recommendations for detection and defense 6⃣  GnuPG Vulnerabilities // Several vulnerabilities in GnuPG were disclosed during a recent talk at the CCC congress 7⃣ YARA-X v1.11.0 ]-> Analytical review (Dec.27-Jan.03, 2026)

RDP в перчатках * Using RDP without leaving traces: the MSTSC public mode

#tools #exploit #Red_Team_Tactics 1⃣ BOF Cocktails // Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements 2⃣ Exploiting a private API for VoiceOver // CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements 3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients // While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths

#tools #exploit #Red_Team_Tactics 1⃣ BOF Cocktails // Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements 2⃣ Exploiting a private API for VoiceOver // CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements 3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients // While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths

#DFIR #Blue_Team_Techniques From Code to Coverage: Part 1 - The OID Transformation That Hinders LDAP Detection // ..we learned to think like an attacker—understanding how Impacket tools construct their LDAP queries Part 2 - The Whitespace Nightmare: Writing Sigma Rules That Actually Match // ..we learned to think like a log parser having an existential crisis - handling every possible variation those queries might take after going through the transformation gauntlet

CVE-2025-6023 * Grafana Bypass: A Technical Deep Dive

Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.

Windows Adli Bilişim Eğitimi https://siberkulupler.com/events/77c92680-9f58-4def-a853-b21e37c6c5cf/

Bellek Tabanlı Saldırıların Adli Analizi https://siberkulupler.com/events/d4599b53-2170-4e56-97e9-1ec15ab0f0c8/

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (December 13-20, 2025) 1⃣  Critical OneView Vulnerablity // HPs OneView Software allows for unauthenticated code execution 2⃣ Wireshark 4.4.12 Released // Release notes + download page 3⃣ FortiCloud SSO Login Vuln Exploited // FortiGate CVE-2025-59718, CVE-2025-59719 4⃣ AI-Powered Reverse Engineering with Ghidra // OGhidra bridges LLMs via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language 5⃣ When Ads Become Profiles: Uncovering the Invisible Risk of Web Advertising at Scale with LLMs // An interesting study (and practical implementation) of the problem of passive digital footprint in advertising flows 6⃣ PCIe IDE TLP Reordering Vulnerabilities // CVE-2025-9612, CVE-2025-9613, CVE-2025-9614 7⃣ ClamAV Signature Retirement ]-> Analytical review (Dec.06-13, 2025)

WhatsApp activity tracker https://github.com/Xh4H/WhatsApp-device-activity-tracker: 1. This project implements the research from the paper "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers" by Gabriel K. Gegenhuber, Maximilian Günther, Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, and Johanna Ullrich (University of Vienna & SBA Research). 2. Example Output: The tracker sends probe messages and measures the Round-Trip Time (RTT) to detect device activity. 3. However, WhatsApp does not disclose what “high volume” means, so this does not fully prevent an attacker from sending a significant number of probe reactions before rate-limiting kicks in. @secharvester