İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#exploit 1. CVE-2025-0108: Nginx/Apache Path Confusion to Auth Bypass in PAN-OS https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os 2. CVE-2024-42009: Stored XSS in Roundcube Webmail https://github.com/0xbassiouny1337/CVE-2024-42009 3. CVE-2022-41741, CVE-2022-41742, CVE-2023-44487 Check Script: https://github.com/moften/CVE-2022-4174_CVE-2022-41742

#Red_Team_Tactics 1. SiphonDNS: covert data exfiltration via DNS https://ttp.report/evasion/2025/02/03/siphondns-covert-dns-exfiltration.html 2. Bypassing WAF with Hex Overflow https://infosecwriteups.com/xss-bypassing-waf-with-hex-overflow-bafbf8bc43b0

#Malware_analysis 1. BADBOX Botnet https://censys.com/unpacking-the-badbox-botnet 2. Malicious SVG links https://news.sophos.com/en-us/2025/02/05/svg-phishing 3. AiTM/MFA phishing attacks in combination with "new" Microsoft protections https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt

#Offensive_security 1. form-action Content-Security-Policy Bypass and other tactics for dealing with the CSP https://nzt-48.org/form-action-content-security-policy-bypass-and-other-tactics-for-dealing-with-the-csp 2. Root Detection & SSL Bypass Script https://github.com/0xCD4/SSL-bypass 3. Bypass Cloudflare's /h/b/jsd challenge using 100% python https://github.com/xkiian/cloudflare-jsd

CVE-2025-22604 (CVSS 9.1) Remote Code Execution Flaw in Cacti * POC

BlitzSSH - SSH Cracking Tool * Казалось бы брутфорсер, но формат подачи данных интересный. Ну и в телегу стучит по случаю. Link #ssh #bruteforce

CVE-2024-36972 * Два в одном ! Linux LPE and Container Escape * vulnerability affects Linux kernel versions: v6.8 to v6.9 v5.15.147 v6.1.78 v6.6.17 POC exploit #Linux #lpe #container #escape

#tools #Blue_Team_Techniques 1. CortexCanary - Tooling related to discovery of Cortex XDR canary files to avoid https://github.com/t3hbb/CortexCanary 2. YaraMonitor - tool to continuously ingest, analyze, and alert on malware samples given a set of yara rules https://github.com/montysecurity/YaraMonitor

CVE-2025-21298 * Outlook RCE Vulnerability * POC

#Red_Team_Tactics Process Hollowing on Windows 11 24H2 https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2 ]-> Process Herpaderping ]-> Process Doppelganging ]-> Process Ghosting ]-> Herpaderply Hollowing ]-> Transacted Hollowing ]-> Process Overwriting

AdaptixC2 An extensible post-exploitation and adversarial emulation framework made for penetration testers. The Adaptix server is written in Golang and the GUI Client is written in C++ QT, allowing it to be used on Linux, Windows, and MacOS operating systems. Features:

• Server/Client Architecture for Multiplayer Support • Cross-platform GUI client • Fully encrypted communications • Listener and Agents as Plugin (Extender) • Client extensibility for adding new tools • Task and Jobs storage • Files and Process browsers

Documentation: https://adaptix-framework.gitbook.io/adaptix-framework

#exploit 1. CVE-2020-10136, CVE-2024-7595: Scanner and attack suite for hosts that forward unauthenticated packets via IPIP/GRE protocols https://github.com/GustavoHGP/ipeeyoupeewepee 2. CVE-2024-55591: FortiOS/FortiProxy Authentication bypass in Node.js websocket module https://github.com/robomusk52/exp-cmd-add-admin-vpn-CVE-2024-55591 3. CVE-2025-0411: 7-Zip MotW Bypass https://github.com/CastroJared/7-Zip-CVE-2025-0411-POC

Siber Olaylara Müdahale Eğitimi (Windows Forensics) https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?referralCode=EB8B7301F4031695AAFE

CVE-2024-49138 * vulnerability in CLFS.sys * POC exploit #win

#AppSec #Mobile_Security 1. Introduction to Fuzzing Android Native Components 2. Strategies for Harness Creation

DEDSEC_BOTNET * Linux-based botnet builder designed for creating advanced botnet payloads. * LInk