İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#tools #AIOps #MLSecOps #Offensive_security 0din AI Scanner (v.1.7.0) https://github.com/0din-ai/ai-scanner // AI model safety scanner built on NVIDIA garak

#Kernel_Security #Malware_analysis DragonBreath: Dragon in the Kernel https://ransom-isac.org/blog/dragonbreath-dragon-in-the-kernel // A 0-day BYOVD vulnerability in dragoncore_k.sys signed by Zhengzhou 403 Network Technology, with shell company analysis, Dragon Breath APT-Q-27 attribution, and an APT31 / Wuhan Xiaoruizhi personnel nexus

#DFIR #OpSec #Offensive_security #Blue_Team_Techniques Dissecting Impacket: A public reference of protocol-level and implementation-level IoCs for detecting Impacket-driven activity https://github.com/ThatTotallyRealMyth/Impacket-IoCs

#Offensive_security Bypassing Windows (11 24H2/Server 2025) authentication reflection mitigations for SYSTEM shells Part 1 (CVE-2025-33073) Part 2 (CVE-2026-26128) // Authentication relay (or reflection) attacks will persist as long as integrity mechanisms are not enforced by default on Windows services

PHP 8.5.5 — var_destroy __destruct reentrancy UAF. * Sister bug to Calif MAD Bugs finding; survives their proposed patch. ASAN-confirmed PoCs + leak primitive.

#tools #Offensive_security Kerberos with Titanis https://trustedsec.com/blog/kerberos-with-titanis // Titanis - Windows protocol library, including SMB and RPC implementations, among others

#Threat_Research #Malware_analysis 1⃣ Bad Apples: Weaponizing native macOS primitives for movement and execution https://blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution 2⃣ WAV Malware https://isc.sans.edu/diary/A+WAV+With+A+Payload/32910 3⃣ Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting https://thedfirreport.com/2026/04/22/bissa-scanner-exposed-ai-assisted-mass-exploitation-and-credential-harvesting

#tools #DFIR #Malware_analysis 1⃣ Official IOCX Project // An extensible IOC extraction engine for PE binaries and text, built for SOC automation and modern threat‑analysis pipelines 2⃣ Crow Eye - Windows Forensics Engine // Comprehensive Windows forensics tool 3⃣ Microsoft Sentinel SIEM Log Source Analyzer // PowerShell module that connects to your MS Sentinel workspace (and Defender XDR), pulls every log table you’re ingesting

#Malware_analysis 1⃣ VIPERTUNNEL Python Backdoor https://labs.infoguard.ch/posts/slithering_through_the_noise 2⃣ We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger https://intel.breakglass.tech/post/kimsuky-chm-nidlog-c2-dump-full-payload-recovery 3⃣ Inside an AI‑enabled device code phishing campaign https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026

Windows Defender 0-Day Exploit * Allowing Attackers to Gain Full Access Full PoC

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Mar.28-Apr.4, 2026) 1⃣  Supply Chain Attack on Axios Pulls Malicious Dependency from npm // This is an active and developing incident... 2⃣  Remotely exploitable vulnerabilities in FreeBSD kernel, Vim, and Emacs // CVE-2026-4747, CVE-2026-34714, CVE-2026-33150, CVE-2026-34743 3⃣  Operation NoVoice: Rootkit Tells No Tales // The attack begins with apps that were previously available on Google Play that appear to be simple tools such as cleaners, games, or gallery utilities 4⃣ Nmap 7.99 Release // Changelog 5⃣  ghostsurf: From NTLM Relay to Browser Session Hijacking // NTLM HTTP relay tool with SOCKS proxy for browser session hijacking 6⃣  OpenSSH 10.3 Release // Changes 7⃣  Progress ShareFile Pre-Auth RCE Chain // CVE-2026-2699, CVE-2026-2701 ]-> Analytical review (Mar.21-28, 2026)

#tools #Offensive_security 1⃣ dexfinder - Cross-platform APK/DEX method & field reference finder with call chain tracing, ProGuard/R8 deobfuscation, and Android hidden API detection 2⃣ LogonTracer - tool to investigate malicious logon by visualizing and analyzing Windows AD event logs 3⃣ efiguard-detect - tool to detect EfiGuard 4⃣ ReDyne - iOS Decompiler/Reverse Engineering Suite 5⃣ Disconnected RSAT - launcher for running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Unauthenticated MCP Endpoint Allows Remote Nginx Takeover * Detail and PoC