İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
前往频道在 Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
显示更多1 085
订阅者
-124 小时
+17 天
+1230 天
帖子存档
SANS_Linux_Incident_Response_1766732202.pdf1.98 MB
#exploit
#Kernel_Security
"Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations", HexaCon 2025.
]-> Linux HFSC Eltree UAF - Debian 12 PoC
// CVE-2025-38001 Analysis + RbTree Attack Against LTS/COS + Mitigations Exploit
See also:
]-> EntryBleed: A Universal KASLR Bypass against KPTI on Linux (2023)
Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.
Windows Adli Bilişim Eğitimi
https://siberkulupler.com/events/77c92680-9f58-4def-a853-b21e37c6c5cf/
Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.
Bellek Tabanlı Saldırıların Adli Analizi
https://siberkulupler.com/events/d4599b53-2170-4e56-97e9-1ec15ab0f0c8/
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (December 13-20, 2025)
1⃣ Critical OneView Vulnerablity
// HPs OneView Software allows for unauthenticated code execution
2⃣ Wireshark 4.4.12 Released
// Release notes + download page
3⃣ FortiCloud SSO Login Vuln Exploited
// FortiGate CVE-2025-59718, CVE-2025-59719
4⃣ AI-Powered Reverse Engineering with Ghidra
// OGhidra bridges LLMs via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language
5⃣ When Ads Become Profiles: Uncovering the Invisible Risk of Web Advertising at Scale with LLMs
// An interesting study (and practical implementation) of the problem of passive digital footprint in advertising flows
6⃣ PCIe IDE TLP Reordering Vulnerabilities
// CVE-2025-9612, CVE-2025-9613, CVE-2025-9614
7⃣ ClamAV Signature Retirement
]-> Analytical review (Dec.06-13, 2025)
#tools
#Malware_analysis
"From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis",
Dec. 2025 (NDSS 2026).
]-> Artifacts
]-> JSimplifier - deobfuscation and simplification tool using LLMs/AST transformations
// Existing tools struggle with diverse input formats, address only specific obfuscation types, and produce cryptic output that impedes human analysis. To address these challenges, we present JSIMPLIFIER, a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing, abstract syntax tree-based static analysis, dynamic execution tracing, and LLM-enhanced identifier renaming
WhatsApp activity tracker
https://github.com/Xh4H/WhatsApp-device-activity-tracker:
1. This project implements the research from the paper "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers" by Gabriel K. Gegenhuber, Maximilian Günther, Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, and Johanna Ullrich (University of Vienna & SBA Research).
2. Example Output: The tracker sends probe messages and measures the Round-Trip Time (RTT) to detect device activity.
3. However, WhatsApp does not disclose what “high volume” means, so this does not fully prevent an attacker from sending a significant number of probe reactions before rate-limiting kicks in.
@secharvester
#exploit
1⃣ Windows Session Hijacking via COM
// This technique serves as an alternative to remote process injection or LSASS dumping for activities like keylogging, screenshots, or LDAP access
2⃣ CVE-2024-27822:
macOS PackageKit Privilege Escalation
// Currently, there is no patch...
3⃣ CVE-2025-67511:
Tricking a Security AI Agent Into Pwning Itself
// Command injection vulnerability in cai-framework <=0.5.9. A patched release on PyPI is not yet available...
4⃣ CVE-2025-53772:
Microsoft Web Deploy RCE
// RCE in Microsoft Web Deploy (msdeploy) caused by unsafe deserialization of HTTP header data
Aralık ayına özel olarak, Siber Olaylara Müdahale Eğitimi’ni avantajlı indirim fırsatıyla satın alabilirsiniz. 🔥
https://lnkd.in/d_uT9kkM
#Malware_analysis
1⃣ Ghostframe Phishing Kit
https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit
2⃣ EtherRAT Ethereum implant in React2Shell attacks
https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks
3⃣ BYOVD loader behind DeadLock ransomware attack
https://blog.talosintelligence.com/byovd-loader-deadlock-ransomware
4⃣ BRICKSTORM/WARP PANDA Malware
https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats
CVE-2025-66478 Next.js-RSC-RCE
*
Добавили
Runtime Memory Shell#Whitepaper
#Offensive_security
"API Security Testing (Penetration Testing) Guide", 03.03.2025.
// This comprehensive guide explores the methodologies, techniques, and best practices for conducting thorough API security testing, also known as API penetration testing
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (November 29 - December 06, 2025)
1⃣ Critical Vulnerabilities in React Server Components and Next.js
// ~39% of cloud environments are vulnerable to React2Shell attacks. Exploitation is likely imminent...
2⃣ K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation
// Multiple patches were released to fix the issue, including caller validation and process protection, but bypass techniques involving DLL manual mapping and binary renaming remain effective...
3⃣ IBM Released a Framework for Breaking AI on Purpose - AI Robustness Evaluation System (ARES)
// It enables developers and security researchers to define targets, craft adversarial payloads, and assess AI behavior under various threat models. ARES models an attacker probing an AI endpoint - such as a hosted model, an agentic AI application, or REST API - by automating attack scenarios
4⃣ 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign
// A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension
5⃣ A High-Severity WebAssembly Boundary Condition Vulnerability in Firefox (CVE-2025-13016)
// For six months, a subtle pointer arithmetic error in Firefox's WebAssembly implementation silently wrote past stack buffers in hundreds of millions of browsers worldwide..
6⃣ Kaspersky Security Bulletin 2025 Released
// The statistics in this report cover the period from November 2024 through October 2025
]-> Awesome Annual Security Reports
7⃣ Nuclei Release v3.6.0
// new features, improvements and fixes
]-> Analytical review (Nov. 22-29, 2025)
