İbrahim BALOĞLU - Siber Güvenlik Paylaşımları - Estadísticas y analítica del canal de Telegram @ibrahim

1 073

AV-EDR Killer * завершение процессов с помощью эксплуатации уязвимого драйвера * Link

1 073

#OpSec #Purple_Team_Exercises EDR Silencing https://ipurple.team/2026/01/12/edr-silencing // EDR Silencing is a technique that enables threat actors with elevated privileges on the asset to restrict endpoint detection and response visibility in order to execute less opsec oriented techniques

1 073

#Threat_Research 1⃣ One-click Telegram IP address leak // Telegram client behavior with proxy links may allow attackers to reveal a user’s real IP address with a single click, even when a proxy is configured 2⃣ Gogs 0-Day Exploited in the Wild // An at the time unpachted flaw in Gogs was exploited to compromise git repos 3⃣ n8n supply chain attack // Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM 4⃣ Apache NimBLE Bluetooth vulnerabilities // CVE-2025-52435, CVE-2025-53470, CVE-2025-53477, CVE-2025-62235, CVE-2024-47248, CVE-2024-47249, CVE-2024-47250, CVE-2024-51569, CVE-2024-24746 5⃣ Two CVEs, Zero Ego: A Mailpit Story // CVE-2026-21859 (SSRF), CVE-2026-22689 (CSWSH) 6⃣ TinyOS 2.1.2 printfUART Global BOF via Unbounded Format Expansion // vulnerability exists in the TinyOS printfUART implementation used within the ZigBee/IEEE 802.15.4 networking stack

1 073

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Jan.03-10, 2026) 1⃣ Cisco DNS Bug Reboot // The issue appears to be related to a change Cloudflare made in the order of CNAME records. Only users using 1 1 1 1 as a recursive resolver appear to be affected 2⃣ n8n vulnerabilities // In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for 3⃣ D-Link DSL Command Injection // A new vulnerability in very old D-Link DSL modems is currently being exploited 4⃣ ESXi Exploitation in the Wild // In Dec. 2025, sophisticated attackers exploited VMware ESXi vulns via a multi-stage, stealthy attack leveraging 0-days and custom backdoors, leading to full hypervisor control, emphasizing urgent patching and detection see 5⃣ EDR Startup Process Blocker // The article details a method using Windows Bindlink API and "bindflt.sys" to hijack DLL loading via EDRStartupHinder, preventing EDR/antivirus startup by redirecting DLLs and exploiting PPL protections, with recommendations for detection and defense 6⃣ GnuPG Vulnerabilities // Several vulnerabilities in GnuPG were disclosed during a recent talk at the CCC congress 7⃣ YARA-X v1.11.0 ]-> Analytical review (Dec.27-Jan.03, 2026)

1 073

RDP в перчатках * Using RDP without leaving traces: the MSTSC public mode

1 073

#tools #exploit #Red_Team_Tactics 1⃣ BOF Cocktails // Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements 2⃣ Exploiting a private API for VoiceOver // CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements 3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients // While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths

1 073

Repost from CyberSecurityTechnologies

#tools #exploit #Red_Team_Tactics 1⃣ BOF Cocktails // Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements 2⃣ Exploiting a private API for VoiceOver // CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements 3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients // While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths

1 073

#DFIR #Blue_Team_Techniques From Code to Coverage: Part 1 - The OID Transformation That Hinders LDAP Detection // ..we learned to think like an attacker—understanding how Impacket tools construct their LDAP queries Part 2 - The Whitespace Nightmare: Writing Sigma Rules That Actually Match // ..we learned to think like a log parser having an existential crisis - handling every possible variation those queries might take after going through the transformation gauntlet

1 073

CVE-2025-6023 * Grafana Bypass: A Technical Deep Dive

1 073

#Tech_book #Offensive_security "Bash Shell Scripting for Pentesters: Master the art of command-line exploitation and enhance your penetration testing workflows", 2024. // This book provides a comprehensive guide to mastering Bash scripting specifically for pentesting, covering everything from basic scripting concepts to advanced techniques for evading detection and integrating with modern technologies such as AI

1 073

SANS_Linux_Incident_Response_1766732202.pdf1.98 MB

1 073

#exploit #Kernel_Security "Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations", HexaCon 2025. ]-> Linux HFSC Eltree UAF - Debian 12 PoC // CVE-2025-38001 Analysis + RbTree Attack Against LTS/COS + Mitigations Exploit See also: ]-> EntryBleed: A Universal KASLR Bypass against KPTI on Linux (2023)

1 073

Arsenal-Image-Mounter-v3.12.331.rar174.56 MB

1 073

Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.

1 073

Windows Adli Bilişim Eğitimi https://siberkulupler.com/events/77c92680-9f58-4def-a853-b21e37c6c5cf/

1 073

Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.

1 073

Bellek Tabanlı Saldırıların Adli Analizi https://siberkulupler.com/events/d4599b53-2170-4e56-97e9-1ec15ab0f0c8/

1 073

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (December 13-20, 2025) 1⃣ Critical OneView Vulnerablity // HPs OneView Software allows for unauthenticated code execution 2⃣ Wireshark 4.4.12 Released // Release notes + download page 3⃣ FortiCloud SSO Login Vuln Exploited // FortiGate CVE-2025-59718, CVE-2025-59719 4⃣ AI-Powered Reverse Engineering with Ghidra // OGhidra bridges LLMs via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language 5⃣ When Ads Become Profiles: Uncovering the Invisible Risk of Web Advertising at Scale with LLMs // An interesting study (and practical implementation) of the problem of passive digital footprint in advertising flows 6⃣ PCIe IDE TLP Reordering Vulnerabilities // CVE-2025-9612, CVE-2025-9613, CVE-2025-9614 7⃣ ClamAV Signature Retirement ]-> Analytical review (Dec.06-13, 2025)

1 073

+1

DVR EXAMINER_3.19_Crack.zip1.47 MB

1 073

#tools #Malware_analysis "From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis", Dec. 2025 (NDSS 2026). ]-> Artifacts ]-> JSimplifier - deobfuscation and simplification tool using LLMs/AST transformations // Existing tools struggle with diverse input formats, address only specific obfuscation types, and produce cryptic output that impedes human analysis. To address these challenges, we present JSIMPLIFIER, a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing, abstract syntax tree-based static analysis, dynamic execution tracing, and LLM-enhanced identifier renaming