اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
رفتن به کانال در Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
نمایش بیشتر1 070
مشترکین
اطلاعاتی وجود ندارد24 ساعت
+37 روز
+2230 روز
آرشیو پست ها
#tools
#exploit
#Red_Team_Tactics
1⃣ BOF Cocktails
// Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements
2⃣ Exploiting a private API for VoiceOver
// CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements
3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients
// While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths
Repost from CyberSecurityTechnologies
#tools
#exploit
#Red_Team_Tactics
1⃣ BOF Cocktails
// Crystal Palace enables direct API hooking within BOFs for evasion, offering a flexible alternative to Beacon-based hooks with ongoing enhancements
2⃣ Exploiting a private API for VoiceOver
// CVE-2025-43530 - macOS VoiceOver API vulnerability allowing bypass of privacy protections via trust verification flaws, enabling arbitrary AppleScript execution and AppleEvent sending, with a fix in macOS 26.2 requiring specific entitlements
3⃣ Using ADCS to Attack HTTPS-Enabled WSUS Clients
// While vulnerabilities in the configuration of ADCS itself have been researched extensivly, combining other services with ADCS can still lead to new attack paths
#DFIR
#Blue_Team_Techniques
From Code to Coverage:
Part 1 - The OID Transformation That Hinders LDAP Detection
// ..we learned to think like an attacker—understanding how Impacket tools construct their LDAP queries
Part 2 - The Whitespace Nightmare: Writing Sigma Rules That Actually Match
// ..we learned to think like a log parser having an existential crisis - handling every possible variation those queries might take after going through the transformation gauntlet
CVE-2025-6023
*
Grafana Bypass: A Technical Deep Dive
#Tech_book
#Offensive_security
"Bash Shell Scripting for Pentesters:
Master the art of command-line exploitation and enhance your penetration testing workflows", 2024.
// This book provides a comprehensive guide to mastering Bash scripting specifically for pentesting, covering everything from basic scripting concepts to advanced techniques for evading detection and integrating with modern technologies such as AI
SANS_Linux_Incident_Response_1766732202.pdf1.98 MB
#exploit
#Kernel_Security
"Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations", HexaCon 2025.
]-> Linux HFSC Eltree UAF - Debian 12 PoC
// CVE-2025-38001 Analysis + RbTree Attack Against LTS/COS + Mitigations Exploit
See also:
]-> EntryBleed: A Universal KASLR Bypass against KPTI on Linux (2023)
Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.
Windows Adli Bilişim Eğitimi
https://siberkulupler.com/events/77c92680-9f58-4def-a853-b21e37c6c5cf/
Siber Kulüplerin organize ettiği eğitimlere kayıt yaptırabilirsiniz.
Bellek Tabanlı Saldırıların Adli Analizi
https://siberkulupler.com/events/d4599b53-2170-4e56-97e9-1ec15ab0f0c8/
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (December 13-20, 2025)
1⃣ Critical OneView Vulnerablity
// HPs OneView Software allows for unauthenticated code execution
2⃣ Wireshark 4.4.12 Released
// Release notes + download page
3⃣ FortiCloud SSO Login Vuln Exploited
// FortiGate CVE-2025-59718, CVE-2025-59719
4⃣ AI-Powered Reverse Engineering with Ghidra
// OGhidra bridges LLMs via Ollama with the Ghidra reverse engineering platform, enabling AI-driven binary analysis through natural language
5⃣ When Ads Become Profiles: Uncovering the Invisible Risk of Web Advertising at Scale with LLMs
// An interesting study (and practical implementation) of the problem of passive digital footprint in advertising flows
6⃣ PCIe IDE TLP Reordering Vulnerabilities
// CVE-2025-9612, CVE-2025-9613, CVE-2025-9614
7⃣ ClamAV Signature Retirement
]-> Analytical review (Dec.06-13, 2025)
#tools
#Malware_analysis
"From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis",
Dec. 2025 (NDSS 2026).
]-> Artifacts
]-> JSimplifier - deobfuscation and simplification tool using LLMs/AST transformations
// Existing tools struggle with diverse input formats, address only specific obfuscation types, and produce cryptic output that impedes human analysis. To address these challenges, we present JSIMPLIFIER, a comprehensive deobfuscation tool using a multi-stage pipeline with preprocessing, abstract syntax tree-based static analysis, dynamic execution tracing, and LLM-enhanced identifier renaming
WhatsApp activity tracker
https://github.com/Xh4H/WhatsApp-device-activity-tracker:
1. This project implements the research from the paper "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers" by Gabriel K. Gegenhuber, Maximilian Günther, Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, and Johanna Ullrich (University of Vienna & SBA Research).
2. Example Output: The tracker sends probe messages and measures the Round-Trip Time (RTT) to detect device activity.
3. However, WhatsApp does not disclose what “high volume” means, so this does not fully prevent an attacker from sending a significant number of probe reactions before rate-limiting kicks in.
@secharvester
#exploit
1⃣ Windows Session Hijacking via COM
// This technique serves as an alternative to remote process injection or LSASS dumping for activities like keylogging, screenshots, or LDAP access
2⃣ CVE-2024-27822:
macOS PackageKit Privilege Escalation
// Currently, there is no patch...
3⃣ CVE-2025-67511:
Tricking a Security AI Agent Into Pwning Itself
// Command injection vulnerability in cai-framework <=0.5.9. A patched release on PyPI is not yet available...
4⃣ CVE-2025-53772:
Microsoft Web Deploy RCE
// RCE in Microsoft Web Deploy (msdeploy) caused by unsafe deserialization of HTTP header data
