İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

no route to host )))

IDA PRO 90sp1 Все платформы + ключи Разбираем

#Malware_analysis 1. Zero-day behavior in PDF samples that leak local (net)NTLM information https://justhaifei1.blogspot.com/2025/01/expmon-detected-zero-day-behavior-in.html 2. Linux Rootkit Malware Deep Dive https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware 3. A repository of credential stealer formats https://github.com/MalBeacon/what-is-this-stealer

CVE-2024-49112 LDAP Nightmare * WriteUP POC

CVE-2024-50603-nuclei-poc * Critical Command Injection Vulnerability in Aviatrix Controller * POC

CVE-2025-0282 * Ivanti Connect Secure (RCE) * exploit.

Siber Olaylara Müdahale Eğitimi (Windows Forensics) https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?couponCode=F3FEB5CC284489225B5A

Local Privilege Escalation in IObit Malware Fighter The PoC program exploits the IMFForceDelete driver which exposes an ioctl that allows unprivileged users to delete files and folders. We can turn this into a privilege escalation by using a technique explained by ZDI and Halov, which exploits the MSI rollback mechanism which is designed to maintain system integrity in case of issues. By deleting and recreating it with a weak DACL and fake RBF and RBS files we can gain the ability to make arbitrary changes to the system as NT AUTHORITY\SYSTEM. #1N73LL1G3NC3

Tersine Mühendislere Çağrı 8 Şubat günü Malwation ofisinde ödüllü private bir CrackMe Night düzenleniyor. Windows binary'ler ile aram iyi diyen crackerlar için başvuru linki https://share.malwation.com/crackme-night-feb25

BurpSuite PRO Version - 2024.11.1 X64 * + extention + bounty PRO * DownLoad

#tools #MLSecOps LLM Vulnerability Scanner https://github.com/NVIDIA/garak ]-> Framework for Security Probing LLMs (.pdf)

#exploit 1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875 2. CVE-2024-38819: https://github.com/masa42/CVE-2024-38819-POC 3. CVE-2024-24942: Path traversal in SwaggerUI-java within JetBrains TeamCity https://blog.0daylabs.com/2024/12/11/jetbrains-teamcity-authbypass-path-traversal

#exploit 1. CVE-2024-54679: Cyber Panel DoS https://github.com/hotplugin0x01/CVE-2024-54679 2. CVE-2024-39090: CSRF to Stored XSS in PHP Gurukul Online Shopping Portal v2.0 https://github.com/ghostwirez/CVE-2024-39090-PoC 3. CVE-2023-23586: Linux vDSO and VVAR https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html

ZigStrike A robust shellcode #loader developed in Zig, offering a variety of #injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient #shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a custom #payload builder, allowing users to easily select and construct payloads via a web application built with Python. Multiple Injection Techniques:

• Local Thread • Local Mapping • Remote Mapping • Remote Thread hijacking

Anti-Sandbox Protection:

• TPM Presence Check • Domain Join Check

Output Formats:

• XLL (Excel Add-in) • DLL

Advanced Features:

• Base64 Shellcode Encoding • Compile-time String Processing • Memory Protection Handling • Process Targeting

Blog: https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html #1N73LL1G3NC3

Apache Struts2 CVE-2024-53677 * POC+WriteUp

CVE-2024-53376 * CyberPanel ( versions < 2.3.8 ) Authenticated OS Command Injection * WriteUP * exploit

#tools #Offensive_security 1. DCOM Lateral movement POC abusing the IMsiServer interface https://github.com/deepinstinct/DCOMUploadExec 2. BOF launcher - library for executing BOF files in C/C++/Zig applications https://github.com/The-Z-Labs/bof-launcher 3. Windows Administrator level Implant https://github.com/ChaitanyaHaritash/IllusiveFog

#exploit 1. CVE-2024-5907, CVE-2024-9469: LPE/Privilege Escalation in Palo Alto Cortex XDR Agent https://blog.scrt.ch/2024/12/05/attacking-cortex-xdr-from-an-unprivileged-user-perspective 2. CVE 2024-37397: Ivanti Endpoint Manager XXE https://d4mianwayne.github.io/posts/ivanti-endpoint-manager-xxe-cve-2024-37397 3. CVE-2024-52595: Mutation XSS & lxml_html_clean bypass https://jorianwoltjer.com/blog/p/hacking/mutation-xss