İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

#tools #exploit #AppSec #Fuzzing Breaking the Sound Barrier Part 1 - Fuzzing CoreAudio with Mach Messages Part 2 - Exploiting CVE-2024-54529 ]-> Fuzzing Tools ]-> CoreAudio Exploit POC (macOS Sequoia) // CVE-2024-54529 (Type Confusion in CoreAudio), CVE-2025-31235 (Double Free in CoreAudio)

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Jan.24-31, 2026) 1⃣  Critical eScan Supply Chain Compromise // Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems 2⃣  Fake Clawdbot VS Code Extension Installs ScreenConnect RAT // The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions 3⃣  OpenSSL Updates // OpenSSL released its monthly updates, fixing a potential RCE 4⃣  DoS Vulnerabilities in React Server Components // Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition 5⃣  CVE-2026-21509 - MS Office 0-Day // Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability 6⃣  StackRox 4.8.8 Kubernetes Security Platform + OpenAEV 2.0.14 Adversarial Exposure Validation Platform // New releases have been released 7⃣ GnuPG 2.5.17 // This version fixes a critical security bug in versions 2.5.13 to 2.5.16 8⃣ Hacking Clawdbot and Eating Lobster Souls // Part 2 9⃣ Operation Bizarre Bazaar // First Attributed LLMjacking Campaign with Commercial Marketplace Monetization 1⃣0⃣ Silent Brothers: Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails ]-> Analytical review (Jan.17-24, 2026)

#Offensive_security #Red_Team_Tactics Living off the Process https://g3tsyst3m.com/lotp/Living-off-the-Process ]-> Full Source Code ready to compile

AudioDG.exe DLL Hijacking for LPE * Windows 11 Home\Professional Link

#tools #Offensive_security HuntCyberArk - CyberArk Security Audit Suite https://github.com/Logisek/HuntCyberArk // A comprehensive PowerShell-based security assessment tool for Privileged Access Management platforms See also: zBang - Risk assessment tool for privileged account threats Conjur - Secrets management platform ACLight - Shadow Admin discovery Ansible Security Automation Collection - CyberArk Ansible integration

Shadow Copy Management via VSS API (C++, C#, Crystal, Python) https://github.com/ricardojoserf/w11_shadow_copies

#Malware_analysis 1⃣ Scattered Spider Attacks https://www.team-cymru.com/post/scattered-spider-attacks-infrastructure-profile 2⃣ KazakRAT https://ctrlaltintel.com/threat%20research/KazakRAT 3⃣ A Shared Arsenal: Identifying Common TTPs Across RATs https://www.splunk.com/en_us/blog/security/common-ttps-rats-malware-analysis.html 4⃣ Decrypting View State Messages https://zeroed.tech/blog/decrypting-viewstate-messages ]-> VSRipper decrypt tool 5⃣ TrueSightKiller: 2,500+ Weaponized Security Tool Variants Bypassing Microsoft's Defenses https://www.magicsword.io/blog/truesightkiller-edr-killer-driver-abuse

#tools #DFIR #Blue_Team_Techniques 1⃣ Blue Team LLM Assistant // LLM supported Toolkit for Blue Team/SOC Operations 2⃣ Attack Flow Detector // Find the MITRE ATT&CK flows sneakily hiding in your alerts, by making contextual groupings, then finding causal sequences 3⃣ Open Source SOC // Building one Solution for Threat management and detection for network with Open source SOC solution 4⃣ IOChaser Chrome extension // lightweight Chrome extension for SOC analysts, threat hunters, and blue teamers 5⃣ Mail Extractor IoC // Python script to analyze emails and extract IoCs in JSON format

#Malware_analysis 1⃣ Decoding malware C2 with CyberChef https://www.netresec.com/?page=Blog&month=2026-01&post=Decoding-malware-C2-with-CyberChef 2⃣ VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework 3⃣ SolyxImmortal: Python Malware Analysis https://www.cyfirma.com/research/solyximmortal-python-malware-analysis 4⃣ From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers https://www.trendmicro.com/es_es/research/26/a/analysis-of-the-evelyn-stealer-campaign.html

AV-EDR Killer * завершение процессов с помощью эксплуатации уязвимого драйвера * Link

#OpSec #Purple_Team_Exercises EDR Silencing https://ipurple.team/2026/01/12/edr-silencing // EDR Silencing is a technique that enables threat actors with elevated privileges on the asset to restrict endpoint detection and response visibility in order to execute less opsec oriented techniques

#Threat_Research 1⃣ One-click Telegram IP address leak // Telegram client behavior with proxy links may allow attackers to reveal a user’s real IP address with a single click, even when a proxy is configured 2⃣ Gogs 0-Day Exploited in the Wild // An at the time unpachted flaw in Gogs was exploited to compromise git repos 3⃣ n8n supply chain attack // Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM 4⃣ Apache NimBLE Bluetooth vulnerabilities // CVE-2025-52435, CVE-2025-53470, CVE-2025-53477, CVE-2025-62235, CVE-2024-47248, CVE-2024-47249, CVE-2024-47250, CVE-2024-51569, CVE-2024-24746 5⃣ Two CVEs, Zero Ego: A Mailpit Story // CVE-2026-21859 (SSRF), CVE-2026-22689 (CSWSH) 6⃣ TinyOS 2.1.2 printfUART Global BOF via Unbounded Format Expansion // vulnerability exists in the TinyOS printfUART implementation used within the ZigBee/IEEE 802.15.4 networking stack

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Jan.03-10, 2026) 1⃣  Cisco DNS Bug Reboot // The issue appears to be related to a change Cloudflare made in the order of CNAME records. Only users using 1 1 1 1 as a recursive resolver appear to be affected 2⃣  n8n vulnerabilities // In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for 3⃣  D-Link DSL Command Injection // A new vulnerability in very old D-Link DSL modems is currently being exploited 4⃣  ESXi Exploitation in the Wild // In Dec. 2025, sophisticated attackers exploited VMware ESXi vulns via a multi-stage, stealthy attack leveraging 0-days and custom backdoors, leading to full hypervisor control, emphasizing urgent patching and detection see 5⃣  EDR Startup Process Blocker // The article details a method using Windows Bindlink API and "bindflt.sys" to hijack DLL loading via EDRStartupHinder, preventing EDR/antivirus startup by redirecting DLLs and exploiting PPL protections, with recommendations for detection and defense 6⃣  GnuPG Vulnerabilities // Several vulnerabilities in GnuPG were disclosed during a recent talk at the CCC congress 7⃣ YARA-X v1.11.0 ]-> Analytical review (Dec.27-Jan.03, 2026)