İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

Kanalga Telegram’da o‘tish

Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.

Ko'proq ko'rsatish

Turkiya11 850 Texnologiyalar & Aralashmalar40 820

1 071

Obunachilar

+124 soatlar

+57 kunlar

+2430 kunlar

539

Post ko'rishlar

Ma'lumot yo'q24 soatlar

Ma'lumot yo'q48 soatlar

50.33%

Muloqot nisbati

Ma'lumot yo'q

Kuniga postlar

Ads index

beta

Postlar arxiv

1 071

no route to host )))

1 071

IDA PRO 90sp1 Все платформы + ключи Разбираем

1 071

#Malware_analysis 1. Zero-day behavior in PDF samples that leak local (net)NTLM information https://justhaifei1.blogspot.com/2025/01/expmon-detected-zero-day-behavior-in.html 2. Linux Rootkit Malware Deep Dive https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware 3. A repository of credential stealer formats https://github.com/MalBeacon/what-is-this-stealer

1 071

CVE-2024-49112 LDAP Nightmare * WriteUP POC

1 071

CVE-2024-50603-nuclei-poc * Critical Command Injection Vulnerability in Aviatrix Controller * POC

1 071

CVE-2025-0282 * Ivanti Connect Secure (RCE) * exploit.

1 071

Siber Olaylara Müdahale Eğitimi (Windows Forensics) https://www.udemy.com/course/siber-olaylara-mudahale-egitimi-windows-forensics/?couponCode=F3FEB5CC284489225B5A

1 071

Local Privilege Escalation in IObit Malware Fighter The PoC program exploits the IMFForceDelete driver which exposes an ioctl that allows unprivileged users to delete files and folders. We can turn this into a privilege escalation by using a technique explained by ZDI and Halov, which exploits the MSI rollback mechanism which is designed to maintain system integrity in case of issues. By deleting and recreating it with a weak DACL and fake RBF and RBS files we can gain the ability to make arbitrary changes to the system as NT AUTHORITY\SYSTEM. #1N73LL1G3NC3

1 071

Tersine Mühendislere Çağrı 8 Şubat günü Malwation ofisinde ödüllü private bir CrackMe Night düzenleniyor. Windows binary'ler ile aram iyi diyen crackerlar için başvuru linki https://share.malwation.com/crackme-night-feb25

1 071

BurpSuite PRO Version - 2024.11.1 X64 * + extention + bounty PRO * DownLoad

1 071

#tools #MLSecOps LLM Vulnerability Scanner https://github.com/NVIDIA/garak ]-> Framework for Security Probing LLMs (.pdf)

1 071

#exploit 1. Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875 2. CVE-2024-38819: https://github.com/masa42/CVE-2024-38819-POC 3. CVE-2024-24942: Path traversal in SwaggerUI-java within JetBrains TeamCity https://blog.0daylabs.com/2024/12/11/jetbrains-teamcity-authbypass-path-traversal

1 071

#exploit 1. CVE-2024-54679: Cyber Panel DoS https://github.com/hotplugin0x01/CVE-2024-54679 2. CVE-2024-39090: CSRF to Stored XSS in PHP Gurukul Online Shopping Portal v2.0 https://github.com/ghostwirez/CVE-2024-39090-PoC 3. CVE-2023-23586: Linux vDSO and VVAR https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html

1 071

ZigStrike A robust shellcode #loader developed in Zig, offering a variety of #injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient #shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a custom #payload builder, allowing users to easily select and construct payloads via a web application built with Python. Multiple Injection Techniques:

• Local Thread • Local Mapping • Remote Mapping • Remote Thread hijacking

Anti-Sandbox Protection:

• TPM Presence Check • Domain Join Check

Output Formats:

• XLL (Excel Add-in) • DLL

Advanced Features:

• Base64 Shellcode Encoding • Compile-time String Processing • Memory Protection Handling • Process Targeting

Blog: https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html #1N73LL1G3NC3

1 071

Apache Struts2 CVE-2024-53677 * POC+WriteUp

1 071

CVE-2024-53376 * CyberPanel ( versions < 2.3.8 ) Authenticated OS Command Injection * WriteUP * exploit

1 071

#tools #MLSecOps #Red_Team_Tactics "Guide to Red Teaming Methodology on AI Safety", Ver. 1.0, 2024.

1 071

#tools #Offensive_security 1. DCOM Lateral movement POC abusing the IMsiServer interface https://github.com/deepinstinct/DCOMUploadExec 2. BOF launcher - library for executing BOF files in C/C++/Zig applications https://github.com/The-Z-Labs/bof-launcher 3. Windows Administrator level Implant https://github.com/ChaitanyaHaritash/IllusiveFog

1 071

#Tech_book #Malware_analysis "The result of self-research and investigation of malware development tricks, cryptography and intro to linux malware", 2024.

1 071

#exploit 1. CVE-2024-5907, CVE-2024-9469: LPE/Privilege Escalation in Palo Alto Cortex XDR Agent https://blog.scrt.ch/2024/12/05/attacking-cortex-xdr-from-an-unprivileged-user-perspective 2. CVE 2024-37397: Ivanti Endpoint Manager XXE https://d4mianwayne.github.io/posts/ivanti-endpoint-manager-xxe-cve-2024-37397 3. CVE-2024-52595: Mutation XSS & lxml_html_clean bypass https://jorianwoltjer.com/blog/p/hacking/mutation-xss