uz
Feedback
All Security Engineering Courses

All Security Engineering Courses

Kanalga Telegram’da o‘tish

This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmark me!

Ko'proq ko'rsatish

📈 Telegram kanali All Security Engineering Courses analitikasi

All Security Engineering Courses (@allsecurityengineeringcourses) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 18 901 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 6 999-o'rinni va Rossiya mintaqasida 35 441-o'rinni egallagan.

📊 Auditoriya ko‘rsatkichlari va dinamika

невідомо sanasidan buyon loyiha tez o‘sib, 18 901 obunachiga ega bo‘ldi.

07 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 145 ga, so‘nggi 24 soatda esa 12 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.

  • Tasdiqlash holati: Tasdiqlanmagan
  • Jalb etish (ER): Auditoriya o‘rtacha 12.09% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 2.97% ini tashkil etuvchi reaksiyalarni to‘playdi.
  • Post qamrovi: Har bir post o‘rtacha 2 285 marta ko‘riladi; birinchi sutkada odatda 562 ta ko‘rish yig‘iladi.
  • Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 4 ta reaksiya keladi.
  • Tematik yo‘nalishlar: Kontent git, strace, github, linux, docker kabi asosiy mavzularga jamlangan.

📝 Tavsif va kontent siyosati

Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmar...

Yuqori yangilanish chastotasi (oxirgi ma’lumot 08 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.

18 901
Obunachilar
+1224 soatlar
+497 kunlar
+14530 kunlar
Postlar arxiv
🔄 🔍 Zircolite v2.40.0 Отличный инструмент для исследования логов, особенно крайне кривых и неудобных 💻 Windows EVTX Провод
🔄 🔍 Zircolite v2.40.0 Отличный инструмент для исследования логов, особенно крайне кривых и неудобных 💻 Windows EVTX Проводит анализ на основе SIGMA правил (основные идут в комплекте) Также работает с файлами .log, .xml, .json ⚙️ Установка:
git clone https://github.com/wagga40/Zircolite
cd Zircolite
pip3 install -r requirements.full.txt
Для Windows есть собранный бинарь Примеры:
python3 zircolite.py --evtx system.evtx
python3 zircolite.py --evtx system.evtx --ruleset rules/rules_windows_sysmon_pysigma.json
python3 zircolite.py --events auditd.log --ruleset rules/rules_linux.json --auditd
python3 zircolite.py --events sysmon.log --ruleset rules/rules_linux.json --sysmon4linux
Обновление правил:
python3 zircolite.py -U
🗂 Тестовый EVTX 💻 Home 💻 Sigma 📔 Documentation #dfir #forensics #zircolite #soft #python ✈️Join Us For More.... ‎ ‎🔥Telegram🔥: ‎https://t.me/SuBoXoneSoCiety ‎ ‎☠️Darkweb room☠️: http://suboxone2fzkkkeuezwozbbajgqargceo62wdx3f53awty6dv4mzzbad.onion ‎ ‎🫂Whatsapp community🫂 :https://whatsapp.com/channel/0029Vb7WAkz4tRrkdnGzzy25

Repost from MalDev | GaK3r
Proxy-DLL-Loads This project demonstrates a proof of concept for intercepting and proxying DLL loads using undocumented Windo
Proxy-DLL-Loads This project demonstrates a proof of concept for intercepting and proxying DLL loads using undocumented Windows syscalls, enabling stealthy control over dynamic library loading. It's designed for advanced security research and potentially bypassing detection mechanisms. 🔗 Link 🕹Subscribe to MalDev | GaK3r

Repost from CodeGuard: Linux
🔍 masscan — zmap на стероидах для портов masscan (https://github.com/robertdavidgraham/masscan) — самый быстрый сканер порто
🔍 masscan — zmap на стероидах для портов masscan (https://github.com/robertdavidgraham/masscan) — самый быстрый сканер портов в мире. Сканирует весь интернет за минуты, не как nmap (5 дней). Идеален для начального recon'а. Полезен для bug bounty и инфраструктурного аудита:
🟢 Полный интернет за 6 минут: sudo masscan 0.0.0.0/0 -p80,443 --rate=1000000 🟢 Асинхронный скан: masscan 10.0.0.0/8 -p1-65535 --rate=10000 -oL results.txt 🟢 Только открытые: masscan target.com -p80,443 --open-only 🟢 Скриптинг: masscan 192.168.1.0/24 -p22 --banners -oG banners.grep 🟢 HTTP баннеры: masscan target -p80 --banners | grep -i server
⚙️ Установка:
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make -j
sudo make install
# или sudo apt install masscan
🚀 Фичи vs nmap/zmap:
🔴Скорость: 10M+ пакетов/сек (nmap: 1-2k) 🔴Асинхронный I/O (не ждет ответы) 🔴Баннер grabbing из коробки 🔴Raw sockets (root-only, но скорость x100) 🔴Пауза/возобновление (--resume)
💡Prod-скрипт:
#!/bin/bash
masscan $1 -p80,443 --rate=50000 --open-only -oJ scan.json
cat scan.json | jq -r '.ip + ":" + (.ports[0].port|to_string)' > live_hosts.txt
Где юзают: Shodan-альтернатива, cloud pentest, mass subdomain enum. 👩‍💻 CodeGuard: Linux | Чат

OSSEC: лёгкий HIDS, если Wazuh слишком жирный ⌨️ OSSEC — это классический open-source HIDS, который стоит прямо на хосте, мон
OSSEC: лёгкий HIDS, если Wazuh слишком жирный ⌨️ OSSEC — это классический open-source HIDS, который стоит прямо на хосте, мониторит логи, файлы и реакции на инциденты. ​ Подходит, когда Elastic+Wazuh — оверкил, а тебе нужно просто видеть попытки взлома и критичные изменения в системе. ⚙️ Ключевые возможности OSSEC:
🔵Анализ логов системных сервисов, SSH, sudo, веб-серверов ​ 🔵File Integrity Monitoring для отслеживания изменений конфигов и бинарников​ 🔵Реакции на события: алерты, запуск скриптов, блокировки IP через firewall​ 🔵Поддержка множества ОС: Linux, *BSD, Windows, контейнеры и облако через агенты​ 🔵Интеграция с SIEM и внешними системами корреляции событий
⚡️Быстрый старт с OSSEC (агент + сервер): Установка сервера (Linux):
curl -O https://updates.atomicorp.com/channels/ossec/ossec-hids.tar.gz
tar -xzf ossec-hids.tar.gz
cd ossec-hids
sudo ./install.sh
Проверка статуса:
sudo /var/ossec/bin/ossec-control status
Подключение агента (на хосте):
curl -O https://updates.atomicorp.com/channels/ossec/ossec-hids-agent.tar.gz
tar -xzf ossec-hids-agent.tar.gz
cd ossec-hids-agent
sudo ./install.sh
/var/ossec/bin/manage_agents     # добавить агент на сервере
/var/ossec/bin/agent-auth -m <IP_OSSEC_SERVER>
Где использовать OSSEC:
🔴Малые и средние инфраструктуры без тяжёлого SIEM ​ 🔴Мониторинг критичных серверов (SSH, sudo, изменения конфигов)​ 🔴Как источник событий для уже существующего SIEM/лог-стека
😈 CodeGuard: PySec Edition | Чат

MAoS – Malware Analysis on Steroids Author:- Uriel Kosayev
MAoS – Malware Analysis on Steroids Author:- Uriel Kosayev

🔰 Learn web3.js | Introduction to Web3.js library Learn web3.js library 🗒 Description: Welcome to the Web3.js Course This W
🔰 Learn web3.js | Introduction to Web3.js library Learn web3.js library 🗒 Description: Welcome to the Web3.js Course
This Web3.js course is designed for programmers and developers who want to take a comprehensive deep dive in building decentralized applications(dapp). This course provides detailed overviews of web3.js library and how to use web3.js library in order to interact with the blockchain and smart contract. In this course we are not just going to talk about Web3.js theory but also we are going to create a mini decentralized application (dapp) for practical.

Repost from N/a
15 misc attack on server.pdf.pdf13.97 MB

Repost from 1N73LL1G3NC3
EDRStartupHinder Prevents AV / EDR from running by redirecting a core DLL in the System32 folder to another location during W
EDRStartupHinder Prevents AV / EDR from running by redirecting a core DLL in the System32 folder to another location during Windows startup. Blog: https://www.zerosalarium.com/2026/01/edrstartuphinder-edr-startup-process-blocker.html

Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) CVE-2025-50154 allows an attacker to extract NTLM hash
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) CVE-2025-50154 allows an attacker to extract NTLM hashes without any user interaction, even on fully patched systems. By exploiting a subtle gap left in the mitigation, an attacker can trigger NTLM authentication requests automatically, enabling offline cracking or relay attacks to gain unauthorized access.

Obfusk8 now integrates a state-of-the-art Indirect Syscall mechanism to bypass User-Mode Hooks (EDRs/AVs) and static analysis
Obfusk8 now integrates a state-of-the-art Indirect Syscall mechanism to bypass User-Mode Hooks (EDRs/AVs) and static analysis checks. => "The Sorting Hat" Resolution: Instead of reading the .text section of ntdll.dll (which is often hooked or monitored), the engine parses the Export Directory. It filters functions starting with Zw, sorts them by memory address, and deduces the System Call Number (SSN) based on their index. This allows SSN resolution without ever touching executable code. => Lateral Gadget Execution: The engine does not contain the syscall (0F 05) instruction in its own binary. Instead, it locates a valid syscall; ret gadget inside ntdll.dll memory at runtime. Clean Call Stacks: A custom thunk is allocated that jumps to the ntdll gadget. To the OS kernel and security sensors, the system call appears to originate legitimately from ntdll.dll, maintaining a clean call stack. => Usage: Simply use K8_SYSCALL("ZwOpenProcess", ...) instead of NtOpenProcess. You have built a system that : 1 - Does not scan .text (Sorting Hat logic on Exports). 2 - Does not execute syscall locally (Lateral Gadget execution). 3 - Does not leave traces (Clean Call Stacks).

⚙️ ArgFuscator Приложение с открытым исходным кодом, которое помогает генерировать обфусцированные команды для 💻 Windows, 🐧
⚙️ ArgFuscator Приложение с открытым исходным кодом, которое помогает генерировать обфусцированные команды для 💻 Windows, 🐧 Linux и 💻 MacOS 🔗 ArgFuscator Invoke-ArgFuscator:
Install-Module -Name Invoke-ArgFuscator
Import-Module Invoke-ArgFuscator

Invoke-ArgFuscator -Command 'certutil /f /urlcache https://www.example.org/ homepage.txt'

Invoke-ArgFuscator -InputFile path\to\file.json
😹 Offline version #windows #obfuscator #redteam ✈️ Join Us For More.... ‎ ‎🔥Telegram🔥: ‎https://t.me/SuBoXoneSoCiety ‎ ‎☠️Darkweb room☠️: http://suboxone2fzkkkeuezwozbbajgqargceo62wdx3f53awty6dv4mzzbad.onion ‎ ‎🫂Whatsapp community🫂 :https://whatsapp.com/channel/0029Vb7WAkz4tRrkdnGzzy25

⏰🤖Real-Time Phishing Agents (Dynamic Phishing) ❓ why we use Real-time Phishing Agents (Dynamic Phishing) : When we relay on
⏰🤖Real-Time Phishing Agents (Dynamic Phishing) ❓ why we use Real-time Phishing Agents (Dynamic Phishing) : When we relay on static templates the site will update continuously this will make the work more harder to Update the Phishing template every day, also if the user enabled MFA the full operation will fall down.. Because MFA code is temporary and we have 0 interaction with the Real Site to verify the token we got... That`s why the Dynamic Phishing Solve this matter. ℹ️ what is shown in the image above is example of Phishing operation in real time, where the attacker don`t relay on static template, instead its clone the server page in real-time , that`s will help the attacker to don`t relay on static templates and update it every day to mimic the real site. 😈 Adversary-in-the-Middle (AiTM): is a targeted, real-time phishing technique where the attacker operates a proxy between the victim and the legitimate service to intercept and manipulate the live authentication flow — capturing credentials, session cookies, tokens, or one-time codes so the attacker can immediately take over the session (often bypassing MFA). 🥷 attacker will capture credentials in real-time & often bypass MFA and that is the biggest advantage of Dynamic Phishing. 💻 Explain the attack Chain Using Evliginx2: 1. The Lure (Step 1) 🕷🔗: The victim clicks a phishing link (e.g., sent via email) that points to the attacker's domain: https://login.fakemicrosoft.com . The victim's browser sends a request to the Evilginx2 server, thinking it is the login page. 2. The Proxy Request (Step 2) 📶: Instead of serving a fake static page, the Evilginx2 server silently forwards that request to the real Microsoft login URL (https://login.microsoftonline.com). 3. Fetching the Real Site (Step 3) ™️🌐 : Microsoft's server receives the request. Thinking it's a normal user, it responds by sending the code for the actual login page back to the Evilginx2 server. 4. Displaying the Trap (Step 4) 🔼🔽: Evilginx2 takes that real login page and serves it to the victim. Crucial Detail: The victim sees the exact real login page because it is the real code, just served from the wrong domain (fakemicrosoft.com). 5. The Interception (Step 5) 💻 : The victim enters their username and password. These credentials are sent to the Evilginx2 server first, not Microsoft. The attacker now captures the password. 6. The Relay (Step 6)👊 : Evilginx2 immediately uses those stolen credentials to log in to the real Microsoft server on the backend. Note: If MFA (2FA) were required, Evilginx would prompt the user for the code here, capture it, and relay that too (this is the "Real-Time" aspect). 7. The Theft (Step 7 - The "Gold")™️ : Microsoft accepts the valid credentials and replies with a Session Cookie (the digital token that proves you are logged in). Evilginx2 captures and saves this cookie. This is the main goal. With this cookie, the attacker can open their own browser, inject the cookie, and access the victim's account without needing the password or MFA again. 8. The Clean Exit (Step 8) 💻🏃‍♂️ : To avoid raising suspicion, Evilginx2 finally redirects the victim to a totally different website (or the actual Microsoft dashboard). The victim thinks they just logged in normally, or perhaps that the page glitched, while the attacker now has full access to the account.

⏰🤖Real-Time Phishing Agents (Dynamic Phishing) ❓ why we use Real-time Phishing Agents (Dynamic Phishing) : When we relay on
⏰🤖Real-Time Phishing Agents (Dynamic Phishing) ❓ why we use Real-time Phishing Agents (Dynamic Phishing) : When we relay on static templates the site will update continuously this will make the work more harder to Update the Phishing template every day, also if the user enabled MFA the full operation will fall down.. Because MFA code is temporary and we have 0 interaction with the Real Site to verify the token we got... That`s why the Dynamic Phishing Solve this matter. ℹ️ what is shown in the image above is example of Phishing operation in real time, where the attacker don`t relay on static template, instead its clone the server page in real-time , that`s will help the attacker to don`t relay on static templates and update it every day to mimic the real site. 😈 Adversary-in-the-Middle (AiTM): is a targeted, real-time phishing technique where the attacker operates a proxy between the victim and the legitimate service to intercept and manipulate the live authentication flow — capturing credentials, session cookies, tokens, or one-time codes so the attacker can immediately take over the session (often bypassing MFA). 🥷 attacker will capture credentials in real-time & often bypass MFA and that is the biggest advantage of Dynamic Phishing. 💻 Explain the attack Chain Using Evliginx2: 1. The Lure (Step 1) 🕷🔗: The victim clicks a phishing link (e.g., sent via email) that points to the attacker's domain: https://login.fakemicrosoft.com . The victim's browser sends a request to the Evilginx2 server, thinking it is the login page. 2. The Proxy Request (Step 2) 📶: Instead of serving a fake static page, the Evilginx2 server silently forwards that request to the real Microsoft login URL (https://login.microsoftonline.com). 3. Fetching the Real Site (Step 3) ™️🌐 : Microsoft's server receives the request. Thinking it's a normal user, it responds by sending the code for the actual login page back to the Evilginx2 server. 4. Displaying the Trap (Step 4) 🔼🔽: Evilginx2 takes that real login page and serves it to the victim. Crucial Detail: The victim sees the exact real login page because it is the real code, just served from the wrong domain (fakemicrosoft.com). 5. The Interception (Step 5) 💻 : The victim enters their username and password. These credentials are sent to the Evilginx2 server first, not Microsoft. The attacker now captures the password. 6. The Relay (Step 6)👊 : Evilginx2 immediately uses those stolen credentials to log in to the real Microsoft server on the backend. Note: If MFA (2FA) were required, Evilginx would prompt the user for the code here, capture it, and relay that too (this is the "Real-Time" aspect). 7. The Theft (Step 7 - The "Gold")™️ : Microsoft accepts the valid credentials and replies with a Session Cookie (the digital token that proves you are logged in). Evilginx2 captures and saves this cookie. This is the main goal. With this cookie, the attacker can open their own browser, inject the cookie, and access the victim's account without needing the password or MFA again. 8. The Clean Exit (Step 8) 💻🏃‍♂️ : To avoid raising suspicion, Evilginx2 finally redirects the victim to a totally different website (or the actual Microsoft dashboard). The victim thinks they just logged in normally, or perhaps that the page glitched, while the attacker now has full access to the account.

Nezha A legitimate open-source monitoring tool (post-exploitation RAT). Compatible with mainstream systems, including Linux,
Nezha A legitimate open-source monitoring tool (post-exploitation RAT). Compatible with mainstream systems, including Linux, Windows, macOS, OpenWRT, and Synology. The agent provides SYSTEM/root level access, file management, and an interactive web terminal. VirusTotal shows 0/72 detections because it isn’t malware, it’s legitimate software pointed at attacker infrastructure. Installation is silent. Detection only occurs when attackers execute commands through the agent. Wiki: https://nezha.wiki/en_US/ Research: https://www.ontinue.com/resource/nezha-the-monitoring-tool-thats-also-a-perfect-rat/

☁️🚀 AWS DevOps Guide – Build, Deploy & Scale with Confidence Want to master DevOps on AWS? This guide helps you understand how modern teams build, automate, deploy, and monitor applications using AWS DevOps best practices. 📌 What You’ll Learn: • Core AWS services for DevOps • CI/CD pipelines & automation • Infrastructure as Code (IaC) • Monitoring, logging & scaling • Security & DevOps best practices 🎯 Perfect for DevOps engineers, cloud learners, and cybersecurity professionals. 📥 Grab resources here: 👉 https://resources.codelivly.com/ Level up your cloud & DevOps skills the right way ☁️🔧🚀

Practical_Purple_Teaming_The_Art_of_Collaborative_Defense_Practical.pdf6.04 MB