All Security Engineering Courses
This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmark me!
Ko'proq ko'rsatish📈 Telegram kanali All Security Engineering Courses analitikasi
All Security Engineering Courses (@allsecurityengineeringcourses) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 18 901 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 6 999-o'rinni va Rossiya mintaqasida 35 441-o'rinni egallagan.
📊 Auditoriya ko‘rsatkichlari va dinamika
невідомо sanasidan buyon loyiha tez o‘sib, 18 901 obunachiga ega bo‘ldi.
07 Iyul, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 145 ga, so‘nggi 24 soatda esa 12 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.
- Tasdiqlash holati: Tasdiqlanmagan
- Jalb etish (ER): Auditoriya o‘rtacha 12.09% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 2.97% ini tashkil etuvchi reaksiyalarni to‘playdi.
- Post qamrovi: Har bir post o‘rtacha 2 285 marta ko‘riladi; birinchi sutkada odatda 562 ta ko‘rish yig‘iladi.
- Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 4 ta reaksiya keladi.
- Tematik yo‘nalishlar: Kontent git, strace, github, linux, docker kabi asosiy mavzularga jamlangan.
📝 Tavsif va kontent siyosati
Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“This channel is being updated often with older than 2020 courses, ebooks, videos, code, etc. to be used responsibly by everyone in CyberSecurity in an ethical manner. Lots of content is being downloaded from other channels or forwarded here. Bookmar...”
Yuqori yangilanish chastotasi (oxirgi ma’lumot 08 Iyul, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.
git clone https://github.com/wagga40/Zircolite
cd Zircolite
pip3 install -r requirements.full.txt
Для Windows есть собранный бинарь
Примеры:
python3 zircolite.py --evtx system.evtx
python3 zircolite.py --evtx system.evtx --ruleset rules/rules_windows_sysmon_pysigma.json
python3 zircolite.py --events auditd.log --ruleset rules/rules_linux.json --auditd
python3 zircolite.py --events sysmon.log --ruleset rules/rules_linux.json --sysmon4linux
Обновление правил:
python3 zircolite.py -U
🗂 Тестовый EVTX
💻 Home
💻 Sigma
📔 Documentation
#dfir #forensics #zircolite #soft #python
✈️Join Us For More....
🔥Telegram🔥:
https://t.me/SuBoXoneSoCiety
☠️Darkweb room☠️: http://suboxone2fzkkkeuezwozbbajgqargceo62wdx3f53awty6dv4mzzbad.onion
🫂Whatsapp community🫂 :https://whatsapp.com/channel/0029Vb7WAkz4tRrkdnGzzy25🟢 Полный интернет за 6 минут: sudo masscan 0.0.0.0/0 -p80,443 --rate=1000000 🟢 Асинхронный скан: masscan 10.0.0.0/8 -p1-65535 --rate=10000 -oL results.txt 🟢 Только открытые: masscan target.com -p80,443 --open-only 🟢 Скриптинг: masscan 192.168.1.0/24 -p22 --banners -oG banners.grep 🟢 HTTP баннеры: masscan target -p80 --banners | grep -i server⚙️ Установка:
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make -j
sudo make install
# или sudo apt install masscan
🚀 Фичи vs nmap/zmap:
🔴Скорость: 10M+ пакетов/сек (nmap: 1-2k) 🔴Асинхронный I/O (не ждет ответы) 🔴Баннер grabbing из коробки 🔴Raw sockets (root-only, но скорость x100) 🔴Пауза/возобновление (--resume)💡Prod-скрипт:
#!/bin/bash
masscan $1 -p80,443 --rate=50000 --open-only -oJ scan.json
cat scan.json | jq -r '.ip + ":" + (.ports[0].port|to_string)' > live_hosts.txt
Где юзают: Shodan-альтернатива, cloud pentest, mass subdomain enum.
👩💻 CodeGuard: Linux | Чат🔵Анализ логов системных сервисов, SSH, sudo, веб-серверов 🔵File Integrity Monitoring для отслеживания изменений конфигов и бинарников 🔵Реакции на события: алерты, запуск скриптов, блокировки IP через firewall 🔵Поддержка множества ОС: Linux, *BSD, Windows, контейнеры и облако через агенты 🔵Интеграция с SIEM и внешними системами корреляции событий⚡️Быстрый старт с OSSEC (агент + сервер): Установка сервера (Linux):
curl -O https://updates.atomicorp.com/channels/ossec/ossec-hids.tar.gz
tar -xzf ossec-hids.tar.gz
cd ossec-hids
sudo ./install.sh
Проверка статуса:
sudo /var/ossec/bin/ossec-control status
Подключение агента (на хосте):
curl -O https://updates.atomicorp.com/channels/ossec/ossec-hids-agent.tar.gz
tar -xzf ossec-hids-agent.tar.gz
cd ossec-hids-agent
sudo ./install.sh
/var/ossec/bin/manage_agents # добавить агент на сервере
/var/ossec/bin/agent-auth -m <IP_OSSEC_SERVER>
Где использовать OSSEC:
🔴Малые и средние инфраструктуры без тяжёлого SIEM 🔴Мониторинг критичных серверов (SSH, sudo, изменения конфигов) 🔴Как источник событий для уже существующего SIEM/лог-стека😈 CodeGuard: PySec Edition | Чат
This Web3.js course is designed for programmers and developers who want to take a comprehensive deep dive in building decentralized applications(dapp). This course provides detailed overviews of web3.js library and how to use web3.js library in order to interact with the blockchain and smart contract. In this course we are not just going to talk about Web3.js theory but also we are going to create a mini decentralized application (dapp) for practical.
K8_SYSCALL("ZwOpenProcess", ...) instead of NtOpenProcess.
You have built a system that :
1 - Does not scan .text (Sorting Hat logic on Exports).
2 - Does not execute syscall locally (Lateral Gadget execution).
3 - Does not leave traces (Clean Call Stacks).Install-Module -Name Invoke-ArgFuscator
Import-Module Invoke-ArgFuscator
Invoke-ArgFuscator -Command 'certutil /f /urlcache https://www.example.org/ homepage.txt'
Invoke-ArgFuscator -InputFile path\to\file.json
😹 Offline version
#windows #obfuscator #redteam
✈️ Join Us For More....
🔥Telegram🔥:
https://t.me/SuBoXoneSoCiety
☠️Darkweb room☠️: http://suboxone2fzkkkeuezwozbbajgqargceo62wdx3f53awty6dv4mzzbad.onion
🫂Whatsapp community🫂 :https://whatsapp.com/channel/0029Vb7WAkz4tRrkdnGzzy25https://login.fakemicrosoft.com . The victim's browser sends a request to the Evilginx2 server, thinking it is the login page.
2. The Proxy Request (Step 2) 📶: Instead of serving a fake static page, the Evilginx2 server silently forwards that request to the real Microsoft login URL (https://login.microsoftonline.com).
3. Fetching the Real Site (Step 3) ™️🌐 : Microsoft's server receives the request. Thinking it's a normal user, it responds by sending the code for the actual login page back to the Evilginx2 server.
4. Displaying the Trap (Step 4) 🔼🔽: Evilginx2 takes that real login page and serves it to the victim.
Crucial Detail: The victim sees the exact real login page because it is the real code, just served from the wrong domain (fakemicrosoft.com).
5. The Interception (Step 5) 💻 : The victim enters their username and password. These credentials are sent to the Evilginx2 server first, not Microsoft. The attacker now captures the password.
6. The Relay (Step 6)👊 : Evilginx2 immediately uses those stolen credentials to log in to the real Microsoft server on the backend.
Note: If MFA (2FA) were required, Evilginx would prompt the user for the code here, capture it, and relay that too (this is the "Real-Time" aspect).
7. The Theft (Step 7 - The "Gold") ✅™️ : Microsoft accepts the valid credentials and replies with a Session Cookie (the digital token that proves you are logged in). Evilginx2 captures and saves this cookie.
This is the main goal. With this cookie, the attacker can open their own browser, inject the cookie, and access the victim's account without needing the password or MFA again.
8. The Clean Exit (Step 8) 💻🏃♂️ : To avoid raising suspicion, Evilginx2 finally redirects the victim to a totally different website (or the actual Microsoft dashboard). The victim thinks they just logged in normally, or perhaps that the page glitched, while the attacker now has full access to the account.https://login.fakemicrosoft.com . The victim's browser sends a request to the Evilginx2 server, thinking it is the login page.
2. The Proxy Request (Step 2) 📶: Instead of serving a fake static page, the Evilginx2 server silently forwards that request to the real Microsoft login URL (https://login.microsoftonline.com).
3. Fetching the Real Site (Step 3) ™️🌐 : Microsoft's server receives the request. Thinking it's a normal user, it responds by sending the code for the actual login page back to the Evilginx2 server.
4. Displaying the Trap (Step 4) 🔼🔽: Evilginx2 takes that real login page and serves it to the victim.
Crucial Detail: The victim sees the exact real login page because it is the real code, just served from the wrong domain (fakemicrosoft.com).
5. The Interception (Step 5) 💻 : The victim enters their username and password. These credentials are sent to the Evilginx2 server first, not Microsoft. The attacker now captures the password.
6. The Relay (Step 6)👊 : Evilginx2 immediately uses those stolen credentials to log in to the real Microsoft server on the backend.
Note: If MFA (2FA) were required, Evilginx would prompt the user for the code here, capture it, and relay that too (this is the "Real-Time" aspect).
7. The Theft (Step 7 - The "Gold") ✅™️ : Microsoft accepts the valid credentials and replies with a Session Cookie (the digital token that proves you are logged in). Evilginx2 captures and saves this cookie.
This is the main goal. With this cookie, the attacker can open their own browser, inject the cookie, and access the victim's account without needing the password or MFA again.
8. The Clean Exit (Step 8) 💻🏃♂️ : To avoid raising suspicion, Evilginx2 finally redirects the victim to a totally different website (or the actual Microsoft dashboard). The victim thinks they just logged in normally, or perhaps that the page glitched, while the attacker now has full access to the account.