Forwarded from AUT Career Centre
🚀 Penetration Tester Intern
📍 Location: Tashkent (onsite)
⏳ Work Schedule: Full-time
🔹 About Us:
Turan Security is a top cybersecurity company in Uzbekistan with proven expertise.
🔍 Responsibilities:
🛠 Assist in manual & automated testing of web apps and systems.
📝 Help draft reports on vulnerabilities.
✅ Requirements:
🔹 Basic knowledge of network, API & web app pentesting.
🔹 Understanding of OWASP Top 10 & mitigation strategies.
🔹 Experience in any programming language.
🔹 Linux proficiency & strong networking/HTTP knowledge.
🌟 Preferred:
🏆 CTF experience, 🎓 security certifications (eJPT, CAPen, etc.), 👨💻 developer background, or bug bounty results.
💡 Why TuranSec?
🔥 Real-world project experience.
👥 Work with experts.
💰 Paid internship.
📩Send your CV to @turan_admin
📍 Location: Tashkent (onsite)
⏳ Work Schedule: Full-time
🔹 About Us:
Turan Security is a top cybersecurity company in Uzbekistan with proven expertise.
🔍 Responsibilities:
🛠 Assist in manual & automated testing of web apps and systems.
📝 Help draft reports on vulnerabilities.
✅ Requirements:
🔹 Basic knowledge of network, API & web app pentesting.
🔹 Understanding of OWASP Top 10 & mitigation strategies.
🔹 Experience in any programming language.
🔹 Linux proficiency & strong networking/HTTP knowledge.
🌟 Preferred:
🏆 CTF experience, 🎓 security certifications (eJPT, CAPen, etc.), 👨💻 developer background, or bug bounty results.
💡 Why TuranSec?
🔥 Real-world project experience.
👥 Work with experts.
💰 Paid internship.
📩Send your CV to @turan_admin
🔥3👍1
Bularni olish katta narsa bizda
pwn.college ga kam kiryabman, motiv bo'lsin deb qo'ydim ohiri.
keyinroq tushuntirib beraman.
pwn.college ga kam kiryabman, motiv bo'lsin deb qo'ydim ohiri.
keyinroq tushuntirib beraman.
🔥3
AppSec Guy
Bularni olish katta narsa bizda pwn.college ga kam kiryabman, motiv bo'lsin deb qo'ydim ohiri. keyinroq tushuntirib beraman.
pwn.college kiber xavfsizlikni 0 dan pastga qarab o'rgatadi.
Nimaga tepagamas?)
Uyog'dagi darslar Low level securityga qaratilgan. Boshida boshqa mavzular bor lekin kernel exploitationgacha olib boradi ohirada baribir. Platformada hamma narsani Dojo deymiz, Dojo VNC, Dojo challenge, etc.
Rank oshgan xakerlarga belbog' beriladi karatedagi ranklarga o'xshab. Eng katta belbog'ni Blue belt deyishadi. Blue beltgacha borganlar OSEEga o'xshab kernel exploitationgacha yetib borgan bo'ladi, shunga Blue belt olish katta "Honor".
Yana platforma Arizona state universityga qarashli, hamma darslar tekin. Zo'r tomoni ichida HTBga o'xshab Pwnbox bor brauzer ichida sistema VNC bilan, VS codeniyam ochib berishgan tekinga brauzerdan.
Bu OST2 dan keyin aytiladigan eng zo'r platforma Binary exploitation o'rgangani tekinga.
Buni bizda hechkim eshitmagan adashmasam, kimdur Binary exploitationga kiraman desa shu postlar foyda berib qoladi biror kun. Rasmda sariq bilan ko'k belt turibdi, Ko'k belt rank olganlarga yetkizib berishadi. Menam birorkun post qo'yarman yetib keldi deb.
Nimaga tepagamas?)
Uyog'dagi darslar Low level securityga qaratilgan. Boshida boshqa mavzular bor lekin kernel exploitationgacha olib boradi ohirada baribir. Platformada hamma narsani Dojo deymiz, Dojo VNC, Dojo challenge, etc.
Rank oshgan xakerlarga belbog' beriladi karatedagi ranklarga o'xshab. Eng katta belbog'ni Blue belt deyishadi. Blue beltgacha borganlar OSEEga o'xshab kernel exploitationgacha yetib borgan bo'ladi, shunga Blue belt olish katta "Honor".
Yana platforma Arizona state universityga qarashli, hamma darslar tekin. Zo'r tomoni ichida HTBga o'xshab Pwnbox bor brauzer ichida sistema VNC bilan, VS codeniyam ochib berishgan tekinga brauzerdan.
Bu OST2 dan keyin aytiladigan eng zo'r platforma Binary exploitation o'rgangani tekinga.
Buni bizda hechkim eshitmagan adashmasam, kimdur Binary exploitationga kiraman desa shu postlar foyda berib qoladi biror kun. Rasmda sariq bilan ko'k belt turibdi, Ko'k belt rank olganlarga yetkizib berishadi. Menam birorkun post qo'yarman yetib keldi deb.
👍6🔥2😢1
handoff.py
5.2 KB
Exploit deyarli 200 qator, lekin baribir foydasi yo'q, ishlamaydi)
Ishlamaydigan exploitniyam foydasi tegadi bazida, template qilib ishlatsak bo'ladi. Masalan, debuggerni ichida exploit ishlatish kerakmi?
GDB funksiya qayerdan keldi? - pwntools ichidan:
Unda p nima?
- p bu binary process:
Hullas exploitni debuggerni ichida ishlatgani binaryni debugger ichida ishga tushirib bitta-ikkita breakpoint qo'yamiz bo'ldi.
Yana kodni ichida bitta-ikkita narsalar bor, kurslarda o'rgatilmaydi adashmasam. Masalan one-gadget:
One gadget ret2system ni oson usuli, hozircha adashmasam libc.6 ga ishlaydi faqat.
Qanaqa ishlaydi?
Oddiy ret2systemda syscall bilan kerneldan system() functionga /bin/bash argument berib, RDIni stackga qo'yib /bin/bashni RDI ga ga qo'yish o'rniga oddiy tayyor ichida /bin/bash argumenti bor system() funskiya addresini beramiz, borib shell qaytaradi.
Menga o'xshab 64 bitda stack alignmentni deb 1 hafta bosh ushlab o'tirib ROP yasolmasdan RDIni pop qilolmasdan oddiy taskni ishlolmagandan ko'ra easy bu bitta address bilan shell olish))
Yana exploitda bitta 64 bitlik addressni little endianga 3-4 xil usul bilan o'tkazish ko'rsatilgan masalan struct kutubxonasi bilan:
Yana boshqa yo'llari pwntoolsni o'zini ishlatish bularam kodda ko'rsatilgan.
Yana ropnop ko'rsatilgan stack alignmentni oldini olgani, ropnop nima? Taxminan shunaqa:
Oddiy return instruction halosmi? RIP ga yoki EIP ga ret berganimizda shu instructionga borib ishga tushirib yana qaytib keladi, hechnarsa ishga tushmaydi rsp dan qaytadigan joy o'zgaradi bo'ldi, bunaqa qilishdan maqsad Stackni boshqarish keyingi biz beradigan instructionlarni xatosiz ishga tushirgani.
Adashmasam pop, pop, ret texnikayam ishlatgandim, buni mentorim Windowsda ishlatasan deb o'rgatgan, Linuxda ishlattim ayniqsa boshqa yo'li bilan) ko'rsa mendan rozi bo'lmasa kerak)) hullas kodda pop, pop, ret ni bitta ikkita pointerni null qilgani ishlatganman) darsda stack pivotinga ishlatasan deb o'rgatishgandi.
Shu bilan stack toza keyin instructionlarga.
Qiziq joyi addressni Base 16 dan integer qilib olyabman, hisob kitobda integer ketaveradi, Little endian address o'tkizgani pwntools, struct hammasi o'zi biladi hexga o'tkazishni. Shunda hisoblash xatosiz bo'ladi.
Qolgani oddiy catch/shoot narsalar pwntoolsdan)
Ishlamaydigan exploitniyam foydasi tegadi bazida, template qilib ishlatsak bo'ladi. Masalan, debuggerni ichida exploit ishlatish kerakmi?
gdbcommand = """
b *0x4013e8
"""
gdb.attach(p, gdbscript=gdbcommand)
GDB funksiya qayerdan keldi? - pwntools ichidan:
from pwn import *
Unda p nima?
- p bu binary process:
p = process("./binary")Hullas exploitni debuggerni ichida ishlatgani binaryni debugger ichida ishga tushirib bitta-ikkita breakpoint qo'yamiz bo'ldi.
Yana kodni ichida bitta-ikkita narsalar bor, kurslarda o'rgatilmaydi adashmasam. Masalan one-gadget:
oneg_offset = 0xdd063 # 0xdd063 execve("/bin/sh", rbp-0x40, r13)
oneg_addr = struct.pack("Q", libc_addr + oneg_offset)
oneg_addr = struct.pack("Q", 0x7ffff7e8f063)One gadget ret2system ni oson usuli, hozircha adashmasam libc.6 ga ishlaydi faqat.
Qanaqa ishlaydi?
Oddiy ret2systemda syscall bilan kerneldan system() functionga /bin/bash argument berib, RDIni stackga qo'yib /bin/bashni RDI ga ga qo'yish o'rniga oddiy tayyor ichida /bin/bash argumenti bor system() funskiya addresini beramiz, borib shell qaytaradi.
Menga o'xshab 64 bitda stack alignmentni deb 1 hafta bosh ushlab o'tirib ROP yasolmasdan RDIni pop qilolmasdan oddiy taskni ishlolmagandan ko'ra easy bu bitta address bilan shell olish))
Yana exploitda bitta 64 bitlik addressni little endianga 3-4 xil usul bilan o'tkazish ko'rsatilgan masalan struct kutubxonasi bilan:
import struct
address = struct.pack("<Q", 0x12345) # oddiy Q qilsayam ishlaydi
Yana boshqa yo'llari pwntoolsni o'zini ishlatish bularam kodda ko'rsatilgan.
Yana ropnop ko'rsatilgan stack alignmentni oldini olgani, ropnop nima? Taxminan shunaqa:
ret;
Oddiy return instruction halosmi? RIP ga yoki EIP ga ret berganimizda shu instructionga borib ishga tushirib yana qaytib keladi, hechnarsa ishga tushmaydi rsp dan qaytadigan joy o'zgaradi bo'ldi, bunaqa qilishdan maqsad Stackni boshqarish keyingi biz beradigan instructionlarni xatosiz ishga tushirgani.
Adashmasam pop, pop, ret texnikayam ishlatgandim, buni mentorim Windowsda ishlatasan deb o'rgatgan, Linuxda ishlattim ayniqsa boshqa yo'li bilan) ko'rsa mendan rozi bo'lmasa kerak)) hullas kodda pop, pop, ret ni bitta ikkita pointerni null qilgani ishlatganman) darsda stack pivotinga ishlatasan deb o'rgatishgandi.
# birinchi pop qilaman rbx, rbp ni keyin 0x00 beraman:
#mew_payload += struct.pack('<Q',0x0) # Dummy value for rbx
#mew_payload += struct.pack('<Q',0x0) # Dummy value for rbp
Shu bilan stack toza keyin instructionlarga.
Qiziq joyi addressni Base 16 dan integer qilib olyabman, hisob kitobda integer ketaveradi, Little endian address o'tkizgani pwntools, struct hammasi o'zi biladi hexga o'tkazishni. Shunda hisoblash xatosiz bo'ladi.
Qolgani oddiy catch/shoot narsalar pwntoolsdan)
🔥6
Forwarded from Mobile AppSec World (Yury Shabalin)
Жизненный цикл Activity в Android
Ну а пока iOS-приложения не скачиваются, можно поизучать детальнее Android ;)
И у ребят из k8s как раз есть отличная статья про Activity Lifecycle. Какие есть состояния, какая логика перехода между ними, какие атаки есть на Activity и т.д.
Очень полезный материал, который поможет лучше узнать, как работают приложения внутри, а без этого понимания очень сложно их ломать и что-то придумывать :)
Хороших всем выходных!
#Android #activity
Ну а пока iOS-приложения не скачиваются, можно поизучать детальнее Android ;)
И у ребят из k8s как раз есть отличная статья про Activity Lifecycle. Какие есть состояния, какая логика перехода между ними, какие атаки есть на Activity и т.д.
Очень полезный материал, который поможет лучше узнать, как работают приложения внутри, а без этого понимания очень сложно их ломать и что-то придумывать :)
Хороших всем выходных!
#Android #activity
Session Token Security: Local Storage vs. Cookies
https://www.linkedin.com/pulse/session-token-security-local-storage-vs-cookies-florian-walter-hhnyf
https://www.linkedin.com/pulse/session-token-security-local-storage-vs-cookies-florian-walter-hhnyf
👍3
CVE yoki CWE dasturlari tugatilishi yaxshigina impact ko'rsatadi, AppSecga ayniqsa.
Yangi chiqqan vulnerability lar track qilinib unga raqami berilmaydi, masalan CVE-2025-12345 qilib. O'zi bundan muammo yo'qqa o'xshaydi Shaptolini shu versiyasida ATO deb yozib ketaveramiz vulnerability nomini, lekin baribir confusion bo'ladi.
Impact to'g'ridan-tog'ri bizga bilinmaydi, bundan ko'proq U.S. foydalanadi o'zini assetlarida.
Yana CVE database bilan ishlaydigan Vulnerability Scanner lar ancha qiynaladi.
Lekin CWE tugatilishi katta "chaos" bo'lsa kerak) OWASP faqat 10 ta vulnerability type ko'rsatadi, vulnerability ni mana shu deb ko'rsatgani CWE yaxshi.
Hullas bu framework bilan standartlar edi dunyo shunga qarab ish qiladigan, endi aniq narsa bo'lmasa tartibsizlik bo'ladi.
P.S. CVE assignment yoniq qolarkan)
@AppSec_guy
Yangi chiqqan vulnerability lar track qilinib unga raqami berilmaydi, masalan CVE-2025-12345 qilib. O'zi bundan muammo yo'qqa o'xshaydi Shaptolini shu versiyasida ATO deb yozib ketaveramiz vulnerability nomini, lekin baribir confusion bo'ladi.
Impact to'g'ridan-tog'ri bizga bilinmaydi, bundan ko'proq U.S. foydalanadi o'zini assetlarida.
Yana CVE database bilan ishlaydigan Vulnerability Scanner lar ancha qiynaladi.
Lekin CWE tugatilishi katta "chaos" bo'lsa kerak) OWASP faqat 10 ta vulnerability type ko'rsatadi, vulnerability ni mana shu deb ko'rsatgani CWE yaxshi.
Hullas bu framework bilan standartlar edi dunyo shunga qarab ish qiladigan, endi aniq narsa bo'lmasa tartibsizlik bo'ladi.
P.S. CVE assignment yoniq qolarkan)
@AppSec_guy
👍3🔥1
Steamda Stack based Buffer overflow
DEP +
ASRL +
Canary - no way lol)
https://hackerone.com/reports/470520
DEP +
ASRL +
Canary - no way lol)
https://hackerone.com/reports/470520
HackerOne
Valve disclosed on HackerOne: RCE on Steam Client via buffer...
## Introduction
In Steam and other valve games (CSGO, Half-Life, TF2) there is a functionality to find game servers called the server browser. In order to retrieve the information about these...
In Steam and other valve games (CSGO, Half-Life, TF2) there is a functionality to find game servers called the server browser. In order to retrieve the information about these...
🔥2
🔥6
Forwarded from Turan Security
Task ishlab bo'lindi, yechimga qiziqqanlar uchun writeup publish qildik.
https://github.com/turan-sec/DVAW/blob/main/writeup.md
https://github.com/turan-sec/DVAW/blob/main/writeup.md
Forwarded from The Hacker News
Iran-linked hackers are spying on Kurdish & Iraqi officials using custom malware.
The group BladedFeline breached:
• KRG diplomats
• Iraq gov networks
• Uzbekistan telecom
Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.
🕵️♂️ Full story → https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
The group BladedFeline breached:
• KRG diplomats
• Iraq gov networks
• Uzbekistan telecom
Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.
🕵️♂️ Full story → https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
🔥2👀2😁1