SecList for CyberStudents
@SecListForCyberStudents
240 subscribers
590 photos
24 videos
211 files
901 links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
240 subscribers
SecList for CyberStudents
РОЗЫСК В TELEGRAM.pdf
5.4 MB
115 views
SecList for CyberStudents
Bitrix excel RCE

Описание уязвимости

21 марта стало известно о новой RCE уязвимости в модулях Bitrix. (BDU:2025-03006) В этот раз под раздачу попали плагины “Экспорт/Импорт товаров в Excel”. Уязвимость оценили на 8.8/10 баллов по CVSS 3.0.

Причем RCE подвержены сразу 6 модулей, а именно:

1. Импорт из Excel – версии от 2.4.7 до 2.8.9…

https://cybersec.org/blog/hack/bitrix-excel-rce.html
130 viewsedited  
SecList for CyberStudents
SIEM Components

#BlueTeam #SIEM
116 views
SecList for CyberStudents
Forwarded from Kiberxavfsizlik markazi
#css2025 #cknews #redteam

🟦🟦

🦁Cyberkent 3.0: “Red team” saralash bosqichi yakunlandi!

79 ta jamoa o’rtasida bo‘lib o‘tgan bellashuvda final yo'llanmasini qo'lga kiritganlar quyidagicha:

1️⃣ ChiLL Chain
2️⃣ Team1337
3️⃣ AgroSec
4️⃣ Cybernetic
5️⃣ ShadowRise
6️⃣ Old Land Team
7️⃣ NovaPulse
8️⃣ sudo CRY
9️⃣ dreamteam
1️⃣0️⃣ LynuxSec

Mazkur jamoalarni tabriklaymiz!

📈Saralashdan o’tgan jamoalar joriy yilning 7-8 oktabr kunlari bo’lib o’tadigan "CYBERKENT 3.0" Red team finalida o'zaro kuch sinashadi.

🌐Website | 📝Telegram | 🌐Facebook | 📹Youtube
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2🔥1
81 views
SecList for CyberStudents
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

https://github.com/Yamato-Security/hayabusa


#BlueTeam #DFIR
137 views
SecList for CyberStudents
https://github.com/Sh3n0bi/NetForensicAI
GitHub
GitHub - Sh3n0bi/NetForensicAI: NetForensicAI is a Python tool for PCAP analysis, using AI to extract files (PDFs, PNGs), detect…
NetForensicAI is a Python tool for PCAP analysis, using AI to extract files (PDFs, PNGs), detect anomalies, and check threats via VirusTotal. With deep packet inspection and a Plotly Dash dashboard...
111 viewsedited  
SecList for CyberStudents
Forwarded from Brut Security
S3Scan - A powerful S3 bucket security scanner designed for penetration testing and bug bounty hunting. This tool automatically detects misconfigurations and security vulnerabilities in AWS S3 buckets.

https://github.com/KingOfBugbounty/s3tk
98 views
SecList for CyberStudents
Forwarded from KazHackStan
🔴 Red Team – team1337

team1337 — команда, представляющая киберсообщество, объединённое общим интересом к информационной безопасности и наступательным практикам.

Для участников команды важны не только соревнования, но и вклад в развитие комьюнити: обмен знаниями, совместные проекты и повышение уровня экспертизы в сфере кибербезопасности.

📅 17–19 сентября
📍 Алматы | Sadu Arena

#KazHackStan #CyberKumbez #RedTeam
🔥5
78 views
SecList for CyberStudents
https://www.straiker.ai/blog/cyberspike-villager-cobalt-strike-ai-native-successor
www.straiker.ai
Cyberspike Villager – Cobalt Strike’s AI-native Successor | Straiker
Straiker uncovers Villager, a Chinese-based pentesting framework that acts as an AI-powered framework in the style of Cobalt Strike, automating hacking and lowering the barrier for global attackers.
98 views
SecList for CyberStudents
https://github.com/cc1a2b/JShunter
GitHub
GitHub - cc1a2b/JShunter: jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This…
jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security v...
125 views
SecList for CyberStudents
Forwarded from Kiberxavfsizlik markazi
#css2025 #cknews #blueteam

🟦🟦

🦁Cyberkent 3.0: “Blue team” saralash bosqichi yakunlandi!

81 ta jamoa o’rtasida bo‘lib o‘tgan bellashuvda final yo'llanmasini qo'lga kiritganlar quyidagicha:

1️⃣ ShadowGuard
2️⃣ shaptoli
3️⃣ CyberShadow
4️⃣ Depth Divers
5️⃣ CyberFort Alliiance
6️⃣ AntiAttack
7️⃣ LegionSec
8️⃣ T3amC0m
9️⃣ IYB
1️⃣0️⃣ BeSecure

Mazkur jamoalarni tabriklaymiz!

📈Saralashdan o’tgan jamoalar joriy yilning 7-8 oktabr kunlari bo’lib o’tadigan "CYBERKENT 3.0" Blue team finalida o'zaro kuch sinashadi.

🌐Website | 📝Telegram | 🌐Facebook | 📹Youtube
Please open Telegram to view this post
VIEW IN TELEGRAM
82 views
SecList for CyberStudents
Kiberxavfsizlik markazi
#css2025 #cknews #blueteam 🟦🟦 🦁Cyberkent 3.0: “Blue team” saralash bosqichi yakunlandi! 81 ta jamoa o’rtasida bo‘lib o‘tgan bellashuvda final yo'llanmasini qo'lga kiritganlar quyidagicha: 1️⃣ ShadowGuard 2️⃣ shaptoli 3️⃣ CyberShadow 4️⃣ Depth Divers…
Team shaptoli🔥 We did it thanks for team members. Inshaallah, we will take first place in the final.
👏4🔥2
122 views
SecList for CyberStudents
Forwarded from Proxy Bar
CVE-2025-24813
*
Tomcat RCE - POC exploit
98 views
SecList for CyberStudents
Forwarded from KazHackStan
Сегодня арена кипела от напряжения! 🔥

Завершился первый день битвы, и команды показали, на что они способны в условиях реального кибер-боя.

🏆 Топ-5 команд дня:

1️⃣ FR13NDS TEAM - 11 500
2️⃣ DD0ST4R - 8 100
3️⃣ Em1x - 6 750
4️⃣ SPACE - 6 580
5️⃣ team1337 - 6 537

Red vs Blue продолжается.
Завтра ставки ещё выше, а битва за лидерство только накаляется! ⚡️⚡️⚡️
🔥5
121 views
SecList for CyberStudents
image_2025-09-18_22-38-00.png
391.8 KB
image_2025-09-18_22-38-00.png
138.4 KB
https://wordlists-cdn.assetnote.io/data/automated/

#Wordlist #fuzz #API
124 viewsedited  
SecList for CyberStudents
Forwarded from s0ld13r ch. (s0ld13r)
LSASS Dump over WMI 🤩

Давайте немного о OS Credential Dumping. Ресерчеры из SpecterOps показали инструмент для дампа кредов из памяти процесса LSASS через протокол WMI 🕺

В чем фича кэп? Нет взаимодействия с классом Win32_Process который палит любой приличный EDR - стильно, модно, молодежно!

🛡 Detection

event.code: 11 and file.path: *Windows\\Temp* and file.extension: dmp


Создание .dmp файла в Temp директории Windows

event.code: 5145 and winlog.event_data.ShareName: *.dmp


Эксфильтрация дампа через SMB шару

💻 Repo: https://github.com/0xthirteen/WMI_Proc_Dump

📖 Research: https://specterops.io/blog/2025/09/18/more-fun-with-wmi/

🧢 s0ld13r
Please open Telegram to view this post
VIEW IN TELEGRAM
103 views
SecList for CyberStudents
Forwarded from Whitehat Lab
🔄💻ApacheTomcatScanner v3.8.0

Узкоспециализированный инструмент написанный на 💻 python для поиска уязвимостей веб-сервера Apache Tomcat

Установка:

sudo python3 -m pip install apachetomcatscanner


Запуск:

ApacheTomcatScanner -tt 172.16.0.10 -tp - —-list-cves


▪️ Проверка доступности
▪️ Многопоточность
▪️ Проверка стандартных УД
▪️ Определение версии
▪️ Список уязвимостей и CVE
▪️ Поддержка прокси
▪️ Экспорт в xlsx, json, sqlite

💻 Repo

#tomcat #apache #apachetomcatscanner #soft #python

✈️ Whitehat Lab 💬Chat
Please open Telegram to view this post
VIEW IN TELEGRAM
93 views
SecList for CyberStudents
https://github.com/Abyss-W4tcher/volatility3-symbols/
GitHub
GitHub - Abyss-W4tcher/volatility3-symbols: Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable…
Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍 - Abyss-W4tcher/volatility3-symbols
126 views
SecList for CyberStudents
https://mahmoud-shaker.gitbook.io/dfir-notes/linux-forensics
mahmoud-shaker.gitbook.io
Linux Memory Forensics | DFIR-Notes
Linux memory forensics plays a vital role in incident response and digital forensics. Here are the primary purposes and benefits
132 views