SecList for CyberStudents – Telegram

SecList for CyberStudents

@SecListForCyberStudents

240 subscribers

590 photos

24 videos

211 files

901 links

Think outside the box

Download Telegram

About

Blog

Apps

Platform

SecList for CyberStudents

240 subscribers

SecList for CyberStudents

image_2025-09-18_22-38-00.png

image_2025-09-18_22-38-00.png

https://wordlists-cdn.assetnote.io/data/automated/

#Wordlist #fuzz #API

124 viewsedited 17:38

SecList for CyberStudents

Forwarded from s0ld13r ch. (s0ld13r)

LSASS Dump over WMI

🤩

Давайте немного о OS Credential Dumping. Ресерчеры из SpecterOps показали инструмент для дампа кредов из памяти процесса LSASS через протокол WMI 🕺

В чем фича кэп? Нет взаимодействия с классом Win32_Process который палит любой приличный EDR - стильно, модно, молодежно!

🛡 Detection

event.code: 11 and file.path: *Windows\\Temp* and file.extension: dmp

Создание .dmp файла в Temp директории Windows

event.code: 5145 and winlog.event_data.ShareName: *.dmp

Эксфильтрация дампа через SMB шару

💻 Repo: https://github.com/0xthirteen/WMI_Proc_Dump

📖 Research: https://specterops.io/blog/2025/09/18/more-fun-with-wmi/

🧢

Please open Telegram to view this post

VIEW IN TELEGRAM

103 views03:53

SecList for CyberStudents

Forwarded from Whitehat Lab

🔄

💻

ApacheTomcatScanner v3.8.0

Узкоспециализированный инструмент написанный на 💻 python для поиска уязвимостей веб-сервера Apache Tomcat

Установка:

sudo python3 -m pip install apachetomcatscanner

Запуск:

ApacheTomcatScanner -tt 172.16.0.10 -tp - —-list-cves

▪️ Проверка доступности
▪️ Многопоточность
▪️ Проверка стандартных УД
▪️ Определение версии
▪️ Список уязвимостей и CVE
▪️ Поддержка прокси
▪️ Экспорт в xlsx, json, sqlite

💻

Repo

#tomcat #apache #apachetomcatscanner #soft #python

✈️

💬

Please open Telegram to view this post

VIEW IN TELEGRAM

93 views08:50

SecList for CyberStudents

https://github.com/Abyss-W4tcher/volatility3-symbols/

GitHub - Abyss-W4tcher/volatility3-symbols: Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable…

Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍 - Abyss-W4tcher/volatility3-symbols

126 views09:01

SecList for CyberStudents

https://mahmoud-shaker.gitbook.io/dfir-notes/linux-forensics

mahmoud-shaker.gitbook.io

Linux Memory Forensics | DFIR-Notes

Linux memory forensics plays a vital role in incident response and digital forensics. Here are the primary purposes and benefits

132 views09:23

SecList for CyberStudents

#HTB #Holms #CTF #shaptoli

🔥8

140 views11:06

SecList for CyberStudents

https://www.a2secure.com/blog-en/how-to-use-responder-to-capture-netntlm-and-grab-a-shell/

How to use Responder to capture NetNTLM and grab a shell - A2Secure

Capture NTLM Hash in a local network

115 views07:24

SecList for CyberStudents

Forwarded from Life-Hack - Хакер

Phpsploit

#C2 #pentest #web

Мощный C2 фреймворк для пост-эксплуатации веб-приложений на PHP. Позволяет загружать и выполнять произвольный PHP-код на целевой системе, поддерживает интерактивную командную строку и шифрование трафика. Имеются встроенные модули для сканирования и эксплуатации, а также есть возможность написания собственных плагинов на Python. Работает на Linux, Windows и macOS.

🔗 Ссылка на GitHub

LH | News | OSINT | AI

Please open Telegram to view this post

VIEW IN TELEGRAM

125 views08:28

SecList for CyberStudents

SauronEye is a search tool built to aid red teams in finding files containing specific keywords.

https://github.com/vivami/SauronEye

#RedTeam

131 viewsedited 06:19

SecList for CyberStudents

😁1😭1

143 views06:27

SecList for CyberStudents

image_2025-09-28_10-33-07.png

This PowerShell function searches Active Directory user objects for clear-text information (such as passwords or sensitive strings)

Function SearchUserClearTextInformation
{
    Param (
        [Parameter(Mandatory=$true)]
        [Array] $Terms,

        [Parameter(Mandatory=$false)]
        [String] $Domain
    )

    if ([string]::IsNullOrEmpty($Domain)) {
        $dc = (Get-ADDomain).RIDMaster
    } else {
        $dc = (Get-ADDomain $Domain).RIDMaster
    }

    $list = @()

    foreach ($t in $Terms)
    {
        $list += "(`$_.Description -like `"*$t*`")"
        $list += "(`$_.Info -like `"*$t*`")"
    }

    Get-ADUser -Filter * -Server $dc -Properties Enabled,Description,Info,PasswordNeverExpires,PasswordLastSet |
        Where { Invoke-Expression ($list -join ' -OR ') } | 
        Select SamAccountName,Enabled,Description,Info,PasswordNeverExpires,PasswordLastSet | 
        fl
}

#RedTeam #Creds_Hunting

131 viewsedited 05:33

SecList for CyberStudents

https://www.youtube.com/watch?v=PUyhlN-E5MU

t120 Attacking Microsoft Kerberos Kicking the Guard Dog of Hades Tim Medin

These are the videos from DerbyCon 4:
https://www.irongeek.com/i.php?page=videos/derbycon4/mainlist

119 views12:04

SecList for CyberStudents

Forwarded from Proxy Bar

CVE-2025-32463 sudo
chwoot chwoot
Если честно, то я не много не понял чего CISO, да и остальные так возбудились. Дырке 2 месяца, POC 2 месяца. Да и мы тут писали\линковали уже.
Ну ладно, пусть будет.
А, ну разве что под самую свежую суду работает

sudo -V
Sudo версии 1.9.17p1
Модуль политики sudoers версии 1.9.17p1
Файл грамматики sudoers версии 50
Sudoers I/O plugin version 1.9.17p1
Sudoers audit plugin version 1.9.17p1

EXPLOIT

#linux #sudo #lpe

107 views08:24

SecList for CyberStudents

Forwarded from Cat Seclist

Practical Purple Teaming

The Art of Collaborative Defense

❤1🔥1

107 views19:24

SecList for CyberStudents

Forwarded from Cat Seclist

Practical_Purple_Teaming_The_Art_of_Collaborative_Defense_Practical.pdf

108 views19:24

SecList for CyberStudents

https://github.com/benjqminn/benjqminn.github.io/blob/main/holmes-ctf/index.md

benjqminn.github.io/holmes-ctf/index.md at main · benjqminn/benjqminn.github.io

Personal website for ITIS-3135 course. Contribute to benjqminn/benjqminn.github.io development by creating an account on GitHub.

110 views07:29

SecList for CyberStudents

https://github.com/MrTurvey/flareprox

GitHub - MrTurvey/flareprox: Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox - MrTurvey/flareprox

100 views06:53

SecList for CyberStudents

https://github.com/k8gege/Ladon

GitHub - k8gege/Ladon: Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShel…

Ladon大型内网渗透扫描器，PowerShell、Cobalt Strike插件、内存加载、无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。网络资产探测32种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exc...

107 views10:35

SecList for CyberStudents

Forwarded from Turan Security

Flagshare - TuranSec (Shaptoli) jamosining kichik guruhi Qirg'iziston, Bishkek shahrida o'tkazilgan Cyber Ordo CTF musobaqasida 1-o'rinni qo'lga kiritdi, musobaqa Cyber Kün 2025 xalqaro konferensiyasi doirasida bo'lib o'tdi.

Junior jamoamizni birinchi xalqaro yutug'i bilan tabriklaymiz🔥

______

Our team Flagshare - junior branch of TuranSec (Shaptoli) took 1st place at Cyber Ordo part of Cyber Kün 2025 international conference which organized at Bishkek, Kyrgyzstan.

We congratulate them with first international win🔥

@TuranSecurity | www.turansec.uz

❤2

83 views03:48

SecList for CyberStudents

Congratulations, my friends. May you achieve even greater results in the future, Insha'Allah. 🔥🔥🔥

Shaptoli is family, not a team❤️

❤5

118 viewsedited 03:50