SecList for CyberStudents
@SecListForCyberStudents
240 subscribers
584 photos
23 videos
211 files
897 links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
240 subscribers
SecList for CyberStudents
https://bloodhound.specterops.io/resources/edges/sql-admin
SpecterOps
SQLAdmin - SpecterOps
The user is a SQL admin on the target computer
102 views
SecList for CyberStudents
https://github.com/SnaffCon/Snaffler
GitHub
GitHub - SnaffCon/Snaffler: a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax…
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax ) - SnaffCon/Snaffler
100 views
SecList for CyberStudents
https://github.com/NetSPI/PowerUpSQL/
GitHub
GitHub - NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server - NetSPI/PowerUpSQL
112 views
SecList for CyberStudents
Forwarded from Suhayl.log
https://chrismcmstone.github.io/wifi-learner/


Wifi hujumlarini o'rganmoqchilarga
wifi-learner
State Machine Learning of WiFi 4-Way Handshake Implementations
A tool to infer the security handshake state machine of a given WiFi router. Useful for vulnerability analysis
92 views
SecList for CyberStudents
https://github.com/B1ack4sh/Blackash-CVE-2025-41115
GitHub
GitHub - Ashwesker/Ashwesker-CVE-2025-41115: CVE-2025-41115
CVE-2025-41115. Contribute to Ashwesker/Ashwesker-CVE-2025-41115 development by creating an account on GitHub.
96 views
SecList for CyberStudents
Black Friday at Tryhackme. Get a 1-year premium subscription from Tryhackme at a 40% discount and you'll definitely get great results. An investment in education is an investment in the future!

#Tryhackme #BlackFriday
93 views
SecList for CyberStudents
https://posts.slayerlabs.com/double-hop/

#DoubleHop
88 viewsedited  
SecList for CyberStudents
Forwarded from Suhayl.log
Blue teamni o'rganmoqchi bo'lganlar uchun TryHackMe SOC1 dan boshlanglar
albatta keyin SOC2
undan tashqari BTL1 sertifikatiga topshirishni mahlahat beraman (SOC1 da o'rgangan bilimlar va tajriba bilan topshirsa bo'ladi)
Keyingi qadam BTL2 faqat bu 2500$ maslahatim keyin hackthebox da Blueteam pathni qilib chiqish kerak
73 views
SecList for CyberStudents
https://tryhackme.com/path/outline/webappredteaming

New learnig path Web App Red Teaming by Tryhackme

#Web #Pentest #Tryhackme
1
72 views
SecList for CyberStudents
https://netwrix.com/en/cybersecurity-glossary/cyber-security-attacks/dcshadow-attack/
Netwrix
What Is a DCShadow Attack? Techniques, Risks & Defense | Netwrix
Learn how a DCShadow attack works, with focus on impact, detection, prevention and future trends.
67 views
SecList for CyberStudents
https://www.crowdstrike.com/en-us/blog/cve-2020-1472-zerologon-security-advisory/
CrowdStrike.com
Zerologon (CVE-2020-1472): Overview, Exploit Steps and Prevention
Learn everything you need to know about the Microsoft exploit Zerologon, what we believe is the most critical Active Directory vulnerability discovered this year.
68 views
SecList for CyberStudents
https://techcommunity.microsoft.com/blog/microsoft-security-blog/sam-name-impersonation/3042699
TECHCOMMUNITY.MICROSOFT.COM
SAM Name impersonation | Microsoft Community Hub
During the November security update cycle, Microsoft released a patch for two new vulnerabilities, CVE-2021-42287 and CVE-2021-42278. Both vulnerabilities...
75 views
SecList for CyberStudents
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42278

https://github.com/Ridter/noPac

https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
GitHub
GitHub - Ridter/noPac: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user - GitHub - Ridter/noPac: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domai...
75 viewsedited  
SecList for CyberStudents
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2021-42287

https://github.com/cube0x0/noPac

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287
GitHub
GitHub - cube0x0/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - cube0x0/noPac
78 views
SecList for CyberStudents
https://github.com/MatheuZSecurity/Exploit-CVE-2025-24799/blob/main/exploit.py
GitHub
Exploit-CVE-2025-24799/exploit.py at main · MatheuZSecurity/Exploit-CVE-2025-24799
CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection - MatheuZSecurity/Exploit-CVE-2025-24799
80 views
SecList for CyberStudents
https://github.com/dirkjanm/PKINITtools


https://dirkjanm.io/ntlm-relaying-to-ad-certificate-services/

#AD #RedTeam
85 viewsedited  
SecList for CyberStudents
https://github.com/zer1t0/certi
GitHub
GitHub - zer1t0/certi: ADCS abuser
ADCS abuser. Contribute to zer1t0/certi development by creating an account on GitHub.
86 views
SecList for CyberStudents
https://netwrix.com/en/resources/blog/what-is-the-kerberos-pac/
Netwrix
How the Kerberos PAC Works | Netwrix
Understand the role of the Kerberos PAC in identity authentication and learn how it supports secure access and integrity across Active Directory environments.
85 views
SecList for CyberStudents
Forwarded from Social Engineering
👨‍💻 Bitrix Ultimate Pentest Guide.

Автор этого материала собрал очень объемный гайд по пентесту CMS Bitrix, который включает в себя большое кол-во техник и различных методов. Вот содержание:

- Основы битриксологии:
Встроенный WAF;
Многосайтовость.
- Определение версии;
- Множественные эндпоинты для авторизации:
Лайфхак через burp.
- Интересные эндпоинты;
- Content Spoofing;
- Account Enumeration;
- Non-legitimate registration;
- Open Redirect;
- XSS уязвимости;
- SSRF;
- LFI;
- RCE:
RCE vote_agent.php (CVE-2022-27228);
RCE html_editor_action.php;
RCE Landing;
CVE-2022-29268 (Rejected).
- BDU:2024-01501:
Reflected XSS;
Local File Read.
- WAF Bypass;
- LPE;
- Bitrix24:
XSS bitrix 24;
CVE-2022-43959;
CVE-2023-1713;
CVE-2023-1714;
CVE-2023-1718.
- Уязвимые модули:
Реестр уязвимостей сторонних модулей;
Директория /local/;
Структура самописного модуля;
Aspro;
Интернет-магазины;
Корпоративные сайты;
Отраслевые сайты;
Устаревшие модули;
RCE by Insecure deserialization;
- Поиск интересных директорий и файлов.
- Сканер под bitrix - “huitrix”:
Структура сканера:
Fast scan;
Full Scan;
Detect Version;
Entrance Finder;
RCE modules;
Enum Bitrix Users;
Spawn Bitrix User;
Detect custom modules.
- References:
Github;
BDU;
Habr & Telegra.ph;
Telegram;
Other.

https://pentestnotes.ru/notes/bitrix_pentest_full

S.E. ▪️ infosec.work ▪️ VT
Please open Telegram to view this post
VIEW IN TELEGRAM
73 views
SecList for CyberStudents
Steganograficheskie_metodi_zashiti_informacii.pdf
6 MB
77 views
SecList for CyberStudents
https://github.com/MorDavid/BruteForceAI
GitHub
GitHub - MorDavid/BruteForceAI: Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks
Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks - MorDavid/BruteForceAI
82 views