Forwarded from Turan Security
π BlackHat MEA 2025 Final CTF musobaqasida 12-o'rin!
Turan Security va O'zbekiston sharafini himoya qilgan xalqaro jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!
Saudiya Arabistoning Ar-Riyod shahrida oβtkazilgan BlackHat MEA 2025 tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team leadβimiz 3 ta topshiriqda:
Birinchi marta uchun eng kuchli jamoalar o'rtasida topshiriqlarni birinchi bo'lib ishlash juda qiyin va kamdan-kam uchratiladigan natija! Ushbu yutuq uchun Team lead'imiz tashkilotchilar tomonidan maxsus "Firstblood coin"lar bilan taqdirlandi, bunday natija O'zbekiston uchun birinchisi hisoblanadiπ₯
Bizning maqsadimiz xalqaro maydonda Oβzbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirish.
Turan Security va O'zbekiston sharafini himoya qilgan xalqaro jamoa dunyoning eng nufuzli kiberxavfsizlik musobaqalaridan birida 125 jamoa orasidan TOP-12 talikdan joy oldi!
Saudiya Arabistoning Ar-Riyod shahrida oβtkazilgan BlackHat MEA 2025 tadbiri - global miqyosdagi eng kuchli mutaxassislar, ekspertlar va jahonning yetakchi kiberxavfsizlik jamoalari uchrashadigan maydon.
TOP jamoalar orasida Team leadβimiz 3 ta topshiriqda:
π©Firstblood - web, birinchi;
π©Firstblood - forensics, birinchi;
π©Secondblood - web, ikkinchi bo'lib topshiriqni barajarishga erishdi.
Birinchi marta uchun eng kuchli jamoalar o'rtasida topshiriqlarni birinchi bo'lib ishlash juda qiyin va kamdan-kam uchratiladigan natija! Ushbu yutuq uchun Team lead'imiz tashkilotchilar tomonidan maxsus "Firstblood coin"lar bilan taqdirlandi, bunday natija O'zbekiston uchun birinchisi hisoblanadiπ₯
Bizning maqsadimiz xalqaro maydonda Oβzbekistonni nufuzini oshirish, yoshlarga ilhom berish va kiberxavfsizlik sohasini rivojlantirish.
π5π3π₯2
i was able to get 2 firstblood, 1 secondblood
it was impossible to solve tasks earlier than R3kapig, FMC, bios, Odin, etc who are the most elite teams but i did itπ₯
it was impossible to solve tasks earlier than R3kapig, FMC, bios, Odin, etc who are the most elite teams but i did itπ₯
1π₯15π2
Forwarded from JavaSec
3 ta zero-day va uchunchi 0day zaifligi accepted va π000π² bounty!
1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim
Demak iloji borβ¦
1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim
Zero Day Initiative (ZDI) β Trend Micro tomonidan yuritiladigan, dunyodagi eng yirik va nufuzli vulnerability research dasturlaridan biri. Ushbu dastur mustaqil xavfsizlik tadqiqotchilari (researcherlar) tomonidan topilgan zero-day va kritik zaifliklarni sotib oladi, ularni ishlab chiqaruvchi (vendor) bilan hamkorlikda yopilishini taβminlaydi va foydalanuvchilar xavfsizligini oshiradi.
Shu dastur orqali topgan zaifligim ZDI laboratoriyasida toβliq tekshirilib, tasdiqlandi va rasmiy ravishda qabul qilindi. Natijada bounty oldim va ZDI researcher sifatida tan olindim.
Demak iloji borβ¦
π₯6
JavaSec
3 ta zero-day va uchunchi 0day zaifligi accepted va π000π² bounty! 1-zero-day zaifligi uchun reject olganimda menimcha Zero Day Initiativedan accepted olishni iloji yoq deb oylagan edim Zero Day Initiative (ZDI) β Trend Micro tomonidan yuritiladigan, dunyodagiβ¦
One of the first Uzbeks to sell zeroday on ZDIπ₯
2π₯7
image_2026-01-01_00-23-48.png
56.5 KB
Let's start this year with insane challenge
It's just a joke, let me try guys.
Btw, im late for 20 minutes, but yes, happy new year, i mean hope we can make some good things this year.
It's just a joke, let me try guys.
Btw, im late for 20 minutes, but yes, happy new year, i mean hope we can make some good things this year.
π₯2π€1
AppSec Guy
https://youtu.be/TmWM51mTY_c?si=H9oeSxnZcnhBy_ar
AI helps to reduce our need for world's elites, it enables them to lay off as much as possible employees while saving the budget.
There is no meaning to pay for loose, they have been doing this for decades. So, they don't need population who they really don't need on running this world, so they start small wars to erase mass population while keeping most part still to run what AI cannot make it done.
They are waiting for the evolution of AI, so they have no dependency on us.
They don't care about us, they don't care if AI goes rogue (it's sht from movies), peace.
There is no meaning to pay for loose, they have been doing this for decades. So, they don't need population who they really don't need on running this world, so they start small wars to erase mass population while keeping most part still to run what AI cannot make it done.
They are waiting for the evolution of AI, so they have no dependency on us.
They don't care about us, they don't care if AI goes rogue (it's sht from movies), peace.
some conspiracy theory same as flat earth
This media is not supported in your browser
VIEW IN TELEGRAM
RCE on Google Chrome up to 141.0.7390.65 version through Use after free in Storage (CVE-2025-11460) - ASLR, CFG bypass
PoC exploit: https://issues.chromium.org/issues/446722008
Bounty: $100,000
PoC exploit: https://issues.chromium.org/issues/446722008
Bounty: $100,000
π₯6
Forwarded from Turan Security
2026-yildagi birinchi CVE - NVIDIA dasturiy ta'minotida
Security Research guruhimiz a'zosi Javohir Abduxalilov kapitalizatsiyasi bo'yicha dunyoda birinchi o'rinda turuvchi NVIDIA kompaniyasidan jiddiy zaiflikni aniqladi va bu kompaniya tomonidan e'tirof etildi!
Zaiflik Nvidia Merlin dasturiy ta'minotiga ta'sir qiladi, ushbu dastur Tencent/WeChat, Snapchat, Netflix, Fidelity, Spotify, Walmart, Postmates/Uber, Meituan, Microsoft kabi kompaniyalar tomonidan foydalaniladi.
π CVE-2025-33233 (Nvidia Merlin - Transformers4Rec library)
π΄ Zaiflik darajasi: High (7.8 CVSS)
β οΈ Ta'siri: Code Execution, Escalation of Privileges, Information Disclosure, Data Tampering
π Security Bulletin
Bunday natijalar O'zbekistonning kiberxavfsizlik sohasidagi xalqaro nufuzini oshirishga xizmat qiladi.
P.S. Eslatib o'tamiz mutaxassislarimiz tomonidan NASA, Google, Amazon, Toyota kabi dunyoning yetakchi texnologik kompaniyalaridan ham zaifliklar aniqlangan.
www.turansec.uz | [email protected]
Security Research guruhimiz a'zosi Javohir Abduxalilov kapitalizatsiyasi bo'yicha dunyoda birinchi o'rinda turuvchi NVIDIA kompaniyasidan jiddiy zaiflikni aniqladi va bu kompaniya tomonidan e'tirof etildi!
Zaiflik Nvidia Merlin dasturiy ta'minotiga ta'sir qiladi, ushbu dastur Tencent/WeChat, Snapchat, Netflix, Fidelity, Spotify, Walmart, Postmates/Uber, Meituan, Microsoft kabi kompaniyalar tomonidan foydalaniladi.
π CVE-2025-33233 (Nvidia Merlin - Transformers4Rec library)
π΄ Zaiflik darajasi: High (7.8 CVSS)
β οΈ Ta'siri: Code Execution, Escalation of Privileges, Information Disclosure, Data Tampering
π Security Bulletin
Bunday natijalar O'zbekistonning kiberxavfsizlik sohasidagi xalqaro nufuzini oshirishga xizmat qiladi.
P.S. Eslatib o'tamiz mutaxassislarimiz tomonidan NASA, Google, Amazon, Toyota kabi dunyoning yetakchi texnologik kompaniyalaridan ham zaifliklar aniqlangan.
www.turansec.uz | [email protected]
π₯5β€3π1
photo_2026-01-23_14-08-18.jpg
240.1 KB
Qanaqasiga?
.json endpointga to'g'ridan to'g'ri SQLi payload kiritish faqat Bug hunterlarni qo'lidan keladi, rasmda shuni qilishgan)
Bunaqa holat uchramasa kerak umuman, lekin finding case qiziq, ozgina o'ylab ko'ramiz.
Rasm bo'yicha Stacked/Batched queries SQLi ishlatilgan:
Bu degani
1) Backend berilgan json file nomini oladi;
2) Olingan json file nomini to'g'ridan to'g'ri Database ga jo'natadi:
kod judayam noto'g'ri ko'rsatilgan, oddiy qilishga harkat qildim,
Endi tushinishga harakat qilamiz, shunda dasturchi json fayllarni lakatsiyasi yoki o'zini Database da saqlab keyin ishlatmoqchi bo'lgan?
Bu arxitektura xatosi bo'lishi kerak))
1) Nimaga bunaqa qilingan?
2) Nimaga SQL injection payloadda comment qo'yilgan ohirida lekin space qo'yilmagan? Space siz payload qanday ishladi?
Judayam ko'p savollar bor, Bug hunterlar ko'pincha kamdan kam chiqadigan case larni tarqatadi, iloji bor lekin iloji yo'q. Hullas postni Dark Shadow qo'ygan, share qilgani zo'r, lekin kamida bilish kerak payload qanaqa ishlaydi olib ishlatishdan oldin.
@AppSec_guy
.json endpointga to'g'ridan to'g'ri SQLi payload kiritish faqat Bug hunterlarni qo'lidan keladi, rasmda shuni qilishgan)
Bunaqa holat uchramasa kerak umuman, lekin finding case qiziq, ozgina o'ylab ko'ramiz.
Rasm bo'yicha Stacked/Batched queries SQLi ishlatilgan:
GET /displays/anythingforcheck.json'; select pg_sleep(6) --?org_id=2
Bu degani
1) Backend berilgan json file nomini oladi;
@app.get("/displays/{filename}")
async def get_display_vulnerable(filename: str, org_id: int = None):2) Olingan json file nomini to'g'ridan to'g'ri Database ga jo'natadi:
query = f"SELECT * FROM displays WHERE name = '{filename}'"
async with pool.acquire() as conn:
result = await conn.fetch(query)kod judayam noto'g'ri ko'rsatilgan, oddiy qilishga harkat qildim,
org_id masalan qolib ketyaptiEndi tushinishga harakat qilamiz, shunda dasturchi json fayllarni lakatsiyasi yoki o'zini Database da saqlab keyin ishlatmoqchi bo'lgan?
Bu arxitektura xatosi bo'lishi kerak))
1) Nimaga bunaqa qilingan?
2) Nimaga SQL injection payloadda comment qo'yilgan ohirida lekin space qo'yilmagan? Space siz payload qanday ishladi?
mysql/postgresqlda -- comment qo'yilganda orqasida space - bo'sh joy bo'lmasa comment ishlamaydi
Judayam ko'p savollar bor, Bug hunterlar ko'pincha kamdan kam chiqadigan case larni tarqatadi, iloji bor lekin iloji yo'q. Hullas postni Dark Shadow qo'ygan, share qilgani zo'r, lekin kamida bilish kerak payload qanaqa ishlaydi olib ishlatishdan oldin.
@AppSec_guy
π3π₯2