Extract Windows credentials directly from VM memory snapshots and virtual disks.
Source: https://github.com/nikaiw/VMkatz
Source: https://github.com/nikaiw/VMkatz
Forwarded from JavaSec
Active Directory’da eng xavfli narsa — admin huquqi emas.
Eng xavfli narsa — noto‘g‘ri berilgan permissions.
Ayniqsa DACL🌐 .
Agar sizda quyidagi huquqlardan biri bo‘lsa:
—💾
—🌐
—🔑
siz deyarli privilege escalation yo‘lidasiz.
Nega?
Natija: oddiy user → domain compromise
Xulosa: Active Directory — bu role emas, graph.
Va hujumlar ko‘pincha admin orqali emas…
noto‘g‘ri yozilgan bitta ACE orqali keladi.
Tepadagi rasmda sizda qanday permission bo'lsa nimalar qila olishingiz ko'rsatilgan.
DACL abuse
Telegram📱 Linkedin 📱
Eng xavfli narsa — noto‘g‘ri berilgan permissions.
Ayniqsa DACL
Agar sizda quyidagi huquqlardan biri bo‘lsa:
—
WriteDACL —
GenericWrite —
AllExtendedRights siz deyarli privilege escalation yo‘lidasiz.
Nega?
WriteDACL → o‘zingizga GenericAll berasizGenericWrite → SPN qo‘shasiz → Kerberoasting / RBCDAllExtendedRights → ForceChangePassword / DCSyncNatija: oddiy user → domain compromise
Xulosa: Active Directory — bu role emas, graph.
Va hujumlar ko‘pincha admin orqali emas…
noto‘g‘ri yozilgan bitta ACE orqali keladi.
Tepadagi rasmda sizda qanday permission bo'lsa nimalar qila olishingiz ko'rsatilgan.
DACL abuse
Telegram
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Cat Seclist
cve-2026-29000-claude-exploit-cve-2026-29000.zip
28.9 KB
Forwarded from Turan Security
This media is not supported in your browser
VIEW IN TELEGRAM
Barchangizni muborak Ramazon hayiti bilan samimiy qutlaydi!
Hurmatli yurtdoshlar,
Ushbu muqaddas va fayzli ayyomda Sizga hamda yaqinlaringizga sihat-salomatlik, xonadoningizga tinchlik-xotirjamlik va baraka tilaymiz. Barcha ezgu orzu va niyatlaringiz ijobat bo‘lsin.
✨ Ramazon hayiti muborak bo‘lsin!
@turansecurity | www.turansec.uz | info@turansec.uz
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1
RelayKing-Depth
NTLM релей сканер. Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM. Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug / PetitPotam и т.п.
https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
NTLM релей сканер. Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM. Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug / PetitPotam и т.п.
https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
Forwarded from Whitehat Lab
Инструмент для определения реального IP адреса ресурса, находящегося за Cloudflare
CloudFail discovers the real origin IP address(es) behind a Cloudflare-protected domain by querying certificate transparency logs, passive DNS databases, and optional paid APIs. It never sends traffic directly to the target during passive mode
#web #ip #cloudflare
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Turan Security
🇺🇿 O‘zbekistonda ilk Bug Bounty platformasi — Oq Doppi
Prezidentimiz tomonidan belgilangan 2030-yilgacha kiberxavfsizlikni rivojlantirish strategiyasiga muvofiq, mamlakatimizda axborot tizimlari xavfsizligini ta’minlash va zaifliklarni oldindan aniqlash muhim vazifalardan biridir.
Shu yo‘nalishda TuranSecurity tomonidan O‘zbekistonda birinchi Bug Bounty platformasi — Oq Doppi ishga tushirildi.
🔎 Bug Bounty nima?
Bu kompaniyalarga o‘z tizimlaridagi xavfsizlik zaifliklarini mustaqil va professional ethical (white hat) mutaxassislar yordamida aniqlash imkonini beradigan zamonaviy yondashuvdir. Natijada muammolar erta bosqichda aniqlanadi va xavflar oldi olinadi.
🎩 Nega “Oq Doppi”?
“White hat hacker” — tizimlarni himoya qilish uchun ishlaydigan mutaxassislarni anglatadi.
“Oq Doppi” esa ushbu tushunchaning milliy talqini bo‘lib, ishonch, himoya va mas’uliyat ramzidir.
🤝 Siz uchun qanday foyda beradi?
• Tizimlaringizdagi zaifliklarni real mutaxassislar aniqlaydi
• Xavfsizlik darajasi sezilarli darajada oshadi
• Muammolarni oldindan bartaraf etish imkoniyati
• Qonuniy va nazorat ostidagi test muhiti
🚀 Platforma bugundan ishga tushdi
Birinchi scope doirasida 2 ta dastur ochildi:
• TuranSec — *.turansec.uz
• Oq Doppi — platformaning o‘zi
🛡 Agar siz kompaniya bo‘lsangiz — tizimlaringizni himoya qiling
🛡 Agar siz mutaxassis bo‘lsangiz — o‘z bilimingizni amalda sinab ko‘ring
Oq Doppi — ishonchli va zamonaviy kiberxavfsizlik yechimi.
Havola: https://oqdoppi.uz
#OqDoppi #CyberSecurity #BugBounty #Uzbekistan #TuranSecurity
Prezidentimiz tomonidan belgilangan 2030-yilgacha kiberxavfsizlikni rivojlantirish strategiyasiga muvofiq, mamlakatimizda axborot tizimlari xavfsizligini ta’minlash va zaifliklarni oldindan aniqlash muhim vazifalardan biridir.
Shu yo‘nalishda TuranSecurity tomonidan O‘zbekistonda birinchi Bug Bounty platformasi — Oq Doppi ishga tushirildi.
🔎 Bug Bounty nima?
Bu kompaniyalarga o‘z tizimlaridagi xavfsizlik zaifliklarini mustaqil va professional ethical (white hat) mutaxassislar yordamida aniqlash imkonini beradigan zamonaviy yondashuvdir. Natijada muammolar erta bosqichda aniqlanadi va xavflar oldi olinadi.
🎩 Nega “Oq Doppi”?
“White hat hacker” — tizimlarni himoya qilish uchun ishlaydigan mutaxassislarni anglatadi.
“Oq Doppi” esa ushbu tushunchaning milliy talqini bo‘lib, ishonch, himoya va mas’uliyat ramzidir.
🤝 Siz uchun qanday foyda beradi?
• Tizimlaringizdagi zaifliklarni real mutaxassislar aniqlaydi
• Xavfsizlik darajasi sezilarli darajada oshadi
• Muammolarni oldindan bartaraf etish imkoniyati
• Qonuniy va nazorat ostidagi test muhiti
🚀 Platforma bugundan ishga tushdi
Birinchi scope doirasida 2 ta dastur ochildi:
• TuranSec — *.turansec.uz
• Oq Doppi — platformaning o‘zi
🛡 Agar siz kompaniya bo‘lsangiz — tizimlaringizni himoya qiling
🛡 Agar siz mutaxassis bo‘lsangiz — o‘z bilimingizni amalda sinab ko‘ring
Oq Doppi — ishonchli va zamonaviy kiberxavfsizlik yechimi.
Havola: https://oqdoppi.uz
#OqDoppi #CyberSecurity #BugBounty #Uzbekistan #TuranSecurity
🔥5❤2
👩💻 Docker Security.
• На сайте hacktricks есть очень объемная Wiki по безопасной настройке Docker. Крайне много информации по Socket, Capabilities, Escape from Containers и т.д. Рекомендую к изучению:
• Basic Docker Engine Security:
➡️Secure Access to Docker Engine;
➡️Security of Container Images;
➡️Image Scanning;
➡️Docker Image Signing.
• Containers Security Features:
➡️Namespaces;
➡️cgroups;
➡️Capabilities;
➡️Seccomp in Docker;
➡️AppArmor in Docker.
#Docker #Security
• На сайте hacktricks есть очень объемная Wiki по безопасной настройке Docker. Крайне много информации по Socket, Capabilities, Escape from Containers и т.д. Рекомендую к изучению:
• Basic Docker Engine Security:
➡️Secure Access to Docker Engine;
➡️Security of Container Images;
➡️Image Scanning;
➡️Docker Image Signing.
• Containers Security Features:
➡️Namespaces;
➡️cgroups;
➡️Capabilities;
➡️Seccomp in Docker;
➡️AppArmor in Docker.
#Docker #Security
HackTricks
HackTricks - HackTricks
HackTricks is a cybersecurity knowledge base with practical pentesting, red team, web, cloud, binary exploitation, and privilege escalation techniques.
Forwarded from UzCERT Live
#Apex #intellekt #pentester #AI
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡1👍1🔥1🤔1
Forwarded from 1N73LL1G3NC3
KslKatz
Combining KslDump and GhostKatz to dump LSASS using no-vulnerability KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.
Combining KslDump and GhostKatz to dump LSASS using no-vulnerability KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.
👍1
Forwarded from Cyber Detective
The OSINT Tools Library is new project from Osint Newsletter and Jake Creps
And this isn’t just a simple collection of tools. Each instrument’s page contains the following sections: what does it do, how to use, cost, data processing, use in reporting.
https://tools.osintnewsletter.com/osint-tools/google-lens
And this isn’t just a simple collection of tools. Each instrument’s page contains the following sections: what does it do, how to use, cost, data processing, use in reporting.
https://tools.osintnewsletter.com/osint-tools/google-lens
Forwarded from Cyber Detective
WindVector
Detailed info on winds and air currents. It features an online map, a 3D model of atmospheric layers, and the ability to view historical data for past dates. It is useful for investigating natural disasters and aviation accidents.
https://windvector.app/
#geoint
Detailed info on winds and air currents. It features an online map, a 3D model of atmospheric layers, and the ability to view historical data for past dates. It is useful for investigating natural disasters and aviation accidents.
https://windvector.app/
#geoint