Forwarded from Turan Security
This media is not supported in your browser
VIEW IN TELEGRAM
Barchangizni muborak Ramazon hayiti bilan samimiy qutlaydi!
Hurmatli yurtdoshlar,
Ushbu muqaddas va fayzli ayyomda Sizga hamda yaqinlaringizga sihat-salomatlik, xonadoningizga tinchlik-xotirjamlik va baraka tilaymiz. Barcha ezgu orzu va niyatlaringiz ijobat bo‘lsin.
✨ Ramazon hayiti muborak bo‘lsin!
@turansecurity | www.turansec.uz | info@turansec.uz
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1
RelayKing-Depth
NTLM релей сканер. Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM. Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug / PetitPotam и т.п.
https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
NTLM релей сканер. Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM. Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug / PetitPotam и т.п.
https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
Forwarded from Whitehat Lab
Инструмент для определения реального IP адреса ресурса, находящегося за Cloudflare
CloudFail discovers the real origin IP address(es) behind a Cloudflare-protected domain by querying certificate transparency logs, passive DNS databases, and optional paid APIs. It never sends traffic directly to the target during passive mode
#web #ip #cloudflare
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Turan Security
🇺🇿 O‘zbekistonda ilk Bug Bounty platformasi — Oq Doppi
Prezidentimiz tomonidan belgilangan 2030-yilgacha kiberxavfsizlikni rivojlantirish strategiyasiga muvofiq, mamlakatimizda axborot tizimlari xavfsizligini ta’minlash va zaifliklarni oldindan aniqlash muhim vazifalardan biridir.
Shu yo‘nalishda TuranSecurity tomonidan O‘zbekistonda birinchi Bug Bounty platformasi — Oq Doppi ishga tushirildi.
🔎 Bug Bounty nima?
Bu kompaniyalarga o‘z tizimlaridagi xavfsizlik zaifliklarini mustaqil va professional ethical (white hat) mutaxassislar yordamida aniqlash imkonini beradigan zamonaviy yondashuvdir. Natijada muammolar erta bosqichda aniqlanadi va xavflar oldi olinadi.
🎩 Nega “Oq Doppi”?
“White hat hacker” — tizimlarni himoya qilish uchun ishlaydigan mutaxassislarni anglatadi.
“Oq Doppi” esa ushbu tushunchaning milliy talqini bo‘lib, ishonch, himoya va mas’uliyat ramzidir.
🤝 Siz uchun qanday foyda beradi?
• Tizimlaringizdagi zaifliklarni real mutaxassislar aniqlaydi
• Xavfsizlik darajasi sezilarli darajada oshadi
• Muammolarni oldindan bartaraf etish imkoniyati
• Qonuniy va nazorat ostidagi test muhiti
🚀 Platforma bugundan ishga tushdi
Birinchi scope doirasida 2 ta dastur ochildi:
• TuranSec — *.turansec.uz
• Oq Doppi — platformaning o‘zi
🛡 Agar siz kompaniya bo‘lsangiz — tizimlaringizni himoya qiling
🛡 Agar siz mutaxassis bo‘lsangiz — o‘z bilimingizni amalda sinab ko‘ring
Oq Doppi — ishonchli va zamonaviy kiberxavfsizlik yechimi.
Havola: https://oqdoppi.uz
#OqDoppi #CyberSecurity #BugBounty #Uzbekistan #TuranSecurity
Prezidentimiz tomonidan belgilangan 2030-yilgacha kiberxavfsizlikni rivojlantirish strategiyasiga muvofiq, mamlakatimizda axborot tizimlari xavfsizligini ta’minlash va zaifliklarni oldindan aniqlash muhim vazifalardan biridir.
Shu yo‘nalishda TuranSecurity tomonidan O‘zbekistonda birinchi Bug Bounty platformasi — Oq Doppi ishga tushirildi.
🔎 Bug Bounty nima?
Bu kompaniyalarga o‘z tizimlaridagi xavfsizlik zaifliklarini mustaqil va professional ethical (white hat) mutaxassislar yordamida aniqlash imkonini beradigan zamonaviy yondashuvdir. Natijada muammolar erta bosqichda aniqlanadi va xavflar oldi olinadi.
🎩 Nega “Oq Doppi”?
“White hat hacker” — tizimlarni himoya qilish uchun ishlaydigan mutaxassislarni anglatadi.
“Oq Doppi” esa ushbu tushunchaning milliy talqini bo‘lib, ishonch, himoya va mas’uliyat ramzidir.
🤝 Siz uchun qanday foyda beradi?
• Tizimlaringizdagi zaifliklarni real mutaxassislar aniqlaydi
• Xavfsizlik darajasi sezilarli darajada oshadi
• Muammolarni oldindan bartaraf etish imkoniyati
• Qonuniy va nazorat ostidagi test muhiti
🚀 Platforma bugundan ishga tushdi
Birinchi scope doirasida 2 ta dastur ochildi:
• TuranSec — *.turansec.uz
• Oq Doppi — platformaning o‘zi
🛡 Agar siz kompaniya bo‘lsangiz — tizimlaringizni himoya qiling
🛡 Agar siz mutaxassis bo‘lsangiz — o‘z bilimingizni amalda sinab ko‘ring
Oq Doppi — ishonchli va zamonaviy kiberxavfsizlik yechimi.
Havola: https://oqdoppi.uz
#OqDoppi #CyberSecurity #BugBounty #Uzbekistan #TuranSecurity
🔥5❤2
👩💻 Docker Security.
• На сайте hacktricks есть очень объемная Wiki по безопасной настройке Docker. Крайне много информации по Socket, Capabilities, Escape from Containers и т.д. Рекомендую к изучению:
• Basic Docker Engine Security:
➡️Secure Access to Docker Engine;
➡️Security of Container Images;
➡️Image Scanning;
➡️Docker Image Signing.
• Containers Security Features:
➡️Namespaces;
➡️cgroups;
➡️Capabilities;
➡️Seccomp in Docker;
➡️AppArmor in Docker.
#Docker #Security
• На сайте hacktricks есть очень объемная Wiki по безопасной настройке Docker. Крайне много информации по Socket, Capabilities, Escape from Containers и т.д. Рекомендую к изучению:
• Basic Docker Engine Security:
➡️Secure Access to Docker Engine;
➡️Security of Container Images;
➡️Image Scanning;
➡️Docker Image Signing.
• Containers Security Features:
➡️Namespaces;
➡️cgroups;
➡️Capabilities;
➡️Seccomp in Docker;
➡️AppArmor in Docker.
#Docker #Security
HackTricks
HackTricks - HackTricks
HackTricks is a cybersecurity knowledge base with practical pentesting, red team, web, cloud, binary exploitation, and privilege escalation techniques.
Forwarded from UzCERT Live
#Apex #intellekt #pentester #AI
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡1👍1🔥1🤔1
Forwarded from 1N73LL1G3NC3
KslKatz
Combining KslDump and GhostKatz to dump LSASS using no-vulnerability KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.
Combining KslDump and GhostKatz to dump LSASS using no-vulnerability KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.
👍1
Forwarded from Cyber Detective
The OSINT Tools Library is new project from Osint Newsletter and Jake Creps
And this isn’t just a simple collection of tools. Each instrument’s page contains the following sections: what does it do, how to use, cost, data processing, use in reporting.
https://tools.osintnewsletter.com/osint-tools/google-lens
And this isn’t just a simple collection of tools. Each instrument’s page contains the following sections: what does it do, how to use, cost, data processing, use in reporting.
https://tools.osintnewsletter.com/osint-tools/google-lens
Forwarded from Cyber Detective
WindVector
Detailed info on winds and air currents. It features an online map, a 3D model of atmospheric layers, and the ability to view historical data for past dates. It is useful for investigating natural disasters and aviation accidents.
https://windvector.app/
#geoint
Detailed info on winds and air currents. It features an online map, a 3D model of atmospheric layers, and the ability to view historical data for past dates. It is useful for investigating natural disasters and aviation accidents.
https://windvector.app/
#geoint
Forwarded from Turan Security
Kiberxavfsizlik bo'yicha seminar-trening!
O'zbekiston Respublikasi Prezidentining yoshlar bilan uchrashuvida belgilangan vazifalar doirasida Muhammad al-Xorazmiy nomidagi Toshkent axborot texnologiyalari universiteti talabalarining kiberxavfsizlik sohasidagi amaliy bilim va ko‘nikmalarini oshirish maqsadida sohadagi yetakchi kompaniya mutaxassislari bilan seminar-trening tashkil etildi.
Tadbirda kompaniyamiz vakillari ham o‘zlarining amaliy tajribalari va bilimlari bilan o‘rtoqlashdilar.
Akmaljon Sodiqov - Turan Security asoschisi:
📌 CNA nima? Kiberxavfsizlikda o'qib pul ishlash mumkinmi?
Yoldoshali Esonaliyev - Team Lead:
📌 Web ilovalar xavfsizligi.
Abdumutal Abdumutalov - Team Lead:
📌 Android ilovalari xavfsizligida statik tahlil usullari.
Seminar yakunida universitet professor-o‘qituvchilari va xodimlari bilan hamkorlikni yanada kengaytirish bo‘yicha kelishuvga erishildi.
@turansecurity | www.turansec.uz | info@turansec.uz
O'zbekiston Respublikasi Prezidentining yoshlar bilan uchrashuvida belgilangan vazifalar doirasida Muhammad al-Xorazmiy nomidagi Toshkent axborot texnologiyalari universiteti talabalarining kiberxavfsizlik sohasidagi amaliy bilim va ko‘nikmalarini oshirish maqsadida sohadagi yetakchi kompaniya mutaxassislari bilan seminar-trening tashkil etildi.
Tadbirda kompaniyamiz vakillari ham o‘zlarining amaliy tajribalari va bilimlari bilan o‘rtoqlashdilar.
Akmaljon Sodiqov - Turan Security asoschisi:
📌 CNA nima? Kiberxavfsizlikda o'qib pul ishlash mumkinmi?
Yoldoshali Esonaliyev - Team Lead:
📌 Web ilovalar xavfsizligi.
Abdumutal Abdumutalov - Team Lead:
📌 Android ilovalari xavfsizligida statik tahlil usullari.
Seminar yakunida universitet professor-o‘qituvchilari va xodimlari bilan hamkorlikni yanada kengaytirish bo‘yicha kelishuvga erishildi.
@turansecurity | www.turansec.uz | info@turansec.uz
👍3🤝2