SecList for CyberStudents
@SecListForCyberStudents
1.28K subscribers
841 photos
35 videos
225 files
1.09K links
Think outside the box
Download Telegram
About
Blog
Apps
Platform
Join
SecList for CyberStudents
1.28K subscribers
SecList for CyberStudents
Forwarded from JavaSec
Bugun Active Directory'ning eng eski, eng kuchli, lekin hali ham real muhitlarda uchraydigan zaifligi haqida gaplashamiz... 😱

Domain Admin'ni 10 daqiqada, hech qanday parol crack qilmasdan, hech qanday CVE ishlatmasdan olish mumkinligini bilasizmi?
Faqat bitta noto'g'ri belgilangan checkbox kifoya.
Tasavvur qiling. Internal pentest'dasiz. Klassik vektorlar yopiq — Kerberoasting natijasiz, NTLM relay'da SMB signing yoqilgan, ASREP-roasting bo'sh. Bir necha soat urinib ko'rasiz. Keyin enumeration paytida bittagina komanda ishlatasiz:
Get-NetComputer -Unconstrained
Va bitta server chiqadi. Shu lahzadan boshlab — hammasi tugadi.


Unconstrained Delegation o'zi nima? 🤔
Kerberos'da delegation — bir service boshqa user nomidan boshqa service'ga ulanishi uchun ruxsat. Misol: IIS server foydalanuvchi nomidan MSSQL'ga so'rov yuboradi.
Lekin Unconstrained — bu eng erkin shakli. Domain admin shunday sozlagan:
"Bu serverga to'liq ishonaman. U istalgan service nomidan istalgan joyga kira oladi."


Mantiq oddiy ko'rinadi. Lekin asl xavf shu yerda.
Foydalanuvchi shu serverga authenticate bo'lganda — KDC uning TGT'sini ham server'ga birga yuboradi. Server bu TGT'ni LSASS xotirasida saqlaydi. Foydalanuvchi keyin "logout" qilsa ham — TGT cache'da qoladi.
Server compromise bo'lsa — o'sha userning butun identity'si siznikida.


Lekin tabiiy savol tug'iladi — Domain Admin nega oddiy serverga ulansin? 🌚
Kutib o'tirmaymiz. SpoolSample degan tool bor — Microsoft'ning Print Spooler service'idagi MS-RPRN protocol'ini abuse qiladi. Bitta komanda:
SpoolSample.exe dc01 srv01
Bu DC'ga so'rov yuboradi: "Mening serverim'ga ulanib printer holatini tekshirib bersang-chi". DC bu so'rovni bajaradi — SRV01'ga authenticate bo'ladi. Va Unconstrained yoqilgani uchun — o'zining DC01$ TGT'sini birga yuboradi. ⚡️
Print Spooler default holatda yoqilgan. Domain Controllers'da ham yoqilgan. 2024-yilning oxiriga kelib ham — hali yoqilgan muhitlar bor.


Rubeus'ni monitor /interval:5 mode'da ishga tushiramiz. SpoolSample otamiz. Bir necha sekunddan keyin terminalda:
[*] Found new TGT: DC01$@CHILD.JAVASEC.LOCAL
Domain Controller'ning computer account TGT'si qo'limizda.
Bu yerda yangi savol: Computer account'da local admin huquqi yo'q-ku? To'g'ri. Lekin DC computer account'da boshqa narsa bor —
DCSync
huquqi.


Mimikatz'ga ticket'ni import qilamiz:
kerberos::ptt dc01.kirbi
lsadump::dcsync /domain:child.javasec.local /user:Administrator


Natija — Hash NTLM: e7d6a507...
Domain compromised. krbtgt qo'limizda. Forest tugadi. 🏳️

Eng katta xato — "biz Kerberos ishlatyapmiz, hammasi xavfsiz" deb o'ylash.
Chunki Kerberos'ning o'zi xavfsiz emas — uning sozlamasi xavfsiz qiladi. Bitta Trust this computer for delegation to any service checkbox'i — va butun forest tugaydi.

Telegram 📱 Linkedin 📱
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
1
1.48K views
SecList for CyberStudents
28M Telegram userlari menimcha olishga arziydi albatta OSINT va Threat Intellegence bilan shug'ullanadiganlar uchun bu ajyoib topilma bo'ladi. Holbuki barcha bu yo'nalish bilan shug'ullanadiganlarning o'zlari yig'adigan databasa lari bo'ladi va bu yondashuv ish jarayonida juda ham qo'l keladi.

#OSINT #TH #BreachForum #DataLeak
🌚2
1.65K viewsedited  
SecList for CyberStudents
SecList for CyberStudents
28M Telegram userlari menimcha olishga arziydi albatta OSINT va Threat Intellegence bilan shug'ullanadiganlar uchun bu ajyoib topilma bo'ladi. Holbuki barcha bu yo'nalish bilan shug'ullanadiganlarning o'zlari yig'adigan databasa lari bo'ladi va bu yondashuv…
1.37GB 🔥)
🔥16
1.78K views
SecList for CyberStudents
SecList for CyberStudents
28M Telegram userlari menimcha olishga arziydi albatta OSINT va Threat Intellegence bilan shug'ullanadiganlar uchun bu ajyoib topilma bo'ladi. Holbuki barcha bu yo'nalish bilan shug'ullanadiganlarning o'zlari yig'adigan databasa lari bo'ladi va bu yondashuv…
Hali o'zim analiz qilmadim. Lekin analiz qilganlarning aytishlaricha 3k dan ortiq uz ga taaluqli telefon raqamlar bor ekan 👀
😐9😁1
1.91K views
SecList for CyberStudents
Bolajonlar o'zlari nima qilayotganini anglagani yoq menimcha hali... )
😁26🤓4👨‍💻2🎃2🙈2🔥1
10.5K views
SecList for CyberStudents
Blue Teaming Active Directory.pdf
6.7 MB
🔥7🌭3
1.68K views
SecList for CyberStudents
🚨 Critical Uber API Vulnerability | UUIDs Are NOT Security ($2,000 Bounty)

Real-world BOLA vulnerability affecting Uber APIs. In this video I explain how missing object-level authorization allowed access to sensitive restaurant analytics using UUID manipulation + Burp Suite.

🎥 https://youtu.be/LLagPYt-cjc

#cybersecurity #bugbounty #api #owasp
YouTube
Critical Uber API Vulnerability | UUIDs Are NOT Security ($2,000 Bounty) | BOLA Vulnerability PoC
🚨 Critical Uber API Vulnerability — UUIDs Are NOT Security ($2,000 Bounty)

In this video, we perform a deep technical analysis of a real-world Uber API vulnerability involving BOLA (Broken Object Level Authorization) — one of the most critical and common…
1.59K views
SecList for CyberStudents
https://t.me/yetimdasturchi/3654 aytganlariday oxiri vazelin bilan tugaydi bu ketishda))
🤣21🗿12💩4😁3🔥21
2.33K views
SecList for CyberStudents
Source: https://github.com/twintproject/

Twint or use Snscrape For Free

Platforms Supported by snscrape:
Twitter (X)
TikTok
YouTube
Reddit
GitHub
Facebook Pages (limited)
Wikipedia
Instagram (partial support)
Others (if applicable)

#OSINT #Twint #TI #X #CyberSecurity #Snscrape
1🤔1
1.4K views
SecList for CyberStudents
Qilayotgan ishlaringiz umuman yaxshi emas aslida....
Undan ko'ra haqiqiy proof bo'lishga harakat qilinglar! BF da buni elon qilish sizlarga hech nima bermaydi... Subdomainlarga qarasak men ham hech qachon bularga etibor bermagan ekanim oldinlari. Ko'zdan chetda qolgan subdomainlardan SQLi chiqish ehtimoli juda yuqori bo'ladi. To'g'ri BlackHat tajriba orttirish uchun yaxshidir ammo buni jar solish yaxshi emas, shunchalik info ga qiziqsang o'zing uchun olib qoy bo'ldi.... Aytgancha bu qonunga xilof hisoblanadi,,,,

#BF #DataLeak #SomeSubdomains
🔥12🌭5🤣4💯2👍1😁1🍾1😎1👾1
1.37K views
SecList for CyberStudents
https://github.com/sevdokimov/log-viewer
1.12K views
SecList for CyberStudents
https://www.bleepingcomputer.com/news/security/windows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026/
997 views
SecList for CyberStudents
TGPages Atlas (https://tgpages.com/atlas/map/)

An interactive map of Telegram channels that helps you quickly find communities by topic and assess their interests. This is a convenient visual catalog for a basic analysis of the Telegram ecosystem. It's a useful resource for quickly finding similar channels, tracking thematic connections, and understanding audience distribution around a specific topic.

Link to the service (https://tgpages.com/atlas/map/)

#OSINT
2
1K views
SecList for CyberStudents
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html
Security Affairs
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days.
🔥31
892 views
SecList for CyberStudents
Anotherone BreachForum launched...
🤣11
758 views
SecList for CyberStudents
🚨 Attackers are buying stolen employee credentials every day and try to attack companies, protect yourself from this threat ...

Xleak.io helps companies monitor leaked corporate credentials across dark web and infostealer logs before they turn into breaches.

Find employees combo (email:pass) for verified business domains and prevent attacks against your customers as well!

Bug bounty hunters could also benefit to look for leaked credentials for their targeted programs and earn bounties

Get your company report immediatly and access now at:
xleak.io

Bonus: Dedicated API access for Enterprises is available!

#bugbountytips #bugbounty #hackerone #CyberSecurity #ThreatIntel #Infostealer #DarkWeb
3
780 views
SecList for CyberStudents
Forwarded from Yetim dasturchi kundaligi
Kripto kurslar qancha bo'lyapti ekan bolajonlar?)

Menimcha sizlar meni taniysizlar. Nu menam endi sizlarni tanishni boshladim.

P.S: O'sha nosvoydan chekib yaxshilab o'ylab ko'rganinglar durust. Qariya sifatida maslahat beraman: bilimni boshqa yaxshi ishlar uchunam ishlatsa bo'ladi. Hali ham kech emas.
3🔥1
429 views
SecList for CyberStudents
Forwarded from infosec
• Судя по всему, кто-то нашел github токен сотрудника Grafana, который предоставил доступ к Grafana Labs на GitHub и позволил выгрузить всю кодовую базу. Однако вместо репорта по программе bug bounty, гений решил потребовать выкуп за удаление скачанных исходников. К слову, выкуп никто не заплатил, а вот что будет с исходниками — пока неясно.

➡️ https://www.kucoin.com/

#Новости
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
672 views