Security Analysis – Telegram
Security Analysis
@securation
11.5K subscribers
344 photos
50 videos
36 files
885 links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analysis
- Web Security
- Cryptography
- Steganography
- Forensics
Contact : @DrPwner
Download Telegram
About
Blog
Apps
Platform
Join
Security Analysis
11.5K subscribers
Security Analysis
⭕️ Linux Privilege Escalation Cheatsheet


https://github.com/Ignitetechnologies/Linux-Privilege-Escalation
#ctf #oscp #cybersecurity #Pentesting
@securation
2.04K views
Security Analysis
⭕️ RCE in Citrix ShareFile Storage Zones Controller

https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
#citrix #cve202122941 #RCE
@securation
2.1K views
Security Analysis
⭕️ رایت اپ کشف آسیب پذیری IDOR که در سرویسی از گوگل کشف شده رو بخونید که جایزه ۵ هزار دلاری هم برای محقق امنیتی داشته :)

https://asterfiester.medium.com/5000-google-idor-vulnerability-writeup-c7b45926abe9
#IDOR #Writeup #bugbounty
@securation
2.75K views
Security Analysis
https://github.com/mobdk/CopyCat

#mimikatz
GitHub
GitHub - mobdk/CopyCat: Simple rapper for Mimikatz, bypass Defender
Simple rapper for Mimikatz, bypass Defender. Contribute to mobdk/CopyCat development by creating an account on GitHub.
1.98K views
Security Analysis
⭕️ windows_hardening:
Windows Hardening settings and configurations

https://github.com/0x6d69636b/windows_hardening
#pentest #redteam #win #hardening
@securation
1.96K views
Security Analysis
In this video, we are going to solve wordpress cve-2021-29447 challenge on TryHackMe
This is my first video in english! :) stay tuned! Premieres 9.00 pm.
https://youtu.be/pkooNXGHl7c
YouTube
WordPress CVE-2021-29447 TryHackMe! WalkThrough
In this video, we are going to solve WordPress CVE-2021-29447 challenge on tryhackme!
WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media…
1.86K views
Security Analysis
⭕️ fail2banRemote Code Execution

https://research.securitum.com/fail2ban-remote-code-execution/
#RCE #pentest #fail2ban
@securation
1.85K views
Security Analysis
⭕️ Server-Side Template Injection

Analysis Link

Ref: Link

#SSTI #Web #Tools #payloads
@securation
2.04K views
Security Analysis
https://blog.cloudflare.com/october-2021-facebook-outage
The Cloudflare Blog
Understanding how Facebook disappeared from the Internet
Today at 1651 UTC, we opened an internal incident ennoscriptd "Facebook DNS lookup returning SERVFAIL" because we were worried that something was wrong with our DNS resolver 1.1.1.1. But as we were about to post on our public status page we realized something…
2.13K views
Security Analysis
⭕️ An in-memory evasion technique fluctuating shellcode memory protection between RW & RX and encrypting/decrypting contents

https://github.com/mgeeky/ShellcodeFluctuation
#evasion #inject #shellcode #bypass #av #edr
@securation
GitHub
GitHub - mgeeky/ShellcodeFluctuation: An advanced in-memory evasion technique fluctuating shellcode's memory protection between…
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents - mgeeky/ShellcodeFluctuation
2.06K views
Security Analysis
https://github.com/David-Reguera-Garcia-Dreg/shellex
GitHub
GitHub - therealdreg/shellex: C-shellcode to hex converter, handy tool for paste & execute shellcodes in IDA PRO, gdb, windbg,…
C-shellcode to hex converter, handy tool for paste & execute shellcodes in IDA PRO, gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor - therealdreg/shellex
2.11K views
Security Analysis
Windows 32-bit Shellcode Design without TEB & fs:30h

https://gist.github.com/aaaddress1/86a70ace478a905b8147b0803d5dacfc
#shellcode #bruteforce #teb #winapi
@securation
Gist
Windows 32-bit Shellcode Design without TEB & fs:30h
Windows 32-bit Shellcode Design without TEB & fs:30h - memBruteforce.cpp
2.28K views
Security Analysis
⭕️ این روش بدست آوردن هش favicon واسه پیدا کردن IP واقعی پشت Cloudflare protection هنوز هم خیلی جاها جواب میده .

لینک مقاله

#byapss #waf #cloudflare #ddos_protection
#originip
@securation
2.58K views
Security Analysis
⭕️ توی این پست که برای RedTeam ها کاربرد خوبی داره متدی برای بایپس AV/EDR بکار برده میشه.

⭕️ حالا در Blue team که عملکرد دفاعی توی امنیت دارند, برای یکی از ابزارها مثل sysmon که کارش شکار تهدیدات هست یک Rule نوشته شده که همون پردازشی که توی بایپس آنتی ویروس ها و EDRها داره رو شناسایی میکنه , که میتونید با استفاده از ابزار HandleKatz هم اینکارو با همین رول انجام بدید.

#hunting #rule #sysmon #AVbypass #EDRbypass #threathunting
@securation
2.67K views
Security Analysis
Stumbling across a DOM XSS on google.com


https://svennergr.github.io/writeups/google/ads_dom_xss/
#xss #writeup #google
@securation
1.8K views
Security Analysis
⭕️ Attack-Surface-Framework
Tool To Discover External And Internal Network Attack Surface

Link

#tools #attack #network
@securation
1.96K views
Security Analysis
⭕️ Reflected - Cross Site Scripting , XSS

#xss #reflected
@securation
1.93K views
Security Analysis
⭕️ دو تا اسکریپت جدید Powershell که واسه بایپس آنتی ویروس نوشته شدن:)

https://github.com/tihanyin/PSSW100AVB

#powershell #AVbypass #noscript
@securation
2.61K views