We are facing with a new fraud method. Let’s discuss this issue in order to raise awareness of internet user.With this method, fraudsters aim to reach target audiences through YouTube ads. In their advertisements, they aim to attract attention and gain trust in order to deceive their targets by using their own dubbing on video…

Sysmon is a sysinternals tool, and like every sysinternals tool, it can be used for operations such as system administration and troubleshooting. Sysmon is generally used to collect logs that Windows does not log as standard in order to correct and improve the security posture. We can use Config file to select which event we…

Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. WebP is an open-source image format developed by Google. WebP enables higher quality images in smaller file sizes. The…

Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. Enum4Linux is a tool used to collect information from Windows and Samba systems. Some information that Enum4Linux can collect;…

NOTE:Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. Maltego is a tool that collects data from various services and visualizes it. Maltego is a tool often used…

CVE-2023-44487, HTTP/2 protokolünün DOS(denial of service) problemine sebebiyet veren ve NIST tarafında 7.5 HIGH derecede skorlanan bir zafiyettir. Bu zafiyet, bir saldırganın bir web sitesi ya da uygulama ile arasındaki stream’ler için çok sayıda reset isteği yollayarak sistemin kaynaklarını tüketmesine ve sistemin hizmet veremez duruma gelmesine sebebiyet vermektedir. Bu zafiyet Ağustos-Ekim 2023 tarihleri arasında gerçek…

BloodHound is a security tool used by security professionals and attackers. This tool mainly uses the Windows Active Directory environment and enables the discovery of attack paths in this environment. Some of the features this tool provides; ->Mapping Attack Paths: Maps and visualizes the relationships between users in the network. ->Defining Exploit Paths: It allows…

In my previous article, I talked about how the LSASS process can be dumped. Now let’s try to find out which password the resulting NT hash belongs to. First of all, I should point out that hash values are irreversible. In other words, we can encrypt a data and decryp it with the key and…

Use what I’m about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses. Mimikatz implementation in pure Python. Pypykatz is an open-source tool designed for extracting authentication credentials on Windows operating systems.…

Image Source: https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html The Log4j vulnerability is a critical remote code execution (RCE) vulnerability in the Apache Log4j logging library. It was first disclosed on December 9, 2021, and is considered to be one of the most serious software vulnerabilities ever discovered. The vulnerability exists in the way that Log4j processes certain types of log…