Some of my projects
- Detection of Windows Based Malwares Using Machine Learning
In this project, we tried to understand the characteristics of the malwares and distinguish them from the benign files using machine learning techniques. Thanks to this project, we won the 3. place award in the one of the cyber security projects competition in Turkey.
- Phishing Detection Using Machine Learning
In this project, we tried to understand what is the idea and techniques behind of the phishing attacks and detect them. Thanks to this project, we won the 2. place award in the one of the cyber security projects competition in Turkey.
Vulnerable Web Application is a website that is prepared for people who are interested in web penetration and who want to have information about this subject.
HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oğuz Tozkoparan, Ömer Faruk Şenyayla and Tufan Güngör for their help during creating this lab.
There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning’s saving.py (core.saving.load_hparams_from_yaml) functionality is calling “yaml.UnsafeLoader” from pyyaml Python library which is not secure method. Because of that, maliciously crafted yaml config file can cause code execution on the victim’s machine.
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).
In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
An authenticated attacker can inject malicious code into “lang” parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a “username” while changing his/her username & password. After that, when attacker logs in to the application, attacker’s code will be run. As a result of this vulnerability, authenticated user can run command on the server.
In Sentrifugo 3.2, users can upload an image under “Assets -> Add” tab. This “Upload Images” functionality is suffered from “Unrestricted File Upload” vulnerability so attacker can upload malicious files using this functionality and control the server.
In Sentrifugo 3.2, users can share an announcement under “Organization -> Announcements” tab. Also, in this page, users can upload attachments with the shared announcements. This “Upload Attachment” functionality is suffered from “Unrestricted File Upload” vulnerability so attacker can upload malicious files using this functionality and control the server.
In Sentrifugo 3.2, admin can edit employee’s informations via this endpoint –> /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, “employeeNumId” parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting.
In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file.
In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting.
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[value] or filters[value] parameter.
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database.
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user’s valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges.
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.