Jump to content
  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

    2. Challenges

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

    5. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

    6. Mobile phones

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

    7. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

    8. Electronica

      Discutii generale despre electronica

    9. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

    10. Black SEO & monetizare

      Tips & tricks, questions, monetizare

  3. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

  4. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

    4. Stiri securitate

      Stiri din domeniul securitatii IT

    5. Sugestii

      Vreti un forum mai bun? Orice sugestie din partea voastra va fi analizata. Doar sugestii pentru site/forum.

    6. Linkuri

      Postati aici doar linkurile despre securitate!

    7. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

  • Topics

  • Posts

    • Si eu sunt interesat de grupuri.
    • An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the contents of those documents, altering information or injecting malware.   According to Tenable Research’s David Wells, who discovered the bug and reported it via the HackerOne bug-bounty platform, a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows would allow an attacker to post a specially crafted hyperlink into a Slack channel that changes the document download location path when clicked. Victims can still open the downloaded document through the application, however, that will be done from the attacker’s Server Message Block (SMB) share.   Wells said in a posting on Friday.   The reason it has to be an SMB share is because of a security check built into the platform. The Slack application filters certain characters out – including colons – so an attacker can’t supply a path with a drive root.   Wells explained.   Remote Exploitation An attack can be carried out by both authenticated and unauthenticated users, Wells said. In the first scenario, an insider could exploit the vulnerability for corporate espionage, manipulation or to gain access to documents outside of their role or privilege level. In the second scenario, an outsider could place crafted hyperlinks into pieces of content that could be pulled into a Slack channel via external RSS feeds.     Wells said.   Success here would require knowing which RSS feeds the target Slack user subscribes to, of course.   Malware and More In addition to being an information-disclosure concern (attackers could access sensitive company documents, financial data, patient records and anything else someone shares via the platform), the vulnerability could be used as a jumping-off point for broader attacks.   Wells explained. He added,   Because it does require user interaction to exploit, the vulnerability carries a medium-level CVSSv2 rating of 5.5. However, the researcher said that attackers can use a spoofing technique to mask the malicious URL behind a fake address, say “http://google.com,” to give it more legitimacy and convince a Slack user to click on the link. More specifically, it’s possible to link to words within Slack by adding an “attachment” field to a Slack POST request with appropriate fields, Wells said.   The attack surface is potentially large. Slack said in January that it has 10 million active daily users, and 85,000 organizations use the paid version (it’s unclear how many are Windows users). Fortunately, Slack patched the bug as part of its latest update for Slack Desktop Application for Windows, v3.4.0, so users should upgrade their apps and clients.   Via threatpost.com
    • Why? I needed a simple and reliable way to delete Facebook posts. There are third-party apps that claim to do this, but they all require handing over your credentials, or are unreliable in other ways. Since this uses Selenium, it is more reliable, as it uses your real web browser, and it is less likely Facebook will block or throttle you. As for why you would want to do this in the first place. That is up to you. Personally I wanted a way to delete most of my content on Facebook without deleting my account. Will this really delete posts? I can make no guarantees that Facebook doesn't store the data somewhere forever in cold storage. However this tool is intended more as a way to clean up your online presence and not have to worry about what you wrote from years ago. Personally, I did this so I would feel less attached to my Facebook profile (and hence feel the need to use it less). How To Use Make sure that you have Google Chrome installed and that it is up to date, as well as the chromedriver for Selenium. See here. On Arch Linux you can find this in the chromium package, but it will vary by OS. pip3 install --user delete-facebook-posts deletefb -E "youremail@example.org" -P "yourfacebookpassword" -U "https://www.facebook.com/your.profile.url" The script will log into your Facebook account, go to your profile page, and start deleting posts. If it cannot delete something, then it will "hide" it from your timeline instead. Be patient as it will take a very long time, but it will eventually clear everything. You may safely minimize the chrome window without breaking it. How To Install Python MacOS See this link for instructions on installing with Brew. Linux Use your native package manager Windows See this link, but I make no guarantees that Selenium will actually work as I have not tested it. Bugs If it stops working or otherwise crashes, delete the latest post manually and start it again after waiting a minute. I make no guarantees that it will work perfectly for every profile. Please file an issue if you run into any problems.   Sursa: https://github.com/weskerfoot/DeleteFB
    • Ar putea sa mearga pe un fork de android. Eu am nexus 5x, de ziceau ei ca e android pur, l-am folosit 3 ani. Mi s-a parut cel mai prost. Era rapid doar pt ca era chel. Cand am umplut cei 32 gb crashuia o data la doua zile.
    • Chipurile lor HiSilicon în marketul smartphone-urilor nu au așa mare importanță, oricum numai ei le folosesc.
    • When it comes to learning a new skill, e-learning sources are preferred more than any physical institute these days. The basic reason is that they are full of convenience and have greater accessibility. Also, some of them are available for free and provides certifications too, so why should anyone visit and pay a whole lot of fees to these institutes. Though having a degree or certification in a proper format enhances the credibility of your profile or resume. But again not everyone could sit into long lectures and learn a skill. People need flexibility in accordance with time and accessibility. So a huge number of people love to learn through e-learning websites. As we cannot ignore the fact that the online presence of the world is insanely huge and growing day by day. So as question is the best programming courses or tutorials? so what i suggest that atleast once Check out the best programming tutorial or courses recommended by programming community. So as many student want to learn programming and want certification but unable to find best course or tutorial. So programming tutorials help student to find the best programming online tutorial, with detailed information(certification) and it will be easy for student to find course.
    • Huawei’s chip unit says it prepared years ago for doomsday scenario of US tech ban  
    • Se pot intampla doua lucruri:   1. Huawei are acces la AOSP ca oricine altcineva, deci isi poate creea builduri fara probleme, doar ca trebuie sa astepte ca versiunile sa fie publicate de Google. Vendorii parteneri primesc cod inainte ca versiunile de Android sa fie oficial lansate, ca sa aiba timp sa dea release. Problema in aceasta situatie este ca vor fi si mai lenti cu updateurile, si ca nu vor putea folosi Google Play shit, si avand in vedere cat de nasol este AppGallery (versiunea lor de Play), nu stiu ce relevanta o sa mai aiba pe piata.   2. Isi fac OS-ul lor, dar o sa fie o problema cu convingerea developerilor importanti sa faca versiuni ale aplicatiilor special pentru acest sistem de operare, fara saci de bani aruncati nu vad posibila treaba asta, si chiar si asa o sa fie saracacios la inceput, cine se va risca cu asa ceva cand poti sa ai Android sau iOS care deja sunt stabilite pe piata.   Oricum ar fi, e ceva ce dauneaza acestui brand, si avand in vedere ce tactici anti-consumer practica, in special in defavoarea developerilor si entuziastilor, si avand in vedere ca un om cheie al companiei lor a fost arestat pentru spionaj, ma doare chiar in maciuca si le urez cale batuta acestor sarlatani cu ochi mici. Inainte sa imi bagati in frigider carne sa stiti ca si eu am un smartphone Huawei, dar sincer nu imi pare rau de ei, karma is a bitch.
    • “Huawei has made substantial contributions to the development and growth of Android around the world. As one of Android’s key global partners, we have worked closely with their open-source platform to develop an ecosystem that has benefitted both users and the industry. Huawei will continue to provide security updates and after-sales services to all existing Huawei and Honor smartphone and tablet products, covering those that have been sold and that are still in stock globally. We will continue to build a safe and sustainable software ecosystem, in order to provide the best experience for all users globally.” Sursa https://www.theverge.com/2019/5/20/18632234/huawei-android-ban-response-google-security-updates   Eu daca inteleg bine au fost pregatiti pentru asa ceva asa si nu prea ii deranjeaza decizia asta. Stiu ca marketplace au deja de ceva timp, insa ce i-ar opri sa puna peste Android Open interfata lor si sa faca singuri security updates?  Su poate doar au primit asigurari ca in caz de se intampla asta robinetul cu bond-uri se deschide, sau poate apare o lista neagra si in China cu cap de lista Apple. Si sa nu uitam, Huawei cu Qualcomm parca imparteau niste brevete pe 4g/5g. Ce se intampla in cazul asta? 
  • Create New...