Jump to content
  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

      7636
      posts
    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

      18090
      posts
    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

      4184
      posts
  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

      7233
      posts
    2. Challenges

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

      9585
      posts
    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

      2155
      posts
    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

      22281
      posts
    5. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

      1859
      posts
    6. Mobile phones

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

      12387
      posts
    7. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

      7415
      posts
    8. Electronica

      Discutii generale despre electronica

      2553
      posts
    9. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

      3799
      posts
    10. Black SEO & monetizare

      Tips & tricks, questions, monetizare

      8752
      posts
  3. Tutoriale

    1. Tutoriale in romana

      Tutoriale in limba romana

      17882
      posts
    2. Tutoriale in engleza

      Tutoriale in limba engleza

      6604
      posts
    3. Tutoriale video

      Tutorialele video

      5180
      posts
  4. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

      28171
      posts
    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

      2743
      posts
    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

      12170
      posts
    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

      8731
      posts
  5. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

      23749
      posts
    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

      136989
      posts
    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

      2394
      posts
    4. Stiri securitate

      Stiri din domeniul securitatii IT

      19896
      posts
    5. Sugestii

      Vreti un forum mai bun? Orice sugestie din partea voastra va fi analizata. Doar sugestii pentru site/forum.

      4946
      posts
    6. Linkuri

      Postati aici doar linkurile despre securitate!

      9425
      posts
    7. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

      45344
      posts
  • Topics

  • Posts

    • Avira au ramas in urma in ultimii ani, fata de rivalii lor precum Kaspersky, GDATA (tot din Germania), Bitdefender, etc. Tehnologia lor s-a bazat si se bazeazas din pacate in continuare pe semnaturi, un dezavantaj major fata de companiile ce au recurs la diverse tehnologii de behavioural blocker, unele facand uz de chestii de-astea moderne de machine learning. Cred ca de-asta au vandut compania. Ca produsul lor sa devina competitiv e nevoie de investitii majore, si probabil ca arabi se bazeaza pe marketing si pe numele de Avira, sa mai scoata si ei niste dinero cat mai merge.
    • Claudiu Zamfir Joi, 9 Apr 2020 - 16:07 Antivirusul german Avira, cumpărat de arabi. Prețul tranzacției Sursa imagine Avira   Compania germană de securitate cibernetică Avira, care are circa 140 de angajați în România, a anunțat joi că va fi achiziționată de fondul de investiții Investcorp, din Bahrain. Prețul tranzacției este de 180 de milioane de dolari, conform acordului definitiv dintre părți, care trebuie supus mai departe aprobării organismelor de reglementare a pieței, potrivit firmei de investiții arabe. În cadrul tranzacției, firmele Avira Holding GmbH & Co KG și  ALV GmbH & Co KG vor fi preluate de fondul Investcorp Technology Partners IV, gestionat de firma de investiții fondate în Bahrain.   Cunoscută pentru antivirusul său popular și în România, compania germană, cu sediul central la Tettnang, a fost fondată în anul 1986, de antreprenorul  Tjark Auerbach, iar achiziția anunțată joi reprezintă prima investiție instituțională în Avira în cei 34 de ani de exisență. „Ne protejăm utilizatorii de mai bine de 30 de ani. În Investcorp, am un partener de investiții care îmi împărtășește valorile și care va sprijini strategia echipei de management în a continua să protejăm oamenii, mulți ani de acum înainte”, a  declarat fndatorul Avira, Tjark Auerbach. În România, Avira este prezentă prin firma sa locală, Avira Soft SRL, înființată în anul 2004, la București. În anul 2018, firma din România a avut o cifră de afaceri de 8,7 milioane de dolari și un profit de 351.000 de dolari, cu un număr mediu de 146 de angajați, conform datelor oficiale colectate de Termene.ro.   De partea cealaltă, firma de investiții Investcorp a fost fondată în anul 1982, la Manama, Bahrain, de Nemir Kirdar.  Fondul de investiții din Golful Persic este cunoscut pentru achiziționarea magazinelor americane de bijuterii de lux Tiffany & Co.,  în anul 1984. În 2020, Tiffany a intrat în portofoliul gigantului francez de produse de lux LVMH. Cu fonduri sub management de peste 34 de miliarde de dolari, Investcorp este listată la Bursa din Bahrain (BSE) și are o prezență consistentă, în toată lumea, cu biroururi la New York, Londra,  Abu Dhabi, Riyadh, Doha, Mumbai, Singapore.   Sursa: https://www.startupcafe.ro/afaceri/antivirus-avira-cumparat-arabi-pret.htm?
    • Poate o sa ti se para o prostie, dar pe mine ma ajuta astfel de lucruri. Cand incerc sa invat ceva si nu imi place, gen matematica, nu se prinde deloc de mine. Ceea ce incerc sa fac e sa ma conving ca imi place, ca e interesant, ca e util in viata. Incerc sa ma fac sa imi placa. Si ma ajuta. De asemenea, e important de unde inveti. De multe ori in manuale nu sunt bine explicate lucrurile si nu ai cum sa intelegi. Dar probabil poti gasi alte resurse pe net, fie scrise, fie video, in care sa fie explicate mai in detaliu lucrurile, sau cu mai multe exemple. 
    • Nu e nevoie de sau altceva. Daca postezi direct link-ul catre imagine sau iei Copy/Paste un text care are si imagini, vor fi puse automat. Da, evident ca apar probleme la formatare si se poate ca uneori sa nu ia imaginile, IPBoard foloseste CKEditor si nu e 100% stabil sa mearga in toate cazurile, dar e imbunatatit constant.
    • @probleme cu "Insert Image" am incercat si cu [/img], in edititor se afiseaza imaginile, dupe ce il salvez afiseaza zBang%20tool.png    edit: chrome, opera, firefox    
    • Cunoaste cineva o modalitate eficienta si rapida de invatare a materiei necesare subiectului 1?  
    • zBang is a risk assessment tool that detects potential privileged account threats     zBang is a special risk assessment tool that detects potential privileged account threats in the scanned network.   Organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network. The results can be analyzed with the graphic interface or by reviewing the raw output files.   More details on zBang could be found in the Big zBang Theory blog post by @Hechtov: https://www.cyberark.com/threat-research-blog/the-big-zbang-theory-a-new-open-source-tool/   The tool is built from five different scanning modules: ACLight scan - discovers the most privileged accounts that must be protected, including suspicious Shadow Admins. Skeleton Key scan - discovers Domain Controllers that might be infected by Skeleton Key malware. SID History scan - discovers hidden privileges in domain accounts with secondary SID (SID History attribute). RiskySPNs scan - discovers risky configuration of SPNs that might lead to credential theft of Domain Admins Mystique scan - discovers risky Kerberos delegation configuration in the network.   For your convenience, there is also a summarized Data Sheet about zBang: https://github.com/cyberark/zBang/blob/master/zBang Summarized Data Sheet.pdf   Execution Requirements Run it with any domain user. The scans do not require any extra privileges; the tool performs read-only LDAP queries to the DC. Run the tool from a domain joined machine (a Windows machine). PowerShell version 3 or above and .NET 4.5 (it comes by default in Windows 8/2012 and above).   Quick Start Guide Download and run the release version from this GitHub repository link or compile it with your favorite compiler. Sometimes, when downloading it through the browser, you will need to "unblock" the downloaded zBang.exe file. In the opening screen, choose what scans you wish to execute.              In the following example, all five scans are chosen:   3. To view demo results, click “Reload.” zBang tool comes with built-in initiating demo data; you can view the results of the different scans and play with the graphic interface. 4. To initiate new scans in your network, click “Launch.” A new window will pop up and will display the status of the different scans.     5. When the scans are completed, there will be a message saying the results were exported to an external zip file.     6. The results zip file will be in the same folder of zBang and will have a unique name with the time and the date of the scans. You can also import previous results into the zBang GUI without the need of rerunning the scans. To import previous results, click “Import” in the zBang’s opening screen.   Go Over zBang Results A. ACLight scan:   Choose the domain you have scanned. You will see a list of the most privileged accounts that were discovered. On the left side - view “standard” privileged accounts that get their privileges due to their group membership. On the right side - view “Shadow Admins.” Those accounts get their privileges through direct ACL permissions assignment. Those accounts might be stealthier than standard “domain admin” users, and therefore, they might not be as secure as they should be. Attackers often target and try to compromise such accounts. On each account, you can double click and review its permissions graph. It may help you understand why this account was classified as privileged.     6. The different abusable ACL permissions are described in a small help page. Click the “question mark” in the upper right corner to view:   7. More details on the threat of Shadow Admins are available in the blog post - “Shadow Admins – The Stealthy Accounts That You Should Fear The Most”: https://www.cyberark.com/threat-research-blog/shadow-admins-stealthy-accounts-fear/   8. For manual examination of the scan results, unzip the saved zBang results file and check the results folder: "[Path of the zBang’s unzipped results file]\ACLight-master\Results”, contains a summary report - “Privileged Accounts - Layers Analysis.txt”.   9. On each of the discovered privileged accounts: Identify the privileged account. Reduce unnecessary permissions from the account. Secure the account. After validating these three steps, you can mark the account with a “V” in the small selection box, turning it green on the interface.   10. The goal is to make all the accounts marked as “secured” with the green color.   B. Skeleton Key scan In the scan page (click the relevant bookmark in the above section), there will be a list of all the scanned DCs. Make sure all of them are clean and marked with green. If the scan finds a potential infected DC, it is crucial to initiate an investigation process.     4. More details on Skeleton Key malware are available in the blog post “Active Directory Domain Controller Skeleton Key Malware & Mimikatz” by @PyroTek3: https://adsecurity.org/?p=1255   C. SID History scan In this scan page, there will be a list of the domain accounts with secondary SID (SID History attribute). Each account will have two connector arrows, one to the left for its main SID, the other to the right for its secondary SID (with the mask icon). If the main SID is privileged, it will be in red, and if the SID history is privileged, there will be displayed as a red mask. You should search for the possible very risky situations, in which an account has a non-privileged main SID but at the same time has a privileged secondary SID. This scenario is very suspicious and you should check this account and investigate why it received a privileged secondary SID. Make sure it wasn’t added by a potential intruder in the network.       * For a visualization convenience, if a large number of accounts with non-privileged SID history are present (more than ten), they will be filtered out from the display, as those accounts are less sensitive.   5. For manual examination of the scan results, unzip the saved zBang results file and check csv file: “[Path of the zBang’s unzipped results file]\SIDHistory\Results\Report.csv".   6. More details on abusing SID History are available in the blog post “Security Focus: sIDHistory” by Ian Farr: https://blogs.technet.microsoft.com/poshchap/2015/12/04/security-focus-sidhistory-sid-filtering-sanity-check-part-1-aka-post-100/   D. RiskySPNs scan In the scan results page, there will be a list of all the SPNs that registered with user accounts. If the user account is a privileged account, it will be in red. It is very risky to have SPNs that are registered under privileged accounts. Try and change/disable those SPNs. Use machine accounts for SPNs or reduce unnecessary permissions from the users who have SPNs registered to them. It’s also recommended to assign strong passwords to those users, and implement automatic rotation of each password.     4. For manual examination of the scan results, unzip the saved zBang results file and check csv file: “[Path of the zBang’s unzipped results file]\RiskySPN-master\Results\RiskySPNs-test.csv".   5. More details on Risky SPNs are available in the blog post “Service Accounts – Weakest Link in the Chain”: https://www.cyberark.com/blog/service-accounts-weakest-link-chain/   E. Mystique scan The scan result page includes a list of all the discovered accounts trusted with delegation permissions. There are three delegation types: Unconstrained, Constrained and Constrained with Protocol Transition. The account color corresponds to its delegation permission type. Disable old and unused accounts trusted with delegation rights. In particular, check the risky delegation types of “Unconstrained” and “Constrained with Protocol Transition.” Convert “Unconstrained” delegation to “Constrained” delegation so it will be permitted only for specific needed services. “Protocol Transition” type of delegation must be revalidated and disabled, if possible.       4. For manual examination of the scan results, unzip the saved zBang results file and check csv file: “[Path of the zBang’s unzipped results file]\Mystique-master\Results\delegation_info.csv".   5. More details on risky delegation configuration are available in the blog post - “Weakness Within: Kerberos Delegation”: https://www.cyberark.com/threat-research-blog/weakness-within-kerberos-delegation/   Performance zBang runs quickly and doesn’t need any special privileges over the network. As the only communication required is to the domain controller through legitimate read-only LDAP queries, a typical execution time of zBang on a network with around 1,000 user accounts will be seven minutes. When you intend to scan large networks with multiple trust-connected domains, it’s recommended to check the domain trusts configuration or run zBang separately from within each domain to avoid possible permission and connectivity issues.   Authors zBang was developed by CyberArk Labs as a quick and dirty POC intended to help security teams worldwide. Feedback and comments are welcome.   Main points of contact: Asaf Hecht (@Hechtov), Nimrod Stoler (@n1mr0d5) and Lavi Lazarovitz (@__Curi05ity__)   Source: github.com    
    • https://www.facebook.com/611317165628530/posts/2848816265211931/  
    • Uita-te aici:   https://www.pluralsight.com/search?categories=course&q=network security   https://www.pluralsight.com/search?q=cryptography&categories=course   Au gratuit https://www.pluralsight.com/offer/2020/free-april-month toata luna Aprilie (si e posibil sa extinda). Revino in Mai/dupa ce le termini si iti mai dau. 
    • te referi gen "Nu dezgheța fraierii că te inundă"   Lasa man sa stie lumea realitatea la mine miroase a cauciuc incis si aici, si in Berceni , ca nu e nimeni  Julian Assange         
×
×
  • Create New...