Jump to content
  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

      12.7k
      posts
    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

      18.2k
      posts
    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

      4.4k
      posts
  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

      7.4k
      posts
    2. Challenges (CTF)

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

      9.5k
      posts
    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

      2.2k
      posts
    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

      22.8k
      posts
    5. Securitate web

      Tutoriale si discutii legate de securitatea aplicatiilor web

      672
      posts
    6. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

      2k
      posts
    7. Mobile security

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

      12.7k
      posts
    8. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

      7.6k
      posts
    9. Electronica

      Discutii generale despre electronica

      2.6k
      posts
    10. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

      3.8k
      posts
    11. Black SEO & monetizare

      Tips & tricks, questions, monetizare

      8.8k
      posts
  3. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

      28.2k
      posts
    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

      2.7k
      posts
    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

      12.1k
      posts
    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

      8.7k
      posts
  4. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

      23.9k
      posts
    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

      137.7k
      posts
    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

      3.1k
      posts
    4. Stiri securitate

      Stiri din domeniul securitatii IT

      20.3k
      posts
    5. Linkuri

      Postati aici doar linkurile despre securitate!

      9.4k
      posts
    6. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

      45.2k
      posts
  • Who's Online   2 Members, 0 Anonymous, 109 Guests (See full list)

  • Forum Statistics

    108.8k
    Total Topics
    643k
    Total Posts
  • Member Statistics

    225645
    Total Members
    9823
    Most Online
    Ankitadhariwal
    Newest Member
    Ankitadhariwal
    Joined
  • Topics

  • Posts

    • Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions.   You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder.   The winevt/Logs folders and the script must have identical file path.   Execution Example:   Result Example:   Download: winevt_logs_analysis-main.zip or git clone https://github.com/georgi-i/winevt_logs_analysis.git   Mirror:  winevt_logs_analysis.py: #[\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx] #EventID 1149 - User authentication succeeded -> 2624 -> 21 -> 22 #[\winevt\Logs\Security.evtx] #EventID 4624 - User successfully logged on to this system with the specified TargetUserName and TargetDomainName from the specified IpAddress #EventID 4625 - User failed to log on to this system with the specified TargetUserName and TargetDomainName from the specified IpAddress #EventID 4634 - A user disconnected from, or logged off, an RDP session #EventID 4647 - The user initiated a formal logoff #EventID 4778 - The user reconnected to an existing RDP session #EventID 4779 - The user disconnected from from an RDP session #[\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx] #EventID 21 - successful RDP logon (as long as Source Network Address is NOT local) #EventID 22 - successful RDP logon with GUI Desktop (as long as Source Network Address is NOT local) #EventID 23 - The user initiated a formal system logoff #EventID 24 - user has disconnected from an RDP session (if NOT local IP) #EventID 25 - user has reconnected to an existing RDP session (if NOT local IP) #EventID 39 - The user formally disconnected from the RDP session #EventID 40 - The user disconnected from or reconnected to an RDP session import Evtx.Evtx as evtx import re import pandas as pd from alive_progress import alive_bar def write_results(df): with open('result.html', 'a') as result: df['SystemTime'] = pd.to_datetime(df['SystemTime']) df = df.sort_values(by="SystemTime").reset_index(drop=True) df.to_html(result, header=result) result.write('<br>') def append_results(df, event_id, event_id_info, ip, sys_time, log_info): df = df.append({'EventID': event_id, 'Info': event_id_info, 'IP': ip, 'SystemTime': sys_time, 'Log': log_info}, ignore_index=True) return df def read_data(df, path, input): event_data = '' re_system_time = r'SystemTime=\"(.+)\.' re_rcm_id = r'>(1149)<\/EventID' re_ip_rcm = r'<Param3>(.+)<' re_lsm_login = r'>(21)<\/EventID' re_lsm_login_gui = r'>(22)</EventID' re_lsm_disc = r'>(24)<\/EventID' re_lsm_rec = r'>(25)<\/EventID' re_ip_lsm = r'Address>(\d+\.\d+\.\d+\.\d+)<' re_sec_login = r'>(4624)<\/EventID' re_sec_reconnect = r'>(4778)<\/EventID' re_sec_disconnect = r'>(4779)<\/EventID' re_ip_login = r'\"IpAddress\">(\d+\.\d+\.\d+\.\d+)<' re_ip_rec = r'\"ClientAddress\">(\d+\.\d+\.\d+\.\d+)<' print_rcm = False print_lsm = False print_security = False with evtx.Evtx(path) as log: records = log.records() with alive_bar(len(list(records))) as bar: for record in log.records(): bar() event_data = record.xml() match_sys_time = re.search(re_system_time, event_data) if input == 'rcm': if not print_rcm: print('Searching for matching events in RemoteConnectionManager logs...') print_rcm = True match_id_1149 = re.search(re_rcm_id, event_data) if match_id_1149 != None: match_ip_1149 = re.search(re_ip_rcm, event_data) df = append_results(df, match_id_1149.group(1), 'User authentication succeeded', match_ip_1149.group(1), match_sys_time.group(1), 'RemoteConnectionManager_Operational') elif input == 'lsm': if not print_lsm: print('Searching for matching events in LocalSessionManager logs...') print_lsm = True match_id_21 = re.search(re_lsm_login, event_data) match_id_22 = re.search(re_lsm_login_gui, event_data) match_id_24 = re.search(re_lsm_disc, event_data) match_id_25 = re.search(re_lsm_rec, event_data) match_ip_lsm = re.search(re_ip_lsm, event_data) if match_id_21 != None: if match_ip_lsm != None: df = append_results(df, match_id_21.group(1), 'successful RDP logon', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_22 != None: if match_ip_lsm != None: df = append_results(df, match_id_22.group(1), 'successful RDP logon with GUI Desktop', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_24 != None: if match_ip_lsm != None: df = append_results(df, match_id_24.group(1), 'user has disconnected from an RDP session', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_25 != None: if match_ip_lsm != None: df = append_results(df, match_id_25.group(1), 'user has reconnected to an existing RDP session', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif input == 'security': if not print_security: print('Searching for matching events in Security logs...This may take a while...') print_security = True match_id_4624 = re.search(re_sec_login, event_data) match_id_4778 = re.search(re_sec_reconnect, event_data) match_id_4779 = re.search(re_sec_disconnect, event_data) if match_id_4624 != None: match_ip_4624 = re.search(re_ip_login, event_data) if match_ip_4624 != None: df = append_results(df, match_id_4624.group(1), 'User successfully logged on', match_ip_4624.group(1), match_sys_time.group(1), 'Security') elif match_id_4778 != None: match_ip_4778 = re.search(re_ip_rec, event_data) if match_ip_4778 != None: df = append_results(df, match_id_4778.group(1), 'The user reconnected', match_ip_4778.group(1), match_sys_time.group(1), 'Security') elif match_id_4779 != None: match_ip_4779 = re.search(re_ip_rec, event_data) if match_ip_4779 != None: df = append_results(df, match_id_4779.group(1), 'The user disconnected', match_ip_4779.group(1), match_sys_time.group(1), 'Security') write_results(df) df = pd.DataFrame(columns=['EventID', 'Info', 'IP', 'SystemTime', 'Log']) path_prefix = 'winevt/Logs/' log_prefix = 'Microsoft-Windows-TerminalServices-' try: print('Reading data from RemoteConnectionManager%4Operational.evtx...') read_data(df, path_prefix + log_prefix + 'RemoteConnectionManager%4Operational.evtx', 'rcm') except: print('Failed to read RemoteConnectionManager%4Operational.evtx') try: print('Reading data from LocalSessionManager%4Operational.evtx...') read_data(df, path_prefix + log_prefix + 'LocalSessionManager%4Operational.evtx', 'lsm') except: print('Failed to read LocalSessionManager%4Operational.evtx') try: print('Reading data from Security.evtx...') read_data(df, path_prefix + 'Security.evtx', 'security') except: print('Failed to read Security.evtx')   requirements.txt: alive_progress==2.4.1 Evtx==0.7.3 pandas==1.3.1   Source: github.com
    • A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/   ROME/LONDON, Feb 6 (Reuters) - Global ransomware activity that targeted thousands of computer servers in Italy and other countries was probably the handiwork of criminal hackers and not a state or state-like entity, the Italian government said on Monday.   Italy's National Cybersecurity Agency (ACN) said on Sunday that hackers had targeted thousands of computer servers around the world running on VMware "ESXi" software.   "No evidence has emerged pointing to aggression by a state or hostile state-like entity", an Italian government statement said, adding that no major Italian institution or company operating in critical national security sectors had been affected.   The hack was identified on Feb. 3 and reached its peak on Sunday, said the statement, which added that the hackers were taking advantage of a software exploit first identified two years earlier, in February 2021.   "Some of the recipients of that advice took the warning into due consideration, others did not and unfortunately are now paying the consequences," the statement added.   VMware's "ESXi" is a kind of hypervisor - software which runs virtual computers. Those virtual systems are sold by some internet hosting companies as low-cost alternatives to running real, physical servers.   A VMware spokesperson said it released an update in 2021 which fixed the issue and urged its customers to patch their systems.   The attack has hit thousands of servers globally, according to data compiled by U.S.-based cybersecurity firm, Censys, with the majority of affected servers in France, followed by the United States and Germany.   "It's somewhat effective but has had a mixed impact. A number of organisations have recovered their virtual machines without having to restore from a backup," said Daniel Card, a cybersecurity consultant based in Britain.   "It appears to be targeting victims mainly in Western countries, but does not look highly sophisticated," Card added.   Via reuters.com
    • chip8c As an alternative to an emulator, this tool translates CHIP-8 binaries into equivalent C code, which can be compiled on POSIX-compliant OSes with ncurses. This is just a proof of concept, and the way it works could be still improved (see Details).   Usage Compiling the tool: make   Translating a CHIP-8 binary: ./chip8c breakout.ch8     Running the above will produce 3 files: mem.h - memory map of the binary breakout.ch8.c - translated C breakout.ch8.bin - runnable binary   CHIP-8 has its own keyboard layout. To interact with the binary, use mapped keys: 1 2 3 C --mapped as--> 1 2 3 4 4 5 6 D Q W E R 7 8 9 E A S D F A 0 B F Z X C V   Some CHIP-8 executables can be found on repos like this one. The ones that were tested and work well include pong, breakout and trip8 demo.   Details What the tool was created for, is to check whether it's feasible to decompile machine code into a long switch-case, where the switched value is the program counter register, and the cases are instruction addresses coupled with code performing register and IO manipulation equivalent to that of a given instruction set.   Insides of the resulting switch-case look like the following example: switch (pc) { /* ... */ case 0x0200: reg[0] = reg[6]; case 0x0202: reg[1] = 0xFC; case 0x0204: reg[0] &= reg[1]; case 0x0206: regi = 0x30C; /* ... */ case 0x0242: reg[0] = 0xFE; case 0x0244: reg[9] ^= reg[0]; case 0x0246: stack[sp++] = 0x0246 + 2; pc = 0x2A4; break; case 0x0248: reg[5] += 0x01; case 0x024A: stack[sp++] = 0x024A + 2; pc = 0x2A4; break; case 0x024C: if (reg[5] != 0x60) { pc = 0x024C + 4; break; } /* ...*/ }   Worth noting, that breaking out from the switch-case is required only when jumps are performed, in all other cases it suffices to allow for the default linear flow.   There are a few disadvantages of the technique: Code gets separated from data, so whatever takes advantage of von Neumann architecture won't work. A hexdump of a translated binary must be included in the resulting C file, so it could access its static data. Jumps to unexpected addresses aren't handled (odd addresses, for instance).   This implementation uses ncurses for IO, which was chosen for its popularity and simplicity, but it's not a good fit for mimicking IO of CHIP-8. For instance, the instructions EX9E and EXA1 work best if the program maintains a map of keys that are currently pressed. It seems that ncurses doesn't detect key releases, so its hard to maintain such a map.   Also, it would be nice if Unicode block characters could be used for the output, then neighbouring pairs of pixels could be packed into one of:  , ▀, ▄ and █ to simulate nice looking square pixels.   Download: chip8c-main.zip   or   git clone https://github.com/kiryk/chip8c.git   Source  
    • ,,,o noua forma de antena Batwing mai usor de construit...https://postimg.cc/gallery/RJ2Z4kH
    • atentie eu iti recomand sa nu te folosesti de descriierele produselor direct din csv , nu ai sa rankezi deloc , mai ales daca ai produse uzuale , daca ai o nisha mai speciala poate ca se merita . unde am avut eu noroc a fost la anvelope
    • salutare am si eu un dvr AKU model AK2808X la care am uitat parola de admin credeti ca ma puteti ajuta si pe mine va rog? cristianf2013@yahoo.com
    • Salut, il mai are cineva?   http://www.javascriptkit.com/howto/externalhtml.shtml   P.S. il voiam pe ala al lui Neme
    • Daca vrei sa te ajut cu seo sa ti indexezi site-ul si sa rankezi cat de cat da mi un mesaj. Sau macar cu seo onpage
    • Tally.Work is an AI cover letter generator that creates a cover letter from your resume and a job description in seconds. It's intuitive, saves you time and works great as a starting point.   URL: https://tally.work   Via Google
×
×
  • Create New...