Forums

Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions.   You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder.   The winevt/Logs folders and the script must have identical file path.   Execution Example:   Result Example:   Download: winevt_logs_analysis-main.zip or git clone https://github.com/georgi-i/winevt_logs_analysis.git   Mirror:  winevt_logs_analysis.py: #[\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx] #EventID 1149 - User authentication succeeded -> 2624 -> 21 -> 22 #[\winevt\Logs\Security.evtx] #EventID 4624 - User successfully logged on to this system with the specified TargetUserName and TargetDomainName from the specified IpAddress #EventID 4625 - User failed to log on to this system with the specified TargetUserName and TargetDomainName from the specified IpAddress #EventID 4634 - A user disconnected from, or logged off, an RDP session #EventID 4647 - The user initiated a formal logoff #EventID 4778 - The user reconnected to an existing RDP session #EventID 4779 - The user disconnected from from an RDP session #[\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx] #EventID 21 - successful RDP logon (as long as Source Network Address is NOT local) #EventID 22 - successful RDP logon with GUI Desktop (as long as Source Network Address is NOT local) #EventID 23 - The user initiated a formal system logoff #EventID 24 - user has disconnected from an RDP session (if NOT local IP) #EventID 25 - user has reconnected to an existing RDP session (if NOT local IP) #EventID 39 - The user formally disconnected from the RDP session #EventID 40 - The user disconnected from or reconnected to an RDP session import Evtx.Evtx as evtx import re import pandas as pd from alive_progress import alive_bar def write_results(df): with open('result.html', 'a') as result: df['SystemTime'] = pd.to_datetime(df['SystemTime']) df = df.sort_values(by="SystemTime").reset_index(drop=True) df.to_html(result, header=result) result.write('<br>') def append_results(df, event_id, event_id_info, ip, sys_time, log_info): df = df.append({'EventID': event_id, 'Info': event_id_info, 'IP': ip, 'SystemTime': sys_time, 'Log': log_info}, ignore_index=True) return df def read_data(df, path, input): event_data = '' re_system_time = r'SystemTime=\"(.+)\.' re_rcm_id = r'>(1149)<\/EventID' re_ip_rcm = r'<Param3>(.+)<' re_lsm_login = r'>(21)<\/EventID' re_lsm_login_gui = r'>(22)</EventID' re_lsm_disc = r'>(24)<\/EventID' re_lsm_rec = r'>(25)<\/EventID' re_ip_lsm = r'Address>(\d+\.\d+\.\d+\.\d+)<' re_sec_login = r'>(4624)<\/EventID' re_sec_reconnect = r'>(4778)<\/EventID' re_sec_disconnect = r'>(4779)<\/EventID' re_ip_login = r'\"IpAddress\">(\d+\.\d+\.\d+\.\d+)<' re_ip_rec = r'\"ClientAddress\">(\d+\.\d+\.\d+\.\d+)<' print_rcm = False print_lsm = False print_security = False with evtx.Evtx(path) as log: records = log.records() with alive_bar(len(list(records))) as bar: for record in log.records(): bar() event_data = record.xml() match_sys_time = re.search(re_system_time, event_data) if input == 'rcm': if not print_rcm: print('Searching for matching events in RemoteConnectionManager logs...') print_rcm = True match_id_1149 = re.search(re_rcm_id, event_data) if match_id_1149 != None: match_ip_1149 = re.search(re_ip_rcm, event_data) df = append_results(df, match_id_1149.group(1), 'User authentication succeeded', match_ip_1149.group(1), match_sys_time.group(1), 'RemoteConnectionManager_Operational') elif input == 'lsm': if not print_lsm: print('Searching for matching events in LocalSessionManager logs...') print_lsm = True match_id_21 = re.search(re_lsm_login, event_data) match_id_22 = re.search(re_lsm_login_gui, event_data) match_id_24 = re.search(re_lsm_disc, event_data) match_id_25 = re.search(re_lsm_rec, event_data) match_ip_lsm = re.search(re_ip_lsm, event_data) if match_id_21 != None: if match_ip_lsm != None: df = append_results(df, match_id_21.group(1), 'successful RDP logon', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_22 != None: if match_ip_lsm != None: df = append_results(df, match_id_22.group(1), 'successful RDP logon with GUI Desktop', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_24 != None: if match_ip_lsm != None: df = append_results(df, match_id_24.group(1), 'user has disconnected from an RDP session', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif match_id_25 != None: if match_ip_lsm != None: df = append_results(df, match_id_25.group(1), 'user has reconnected to an existing RDP session', match_ip_lsm.group(1), match_sys_time.group(1), 'LocalSessionManager_Operational') elif input == 'security': if not print_security: print('Searching for matching events in Security logs...This may take a while...') print_security = True match_id_4624 = re.search(re_sec_login, event_data) match_id_4778 = re.search(re_sec_reconnect, event_data) match_id_4779 = re.search(re_sec_disconnect, event_data) if match_id_4624 != None: match_ip_4624 = re.search(re_ip_login, event_data) if match_ip_4624 != None: df = append_results(df, match_id_4624.group(1), 'User successfully logged on', match_ip_4624.group(1), match_sys_time.group(1), 'Security') elif match_id_4778 != None: match_ip_4778 = re.search(re_ip_rec, event_data) if match_ip_4778 != None: df = append_results(df, match_id_4778.group(1), 'The user reconnected', match_ip_4778.group(1), match_sys_time.group(1), 'Security') elif match_id_4779 != None: match_ip_4779 = re.search(re_ip_rec, event_data) if match_ip_4779 != None: df = append_results(df, match_id_4779.group(1), 'The user disconnected', match_ip_4779.group(1), match_sys_time.group(1), 'Security') write_results(df) df = pd.DataFrame(columns=['EventID', 'Info', 'IP', 'SystemTime', 'Log']) path_prefix = 'winevt/Logs/' log_prefix = 'Microsoft-Windows-TerminalServices-' try: print('Reading data from RemoteConnectionManager%4Operational.evtx...') read_data(df, path_prefix + log_prefix + 'RemoteConnectionManager%4Operational.evtx', 'rcm') except: print('Failed to read RemoteConnectionManager%4Operational.evtx') try: print('Reading data from LocalSessionManager%4Operational.evtx...') read_data(df, path_prefix + log_prefix + 'LocalSessionManager%4Operational.evtx', 'lsm') except: print('Failed to read LocalSessionManager%4Operational.evtx') try: print('Reading data from Security.evtx...') read_data(df, path_prefix + 'Security.evtx', 'security') except: print('Failed to read Security.evtx')   requirements.txt: alive_progress==2.4.1 Evtx==0.7.3 pandas==1.3.1   Source: github.com

A computer keyboard lit by a displayed cyber code is seen in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/   ROME/LONDON, Feb 6 (Reuters) - Global ransomware activity that targeted thousands of computer servers in Italy and other countries was probably the handiwork of criminal hackers and not a state or state-like entity, the Italian government said on Monday.   Italy's National Cybersecurity Agency (ACN) said on Sunday that hackers had targeted thousands of computer servers around the world running on VMware "ESXi" software.   "No evidence has emerged pointing to aggression by a state or hostile state-like entity", an Italian government statement said, adding that no major Italian institution or company operating in critical national security sectors had been affected.   The hack was identified on Feb. 3 and reached its peak on Sunday, said the statement, which added that the hackers were taking advantage of a software exploit first identified two years earlier, in February 2021.   "Some of the recipients of that advice took the warning into due consideration, others did not and unfortunately are now paying the consequences," the statement added.   VMware's "ESXi" is a kind of hypervisor - software which runs virtual computers. Those virtual systems are sold by some internet hosting companies as low-cost alternatives to running real, physical servers.   A VMware spokesperson said it released an update in 2021 which fixed the issue and urged its customers to patch their systems.   The attack has hit thousands of servers globally, according to data compiled by U.S.-based cybersecurity firm, Censys, with the majority of affected servers in France, followed by the United States and Germany.   "It's somewhat effective but has had a mixed impact. A number of organisations have recovered their virtual machines without having to restore from a backup," said Daniel Card, a cybersecurity consultant based in Britain.   "It appears to be targeting victims mainly in Western countries, but does not look highly sophisticated," Card added.   Via reuters.com

chip8c As an alternative to an emulator, this tool translates CHIP-8 binaries into equivalent C code, which can be compiled on POSIX-compliant OSes with ncurses. This is just a proof of concept, and the way it works could be still improved (see Details).   Usage Compiling the tool: make   Translating a CHIP-8 binary: ./chip8c breakout.ch8     Running the above will produce 3 files: mem.h - memory map of the binary breakout.ch8.c - translated C breakout.ch8.bin - runnable binary   CHIP-8 has its own keyboard layout. To interact with the binary, use mapped keys: 1 2 3 C --mapped as--> 1 2 3 4 4 5 6 D Q W E R 7 8 9 E A S D F A 0 B F Z X C V   Some CHIP-8 executables can be found on repos like this one. The ones that were tested and work well include pong, breakout and trip8 demo.   Details What the tool was created for, is to check whether it's feasible to decompile machine code into a long switch-case, where the switched value is the program counter register, and the cases are instruction addresses coupled with code performing register and IO manipulation equivalent to that of a given instruction set.   Insides of the resulting switch-case look like the following example: switch (pc) { /* ... */ case 0x0200: reg[0] = reg[6]; case 0x0202: reg[1] = 0xFC; case 0x0204: reg[0] &= reg[1]; case 0x0206: regi = 0x30C; /* ... */ case 0x0242: reg[0] = 0xFE; case 0x0244: reg[9] ^= reg[0]; case 0x0246: stack[sp++] = 0x0246 + 2; pc = 0x2A4; break; case 0x0248: reg[5] += 0x01; case 0x024A: stack[sp++] = 0x024A + 2; pc = 0x2A4; break; case 0x024C: if (reg[5] != 0x60) { pc = 0x024C + 4; break; } /* ...*/ }   Worth noting, that breaking out from the switch-case is required only when jumps are performed, in all other cases it suffices to allow for the default linear flow.   There are a few disadvantages of the technique: Code gets separated from data, so whatever takes advantage of von Neumann architecture won't work. A hexdump of a translated binary must be included in the resulting C file, so it could access its static data. Jumps to unexpected addresses aren't handled (odd addresses, for instance).   This implementation uses ncurses for IO, which was chosen for its popularity and simplicity, but it's not a good fit for mimicking IO of CHIP-8. For instance, the instructions EX9E and EXA1 work best if the program maintains a map of keys that are currently pressed. It seems that ncurses doesn't detect key releases, so its hard to maintain such a map.   Also, it would be nice if Unicode block characters could be used for the output, then neighbouring pairs of pixels could be packed into one of:  , ▀, ▄ and █ to simulate nice looking square pixels.   Download: chip8c-main.zip   or   git clone https://github.com/kiryk/chip8c.git   Source  

,,,o noua forma de antena Batwing mai usor de construit...https://postimg.cc/gallery/RJ2Z4kH

atentie eu iti recomand sa nu te folosesti de descriierele produselor direct din csv , nu ai sa rankezi deloc , mai ales daca ai produse uzuale , daca ai o nisha mai speciala poate ca se merita . unde am avut eu noroc a fost la anvelope

Ai incercat aici   

salutare am si eu un dvr AKU model AK2808X la care am uitat parola de admin credeti ca ma puteti ajuta si pe mine va rog? cristianf2013@yahoo.com

Salut, il mai are cineva?   http://www.javascriptkit.com/howto/externalhtml.shtml   P.S. il voiam pe ala al lui Neme

Daca vrei sa te ajut cu seo sa ti indexezi site-ul si sa rankezi cat de cat da mi un mesaj. Sau macar cu seo onpage

Tally.Work is an AI cover letter generator that creates a cover letter from your resume and a job description in seconds. It's intuitive, saves you time and works great as a starting point.   URL: https://tally.work   Via Google