Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 05/17/19 in all areas

  1. 9 points
    Voi porni aici o lista cu plangeri care va ramane pinned sa o vada toti cei care se gandesc sa angajeze de pe RST. Tineti bine minte ca toata lumea exagereaza in caracterizarea sa personala pentru a obtine un job. Nu mai credeti toate balivernele debitate de oricine de pe aici. Verificati portofoliile si urmariti-le activitatea pe retelele sociale sa va dati seama ce fel de oameni sunt. Daca nu aveti acces la ele, macar intrebati useri de pe aici ce parere au de alti useri. Trimiteti-mi pe PM alte topicuri de genul care va vin in minte sa le adaug in lista.
  2. 5 points
    Why? I needed a simple and reliable way to delete Facebook posts. There are third-party apps that claim to do this, but they all require handing over your credentials, or are unreliable in other ways. Since this uses Selenium, it is more reliable, as it uses your real web browser, and it is less likely Facebook will block or throttle you. As for why you would want to do this in the first place. That is up to you. Personally I wanted a way to delete most of my content on Facebook without deleting my account. Will this really delete posts? I can make no guarantees that Facebook doesn't store the data somewhere forever in cold storage. However this tool is intended more as a way to clean up your online presence and not have to worry about what you wrote from years ago. Personally, I did this so I would feel less attached to my Facebook profile (and hence feel the need to use it less). How To Use Make sure that you have Google Chrome installed and that it is up to date, as well as the chromedriver for Selenium. See here. On Arch Linux you can find this in the chromium package, but it will vary by OS. pip3 install --user delete-facebook-posts deletefb -E "youremail@example.org" -P "yourfacebookpassword" -U "https://www.facebook.com/your.profile.url" The script will log into your Facebook account, go to your profile page, and start deleting posts. If it cannot delete something, then it will "hide" it from your timeline instead. Be patient as it will take a very long time, but it will eventually clear everything. You may safely minimize the chrome window without breaking it. How To Install Python MacOS See this link for instructions on installing with Brew. Linux Use your native package manager Windows See this link, but I make no guarantees that Selenium will actually work as I have not tested it. Bugs If it stops working or otherwise crashes, delete the latest post manually and start it again after waiting a minute. I make no guarantees that it will work perfectly for every profile. Please file an issue if you run into any problems. Sursa: https://github.com/weskerfoot/DeleteFB
  3. 5 points
    Salut maestre, bine ai venit pe la noi. Sper sa gasesti informatie de ajutor pe aici cat si sa imparti din cunostintele tale. Totodata, iti sugerez sa eviti conflictele cu oamenii a caror minte inca ii in cuptor la copt.
  4. 4 points
    Am niste timp liber in urmatoarele 2-3 saptamani Asa daca ai nevoie de support cu site-uri, scripturi, etc nu ezitati sa ma contactati. Ofer serviciile gratis in limita timpului disponibil bineinteles.
  5. 4 points
    si te miri ca iti iei teapa de la tigani
  6. 4 points
    Salut, in Romania, mai ales daca site-ul este mic, nu prea ai ce sa patesti. Tre sa stii ca toate temele "nulled" au backdoor-uri, te-ai putea trezi cu deface, spam pe mail de pe serverul tau, adware pe site, poate sa iti fure cineva trafficul de pe site, sa te trezesti cu backlink-uri, iar tu sa fii singura persoana de pe site-ul tau care nu stie. Cel mai ok este sa o cumperi daca nu vrei sa ai astfel de probleme, poti sa mai incerci sa o cureti tu sau sa folosesti o tema gratis de pe https://wordpress.org/themes/ . Update: Ca o mica paranteza, eu mai fac site-uri (ad), iar o gramada de oameni care si-au facut site-ul cu diferite firme sau freelanceri, cei cu care au lucrat au pus tema "nulled" pe site-urile clientiilor. Oamenii respectivi m-au sunat disperati, ca au fost banati de google adsense, facebook (platforme unde isi faceau reclama), sau au cazut din pozitii in google din cauza ca aveau adware pe site, adware-ul era pus cu un if, astfel incat adminul nu vedea reclamele, iar toate celelalte persoane vedeau aceste reclame. Nu recomand nimanui sa isi puna tema sau script "nulled", poate ramai cu $50, dar pierzi mult mai mult (timp investit, bani investiti, s.a.m.d).
  7. 4 points
    Datz cu flodu' an huawei Google has suspended business operations with Huawei effectively immediately, a forced move that will have a dramatic impact on Huawei devices across the globe. According to Reuters, citing a source close to the matter, Google was forced into suspending business with Huawei that “requires the transfer of hardware and software products.” “Huawei Technologies Co Ltd will immediately lose access to updates to the Android operating system, and the next version of its smartphones outside of China will also lose access to popular applications and services including the Google Play Store and Gmail app,” Reuters noted. This effectively means no further Android security updates for devices new and old, including the recent P30 and P30 Pro, Mate 20 Pro, and many more. https://www.androidauthority.com/huawei-loses-access-to-google-android-987873/?fbclid=IwAR06vhn-lqHm7LmzV1XAXWLAkkzgKx0KIzmtYcrC-whCfM7ANvee41EsnAI
  8. 4 points
    @gaddafi Fara nume boss, postati pe facebook, in ziare sau unde vreti dar nu faceti magarii de genu asta pe RST, vorba aia, bateti-va, dar nu in incinta scolii
  9. 4 points
    tiganul e tigan si in ziua de paste. Cel mai corect tigan e ala cu toporul in cap. Mai are un user, asta - https://rstforums.com/forum/profile/212769-c3m3d3/
  10. 4 points
    Salut, ma numesc Raul am 26 ani si lucrez ca si penetration tester de cateva luni..Cam de un an m-am apucat de securitate in momentul de fata am luat OSCP acum 4 luni si acum ma inscriu pentru OSCE si AWAE(amandoua in acelasi timp). Profilul meu de hackthebox ii https://www.hackthebox.eu/profile/31011 Am si un canal de youtube unde postez diferite tutoriale daca pot sa le numesc asa si ce fac in timpul liber. https://www.youtube.com/channel/UC8DIQeAuFw0vBxTWJ4xCHGg?view_as=subscriber Daca pot sa ajut cu ceva nu ezitati sa ma contactati Va multumesc,
  11. 3 points
    ofer servicii de programare , doar atit si nu veniti cu ilegalitati
  12. 3 points
    Sursa: https://m.habr.com/ru/company/dsec/blog/452836/ Digital Security Company Blog Information Security Network technologies forkyforky may 28 Web tools, or where to start pentester? We continue to talk about useful tools for pentester. In the new article we will look at tools for analyzing the security of web applications. Our colleague BeLove already did a similarselection about seven years ago. It is interesting to see which tools have retained and strengthened their positions, and which have faded into the background and are now rarely used. Note that the Burp Suite also applies here, but there will be a separate publication about it and its useful plugins. Content: Amass Altdns aquatone MassDNS nsec3map Acunetix Dirsearch wfuzz ffuf gobuster Arjun LinkFinder Jsparser sqlmap NoSQLMap oxml_xxe tplmap CeWL Weakpass AEM_hacker Joomscan WPScan Amass Amass is a Go tool for searching and iterating DNS subdomains and mapping an external network. Amass is an OWASP project created to show how organizations on the Internet look to an outsider. Amass gets the names of subdomains in various ways, the tool uses both recursive enumeration of subdomains and search in open sources. To find connected network segments and autonomous system numbers, Amass uses the IP addresses obtained during operation. All found information is used to build a network map. Pros: Information collection techniques include: * DNS - enumeration of subdomains in a dictionary, bruteforce subdomains, “smart” enumeration using mutations based on the found subdomains, reverse DNS requests and search for DNS servers on which it is possible to request a zone transfer request ( AXFR); * Search for open sources - Ask, Baidu, Bing, CommonCrawl, DNSDB, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ThreatCrowd, VirusTotal, Yahoo; * Search TLS certificate databases - Censys, CertDB, CertSpotter, Crtsh, Entrust; * Using the API of search engines - BinaryEdge, BufferOver, CIRCL, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan, Twitter, Umbrella, URLScan; * Search the web archives of the Internet: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback; Integration with Maltego; Provides the most complete coverage for the task of finding DNS subdomains. Minuses: Be careful with amass.netdomains — he will try to access each IP address in the identified infrastructure and obtain domain names from reverse DNS queries and TLS certificates. This is a "loud" technique, it can reveal your intelligence actions in the organization under study. High memory consumption can consume up to 2 GB of RAM in different settings, which will not allow running this tool in the cloud on a cheap VDS. Altdns Altdns is a Python tool for compiling dictionaries for brute force DNS subdomains. Allows you to generate many options for subdomains using mutations and permutations. To do this, use words that are often found in subdomains (for example: test, dev, staging), all mutations and permutations are applied to already known subdomains, which can be submitted to the input of Altdns. The output is a list of variations of subdomains that may exist, and this list can later be used for DNS brute force. Pros: Works well with large data sets. aquatone aquatone - was previously better known as another tool for finding subdomains, but the author himself abandoned this in favor of the aforementioned Amass. Now aquatone is rewritten to Go and more geared for pre-exploration of websites. To do this, aquatone passes through the specified domains and searches for websites on different ports, after which it collects all the information about the site and makes a screenshot. Convenient for quick preliminary exploration of websites, after which you can select priority targets for attacks. Pros: At the output, it creates a group of files and folders that are conveniently used for further work with other tools: * HTML report with collected screenshots and response headers grouped by similarity; * File with all the URLs on which the websites were found; * File with statistics and data page; * Folder with files containing the response headers from the found targets; * Folder with files containing the response body from the found targets; * Screenshots of found websites; Supports work with XML reports from Nmap and Masscan; Uses headless chrome / chromium for screenshots rendering. Minuses: It may attract the attention of intrusion detection systems, and therefore requires adjustment. The screenshot was made for one of the old versions of aquatone (v0.5.0), in which the search for DNS subdomains was implemented.Older versions can be found on the release page. Screenshot aquatone v0.5.0 MassDNS MassDNS is another tool for finding DNS subdomains. Its main difference is that it makes DNS queries directly to many different DNS resolvers and does so with considerable speed. Pros: Fast - able to resolve more than 350 thousand names per second. Minuses: MassDNS can cause a significant load on the DNS resolvers used, which can lead to a ban on these servers or complaints to your provider. In addition, it will cause a large load on the company's DNS servers, if they have them and if they are responsible for the domains you are trying to resolve. The list of resolvers is currently outdated, but if you select broken DNS resolvers and add new known ones, everything will be fine. nsec3map nsec3map is a Python tool to get a complete list of DNSSEC protected domains. Pros: Quickly detects hosts in DNS zones with a minimal number of queries if DNSSEC support is enabled in the zone; As part of the plugin for John the Ripper, which can be used to crack the resulting NSEC3 hashes. Minuses: Many DNS errors are handled incorrectly; There is no automatic parallelization of processing NSEC records - you have to split the namespace manually; High memory consumption. Acunetix Acunetix is a web vulnerability scanner that automates the process of checking web application security. Tests the application for SQL injection, XSS, XXE, SSRF, and many other web vulnerabilities. However, just like any other scanner of multiple web vulnerabilities does not replace the pentester, since complex chains of vulnerabilities or vulnerabilities in logic cannot be found. But it covers a lot of different vulnerabilities, including different CVEs, which the pentester could have forgotten, therefore, it is very convenient to get rid of routine checks. Pros: Low level of false positives; Results can be exported as reports; Performs a large number of checks for different vulnerabilities; Parallel scanning of multiple hosts. Minuses: There is no de-duplication algorithm (Acunetix pages that are of the same functionality will be considered different, because different URLs lead to them), but the developers are working on it; Requires installation on a separate web server, which makes it difficult to test client systems with a VPN connection and use the scanner in an isolated segment of the local client network; It can “rustle” the service under study, for example, send too many attacking vectors to the communication form on the site, thereby greatly complicating business processes; It is a proprietary and, accordingly, non-free solution. Dirsearch Dirsearch is a Python tool for brute force directories and files on websites. Pros: It can distinguish real “200 OK” pages from “200 OK” pages, but with the text “page not found”; Comes with a handy dictionary that has a good balance between size and search efficiency. Contains standard paths typical of many CMS and technology stacks; Its dictionary format, which allows to achieve good efficiency and flexibility of searching files and directories; Convenient output - plain text, JSON; Able to do throttling - a pause between requests, which is vital for any weak service. Minuses: Extensions must be passed as a string, which is inconvenient if you need to transfer many extensions at once; In order to use your dictionary, it will need to be slightly modified to the format of the Dirsearch dictionaries for maximum efficiency. wfuzz wfuzz - Python-fazzer web applications.Probably one of the most famous web phasers.The principle is simple: wfuzz allows phasing any place in an HTTP request, which allows phasing of GET / POST parameters, HTTP headers, including Cookies and other authentication headers. At the same time, it is convenient for simple brute force directories and files, for which you need a good dictionary. It also has a flexible filter system, with which you can filter the responses from the website by different parameters, which allows you to achieve effective results. Pros: Multifunctional - modular structure, assembly takes several minutes; Convenient filtering and fuzzing mechanism; You can phase out any HTTP method, as well as any place in the HTTP request. Minuses: In the state of development. ffuf ffuf - a web-fazer on Go, created in a similar fashion to wfuzz, allows files, directories, URL paths, names and values of GET / POST parameters, HTTP headers, including the Host header for virtual hosts brute-force. Wfuzz differs from its colleague by higher speed and some new features, for example, Dirsearch format dictionaries are supported. Pros: Filters are similar to wfuzz filters, allow flexible configuration of brute force; Allows fuzzing HTTP header values, data from POST requests and various parts of the URL, including the names and values of GET parameters; You can specify any HTTP method. Minuses: In the state of development. gobuster gobuster - a tool for Go for intelligence, has two modes of operation. The first one is used for brute-force files and directories on the website, the second one is used to iterate over the DNS subdomains. The tool initially does not support recursive enumeration of files and directories, which, of course, saves time, but on the other hand, the brute force of each new endpoint on the website needs to be launched separately. Pros: High speed for both brute force DNS subdomains, and for brute force files and directories. Minuses: The current version does not support the installation of HTTP headers; By default, only some of the HTTP status codes (200,204,301,302,307) are considered valid. Arjun Arjun is a tool for brute-force hidden HTTP parameters in GET / POST parameters, as well as in JSON. The built-in dictionary has 25,980 words that Ajrun checks in almost 30 seconds.The trick is that Ajrun does not check each parameter separately, but checks immediately ~ 1000 parameters at a time and looks to see if the answer has changed. If the answer has changed, then divides this 1000 parameters into two parts and checks which of these parts affects the answer. Thus, using a simple binary search, a parameter or several hidden parameters are found that influenced the answer and, therefore, can exist. Pros: High speed due to binary search; Support for GET / POST parameters, as well as parameters in the form of JSON; By the same principle, the Burp Suite plugin also works - param-miner , which is also very good at finding hidden HTTP parameters. We will tell you more about it in the upcoming article about Burp and its plugins. LinkFinder LinkFinder is a Python script for searching links in JavaScript files. Useful for finding hidden or forgotten endpoints / URLs in a web application. Pros: Fast; There is a special plugin for Chrome based on LinkFinder. . Minuses: Inconvenient final conclusion; Does not analyze JavaScript in dynamics; Quite simple link search logic - if JavaScript is obfuscated in some way, or the links are initially missing and dynamically generated, you will not be able to find anything. Jsparser JSParser is a Python script that uses Tornadoand JSBeautifier to analyze relative URLs from JavaScript files. Very useful for detecting AJAX requests and compiling a list of API methods with which the application interacts. Effectively paired with LinkFinder. Pros: Quick parsing javascript files. sqlmap sqlmap is probably one of the most well-known tools for analyzing web applications. Sqlmap automates the search and operation of SQL injections, works with several SQL dialects, has in its arsenal a huge number of different techniques, ranging from quotes head-on and ending with complex vectors for time-based SQL injections. In addition, it has many techniques for further exploitation for various DBMS, therefore, it is useful not only as a scanner for SQL injections, but also as a powerful tool for exploiting already found SQL injections. Pros: A large number of different techniques and vectors; Low number of false positives; Many possibilities for fine tuning, various techniques, target database, tamper scripts for bypassing WAF; Ability to create dump output data; Many different operating possibilities, for example, for some databases - automatic file upload / download, command execution ability (RCE) and others; Support for direct connection to the database using the data obtained during the attack; At the entrance, you can submit a text file with the results of the work Burp - no need to manually compile all the attributes of the command line. Minuses: It is difficult to customize, for example, to write some of your checks due to poor documentation for this; Without the appropriate settings conducts an incomplete set of checks, which can be misleading. NoSQLMap NoSQLMap is a Python tool for automating the search and operation of NoSQL injection. It is convenient to use not only in NoSQL databases, but also directly when auditing web applications using NoSQL. Pros: As well as sqlmap, it allows not only to find a potential vulnerability, but also checks the possibility of its exploitation for MongoDB and CouchDB. Minuses: Does not support NoSQL for Redis, Cassandra, is being developed in this direction. oxml_xxe oxml_xxe is a tool for embedding XXE XML exploits into various file types that use an XML format in some form. Pros: It supports many common formats, such as DOCX, ODT, SVG, XML. Minuses: Not fully supported PDF, JPEG, GIF; Creates only one file. To solve this problem, you can use the docem tool , which can create a large number of files with paylodes in different places. The aforementioned utilities do an excellent job with XXE testing when loading documents containing XML. But also do not forget that XML format handlers can occur in many other cases, for example, XML can be used as a data format instead of JSON. Therefore, we recommend to pay attention to the following repository containing a large variety of payloads: PayloadsAllTheThings . tplmap tplmap is a Python tool to automatically detect and exploit Server-Side Template Injection vulnerabilities. It has settings similar to sqlmap and flags. It uses several different techniques and vectors, including blind-injections, and also has techniques for executing code and loading / unloading arbitrary files. In addition, it has in its arsenal techniques for a dozen different engines for templates and some techniques for searching eval () - like code injections in Python, Ruby, PHP, JavaScript. In case of successful operation, opens an interactive console. Pros: A large number of different techniques and vectors; Supports many engines for rendering templates; A lot of maintenance techniques. CeWL CeWL is a Ruby dictionary generator, created to extract unique words from a specified website, following links on a website to a specified depth.Compiled dictionary of unique words can be used later for brute-force passwords on services or brute-force files and directories on the same web site, or to attack hashes obtained using hashcat or John the Ripper. Useful in compiling a “target” list of potential passwords. Pros: Easy to use. Minuses: You need to be careful with the depth of search, so as not to capture an extra domain. Weakpass Weakpass is a service containing many dictionaries with unique passwords. It is extremely useful for various tasks related to password cracking, ranging from simple online brute-force accounts to target services, ending off-line brute-force hashes obtained usinghashcat or John The Ripper . There are about 8 billion passwords in length from 4 to 25 characters. Pros: Contains both specific dictionaries and dictionaries with the most common passwords - you can choose a specific dictionary for your own needs; Dictionaries are updated and updated with new passwords; Dictionaries are sorted by efficiency. You can choose the option for quick online brute, as well as for a detailed selection of passwords from the extensive dictionary with the latest leaks; There is a calculator showing the time for password brutus on your hardware. In a separate group, we would like to bring the tools for CMS checks: WPScan, JoomScan and AEM hacker. AEM_hacker AEM hacker is a tool for detecting vulnerabilities in Adobe Experience Manager (AEM) applications. Pros: Can detect AEM-applications from the list of URLs submitted to the entrance; It contains scripts for obtaining RCE by loading a JSP shell or using SSRF. Joomscan JoomScan is a Perl tool to automate the detection of vulnerabilities when deploying a Joomla CMS. Pros: Able to find configuration flaws and problems with admin settings; Lists Joomla versions and related vulnerabilities, similar for individual components; Contains more than 1000 exploits for Joomla components; The output of final reports in text and HTML-formats. WPScan WPScan - a tool for scanning sites on WordPress, has in its arsenal vulnerabilities for the WordPress engine itself, as well as for some plugins. Pros: Able to list not only unsafe WordPress plugins and themes, but also to get a list of users and TimThumb files; Can conduct brute force attacks on WordPress sites. Minuses: Without the appropriate settings conducts an incomplete set of checks, which can be misleading. In general, different people prefer different tools for work: they are all good in their own way, and what one person liked, may not suit another. If you think that we have undeservedly bypassed some good utility, write about it in the comments! +43 3748 +43 11.3k374 20 Karma 56,8 Rating @forkyforky User 6 subscribers Share publication Comments 8 Открой дропшиппингмагазинДропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!Дропшиппинг сотрудничество. Открывай свой магазин с популярными товарами у нас!azimut-shop17.tkПерейтиЯндекс.Директ RELATED PUBLICATIONS December 30, 2015 Security of web resources of banks of Russia August 24, 2015 SCADA and mobile phones: safety assessment of applications that turn a smartphone into a plant control panel September 24, 2013 Information security in Australia, and why pentest there is no longer a cake POPULAR PER DAY yesterday at 10:10 Akihabara: Otaku nesting site yesterday at 01:22 PHP Digest number 157 (May 20 - June 3, 2019) yesterday at 14:22 GandCrab authors stop working: they claim they stole enough 2 June About the engineering approach I put in a word yesterday at 14:24 How we made a safe deal for freelance: give a choice, cut features, compare commissions Language settings Full version 2006-2019 © « TM »
  13. 3 points
    Foloseste nulled fara probleme. Nu se intampla nimic. Astea-s legende. Informatia si proprietatea intelectuala trebuie sa fie gratis. Munca cu capu' nu e munca frate. Nu merita sa platesti pentru nimic. Site-urile se fac degeaba fara sa obtii nimic de pe urma lor.
  14. 3 points
    Buna ziua, Eu sunt un agent SRI insarcinat cu asasinarea tradatorului @brdan18. Solicit ajutorul vostru, celor de pe forum pentru a prinde si totrura acest tradator masonic care a indraznit sa atace rasa suprema care conduce aceasta tara. Mesajul meu pentru @brdan18 este simplu: Stai te rog acasa ca vin pe la tine cu 2-3 insi si te rezolvam! Nu mai tradezi tu conducatorii nostri si sa le strici jocurile de manipulare si sclavie. Invatati-va sa fiti sclavi supusi statului, daca nu poate trecem si pe la voi cu "sorcova".
  15. 3 points
    Salutare ! Cu multi ma cunosc cu altii mai putin, si nu imi sta in fire sa discut despre asa ceva. Scurta mea poveste incepe cu un anunt in MarketPlace unde cautam o persoana sa realizeze o aplicatie pentru mobil, zis si facut Sunt contactat de escrocul XXX ce se afla aici sub denumirea de @c3m3d3 ma inteleg cu el asupra pretului, ii spun ce doleante am merg a doua zi ii platesc un avans de aproximativ 50% din suma. Parea serios si am spus hai sa lucram, imi spune ca este destul de ocupat si ca va dezvolta mai greu ... Primul termen imi arata 4 poze din photoshop oribile facute la rezepeaza "m-am gandit zic este varianta demo se imbunatateste" Si de aici a inceput calvarul imi spune ca ne vedem pe data x sa vad ce a mai facut fix in ziua respectiva schimba deadline dintr-un motiv pueril nu ma deranjat inteleg Dupa inca o saptamana imi spune ca merge la nu stiu ce competitie si ca va lucra "culmea imi spunea variante de ideei de imbunatatit fara costuri extra" ce suna minunat deja ma gandeam sa il angajez. Vine ziua prezentari dinou o scuza si-a pierdut contul de GITHUB daca am scris eu corect "cum naiba sa iti pierzi ghithub-ul?" alta vrajeala puerila si imi da un al 4-lea deadline la care imi spune domnule pana la ora 2 dimineata este totul gata. M-am gandit se mai intampla sa se inceapa cu stangul ... asta este, ii comunic ca deja ajungand la al 4-lea deadline ma vad fortat sa lucrez cu altcineva dar el sa isi continue ce are de facut dar el sa isi faca aplicatia pentru ca este platit si fiecare pe drumul lui. Vine ora 2 dimineata aproximativ , surprizaaaaaa aplicatia nu este gata , nu avea pachetele implementate nici macar scrise , nu avea metoda de plata adaugata ... ea defapt este cam 30% facuta si sunt doar acel design pueril si cam atat. El batanduse cu pumni in piept ca este 95% gata , astazi imi spune ca nu a facut pachetele si nici metoda de plata NICI NUMELE LA EA NU ESTE SCRIS CORECT " dupa expertiza altui prieten de pe RST spune ... aplicatia a fost facuta de mantuiala in ultimele ore EL imi tot spunea domne iti dau refund "UNDE IMI DAI REFUND DESTEPTULE CA TI-AM FACUT DEPUNERE IN CONTUL TAU" pe data de 8 iunie etc.., I-am spus ca nu ma intereseaza refundul pentru ca timpul este mai pretios decat cateva sute de lei iar pentru mine 2 saptamani inseamna enorm de mult timp pierdut Daca aveti nevoie de amuzament am sa postez discutia integrala cu el de aseara ce cred ca va devenii virala. Am fost cel mai bun client al lui ever, nu am deranjat , am platit , am asteptat dar deja ma trecut la categoria de prost. I-am mai dat o sansa si i-am spus sa se maturizeze si sa termine aplicatia raspunand ca el a fost deja contactat de alti pentru alte proiecte. O sursa imi spune ca el dezvolta aplicatia mea si ideea mea pentru el personal. In fine, am scris aici ce am avut de impartit cu el, daca stimabilul XXX doreste pot posta si conversatia sa se traga concluzii de ceilalalti membri. Imi rezum dreptul de a publica in ziarele mele locale experienta cu el pentru persoanele de bune credinta ce vor sa lucreze cu cineva sa stie de cine sa se fereasca. A fost gresala mea sa ma incred intr-un freelancer si sa ii trimit bani, dar sunt om ce traieste printre oameni Uitasem sa spun: Am platit si conturile de developers pentru google market place la indrumarea stimabilului escroc
  16. 3 points
    Sa primiti muie amandoi, este ceea ce meritati. Veniti cu texte din astea "iti voi da refund", pai ba baiatule, daca erai putin serios faceai asta fara atata circ pe aici, si cel ce a cerut la fel. Daca si voi sunteti profesionisti eu sunt Steve Jobs. Trebuia sa stabiliti o data cand aplicatia trebuia finalizata 100% dar voi o ardeti ca ciorile pe aici cu cacaturi ieftine. M U I E
  17. 3 points
    Amandoi mint cu ceva. Dupa observarea mea a acestui topic timp de 10 minute, dupa cuvintele alese de ambii si exprimarea unor lucruri prin acele cuvinte, tind sa cred ca asta de mai sus baga povestea cat mai deep incat sa se scoata, dar in acelasi timp suna si plauzibil ce zice el. Sau? Cu permisiunea lui? Ce pula mea, tu l-ai scris... intelegi? I-ai dat aplicatia dupa 2 zile de la deadline ca sa-i arati ce ai facut pana acum? Poate dac-o bagai pe aia cu "Salut, nu am apucat sa-ti termin aplicatia. Uite ce am facut pana acum: daca mai doresti sa colaboram pot sa ti-o termin pana-n x, daca nu... imi cer scuze pentru timpul pierdut, iti pot inapoia banii." Celalalt, pe de o parte, e frustrat si el de ceva, dar nu stiu ce inca. Revin cu edit. Poate.
  18. 3 points
    Nu mai angajati toti papagalii. Verificati-le portofoliul si tot ce puteti inainte sa-i angajati. Toata lumea zice ca face orice in cel mai scurt timp. Povestioara lui cmed, care se contureaza din ce in ce mai tare din posturile precedente, e intr-adevar shady, dar asta se datoreaza caracterului sau toxic. Am observat asta inca de acum vreo 4 ani de cand am auzit prima oara de el; e o caracteristica genetica cel mai probabil. Insa, referitor la subiect, am sa raman la parerea mea, raportata la experienta mea ca dev, ca vina a fost de ambele parti. Din ce am povestit si pe chat, Kfollow se astepta ca toata treaba sa fie gata in 6-8 zile. Nu conteaza ce-ti zice devul, e de datoria ta de client sa-ti alegi devul si sa-ti asumi vina daca ai dat de un pubertar mega star cu foarte multa experienta dar in acelasi timp incapabl sa-ti finalizeze proiectul. Sper doar ca topicul asta sa serveasca drept exemplu altora care intentioneaza sa mai angajeze pe cineva de-aici.
  19. 3 points
    Bai frate .. m-am uitat in mare peste conversatii. Ca hackaton, pierdut cont de github si altele de genul nu exista intr-o intelegere cu un client. Cu deadline-urile am mai gresit-o si eu dar sa ma apuc sa motivez cu de alea ca mi-a fugit pisica dupa o cioara-n calduri si a trebuit sa o caut ... nu. Nu stiu la ce va mai certati.
  20. 3 points
    Posteaza conversatia aici sa ramana in adancurile Google.
  21. 3 points
    Versiunea 2018 editia a Va https://b-ok.cc/book/3586769/2d5561 Mersi @gaddafi pentru site.
  22. 3 points
    Cel putin cei de la Netflix au echipa tehnica care tot ce face e sa adauge VPN-uri in lista de blacklist doar ca sa nu te poti uita la Netflix cu VPN-uri si proxy-uri de US. Ce te face sa crezi ca exista programele scrise de oameni plictisiti in weekend care-s capabile sa-ti descarce tie filme, gratis? Aveam impresia ca a murit mentalitatea asta ca orice e posibil daca esti hecar. De unde tot apareti? Esti dispus sa platesti hecari dar nu esti dispus sa platesti un abonament netflix de $10 pe luna? Adica ce esti dispus sa platesti? $1 pe an? Ce ti se pare tie acceptabil sa vezi cateva mii de filme cat au aia pentru $10/luna? Foloseste si tu torrentii ca toti ceilalti, nu o mai arde abstract pe aici.
  23. 2 points
    Sa inteleg ca va mira faptul ca sunt fraudate voturile? Lucrez in cadrul unei institutii publice, dar asta inseamna doar ca taci din gura si faci cum iti zice sefu’ ca altfel iti cauti de munca in alta parte. Am vazut oameni venind de acasa (?) cu stampilele de vot, altii iesind cu cate 5 buletine de vot si cei insarcinati cu supravegherea pur si simplu se faceau ca nu vad. Astea intr un orasel micut, la sate e jale. ‘Democratie’.
  24. 2 points
    110%, cartile de identitate se emit de la 14 ani.
  25. 2 points
    Veşnic în gânduri Veşnic în gânduri te sufoci Şi în capul tău mereu asculţi voci, Voci ce au acelaşi orizont ca vântul, Ce niciodată nu îşi spun cuvântul. Veşnic în gânduri te implici, Şi cu toate vrei să te explici, Nu lăsa să intre ca demonul, în tine Căci unele par a fi nişte cretine. Veşnic în gânduri vei dăinui, Căci imaginaţia pură te va tăinui, Şi stând singur lângă univers Mereu te găsi într-un vers.
  26. 2 points
    Digital Security Company Blog Information Security Reverse engineering dukebarman August 15, 2017 Favorites: reverse engineering links Sursa: https://m.habr.com/ru/company/dsec/blog/334832/ Hello! Today we would like to share our list of materials on reverse engineering (RE). This list is very extensive, because our research department is primarily concerned with the tasks of RE. In our opinion, the selection of materials on the topic is good for the start, while it may be relevant for a long time. We have been sending this list of links, resources, books for five years to people who would like to get into our research department, but they don’t yet pass by the level of knowledge or just begin their way in the field of information security. Naturally, this list, like most materials / selections, will need updating and updating in some time. Funny fact: we were shown how some companies send out our list of materials from themselves, but only in a very old edition. And after this publication, they will finally be able to use its updated version with a clear conscience;) So, let's go to the list of materials! Topics a. Reverse b. Search for vulnerabilities (fuzzing) c. Exploiting Vulnerabilities d. Malware Analysis Tools a. IDA Pro b. Radare2 c. WinDBG (Ollydbg / Immunity Debugger / x64dbg) d. GDB e. DBI f. SMT g. Python to automate h. BAF (Binary Analysis Frameworks) Architecture a. x86-x86_64 b. ARM OS a. Windows b. Linux c. Mac OS (OSX) / iOS d. Android File Formats a. PE b. ELF c. Mach-o Programming a. C / C ++ b. Assembler Practice a. War games 1. Topics In this section, we will look at the main areas of RE application. Let's start directly from the reverse development process itself, move on to finding vulnerabilities and developing exploits, and, of course, let's get to malware analysis. 1.a Reverse engineering Chris Kaspersky’s “The Art of Disassembling” is not new, but a very good and still up-to-date book from Chris with a good systematization of knowledge and excellent material; " Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation " - a "new" book from several well-known information security specialists covering some new issues and themes that are missing from Chris's book; " Reversal for Beginners " by Denis Yuryevich is a completely free book, already translated into many languages of the world. Here, probably, the most remarkable thing is the presence of interesting tasks after each chapter, while for several architectures at once; " Practical RE tips " - an excellent webinar in English from Gynvael Coldwind, containing many useful tips and scripts about RE; The resource "OPENSECURITYTRAINING.INFO " contains good educational lectures and videos on RE in English; " Digging Through the Firmware " is a good series of Practical Reverse Engineering articles - useful articles for those who are just about to dive into the world of device firmware reversal; " Training: Security of BIOS / UEFI System Firmware from Attacker and Defender Perspectives " - if you want to dive into the world of firmware security, UEFI BIOS, then you definitely need to familiarize yourself with these slides that were previously in paid training at leading security conferences; CRYPTO101 - a little introduction to cryptography, without which it can not do. 1.b Vulnerability Scan " Fuzzing: Brute Force Vulnerability Discovery" - although not a new book, it’s just right for understanding the basics of fuzzing. There is a translation into Russian, but it contains rather funny blunders; " Automatic search for vulnerabilities in programs without source texts " - a good introductory material in Russian, presented at PHDays 2011; " The Evolving Art of Fuzzing " - an article about the development of fuzzing; " Modern Security Vulnerability Discovery " - a compilation of different techniques for finding vulnerabilities in one document; " (State of) The Art of War: Offensive Techniques in Binary Analysis " - an all-in-one document on all existing vulnerability scan techniques; " The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities " is far from a new, but still relevant, book on different approaches to finding vulnerabilities. 1.c Examples of exploiting found vulnerabilities " Exploit Writing Tutorials by Corelan Team " ( translation ) - a famous series of posts on writing exploits and shellcodes, starting with the basics; " Exploit Development Community " ( partial translation ) - a series of articles on writing a combat exploit for IE 10 and 11 versions; " Modern Binary Exploitation " - materials from the RPISEC team from the training course they conducted at the Rensselaer Polytechnic Institute; " Web-archive of the blog company Vupen " - submerged blog with examples of exploiting complex vulnerabilities in VirualBox, XEN, Firefox, IE10, Windows Kernel, Adobe Flash, Adobe Reader; " Project Zero " - a blog from the research team of Google, where their experts often share interesting stories on the exploitation of various cool vulnerabilities; " Browser mitigations against memory corruption vulnerabilities " - protection technologies used in popular browsers: " Browsers and app specific security mitigation. Part 1 " " Browsers and app specific security mitigation. Part 2. Internet Explorer and Edge " " Browsers and app specific security mitigation. Part 3. Google Chrome " " SoK: Eternal War in Memory " is an excellent document that shows the attack model and describes various mechanisms to prevent exploitation at different stages for different types of vulnerabilities associated with memory corruption; " Writing Exploits for Win32 Systems from Scratch " - a detailed article on writing an exploit from scratch for a vulnerability in the SLMAIL program; Phrack - the famous hacker magazine Phrack. We recommend reading, first of all, the articles of the category "The Art of Exploitation"; " The Shellcoder's Handbook: Discovering and Exploiting Security Holes " is a legendary book on shellcode writing. 1.d Malware Analysis " Practical Malware Labs " - source for the book " Practical Malware Analysis "; " Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code " - we recommend this and the previous book with one set to those interested in this topic; " Malware Analysis Tutorials: a Reverse Engineering Approach " ( translation ) is a rather long series of articles devoted to setting up an environment with subsequent analysis of malware in it; " Course materials for Malware Analysis by RPISEC " - another course from RPISEC, only now about malware; " Computer viruses and antiviruses. Programmer's view " - even though the book examines malicious programs starting from the DOS times, it will still be useful, because besides analyzing the code of such programs, the author shows examples of writing antiviruses for each specific case. 2. Necessary tools Below are the popular tools used in RE. 2.a IDA Pro " The IDA Pro Book: The Unofficial Guide to the World Popular Disassembler " is a book that will make your acquaintance with IDA Pro easy and relaxed " TiGa's Video Tutorial Series on IDA Pro " - a selection of small HOW-TO videos using IDA Pro; " Open Analysis Live " - in contrast to the previous selection on the use of IDA Pro, this newer and more updated. Mostly, malware analysis is considered. 2.b Radare2 " The radare2 book " - the main book on the use of the Radare2 framework for reverse; " Radare2 Cheatsheet " - "cheat sheet" for the main teams; " Radare Today - the blog of radare2 " - framework blog. There are not only news, but also practical examples. 2.c WinDBG (Ollydbg / Immunity Debugger / x64dbg) Without knowledge of the principles of the debugger and the ability to use it, too, can not do. Below we look at debuggers for Windows OS, and in the next paragraph we will focus on the famous GDB. So, let's go: Advanced Windows Debugging: Developing and Administering Reliable, Robust, and Secure Software - first of all, this book is useful for understanding and “catching” errors like heap damage; " Inside Windows Debugging: A Practical Guide to Debugging and Tracing Strategies in Windows " - this edition will well complement the previous book; “An introduction to cracking from scratch using OllyDbg” - unfortunately, the oldest resource wasm.ru was closed, but such a compilation is easily searched because it has been duplicated into many resources. In addition, "forks" began to appear on the network, only they are already using x64dbg or IDA. 2.d gdb " gdb Debugging Full Example (Tutorial): ncurses " - a guide for using GDB; " GEF - GDB Multi-Architecture Enhanced Features for Exploiters & Reverse-Engineers" - add-on GDB over the Python language, adds many useful new commands that will be useful for developing exploits; " GEF Tutorials " is a series of screencasts on using GEF. 2.e DBI Programmable debugging is today an indispensable approach in the arsenal of any reverser. And DBI is one of the tools. More details: " Dynamic Binary Instrumentation inInformation Security " - this article has already collected some generalized information about DBI; " Light And Dark Side Of Code Instrumentation " - this presentation will help you navigate in the varieties of various code tools and in what and when you can help with the analysis of programs. 2.f SMT What is the SMT solver? In short, an SMT solver is a program that can solve logical formulas. The basic idea of using SMT in the field of software security is to translate a program code or algorithm into a logical formula, and then use a SMT solver to test one or another property of this code. In other words, SMT provides a mathematical tool for semantic code analysis. SMT solvers have been used in our field for quite some time. They are well established for the following tasks: search bugs (static analysis / fuzzing); deobfuscation; "home" cryptanalysis; character execution (as an "engine"); There are also some successes in the field of automatic exploit generation (for example, ROP generation). During this time, SMT lost the aura of mystery, more or less working tools for “ordinary” people appeared. Below are sources that will help to plunge into the topic: " SMT Solvers for Software Security, Sean Heelan, Rolf Rolles " - perhaps the first scientific work in which the application of SMT was proposed for solving software security problems. It gives an idea of where and how SMT can find its place in this area; Z3 is one of the most popular and effective SMT solvers; Z3 wiki - project repository; " Getting Started with Z3: A Guide " - online tutorial, SMT-solver for experiments; Z3Py - binding in Python for Z3; " Experimenting with Z3 - Dead code elimination "; " Experimenting with Z3 - Proving opaque predicates "; " Theorem prover, symbolic execution and practical reverse-engineering " - a good overview presentation, with examples of solving real-world problems and using Z3Py; " Quick introduction into SAT / SMT solvers and symbolic execution " ( Russian version ) is a good book with interesting practical examples. " An introduction to the use of SMT solvers " - review material. 2.g Python for Automation Today, without basic knowledge of Python, it will be very difficult, because this programming language is considered the most popular means for automating various tasks in the field of information security (and not only). In addition, it is used in various utilities (for example, all the above utilities allow you to complement the functionality with the help of this PL): " Gray Hat Python " ( translation ) is a great book that tells you how useful Python is in reverse; " The Beginner's Guide to IDAPython " - a free book on IDAPython; " Python Arsenal for Reverse Engineering " is a resource dedicated to various utilities and libraries for reverse engineering using Python. 2.h BAF (Binary Analysis Frameworks) For a bit more advanced, we recommend paying attention to whole frameworks, which in their composition use the previously mentioned mechanisms and analysis tools for solving more complex problems. So, here they are: " Overview and Usage of Binary Analysis Frameworks " - a small overview of BAF; Some interesting frameworks / tools: Triton Developer Use Examples " Dynamic Binary Analysis and Obfuscated Codes " How can Triton help virtual machine based software protections Angr Solving kao's toy project with symbolic execution and angr Ponce Binary Analysis Platform . 3. Architecture We will cover only a few popular architectures.At the end of the article in the section with additional materials you will find information on many others (MIPS, PowerPC, etc.). 3.a x86-x86_64 " Intel 64 and IA-32 Architectures Software Developer Developers " - previously, such manuals were sent by mail, but because of the large amount of material in them, printing became expensive. Recommended as a desktop reference. 3.b ARM Azeria Labs (ARM Assembly Basics & ARM Exploit Development) - a site with articles on the basics of ARM-assembler and the development of exploits for this architecture; The course " Introduction to ARM " - a two-day video course on ARM-development and operation; VisUAL - visualization of the work of ARM-commands. 4. OS Knowledge of the principles of work of popular Operating Systems. 4.a Windows " Windows Internals " - the fundamental book for understanding the work of Windows. The following items, although mainly related to the exploitation of vulnerabilities in this OS, but allow you to learn more about the insides of Windows: " Windows exploits, mostly precompiled " " Exploit Development Environment " " Windows Breakout from Defcon24 " " Part 10: Kernel Exploitation -> Stack Overflow " " Kernel and Driver explotation ". 4.b linux " Linux insides " is an analogue of the book Windows Internals, but only for OS such as Linux. As in the case of Windows, the following topics are related to the development of exploits: " Heap Exploitation into Linux " " A series of tutorial for linux exploit development to newbie " " Linux Kernel Exploitation " " Programming Linux Anti-Reversing Techniques " 4.c Mac OS (OSX) / iOS " Reverse Engineering Resources Mac and iOS " - a selection of materials on this topic. 4.d Android " Android Hacker's Handbook " - probably the most popular book dedicated to the safety of the Android OS; " Android Internals :: Power User's View " - a book that tells about the internal mechanisms of this OS. Due to recent leaks, the material appeared in the public domain, about which the author himself writes on his website and provides an opportunity to download the previous version. 5. Executable file formats This section provides links explaining the details of popular executable file formats. 5.a PE " PE sections "; " PE Title "; " Windows executable file format. PE32 and PE64 "; " Computer viruses inside and out ." 5.b ELF " Linux x64 Infection for Lamers (by a Lamer)." 5.c mach-o " Parsing mach-o files " The famous researcher corkami makes very useful and interesting "posters" with the scheme of various file formats, including those mentioned above. We recommend using them as a cheat sheet. A utility Kaitai Sctruct will help in the analysis. 6. Programming One of our friends once said that a good reverser is 80% a good programmer. The ability to program and understand what is being done and why simplifies the process of researching someone else's program. Therefore, without programming in the reverse nowhere. And of course, the automation of routine tasks, as you probably already understood, is a very useful thing;) 6.a C / C ++ Modern Memory Safety: C / C ++ Vulnerability Discovery, Exploitation, Hardening is a great course with excellent examples. Just must have stuff for everyone. 6.b ASM " A Crash Course in x86 Assembly for Reverse Engineers " - an "accelerated course" for diving in x86 Assembler, positioned as special for RE; " Assembly Programming Tutorial " - assembly programming manual, with the ability to run examples online as you study; " Assembler. 2nd edition " - it is recommended to use as a reference; " x86 Assembly Guide " - online version. 7. Practice This section provides links to virtual machines and online resources to practice. 7.a War Games SmashTheStack Wargaming Network - this multi-wargame network is maintained by volunteers and is available online. We recommend starting with it; BinTut - local wargame; Reversing Workshop - a master class on solving tasks from the annual competition "The Flare On Challenge" for 2016; Exploit-Challenges - a selection of vulnerable ARM binary files; ARM Reverse Engineering Exercises - the original repository "disappeared", but one of the forks was found on the github expanses; CTF Time - here you can find out the schedule of future CTF-events and read the solutions of the past. And finally, a few links with a large number of materials on the above topics: Selection, generally devoted to the field of information security Pro exploitation of vulnerabilities About reverse engineering: Awesome-reversing REMath Resource Overview About the exploitation of vulnerabilities in Windows About phasing Malware Analysis And many more different " awesome " collections. +35 37115 +35 38.3k371 27 Karma 0 Rating Boris Ryutin @dukebarman Security researcher 13 subscribers Share publication Comments 15 RELATED PUBLICATIONS August 24, 2015 SCADA and mobile phones: safety assessment of applications that turn a smartphone into a plant control panel March 17, 2015 JavaScript and Reverse Engineering Contact Points October 31, 2013 Favorites: IT Security Links POPULAR PER DAY yesterday at 10:10 Akihabara: Otaku nesting site yesterday at 14:22 GandCrab authors stop working: they claim they stole enough yesterday at 14:24 How we made a safe deal for freelance: give a choice, cut features, compare commissions yesterday at 13:05 Where are your constants stored on a CortexM microcontroller (using the C ++ IAR compiler as an example) yesterday at 12:18 Pointers in Python: what’s the point? Language settings Full version 2006-2019 © « TM »
  27. 2 points
    E sondaj de opinie, vrei s-o faci de ras, sau sa o vinzi?
  28. 2 points
    @KtLNeu sunt in domeniul asta si nu am patit nimic rau , doar am fost raportat la europol/interpol, uite poza https://imgur.com/a/whXFrnn . @xyzrobert te ajut eu sa schimbi passfile add discord - Kewl.Verth#6852
  29. 2 points
    Vulnerabilities in the Linux kernel are not uncommon. There are roughly 26 million lines of code, with 3,385,121 lines added and 2,512,040 lines removed in 2018 alone. The sheer complexity of that much code means that vulnerabilities are bound to exist. However, what is not at all common is the existence of unauthenticated remote code execution (RCE) vulnerabilities — a critical issue that every system administrator hopes to avoid. On May 8, 2019, the National Vulnerability Database (NVD) published details for a Linux kernel vulnerability, CVE-2019-11815, with a Common Vulnerability Scoring System (CVSS) 3.0 base score of 8.1. The details of the vulnerability include: having an attack vector of “network,” no privileges required, and administrative level code execution — i.e., the confidentiality, integrity, and availability (CIA) impact are all “high.” At first glance, this seems like a worst-case scenario. But assessing a vulnerability’s potential impact goes beyond the attack vector, privileges, and CIA impact of the CVSS base score. One component of the CVSS 3 base score is attack complexity, for which this vulnerability has a rating of “high” as well. This means that a successful attack is dependent on a very specific set of circumstances that is hard to achieve. According to the CVSS 3.0 standard, this rating means that “a successful attack depends on conditions beyond the attacker’s control” and “a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.” Looking at the vulnerability itself in some detail will reveal why the scoring is technically correct, especially when taking the attack complexity rating into account, but is not completely representative of the actual risk to enterprises and users. Breaking down the vulnerability The description of the vulnerability from the NVD states that the issue was “discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8,” and that there is “a race condition leading to a use-after-free, related to net namespace cleanup.” This is an accurate and concise description of the vulnerability from a code perspective, but the lack of some critical information may lead to alarm given the mention of TCP, or Transmission Control Protocol. The first major component of this vulnerability is Reliable Datagram Sockets (RDS), a socket interface and protocol developed by Oracle, which was created to allow a single transport socket to facilitate sending and receiving to a very large number of different endpoints. This vulnerability involves RDS when TCP is used as the underlying transport protocol: The application data in an RDS header is encapsulated and sent via TCP, typically to port 16385, where it is then unencapsulated and passed to the RDS socket. Beyond Oracle’s documentation and a very short Wikipedia page, there is not much information about RDS or where it’s typically used. The obscurity of this protocol, combined with the existence of previous local privilege escalation vulnerabilities, has led most popular Linux distributions such as Ubuntu to blacklist kernel modules relating to RDS for many years. This immediately reduces the potential harm of such a vulnerability by a large margin. What if the rds and rds_tcp kernel modules are enabled? When using RDS over TCP, the underlying TCP transport is completely managed by the kernel. This means that when a client establishes a new RDS socket, the TCP socket is opened by the kernel in rds_tcp_conn_path_connect() in tcp_connect.c, which is called by the worker thread function rds_connect_worker() in threads.c. Figure 1. rds_connect_worker() in threads.c calling rds_tcp_conn_path_connect() The RDS-specific portion of the vulnerability arises when the underlying TCP client-side socket continually fails to connect. When TCP connect()fails, the rds_tcp_restore_callbacks() function is called, and sets the t_sock pointer in the rds_tcp_connection structure to NULL, which is completely reasonable behavior. Figure 2. rds_tcp_conn_path_connect() calling rds_tcp_restore_callbacks() Figure 3. t_sock set to NULL in rds_tcp_restore_callbacks() The problem arises when we introduce the second major component of the vulnerability: network namespaces. Network namespaces allow for the use of a separate set of interfaces and routing tables for a given namespace, where traditionally the entire operating system shares the same interfaces and routing tables as every other process. This namespace functionality is used by platforms such as Docker to provide network isolation for containers. When an RDS-TCP socket is initialized in rds_tcp_init(), the network namespaces function register_pernet_device() is called, passing in a pointer to a pernet_operations structure, rds_tcp_net_ops, which contains initialization and exit functions to perform when a network namespace is initialized or removed and the socket is active. Figure 4. register_pernet_device() called to register network namespace device Figure 5. rds_tcp_exit_net() as the exit function for the network namespace device The exit function rds_tcp_exit_net() will call rds_tcp_kill_sock(), which is used to perform cleanup of various parts of the RDS-TCP socket. Part of the process is the creation of a list of connections to be cleaned up, called the tmp_list. One of the checks performed on each connection is to see if the t_sock pointer is NULL for the underlying TCP socket in use and if so, the t_tcp_node is not added to the “cleanup list.” As a result, rds_conn_destroy() is not called for those nodes and much of the “cleanup” is not performed. Figure 6. rds_tcp_kill_sock() skipping cleanup if t_sock is NULL Most importantly, the rds_connect_worker() thread is not stopped and will continue to try reconnecting. Eventually, the underlying net structure is freed as part of the namespace cleanup, and may be used by a still running rds_connect_worker(), triggering a use-after-free issue. Technically, this flaw is as described: no privileges required, and administrative level code execution possible if exploited. The fix for the issue is simple: System administrators simply need to ensure the vulnerable modules are disabled or an updated kernel is installed. The real risks posed by CVE-2019-11815 Given the characteristics of CVE-2019-11815, what does this mean for users? A potential victim would first have to have the commonly blacklisted rds and rds_tcp modules loaded — if these are not loaded, no further movement is possible. If an attacker happens to find such a rare target — because the TCP connect() is performed only by RDS-TCP clients, not servers — an attacker would then have to entice their target into connecting to an attacker-controlled RDS-TCP socket from within a network namespace. The attacker’s next job would be to cause a failure on the underlying TCP connection and at the same time to cause the target user’s network namespace to be cleaned up — a task that a remote attacker has practically no chance of performing. To make things even more impossible, race conditions — flaws caused by unexpected timing of events that affect other actions — are notoriously difficult to exploit and would likely require a large number of attempts. With all these conditions taken into consideration, the chances of this vulnerability being “remotely exploitable without authentication” are essentially zero. There is a very small chance that this could be used as a local privilege escalation, but that would require that the commonly blacklisted rds andrds_tcp modules are loaded. Although the CVSS score of this vulnerability is technically correct in its assessment, users should be aware that risk is also dependent on the probability of the attack due to its complexity and the conditions required for an attacker to be successful. The circumstances in which this attack would be feasible are unlikely to ever be seen in a real production environment. The vast majority of Linux servers are simply not vulnerable in a remote context. Source
  30. 2 points
    El a stabilit data , a mutat aceea data de 4 ori si intr-un final nu a livrat nimic ulterior a disparut in ceata. Aseara imi spunea sa o rezolvam cumva , astazi sa vazut cu postul editat de Zattara si sa umflat mamaliga in el.
  31. 2 points
    Eu zic sa-l spanzuram si sa-l dam de mancare la porci
  32. 2 points
    Ce prezinti tu aici nu reprezinta o escrocherie. E de inteles daca n-a fost capabil sa realizeze aplicatia la timp si e de criticat faptul ca a incercat sa te duca cu zaharelul sa traga de timp, insa o aplicatie de mobil nu se realizeaza in doua saptamani, care presupun ca e timpul din ce-ai scris tu aici, cu atat mai putin incluzand timpii de aprobare in play store si appstore. Daca nu-ti trimite banii inapoi, va primi ban si topicul asta va ramane aici. Insa daca-ti trimite banii, nu prea ai ce sa faci decat sa incerci data viitoare sa iti alergi persoanele cu care lucrezi mai atent. Iti recomand sa le verifici portofoliul cand ii selectezi. Situatiile de genul asta apar dintr-o combinatie de lipsa de exeperienta din partea dezvoltatorului si lipsa de comunicare din partea clientului. Trebuie sa fii capabil sa explici de la inceput absolut tot ce vrei, iar daca designul nu ti-a placut, trebuia sa-i spui, nu sa se astepti sa se schimbe de la sine. E o situatie destul de comuna iar timpul de executie e prea mic sa tragi o concluzie atat de radicala, mai ales cand baiatul pare sa fi fost politicos cu tine, chiar si la final cand ai ars-o tu prost.
  33. 2 points
    An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel. A remotely exploitable vulnerability in the Windows desktop app version of the Slack collaboration platform has been uncovered, which allows attackers to alter where files from Slack are downloaded. Nefarious types could redirect the files to their own SMB server; and, they could manipulate the contents of those documents, altering information or injecting malware. According to Tenable Research’s David Wells, who discovered the bug and reported it via the HackerOne bug-bounty platform, a download hijack vulnerability in Slack Desktop version 3.3.7 for Windows would allow an attacker to post a specially crafted hyperlink into a Slack channel that changes the document download location path when clicked. Victims can still open the downloaded document through the application, however, that will be done from the attacker’s Server Message Block (SMB) share. Wells said in a posting on Friday. The reason it has to be an SMB share is because of a security check built into the platform. The Slack application filters certain characters out – including colons – so an attacker can’t supply a path with a drive root. Wells explained. Remote Exploitation An attack can be carried out by both authenticated and unauthenticated users, Wells said. In the first scenario, an insider could exploit the vulnerability for corporate espionage, manipulation or to gain access to documents outside of their role or privilege level. In the second scenario, an outsider could place crafted hyperlinks into pieces of content that could be pulled into a Slack channel via external RSS feeds. Wells said. Success here would require knowing which RSS feeds the target Slack user subscribes to, of course. Malware and More In addition to being an information-disclosure concern (attackers could access sensitive company documents, financial data, patient records and anything else someone shares via the platform), the vulnerability could be used as a jumping-off point for broader attacks. Wells explained. He added, Because it does require user interaction to exploit, the vulnerability carries a medium-level CVSSv2 rating of 5.5. However, the researcher said that attackers can use a spoofing technique to mask the malicious URL behind a fake address, say “http://google.com,” to give it more legitimacy and convince a Slack user to click on the link. More specifically, it’s possible to link to words within Slack by adding an “attachment” field to a Slack POST request with appropriate fields, Wells said. The attack surface is potentially large. Slack said in January that it has 10 million active daily users, and 85,000 organizations use the paid version (it’s unclear how many are Windows users). Fortunately, Slack patched the bug as part of its latest update for Slack Desktop Application for Windows, v3.4.0, so users should upgrade their apps and clients. Via threatpost.com
  34. 2 points
  35. 2 points
    Do not run "public" RDP exploits, they are backdored. Edit: PoC-ul pe care il gasiti va executa asta la voi in calculator (Windows only): mshta vbscript:msgbox("you play basketball like caixukun!",64,"K8gege:")(window.close)
  36. 2 points
    Salut.Am cautat si eu programul si mi-a zis cineva ca il are dar nu e perfect.Cred ca l-a updatat intre timp, eu il intrebasem anul trecut. Iti caut imediat topicul, si ti-l las aici, ca suntem romani si e bine sa ne ajutam inter noi. intra pe www.baganeampulilenmata-ro.com/netflix
  37. 2 points
    Nu te baza pe facultate pentru a invatat securitate. Exista ceva programe de master, insa nu stiu nimic de licenta. Fa o facultate de informatica, o sa te ajute sa inveti cate ceva din mai multe domenii. Cauta posturi pe forum legate de alegerea facultatii. Intre timp, invata singur, fa CTF-uri, Internetul e plin de resurse (vezi sectiunea Tutoriale Engleza de aici de pe forum).
  38. 1 point
    Domeniul are potential, depinde cine se ocupa de el. Omul a spus in anunt ca vinde domeniul, nu tot site-ul, cred ca am inteles corect, nu?
  39. 1 point
    @brdan18 nu stiam pana recent de stackoverflow.. whatever, mersi de ajutor celor care mi-au raspuns pe aici la intrebari. o sa renunt la cont; bafta tuturor!
  40. 1 point
    mersi mult!
  41. 1 point
    Eu tot nu inteleg de ce @c3m3d3 nu a aranjat pana acuma print screen-urile lui @Kfollow. Nu inteleg cum @Kfollow vrea sa ajute viitori clienti fara sa mentioneze numele lui @c3m3d3. Trebuie sa scrii XXX Nu inteleg cum lui @Kfollow i-a scapat 4,05 de la Evaluarea Nationala Nu inteleg despre ce aplicatie vorbesc. Ceva legat de like-uri, exchange, caca maca. @Kfollow doar nu visezi ca google iti va accepta "plata prin google play" si aplicatia pentru afaceri shady cu like-uri? In concluzie, va meritati unu pe altul.
  42. 1 point
    2 cuvinte: Țâgan borât
  43. 1 point
    DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if—and only if —the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target. blackhat presentation slides DeepLocker: How AI Can Power a Stealthy New Breed of Malware https://www.youtube.com/watch?v=UeMe_-5W8UY state sponsored cibercrime ?
×
×
  • Create New...