Leaderboard

The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side IT’S 3 AM, and his eyes are almost closed. The pack of gummy bears on his desk is empty. So’s the Chinese takeout box. Romanian white hat hacker Alex Coltuneac has had three hours of sleep tonight. And last night. And the night before that. He’s busy trying to find a vulnerability in YouTube live chat, which he plans to report to the company and hopefully get some money in return. None of the bugs he has discovered in the past few days electrifies him, so he keeps digging. In the past four years, Coltuneac has gotten bug bounty payments from Google, Facebook, Microsoft, Adobe, Yahoo, eBay, and PayPal for flaws he reported. Such bounty programs are a chance for Eastern European hackers like him to pursue a legitimate career in cybersecurity. And he’s only 19 years old. In a country better known for cybercrime, the teenager is part of small but growing cohort of hackers who are deciding to play it nice. This is a departure for the hacking community of Romania, known for such hits as the hackers Hackerville and Guccifer, and fraudsters who steal money from American bank accounts, perpetrate eBay frauds, and land themselves on the FBI’s most wanted list. Coltuneac is a freshman at the Babes-Bolyai University in Cluj-Napoca, where he learns Computer Science taught in English. Raised by a family who emphasized honest values, he started using a computer when his was 6. First, he taught himself how to play games, but as he got older he began to see the computer’s potential as a tool to make money. He spent his early teenage years watching fellow Romanian hackers make astounding sums of money selling exploits on the black market. They were able to rake in thousands of US dollars with just a few clicks, far more than Coltuneac’s parents made in a month. He was a good kid, from a good family. He didn’t want to join them. But he did want to pay for college. The allure of that life was powerful. Which is why he was so grateful to find out about bug bounty programs when he was 15. They pay enough to keep his conscience clear and his bank account full. Bounties cover the cost his education and living expenses, so “there’s no excuse to break the law,” he said. Coltuneac won’t say how much he earns as a vulnerability hunter, yet gifted white hat hackers doing the same kind of job brag about making in a lucky month about $6,000. That’s how much an ordinary Romanian earns in a year. The average take home pay in the country was about $520 a month this March, one of the lowest in the European Union. On the white market, a flaw found and reported legitimately is priced at a few hundred dollars, enough for Coltuneac to pay his rent this month. Sensitive ones are often rewarded with several thousand dollars. In very few cases, the bounty exceeds $100,000. He’s constantly hoping to find one of those. And that sum is still far less than what he would get if he sold the same vulnerabilities on the gray or black markets. (Gray markets sell exploits to nations and corporations to use against their foe; black markets sell to the highest bidder, often criminals.) Zerodium, a gray hat vulnerability broker working with law enforcement and intelligence agencies, awards a hacker up to $500,000 for a high-risk bug with fully functional exploit. Patching Giants Coltuneac started hunting vulnerabilities when he was 15, after visiting a Romanian cybersecurity forum, in his free time after school. Like most Romanian hackers, the teen is self taught. Soon, he got his first few hundred dollars from Google, and used them to buy himself a brand new computer. His desktop was dead slow. “I got lucky. I found a sensitive file. I used brute force,” he said. The tech giant is among the companies he closely monitors for bug bounty programs. He has recently found an LFI vulnerability and several XSS flaws in Google FeedBurner. Last year alone, Google awarded over $2 million to security researchers globally, and since 2010, when it began its bug bounty program, it has paid a total of $6 million. For 2015, Google highlighted Romania as among the top countries bug bounties were paid out to. Coltuneac has also made it to Microsoft’s Bounty Hunters: The Honor Roll. This spring he found an XSS vuln in their OAuth interface. Microsoft is constantly improving its bounty program, and last year, the company included rewards for flaws found in Azure, ASP.NET, .NET Core runtime and the Edge browser. Articol complet: https://www.wired.com/2016/05/romanian-teen-hacker-hunts-bugs-resist-dark-side/

Daca te crezi puternic printr-un grad pe forum, ai probleme la mansarda. Deal with it.

1. Felicitari! 2. Nu baga in seama rautatile/frustrarile care de multe ori vin involuntar din diferite motive. Cainii latra, ursul trece Am cunoscut "episoade" in privat, de cand sunt pe RST, de persoane care gasesc vulnerabilitati majore in companii mari, cel mai recent fiind aseara. Dar pentru ca au bunul simt necesar si au fost crescuti cum trebuie de parinti nu ii vezi facand galagie ci se ambitioneaza si mai mult. Ceea ce ma duce la punctul urmator: 3. Keep it up si la mai mare! Vorbind strict in nume propriu, daca crezi ca te pot ajuta cu ceva in viitor, in limita posibilitatilor o voi face cu placere.

E freelancing. E pasiune. It's a way of life.

Multam' pentru feedback .

Asa e. Tu nu meriti ban. Meriti spanzurat! :)))))

Ok, sigur. Imi cer scuze ca nu m-am gandit la asta dinainte. Aici este codul. err(E,V1) :- pair(E, _), E = 'if' ,V1 = 0,!. err(E,V1) :- pair(E, _), E = 'then' ,V1 = 0,!. err(E,V1) :- pair(E, _), E = 'else' ,V1 = 0,!. err(E,V1) :- pair(E, _), E = 'while' ,V1 = 0,!. err(E,V1) :- pair(E, _), E = 'return' ,V1 = 0,!. err(E,V1) :- atom_chars(E,Res), errAux(Res, V1). /* *facem verificarea ca nu cumva variabila sa fie unul din cuvintele if, then, else, while, return *iar daca nu este, atunci vom sparge variabila intr-o lista de char-uri, pe care le vom verifica cu *functia auxiliara errAux */ errAux([], R) :- R is 1,!. errAux([H|T], R) :- char_code(H, Asc), Asc > 47, Asc < 58, R is 0,!. errAux([H|T], R) :- char_code(H,Asc), errAux(T,R). /* *Ok, acum avem lista, de exemplu pentru "ana2" vom avea [a, n, a, '2']. *Avand in vedere ca 2 este tratat ca si string (daca am inteles eu bine) *Vom verifica codul ascii pt fiecare, iar daca se afla intre 47 si 58 atunci vom intoarce 0 *apoi verificam urmatorul element si asa mai departe */ err([H|T],V1) :- V1 = 1,!. //daca nu a fost gasita o cifra, vom intoarce 1 In prima parte am verificat daca este cumva unul din cuvintele care nu trebuie, iar in Aux am verificat chestia cu codul ASCII. Practic, primind o lista, exact cum am spus mai sus, am verificat fiecare element sa fie litera, iar daca nu este (linia 2 din errAux), atunci vom intoarcea valoarea 0 (incorect). Altfel, vom parcurge pana la finalul listei si daca nu vom gasi, vom intoarce 1 (corect), adica ultima linie. Nu stiu cat de explicit am fost, dar sper sa ajute.

Tu cum altfel ai cauta daca nu inserezi "bucati de cod inspirate din vocabularele acunetix si havij"?

Nu este permis ca o variabila sa aiba unul din acele nume pentru ca altfel ar fi confundate cu o sintaxa. Daca if ar fi o variabila, int if=2; if(if<4) return if; Nu ar avea sens.

Am observat ca pui intrebari din diferite limbaje de programare, inveti toate aceste limbaje simultan ? Daca este asa sfatul meu este sa te limitezi la un singur limbaj, sa-i inveti bazele, sa continui cu acesta pana cand il stapanesti, iar dupa daca te consideri capabil poti trece la un alt limbaj.

Viata nu e corecta,cei puternici domina,cei slabi se supun,Deal with it.

Pretul este foarte mic, mizer chiar, deci sa nu astepti munca de calitate la un astfel de buget, doar daca nimeresti pe cineva strans cu usa si avand nevoie urgenta de bani sau amatori. Preturile standard pentru asa ceva variaza (in functie de mai multe criterii gen terminologie, experienta, volum, deadline, etc.) intre 0.05 - 0.15 usd / cuvant. Daca iei marginea de sus, sa zicem 12 centi / cuvant si aproximezi cam la 200 cuvinte / pagina, ajungi la 24 usd / pagina. Sau daca sunt 250 cuvinte / pagina atunci 30 usd / pagina. Inmultit cu 25 pagini... socoteste rezultatul. Incearca pe upwork.com si freelancer.com caci acolo am vazut ceva translatori romani si poate ca e vreunul care vrea sa-si faca rating/feedback pozitiv si e dispus sa-ti munceasca de pomana. LE: http://www.traduceritehnice.net/ Ei fac la 20 lei / pagina. Tot te ajunge la 125 usd.

Linux Kernel 4.4.x (Ubuntu 16.04) - Use-After-Free Local Root Exploit In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime, unprivileged code can use the bpf() syscall to load eBPF socket filter programs. These conditions are fulfilled in Ubuntu 16.04. When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first function that touches the supplied eBPF instructions is replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF map file descriptors and looks up pointers for the corresponding map files. This is done as follows: /* look for pseudo eBPF instructions that access map FDs and * replace them with actual map pointers */ static int replace_map_fd_with_map_ptr(struct verifier_env *env) { struct bpf_insn *insn = env->prog->insnsi; int insn_cnt = env->prog->len; int i, j; for (i = 0; i < insn_cnt; i++, insn++) { [checks for bad instructions] if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) { struct bpf_map *map; struct fd f; [checks for bad instructions] f = fdget(insn->imm); map = __bpf_map_get(f); if (IS_ERR(map)) { verbose("fd %d is not pointing to valid bpf_map\n", insn->imm); fdput(f); return PTR_ERR(map); } [...] } } [...] } __bpf_map_get contains the following code: /* if error is returned, fd is released. * On success caller should complete fd access with matching fdput() */ struct bpf_map *__bpf_map_get(struct fd f) { if (!f.file) return ERR_PTR(-EBADF); if (f.file->f_op != &bpf_map_fops) { fdput(f); return ERR_PTR(-EINVAL); } return f.file->private_data; } The problem is that when the caller supplies a file descriptor number referring to a struct file that is not an eBPF map, both __bpf_map_get() and replace_map_fd_with_map_ptr() will call fdput() on the struct fd. If __fget_light() detected that the file descriptor table is shared with another task and therefore the FDPUT_FPUT flag is set in the struct fd, this will cause the reference count of the struct file to be over-decremented, allowing an attacker to create a use-after-free situation where a struct file is freed although there are still references to it. A simple proof of concept that causes oopses/crashes on a kernel compiled with memory debugging options is attached as crasher.tar. One way to exploit this issue is to create a writable file descriptor, start a write operation on it, wait for the kernel to verify the file's writability, then free the writable file and open a readonly file that is allocated in the same place before the kernel writes into the freed file, allowing an attacker to write data to a readonly file. By e.g. writing to /etc/crontab, root privileges can then be obtained. There are two problems with this approach: The attacker should ideally be able to determine whether a newly allocated struct file is located at the same address as the previously freed one. Linux provides a syscall that performs exactly this comparison for the caller: kcmp(getpid(), getpid(), KCMP_FILE, uaf_fd, new_fd). In order to make exploitation more reliable, the attacker should be able to pause code execution in the kernel between the writability check of the target file and the actual write operation. This can be done by abusing the writev() syscall and FUSE: The attacker mounts a FUSE filesystem that artificially delays read accesses, then mmap()s a file containing a struct iovec from that FUSE filesystem and passes the result of mmap() to writev(). (Another way to do this would be to use the userfaultfd() syscall.) writev() calls do_writev(), which looks up the struct file * corresponding to the file descriptor number and then calls vfs_writev(). vfs_writev() verifies that the target file is writable, then calls do_readv_writev(), which first copies the struct iovec from userspace using import_iovec(), then performs the rest of the write operation. Because import_iovec() performs a userspace memory access, it may have to wait for pages to be faulted in - and in this case, it has to wait for the attacker-owned FUSE filesystem to resolve the pagefault, allowing the attacker to suspend code execution in the kernel at that point arbitrarily. An exploit that puts all this together is in exploit.tar. Usage: user@host:~/ebpf_mapfd_doubleput$ ./compile.sh user@host:~/ebpf_mapfd_doubleput$ ./doubleput starting writev woohoo, got pointer reuse writev returned successfully. if this worked, you'll have a root shell in <=60 seconds. suid file detected, launching rootshell... we have root privs now... root@host:~/ebpf_mapfd_doubleput# id uid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(vboxsf),1000(user) This exploit was tested on a Ubuntu 16.04 Desktop system. Fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 Proof of Concept: https://bugs.chromium.org/p/project-zero/issues/attachment?aid=232552 Sursa: https://cxsecurity.com/issue/WLB-2016050014

Link: https://conference.hitb.org/hitbsecconf2016ams/materials/ Name Last modified Size Description Parent Directory - CLOSING KEYNOTE - Sophia D Antoine - Hardware Side Channels in Virtualized Environments.pdf 2016-05-27 18:40 2.3M D1 COMMSEC - Elisabeth de Leeuw - Unformation in the Era of Hyper Connectivity.pdf 2016-05-26 18:03 2.5M D1 COMMSEC - Marc Newlin - Applying Regulatory Data to IoT RF Reverse Engineering.pdf 2016-05-26 15:59 5.7M D1 COMMSEC - Martin Knobloch - Don't Feed the Hippos.pdf 2016-05-26 16:00 18M D1 COMMSEC - Melanie Rieback - Pentesting ChatOps.pdf 2016-05-30 10:06 3.4M D1 COMMSEC - Nadav Markus and Gal De Leon - Exploiting GLIBC - Hacking Everything.pdf 2016-05-26 18:18 1.0M D1T1 - Jacob Torrey - Using the Observer Effect and Cyber Fengshui.pdf 2016-05-26 15:37 4.9M D1T1 - Lin Huang - Forcing a Targeted LTE Cellphone into an Eavesdropping Network.pdf 2016-05-26 18:00 1.7M D1T1 - Nick Biasini - Exploit Kits - Hunting the Hunters .pdf 2016-05-26 17:05 45M D1T1 - Radu Caragea - Peering into the Depths of TLS Traffic in Real Time.pdf 2016-05-26 15:09 1.1M D1T1 - Shengping Wang and Xu Liu - Escape From The Docker-KVM-QEMU Machine.pdf 2016-05-26 12:16 2.0M D1T1 - Tang Qing Hao - Virtualization System Vulnerability Discovery Framework.pdf 2016-05-26 11:50 1.0M D1T2 - Broderick Aquilino and Wayne Low - Kernel Exploit Hunting and Mitigation.pdf 2016-05-26 15:10 1.4M D1T2 - Chilik Tamir - Profiting from iOS Malware.pdf 2016-05-26 15:37 27M D1T2 - Michele Spagnuolo and Lukas Weichselbaum - CSP Oddities.pdf 2016-05-26 12:31 1.6M D1T2 - Seunghun Han - Create Your Own Bad USB Device.pdf 2016-05-26 17:00 3.5M D1T2 - Tim Xia - Adaptive Android Kernel Live Patching.pdf 2016-05-26 18:20 2.4M D1T2 - Yann Allain and Julien Moinard - Hardsploit Project.pdf 2016-05-26 11:50 8.5M D1T3 - Gustavo Grieco - Vulnerability Discovery Using Machine Learning.pdf 2016-05-27 07:18 1.1M D1T3 LABS - Anto Joseph - Droid-FF.pdf 2016-05-26 12:31 30M D1T3 LABS - Tony Trummer and Tushar Dalvi - Mobile Application Security for iOS and Android.zip 2016-05-26 18:29 4.9M D2 COMMSEC - Antonio Martins - Inspecage - Android Pacakge Inspector.zip 2016-05-30 18:30 19M D2 COMMSEC - Barry van Kampen - Hack in The Class.pdf 2016-05-30 18:28 520K D2 COMMSEC - Mattijs van Ommeren - A Series Of Unfortunate Events - Where Malware Meets Murphy.pdf 2016-05-27 12:24 71M D2 COMMSEC - Paul Marinescu - Facebook Presents Capture the Flag.pdf 2016-05-30 10:17 6.3M D2T1 - Anders Fogh - Cache Side Channel Attacks.pdf 2016-05-27 13:52 432K D2T1 - Felix Wilhelm - Attacking Next Generation Firewalls.pdf 2016-05-27 15:59 2.9M D2T1 - Jun Li - CANSsee - An Automobile Intrusion Detection System.pdf 2016-05-27 18:39 5.5M D2T1 - Yuwei Zheng and Haoqi Shan - Forging a Wireless Time Signal to Attack NTP Servers.pdf 2016-05-27 12:26 6.9M D2T1 Itzik Kotler and Amit Klein - The Perfect Exfiltration Technique.pdf 2016-05-27 15:07 2.6M D2T2 - Mikhail Egorov and Sergey Soldatov - New Methods for Exploiting ORM Injections in Java Applications.pdf 2016-05-27 12:46 1.7M D2T2 - Peter blasty Geissler - Breaking Naive ESSID WPA2 Key Generation Algorithms.pdf 2016-05-27 18:39 8.4M D2T2 - Richard Johnson - Go Speed Tracer - Guided Fuzzing.pdf 2016-05-27 12:39 4.4M D2T2 - Shangcong Luan - Xen Hypervisor VM Escape.pdf 2016-05-27 15:37 1.9M D2T2 - Wish Wu - Perf - From Profiling to Kernel Exploiting.pdf 2016-05-27 15:06 315K D2T3 LABS - Matteo Beccaro - Electronic Access Control Security.pdf 2016-05-27 16:11 13M KEYNOTE 1 - John Adams - Beyond FBI v Apple.pdf 2016-05-26 09:40 6.4M KEYNOTE 2 - Adam Laurie - The Future Has Arrived and it's Effin Hilarious.odp 2016-05-27 10:47 281M Whitepapers/ 2016-05-27 18:40 - Felicitari Radu Caragea @ Bitdefender - https://conference.hitb.org/hitbsecconf2016ams/materials/D1T1 - Radu Caragea - Peering into the Depths of TLS Traffic in Real Time.pdf

vand pagina facebook cu 2050 like-uri . Am sters absolut toate postarile de pe ea nu mai ramane decat sa schimbati numele si sa va apucati de treaba. Pret 5 $ paypal

Decat sa vorbesti aiurea mai bine te abtii. Site-ul acela de filme este al meu dar l-am vandut si am ramas cu aceasta pagina. Like-urile sunt reale si nu sunt facute cu addmefast , lumea a dat dislike pentru ca am schimbat eu numele in Gowatch.. iar pagina era pentru nisa de amuzament. Pe mine ma interesa atunci doar numarul de like.uri la pagina ca sa dea bine site-ului.Acum nu mai am ce face cu ea pentru ca am vandut site-ul. Cel care o cumpara ii schimba numele si isi face treaba cu ea. Dupa cum am zis fanii au impact la nisa funny

păi dacă te-ai fi uitat la request-uri ai fi văzut că tabelul ăla e încărcat dinamic http://prntscr.com/badenv ps: dreamweaver e o glumă de program..

Imi cer scuze ca ma bag, o fac foarte rar, insa din moment ce tu nu stai pe chat si nu stii ce se intampla pe-acolo, cum vorbim si ce glume avem, nu cred ca ai dreptul sa scoti in evidenta ce / cum si cui vorbeste. Daca @aa7670 rade cu @SilenTx0 este pentru ca se cunosc (si oricum nu e treaba ta si nu ar trebui sa-ti pese daca Ina i-o freaca lu' @hades sau daca @urs_02918473 si-o freaca in momentul in care @aelius trimite poze cu shemale). Faptul ca @Gecko se injura cu Worm e strict problema lor. (toata lumea se injura cu Worm, si da, ne place) Termina cu frustarile astea si incearca sa faci ceva folositor pentru comunitatea asta. Nu-ti convine ceva ? Taci si treci peste. E doar un forum. Scopul acestei comunitati este de a ajuta membrii sa-si dezvolte abilitatile in IT & Sec si pe cat posibil, sa le ofere posibilitatea de a se relaxa (chat). Incearca sa intelegi asta sau evita sa mai faci din nimic, ceva. Peace

Te astepti ca pe o comunitate IT sa gasesti oameni cu IQ peste medie. Ei bine, se pare ca te inseli. :)))))))

364 361 369 344 363 366 362 344 364 360 360 344 363 369 363 344 364 362 362 344 363 366 362 344 363 366 369 344 363 366 364 344 364 361 363 344 363 365 365 344 364 360 360 344 364 361 362 344 364 362 362 344 364 361 363 344 364 362 361 344 363 366 367 344 364 362 360 344 363 368 368 344 364 362 362 344 363 369 363 344 363 369 364 344 363 368 368 344 364 362 366 344 363 369 360 344 364 362 363 344 363 366 361 344 363 366 360 344 363 366 368 344 364 362 362 344 364 363 362 344 364 361 363 344 364 362 366 344 364 361 363 344 363 365 365 344 364 361 364 344 363 369 363 344 364 362 361 344 364 361 365 344 364 362 366 344 363 369 364 344 364 361 368 344 363 366 361 344 364 361 368 344 363 366 367 344 364 361 369 344 363 368 364 344 364 361 363 344 364 362 368 344 363 367 363 344 363 368 369 344 364 361 368 344 363 366 366 344 364 361 362 344 363 368 368 344 364 361 363 344 364 363 360

De voi. Corect!

Pentru ca-s in toane bune, urmatorii care posteaza cacaturi aici isi iau ban. V-am pupat pe portofel.