Leaderboard

daca o aduci pe mata sa ii dam o muie,iti facem hack pentru ce vrei tu.

How I made LastPass give me all your passwords 2016.07.27 labsdetectify Cross Site ScriptingLastpassMathias KarlssonXSS Note: This issue has already been resolved and pushed to the Lastpass users. Stealing all your passwords by just visiting a webpage. Sounds too bad to be true? That’s what I thought too before I decided to check out the security of the LastPass browser extension. For those who don’t know, LastPass is one of the world’s most popular password managers. I started by noticing that the extension added some HTML code to every page I visited, so I decided to dig into how that worked. A few cups of coffee later, I found something that looked really, really bad. The issue The bug that allowed me to extract passwords was found in the autofill functionality. First, the code parsed the URL to figure out which domain the browser was currently at, then it filled any login forms with the stored credentials. However, the URL parsing code was flawed (bug in URL parsing? shocker!). This was the code (lpParseUri function, un-minified): var fixedURL = URL.match(/^(.*:\/\/[^\/]+\/.*)@/); fixedURL && (url = url.substring(0, fixedURL[1].length) + url.substring(fixedURL[1].length).replace(/@/g, "%40")); By browsing this URL: http://avlidienbrunn.se/@twitter.com/@hehe.php the browser would treat the current domain as avlidienbrunn.se while the extension would treat it as twitter.com. Since the code only URL encodes the last occurence of @, the actual domain is treated as the username portion of the URL. Too bad to be true? Below you see that the extension would fill my form with the stored credentials for twitter.com. After that I could simply go through other commonly used sites and extract credentials for those too. I reported this to LastPass through their responsible disclosure page and the report was handled very professionally. The fix was pushed in less than a day(!), and they even awarded me with a bug bounty of $1,000. Are passwords managers bad? Should we stop using password managers? No. They are still much better than the alternative (password reuse). Although, taking a second to disable autofill functionality is a good move because this isn’t the first autofill bug we’ve seen, and I doubt it will be the last. Also, this would not work if multi factor authentication was on, so you should probably enable that as well. Updates Update #1 2016.07.28: There has been a lot of comments regarding the reward Mathias received from Lastpass. At the time Mathias submitted this they didn’t have a bug bounty so he was more than satisfied with $1,000. Update #2 2016.07.28: Lastpass have made a comment regarding Mathias finding on their blog. Sursa: https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

25 Awesome Android Reverse Engineering Tools A curated list of awesome Android reverse engineering tools. Be sure to check out our list of IDA Pro alternatives and best deobfuscation tools, too. 1. SMALI/BAKSMALI smali/baksmali is an assembler/disassembler for the dex format used by dalvik, Android’s Java VM implementation. The syntax is loosely based on Jasmin’s/dedexer’s syntax, and supports the full functionality of the dex format (annotations, debug info, line info, etc.) 2. ANDBUG AndBug is a debugger targeting the Android platform’s Dalvik virtual machine intended for reverse engineers and developers. It uses the same interfaces as Android’s Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP) and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods, examine process state, and even perform changes. Unlike Google’s own Android Software Development Kit debugging tools, AndBug does not require or expect source code. It does, however, require that you have some level of comfort with Python, as it uses a concept of scripted breakpoints, called “hooks”, for most nontrivial tasks. 3. ANDROGUARD Androguard is a full python tool to play with Android files. DEX, ODEX APK Android’s binary xml Android resources Disassemble DEX/ODEX bytecodes Decompiler for DEX/ODEX files 4. APKTOOL A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with an app easier because of project-like file structure and automation of some repetitive tasks like building apk, etc. Features: Disassembling resources to nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs) Rebuilding decoded resources back to binary APK/JAR Organizing and handling APKs that depend on framework resources Smali Debugging (Removed in 2.1.0 in favor of IdeaSmali) Helping with repetitive tasks 5. ANDROID FRAMEWORK FOR EXPLOITATION Android Framework for Exploitation is a framework for exploiting android based devices and applications. 6. BYPASS SIGNATURE AND PERMISSION CHECKS FOR IPCS This tool leverages Cydia Substrate to bypass signature and permission checks for IPCs. 7. ANDROID OPENDEBUG This tool leverages Cydia Substrate to make all applications running on the device debuggable; once installed any application will let a debugger attach to them. 8. DARE Dare is a project which aims at enabling Android application analysis. The Dare tool retargets Android applications in .dex or .apk format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications. 9. DEX2JAR Tools to work with android .dex and java .class files. 10. ENJARIFY Enjarify is a tool for translating Dalvik bytecode to equivalent Java bytecode. This allows Java analysis tools to analyze Android applications. 11. DEDEXER Dedexer is a disassembler tool for DEX files. DEX is a format introduced by the creators of the Android platform. The format and the associated opcode set is in distant relationship with the Java class file format and Java bytecodes. Dedexer is able to read the DEX format and turn into an “assembly-like format”. This format was largely influenced by the Jasmin syntax but contains Dalvik opcodes. For this reason, Jasmin is not able to compile the generated files. 12. FINO An Android Dynamic Analysis Tool. 13. INDROID The aim of the project is to demonstrate that a simple debugging functionality on *nix systems a.k.a ptrace() can be abused by malware to inject malicious code in remote processes. Indroid provides CreateRemoteThread() equivalent for ARM based *nix devices. If you want to get a more deeper insight into the working of the framework you may: Watch the Defcon 19 video on Jugaad – http://www.youtube.com/watch?v=vju6tq1lp0k Read the paper – http://www.slideshare.net/null0x00/project-jugaad 14. INTENTSNIFFER Intent Sniffer is a tool that can be used on any device using the Google Android operating system (OS). On the Android OS, an Intent is description of an action to be performed, such as startService to start a service. The Intent Sniffer tool performs monitoring of runtime routed broadcasts Intents. It does not see explicit broadcast Intents, but defaults to (mostly) unprivileged broadcasts. There is an option to see recent tasks Intents (GET_TASKS), as Activity’s intents are visible when started. The tool can also dynamically update Actions & Categories. 15. INTROSPY Blackbox tool to help understand what an Android application is doing at runtime and assist in the identification of potential security issues. 16. JAD Jad is a Java decompiler. 17. JD-GUI JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields. 18. CFR CFR will decompile modern Java features – Java 8 lambdas (pre and post Java beta 103 changes), Java 7 String switches etc, but is written entirely in Java 6. 19. KRAKATAU Krakatau currently contains three tools – a decompiler and disassembler for Java classfiles and an assembler to create classfiles. 20. PROCYON While still incomplete, tests seem to indicate that the Procyon decompiler can generally hold its own against the other leading Java decompilers out there. 21. FERNFLOWER Fernflower is the first actually working analytical decompiler for Java. 22. REDEXER Redexer is a reengineering tool that manipulates Android app binaries. This tool is able to parse a DEX file into an in-memory data structure; to infer with which parameters the app uses certain permissions (we name this feature RefineDroid); to modify and unparse that data structure to produce an output DEX file (we name these features Dr. Android, which stands for Dalvik Rewriting for Android). 23. SIMPLIFY ANDROID DEOBFUSCATOR Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is simple and generic, so it doesn’t matter what the specific type of obfuscation is used. 24. BYTECODE VIEWER Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. It’s written completely in Java, and it’s open sourced. It’s currently being maintained and developed by Konloch. There is also a plugin system that will allow you to interact with the loaded classfiles, for example you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins, or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. 25. RADARE2 r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for reversing apks, analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, etc… Sursa: https://hackerlists.com/android-reverse-engineering-tools/

CSS mix-blend-mode is bad for your browsing history Up until mid-2010, any rogue website could get a good sense of your browsing habits by specifying a distinctive :visited CSS pseudo-class for any links on the page, rendering thousands of interesting URLs off-screen, and then calling the getComputedStyle API to figure out which pages appear in your browser's history. After some deliberation, browser vendors have closed this loophole by disallowing almost all attributes in :visited selectors, spare for the fairly indispensable ability to alter foreground and background colors for such links. The APIs have been also redesigned to prevent the disclosure of this color information via getComputedStyle. This workaround did not fully eliminate the ability to probe your browsing history, but limited it to scenarios where the user can be tricked into unwittingly feeding the style information back to the website one URL at a time. Several fairly convincing attacks have been demonstrated against patched browsers - my own 2013 entry can be found here - but they generally depended on the ability to solicit one click per every URL tested. In other words, the whole thing did not scale particularly well. Or at least, it wasn't supposed to. In 2014, I described a neat trick that exploited normally imperceptible color quantization errors within the browser, amplified by stacking elements hundreds of times, to implement an n-to-2n decoder circuit using just the background-color and opacity properties on overlaid <a href=...> elements to easily probe the browsing history of multiple URLs with a single click. To explain the basic principle, imagine wanting to test two links, and dividing the screen into four regions, like so: Region #1 is lit only when both links are not visited (¬ link_a ∧ ¬ link_b), Region #2 is lit only when link A is not visited but link B is visited (¬ link_a ∧ link_b), Region #3 is lit only when link A is visited but link B is not (link_a ∧ ¬ link_b), Region #4 is lit only when both links are visited (link_a ∧ link_b). While the page couldn't directly query the visibility of the segments, we just had to convince the user to click the visible segment once to get the browsing history for both links, for example under the guise of dismissing a pop-up ad. (Of course, the attack could be scaled to far more than just 2 URLs.) This problem was eventually addressed by browser vendors by simply improving the accuracy of color quantization when overlaying HTML elements; while this did not eliminate the risk, it made the attack far more computationally intensive, requiring the evil page to stack millions of elements to get practical results. Gave over? Well, not entirely. In the footnote of my 2014 article, I mentioned this: "There is an upcoming CSS feature called mix-blend-mode, which permits non-linear mixing with operators such as multiply, lighten, darken, and a couple more. These operators make Boolean algebra much simpler and if they ship in their current shape, they will remove the need for all the fun with quantization errors, successive overlays, and such. That said, mix-blend-mode is not available in any browser today." As you might have guessed, patience is a virtue! As of mid-2016, mix-blend-mode - a feature to allow advanced compositing of bitmaps, very similar to the layer blending modes available in photo-editing tools such as Photoshop and GIMP - is shipping in Chrome and Firefox. And as it happens, in addition to their intended purpose, these non-linear blending operators permit us to implement arbitrary Boolean algebra. For example, to implement AND, all we need to do is use multiply: black (0) x black (0) = black (0) black (0) x white (1) = black (0) white (1) x black (0) = black (0) white (1) x white (1) = white (1) For a practical demo, click here. A single click in that whack-a-mole game will reveal the state of 9 visited links to the JavaScript executing on the page. If this was an actual game and if it continued for a bit longer, probing the state of hundreds or thousands of URLs would not be particularly hard to pull off. Sursa: https://lcamtuf.blogspot.ro/2016/08/css-mix-blend-mode-is-bad-for-keeping.html Sursa: https://lcamtuf.blogspot.ro/2016/08/css-mix-blend-mode-is-bad-for-keeping.html

In acest an conferinta OWASP locala va avea loc pe 6 octombrie la Sheraton Hotel Bucharest si va fi un eveniment de o zi cu prezentari si doua traininguri focusate pe securitatea aplicatiilor. Detaliile despre OWASP Bucharest AppSec Conference 2016 vor fi publicate aici: https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2016 Inregistrarea prezentarilor se realizeaza aici. Oportunitatile de sponsorizare sunt in acest document. Va puteti inscrie cu prezentari sau workshop-uri din urmatoarele arii si nu numai: • Security aspects of new / emerging web technologies / paradigms / languages / frameworks • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC, etc. • Security of web frameworks (Struts, Spring, ASP.Net MVC, RoR, etc) • Vulnerability analysis (code review, pentest, static analysis etc) • Threat modelling of applications • Mobile security and security for the mobile web • Cloud security • Browser security and local storage • Countermeasures for application vulnerabilities • New technologies, paradigms, tools • Application security awareness and education • Security in web services, REST, and service oriented architectures • Privacy in web apps, Web services and data storage Important: termenul limita pentru inscrierea prezentarilor este 28 august lista speakerilor confirmati va fi anuntata pe 1 septembrie conferinta va avea loc pe 6 octombrie prezentarile vor avea durata de 40 de minute fiecare va exista un speaker agreement

Daca ai venit la cerseala... mergi si canta la alta masă.

Prexentarile de la Defcon 2016. Link: https://media.defcon.org/DEF CON 24/DEF CON 24 presentations/

Bine ai venit in familie !

presa mananca cacat cu lopata,inca nu ati invatat?

Et tu, Brute?

Eventual companiile straine trec printr-o criza de a gasi "sclavi" pentru muncile lor, ca defapt asta ii Romania, o piata de desfacere de produse ieftine de calitate inferioara, si o piata a muncii pentru companiile care cauta forta de munca cat mai ieftina, ca sa isi reduca costurile, si sa isi urce profiturile, gen outsourcing. De fapt, asa se plang toti angajatorii romani, ca nu mai gasesc oameni pe care sa ii angajeze. Am citit cazuri de la brutarii, pana la IT, parca si ceva in domeniul cercetarilor! Poate cei care lucrati in Romania pe la Bucale, Cluj, etc, poate da-ti si exemple concrete si reale de la locul vostru de munca.

Defeating Antivirus Real-time Protection From The Inside 28 July 2016 on assembly, hacking, antivirus Hello again! In this post I'd like to talk about the research I did some time ago on antivirus real-time protection mechanism and how I found effective ways to evade it. This method may even work for evading analysis in sandbox environments, but I haven't tested that yet. The specific AV I was testing this method with was BitDefender. It performs real-time protection for every process in user-mode and detects suspicious behaviour patterns by monitoring the calls to Windows API. Without further ado, let's jump right to it. What is Realtime Protection? Detecting malware by signature detection is still used, but it is not very efficient. More and more malware use polymorphism, metamorphism, encryption or code obfuscation in order to make itself extremely hard to detect using the old detection methods. Most new generation AV software implement behavioral detection analysis. They monitor every running process on the PC and look for suspicious activity patterns that may indicate the computer was infected with malware. As an example, let's imagine a program that doesn't create any user interface (dialogs, windows etc.) and as soon as it starts, it wants to connect and download files from external server in Romania. This kind of behaviour is extremely suspicious and most AV software with real-time protection, will stop such process and flag it as dangerous even though it may have been seen for the first time. Now you may ask - how does such protection work and how does the AV know what the monitored process is doing? In majority of cases, AV injects its own code into the running process, which then performs Windows API hooking of specific API functions that are of interest to the protection software. API hooking allows the AV to see exactly what function is called, when and with what parameters. Cuckoo Sandbox, for example, does the same thing for generating the detailed report on how the running program interacts with the operating system. Let's take a look at how the hook would look like for CreateFileW API imported from kernel32.dll library. This is how the function code looks like in its original form: 76B73EFC > 8BFF MOV EDI,EDI 76B73EFE 55 PUSH EBP 76B73EFF 8BEC MOV EBP,ESP 76B73F01 51 PUSH ECX 76B73F02 51 PUSH ECX 76B73F03 FF75 08 PUSH DWORD PTR SS:[EBP+8] 76B73F06 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] ... 76B73F41 E8 35D7FFFF CALL <JMP.&API-MS-Win-Core-File-L1-1-0.C> 76B73F46 C9 LEAVE 76B73F47 C2 1C00 RETN 1C Now if an AV was to hook this function, it would replace the first few bytes with a JMP instruction that would redirect the execution flow to its own hook handler function. That way AV would register the execution of this API with all parameters lying on the stack at that moment. After the AV hook handler finishes, they would execute the original set of bytes, replaced by the JMP instruction and jump back to the API function for the process to continue its execution. This is how the function code would look like with the injected JMP instruction: Hook handler: 1D001000 < main hook handler code - logging and monitoring > ... 1D001020 8BFF MOV EDI,EDI ; original code that was replaced with the JMP is executed 1D001022 55 PUSH EBP 1D001023 8BEC MOV EBP,ESP 1D001025 -E9 D72EB759 JMP kernel32.76B73F01 ; jump back to CreateFileW to instruction right after the hook jump CreateFileW: 76B73EFC >-E9 FFD048A6 JMP handler.1D001000 ; jump to hook handler 76B73F01 51 PUSH ECX ; execution returns here after hook handler has done its job 76B73F02 51 PUSH ECX 76B73F03 FF75 08 PUSH DWORD PTR SS:[EBP+8] 76B73F06 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] ... 76B73F46 C9 LEAVE 76B73F47 C2 1C00 RETN 1C There are multiple ways of hooking code, but this one is the fastest and doesn't create too much bottleneck in code execution performance. Other hooking techniques involve injecting INT3 instructions or properly setting up Debug Registers and handling them with your own exception handlers that later redirect execution to hook handlers. Now that you know how real-time protection works and how exactly it involves API hooking, I can proceed to explain the methods of bypassing it. There are AV products on the market that perform real-time monitoring in kernel-mode (Ring0), but this is out of scope of this post and I will focus only on bypassing protections of AV products that perform monitoring in user-mode (Ring3). The Unhooking Flashbang As you know already, the real-time protection relies solely on API hook handlers to be executed. Only when the AV hook handler is executed, the protection software can register the call of the API, monitor the parameters and continue mapping the process activity. It is obvious that in order to completely disable the protection, we need to remove API hooks and as a result the protection software will become blind to everything we do. In our own application, we control the whole process memory space. AV, with its injected code, is just an intruder trying to tamper with our software's functionality, but we are the king of our land. Steps to take should be as follows: Enumerate all loaded DLL libraries in current process. Find entry-point address of every imported API function of each DLL library. Remove the injected hook JMP instruction by replacing it with the API's original bytes. It all seems fairly simple until the point of restoring the API function's original code, from before, when the hook JMP was injected. Getting the original bytes from hook handlers is out of question as there is no way to find out which part of the handler's code is the original API function prologue code. So, how to find the original bytes? The answer is: Manually retrieve them by reading the respective DLL library file stored on disk. The DLL files contain all the original code. In order to find the original first 16 bytes (which is more than enough) of CreateFileW API, the process is as follows: Read the contents of kernel32.dll file from Windows system folder into memory. I will call this module raw_module. Get the base address of the imported kernel32.dll module in our current process. I will call the imported module imported_module. Fix the relocations of the manually loaded raw_module with base address of imported_module (retrieved in step 2). This will make all fixed address memory references look the same as they would in the current imported_module (complying with ASLR). Parse the raw_module export table and find the address of CreateFileW API. Copy the original 16 bytes from the found exported API address to the address of the currently imported API where the JMP hook resides. This will effectively overwrite the current JMP with the original bytes of any API. If you want to read more on parsing Portable Executable files, the best tutorial was written by Iczelion (the website has a great 90's feel too!). Among many subjects, you can learn about parsing the import table and export table of PE files. When parsing the import table, you need to keep in mind that Microsoft, with release of Windows 7, introduced a strange creature called API Set Schema. It is very important to properly parse the imports pointing to these DLLs. There is a very good explanation of this entity by Geoff Chappel in his The API Set Schema article. Stealth Calling The API unhooking method may fool most of the AV products that perform their behavioral analysis in user-mode. This however does not fool enough, the automated sandbox analysis tools like Cuckoo Sandbox. Cuckoo apparently is able to detect if API hooks, it put in place, were removed. That makes the previous method ineffective in the long run. I thought of another method on how to bypass AV/sandbox monitoring. I am positive it would work, even though I have yet to put it into practice. For sure there is already malware out there implementing this technique. First of all, I must mention that ntdll.dll library serves as the direct passage between user-mode and kernel-mode. Its exported APIs directly communicate with Windows kernel by using syscalls. Most of the other Windows libraries eventually call APIs from ntdll.dll. Let's take a look at the code of ZwCreateFile API from ntdll.dll on Windows 7 in WOW64 mode: 77D200F4 > B8 52000000 MOV EAX,52 77D200F9 33C9 XOR ECX,ECX 77D200FB 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 77D200FF 64:FF15 C0000000 CALL DWORD PTR FS:[C0] 77D20106 83C4 04 ADD ESP,4 77D20109 C2 2C00 RETN 2C Basically what it does is pass EAX = 0x52 with stack arguments pointer in EDX to the function, stored in TIB at offset 0xC0. The call switches the CPU mode from 32-bit to 64-bit and executes the syscall in Ring0 to NtCreateFile. 0x52 is the syscall for NtCreateFile on my Windows 7 system, but the syscall numbers are different between Windows versions and even between Service Packs, so it is never a good idea to rely on these numbers. You can find more information about syscalls on Simone Margaritelli blog here. Most protection software will hook ntdll.dll API as it is the lowest level that you can get to, right in front of the kernel's doorstep. For example if you only hook CreateFileW in kernel32.dll which eventually calls ZwCreateFile in ntdll.dll, you will never catch direct API calls to ZwCreateFile. Although a hook in ZwCreateFile API will be triggered every time CreateFileW or CreateFileA is called as they both eventually must call the lowest level API that communicates directly with the kernel. There is always one loaded instance of any imported DLL module. That means if any AV or sandbox solution wants to hook the API of a chosen DLL, they will find such module in current process' imported modules list. Following the DLL module's export table, they will find and hook the exported API function of interest. Now, to the interesting part. What if we copied the code snippet, I pasted above from ntdll.dll, and implemented it in our own application's code. This would be an identical copy of ntdll.dll code that will execute a 0x52 syscall that was executed in our own code section. No user-mode protection software will ever find out about it. It is an ideal method of bypassing any API hooks without actually detecting and unhooking them! Thing is, as I mentioned before, we cannot trust the syscall numbers as they will differ between Windows versions. What we can do though is read the whole ntdll.dll library file from disk and manually map it into current process' address space. That way we will be able to execute the code which was prepared exclusively for our version of Windows, while having an exact copy of ntdll.dll outside of AV's reach. I mentioned ntdll.dll for now as this DLL doesn't have any other dependencies. That means it doesn't have to load any other DLLs and call their API. Its every exported function passes the execution directly to the kernel and not to other user-mode DLLs. It shouldn't stop you from manually importing any other DLL (like kernel32.dll or user32.dll), the same way, if you make sure to walk through the DLLs import table and populate it manually while recursively importing all DLLs from the library's dependencies. That way the manually mapped modules will use only other manually mapped dependencies and they will never have to touch the modules that were loaded into the address space when the program was started. Afterwards, it is only a matter of calling the API functions from your manually mapped DLL files in memory and you can be sure that no AV or sandbox software will ever be able to detect such calls or hook them in user-mode. Conclusion There is certainly nothing that user-mode AV or sandbox software can do about the evasion methods I described above, other than going deeper into Ring0 and monitoring the process activity from the kernel. The unhooking method can be countered by protection software re-hooking the API functions, but then the APIs can by unhooked again and the cat and mouse game will never end. In my opinion the stealth calling method is much more professional as it is completely unintrusive, but a bit harder to implement. I may spend some time on the implementation that I will test against all popular sandbox analysis software and publish the results. As always, I'm always happy to hear your feedback or ideas. You can hit me up on Twitter @mrgretzky or send an email to kuba@breakdev.org. Enjoy and see you next time! Sursa: https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/

Salariul unui programator intre 2000-4000 euro, in Romania ? de unde sunt statisticile astea ? Titlu clickbait, de Can-can. Facut pentru a da sperante tinerilor visatori, pentru a-i atrage si convinge sa depunde o munca de sclav in companiile lor de cacat, sub pretextul unor promisiuni false.

Cursuri (text/audio/video) din diverse domenii: http://ocw.mit.edu/

ClientOnly 1 EnforceDistinctSubnets 0 UseEntryGuards 1 NumEntryGuards 8 GeoIPExcludeUnknown 1 EntryNodes AutonomyCube,AccessNow000,AccessNow001,AccessNow002,AccessNow003,AccessNow004,AccessNow005,AccessNow006,AccessNow007,AccessNow008,AccessNow009,AccessNow010,AccessNow011,AccessNow012,AccessNow013,AccessNow014,AccessNow015,AccessNow016,AccessNow017,AccessNow018,AccessNow019,DigiGesTor1e1,DigiGesTor1e2,DigiGesTor1e3,DigiGesTor1e4,DigiGesTor2e1,DigiGesTor2e2,DigiGesTor2e3,DigiGesTor2e4,orion,orilla,destiny,chulak,aurora,assk,alf,sofia,politkovskaja,lumumba,HaveHeart,hessel0,hessel1,hessel2,edwardsnowden0,edwardsnowden1,edwardsnowden2,ekumen,marcuse1,marcuse2,marylou1,marylou2,chaoscomputerclub27,chaoscomputerclub28,chaoscomputerclub29,chaoscomputerclub30,chaoscomputerclub31,chaoscomputerclub32,chaoscomputerclub33,chaoscomputerclub34,atticus,blanqui,thoreau,enjolras,luxemburg,bakunin,bakunin2,bakunin3,bakunin4,jaures,jaures2,jaures3,jaures4,DFRI0,DFRI1,DFRI3,DFRI4,DFRI5,DFRI6,DFRI7,hviv100,hviv104,hviv105,wagtail,toreffiorg,startor0fr,startor0de,startor0nl,startor0lv,startor0se,apx1,apx2,apx3,torrelay1ph3xat,torrelay2ph3xat,symphony,vikingolaf,vikinguthar,vikinghelga,vikingbjorn,tor1multisec,tor2multisec,tor3multisec,tor4multisec,tor5multisec,CalyxInstitute07,SIGAINT1,SIGAINT2,SIGAINT3,SIGAINT4,saveyourprivacyex1,saveyourprivacyexit,{ad},{at},{aw},{ax},{be},{bl},{bs},{ch},{cl},{cr},{cv},{cw},{cz},{de},{dk},{dm},{ee},{es},{fi},{fm},{fo},{fr},{gf},{gp},{is},{li},{lt},{lu},{lv},{mc},{mh},{mq},{mt},{nc},{nl},{no},{pf},{pl},{pm},{pt},{pw},{re},{ro},{rs},{se},{si},{sk},{sm},{sr},{st},{sv},{sx},{uy},{vu},{wf} ExcludeNodes Unnamed,default,kasperskytor04,37.221.171.234,tylerlockedotorg,198.58.115.210,kebab,193.142.30.66,RedOctober1917,dannenberg,193.23.244.244,dizum,194.109.206.212,Faravahar,154.35.175.225,gabelmoo,131.188.40.189,longclaw,199.254.238.52,maatuska,171.25.193.9,moria1,128.31.0.34,tor26,86.59.21.38,Tonga,82.94.251.203,{ae},{af},{ao},{az},{bh},{bi},{bn},{by},{cd},{cf},{cg},{cm},{cn},{co},{cu},{dj},{dz},{eg},{er},{et},{ga},{gm},{gq},{gt},{hn},{id},{iq},{ir},{jo},{kh},{kp},{kz},{la},{lk},{ly},{ma},{mk},{ml},{mm},{mr},{mx},{my},{ng},{om},{ph},{pk},{ps},{qa},{ru},{rw},{sa},{sd},{sg},{so},{sy},{sz},{td},{th},{tj},{tm},{tr},{ua},{ug},{uz},{ve},{vn},{ye},{zw},{ai},{aq},{as},{au},{bm},{ca},{cc},{ck},{cx},{cy},{fk},{gb},{gg},{gi},{gl},{gs},{gu},{hm},{ie},{im},{io},{je},{ky},{mp},{ms},{nf},{nu},{nz},{pn},{pr},{sh},{tc},{tk},{us},{vg},{vi} ExcludeExitNodes {ag},{al},{am},{ar},{ba},{bb},{bd},{bf},{bg},{bj},{bo},{br},{bt},{bw},{bz},{ci},{dm},{do},{ec},{fj},{gd},{ge},{gh},{gn},{gr},{gw},{gy},{hk},{hr},{ht},{hu},{il},{in},{it},{jm},{jp},{ke},{kg},{ki},{km},{kn},{kr},{kw},{lb},{lc},{lr},{ls},{md},{me},{mg},{mn},{mo},{mu},{mv},{mw},{mz},{na},{ne},{ni},{np},{nr},{pa},{pe},{pg},{py},{sb},{sc},{sl},{sn},{tg},{tl},{tn},{to},{tt},{tw},{tv},{tz},{va},{vc},{ws},{yt},{za},{zm} ExitNodes AutonomyCube,85.16.128.242,85.16.128.243,85.16.128.244,85.16.128.245,AccessNow000,AccessNow001,176.10.99.200,AccessNow002,AccessNow003,176.10.99.201,AccessNow004,AccessNow005,176.10.99.202,AccessNow006,AccessNow007,176.10.99.203,AccessNow008,AccessNow009,176.10.99.204,AccessNow010,AccessNow011,176.10.99.205,AccessNow012,AccessNow013,176.10.99.206,AccessNow014,AccessNow015,176.10.99.207,AccessNow016,AccessNow017,176.10.99.208,AccessNow018,AccessNow019,176.10.99.209,DigiGesTor1e1,DigiGesTor1e2,176.10.104.240,DigiGesTor1e3,DigiGesTor1e4,176.10.104.241,DigiGesTor2e1,DigiGesTor2e2,176.10.104.243,DigiGesTor2e3,DigiGesTor2e4,176.10.104.244,orion,94.242.246.24,orilla,94.242.252.41,destiny,94.242.246.23,chulak,176.126.252.11,aurora,176.126.252.12,assk,62.102.148.67,alf,77.247.181.166,sofia,77.247.181.162,politkovskaja,77.247.181.165,lumumba,77.247.181.163,HaveHeart,77.247.181.164,hessel0,109.163.234.2,hessel1,109.163.234.4,hessel2,109.163.234.5,edwardsnowden0,109.163.234.7,edwardsnowden1,109.163.234.8,edwardsnowden2,109.163.234.9,ekumen,95.142.161.63,marcuse1,178.20.55.16,marcuse2,178.20.55.18,marylou1,marylou2,89.234.157.254,chaoscomputerclub27,77.244.254.227,chaoscomputerclub28,77.244.254.228,chaoscomputerclub29,77.244.254.229,chaoscomputerclub30,77.244.254.230,chaoscomputerclub31,217.115.10.131,chaoscomputerclub32,217.115.10.132,chaoscomputerclub33,217.115.10.133,chaoscomputerclub34,217.115.10.134,atticus,46.239.117.180,blanqui,thoreau,46.165.221.166,enjolras,81.89.96.88,luxemburg,81.89.96.89,bakunin,178.16.208.57,bakunin2,178.16.208.59,bakunin3,178.16.208.61,bakunin4,178.16.208.55,jaures,178.16.208.56,jaures2,178.16.208.58,jaures3,178.16.208.60,jaures4,178.16.208.62,DFRI0,171.25.193.20,DFRI1,171.25.193.77,DFRI3,171.25.193.235,DFRI4,171.25.193.78,DFRI5,171.25.193.25,DFRI6,171.25.193.132,DFRI7,171.25.193.131,hviv100,194.104.0.100,hviv104,192.42.116.16,hviv105,79.98.107.90,wagtail,77.109.139.87,startor0se,95.215.45.187,startor0lv,185.61.149.43,apx1,176.9.25.72,apx2,85.10.210.199,apx3,5.9.36.66,toreffiorg,212.16.104.33,saveyourprivacyex1,185.100.86.100,saveyourprivacyexit,185.100.84.82,vikingolaf,193.107.85.61,vikinguthar,193.107.85.62,vikinghelga,193.107.85.56,vikingbjorn,193.107.85.57,tor1multisec,193.90.12.86,tor2multisec,193.90.12.87,tor3multisec,193.90.12.88,tor4multisec,193.90.12.89,tor5multisec,193.90.12.90,CalyxInstitute07,82.94.251.227,{ad},{at},{aw},{ax},{be},{bl},{bs},{ch},{cl},{cr},{cv},{cw},{cz},{de},{dk},{dm},{ee},{es},{fi},{fm},{fo},{fr},{gf},{gp},{is},{li},{lt},{lu},{lv},{mc},{mh},{mq},{mt},{nc},{nl},{no},{pf},{pl},{pm},{pt},{pw},{re},{ro},{rs},{se},{si},{sk},{sm},{sr},{st},{sv},{sx},{uy},{vu},{wf} LongLivedPorts 21, 22, 80, 443, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300, 9001, 9030 AvoidDiskWrites 1 Log notice stdout SocksListenAddress 127.0.0.1 SocksPort 9150 ControlPort 9151 CookieAuthentication 1 Vedeti si: https://tornull.org/tbbnull.php (sursa: https://bitcointalk.org/index.php?topic=331077.msg13450257#msg13450257)

De retinut ca depinde si de modelul / marca telefonului. Mie mi-au functionat cateva..altele nu...bine nici nu le-am testat pe toate ci doar cateva random.... *#*#778O#*#* = Factory Data Reset *#*#I472365#*#* = Starts a Quick GPS Test *#*#0673#*#* OR *#*#0289#*#* = Starts Audio Test *#*#2664#*#* = Starts Touch Screen Test #’#273283*255*663282*#*#* = Backup Media Files *#*#0283#*#* = Starts Packet Loopback Test *2767*3855# = Reinstalls The Phones Firmware & Format Your Phone *#*#232339#*#* OR *#*#526#*#* = Starts Wireless LAN Test *#*# 1575#*#* = Starts Different GPS Tests *#*#4636#*#*‘ = Shows Complete Information About Your Phone *#*#2663#*#* = Shows Touch Screen Version *#*#232337#*# = Displays Bluetooth Device Address *#*#4986*2650468#*#* = Shows PDA, Phone Hardware, RF& Call Date *#*#44336#*#* = Displays Build Time *#06# = Displays IMEI Number *#*#8255#*#* = Google Talk Service Monitoring *#*#I II I#*#* | *‘#*#2222#*#* = Shows FTA Software Version & FTA Hardware Version *#*#3264#*#* = Shows ROMVersion *#*#23233I#‘*#* = Starts Bluetooth Test *#*# 1234#’#’ = Shows PDA & Phone Firmware Information *#*#0*#*#*= Starts LCD Display Test *#*#0842#*#* Starts Vibration & Backlight Test *#*#0588#*#* = Shows Proximity Sensor Test *#*#232338#*#* = Shows Wi-Fi Mac Address *#*#7262626#*#*= Shows Field Test *#*#34971539#*#* = Shows Camera Update *#*#19732840#*#* = Enables Test Mode *#06# – Shows IMEI number *#0*# – Shows Service Menu (Galaxy S III + ) *#*#4636#*#* – Shows Phone Information,Usage Statistics &Battery Information *#*#34971539#*#* – Shows Detailed Camera Information *#*#273282*255*663282*#*#* – Immediate Backup of AllMedia Files *#*#197328640#*#* – EnablesTest Mode For Service *#*#232339#*#* – Wireless LAN Tests *#*#0842#*#* – Backlight & Vibration Test *#*#2664#*#* – Touch Screen Test *#*#1111#*#* – FTA Software Version (if 1111 does not work try 1234) *#12580*369# – Software &Hardware Information *#9090# – Diagnostic Configuration *#872564# – USB Logging Control *#9900# – System Dump Mode *#301279# – HSDPA/HSUPA Control Menu *#7465625# – ViewsPhone Lock Status *#*#7780#*#* – Resets The Data Partition To Factory State *2767*3855# – FormatsDevice to Factory State (will delete everything on phone) ##7764726 – Hidden Service Menu (forsome Motorola Droid series) *#*#7594#*#* – EnablesDirect Powering Down of Device (once this code is entered) *#*#273283*255*663282*#*#* –Quick Backup of All The Media Files On Your Android Device *#*#232338#*#* – Shows Wi-Fi MAC Address *#*#1472365#*#* – Performs a Quick GPS Test *#*#1575#*#* – For a More Advanced GPS Test *#*#0283#*#* – Performs a Packet Loopback Test *#*#0*#*#* – Runs a LCD Display Test *#*#0289#*#* – Runsan Audio Test *#*#2663#*#* – ShowsDevice’s Touch Screen Version *#*#0588#*#* – Performs a Proximity Sensor Test *#*#3264#*#* – Shows RAM Version *#*#232331#*#* – Runs Bluetooth Test *#*#232337#*# – Shows device’s Bluetooth Address *#*#7262626#*#* – Performs a Field Test *#*#8255#*#* – Monitors Google Talk Service *#*#4986*2650468#*#* – Shows Phone, Hardware, PDA, RF Call Date & Firmware Information *#*#1234#*#* – Shows PDA & Phone Firmware Information *#*#2222#*#* – Shows FTA Hardware Version *#*#44336#*#* – Shows Build Time &Change List Number *#*#8351#*#* – Enables Voice Dialing Log Mode *#*#8350#*#* – Disables Voice Dialing Log Mode ##778 (+call) – Shows EPST Menu *#*#7594#*#* – EnablesDirect Powering Down of device once this code is entered *#*#232338#*#* – Shows Wi-Fi MAC Address Specific Codes for HTC devices:- *#*#3424#*#* – Runs HTC Function Test Program ##786# – Reverse Logistics Support ##3282# – Shows EPST Menu ##3424# – RunsDiagnostic Mode *#*#8255#*#* – Launches Google Talk Service Monitor ##33284# – PerformsField Test ##8626337# – Runs VOCODER *#*#4636#*#* – Shows HTC Info Menu

Seamana cu ceva, dar cred ca e altceva. http://www.etrafic.ro/ != https://kairosplanet.com/#products Sau oare sunt niste intermediari? Tot 4 pachete ofera si ei, doar preturile difera putin

Salutare! Ma poate ajuta cineva cu un link de download pentru filmul Nerve (2016)? Subtitrarea este bine-venita, insa nu este nicio problema daca lipseste. Multumesc!

Buna, Cine are mai multe baze de date pentru RO sa ma ajute si pe mine? As avea nevoie de ajutor pentru niste investigatii: cateva telefoane mobile, conturi de fb/mail ceva. PM pentru detalii. Multumesc anticipat M.

20$ gratuit la vultr, recomand : https://theplusit.com/2016/08/02/cum-sa-primesti-20-gratuit-la-vultr/

M-am lamurit cum este cu hosting-ul (doar reclama). Opinia mea:home is the best. Ai acces la server (fizic,panou administrare doar local,ftp la fel). Doar portul 80 este accesibil din exterior. Plus ca la, 15...20$ ai doar:2 CoreProcessor,acasa am quad core. Timp de raspuns la fel (CloudFlare). HDD, depinde cat are fiecare,ram la fel.