Leaderboard

Care parte din "could unlock " nu o înțelegi? Din partea mea sper ca asemenea bug-uri să nu funcționeze vreodată pentru români și pentru alte nații de ciorditori. Știrea e de domeniul securității, în scop de research, nu pentru idioți ce au în sertare telefoane furate și speră să le deblocheze. Câteodată îi dau dreptate maximă lui @aelius legat de oamenii din țara asta.

Am facut rost de un draft al unei carti noi si interesante de ML (machine learning). Contine 12 capitole si se axeaza pe: - cum sa faci ceva util folosind ML - cand sa folosesti ML - cum sa o folosesti in productie Relevant reddit: https://www.reddit.com/r/mlyearning/ Link: https://gallery.mailchimp.com/dc3a7ef4d750c0abfc19202a3/files/Machine_Learning_Yearning_V0.5_01.pdf Preview:

Mană cerească pentru ciorditorii de aifonuri => Lost and stolen iOS devices could be at risk if ne’er-do-wells learn of this blunt-force method of getting past Activation Lock. No special equipment or technical know-how is required, which means any geek off the streets can do it. Fortunately, it’s easily fixed — but until that happens, you might want to be a little extra careful about leaving your phone unattended. The latest exploit is described by Benjamen Kunz-Mejri, founder of German security outfit Vulnerability Lab. An earlier variation, discovered by Slash Secure’s Hemanth Joseph, affected iOS 10.1 and was reported to Apple in October. Although the company attempted to fix the problem in 10.1.1, adding a twist — literally — the the attack means devices are still vulnerable after the update. When an iOS device’s owner activates Lost Mode through Find my iPhone/iPad, the device is remotely put into Activation Mode, requiring your Apple ID for it to unlock and return it to normal. But logging in requires an internet connection, and for that purpose you can opt to use wi-fi. So the attacker goes to the wi-fi network select screen, and selects “other network.” This is where things get hot. The network name and password fields here have no character limits! Apple wasn’t silly enough to allow arbitrary code execution from the fields, so there’s no serious buffer overflow attack here. But if you put enough characters into both fields (upwards of 10,000) the device will slow down and eventually freeze. Put the device to sleep with a cover, wait a few seconds, and open it up — voila, the home screen! That method worked on 10.1, but with 10.1.1, you have to do a bit of screen rotation and use Night Shift mode. The home screen only shows up for a fraction of a second, but Kunz-Mejri told SecurityWeek that one can get it to stay visible with a well-timed button press. The problem could be fixed with a simple character limit on those fields, a fix Apple apparently overlooked or didn’t have time to implement in the update. TechCrunch has contacted Apple for confirmation and further details, and this post will be updated if we hear back. Sursa: https://techcrunch.com/2016/12/02/copy-and-paste-trick-could-unlock-ios-10-devices-in-lost-mode/

______ _ ________ _ _ ______ _______ _ _ _____ | ____/\ | |/ / ____| \ | | ____|__ __| | \ | |/ ____| | |__ / \ | ' /| |__ | \| | |__ | |______| \| | | __ | __/ /\ \ | < | __| | . ` | __| | |______| . ` | | |_ | | | / ____ \| . \| |____| |\ | |____ | | | |\ | |__| | |_|/_/ \_\_|\_\______|_| \_|______| |_| |_| \_|\_____| D O C U M E N T A T I O N FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael Sikorski. The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures. Penetration testers and bug hunters will find FakeNet-NG's configurable interception engine and modular framework highly useful when testing application's specific functionality and prototyping PoCs. Download & Usage: https://github.com/fireeye/flare-fakenet-ng

Seems legit as far as I had time to fiddle with it. Many thanks to @XRAHITEL.

A incerca cineva 3.4? Merge? Folositi o masina virtuala pentru teste.

Noroc! Saptamana viitoare,se va desfasura un Meetup pentru limbajul SQL Server. Meetup-ul se organizeaza in fiecare luna,incepand cu prima martea din luna. Meetup-ul va avea loc in data de 7 decembrie 2016,intre orele 18.30-20.30. Evenimentul are loc la sediul firmei Cegeka Romania. Trebuie sa intrati la parterul cladirii si sa intrebati de Meetup,la ce etaj se tine. Eu personal,am mai fost la 4 Meetup-uri. Lume multa nu vine,vin in jur de 20-25 de programatori,majoritatea fiind de la Cegeka Romania(colegi). Exista si un link,dar nu vreau sa-l postez aici(daca vreti sa ma intelegeti). Bafta!

DFF is an Open Source computer forensics platform built on top of a dedicated Application Programming Interface (API). DFF proposes an alternative to the aging digital forensics solutions used today. Designed for simple use and automation, DFF interface guides the user through the main steps of a digital investigation so it can be used by both professional and non-expert to quickly and easily conduct a digital investigation and perform incident response. DFF follows three main goals : Modularity In contrary to the monolithic model, the modular model is based on a core and many modules. This modular conception presents two advantages : it permits to improve rapidly the software and to split easily tasks for developers. Scriptability It is obvious that the ability to be scripted gives more flexibility to a tool, but it also enables automation and gives the possibility to extend features Genericity the project tries to remain Operating System agnostic. We want to help people where they are ! Letting them choose any Operating System to use DFF. Amongst supported features of DFF : Automated analysis Mount partitions, file systems and extract files metadata and other usefull information in an automated way. Generate an HTML report with System & User activity Direct devices reading support Supported forensic image file formats AFF, E01, Ex01, L01, Lx01, dd, raw, bin, img Supported volumes & File systems with unallocated space, deleted items, slack space, ... DOS, GPT, VMDK, Volume Shadow Copy, NTFS, HFS+, HFSX, EXT2, EXT3, EXT4, FAT12, FAT16, FAT32 Embeded viewers for videos, images, pdf, text, office documents, registry, evt, evtx, sqlite, ... Outlook and Echange mailboxes (PAB, PST, OST) Metadata extraction Compound files (Word, Excel, Powerpoint, MSI, ...) Windows Prefetch Exif information LNK Browser history Firefox, Chrome, Opera System & Users activity connected devices, user accounts, recent documents, installed software, network, ... Volatile memory analysis with graphical interface to Volatility Videos thumbnails generation Support for Sqlite, Windows Registry, Evt and Evtx Full Skype analysis (Sqlite and old DDB format) Timeline based on all gathered timestamps (file systems and metadata) Hashset supports with automatic "known bad", "known good" tagging Mount functionnality to access recovered files and folders from your local system In place carving ... Sursa: https://github.com/arxsys/dff

Orice distributie de linux poate fi instalata e VirtualBox. Iti recomand debian. Functioneaza foarte bine si este usor de utilizat. Poti arunca o privire si pe aici: http://virtualboxes.org/images/

Nu cred că ar fi atât de cretini să facă exploit-uri care pot fi descoperite de public. Ar putea face o înțelegere internă pe un exploit priv8 la care doar ei să aibe acces prin anumiți pași/chei de acces unice către sistem. O vulnerabilitate ca asta o poate găsi orice cioban cu puțin noroc, așa că tind să cred că nu e vreun serviciu legat de treaba asta, ci doar o scăpare a lor. #my2cents

Testat pe 10.1 si nu merge . E facatura ...FAKE da erroare 53 ce sa fac boss ca nu merge fake scamm