Leaderboard

Domnul balls, rusine (muie) tie pentru ca dupa ce ai o gandire limitata, te mai si inflamezi ca fundul unei scroafe in calduri. Prostul daca nu-i fudul, nu-i prost destul. Partea tehnica nu e singurul considerent ci sunt multe altele: - quality assurance (controlul calitatii): Chiar daca sunt facute tot in China sau orice alta tara asemanatoare, companiile gen Google, Apple, Samsung, etc - au procedee de control al calitatii mult mai bine definite, controlate si impuse si standarde ridicate. Nu la fel poate fi spus despre restul firmelor de "Chicken chow mein" si "Irinel si balanel" - marketing: Cand o companie "noname" da cu bata in balta are un efect mult mai mic fata de o companie cu market share ridicat, mai ales ca multe din ele nici nu sunt listate la bursa. Cand se intampla nasoale la o firma mare (gen Samsung recent) erau trambitate stirile pe toate canalele media (scrisa, radio, tv, online). Dar cand o sfecleste o firma "noname" de abia scrie pe un site/blog amarat. Restul nu isi permit sa faca greseli majore. - legislatie: Tinand cont ca multi demnitari (ministri, parlamentari, guvern, executiv, etc.) folosesc astfel de produse, ma indoiesc ca o tara ar permite comercializarea in masa a unor astfel de produse cu buna stiinta ca au backdoor catre alte tari. Din contra, de exemplu guvernul US ar vrea sa aiba ei treburile lor instalate pe produsele Apple daca ar putea. - patents: Pe un singur model sunt enorm de multe patente si secrete de productie care nu sunt neaparat cunoscute celorlalte firme mici. Companiile gen Google, Samsung, Apple, etc. au invatat din multe greseli de productie - cele noi inca au de invatat. - consumer behaviour: Am amici chinezi, lucrez cu ei, etc. si cunosc bine acest lucru: In China, Japonia si restul pietelor din jur exista un obicei la tineri sa schimbe telefoanele mult mai des fata de Europa. Nu m-am uitat dupa research dar probabil media e undeva la 2-3 telefoane / an. So, avand un astfel de target customer de ce ai face telefoane mai durabile si de calitate si te chinui si investesti in telefoane care sa tina 3 ani cand ei le schimba dupa 7-8 luni. - premium / emerging customers: Calitatea produselor este definita si de zonele unde sunt vandute. Acelasi telefon care e vandut in UK va avea o anumita calitate, vandut in Ukraina va avea o alta calitate is vandut in Gambia o alta. La fel si cu hainele, se vede calitatea aproape instant (sau dupa prima spalare) chiar daca toate sunt facute in Bangladesh/Pakistan. Cand produsul este vandut unei tari care are legi bine definite de returnare, asteptarile clientilor sunt ridicate si isi permit sa plateasca premium - li se livreaza ce-i mai bun. Restul primesc mai la noroc. Inca in tarile arabe anumite produse au specificatia in magazin: facute pentru Europa si facute pentru Middle East! Si lista poate continua...

Rezolvare:

This is for someone who wants to jump into kernel debugging but like me thought it was very difficult to get setup and working properly. It turns out its actually a lot easier than you think. part1: https://vvalien1.wordpress.com/2016/12/26/kernel-debugging-101/ part2: https://vvalien1.wordpress.com/2017/01/01/kernel-debugging-101-part2/ part3: https://vvalien1.wordpress.com/2017/01/01/kernel-debugging-101-part3/

12 Days of HaXmas: Meterpreter's new Shiny for 2016 Blog Post created by Brent Cook on Jan 5, 2017 Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Editor's Note: Yes, this is technically an extra post to celebrate the 12th day of HaXmas. We said we liked gifts! Happy new year! It is once again time to reflect on Metasploit's new payload gifts of 2016 and to make some new resolutions. We had a lot of activity with Metasploit's payload development team, thanks to OJ Reeves, Spencer McIntyre, Tim Wright, Adam Cammack, danilbaz, and all of the other contributors. Here are some of the improvements that made their way into Meterpreter this year. On the first day of Haxmas, OJ gave us an Obfuscated Protocol Beginning the new year with a bang (and an ABI break), we added simple obfuscation to the underlying protocol that Meterpreter uses when communicating with Metasploit framework. While it is just a simple XOR encoding scheme, it still stumped a number of detection tools, and still does today. In the game of detection cat-and-mouse, security vendors often like to pick on the open source project first, since there is practically no reverse engineering required. It is doubly surprising that this very simple technique continues to work today. Just be sure to hide that stager On the second day of Haxmas, Tim gave us two Android Services Exploiting mobile devices is exciting, but a mobile session does not have the same level of always-on connectivity as an always-on server session does. It is easy to lose a your session because a phone went to sleep, there was a loss of network connectivity, or the payload was swapped for some other process. While we can't do much about networking, we did take care of the process swapping by adding the ability for Android meterpreter to automatically launch as a background service. This means that not only does it start automatically, it does not show up as a running task, and is able to run in a much more resilient and stealthy way. On the third day of Haxmas, OJ gave us three Reverse Port Forwards While exploits have been able to pivot server connections into a remote network through a session, Metasploit did not have the ability for a user to run a local tool and perform the same function. Now you can! Whether it's python responder or just a web server, you can now setup a locally-visible service via a Meterpreter session that visible to your target users. This is a nice complement to standard port forwarding that has been available with Meterpreter sessions for some time. On the fourth day of Haxmas, Tim gave us four Festive Wallpapers Sometimes, when on an engagement, you just want to know 'who did I own?'. Looking around, it is not always obvious, and popping up calc.exe isn't always visible from afar, especially with those new-fangled HiDPI displays. Now Metasploit lets you change the background image on OS X, Windows and Android desktops. You can now update everyone's desktop with a festive picture of your your choosing. On the fifth day of Haxmas, OJ gave us five Powershell Prompts Powershell has been Microsoft's gift both to Administrators and Penetration Test/Red Teams. While it adds a powerful amount of capabilities, it is difficult to run powershell as a standalone process using powershell.exe within a Meterpreter session for a number of reasons: it sets up its own console handling, and can even be disabled or removed from a system. This is where the Powershell Extension for Meterpreter comes in. It not only makes it possible to confortably run powershell commands from Meterpreter directly, you can also interface directly with Meterpreter straight from powershell. It uses the capaibilites built in to all modern Windows system libraries, so it even works if powershell.exe is missing from the system. Best of all, it never drops a file to disk. If you haven't checked it out already, make it your resolution to try out the Meterpreter powershell extension in 2017. On the sixth day of Haxmas, Tim gave us six SQLite Queries Mobile exploitation is fun for obtaining realtime data such as GPS coordinates, local WiFi access points, or even looking through the camera. But, getting data from applications can be trickier. Many Android applications use SQLite for data storage however, and armed with the combination of a local privilege escalation (of which there are now several for Android), you can now peruse local application data directly from within an Android session. On the seventh day of Haxmas, danilbaz gave us seven Process Images This one is for the security researchers and developers. Originally part of the Rekall forensic suite, winpmem allows you to automatically dump the memory image for a remote process directly back to your Metasploit console for local analysis. A bit more sophisticated than the memdump command that has shipped with Metasploit since the beginning of time, it works with many versions of Windows, does not require any files to be uploaded, and automatically takes care of any driver loading and setup. Hopefully we will also have OS X and Linux versions ready this coming year as well. On the eight day of Haxmas, Tim gave us eight Androids in Packages The Android Meterpreter payload continues to get more full-featured and easy to use. Stageless support now means that Android Meterpreter can now run as a fully self-contained APK, and without the need for staging, you can now save scarce bandwidth in mobile environments. APK injection means you can now add Meterpreter as a payload on existing Android applications, even resigning them with the signature of the original publisher. It even auto-obfuscates itself with Proguard build support. On the ninth day of Haxmas, zeroSteiner gave us nine Resilient Serpents Python Meterpreter saw a lot of love this year. In addition to a number of general bugfixes, it is now much more resilient on OS X and Windows platforms. On Windows, it can now automatically identify the Windows version, whether from Cygwin or as a native application. From OS X, reliability is greatly improved by avoiding using some of the more fragile OS X python extensions that can cause the Python interpreter to crash. On the tenth day of Haxmas, OJ gave us ten Universal Handlers Have you ever been confused about what sort of listener you should use on an engagement? Not sure if you'll be using 64-bit or 32-bit Linux when you target your hosts? Fret no more, the new universal HTTP payload, aka multi/meterpreter/reverse_http(s), now allows you to just set it and forget it. On the eleventh day of Haxmas, Adam and Brent gave us eleven Posix Payloads Two years ago, I started working at Rapid7 as a payloads specialist, and wrote this post (https://community.rapid7.com/community/metasploit/blog/2015/01/05/maxing-meterpr eters-mettle) outlining my goals for the year. Shortly after, I got distracted with a million other amazing Metasploit projects, but still kept the code on the back burner. This year, Adam, myself, and many others worked on the first release of Mettle, a new Posix Meterpreter with an emphasis on portability and performance. Got a SOHO router? Mettle fits. Got an IBM Mainframe? Mettle works there too! OSX, FreeBSD, OpenBSD? Well it works as well. Look forward to many more improvements in the Posix and embedded post-exploitation space, powered by the new Mettle payload. On the twelfth day of Haxmas, OJ gave us twelve Scraped Credentials Have you heard? Meterpreter now has the latest version of mimikatz integrated as part of the kiwi extension, which allows all sorts of credential-scraping goodness, supporting Windows XP through Server 2016. As a bonus, it still runs completely in memory for stealty operation. It is now easier than ever to keep Meterpreter up-to-date with upstream thanks to some nice new hooking capabilities in Mimikatz itself. Much thanks to gentilkiwi and OJ for the Christmas present. Hope your 2017 is bright and look forward to many more gifts this coming year from the Metasploit payloads team! Sursa: https://community.rapid7.com/community/metasploit/blog/2017/01/03/12-days-of-haxmas-meterpreters-new-shiny-for-2016

Collection of CSP bypasses On this page, I'd like to collect a set of CSP bypasses related to nonces. CSP policies using nonces are considered very strong in terms of security. However, there are many (sometimes unusual) situations in which nonces can be bypassed. It is still unclear to me, if these bypasses have a practical impact on CSP's protective capabilities. Nevertheless, I'd like to explore these situations to better understand the boundaries of CSP. Furthermore, I'd like to encourage other researchers to have a closer look at CSP nonces. Bypassing script nonces via the browser cache (DOM-based XSS) Bypassing script nonces via the BFCache (by @arturjanc) Bypassing script nonces via partial markup injections Bypassing script nonces via event handlers and changeable sources Bypassing script nonces via DOM XSS (by @sirdarckcat) Bypassing script nonces via CSS I (by @sirdarckcat) Bypassing script nonces via CSS II (by @sirdarckcat) Bypassing script nonces via SVG set tags (by @sirdarckcat) Bypassing script nonces via SVG animate tags (by @0x6D6172696F) Bypassing script nonces via XSLT (by @sirdarckcat) Bypassing script nonces via base tags (by @jackmasa) Bypassing script nonces via CLOSURE_BASE_PATH (by @sirdarckcat) Bypassing script nonces by predicting random numbers Bypassing script nonces by injecting into a URL of a nonced script Bypassing script nonces by injecting into a nonced script Sursa: http://sebastian-lekies.de/csp/bypasses.php

Source: https://github.com/theori-io/chakra-2016-11 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40990.zip chakra.dll Info Leak + Type Confusion for RCE Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) Tested on Windows 10 Edge (modern.ie stable). FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3) To run: Download exploit/FillFromPrototypes_TypeConfusion.html to a directory. Serve the directory using a webserver (or python's simple HTTP server). Browse with a victim IE to FillFromPrototypes_TypeConfusion.html. Sursa: https://www.exploit-db.com/exploits/40990/

https://www.dropbox.com/s/7yk20hrxzieu2ov/1609.02353.pdf?dl=0 - http://arstechnica.com/security/2016/10/teen-arrested-for-iphone-hack-that-threatened-emergency-911-system/

Din CV-ul ministrului de la energie, Toma Petcu. Pe langa altele, competenta de "Bine" in Acrobat Reader =)))))))))))))))) Muie Rromania!

Video Preview Introduction Secure C 101 Secure C 102 Secure C 103 Code Auditing Linux & Permissions Spectrum Windows Overview Rootkits Reverse Engineering 101 Reverse Engineering 102 Fuzzing 101 Midterm Review Fuzzing 102 Exploitation 101 Exploitation 102 Exploitation 103 Networking 101 Networking 102 Web Exploitation 101 Web Exploitation 102 Web Exploitation 103 Exploitation 104 Exploitation 105 Exam 2 Review Exploitation 106 History of Exploitation Exploitation 107 Social Engineering & Physical Security Digital Forensics & Incident Response Tying All The Things Together http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html

Și acuma ce mai pui că tot s-a terminat cu Cyanogenul? Edit: Pt Cyanogen mi-am luat și eu OPO. Așteptai o veșnicie să apară un built oficial. Apoi cei de la OP au inventat propria mizerie, OxygenOS, iar Cyanogelul a început să bage Microsoft shit în OS. Acuma s-a închis proiectul Cyanogen. Dacă vorbim de partea hardware: tre să zici multe rugăciuni înainte să iei telefonul. La OPO au fost o grămadă de probleme. Mie după mai puțin de un an de folosire a telefonului mi-a apărut o dungă galbenă pe ecran. Dacă te bate ăl de sus și tre să apelezi la garanție, abia atunci o să te bucuri de serviciile chinezilor. Nu mai zic de aspectul jerpelit al telefonului...