Leaderboard

When connecting to the Internet there are many malicious threats which can harm the data on your computer. The Operating System (OS) can become in-operable and require to be re-installed. The OS and data and can be restored from a backup if you are able to perform backups of the OS and data. New threats appear on the Internet daily. Most people think that if they run Linux then they are free from such troubles. It is true that most of the threats out there are Windows based. What most people do not understand is that 90% of all high-end servers are running Linux. Since more of the high-end servers are Linux there are more threats being made against Linux. So, what is a threat? Malware and the like… Malware is composed of many things. Malware consists of viruses, trojans, worms and more. All a user needs to know is that their system is free of Malware. To find Malware a scanning program will look over specified folders and/or files. When the program scans, it is looking for signatures. A signature is made from a bit of unique code from Malware. The code is then hashed and placed in a database. The scanning program gets the hash from the database and looks through files to see if the hash exists. If the signature is found then the scanning program can alert the user that a threat has been found. The current Linux Malware Detect signature database contains 5,657,522 signatures. Some people will take an existing Malware program and use it as a basis for a new one. Since some of the code remains intact, the signature is the same for the new Malware. When an existing signature finds a new piece of Malware it is deemed a Heuristic or Generic Detection. Having the same signature as an existing Malware makes the new Malware within the same family. A completely new piece of Malware will most likely create a new signature. New signatures will cause the database to be updated. The number of Malware is increasing and the databases are updated constantly. When you have a program to scan your system then you will have new signature database updates often. NOTE: It is possible for a scanner to find a signature match to a file which is not Malware. This match is a false positive. The reverse is true as well. If a new Malware package has been released and is not in the database then the scanner will return a false negative. For this reason the signature database needs to be updated as often as possible. Let’s look at an example of Malware. Malware Example The list of Malware is quite extensive, especially getting into the whole family of a single signature. Choosing Malware to use as an example can be quite easy because of the number of existing samples. So, let’s look at ‘Linux.Encoder.1’. The Malware is also known as ‘Elf/Filecoder/A’ and ‘Trojan.Linux.Ransom.A’. The family of these types are extensive. The way it works is that it gets into your system attached to a file downloaded from the Internet. Once on your system it will become active and place a ‘readme’ file in every folder on the system. Other data on the system will be encrypted keeping you from accessing the true contents of the files. The ‘readme’ files contain information on how your data is being held captive and you must pay a ransom to have the files decrypted. When the files were encrypted there was a key sent to the server of the Malware creators. Once you pay the ransom it demands, if one was specified, then your data will be restored. A company named BitDefender has the ability to decrypt the files on your system and remove the Ransom-ware Malware. As usual, it is very important to keep your signature database up-to-date. Before you can perform updates you do need to have the scanner installed. One good scanner used by the Linux Malware Detect program is ClamAV. Install ClamAV The ClamAV program can be installed through the standard repository for both Red Hat and Debian systems. For Red Hat systems perform the following: yum -y install clamav calmav-devel clamav-update Once installed you will need to edit the file ‘/etc/clamav/freshclam.conf’. About seven lines down is a line which is ‘Example’. The line needs to have a ‘#’ placed at the beginning to make ‘#Example’. Further down is a line which starts with ‘#DatabaseDirectory’ with a folder following it. Remove the pound sign (#) at the beginning to uncomment the line. Another line which can be added at the bottom of the file is ‘DatabaseMirror database.clamav.net’. Save the file and in a Terminal you will need to issue the following command: sudo chmod -R 777 /usr/lib/clamav You should be able to issue the command ‘freshclam’ in a Terminal to update the database of ClamAV. On a Debian system you need to issue the following command: sudo apt-get install -y clamav ClamAV should update automatically every hour by default. The database is locked if you try to perform a ‘freshclam’ command to perform an update. Now that the scanner is installed you need to install LMD definitions and program. LMD Installation Whether in Debian or Red Hat the install will be the same. Perform the following commands in a Terminal. cd /tmp wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xvf maldetect-current.tar.gz ls -l | grep maldetect The last command will give you a listing of the files and folders with ‘maldetect’ in the name. You should have one similar to ‘ maldetect-1.5’. cd maldetect-1.5 [or whatever the name of the folder was in the previous step] sudo ./install.sh Now you will need to configure maldetect to work with the ClamAV Scanner by editing the file ‘/usr/local/maldetect/conf.maldet’. You need to look for a line which starts with ‘scan_clamscan’ and make sure it is set to ‘”1”’. If you want maldetect to automatically quarantine found items set the ‘quarantine_hits’ to a value of ‘1’. To clean the Malware found set the ‘quarantine_clean’ value to ‘1’. If you want to allow user scans to be performed without root access you can change the ‘scan_user_access’ value to ‘1’. Save the file and exit the editor. NOTE: Since you installed ClamAV first maldetect should already have the scanner setting set to ‘1’. If not, make sure you change it. To scan all files on your system perform the command from a Terminal: sudo maldet -a / A scan will be performed as shown in Figure 1. Maldetect will load the signatures and use the ClamAV scanner to perform the scan for the signatures in the signature file. Results of a scan are placed in a report. A report number, or SCANID, is displayed at the end of the scan. To see the report use the command ‘maldet --report SCANID’ FIGURE 1 In Figure 1 the scan which was just performed created a report with the SCANID of ‘170125-1736.1777’. To see the specific report use the command ‘maldet --report SCANID’. In the case of the scan in Figure 1 the command to see the report would be ‘maldet --report 170125-1736.1777’. To see a list of all reports use the command ‘maldet -e list’ as shown in Figure 2. FIGURE 2 To restore quarantined files found during a scan use the command: maldet -s SCANID As you can see from Figure 2 there have been three scans performed. The scan with the SCANID of ‘170124-2248.22401’ had six hits. This means it found six infected files, on the scan it performed. To use the command ‘maldet --report 170124-2248.22401’ would show results as seen in Figure 3. FIGURE 3 The main things to look at are the following lines: {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-1.5/files/clean/gzbase64.inject.unclassed {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-current.tar.gz {CAV}Win.Adware.Opencandy-78 : /media/jarret/BookC/Desktop (items)/Windows/SetupImgBsajbdfjaibufibjvSurn_2.5.8.$ {CAV}Win.Adware.Opencandy-78 : /media/jarret/BookC/Desktop (items)/Windows/SetupImgBurn_2.5.8.0.exe {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-1.5/files/clean/gzbase64.inject.unclassed {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-current.tar.gz Lines 1, 2, 5 and 6 are positive matches found for the maldetect files. The compressed files containing the installation code and the signature database (lines 2 and 6) are noted as being infected. The scanner also detected the signature database itself in lines 1 and 5. Lines 3 and 4 are a Malware called Win.Adware.Opencandy-78. Within the report you can also see that no files were quarantined since the quarantine has not been enabled. NOTE: Do not run the scans and never check the reports. I have seen large companies do such a thing and find out that a virus was not being quarantined. Since it was not removed the virus was able to spread and cause problems. As noted at one point in the report you can manually override the quarantine to occur by using the command ‘maldet -q SCANID’. So, if I issue the command ‘maldet -q 170124-2248.22401’ as seen in Figure 4, the infected files will be quarantined. FIGURE 4 Nothing of note occurs when removing the malware which was found during a scan. NOTE: If you do not enable public scanning then you must run ‘maldet’ as sudo. Be aware of the threats on the Internet. Keep in mind to always update your signature database as often as you can. Scan your system often. I hope this article can save you trouble in the future. Happy scanning!

Nu i se datoreaza lui Basescu cresterea economica, el doar s-a nimerit in acea perioada a istoriei acolo. Cresterea economica a fost cauzata de aderarea Romaniei la UE. Atunci multi au plecat in afara si multe companii straine au venit sa vada ce fel e prin Romania. Oricat de mult s-ar incerca sa se zica "IT-ul scapa de impozite si trebuie impozitati" sau "nu toti cei care lucreaza in IT sunt programatori prin urmare sa ii impozitam" sa nu uitam ca IT-ul genereaza 5-6% din PIB. By the way: Intr-un ziar din Prahova se spune ca o companie multinationala si-a trimis salariatii la protest. E o chestiune care tine de securitatea nationala. Trebui sa o verificam. http://www.hotnews.ro/stiri-esential-21587235-baronul-psd-dambovita-care-conducere-comisia-parlamentara-control-cer-sri-verifice-multinationalele-care-dat-liber-salariatilor-mearga-protest-plus-sugerat-rusia-spatele-protestelor.htm Patru ani cu actuala putere o sa ne intoarca inapoi in 1947.

Lui Ion nu ii curge scuipat din gura de prost si nu isi pierde vremea pe toate site-urile de petitii online aparute ca ciupercile dupa ploaie. Ion stie ca asa-zisele petitii sunt egale cu 0 si pe cei din legislativ si executiv ii doare fix in 3 litere de astfel de petitii. Ion stie ca pentru a avea efect, astfel de petitii trebuie recunoscute in mod oficial, gen https://petition.parliament.uk/petitions Ion mai si citeste T&C pe site-urile care s-au obosit sa le scrie si intelege ca astfel de mizerii sunt facute exclusiv pentru a colecta adrese de mail valide a prostimii pe anumite nise (destul de pretioase in ziua de azi). Si nu in ultimul rand, Ion stie ca datul de like si share pe Facebook sau retweet sau click pe o "petitie" online este egal cu zero barat si ca trebuie defapt sa exprime acest lucru in mod vocal, in strada. Fiti ca Ion!

Acum doi ani am făcut un site despre conturi premium dar crezut ca nu va funcționa, azi am văzut ca după atat timp inca mai am lume pe site. Am început sa postez din nou pe el si acum o sa ma țin. http://charged-accounts.blogspot.com

hmmm

Bati saua sa priceapa calul... Pe mine ma poti considera apolitic. Dar nu eu sunt important, eu sunt irelevant. La fel cum spunea @gogusan ca aia de nu isi platesc taxele, dau tepe cand pot, taie colturi, aia ies sa strige hotii. Tot ei nu merg la vot si accepta flegme. Doar acum ce s-au mai trezit putin. Dar unde au fost pana acum? Lucrurile nu au ajuns asa peste noapte. Si apoi acelasi popor merge si voteaza jegurile de PSD tinand cont ca sunt o adunatura de penali (si mai multi care au preferat sa frece menta in loc sa voteze) Ma refeream la faptul ca daca se vrea o clasa politica buna, trebuie implicare sociala activa si strategica, in mod sustinut. Dodoasca e mai presus de un partid sau altul si uneori o cladire trebuie demolata pentru a pune ceva mai bun in loc. De asta va dadeam muie pentru ca in loc sa demolati si reconstruiti, tot vreti sa peticiti aceleasi carpe si apoi nu va convine cand aveti gauri si va bate vantul rece in cur

Greșit. Poporul nu a ales Guvernul.

Folosind aceeasi logica, tu esti postac pesedist. Tind sa cred ca si tu faci parte din pulime si mi se face scarba.

Ia uite, Byte Basistul , taiat ca maioneza. Alegeti si pe Aerosol ca presedinte din partea mea. Pentru ca schimbare si mai bine vreti dar partea voastra nu v-o faceti.

Ce pula mea, sa-l votam pe ala care fura cel mai mult macar. Sa le dau si eu muie astora care sug pula prin Anglia si comenteaza de Romania.

Sa va dau la muie la toti care il plangeti pe Basescu! Cand o sa pricepeti ca nu trebuie ales ala care fura mai putin (dosarul flota, vanzarile anterioare, dosare musamalizatr, etc)?!? Cum nu au inteles nici americanii ca nu erau fortati sa aleaga intre si Hilary si Trump (aka "raul cel mai mic") Va meritati soarta si multe nasoale ca dobanda pentru indobitocire.

Domain Fronting Via Cloudfront Alternate Domains domains you are looking for… A technique known as Domain Fronting was recently documented for circumventing censorship restrictions by Open Whisper Systems The benefits of this technique for use in adversary simulations was recognised by several people, including Optiv and Raphael Mudge If you are not familiar with this concept, these resources are recommended reading. However to summarise, the TLDR is many services and in particular CDN services, can act as redirectors for a c2 channel. The benefit of this is it provides a reputable domain for egress and can therefore be used to circumvent proxy categorisation and other network based monitoring. In Raphael’s video, he describes how a trusted domain such as a0.awsstatic.com can be used for egress by specifying a Host header that points to an attacker controlled Cloudfront instance within the Malleable c2 profile. Our research expands on this idea to identify additional high reputation domains that can be used for egress. Amazon customers who do not want to use a generic cloudfront.net domain are able to use an “alternate domain” by simply configuring the appropriate CNAME record to point to their Cloudfront instance. This process is described by Amazon here as shown below: As such, any domain with a CNAME record pointing to the Cloudfront CDN can be used as an egress channel. Identifying these domains is relatively trivial, many can be located through Google dorks such as “CNAME *.cloudfront.net”, or using DNS bruteforcing. One of the Google dork results returns cdn.bitnami.com as a possible CNAME. We can trivially confirm that the CNAME is set as shown below: To validate that it’s possible to use cdn.bitnami.com as an egress domain, we can try and retrieve the “foo.txt” file that’s hosted on our c2 server and pointed to by our Cloudfront instance: We identified many high reputation domains that can be used for fronting, including cdn.az.gov, media.tumblr.com, images.instagram.com, cdn.zendesk.com and cdn.atlassian.com to name but a few. The short video below demonstrates this further, showing how they can be used within Cobalt Strike beacons.

cat de usor de manipulat puteti fi... au abrogat oug iar acum ca v-ati obisnuit sa stati in piata o sa cereti si demisia .SI CINE O SA VINA IN NOUL GUVERN???...niste hoti mai mari(aceasi de pe vremea lui basescu ,cu el in frunte)

https://medium.com/@contact_55146/grindeanu-sau-oug-13-2017-6ebaad2547c0#.be7bq39jo Worth a laugh

Daca se intampla minunea si isi da demisia guvernul sau trece motiunea de cenzura, Iohannis ar trebuie sa faac tot posibilul sa determine alegeri anticipate. Vazand modul in care a actionat guvernul si implicit partidele care au castigat alegerile in doua luni de cand sunt la putere nu le mai ofera legitimitatea de a zice ca au in spate 3 milioane de voturi. Cele 3 milioane de voturi au fost pentru un trai mai bun, nu pentru a il scapa pe Dragnea sau pe altii. Cu guvernul asta poti sa te astepti ca peste noapte sa dea o lege in care toate firmele ce au afaceri peste 10.000 lei sa fie impozitate cu 50% sau o alta modificare legata de codul penal prin care ofera imunitate primarilor sau functionarilor publici...

Pe principiul "pe ei si pe mama lor" - https://www.ziarulincomod.ro/update-ploiesteanul-care-a-oferit-bannere-gratuite-protestatarilor-calcat-de-politisti-la-nici-o-zi-de-la-anunt/

I dont know what's happen here... but my heart is with you guys.

Hai sa mananc si eu un cacat pe topicul asta, ca vad ca asa e trendul. Sunt in strada din prima seara dar nu protestez pentru ce protesteaza toti de pe langa mine si anume: 1. Toti care sunt in strada scandeaza impotriva OUG si mai exact impotriva pragului ala de 200mii pt abuz in serviciu. Si ca domnle vezi ca s-a dat drumul la hotie. Adica pot sa furi 199mii si scapi. GRESIT PULETILOR! GRESIT! Cand furi ceva nu esti acuzat de abuz in serviciu ci de furt. OUG-ul asta nu se aplica la dosarele deja existente (dragnea, oprea etc) ca nu poti aplica retroactiv. Modificarile vor fi valabile pt dosarele viitoare. Deci dragnea nu scapa de dosarul de instigare la abuz in serviciu ci scapa doar de dosarul cu referendum(inchisoare cu suspendare; si scapa de asta datorita legii gratierii nu oug pt codul penal).(inca o muie pt intoxicatori) NU CONFUNDATI ABUZUL IN SERVICIU cu FURTUL sau cu LUAREA DE MITA. asa ca multa MUIE la toti intoxicatorii. 2. *si aici va las sa va documentati singuri si sa trageti concluziile: eu protestez pt modificarile aduse CONFLICTULUI DE INTERESE (si aici vor scapa foarte multi, chiar vor scapa; printre ei se numara: Ponta, UDREA, Ioana Basescu, SOVA, BLAGA, Mazare si multi altii) Informeaza-te corect. Tu nici nu stii de ce protestezi, doar ti se pare cool ca esti cu tovarasii tai caterinca, hoa hoa, jos pulea, hotilor, rime, caterinca, flower power... _)_ PS: alta intoxicare ca golanii de s-au sicanat cu jandarmii erau din galeria dinamo. o mizerie grasa si fara dovezi. a aruncat-o un BOU la tv sau pe facebook si OILE(asta reprezinta 90% din cei din strada) imediat au halit-o. PS2: TARA HOTILOR SI IPOCRITILOR!

Pentru cei care nu inteleg: https://www.facebook.com/ioana.chitu.5/videos/10154591999362912/ Ceva amuzant: https://www.facebook.com/viceromania/videos/1462295087128108/?hc_ref=NEWSFEED

Nu rezolvi nimic prin asta. Va sfatuiesc sa nu recurgeti la chestii de genul. Singurul lucru care o sa rezolve ceva acolo este sangele. Sa curga mult pe strazi. Sunt granitele libere, orientati-va si plecati in alta parte unde munca este apreciata, unde exista protectie sociala, unde copii vostri nu vor creste intre tigani, manelari, ticalosi si alte subspecii. Feriti-va de romani, oriunde ati umbla in lume.

ma jur ca muream de ras =)))

Daca dadeai un traceroute, nu mai era nevoie de intrebare. Omu' a luat la OVH un server - reutilizat. https://m41.imgup.net/le_serveur8221.png