Leaderboard

@Usr6 mi-a spus sa fac tutorialul cu rezolvarea Primul pas e sa salvam imaginea, aici cred ca s-au blocat majoritatea, ea este atat o imagine cat si o arhiva asa ca daca o deschidem cu Winrar vom vedea o alta imagine arhivata cu parola. Acum vine cea mai incurcata parte, trebuie sa decodam numerele din imagine sa aflam parola. Daca ne uitam la numere, singura caracteristica a lor este ca sunt toate numere prime. Daca facem o lista cu primele 20 de numere prime si atribuim fiecarui numar prim din lista o litera in aceeasi ordine, decodarea cifrelor este destul de usoara. https://pastebin.com/Z26JX3nD Odata ce vom dezarhiva Te_descurci_tu_cumva.jpg si o vom deschide, vom vedea niste iepurasi care se mira la vazul unui QR code, nestiind cum sa-l citeasca (poate voi stiti) . Ca'n inception, ce ne spune QR code-ul este parola imaginii. Daca vreti sa vedeti ce e ultima imagine ... well you've learned the pattern

^ Chestia de mai sus miroase a propaganda ieftina. Hai sa nu le plangem de mila companiilor. NU spun ca tinerii ar fi minunati, dar tineti cont si de asta. Companiile au nevoie de mai multa mana de lucru pentru chestiuni biocratice simple (care nu necesita cine stie ce performanta) decat de oameni performanti, functii de conducere. De aici si mesajul menit sa ii puna la punct pe cei cu aspiratii inalte, stai acolo ca avem nevoie de tine asa cum esti, lasa ca inca esti mic, pe la 50 de ani o sa vina si vremea ta, ai "nevoie de experienta" Asa apare propaganda asta din presa care ataca tinerii si ii face prosti si pretentiosi ! S-a creat un sistem ierarhic infect cu denumiri in romgleza, iar tu trebuie sa te hranesti mai mult din iluzia de status, decat din salariu. Asa poti sa ajungi de exemplu meneging expârţ sau risărci data anal-yst pe un salariu de nimic ! Te lucreaza psihologic, te fac sa te simti ca intr-o familie, e misto la noi, ne lipim stickere dragute, bem cafea si mergem in team-building si complicam lucruri simple. Poate-poate, uiti ca la final de luna iti dam salariul minim pe economie. http://www.mediafax.ro/economic/eurostat-salariul-minim-pe-economie-din-romania-este-al-doilea-cel-mai-mic-din-ue-dupa-bulgaria-16159314 Da, mi se pare corect ca un absolvent sa primeasca 3000 de ron fara prea multe cunostinte ! De ce ?! Cu putine exceptii, treaba asta cu cunostintele e relativa, pentru ca teoria invatata prin facultatzuri e subreda. De obicei nu conteaza cate cunostinte ai, in primele 2 sapt. o sa faci fix pula, la un job nou treci printr-un proces de socializare care iti cere sa desprinzi sistemul de lucru si in care vei realiza ca trebuie sa mai inveti pe desupra alte lucruri pe care nu le stiai, asta chiar si in eventualitatea in care mai ai mai avea experienta in domeniu. Nu degeaba exista internship si alte cacaturi de genul ! Practic totul cade pe capacitatea idividului de asimilare si adaptare. Si tine de tine sa mai studiezi in timpul liber ca sa te actualizezi si sa-ti securizezi job-ul. De obicei un angajat nou semneaza un contract provizoriu pe maxim 3 luni. Iar daca cel tarziu pana la finalul celor 3 luni nu atinge nivelul de performanta dorit, mars afara, du-te la impins carucioare pt. o mie de lei. 3000 de ron sunt bani multi ? asta in conditiile in care ca sa platesti singur o chirie in capitala iti trebuie macar 250 euro, iar puterea de cumparare a leului e din ce in ce mai mica. In Romania salariul minim brut e 1400 ron iar in majoritatea tarilor europene civilizate salariul net, nu brut, e > 1000 euro. Sa nu mai vorbesc ca in tarile nordice nici nu exista notiunea de salariu minim, acolo si daca lucrezi la Carrefour la impins carucioare faci > 2500 de euro. Nu salariile mari sunt problema, ne trebuie un sistem de triere rapid si corect, bazat pe capacitatea individului de performanta si adaptare. Da-i o sansa individului si motiveaza-l salarial inca de la inceput, nu-l pacali ca peste ani, cand aduna experienta va castiga mai mult. Dar daca nu se adapteaza in timp scurt, nu se perfectioneaza conform normelor si nu are performante, il dai afara de urgenta. Asta-i viziunea mea socio-economica, bazata pe ceeea ce cunosc pana acum, daca sunteti in tema si nu sunteti de acord, va rog sa ma contraziceti ca ma intereseaza subiectul.

Nu de asta nu vin ei aici, ei vin in jeep-uri de 50.000 Euro, alea au suspensii cu inteligenta artificiala. Probleme de genul le simtim doar noi ca urcam si coboram din Dacia Logan, cat despre plozii cu facultate care au impresia ca incepe pamantul sa se invarta invers cand au pus mana pe o diploma obosita ce le permita s-o arda "eu sunt praf la aia si la aia dar si la aia ca pana acum am facut scoala" (cred ca m-a bagat si pe mine printre aia 2 milioane ca roman depresiv) le doresc lopata si ciubote de cauciuc. Mi-am adus un prieten la o firma din oras candva si mai ca a fost luat in ras pentru ca toti seniorii p*lii aratau ca prostii cand incepea ala sa le dea rezolvari / metode practice absolut briliante si in timp util. Era platit cu 1500 LEI . Dupa 3 luni , in a 4-a, a primit 1800. Altul care vorbea mult, prost, lipsa practica dar la prima vedere foarte destept, pleca cu 4000 lejer asta fara suplimentare. Acum ca ne-am imbatat destul cu apa rece, eu fug sa-mi iau o bere.

Salut. Ai skype?

Nu e vorba de cei care si-au dat silinta si care chiar au invatat sau despre cei pasionati. Aia probabil sunt angajati deja din timpul facultatii si sunt in jur de 10% maxim.

unele din raspunsurile primite: copyright: @badluck copyright: @AndreiCM nu sunt raspunsurile corecte, dar, sunt prea frumose pentru a nu fi postate

Mass mailing or targeted campaigns that use common files to host or exploit code have been and are a very popular vector of attack. In other words, a malicious PDF or MS Office document received via e-mail or opened trough a browser plug-in. In regards to malicious PDF files the security industry saw a significant increase of vulnerabilities after the second half of 2008 which might be related to Adobe Systems release of the specifications, format structure and functionality of PDF files. Most enterprise networks perimeters are protected and contain several security filters and mechanism that block threats. However, a malicious PDF or MS Office document might be very successful passing trough Firewalls, Intrusion Prevention Systems, Anti-spam, Anti-virus and other security controls. By reaching the victim mailbox, this attack vector will leverage social engineering techniques to lure the user to click/open the document. Then, for example, If the user opens a PDF malicious file, it typically executes JavaScript that exploits a vulnerability when Adobe Reader parses the crafted file. This might cause the application to corrupt memory on the stack or heap causing it to run arbitrary code known as shellcode. This shellcode normally downloads and executes a malicious file from the Internet. The Internet Storm Center Handler Bojan Zdrnja wrote a good summary about one of these shellcodes. In some circumstances the vulnerability could be exploited without opening the file and just by having a malicious file on the hard drive as described by Didier Stevens. From a 100 feet view a PDF file is composed by a header , body, reference table and trailer. One key component is the body which might contains all kinds of content type objects that make parsing attractive for vulnerability researchers and exploit developers. The language is very rich and complex which means the same information can be encoded and obfuscated in many ways. For example, within objects there are streams that can be used to store data of any type of size. These streams are compressed and the PDF standard supports several algorithms including ASCIIHexDecode, ASCI85Decode, LZWDecode, FlateDecode, RunLengthDecode, CCITTFaxDecode, DCTCDecode called Filters. PDF files can contain multimedia content and support JavaScript and ActionScript trough Flash objects. Usage of JavaScript is a popular vector of attack because it can be hidden in the streams using different techniques making detection harder. In case the PDF file contains JavaScript, the malicious code is used to trigger a vulnerability and to execute shellcode. All this features and capabilities are translated in a huge attack surface! From a security incident response perspective the knowledge about how to do a detailed analysis of such malicious files can be quite useful. When analyzing this kind of files an incident handler can determine the worst it can do, its capabilities and key characteristics. Furthermore, it can help to be better prepared and identify future security incidents and how to contain, eradicate and recover from those threats. So, which steps could an incident handler or malware analyst perform to analyze such files? In case of a malicious PDF files there are 5 steps. By using REMnux distro the steps are described by Lenny Zeltser as being: Find and Extract Javascript Deobfuscate Javascript Extract the shellcode Create a shellcode executable Analyze shellcode and determine what is does. A summary of tools and techniques using REMnux to analyze malicious documents are described in the cheat sheet compiled by Lenny, Didier and others. In order to practice these skills and to illustrate an introduction to the tools and techniques, below is the analysis of a malicious PDF using these steps. The other day I received one of those emails that was part of a mass mailing campaign. The email contained an attachment with a malicious PDF file that took advantage of Adobe Reader Javascript engine to exploit CVE-2013-2729. This vulnerability found by Felipe Manzano exploits an integer overflow in several versions of the Adobe Reader when parsing BMP files compressed with RLE8 encoded in PDF forms. The file on Virus Total was only detected by 6 of the 55 AV engines. Let’s go through each one of the mentioned steps to find information on the malicious PDF key characteristics and its capabilities. 1st Step – Find and extract JavaScript One technique is using Didier Stevens suite of tools to analyze the content of the PDF and look for suspicious elements. One of those tools is Pdfid which can show several keywords used in PDF files that could be used to exploit vulnerabilities. The previously mentioned cheat sheet contain some of these keywords. In this case the first observations shows the PDF file contains 6 objects and 2 streams. No JavaScript mentioned but it contains /AcroForm and /XFA elements. This means the PDF file contains XFA forms which might indicate it is malicious. Then looking deeper we can use pdf-parser.py to display the contents of the 6 objects. The output was reduced for the sake of brevity but in this case the Object 2 is the /XFA element that is referencing to Object 1 which contains a stream compressed and rather suspicious. Following this indicator pdf-parser.py allows us to show the contents of an object and pass the stream trough one of the supporter filters (FlateDecode, ASCIIHexDecode, ASCII85Decode, LZWDecode and RunLengthDecode only) trough the –filter switch. The –raw switch allows to show the output in a easier way to read. The output of the command is redirected to a file. Looking at the contents of this file we get the decompressed stream. When inspecting this file you will see several lines of JavaScript that weren’t on the original PDF file. If this document is opened by a victim the /XFA keyword will execute this malicious code. Another fast method to find if the PDF file contains JavaScript and other malicious elements is to use the peepdf.py tool written by Jose Miguel Esparza. Peepdf is a tool to analyze PDF files, helping to show objects/streams, encode/decode streams, modify all of them, obtain different versions, show and modify metadata, execution of Javascript and shellcodes. When running the malicious PDF file against the last version of the tool it can show very useful information about the PDF structure, its contents and even detect which vulnerability it triggers in case it has a signature for it. 2nd Step – Deobfuscate Javascript The second step is to deobfuscate the JavaScript. JavaScript can contain several layers of obfuscation. in this case there was quite some manual cleanup in the extracted code just to get the code isolated. The object.raw contained 4 JavaScript elements between <script xxxx contentType=”application/x-javascript”> tags and 1 image in base64 format in <image> tag. This JavaScript code between tags needs to be extracted and place into a separated file. The same can be done for the chunk of base64 data, when decoded will produce a 67Mb BMP file. The JavaScript in this case was rather cryptic but there are tools and techniques that help do the job in order to interpret and execute the code. In this case I used another tool called js-didier.pl which is a Didier version of the JavaScript interpreter SpiderMonkey. It is essentially a JavaScript interpreter without the browser plugins that you can run from the command line. This allows to run and analyze malicious JavaScript in a safe and controlled manner. The js-didier tool, just like SpiderMonkey, will execute the code and prints the result into files named eval.00x.log. I got some errors on one of the variables due to the manual cleanup but was enough to produce several eval log files with interesting results. 3rd Step – Extract the shellcode The third step is to extract the shellcode from the deobfuscated JavaScript. In this case the eval.005.log file contained the deobfuscated JavaScript. The file among other things contains 2 variables encoded as Unicode strings. This is one trick used to hide or obfuscate shellcode. Typically you find shellcode in JavaScript encoded in this way. These Unicode encoded strings need to be converted into binary. To perform this isolate the Unicode encoded strings into a separated file and convert it the Unicode (\u) to hex (\x) notation. To do this you need using a series of Perl regular expressions using a Remnux script called unicode2hex-escaped. The resulting file will contain the shellcode in a hex format (“\xeb\x06\x00\x00..”) that will be used in the next step to convert it into a binary 4th Step – Create a shellcode executable Next with the shellcode encoded in hexadecimal format we can produce a Windows binary that runs the shellcode. This is achieved using a script called shellcode2exe.py written by Mario Vilas and later tweaked by Anand Sastry. As Lenny states ” The shellcode2exe.py script accepts shellcode encoded as a string or as raw binary data, and produces an executable that can run that shellcode. You load the resulting executable file into a debugger to examine its. This approach is useful for analyzing shellcode that’s difficult to understand without stepping through it with a debugger.” 5th Step – Analyze shellcode and determine what is does. Final step is to determine what the shellcode does. To analyze the shellcode you could use a dissasembler or a debugger. In this case the a static analysis of the shellcode using the strings command shows several API calls used by the shellcode. Further also shows a URL pointing to an executable that will be downloaded if this shellcode gets executed We now have a strong IOC that can be used to take additional steps in order to hunt for evil and defend the networks. This URL can be used as evidence and to identify if machines have been compromised and attempted to download the malicious executable. At the time of this analysis the file was no longer there but its known to be a variant of the Game Over Zeus malware. The steps followed are manual but with practice they are repeatable. They just represent a short introduction to the multifaceted world of analyzing malicious documents. Many other techniques and tools exist and much deeper analysis can be done. The focus was to demonstrate the 5 Steps that can be used as a framework to discover indicators of compromise that will reveal machines that have been compromised by the same bad guys. However using these 5 steps many other questions could be answered. Using the mentioned and other tools and techniques within the 5 steps we can have a better practical understanding on how malicious documents work and which methods are used by Evil. Two great resource for this type of analysis is the Malware Analyst’s Cookbook : Tools and Techniques for Fighting Malicious Code book from Michael Ligh and the SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Technique authored by Lenny Zeltser. Sursa: https://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/

inca unu AZW-QLJ

Salut. Un jabber / icq?

New link: https://github.com/samratashok/nishang

jucarii noi https://github.com/misterch0c/shadowbroker/

Source: https://www.quora.com/Which-Linux-distribution-is-the-best-for-a-programmer