Leaderboard

Discovery tool The INTEL-SA-00075 Discovery Tool can be used by local users or an IT administrator to determine whether a system is vulnerable to the exploit documented in Intel Security Advisory INTEL-SA-00075 https://downloadcenter.intel.com/download/26755

De cand s-a inchis ClubPenguin , cei ce primesc buletin de la stat primesc si un biletel cu link-u spre registeru de aici. S-a futat sistemu'

Dar tu crezi ar putea cineva oferi 380$ pe un cont de instagram ?

https://www.eventbrite.com/ ?

How to remote hijack computers using Intel's insecure chips: Just use an empty login string Exploit to pwn systems using vPro and AMT now public 5 May 2017 at 19:52, Chris Williams You can remotely commandeer and control workstations and servers that use vulnerable Intel chipsets – by sending them empty authentication strings. You read that right. When you're expected to send a password hash, you send zero bytes. Nada. And you'll be rewarded with powerful low-level access to the box's hardware from across the network – or across the internet if the management interface faces the public web. Intel provides a remote management toolkit called AMT for its business and enterprise-friendly processors; this technology is part of Chipzilla's vPro suite and runs at the firmware level, below and out of sight of Windows, Linux, or whatever operating system you're using. It's designed to allow IT admins to remotely log into the guts of computers so they can reboot them, repair and tweak operating systems, install new OSes, access virtual serial consoles, or gain full-blown remote desktop access to the machines via VNC. It is, essentially, god-mode on a machine. Normally, AMT is password protected. This week it emerged that this authentication can be bypassed, allowing miscreants to take over systems from afar or once inside a corporate network. This critical security bug was designated CVE-2017-5689. While Intel has patched its code, people have to extract the necessary firmware updates from their hardware suppliers before they can be installed. Today we've learned it is trivial to exploit this flaw – and we're still waiting for those patches. AMT is accessed over the network via a bog-standard web interface. This prompts the admin for a password, and this passphrase is sent over by the web browser using standard HTTP Digest authentication: the username, password, and realm, are hashed using a nonce from the AMT firmware, plus a few other bits of metadata. This scrambled response is checked by Intel's AMT software to be valid, and if so, access to granted to the management interface. But if you send an empty response, the firmware thinks this is valid and lets you through. This means if you use a proxy, or otherwise set up your browser to send empty HTTP Digest authentication responses, you can bypass the password checks. This is according to firmware reverse-engineering by Embedi [PDF] which reported the flaw to Intel in March, and Tenable, which poked around and came to the same conclusion earlier this week. Intel has published some more info on the vulnerability here, which includes links to a tool to check if your system is at-risk here, and mitigations. We're told the flaw is present in some, but not all, Intel chipsets back to 2010: if you're using vPro and AMT versions 6 to 11.6 on your network – including Intel's Standard Manageability (ISM) and Small Business Technology (SBT) features – then you are potentially at risk. Sursa: https://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/

Netzob : Protocol Reverse Engineering, Modeling and Fuzzing About Welcome to the official repository of Netzob. Netzob is a tool that can be use to reverse engineer, model and fuzz communication protocols. It is made of two components: netzob a python project that exposes all the features of netzob (except GUI) you can import in your own tool or use in CLI, netzob_web a graphical interface that leverages web technologies. Source codes, documentations and resources are available for each component, please visit their dedicated directories. General Information Email: contact@netzob.org Mailing list: Two lists are available, use the SYMPA web interface to register. IRC: You can hang-out with us on Freenode's IRC channel #netzob @ freenode.org. Twitter: Follow Netzob's official accounts (@Netzob) Authors, Contributors and Sponsors See the top distribution file AUTHORS.txt in each component for the detailed and updated list of their authors, contributors and sponsors. Extra Zoby, the official mascot of Netzob. Link: https://github.com/netzob/netzob

Publicat pe 3 mai 2017 We take a look into the malware Gatak which uses WriteProcessMemory and CreateRemoteThread to inject code into rundll32.exe. Many thanks to @_jsoo_ for providing the sample! Follow me on Twitter: https://twitter.com/struppigel Gatak VirusBtn article: https://www.virusbulletin.com/virusbu... Sample: https://www.hybrid-analysis.com/sampl... API Monitor: http://www.rohitab.com/apimonitor Process Explorer: https://technet.microsoft.com/en-us/s... x64dbg: http://x64dbg.com/ HxD: https://mh-nexus.de/en/hxd/

Understand what SQL injection is and coupled with SQLMap, how it can infiltrate your system Protect your system against XSS vulnerabilities by using XSSER Safeguard user credentials by figuring out how Bruteforcing works Get to know Remote Command Execution and how it can affect your system Analyze Cross-Site Request Forgery attacks to defend your system against them Inspect open proxies and open redirects to shield your system from them Understand Clickjacking and the best approach to elude it Download (valabil 7 zile): aHR0cDovL3guY28vNmxnRXo=

V-am trimis la mai multi lista, ca am fost bombardat de PM-uri nu costa nimic, le-am dat free, normal. Astept aici un reply daca v-ati descurcat si cum merge. Salutare !

Vai de "veața" mea.. Totul părea atât de frumos la început. Forum serios cu băieți "neserioși". Acum internetul e împartit în doua tabere: terminațiile avortate care se uita la vloggeri wannabe pe YT și rămășițele unor ca***i cărora li s-au pus prea devreme telefoanele și tabletele în mână. Puneți în Paștele mamii voastre mana pe o carte și lăsați forumurile pentru băieții mari, pentru băieți mari.