Leaderboard

Payloads All The Things A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I <3 pull requests Tools Kali Linux Web Developper Hackbar Burp Proxy Fiddler DirBuster GoBuster Knockpy SQLmap Nikto Nessus Recon-ng Wappalyzer Metasploit Docker docker pull remnux/metasploit - docker-metasploit docker pull paoloo/sqlmap - docker-sqlmap docker pull kalilinux/kali-linux-docker official Kali Linux docker pull owasp/zap2docker-stable - official OWASP ZAP docker pull wpscanteam/wpscan - official WPScan docker pull infoslack/dvwa - Damn Vulnerable Web Application (DVWA) docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image docker pull opendns/security-ninjas - Security Ninjas docker pull ismisepaul/securityshepherd - OWASP Security Shepherd docker-compose build && docker-compose up - OWASP NodeGoat docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application docker pull bkimminich/juice-shop - OWASP Juice Shop More resources Book's list: Web Hacking 101 OWASP Testing Guide v4 Penetration Testing: A Hands-On Introduction to Hacking The Hacker Playbook 2: Practical Guide to Penetration Testing The Mobile Application Hacker’s Handbook Black Hat Python: Python Programming for Hackers and Pentesters Metasploit: The Penetration Tester's Guide The Database Hacker's Handbook, David Litchfield et al., 2005 The Shellcoders Handbook by Chris Anley et al., 2007 The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009 The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 iOS Hackers Handbook by Charlie Miller et al., 2012 Android Hackers Handbook by Joshua J. Drake et al., 2014 The Browser Hackers Handbook by Wade Alcorn et al., 2014 The Mobile Application Hackers Handbook by Dominic Chell et al., 2015 Car Hacker's Handbook by Craig Smith, 2016 Blogs/Websites http://blog.zsec.uk/101-web-testing-tooling/ https://blog.innerht.ml https://blog.zsec.uk https://www.exploit-db.com/google-hacking-database https://www.arneswinnen.net https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102 Youtube Hunting for Top Bounties - Nicolas Grégoire BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén Practice Root-Me Zenk-Security W3Challs NewbieContest Vulnhub The Cryptopals Crypto Challenges Penetration Testing Practice Labs alert(1) to win Hacksplaining HackThisSite PentesterLab : Learn Web Penetration Testing: The Right Way Bug Bounty HackerOne BugCrowd Bounty Factory List of Bounty Program Sursa: https://github.com/swisskyrepo/PayloadsAllTheThings

slavco Aug 22 Wordpress SQLi There won’t be an intro, let us jump to the problem. This is the wordpress database abstraction prepare method code: public function prepare( $query, $args ) { if ( is_null( $query ) ) return; // This is not meant to be foolproof — but it will catch obviously incorrect usage. if ( strpos( $query, ‘%’ ) === false ) { _doing_it_wrong( ‘wpdb::prepare’, sprintf( __( ‘The query argument of %s must have a placeholder.’ ), ‘wpdb::prepare()’ ), ‘3.9.0’ ); } $args = func_get_args(); array_shift( $args ); // If args were passed as an array (as in vsprintf), move them up if ( isset( $args[0] ) && is_array($args[0]) ) $args = $args[0]; $query = str_replace( “‘%s’”, ‘%s’, $query ); // in case someone mistakenly already singlequoted it $query = str_replace( ‘“%s”’, ‘%s’, $query ); // doublequote unquoting $query = preg_replace( ‘|(?<!%)%f|’ , ‘%F’, $query ); // Force floats to be locale unaware $query = preg_replace( ‘|(?<!%)%s|’, “‘%s’”, $query ); // quote the strings, avoiding escaped strings like %%s array_walk( $args, array( $this, ‘escape_by_ref’ ) ); return @vsprintf( $query, $args ); } From the code there are 2 interesting unsafe PHP practices that could guide towards huge vulnerabilities towards wordpress system. Before we jump to the SQLi case I’ll cover another issue. This issue is rised from following functionality: if ( isset( $args[0] ) && is_array($args[0]) ) $args = $args[0]; This means that if you have something like this: $wpdb->prepare($sql, $input_param1, $sanitized_param2, $sanitized_param3); then if you control the $input_param1 e.g. is part of the $input_param1 = $_REQUEST[“input”], this means that you can add your own values for the remaining parameters. This could mean nothing in some cases, but in some cases could easy lead to RCE having on mind nature and architecture of the wp itself. SQLi vulnerability In order to achieve SQLi in wp framework based on this prepare method we must know how core PHP function of this method works. It is vspritfwhich is in fact sprintf. This means that $query is format string and $args are parameters => directives in the format string define how the args will be placed in the format string e.g. query. Very, very important feature of sprintf are swapping arguments :) As extra there we have the following lines of code: $query = str_replace( “‘%s’”, ‘%s’, $query ); // in case someone mistakenly already singlequoted it $query = str_replace( ‘“%s”’, ‘%s’, $query ); // doublequote unquoting e.g. will replace any %s into '%s'. From everything above we got following conclusion: If we are able to put into $query some string that will hold %1$%s then we can salute our SQLi => after prepare method is called then we will have an extra 'into query, because %1$%s will become %1$'%s' and after sprintf will become $arg[1]'. For now this is just theory and most probably improper usage of the prepare method, but if we find something interesting in the wp core than nobody could blame the lousy developers who don’t follow coding standards and recomendations from the API docs. Most interesting function is delete_metadata function and this function perform the desired actions from description above and when it is called with all of the 5 parameters set and $meta_value != “” and $delete_all = true; then we have our working POC e.g. if ( $delete_all ) { $value_clause = ‘’; if ( ‘’ !== $meta_value && null !== $meta_value && false !== $meta_value ) { $value_clause = $wpdb->prepare( “ AND meta_value = %s”, $meta_value ); } $object_ids = $wpdb->get_col( $wpdb->prepare( “SELECT $type_column FROM $table WHERE meta_key = %s $value_clause”, $meta_key ) ); } $value_clause will hold our input, but we need to be sure $meta_valuealready exists in the DB in order this SQLi vulnerable snippet is executed — remember this one. This delete_metadata function called with desired number of parameters is called in wp_delete_attachment function and this function is called in wp-admin/upload.php where $post_id_del input is value taken directly from $_REQUEST. Let us check the wp_delete_attachment function and its constraints before we reach the desired line e.g. delete_metadata( ‘post’, null, ‘_thumbnail_id’, $post_id, true );. The only obstacle that prevents this code to be executed is the following: if ( !$post = $wpdb->get_row( $wpdb->prepare(“SELECT * FROM $wpdb->posts WHERE ID = %d”, $post_id) ) ) return $post; but again due the nature of sprintf and %d directive we have bypass => attachment_post_id %1$%s your sql payload. Here I’ll stop for today (see you tomorrow with part 2: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e), because in order authenticated user that have permission to create posts to execute successful SQLi attack need to insert the attachment_post_id %1$%s your sql payload as _thumbnail_id meta value. Fast fix for this use case (if you allow `author` or bigger role to your wp setup): At the top of the wp_delete_attachment function, right after global $wpdb;add the following line: $post_id = (int) $post_id; Impact for the wp eco system This unsafe method have quite huge impact towards wp eco system. There are affected plugins. Some of them already were informed and patched their issues, some of them put credits, some not. Another ones have pushed `silent` patches, but no one cares regarding safety of all. In the next writings of this topic I’ll release most common places/practices where issues like this ones occurs and will release the vulnerable core methods beside pointed one, so everyone can help this issue being solved. Responsible disclosure This approach is more than responsible disclosure and I’ll reffer to the paragraph for the impact and this H1 report https://hackerone.com/reports/179920 Promo If you are wp developer or wp host provider or wp security product provider with valuable list of clients, we offer subscription list and we are exceptional (B2B only). Sursa: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94

Publicat pe 28 sept. 2014 Bitcoins are mined using a cryptographic algorithm called SHA-256. This algorithm is simple enough to be done with pencil and paper, as I show in this video. Not surprisingly, this is a thoroughly impractical way to mine. One round of the algorithm takes 16 minutes, 45 seconds which works out to a hash rate of 0.67 hashes per day.

Assamblare Nou: cursuri (doc) de la facultate, EASY ASM Lungu+Musca Slide Arhitectura Slide Arhitectura: Name ------------------------------------------------------ APEL.doc ASSAMBLE.DOC BIBLIOGRAFIE.doc Cuprins Curs ARHI.doc Cursul 1 Introducere.ppt Cursul 1 Introducerei.ppt Cursul 1.doc Cursul 10 Interfata seriala si paralela.ppt Cursul 10.doc Cursul 12 Dispozitive secundare de stocare.ppt Cursul 12.doc Cursul 2 Registrele CPU 8086 si Moduri de adresare.ppt Cursul 2.doc Cursul 3 Instructiuni.ppt Cursul 3.doc Cursul 4 Servicii BIOS&DOS.ppt Cursul 4.doc Cursul 5 Moduri VIDEO.ppt Cursul 5.doc Cursul 6 Programe in limbaj de asamblare.ppt Cursul 6.doc Cursul 7 Tehnici IO.ppt Cursul 7.doc Cursul 8 Circuite Timer_Counter.ppt Cursul 8.doc Cursul 9 Hotkeys_Clock Ticks si TSR.ppt Cursul 9.doc desene.doc MACROMUS.WPD Moduri de adresare.doc Programul DEBUG.doc ------------------------------------------------------ 31 Files - 13.564 MB Download link: http://www59.zippyshare.com/v/EMelR8TF/file.html

See you in November at DefCamp 2017 Want to experience a conference that offers outstanding content infused with a truly cyber security experience? For two days (November 9th-10th) Bucharest will become once again the capital of information security in Central & Eastern Europe hosting at DefCamp more than 1,300 experts, passionate and companies interested to learn the “what” and “how” in terms of keeping information & infrastructures safe. Now it’s getting really close: this year's conference is only months away, and that means very early bird tickets are now available. Register Now at DefCamp 2017 (50% Off) What can you expect from the 2017 edition? 2 days full of cyber (in)security topics, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements 3 stages hosting over 35 international speakers and almost 50 hours of presentations Hacking Village hosting more than 10 competitions where you can test your skills or see how your technology stands 1,300 attendees with a background in cyber security, information technology, development, management or students eager to learn How to get involved? Speaker: Call for Papers & Speakers is available here. Volunteer: Be part of DefCamp #8 team and see behind the scene the challenges an event like this can have. Partner: Are you searching opportunities for your company? Become our partner! Hacking Village: Do you have a great idea for a hacking or for a cyber security contest? Consider applying at the Hacking Village Call for Contests. Attendee: Register at DefCamp 2017 right now and you will benefit of very early bird discounts. Register Now at DefCamp 2017 (50% Off) Use the following code to get an extra 10% discount of the Very Early Bird Tickets by June 27th. This is the best price you will get for 2017 edition. Code: DEFCAMP_2017_VEB_10 Website: https://def.camp/

Gmail oferă posibilitatea de a avea adresa personală cu punct sau fără (mai multe info aici). Prin scriptul următor se pot genera toate combinaţiile posibile pentru un ID dat. <?php /* Generate all combinations for a gmail username Author: Dragos <dragos@interinfo.ro> */ $input = "person"; $emails = generate_gmail($input); foreach($emails as $email) echo $email . "\n"; function generate_gmail($string) { $chars = str_split($string); $input = array(); for($i=0;$i<count($chars)-1;$i++) $input[] = array($chars[$i], $chars[$i] . "."); $input[] = array($chars[count($chars)-1]); $result = array(); foreach ($input as $key => $values) { if (empty($values)) continue; if (empty($result)) { foreach($values as $value) $result[] = array($key => $value); }else{ $append = array(); foreach($result as &$product) { $product[$key] = array_shift($values); $copy = $product; foreach($values as $item) { $copy[$key] = $item; $append[] = $copy; } array_unshift($values, $product[$key]); } $result = array_merge($result, $append); } } $final = array(); foreach($result as $res) $final[] = implode("",$res) . "@gmail.com"; return $final; }

Do you believe that just because you have downloaded an app from the official app store, you're safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones. Dubbed WireX, detected as "Android Clicker," the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks. Researchers from different Internet technology and security companies—which includes Akamai, CloudFlare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru—spotted a series of cyber attacks earlier this month, and they collaborated to combat it. Although Android malware campaigns are quite common these days and this newly discovered campaign is also not that much sophisticated, I am quite impressed with the way multiple security firms—where half of them are competitors—came together and shared information to take down a botnet. WireX botnet was used to launch minor DDoS attacks earlier this month, but after mid-August, the attacks began to escalate. The "WireX" botnet had already infected over 120,000 Android smartphones at its peak earlier this month, and on 17th August, researchers noticed a massive DDoS attack (primarily HTTP GET requests) originated from more than 70,000 infected mobile devices from over 100 countries. If your website has been DDoSed, look for the following pattern of User-Agent strings to check if it was WireX botnet: After further investigation, security researchers identified more than 300 malicious apps on Google’s official Play Store, many of which purported to be media, video players, ringtones, or tools for storage managers and app stores, which include the malicious WireX code. Just like many malicious apps, WireX apps do not act maliciously immediately after the installation in order to evade detection and make their ways to Google Play Store. Instead, WireX apps wait patiently for commands from its command and control servers located at multiple subdomains of "axclick.store." Google has identified and already blocked most of 300 WireX apps, which were mostly downloaded by users in Russia, China, and other Asian countries, although the WireX botnet is still active on a small scale. If your device is running a newer version of the Android operating system that includes Google's Play Protect feature, the company will automatically remove WireX apps from your device, if you have one installed. Play Protect is Google's newly launched security feature that uses machine learning and app usage analysis to remove (uninstall) malicious apps from users Android smartphones to prevent further harm. Also, it is highly recommended to install apps from reputed and verified developers, even when downloading from Google official Play Store and avoid installing unnecessary apps. Additionally, you are strongly advised to always keep a good antivirus app on your mobile device that can detect and block malicious apps before they can infect your device, and always keep your device and apps up-to-date. Android malware continues to evolve with more sophisticated and never-seen-before attack vectors and capabilities with every passing day. Just at the beginning of this week, Google removed over 500 Android apps utilising the rogue SDK—that secretly distribute spyware to users—from its Play Store marketplace. Last month, we also saw first Android malware with code injecting capabilities making rounds on Google Play Store. A few days after that, researchers discovered another malicious Android SDK ads library, dubbed "Xavier," found installed on more than 800 different apps that had been downloaded millions of times from Google Play Store.

aveti ceva de ras ?? postati aici incep eu LISTA de messenger a lui GIGI Becali

Salutări, Zilele trecute am făcut un audit pe o aplicaţie şi am descoperit o vulnerabilitate destul de interesantă, aşa că am zis să fac un web challenge pe partea asta. Scenariu Un programator a creat scriptul următor PHP care cere o parolă pentru a vedea conţinutul privat al site-ului: <?php $mysql = mysqli_connect("","","","") or die("Conexiune esuata la baza de date."); $par = htmlentities($_GET['par'],ENT_QUOTES); if(strlen($par) > 0) { $sql = $mysql->query("select * from passwords where password='$par'"); if($sql->num_rows > 0) { //continut privat }else{ echo "Parola nu a fost gasita in baza de date."; } }else{ echo "Se asteapta parola in parametrul GET <strong>par</strong>."; } După terminarea scriptului, el a adăugat în MySQL comanda următoare, uitând să completeze câmpul de parolă: INSERT INTO `passwords` (`ID`, `password`) VALUES (1, ''); În final, programatorul a făcut publică aplicaţia la adresa următoare: http://dragos.interinfo.ro/rst/chall/ Cerinţă Scopul exerciţiului este ca să treceţi de filtrările PHP şi să afişaţi conţinutul privat. Detalii tehnice scriptul este acelaşi şi pe host userul MySQL are doar drept de select şi are acces doar pe baza de date dedicată exerciţiului După ce aţi rezolvat Trimiteţi-mi un PM cu mesajul afişat în cadrul conţinutului privat şi linkul final şi vă voi adăuga în lista de mai jos. Cine a rezolvat până acum: - adicode - aleee - caii - dancezar - DLV - Gecko - Hertz - kandykidd - Matasareanu - Nytro - Pintilei - pr00f - Silviu - Sim Master - SirGod - theandruala - u0m3 - xenonxsc - yukti

Un articol interesant ce descrie relativ detaliat modul de functionare al sistemelor auxiliare dintr-un PC modern, cu accent pe modul de functionare al Intel Management Engine si cum poate fi dezactivat acesta. Conform articolului, este primul capitol dintr-o serie. Articol: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

BASELINE – SANS & Offensive-Security am gasit linkul asta, dar nu stiu cat e de sigur. Nu am reusit sa descarc nimic inca. http://fullsoftshare.com/2017/07/28/baseline-sans-offensive-security/ Published July 28, 2017 by fssuploader BASELINE – SANS & Offensive-Security BASELINE - SANS & Offensive-Security BASELINE – SANS & Offensive-Security File size: 85 GB The SANS Institute (officially the Escal Institute of Advanced Technologies) is a private U.S. for-profit company founded in 1989 that specializes in information security and cybersecurity training. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and audit. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The Institute has been recognized for its training programs and certification programs. SANS stands for SysAdmin, Audit, Network and Security. BASELINE – SANS & Offensive-Security SANS Programs The SANS Institute sponsors the Internet Storm Center, an internet monitoring system staffed by a global community of security practitioners, and the SANS Reading Room, a research archive of information security policy and research documents. SANS is one of the founding organizations of the Center for Internet Security. SANS offers news and analysis through Twitter feeds and e-mail newsletters. Additionally, there is a weekly news and vulnerability digest available to subscribers. SANS training When originally organized in 1989, SANS training events functioned like traditional technical conferences showcasing technical presentations. By the mid-1990s, SANS offered events which combined training with tradeshows. Beginning in 2006, SANS offered asynchronous online training (SANS OnDemand) and a virtual, synchronous classroom format (SANS vLive). Free webcasts and email newsletters (@Risk, Newsbites, Ouch!) have been developed in conjunction with security vendors. The actual content behind SANS training courses and training events remain “vendor-agnostic.” Vendors cannot pay to offer their own official SANS course, although they can teach a SANS “hosted” event via sponsorship. In 1999, the SANS Institute formed Global Information Assurance Certification (GIAC), an independent entity that grants certifications in information security topics. It has developed and operates NetWars, a suite of interactive learning tools for simulating scenarios such as cyberattacks. NetWars is in use by the US Air Force and the US Army. SANS Technology Institute As of 2006 SANS established the SANS Technology Institute, a graduate school based on SANS training and GIAC certifications. On November 21, 2013, SANS Technology Institute was granted regional accreditation by the Middle States Commission on Higher Education. SANS Technology Institute focuses exclusively on cybersecurity, offering two Master of Science degree programs (in Information Security Engineering (MSISE) and Information Security Management (MSISM)), and four post-baccalaureate certificate programs (Penetration Testing & Ethical Hacking, Incident Response, Cyber Defense Operations, and Cybersecurity Engineering (Core)). SANS continues to offer free security content via the SANS Technology Institute Leadership Lab and IT/Security related leadership information. BASELINE – SANS & Offensive-Security Download Rapidgator.net Offensive-Security - 101.tar.gz Offensive-Security - AWE - Advanced Windows Exploitation 1.1.tar.gz Offensive-Security - AWE - Advanced Windows Exploitation 2.0.tar.gz Offensive-Security - CTP - Cracking the Perimeter 1.0.tar.gz Offensive-Security - OSWP - WiFu.tar.gz Offensive-Security - PWB - Penetration Testing with Backtrack.tar.gz Offensive-Security - PWK - Penetration Testing with Kali.tar.gz SANS 401 - Security Essentials Bootcamp Style.tar.gz SANS 408 - Windows Forensic Analysis.tar.gz SANS 410 - ICS & SCADA Security Essentials.tar.gz SANS 414 - Training Program for CISSP Certification.tar.gz SANS 502 - Perimeter Protection In-Depth.tar.gz SANS 503 - Intrusion Detection In-Depth.tar.gz SANS 504 - Hacker Tools, Techniques, Exploits, and Incident Handling.tar.gz SANS 505 - Sans Securing Windows with PowerShell.tar.gz SANS 506 - Securing Linux & UNIX.tar.gz SANS 507 - Auditing & Monitoring Networks, Perimeters & Systems.tar.gz SANS 508 - Advanced Digital Forensics and Incident Response.tar.gz SANS 509 - Securing Oracle Database.tar.gz SANS 511 - Continuous Monitoring and Security Operations.tar.gz SANS 512 - Security Leadership Essentials for Managers.tar.gz SANS 517 - Cutting Edge Hacking Techniques.tar.gz SANS 518 - Mac Forensic Analysis.tar.gz SANS 524 - Cloud Security Fundamentals.tar.gz SANS 526 - Memory Forensics In-Depth.tar.gz SANS 531 - Windows Command Line Kung Fu.tar.gz SANS 542 - Web App Penetration Testing and Ethical Hacking.tar.gz uploading . . . UploadGiG.com Offensive-Security - 101.tar.gz Offensive-Security - AWE - Advanced Windows Exploitation 1.1.tar.gz Offensive-Security - AWE - Advanced Windows Exploitation 2.0.tar.gz Offensive-Security - CTP - Cracking the Perimeter 1.0.tar.gz Offensive-Security - OSWP - WiFu.tar.gz Offensive-Security - PWB - Penetration Testing with Backtrack.tar.gz Offensive-Security - PWK - Penetration Testing with Kali.tar.gz SANS 401 - Security Essentials Bootcamp Style.tar.gz SANS 408 - Windows Forensic Analysis.tar.gz SANS 410 - ICS & SCADA Security Essentials.tar.gz SANS 414 - Training Program for CISSP Certification.tar.gz SANS 502 - Perimeter Protection In-Depth.tar.gz SANS 503 - Intrusion Detection In-Depth.tar.gz SANS 504 - Hacker Tools, Techniques, Exploits, and Incident Handling.tar.gz SANS 505 - Sans Securing Windows with PowerShell.tar.gz SANS 506 - Securing Linux & UNIX.tar.gz https://uploadgig.com/file/download/975524f2B073d2cF/SANS 506 - Securing Linux UNIX.part1.rar https://uploadgig.com/file/download/877882ab1378a1a0/SANS 506 - Securing Linux UNIX.part2.rar https://uploadgig.com/file/download/dcADBc7114aad38b/SANS 506 - Securing Linux UNIX.part3.rar https://uploadgig.com/file/download/Dbe9Ab046178f56a/SANS 506 - Securing Linux UNIX.part4.rar https://uploadgig.com/file/download/1f3f0e77c76cddd6/SANS 506 - Securing Linux UNIX.part5.rar https://uploadgig.com/file/download/8c1b772C1222Ac73/SANS 506 - Securing Linux UNIX.part6.rar https://uploadgig.com/file/download/fb0fc2E40868D54f/SANS 506 - Securing Linux UNIX.part7.rar SANS 507 - Auditing & Monitoring Networks, Perimeters & Systems.tar.gz https://uploadgig.com/file/download/BD8c8f0218738304/SANS 507 - Auditing Monitoring Networks Perimeters Systems.part1.rar https://uploadgig.com/file/download/Eb50aba295106d91/SANS 507 - Auditing Monitoring Networks Perimeters Systems.part2.rar https://uploadgig.com/file/download/fd70Aa1DaeA60d17/SANS 507 - Auditing Monitoring Networks Perimeters Systems.part3.rar https://uploadgig.com/file/download/f22154242eb4bf1A/SANS 507 - Auditing Monitoring Networks Perimeters Systems.part4.rar SANS 508 - Advanced Digital Forensics and Incident Response.tar.gz https://uploadgig.com/file/download/2b4E28ce70B4D65a/SANS 508 - Advanced Digital Forensics and Incident Response.part1.rar https://uploadgig.com/file/download/052a3D9165f5cbed/SANS 508 - Advanced Digital Forensics and Incident Response.part2.rar https://uploadgig.com/file/download/34AEcA71c483fe15/SANS 508 - Advanced Digital Forensics and Incident Response.part3.rar https://uploadgig.com/file/download/d09D89e63a1e9C6F/SANS 508 - Advanced Digital Forensics and Incident Response.part4.rar https://uploadgig.com/file/download/0ae477221beC1d39/SANS 508 - Advanced Digital Forensics and Incident Response.part5.rar https://uploadgig.com/file/download/69a7C0Ee66d2a7f3/SANS 508 - Advanced Digital Forensics and Incident Response.part6.rar SANS 509 - Securing Oracle Database.tar.gz SANS 511 - Continuous Monitoring and Security Operations.tar.gz SANS 512 - Security Leadership Essentials for Managers.tar.gz SANS 517 - Cutting Edge Hacking Techniques.tar.gz SANS 518 - Mac Forensic Analysis.tar.gz SANS 524 - Cloud Security Fundamentals.tar.gz SANS 526 - Memory Forensics In-Depth.tar.gz SANS 531 - Windows Command Line Kung Fu.tar.gz SANS 542 - Web App Penetration Testing and Ethical Hacking.tar.gz https://uploadgig.com/file/download/409b75588e220737/SANS 542 - Web App Penetration Testing and Ethical Hacking.part1.rar https://uploadgig.com/file/download/c42A296e4Ed08fb5/SANS 542 - Web App Penetration Testing and Ethical Hacking.part2.rar https://uploadgig.com/file/download/cf4e28bE56c331b9/SANS 542 - Web App Penetration Testing and Ethical Hacking.part3.rar https://uploadgig.com/file/download/800cb7d93020cFbE/SANS 542 - Web App Penetration Testing and Ethical Hacking.part4.rar uploading . . .

Incercam sa fiu delicat. De curiozitate, ce recomanda ca masura de siguranta cand firewall-ul ruleaza pe un procesor Intel?

"As a temporary mitigation while waiting for patches, disable AMT where you can. Start from the most critical servers: Active Directory, certificate authorities, critical databases, code signing servers, firewalls, security servers, HSMs (if they have it enabled). For data centers, if you can, block ports 16992, 16993, 16994, 16995, 623, 664 in internal firewalls now." Sursa: https://www.ssh.com/vulnerability/intel-amt/

Pune in perspectiva un S9 care baga (in conditii optime) 14TH/s...

Incearca https://btdb.unblocked.bid/torrent/dlzj16QNjOIrGQY36WZGUoZJlx3EjQU0vYb.html

Mai sunt conturi de vanzare ?

Cum am spus. E safe sa descarci arhive. In special ce e pe google drive, megaupload etc. (daca exista probleme de copyright site-ul care hosteaza fisierul e responsabil). E ok sa vezi filme online etc. Pt torente iti recomand VPN. (pt un torent tu descarci dar si incarci inapoi fisierele catre alti utilizatori, deci esti responsabil pt copyright)

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads. Features: Built with Amazon Web Services (AWS): An AWS account is all you need to deploy BinaryAlert. Broad YARA Support: Add your own YARA rules and/or automatically clone them from third-party repos. PE, math, and hash YARA modules are supported. Real-Time: Files uploaded to BinaryAlert (S3 bucket) are immediately queued for analysis. Serverless: All computation is handled by Lambda functions. No servers to manage means stronger security and automatic scaling! Infrastructure-as-Code: The entire infrastructure is described with Terraform configuration files, enabling anyone to deploy BinaryAlert in a matter of minutes with a single command. Retroactive Analysis: After updating the YARA ruleset, BinaryAlert will retroactively scan the entire file corpus to find any new matches. Easily Configurable: BinaryAlert configuration is managed in a single Terraform variables file. Quality Code: Written in Python3 with unit tests and linting to ensure a clean and reliable codebase. Low Cost: The AWS bill is based only on how many files are analyzed. Quick Start: Install dependencies Install Python3.6, pip3, virtualenv, and Terraform. Create a virtual environment: virtualenv -p python3 venv Activate the virtual env: source venv/bin/activate Install third-party libraries: pip3 install -r requirements.txt If the installation encounters problems finding openssl.h, try export CFLAGS='-I/usr/local/opt/openssl/include' before the install. Configure settings Set your AWS credentials using any method supported by Terraform. The two simplest options are to run aws configure (saves ~/.aws/credentials file) or export AWS_DEFAULT_REGION="region-name" export AWS_ACCESS_KEY_ID="access-key" export AWS_SECRET_ACCESS_KEY="secret-key" Fill out the base configuration options in terraform.tfvars Deploy: python3 manage.py deploy In order to receive YARA match alerts, you must manually subscribe to the generated SNS topics. Go to the SNS console and add a subscription to the *_binaryalert_yara_match_alerts topic (which receives YARA match alerts) and the *_binaryalert_metric_alarms topic (which receives CloudWatch alerts if the service is down). SNS supports a variety of subscription endpoints, including email and SMS. SNS subscriptions must be confirmed by the destination, which is why this step can't be automated by Terraform. That's it! Now any file you upload to the BinaryAlert S3 bucket will automatically trigger YARA analysis and you can rest easier knowing that your files are safe. CLI Tool: manage.py: For simplicity, BinaryAlert management commands are bundled together in manage.py. Usage: python3 manage.py [--help] [command] YARA RULES: YARA rules are stored in the rules/ folder. See rules/README.md for more information about adding and updating YARA rules. Architecture: The organization collects files and delivers them to their BinaryAlert S3 bucket. Files of interest could include executable binaries, email attachments, documents, etc. Every file uploaded to the S3 bucket is immediately queued for analysis. A dispatching Lambda function runs every minute, grouping files into batches and invoking up to dozens of analyzers in parallel. Each analyzer scans its files using a list of pre-compiled YARA rules. YARA matches are saved to DynamoDB and an alert is sent to an SNS topic. We use StreamAlert to dispatch these alerts, but other organizations can instead consume the alerts via email or any other supported SNS subscription. For retroactive analysis, a batching Lambda function enqueues the entire S3 bucket to be re-analyzed. Configurable CloudWatch alarms will trigger if any BinaryAlert component is behaving abnormally. This will notify a different SNS topic than the one used for YARA match alerts. Updating Pip Packages: The exact pip3 package versions used are frozen in requirements.txt. However, to make upgrading packages easier, requirements_top_level.txt contains only the top-level packages required by BinaryAlert. To upgrade the package requirements, pip3 install -r requirements_top_level.txt --upgrade pip3 freeze > requirements.txt Directory Overview: lambda_functions: Source code for each BinaryAlert Lambda function. rules: Collection of public and private YARA rules. terraform: AWS infrastructure represented as Terraform configuration files. tests: Unit tests amd mocks. Links: Announcement Post Twitter (unofficial) Slack (unofficial) Download binaryalert-master.zip Source: https://github.com/airbnb/binaryalert

hcpxread is an interactive tool made to view, parse, and export .hccapx files. You can learn more about the HCCAPX format from the official docs. Long story short, Features Interactive menu Reads and outputs AP data Shows summary of the loaded access points Usage $ go get github.com/vlad-s/hcpxread $ hcpxread _ _ | |__ ___ _ ____ ___ __ ___ __ _ __| | | '_ \ / __| '_ \ \/ / '__/ _ \/ _` |/ _` | | | | | (__| |_) > <| | | __/ (_| | (_| | |_| |_|\___| .__/_/\_\_| \___|\__,_|\__,_| |_| Usage of hcpxread: -capture file The HCCAPX file to read -debug Show additional, debugging info Note: debugging will disable clearing the screen after an action. Example $ hcpxread -capture wpa.hccapx INFO[0000] Opened file for reading name=wpa.hccapx size="6.5 KB" INFO[0000] Searching for HCPX headers... INFO[0000] Finished searching for headers indexes=17 INFO[0000] Summary: 17 networks, 0 WPA/17 WPA2, 16 unique APs 1. [WPA2] XXX B0:48:7A:BF:07:A4 2. [WPA2] XXXXX 08:10:77:5B:AC:ED ... 17. [WPA2] XXXXXXXXXX 64:70:02:9E:4D:1A 99. Export 0. Exit network > 1 Key Version |ESSID |ESSID length |BSSID |Client MAC WPA2 |XXX |3 |B0:48:7A:BF:07:A4 |88:9F:FA:89:10:2E Handshake messages |EAPOL Source |AP message |STA message |Replay counter match M1 + M2 |M2 |M1 |M2 |true ... Asciicast https://asciinema.org/a/H4pUedh9z9sLHH5iZuWouxeZU Github https://github.com/vlad-s/hcpxread

Nu ai ce face cu lista e plină de minori

@aelius

R is a language and environment for statistical computing and graphics. It is a GNU project which is similar to the S language and environment which was developed at Bell Laboratories (formerly AT&T, now Lucent Technologies) by John Chambers and colleagues. R can be considered as a different implementation of S. There are some important differences, but much code written for S runs unaltered under R. R provides a wide variety of statistical (linear and nonlinear modelling, classical statistical tests, time-series analysis, classification, clustering, …) and graphical techniques, and is highly extensible. The S language is often the vehicle of choice for research in statistical methodology, and R provides an Open Source route to participation in that activity. One of R’s strengths is the ease with which well-designed publication-quality plots can be produced, including mathematical symbols and formulae where needed. Great care has been taken over the defaults for the minor design choices in graphics, but the user retains full control. R is available as Free Software under the terms of the Free Software Foundation’s GNU General Public License in source code form. It compiles and runs on a wide variety of UNIX platforms and similar systems (including FreeBSD and Linux), Windows and MacOS. In this introduction to R, you will master the basics of this beautiful open source language, including factors, lists and data frames. With the knowledge gained in this course, you will be ready to undertake your first very own data analysis. With over 2 million users worldwide R is rapidly becoming the leading programming language in statistics and data science. Every year, the number of R users grows by 40% and an increasing number of organizations are using it in their day-to-day activities. Leverage the power of R by completing this free R online course today! Link: https://www.datacamp.com/courses/free-introduction-to-r?utm_source=fb_paid&utm_medium=fb_desktop&utm_campaign=fb_ppa

Dap ți-am dat pm

Mai vinde cineva conturi de FB ?

E legal sa descarci aproape orice. Stream de filme, jocuri, porno. Amenda primesti daca incarci materiale piratate (redistribuire). Torentele fac seed automat(trimit materialele catre alti useri). Daca incarci(seed) un torent care a fost marcat de catre ISP sistemul se sesizeaza automat si iti trimite amenda. Solutie: 1.Evita torentele si uploadul de fisiere "piratate".(in special torentele publice sunt marcate repede, cele private sunt mai ok) 2.Daca descarci torente nu fa seed(chiar daca e rau pt torent). exista o optiune pt upload speed 0kb/s; si poreste encrypted packets. 3. Foloseste un VPN care incurajeaza P2P. (ex CyberGhost) Iti scade viteza de download dar esti 99% sigur.

Author: @dronesec and @breenmachine Article: https://foxglovesecurity.com/2017/08/25/abusing-token-privileges-for-windows-local-privilege-escalation/ Skip to content Blog About FoxGlove Security The Team Posted onAugust 25, 2017 Abusing Token Privileges For Windows Local Privilege Escalation By @dronesec and @breenmachine This a project my friend drone <@dronesec> and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we’re going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some of my previous work on “Rotten Potato” this might sound familiar, however drone and I took this 10 steps further. In this post I’m simply going to be providing a summary of the work. The full article and all associated code can be found at: https://github.com/hatRiot/token-priv. This post is going to be broken into two sections, the first for penetration testers and red teamers, and the second for exploit developers. For the Red Team Like the “Rotten Potato” project, this project will be useful for penetration testing and red team scenarios where an attacker has gained access to a non-administrative service account and is looking to elevate privileges to “SYSTEM”. If you recall from the “Rotten Potato” project, in order for the original attack to work, your account needed to have the “SeImpersonatePrivilege”, or “SeAssignPrimaryPrivilege”. Drone and I decided to look at what other privileges could be abused to gain SYSTEM level access and were able to find a whole collection of them! If this is where your interest lies, feel free to skip to sections 3.1 and 3.3 of the paper linked above and take a look at the published code. Each of the modules is associated with a specific privilege and will get you SYSTEM level access or something almost as good. Here is the list of privileges that we were able to abuse: SeImpersonatePrivilege SeAssignPrimaryPrivilege SeTcbPrivilege SeBackupPrivilege SeRestorePrivilege SeCreateTokenPrivilege SeLoadDriverPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege From a penetration testing perspective, simply type “whoami /priv” at a Windows command prompt. If you have one of the above privileges, you win. It may be beneficial to hunt for specific service accounts that have these privileges. For example if you can gain access to the Backup service account, it will almost certainly have the SeBackupPrivilege and SeRestorePrivilege. Gaining access to these service accounts can be accomplished in a number of ways including the following: The service itself is compromised through some vulnerability. Typical scenarios include web application vulnerabilities which allow execution in the context of the account running IIS, and SQL injection vulnerabilities where XP_CMDSHELL can be used to run code in the context of the SQL service account. Service account credentials are leaked in some way. Kerberoast style attacks. A Kerberos ticket is requested for the target account from the domain controller. Part of this ticket is encrypted using the target account’s password hash. This can be efficiently cracked offline to yield the account password. Forcing NTLM negotiation. For example, with a backup service, if you were to force it to backup an SMB share that is served up by Responder.py. As always, you may need to be creative here. For further details, please see the paper in the GitHub repository https://github.com/hatRiot/token-priv. For the Exploit Devs This project was originally conceived by drone as a tool for exploit developers to greatly simplify the exploitation of partial write vulnerabilities. Partial write vulnerabilities are those where we can write something to a chosen location in memory, however we may not control the value being written. The idea here is to abuse the partial write to flip some bits in your users token, thus enabling one of the exploitable privileges. From this point forward, the “exploitation” of the vulnerability involves abusing intended (albeit undocumented) behavior of a series of Windows API calls. The advantage of this type of strategy for abusing partial writes is that it evades all of the new kernel exploit mitigations! Drone shows in the paper how he was able to greatly simplify the exploits for some recent partial write vulnerabilities. The other great thing is that the exploit code is completely portable. Once the right bits are flipped in the token, the exploit developer needs only to run one of the modules from our project. For further details, please see the paper in the GitHub repository https://github.com/hatRiot/token-priv.

Vand cont de F.B. 5000+ de prieteni creat in ianuarie 2015 in ultimele 24 de ore am primit 3000 de cereri de prietenie contu are potential maxim prieteni majoritatea romani ! P.M pe cine intereseaza !

UPDATE : Cont FB 2500+ prieteni Pm oferte

https://twitter.com/makassarhack repository: http://repo.meh.or.id/ while dorking gasit, postat: https://blkbx.info/Downloads/MEGA/CyberSec/

mai am eu niste conturi in plus, sunt cu activitate zilnica de peste un an.. iar pretul pleaca de la 10€/ cont

:@ :@ :@ :@ tare

chiar nu stie nimeni sa seteze sitemu api bitcoin