Leaderboard

The vulnerability It is a known issue that Microsoft NTLM architecture has some failures, hash stealing is not something new, it is one of the first things a pentester tries when attacking a Microsoft environment. But, most of these techniques require user intervention or traffic interception to fulfill the attack. These new attacks require no user interaction, everything is done from the attacker’s side, but of course, there are some conditions that need to be met to be successful with this attack. Link articol: http://www.sysadminjd.com/adv170014-ntlm-sso-exploitation-guide/

Demo for us: byass ban restriction.

Salut, Cautam un Junior Penetration Tester/Ethical Hacker pentru a se alatura echipei noastre in Bucuresti. Daca vreti sa lucrati in echipa cu 3 membri RST ( @TheTime, @dancezar si eu), trimiteti-mi CV-ul prin PM. Pentru alte detalii (non-confidentiale) astept PM. Un profil oficial (general) al job-ului ar fi urmatorul: Job Brief We are looking for a Junior Penetration Tester to join our Penetration Testing team and work in our Lab in Bucharest. Responsibilities • Identify security vulnerabilities in web applications (e.g. Internet Banking web applications, e-commerce websites, web portals) • Conduct internal network penetration testing - simulate a malicious individual (e.g. guest, temporary personnel) who already has access to our client's internal network of our client. Starting only from a simple network port access, you should gain access to sensitive information from the client's internal network, gain Domain Admin access or reach other flags • Perform mobile application penetration tests on Android, iOS, or Windows applications • Exploit the identified vulnerabilities and identify specific, meaningful risk to clients based on industry and business focus • Write comprehensive reports including assessment-based findings, outcomes and recommendations for further security enhancement Requirements • Experience in identifying and reporting security vulnerabilities • Familiarity with web related technologies (Web applications, Web Services) and of network/web related protocols • Detailed technical knowledge of at least one of: software security, operating systems security, network security • Understanding of the latest security principles, techniques and protocols • Should have excellent English written and verbal skills • Bachelor’s degree in Computer Science or related field • Problem solving skills and ability to work under pressure • Should be able to work individually or as member of a team Benefits • Attractive salary package, including meal tickets and health insurance • Work with like-minded, driven and smart team members • Encouraged to perform research and participate at security conferences • Work flexibility • Private, dedicated workspace for security related projects

Most instant messaging applications are providing enriched link summaries (as shown next with Telegram link previews), including description and a preview image of the website. Depending on the implementation these nice-to-have features could become privacy intrusive: indeed, it might force your client into downloading some remote content from an untrusted third party, hence leaking your IP address and OS version (User-Agent). How does it work? The application (client side or server side) will grab the webpage and look for metadata through the Open Graph protocol. These are simple HTML tags included in the <head> section. Twitter Direct Messages When you share a URL to someone using Twitter DM, the server shall see at least two probes: one request coming from Twitter (AS13414) that will load the URL to get the card and, strangely, a second request coming from a Amazon EC2 server with a random mobile User-Agent. Most likely this is done to check for virus/phishing (Twitter will display a warning upon suspicious links on new messages). Privacy: URL is known to the server, no IP addresses leak (message isn’t E2E encrypted anyway) iMessages Upon sending a link, your mobile device will generate a preview card. All data appear to be processed locally from your device. The receiver will not grab the URL but will have the preview data, meaning either data is cached on Apple server, or data is directly sent to the receiver through the encrypted channel. Privacy: fair WhatsApp WhatsApp will have the same design as iMessage: the sender will generate the link preview (grabbing metadata from the URL) and send this data to the recipient through the server. This will occur even when end-to-end encryption is enabled but it doesn’t seem to violate E2E (URL is grabbed from the client, not the server). Privacy: fair Signal Signal does not have any enriched link preview, neither the client nor server are grabbing the URL. 👍 Privacy: good Telegram The Telegram mobile application will generate the preview server-side. From an app that claims to have E2E this is kind of a big issue. Privacy: URL is known to the server, no IP addresses leak Wire Wire will generate a preview locally (from your mobile device). Interestingly, the Wire web app (on desktop) won’t generate any preview. Worth pointing out you can disable link preview in the application settings, good move. Privacy: fair FB Messenger Facebook servers will grab the URL to display the preview card. Haven’t tested with Secret Conversations. Privacy: URL is known to the server, no IP addresses leak Skype Skype servers will generate the link preview as well. Privacy: URL is known to the server, no IP addresses leak Slack Slack app is generating the link preview server-side. Privacy: URL is known to the server, no IP addresses leak Discord Same thing with discord (tested on Discord web app). Privacy: URL is known to the server, no IP addresses leak Sursa: https://blog.0day.rocks/link-previews-in-im-apps-and-privacy-d32e6056095b

eVTOLs — flying vehicles with electric engine and vertical take-off and landing. Like drones, but bigger and capable to carry people. 18 companies are working on them. 3 have prototypes. Daimler Ventures, Boeing, Geely/Volvo, Tencent and Atomico Ventures are investing in the eVTOL production. Also there are other sides of the industry: chargers, landing pads, maintenance, mobile apps. We are going to make unified platform for all elements of this chain. Powered by blockchain and free for everyone. The problem appears, when you realize, that there are no standarts for interaction of all elements. What charger will support my eVTOL? Am I able to pay for them with USD? How much do I pay for the usage of landing pad? And what if I want to buy an eVTOL and use it as a taxi? McFly.aero makes all interactions between all elements transparent, simple and accessable for all. We will open the huge new market for entrepreneurs and passengers. At first we are going to spread eVTOLs in big cities — urbaners hate traffic jams and ready to use any method to avoid them. You can get more info here http://blockchain.aero/

Sa nu fie valabil doar pt blogspot, youtube

lol, 9 gager

@Nytro ai dat select in baza dupa IP ?

We are a group comprised of certified hackers, crackers and developers. we guarantee succcess in the job done as fast as possible and we provide of the job done ...we have an office and a return policy..all information will be giving to u ...Contact us Lulzsekshitinc@outlook.com or ICQ: 703232629 or WhatsApp: +14626660829 Skype:Lulzsekshitinc@outlook.com

thanks, that was helpful any way this is mobotak.com and its a company whom interested in tech and electronic gadgets.our company buy,sell and repair cell phones,tablets and computers ans so sell their accessories,if you have any questions about this kind of staff we will glad to help.