Leaderboard

Gata cu injuraturile. Am crescut si eu in Romania printre incompetenti cu nasul pe sus. Daca futi calculatoarele nu dovedesti ca esti destept sau bun sau inteligent. Crezi ca esti asa destept, du-te la director/informaticieni si ajuta-i sa seteze toata infrastructura. Am si o lista daca nu stii de unde sa incepi: 1. fa un site pt scoala ta. Si arata-i directorului/profilor. (gratis) 2. Fa o aplicatie care sa ii ajute pe elevi sau pe profesori. (Ca sa stii ce ii ajuta trebuie sa faci o analiza a nevoilor, sa identifici un process business care poate fi imbunatatit, documentezi, codezi, testezi) Adica aplici metode de inginerie software. 3. Pune la punct infrastructura de comunicatii a scolii. Vezi ce pachete sunt, routere, firewalluri, chokepoints, cache. Fa un powerpoint cu o metoda de imbunatatie si cum/de ce trebuie facute ce schimbari. Asa poate ai castiga respectul lor si ai demonstra ca esti destept si civilizat.

Pentru ce toate cacaturile astea? Esti copil copac? Inteleg ca esti inca la scoala si esti copil, dar si copac?

Am si eu un fix pe care-l tot repet (aproape) cu fiecare ocazie si anume: Nu invata mot a mot un limbaj, invata sa faci algoritmi, mai degraba incepe cu definita algoritmului in sine. Era si o provocare careia i-am uitat denumirea (daca stie cineva, rog sa posteze) ce iti oferea ca task scrierea unui program (simplut) cap-coada fara a te folosi de array (nici macar functii specifice), for, while si mai erau. In schimb aveai voie sa iti creezi propriile functii for(), while(), array etc astfel ajungeai inevitabil sa te folosesti de recursivitate, sa abordezi un anume mod de organizare, sa iti scrii si o mini documentatie chiar.

Spuse el fioros in timp ce incerca sa sparga contul fostei sotii. Ti-as atrage atentia ca ce incerci sa faci este ilegal, dar am impresia ca nu este teritoriu necunoscut pentru tine - nu-i asa, Stefan? In alta ordine de idei, a observat cineva ce orientare homosexuala au injuraturile in Romana?

Hive Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware. Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA. Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'. The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users. Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated. The documentation for Hive is available from the WikiLeaks Vault7 series. Source: wikileaks.org

Te-ai gandit putin la faptul ca primesti ce primesti datorita faptului ca astepti sa te educe o comunitate de straini? (multi fiind probabil de o varsta cu tine) Cei de aici nu iti pot substitui parintii si nici oferi atentia dupa care vad ca tanjesti. Daca nu esti copac, poti citi printre randuri si actiona in consecinta. Spor!

Fix

O lista cu câteva zeci de metode de bypass pentru AppLocker. Se actualizează constant. Link: https://github.com/api0cradle/UltimateAppLockerByPassList

RST a fost mentionat in (cel putin) doua dintre prezentarile de la Defcamp: - @TheTime - @Matasareanu

Salut! Ma numesc Iulian, am 16 ani. Interesat de domeniul programarii si al securitatii. Am cateva proiecte personale: O aplicatie C# cu ceva simplu de Logare/Inregistrare, un keylogger indetectabil(cel putin asa imi zice propriul meu antivirus) in C++, un plugin in Java facut pentru un joc. Sunt aici sa invat mai multe despre securitate.

E vorba de algoritmica. Citeste despre recursivitate si invata lucrul cu variabile cat de bine posibil. http://info.tm.edu.ro:8080/~junea/cls 10/recursivitate/recursivitate.pdf

Daca vrei sa dovedesti ca esti mai destept ca ei o poti face cu creierul, insa, avand in vedere ca ai venit sa ceri sfaturi aici ca sa faci un cacat cred ca nu prea ai.

NordVPN https://nordvpn.com/en/order/?2year&coupon=2YDeal2017

Ce sa faca si aia, saraca, daca astuia ii plac baietii.. si-a cautat si ea pe altul ca, deh, beauty fades - dumb is forever.

@Che pana si Fiverr-ul are oameni care fac traduceri din Engleza sau alte limbi in Romana... de aici deduci tu..

ClickHouse is an open source column-oriented database management system capable of real time generation of analytical data reports using SQL queries. Blazing Fast Linearly Scalable Hardware Efficient Fault Tolerant Feature Rich Highly Reliable Simple and Handy ClickHouse. Just makes you think faster. Run more queries in the same amount of time Test more hypotheses Slice and dice your data in many more new ways Look at your data from new angles Discover new dimensions Read more... Download: ClickHouse-master.zip or git clone https://github.com/yandex/ClickHouse.git Sources: https://clickhouse.yandex/ https://github.com/yandex/ClickHouse/

Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device without requiring Macros enabled or memory corruption. DDE protocol is one of the several methods that Microsoft uses to allow two running applications to share the same data. The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another. Soon after the details of DDE attack went public, several reports emerged about various widespread attack campaigns abusing this technique in the wild to target several organisations with malware. Now, for the first time, this DDE attack technique has been found leveraging by an Advanced Persistent Threat (APT) hacking group—APT28, which is well known as Fancy Bear and is widely believed to be backed by the Russian government. Russian Hackers Using New York Terror Attack to Lure Victims While analyzing a new spear phishing campaign, security researchers discovered that the Fancy Bear hackers have been leveraging the DDE vulnerability since late October, according to a recent report published Tuesday by McAfee researchers. The campaign involved documents referencing the recent terrorist attack in New York City in an attempt to trick victims into clicking on the malicious documents, which eventually infects their systems with malware. Since DDE is a Microsoft's legitimate feature, most antivirus solutions don't flag any warning or block the documents with DDE fields. Therefore, anyone who clicks on the malicious attachment (with names like SabreGuard2017.docx or IsisAttackInNewYork.docx) inadvertently runs malicious code on his/her computer without any restriction or detection. Once opened, the document runs contacts a command-and-control server to install the first stage of the malware called Seduploader on victims' machines using PowerShell commands. Seduploader then profiles prospective victims by pulling basic host information from the infected system to the hackers. If the system is of interest, the attackers later install a more fully featured piece of spyware—X-Agent and Sedreco. This is not first malware campaign that has been spotted abusing the DDE attack technique. Soon after the details of DDE attack technique went public, Cisco's Talos threat research group uncovered an attack campaign that was actively exploiting this attack technique to target several organisations with a fileless remote access trojan called DNSMessenger. Late last month, researchers discovered a campaign that spread Locky ransomware and TrickBot banking trojan via Word documents that leveraged the DDE technique. Another separate malware spam campaign discovered by security researchers also found distributing Hancitor malware (also known as Chanitor and Tordal) using Microsoft Office DDE exploit. Protection Against DDE Malware Attacks Since Microsoft does not provide any protection against such attacks, you can easily prevent yourself from falling victim to any malicious document abusing the Microsoft's DDE feature by disabling it entirely. If you use Microsoft Word 2016 or Microsoft Excel 2016, go to Options → Advanced, and then remove the checkmark from "Update automatic links at open" which is listed under the general group on the page. In MS Excel, you can also consider checking "Ignore other applications that use Dynamic Data Exchange (DDE)." Moreover, Disable DDEAuto is a Registry file maintained on GitHub that disables the "update links" as well as "embedded files" functionality in MS Office documents when run. You can detect Office documents abusing the DDE feature via a set of YARA rules in Office Open XML files published by the researchers at NVISO Labs. However, the best way to protect yourself from such malware attacks is always to be suspicious of uninvited documents sent via emails and never click on links inside those documents unless adequately verifying the source. Via thehackernews.com

Recent am testat o aplicatie web si am intalnit urmatoarea situatie: doi parametri pe care ii puteam controla erau inclusi intr-un 'href' parametrii respectivi aveau o lungime maxima destul de restrictiva, sa zicem 15 caractere orice continea semnul mai mic (<, inclusiv variante Unicode gen full-length angle bracket) urmat de o litera iti termina sesiunea caracterele speciale nu erau filtrate si nu se folosea HTML-encoding cand valorile respective erau folosite Cam asa arata codul HTML: <a href="https://mataigrasa.com/?param1=XXX&param2=YYY&someotherparamsgohere=whateverman">TROLOL</a> Am folosit urmatoarele valori: param1="onclick='/* param2=*/alert(9)'x=" Atunci codul HTML devine: <a href="https://mataigrasa.com/?param1="onclick='/*&param2=*/alert(9)'x="YYY&someotherparamsgohere=whateverman">TROLOL</a> Param1 inchide atributul 'href' si defineste un 'onclick' in care incep un comment (/*). Param 2 inchide comentul (*/) si introduce codul JS care va fi executat de eventul 'onclick'. Comentariul este folosit ca sa scoata '&param2=' din ecuatie si sa permita concatenarea codului JS. Alte idei/recomandari/sugestii sunt bine venite.

http://recordit.co/GTIROeGtVr

Dear Dr.d3v1l The vulnerabilities you reported has been fixed. As a token of our appreciation we would like to offer you a t-shirt. If you would like a t-shirt please provide us with your preferred t-shirt size (S/M/L/XL/XXL) and on what address you would like to receive the t-shirt. Thanks in advance for your reply and thanks again for your report. Sincerely,

Cum poti dovedi ca nu sunt fake? Sunt interesat.

Salut, keyword stuffing is a good way to do SEO. I did keyword stuffing in my website : http://www.roopokar.com/ and got immediate success.

Oo super metoda, dar in ce imprejurari ai putea sa o folosesti?

e mai serios decit constientizam in bordul nostru cultural, va fi voluntar obligatoriu pentru sclavetzii coorporate: " According to a Facebook spokesperson, Facebook workers will have to review full, uncensored versions of nude images first, volunteered by the user, to determine if malicious posts by other users qualify as revenge porn. " Facebook Workers, Not an Algorithm, Will Look at Volunteered Nude Photos First to Stop Revenge Porn caci, PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names. Facebook somehow managed to link a sex worker's clients under her fake name to her real profile. Sometimes people have legitimate reasons for having two identities. That is becoming harder and harder. pentru "voluntarii" obligati sa se alinieze in trendul corect politic, ca sa-si pastreze standingul coorporate, o solutie... http://hackerfactor.com/blog/index.php?/archives/432-Looks-Like-It.html

Sechele din copilarie ? vezi sa nu-ti crape vreo vena.

Esti nebun de legat... cum plm ai gasit forumul asta? sper sa-ti ramana o gutuie-n gat