Leaderboard

ba sunteti prosti rau, ma jur!

Ar trebui sa facem o cheta sa-l trimitem la analize mai complete... sa se caute omul, in special la etajul superior. Daca posteaza rezultatele pe forum voi contribui si eu.

Evenimente petrecute pana acuma: When adult males take Dianabol, just as with every other anabolic steroid, the body’s natural production of testosterone becomes suppressed. When this happens and testosterone levels stay suppressed for an extended length of time, there are several consequences.There is an additional side effect when the natural production of testosterone is suppressed and that is since it’s made in the testicles, when production is severely slowed down, the testicles will naturally atrophy due to lack of activity. Iti recomand sa iti faci o analiza de testosteron, doar 41 de lei la synevo. Nu uita sa pui rezultatul si pe forum, mor de curiozitate.

Eu cred ca urmeaza o invazie extraterestra.

Un pronostic: tot mai multa lume de aici va intelege faptul ca intelectul tau inca nu a evoluat de la stadiul de reptilian. Astfel incat va trece ceva vreme pana sa ajunga la mamifer si foarte multa vreme pana la homo; homo sapiens trecand astfel spre taramul fictiunii.

Description NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Abstract The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application. https://github.com/NytroRST

Are you from the government? Do you feel threatened by Bitcoin? The answer is obviously no and there are more important things to do, but let’s assume you do and you’re China. How can you kill it? Everyone gossips how secure and unstoppable cryptocurrencies are, which kinda makes you sad because you like to be in control, right? Bitcoin is indeed way harder to ban than just arrest a couple of individuals and shutting down their server like what happened to Silk Road, E-Gold, Liberty Reserve, and pretty much anyone annoying the authorities. In cryptocurrencies there’s no central server to shut down: every single user runs one (full node) for security (that’s in perfect world, in practice most use a web wallet connected to popular cloud provider). But there are coordinators also known as miners or validators or witnesses that are chosen by some rule. In Bitcoin miners find hashes (computationally expensive and needs cheap electricity), and most of the miners are located in your country. Shutting down the miners would be the stupidest thing to do. Bitcoin doesn’t depend on miners for survival, it depends on them for security. So if you make miners go away, difficulty adjustment will kick in and soon miners in other countries will continue securing the network. Instead, to kill Bitcoin, you need to do one big nasty 51% attack. Step 1. Buy a lot of it. Find all big crypto exchanges around, register fully verified accounts, 10–40 on each exchange. So we have about 100 exchanges and 40 accounts on each. Great. Let’s buy $100M worth of Bitcoins. You’re the government, you can afford it for national security, can’t you? Bitcoin’s market cap at the moment of writing is $95B so that would be 0.1% — a fair enough leverage. Send all the money from exchanges to your own desktop wallets. That’s the hardest part: UX of crypto wallets suck so much there’s big chance you will just lose it. (partially joking) Step 2. Locate the 51% of miners. 71% according to https://www.buybitcoinworldwide.com/mining/china/ are somewhere in China. They try to be anonymous, but you are China, and you make people install spy apps on their phones https://thenextweb.com/asia/2017/07/25/chinas-forcing-its-citizens-to-install-a-terrifying-big-brother-app-on-their-phones-or-go-to-jail/ so that shouldn’t be a problem to figure out the largest ones. Hint: They feed on free electricity. So ask around. Here is a story about one from Ordos (not that far from Beijing): Photos: Inside one of the world’s largest bitcoin mines One of the world’s largest bitcoin mines is located in the SanShangLiang industrial park on the outskirts of the city…qz.com Step 3. A secret operation Now ask your secret law enforcement division to find as many miners as possible on day X. Since it is a law enforcement operation, your officers are allowed to point guns to miners’ heads. That will speed up their thinking process, in case they pretend they don’t know what Bitcoin is and how to do 51%. That’s how gov works when it needs to achieve something. And since you’re China, no need to bother trying to look liberal while doing that. Step 4. Double spending time! Make them do the following: they need to mine ~4,000 transactions ($25,000 each) from your desktop wallets in a single block and broadcast it to everyone. These 4,000 transactions will be sending money back to all the accounts you created in Step 1. Normally, exchanges require 6 blocks built on top (confirmations) to consider that transaction final. So now the rest of the network will try to build blocks on top of yours. While they are doing that, mine on top of the block before one you just mined. I.e. you take blockN, send everyone blockN+1 so they keep working on blockN+2 and blockN+3, but you instead focus on mining a different branch blockN+1B and blockN+2B. You have 51% so most likely you will mine faster than everyone else. Once outside miners get 6 confirmations of your block you need to request an exchange of your Bitcoins on all exchanges to something else. Litecoin, Ripple, Ethereum, whatever. They normally exchange automatically. Then you need to send all those altcoins to your desktop wallets again. After changing all BTC to altcoins and requesting altcoins withdrawal, release the other “secret” branch that basically cancels the block with 4,000 transactions you mined. It’s called reorganization: now everyone in the network must accept your chain as the main one, and forget about all the other transactions that are now “orphaned”. Step 5. Watch the coinmarketcap going to 0 This means $100M worth of Bitcoin (which exchanges no longer have) were just exchanged to $100M worth of altcoins, which you do have. Congrats on your double-spend operation, you now have $200M worth of cryptocurrencies! The price of them is going to 0, but that’s what the original purpose was anyway. You can repeat the process again, but you don’t need to. A single attack of this size would destroy faith in cryptocurrencies for next few years. There will be no backlash from other governments — Bitcoin is outside of any jurisdiction or law practice. So you can do it both privately or publicly. Recap It’s a rage post, but I’m not against Bitcoin. I’m against stupidity we have right now. We need to become paranoid again and get our threat model in place. What the actual fuck are you busy with right now? Smart contracts? Identity on blockchain? Exchanging shittokens to shittokens in decentralized fashion? ICOs? These things are completely irrelevant compared to censorship resistance, one and only important quality of a blockchain. The rest of your shit can run on $5 server 1000x times more efficiently. If you don’t need censorship resistance for your task: leave the blockchains alone and get busy with something else! The attack is way easier against Ethereum (step 1. get Vitalik), and the rest of cryptocurrencies you can 51% attack by just buying some ASICs for the cost of one helicopter. So if you act, better attack Bitcoin, and see the domino effect. P.S. If you’re not China and you don’t have James Bond-level spies in China who can hijack the miners for you, doing 51% against Bitcoin on your own is much tricker. So better try to convince China to do it for you. Sursa: https://medium.com/@homakov/how-to-destroy-bitcoin-with-51-pocked-guide-for-governments-83d9bdf2ef6b

Salut. Sunt in aceeasi problema UBB sau UNIBUC. Din cate am vazut si am citit si pe alte forumuri, ambele facultati au un program flexibil care iti ofera mai mult timp ca sa studiezi singur, dar nu-mi dau seama care este alegera mai buna. Eu am renuntat la ideea de a face facultate intr-un oras mic deoarece nu este dezvoltata foarte mult pe it si nu-mi prea pot stabili un viitor acolo la fel cum as face o in Culj sau Bucuresti. Sunt totusi mai multe criterii dupa care ma orientez. 1.Pentru mine la UBB ar fi mai usor sa intru la fara taxa ( am participat la nationala la info si am 2/3 media de admitere 10) (dar asta nu reprezinta un criteriu determinat ci doar pentru un grad de comoditate mai mare pentru admitere) 2.Clujul am vazut ca are o dezvoltare pe it mai mare, cererea este mult mai mare fata de Bucuresti iar de aceea salarile sunt mai ridicatei, dar totusi nu am idee cum se dezvolta capitala sau cum o va face in continuare clujul. 3.In care oras se traieste mai bine? (preturi, mod de viata, oamenii, conditiile, eventual caminele) 4.Am inteles ca totusi in facultate nu faci decat bazele legat de informatica si sunt la acelasi nivel ambele, dar ceea ce ma intereseaza pe mine este ce facultate nu te freaca asa de tare pe materiile inutile?(stiu ca aici depinde de mai multi factori, am citit si in alte parti persoane care ziceau (fie de la UBB fie de la UNIBUC) ca erau f****e la diverse materii neimportante)

@deauxefeforsaken nu stiu daca ti-ai dat seama, dar primesti sfaturi de casnicie de la unii carora le-ai putea fi tata, ca asa e romanul, expert in toate. Daca ai venit pentru sfaturi de "tech", in locul tau m-as limita la ele. Si apoi 2 lucruri, orice faci mai departe: 1. Sa nu ajungi pe mana asa-zisei "justitii" din Rromania caci e o mizerie incredibila 2. Sa poti dormi apoi noaptea, sa te suporti pe tine insuti (sa ai constiinta curata) Spor!

Inainte sa ii zici ca ai prins-o sau ce plm vrei tu sa faci sfatul meu e sa mergi la un avocat. Daca te gandesti ca se ajunge la divort e bine sa fii primul. Casatoriile sunt foarte complicate din perspectiva legala si cred ca nu vrei sa iti ia jumatate din bani, casa, salariu etc. Un avocat te poate ajuta sa o fraieresti si sa iesi tu pe avantaj. Ex. sa o pui sa semneze contract cum ca tu esti unicul propietar al casei, pe motiv ca ai nevoie la firma, imprumut, cacat. Sau sa faci un imprumut maricel in numele vostru fix inainte de divort. E rau de tine. Dupa atata timp impreuna. Ce vrei sa mai faci de la varsta asta? Sfatul meu e sa te gandesti in principal pentru tine. Daca tu esti mai fericit sa fii singur, sa nu iti mai fure din bani, oricum copii tot tii vezi si ea tot panarama in pat cu altii ramane.

Bravo @giovanny, de cand doar barbatul trebuie sa faca tot? Aia ii de psihiatrie, ii dependenta de senzatia care o da inselatul, nici copilul cel mai mic de care ar trebui sa fie atasata nu o intereseaza. Mai pot adauga un drog la lista, inselatul. @deauxefeforsaken trecutul nu-l mai poti schimba si nu se merita sa te uiti la lucrurile urate ce s-au intamplat cu ea. Incearca sa unesti familia, copiii in jururul tau. Incepe cu cel mare.

Incearca aici poate iti e de folos. Capu' sus!

Introducing New Packing Method: First Reflective PE Packer Amber October 24, 2017 Ege Balci Operating System, Research, Tools Because of the increasing security standards inside operating systems and rapid improvements on malware detection technologies today’s malware authors takes advantage of the transparency offered by in-memory execution methods. In-memory execution or fileless execution of a PE file can be defined as executing a compiled PE file inside the memory with manually performing the operations that OS loader supposed to do when executing the PE file normally. In-memory execution of a malware facilitates the obfuscation and anti-emulation techniques. Additionally the malware that is using such methods leaves less footprints on the system since it does not have to possess a file inside the hard drive. Combining in-memory execution methods and multi stage infection models allows malware to infect systems with very small sized loader programs; only purpose of a loader is loading and executing the actual malware code via connecting to a remote system. Using small loader codes are hard to detect by security products because of the purpose and the code fragments of loaders are very common among legitimate applications. Malware that are using this approach can still be detected with scanning the memory and inspecting the behaviors of processes but in terms of security products these operation are harder to implement and costly because of the higher resource usage (Ramilli, 2010[1]). Current rising trend on malware detection technologies is to use the machine learning mechanisms to automate the detection of malwares with feeding very big datasets into the system, as in all machine learning applications this mechanism gets smarter and more accurate in time with absorbing more samples of malware. These mechanisms can feed large numbers of systems that human malware analysts can’t scale. Malware Detection Using Machine Learning[2]paper by Gavriluţ Dragoş from BitDefender Romania Labs widely explains the inner workings of machine learning usage on malware detection. According to the Automatic Analysis of Malware Behavior using Machine Learning[3] paper by Konrad Rieck, with enough data and time false positive results will get close to zero percent and deterministic detection of malware will be significantly effective on new and novel malware samples. The main purpose of this work is developing a new packing methodology for PE files that can alter the way of delivering the malware to the systems. Instead of trying to find new anti-detection techniques that feed the machine learning data-sets, delivering the payload to the systems via fileless code injections directly bypasses most of the security mechanisms. With this new packing method it is possible to convert compiled PE files into multi stage infection payloads that can be used with common software vulnerabilities such as buffer overflows. Known Methods Following techniques are inspiration point of our new packing method. Reflective DLL Injection[4] is a great library injection technique developed by Stephen Fewer and it is the main inspiration point for developing this new packer named as Amber. This technique allows in-memory execution of a specially crafted DLL that is written with reflective programming approach. Because of the adopted reflective programming approach this technique allows multi stage payload deployment. Besides the many advantages of this technique it has few limitations. First limitation is the required file format, this technique expects the malware to be developed or recompiled as a DLL file, and unfortunately in most cases converting an already compiled EXE file to DLL is not possible or requires extensive work on the binary. Second limitation is the need for relocation data. Reflective DLL injection technique requires the relocation data for adjusting the base address of the DLL inside the memory. Also this method has been around for a long time, this means up to date security products can easily detect the usage of Reflective DLL injection. Our new tool, Amber will provide solutions for each of these limitations. Process Hollowing[5] is another commonly known in-memory malware execution method that is using the documented Windows API functions for creating a new process and mapping an EXE file inside it. This method is popular among crypters and packers that are designed to decrease the detection rate of malwares. But this method also has several drawbacks. Because of the Address Space Layout Randomization (ASLR) security measure inside the up-to-date Windows operating systems, the address of memory region when creating a new process is randomized, because of this process hollowing also needs to implement image base relocation on up-to-date Windows systems. As mentioned earlier, base relocation requires relocation data inside PE files. Another drawback is because of the usage of specific file mapping and process creation API functions in specific order this method is easy to identify by security products. Hyperion[6] is a crypter for PE files, developed and presented by Christian Amman in 2012. It explains the theoretic aspects of runtime crypters and how to implement it. The PE parsing approach in assembly and the design perspective used while developing Hyperion helped us for our POC packer. Technical Details of our new packing method: Amber The fundamental principle of executing a compiled binary inside the OS memory is possible with imitating the PE loader of the OS. On Windows, PE loader does many important things, between them mapping a file to memory and resolving the addresses of imported functions are the most important stages for executing a EXE file. Current methods for executing EXE files in memory uses specific windows API functions for mimicking the windows PE loader. Common approach is to create a new suspended process with calling CreateProcess windows API function and mapping the entire EXE image inside it with the help of NtMapViewOfSection, MapViewOfFileand CreateFileMapping functions. Usage of such functions indicates suspicious behavior and increases the detection possibility of the malware. One of the key aspects while developing our packer is using less API functions as possible. In order to avoid the usage of suspicious file mapping API functions our packer uses premapped PE images moreover execution of the malware occurs inside of the target process itself without using the CreateProcess windows API function. The malware executed inside the target process is run with the same process privileges because of the shared _TEB block which is containing the privilege information and configuration of a process. Amber has 2 types of stub, one of them is designed for EXE files that are supporting the ASLR and the other one is for EXE files that are stripped or doesn’t have any relocation data inside. The ASLR supported stub uses total of 4 windows API calls and other stub only uses 3 that are very commonly used by majority of legitimate applications. ASLR Supported Stub: VirtualAlloc CreateThread LoadLibraryA GetProcAddress Non-ASLR Stub: VirtualProtect LoadLibraryA GetProcAddress In order to call these API’s on runtime Amber uses a publicly known EAT parsing technique that is used by Stephen Fewer’s Reflective DLL injection[4] method. This technique simply locates the InMemoryOrderModuleList structure with navigating through Process Environment Block (PEB) inside memory. After locating the structure it is possible to reach export tables of all loaded DLLs with reading each _LDR_DATA_TABLE_ENTRY structure pointed by the InMemoryOrderModuleList. After reaching the export table of a loaded DLL it compares the previously calculated ROR (rotate right) 13 hash of each exported function name until a match occurs. Amber’s packing method also provides several alternative windows API usage methods, one of them is using fixed API addresses, this is the best option if the user is familiar on the remote process that will host the Amber payload. Using fixed API addresses will directly bypass the latest OS level exploit mitigations that are inspecting export address table calls also removing API address finding code will reduce the overall payload size. Another alternative techniques can be used for locating the addresses of required functions such as IAT parsing technique used by Josh Pitts in “Teaching Old Shellcode New Tricks”[7] presentation. Current version of Amber packer versions only supports Fixed API addresses and EAT parsing techniques but IAT parsing will be added on next versions. Generating the Payload For generating the actual Amber payload first packer creates a memory mapping image of the malware, generated memory mapping file contains all sections, optional PE header and null byte padding for unallocated memory space between sections. After obtaining the mapping of the malware, packer checks the ASLR compatibility of the supplied EXE, if the EXE is ASLR compatible packer adds the related Amber stub if not it uses the stub for EXE files that has fixed image base. From this point Amber payload is completed. Below image describes the Amber payload inside the target process, ASLR Stub Execution Execution of ASLR supported stub consists of 5 phases, Base Allocation Resolving API Functions Base Relocation Placement Of File Mapping Execution At the base allocation phase stub allocates a read/write/execute privileged memory space at the size of mapped image of malware with calling the VirtualAlloc windows API function, This memory space will be the new base of malware after the relocation process. In the second phase Amber stub will resolve the addresses of functions that is imported by the malware and write the addresses to the import address table of the mapped image of malware. Address resolution phase is very similar to the approach used by the PE loader of Windows, Amber stub will parse the import table entries of the mapped malware image and load each DLL used by the malware with calling the LoadLibraryA windows API function, each _IMAGE_IMPORT_DESCRIPTOR entry inside import table contains pointer to the names of loaded DLL’s as string, stub will take advantage of existing strings and pass them as parameters to the LoadLibraryA function, after loading the required DLL Amber stub saves the DLL handle and starts finding the addresses of imported functions from the loaded DLL with the help of GetProcAddress windows API function, _IMAGE_IMPORT_DESCRIPTOR structure also contains a pointer to a structure called import names table, this structure contains the names of the imported functions in the same order with import address table(IAT), before calling the GetProcAddress function Amber stub passes the saved handle of the previously loaded DLL and the name of the imported function from import name table structure. Each returned function address is written to the malwares import address table (IAT) with 4 padding byte between them. This process continuous until the end of the import table, after loading all required DLL’s and resolving all the imported function addresses second phase is complete. At the third phase Amber stub will start the relocation process with adjusting the addresses according to the address returned by the VirtualAlloc call, this is almost the same approach used by the PE loader of the windows itself, stub first calculates the delta value with the address returned by the VirtualAlloc call and the preferred base address of the malware, delta value is added to the every entry inside the relocation table. In fourth phase Amber stub will place the file mapping to the previously allocated space, moving the mapped image is done with a simple assembly loop that does byte by byte move operation. At the final phase Amber stub will create a new thread starting from the entry point of the malware with calling the CreateThread API function. The reason of creating a new thread is to create a new growable stack for the malware and additionally executing the malware inside a new thread will allow the target process to continue from its previous state. After creating the malware thread stub will restore the execution with returning to the first caller or stub will jump inside a infinite loop that will stall the current thread while the malware thread successfully runs. Non-ASLR Stub Execution Execution of Non-ASLR supported stub consists of 4 phases, Base Allocation Resolving API functions Placement Of File Mapping Execution If the malware is stripped or has no relocation data inside there is no other way than placing it to its preferred base address. In such condition stub tries to change the memory access privileges of the target process with calling VirtualProtect windows API function starting from image base of the malware through the size of the mapped image. If this condition occurs preferred base address and target process sections may overlap and target process will not be able to continue after the execution of Amber payload. Fixed Amber stub may not be able to change the access privileges of the specified memory region, this may have multiple reasons such as specified memory range is not inside the current process page boundaries (reason is most probably ASLR) or the specified address is overlapping with the stack guard regions inside memory. This is the main limitation for Amber payloads, if the supplied malware don’t have ASLR support (has no relocation data inside) and stub can’t change the memory access privileges of the target process payload execution is not possible. In some situations stub successfully changes the memory region privileges but process crashes immediately, this is caused by the multiple threads running inside the overwritten sections. If the target process owns multiple threads at the time of fixed stub execution it may crash because of the changing memory privileges or overwriting to a running section. However these limitations doesn’t matter if it’s not using the multi stage infection payload with fixed stub, current POC packer can adjust the image base of generated EXE file and the location of Amber payload accordingly. If the allocation attempt ends up successful first phase is complete. Second phase is identical with the approach used by the ASLR supported stub. After finishing the resolution of the API addresses, same assembly loop used for placing the completed file mapping to the previously amended memory region. At the final phase stub jumps to the entry point of the malware and starts the execution without creating a new thread. Unfortunately, usage of Non-ASLR Amber stub does not allow the target process to continue with its previous state. Multi Stage Applications Security measures that will be taken by operating systems in the near future will shrink the attack surface even more for malwares. Microsoft has announced Windows 10 S on May 2 2017[8], this operating system is basically a configured version of Windows 10 for more security, one of the main precautions taken by this new operating system is doesn’t allow to install applications other than those from Windows Store. This kind of white listing approach adopted by the operating systems will have a huge impact on malwares that is infecting systems via executable files. In such scenario usage of multi stage in-memory execution payloads becomes one of the most effective attack vectors. Because of the position independent nature of the Amber stubs it allows multi stage attack models, current POC packer is able to generate a stage payload from a complex compiled PE file that can be loaded and executed directly from memory like a regular shellcode injection attack. In such overly restrictive systems multi stage compatibility of Amber allows exploitation of common memory based software vulnerabilities such as stack and heap based buffer overflows. However due to the limitations of the fixed Amber stub it is suggested to use ASLR supported EXE files while performing multi stage infection attacks. Stage payloads generated by the POC packer are compatible with the small loader shellcodes and payloads generated from Metasploit Framework [9], this also means Amber payloads can be used with all the exploits inside the Metasploit Framework [9] that is using the multi stage meterpreter shellcodes. Here is the source code of Amber . Feel free to fork and contribute..! https://github.com/EgeBalci/Amber Demo 1 – Deploying EXE files through metasploit stagers This video demonstrates how to deploy regular EXE files into systems with using the stager payloads of metasploit. The Stage.exe file generated from Metasploit fetches the amber’s stage payload and executes inside the memory. Demo 2 – Deploying fileless ransomware with Amber ( 3 different AV ) This video is a great example of a possible ransomware attack vector. With using amber, a ransomware EXE file packed and deployed to a remote system via fileless powershell payload. This attack can also be replicated with using any kind of buffer overflow vulnerability. Detection Rate Current detection rate (19.10.2017) of the POC packer is pretty satisfying but since this is going to be a public project current detection score will rise inevitably When no extra parameters passed (only the file name) packer generates a multi stage payload and performs an basic XOR cipher with a multi byte random key then compiles it into a EXE file with adding few extra anti detection functions. Generated EXE file executes the stage payload like a regular shellcode after deciphering the payload and making the required environmental checks. This particular sample is the mimikatz.exe (sha256 – 9369b34df04a2795de083401dda4201a2da2784d1384a6ada2d773b3a81f8dad) file packed with a 12 byte XOR key (./amber mimikatz.exe -ks 12). The detection rate of the mimikatz.exe file before packing is 51/66 on VirusTotal. In this particular example packer uses the default way to find the windows API addresses witch is using the hash API, avoiding the usage of hash API will decrease the detection rate. Currently packer supports the usage of fixed addresses of IAT offsets also next versions will include IAT parser shellcodes for more alternative API address finding methods. VirusTotal https://www.virustotal.com/#/file/3330d02404c56c1793f19f5d18fd5865cadfc4bd015af2e38ed0671f5e737d8a/detection VirusCheckmate Result http://viruscheckmate.com/id/1ikb99sNVrOM NoDistribute https://nodistribute.com/result/image/7uMa96SNOY13rtmTpW5ckBqzAv.png Future Work This work introduces a new generation malware packing methodology for PE files but does not support .NET executables, future work may include the support for 64 bit PE files and .NET executables. Also in terms of stealthiness of this method there can be more advancement. Allocation of memory regions for entire mapped image done with read/write/execute privileges, after placing the mapped image changing the memory region privileges according to the mapped image sections may decrease the detection rate. Also wiping the PE header after the address resolution phase can make detection harder for memory scanners. The developments of Amber POC packer will continue as a open source project. References [1] Ramilli, Marco, and Matt Bishop. “Multi-stage delivery of malware.” Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on. IEEE, 2010. [2] Gavriluţ, Dragoş, et al. “Malware detection using machine learning.” Computer Science and Information Technology, 2009. IMCSIT’09. International Multiconference on. IEEE, 2009. [3] Rieck, Konrad, et al. “Automatic analysis of malware behavior using machine learning.” Journal of Computer Security 19.4 (2011): 639-668. [4] Fewer, Stephen. “Reflective DLL injection.” Harmony Security, Version 1 (2008). [5] Leitch, John. “Process hollowing.” (2013). [6] Ammann, Christian. “Hyperion: Implementation of a PE-Crypter.” (2012). [7] Pitts, Josh. “Teaching Old Shellcode New Tricks” https://recon.cx/2017/brussels/resources/slides/RECON-BRX-2017 Teaching_Old_Shellcode_New_Tricks.pdf (2017) [8] https://news.microsoft.com/europe/2017/05/02/microsoft-empowers-students-and-teachers-with-windows-10-s-affordable-pcs-new-surface-laptop-and-more/ [9] Rapid7 Inc, Metasploit Framework https://www.metasploit.com [10] Desimone, Joe. “Hunting In Memory” https://www.endgame.com/blog/technical-blog/hunting-memory (2017) [11] Lyda, Robert, and James Hamrock. “Using entropy analysis to find encrypted and packed malware.” IEEE Security & Privacy 5.2 (2007). [12] Nasi, Emeric. “PE Injection Explained Advanced memory code injection technique” Creative Commons Attribution-NonCommercial-NoDerivs 3.0 License (2014) [13] Pietrek, Matt. “Peering Inside the PE: A Tour of the Win32 Portable Executable File Format” https://msdn.microsoft.com/en-us/library/ms809762.aspx (1994) Sursa: https://pentest.blog/introducing-new-packing-method-first-reflective-pe-packer/

Bati campii rau de tot cu asta. Stau in aceeasi casa, respira acelasi aer, mananca impreuna, au planuri de viata impreuna. Nu crezi ca ar fi mai ok ca ea sa dea cartile pe fata daca o arde aiurea? Se vede ca esti inca necopt. Stai o viata alaturi de un om si tot nu ajungi sa-l cunosti. Crezi ca la toate dai cu programare cand nu mai merg lucrurile sau cand nu-ti convine ceva? Internetu' nu e viata. Ce vorbeste el acolo, e viata. Mai iesi si tu din casa, du-te si imbata-te, mergi la curve, lasa fitilele astea.

Evenimente petrecute pana acum: 1. NATO/USA au asigurat Ucraina ca ii vor oferi protectie in cazul unui eventual atac, aceasta, in schimb, trebuiand sa renunte la armanentul nuclear. 2. Rusia invadeaza Ucraina. 3. NATO/USA nu s-au tinut de cuvant spunand ca nu face obiectul interesului lor (limnaj de lemn etc.). daca va amintiti, acum cativa ani asa a zis si Romaniei cand o tara vecina tot fura din teritoriul nostru de la granita. Ucraina nu e in NATO, dar noi eram si inca mai suntem si le luam armamentul uzat la suprapret (MIG-uri care se prabusesc etc.). 4. Ca masura de a pedepsi Rusia, UE ii interzice transferul economic Rusiei catre tarile membre UE. 5. Nu dupa mult timp, UE este invadata de imigranti din teritoriile bombardate de ISIS finantate de rusi. (Observati cauza si efect !) 6. Mai multe tari din UE cad prada imigrantilor si socialismului asta tampit si, culmea, populatiei i se pare ceva normal. Sa nu uitam ca suedezi au prins tigani de-ai nostri la furat chiar prin casele lor si, in loc sa-i ia la ciomagit, le-au mai dat ei bani, de mila, ba chiar unii i-au si adoptat. Tot la fel si cu imigrantii. Ba chiar astia incep sa aiba mai multe drepturi decat o persoana ce locuieste in statul respectiv. Prin Anglia cica firmele ar fi obligate sa angajeze indieni/migranti in posturi de conducere pe motiv ca cica sa nu fie discriminare. Posibil tot asa sa fi ajuns si cel de la Microsoft. 7. Incet, incet, lipsa de coaie si laicuirea pe feisbuc ajunge sa anihileze orice contra-reactie a omului de rand. 8. Politicieni hoti peste tot, nu numai la noi, dar si in multe alte tari europene civilizate. 9. In Grecia locuitorii iarasi o duc prost. Au primit un imprumut destul de mare de la UE si, nu dupa mult timp, si-au bagat pwla si au zis ca ei nu restituie nimic. 10. In Turcia ia nastere un regim dictatorial, in ciuda amenintarilor lipsite de 00 ale UE si SUA/NATO. 11. NU MAI SUNT BANI ! DIN CE IN CE MAI MULTI ASISTATI SOCIAL SUB O FORMA SAU ALTA. Se preconizeaza ca in cativa ani nu vor mai fi bani de pensii. Si asta nu numai la noi, peste tot in tarile UE. 12. Bancile ofera imprumuturi nu doar pentru case, care au explodat ca si pret si ca si chirire, dar si pentru telefoane, vacante, masini, tablete, calculatoare etc. Astfel, tot prostul se imprumuta si, cererea fiind mare, preturile acestora sar in aer si devin din ce in ce mai inaccesibile, ajungandu-se practic sa fii obligat sa te imprumuti in banca pentru nu stiu ce nimicuri. Salariile din ce in ce mai mici sau inflatie mai mare, ajungandu-se ca o mare parte a populatiei sa fie indatorata bancilor. Astea fiind spuse, ce credeti ca se va intampla in viitorul apropiat ? Va intreb ca mie mi se pare ca totul a ajuns intr-un punct mort si trebuie sau urmeaza sa se intample ceva, o schimbare, nu neaparat buna. Dar ce anume ? Credeti ca va fi iarasi o criza economica ? Unii, vad ca zic pe internet ca cica ar fi in 2017 si inceputul lui 2018 si cica ar distruge grav mai toate economiile si ar fi muuuult mai grava decat cea din 2007. Oare sa fie asa ? Sau sa fie vreun razboi ? Dar parca la cat vad eu de lipsiti de coaie pe barbosii din ziua de azi, parca ma cam indoiesc ca se vor bate "doamnele" astea de la ceva, poate doar de la oja. Ce credeti ?

Aproape au dublat salariile primarilor si toti cei ce detin micile sfere de influenta necesare la alegeri, de unde sa mai fie bani si pentru pulime

Posted March 15, 2014

Yes i am!! ;-;

"This file is no loger Avalible" Srsly, is this a joke?