Leaderboard

Un Deep Neural Network (Read More) care `invata` sa faca distinctia intre o pisica si un caine. (Cel putin incearca) Link Imagini:

http://books.goalkicker.com/

Next Stop 14k support fibo #haicasepoate LE: sa nu aveti impresia ca sunt ai mei toti banii; suntem cativa; noi am pus mana de la mana si jucam impreuna (mai multi bani = o marja mai sigura = mai multe unitati la tranzactionat)

Cred ca reteaua ta sufera de overfitting. Cu 4 poze ca training set si cate zeci de neuroni fully-connected ai overfitting e sigur sa se intample. Bravo. Vad ca avansezi repede in domeniu! Te-as sfatui sa mai arunci o privire la aspectul stiintific al Machine Learning: cum functioneaza, convergenta, overfitting, node prunning, si cum, de ce si cand functioneaza toate tehnicile astea. Oricum impresionant! Bravo! //EDIT: Ok nu am vazut initial tot training setul. 25k poze sunt destul de multe!

Este o serie de articole ce descriu dezvoltarea exploit-urilor de kernel Windows, folosind HackSysExtremeVulnerableDriver pe Windows 7 32bit cat si Windows 7 64bit, dar si Windows 10. [Kernel Exploitation] 1: Setting up the environment [Kernel Exploitation] 2: Payloads [Kernel Exploitation] 3: Stack Buffer Overflow (Windows 7 x86/x64) [Kernel Exploitation] 4: Stack Buffer Overflow (SMEP Bypass) [Kernel Exploitation] 5: Integer Overflow [Kernel Exploitation] 6: NULL pointer dereference Sursa: https://twitter.com/abatchy17 (decizia de a scrie articolele: https://twitter.com/abatchy17/status/939572701345148928; anuntul primelor doua post-uri: https://twitter.com/abatchy17/status/948226589237559296

Căutăm 2 oameni (dev și sales) pasionați (full time) pentru sediul din București - Pipera: 📱 Un junior -> middle JavaScript Software Developer (să știe și să fie interesat de tehnologii precum Angular2+, Ionic Framework 2+, aplicații de mobil Hibride și Progressive Web Apps) care să aibe în portofoliu câteva realizări și să fie autodidact 👨🏼‍💼 Un OM pe vânzări care să vină din IT, adică cineva pasionat, smart și tehnic pe aria asta 🤥 O cerință pentru ambii candidați: seriozitate Alte detalii: biroul este la ~5 minute de stația de metrou Pipera; mediul de lucru este plăcut, iar firma este un start-up Dacă v-am captat aștept interesul suficient, vă aștept să discutăm în privat. 😀

https://crypto.stanford.edu/cs155/syllabus.html

I’ve been reviewing the source code of a number of blockchain thingies, both for paid audits and for fun on my spare time, and I routinely find real security issues. In this post I’ll describe a vulnerability noticed a while ago, and now that Lisk finally describes it and warns its users, I can comment on its impact and exploitability. TL;DR: you can hijack certain Lisk accounts and steal all their balance after only 264 evaluations of the address generation function (a combination of SHA-256, SHA-512, and a scalar multiplication over Ed25519’s curve). What is Lisk? In blockchain-speak, Lisk is yet another platform for building decentralized applications. To simplify, Lisk is a kind of Ethereum where contracts are written in JavaScript—instead of Solidity or Viper—and where the consensus protocol relies on proof-of-stake instead of proof-of-work. More precisely, Lisk uses a delegated proof-of-stake (DPoS) protocol, wherein a limited number of nodes, chosen by user through a voting mechanism, will actually validate transactions. Having only a limited number (101) of validators speeds up transactions validation while keeping Lisk kinda decentralized. As I’m writing this, Lisk is ranked 19th on coinmarketcap, with a market cap of approximately 3.4 billions of dollars. First problem: short addresses Like in any cryptocoin platform, coin owners are identified by an address. In Lisk, addresses are 64-bit numbers, such as 3040783849904107057L. Whereas in Bitcoin, for example, an address is simply a hash of one’s public key, a Lisk address is derived deterministically from a passphrase, while generating the users’s keypair along the way. In more details, it works like this: Given a passphrase, compute a 256-bit seed as seed = SHA-256(passphrase). Derive an Ed25519 keypair from this seed, which involves computing SHA-512(seed) and a scalar multiplication. Compute the SHA-256 hash of the public key, and define the address as the last 8 bytes of the 32-byte hash. Now you guess part of the problem: you can find a preimage of any address in approximately 264 evaluations of the above series of operations. Second problem: no address–key binding Ideally, short addresses shouldn’t be a huge problem: if an address already exists and is bound to a key pair, you shouldn’t be able to hijack the account by finding another passphrase/keypair mapping to this address. And that’s the second problem: an address isn’t bound to a keypair until it has sent money to another address (or voted for a delegate). What this means is that if an account only receives money but never sends any, then it can be hijacked by finding a preimage—and once the attacker has found a preimage, they can lock the original user out of their account by issuing a transaction and binding the address to their new passphrase/keypair. I don’t know how many accounts are vulnerable, but it’s easy to find ones: just by browsing through the top accounts list, you can for example find a vulnerable that holds more than 1.6 million of Lisk units (or $48M)—look for an account with no associated public key. Exploitation and mitigation Running the 264 address computations isn’t instantaneous though; because it involves a key generation operation, these 264 operations are considerably slower than (say) 264 evaluations of a hash function like SHA-256. But completing the attack within a month will clearly cost you less than $48M. And of course in practice you’ll parallelize the attacks on N cores, and you’ll target one-of-M addresses, so the expected running time will only be around 263/NM operations. With only 64 targets and 256 cores, we’re talking of 249 iterations. As Lisk now recommends, “it’s important to broadcast the correct public key to the network for any given Lisk address. This can be done by simply sending at least one transaction from a Lisk account.” I don’t know whether this vulnerability has been exploited, but yet again this shows that blockchain systems security is a vastly unexplored area, with lot of unaudited architectures and source code, and new bug classes to be found and exploited. PoC||GTFO I’ve tested that the attack works, by first finding a collision (two passphrases/keypairs mapping to the same address), creating an account using the first passphrase, receiving money to this address, and then hijacking the account using the second passphrase. I also simulated a real preimage attack to estimate the cost of the attack on my machine (can’t find the numbers though, it was a while ago). If you’re interested in benchmarking this, the following code can be useful (combined with an optimized implementation of Ed25519’s arithmetic). 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 #define N 16 // generates a pub key from a 32-byte seed int pubkeyFromSeed(unsigned char *pk, const unsigned char *seed) { unsigned char az[64]; sc25519 scsk; ge25519 gepk; sha512(az,seed,32); az[0] &= 248; az[31] &= 127; az[31] |= 64; sc25519_from32bytes(&scsk,az); ge25519_scalarmult_base(&gepk, &scsk); ge25519_pack(pk, &gepk); return 0; } // computes raw pub key from utf-8 secret static inline void pubkeyFromSecret(const char *secret, size_t secretlen, uint8_t *pk) { // first hash secret uint8_t seed[32]; SHA256((const unsigned char*)secret, secretlen, seed); pubkeyFromSeed(pk, seed); } // computes raw address from raw pubkey static inline void addressFromPubkey(const uint8_t *pk, uint8_t *address) { uint8_t hash[32]; SHA256(pk, 32, hash); for(int i=0; i<N/2; ++i) address = hash[7-i]; } string addrToStr(unsigned long long a) { stringstream ss; ss << hex << setw(16) << setfill('0') << a; return ss.str(); } // address is N/2-byte long unsigned long long addressToInt(uint8_t * address) { unsigned long long addressint = 0; for(int i=0; i<N/2; ++i) { addressint |= (uint64_t)address << (56 - (i*8)); } return addressint; } // tested to match /api/accounts/open unsigned long long addressFromSecret(unsigned long long in) { uint8_t pk[32]; uint8_t address[N/2]; string s = addrToStr(in); pubkeyFromSecret(&s[0u], N, pk); addressFromPubkey(pk, address); return addressToInt(address); } And there’s more: secret keys aren’t secret Ah, and there’s another security issue in Lisk: looking at the client API documentation, you’ll notice that clients need to send their passphrase (the secret value) to open an account or to send a transaction. In other word, Lisk is missing the whole point of public-key cryptography, which is to keep secret keys secret. Oh, and there’s even an endpoint (/api/accounts/open) that allows you to request your public key given your secret key. So much for trustlessness and decentralization. Sursa: https://research.kudelskisecurity.com/2018/01/16/blockchains-how-to-steal-millions-in-264-operations/

Sa se cheme dupa cel mai tare hacker roman: Tinkoin

Salut si bine ai venit. 1) C++ e o baza buna. Te-ai gandit ce ti-ar place sa faci? Aplicatii mobile, website-uri, jocuri etc? Desi, avand in vedere ca o sa mergi la facultate, cred ca ar fi mai potrivit sa citesti programa si sa vezi ce limbaje se predau acolo. Poti sa le inveti din timp si sa fii cu un pas inainte, ceea ce o sa-ti faca viata mai usoara. 2) E o alegere buna FMI, atata timp cat o iei in serios si continui sa inveti. 3) Aici nu stiu daca te referi la job in domeniul IT (internship etc), sau nu. Daca e vorba doar de a face niste bani, personal nu cred ca e o idee asa buna in timpul facultatii (decat daca e absolut necesar sa te poti intretine, neavand alte surse de finantare). Un job iti consuma mult din energie ceea ce face mai dificila invatarea. Daca esti finantat de parinti, rude etc si nu ai presiunea banilor inca, as recomanda ca jobul tau sa fie facultatea, sa inveti cat mai multe acolo, ceea ce o sa-ti dea sanse mai mari sa intri pe piata IT cand termini. Sunt multi care dau cu piciorul la facultate pentru ca se apuca de joburi fara sens inca din primii ani, doar din dorinta de a face niste bani rapizi. Banii nu-ti asigura viitorul, ci cunostintele pe care le ai. In asta trebuie sa investesti. 4) Nu-ti lasa materia sa se adune. Invata constant, altfel ramai in urma si o sa regreti, pentru ca e greu sa te urci inapoi pe cal din mers. 5) Prioritar ar trebui sa fie informatica. Daca ai timp si de germana pe langa, nu o sa iti strice deloc. Personal nu vad mare legatura intre salar si germana. Poate daca lucrezi la firme germane sau daca primesti oferte interesante de munca in Germania. Dar avand in vedere ca e un domeniu tehnic, banii o sa fie direct proportionali cu experienta si cunostintele in domeniu. Succes. PS: Iti poti edita postul initial, nu face double post cand mai ai de adaugat ceva.

For a good password use this sites https://hashc.co.uk/ https://gpuhash.me/ onlinehashcrack.com If you are a beginner try this Dumpper v.90.x google it i think you will find it on git or here https://sourceforge.net/projects/dumpper/

Pentru a folosi acest program, aveti nevoie de o lista de ip proxy, aveti aici un proxy finder https://rstcenter.com/forum/49635-proxy-finder.rst, si de un link catre un videoclip la care vreti sa faceti vizioari. download : GirlShare - Download Youtube Auto Viewer.rar scanare : https://www.virustotal.com/file/25aa434f2c4a6ac1d9cb2b56c888947fd58ec953c23234aec0179d84584ead1c/analysis/1330277858/ SURSA : HackForums.Net

https://legitcoin.me/ Ce zici de asta? da 5 legitcoin d-astia free, e 0.70$ unu