Leaderboard

Ce anume nu se merita ? De ce ? Asus Zenfone max nu se merita ? SH ca poate prind ceva mai performant la un pret mai mic decat in magazin. Ma uit in special la cele sigilate si nu la cele sparte, crapate, zdrobite etc. Apropo, de ce vinde lumea la greu si mult mai ieftin decat ne-am astepta S7 Edge ? mE vreo problema si acesta sau care e faza ? Mi-as lua ca sunt care dau si la 1000 in conditii bune, necrapat si fara defecte numai ca nu ma pricep sa fac diferenta intre original si multitudinea de replici care exista.

Nu recomand să-ți iei telefon SH. Și eu mi-am luat iPhone 6 sh, și dupa 2 luni când l-am desfăcut am găsit un muc pe baterie. Puțin probabil să ți se întămple și ție la fel. Eu îți recomand Xiaomi Redmi Note 5, dacă nu vrei să treci de 1000 de lei. Dacă nu vrei Xiaomi pentru că sunt chinezării, să știi ca și Huawei sunt la fel. Poți să aștepți o lună poți să iei în considerare Xiaomi Pocophone F1, care vine cu SD 845, și e undeva la 300 de euro. Dacă stai foarte mult pe telefon uită-te la Asus ZenFone Max Pro m1, care e un Xiaomi Note 5, cu o baterie de 5000 mAh. ( Eu zic că nu se merită. E cu 300 ron mai scump decât acel xiaomi ). Dacă vrei sh, poți să iei acel Mate 9, telefonul e bun.

Am facut un mass admin finder pentru cine are nevoie scopul este pentru a ajuta in programele de bugbounty

Salutare tuturor, M-am decis ca primul post aici sa fie in momentul cand o sa ma adresez comunitatii, in setea mea de cunoastere si alegerea unei cariere in Cyber Security. Am peste 10 ani experienta in IT in diverse pozitii(Network Tech, IT Support, Semi-Sys Admin pe Windoze si vMware si mai nou fac software support pentru o comanie si produsele lor). De aproximativ o luna m-am apucat sa citesc diverse de Cyber-Security, experienta mea in domeniul asta fiind destul de limitata, detin doar Comptia Security+(am lucrat cu ePo de la Mcafee foarte putin, un Nessus cand si cand si mai nou cu OpenVas) as vrea sa va intreb pe cei care lucrati in domeniu daca decizia mea de a alege sa devin Pen Tester este una buna avand in vedere experienta mea. Cochetez foarte tare cu idea sa ma inscriu la OSCP si sa iau lab-urile de 90 de zile. Ar fi de ajuns acele 90 de zile sa pot sa ma pregatesc pentru examen sau este o certificare mult prea dificila pentru un incepator in ale Pen Testingului? Mentionez ca nu stiu prea multe comenzi de Unix si m-am cam luptat cu Kali un pic, dar binecuvantat fie Google si toti producatorii de content :). Mi-am cumparat niste cursuri de uDemy despre domeniul asta si cam ce chestii mi-ar fi utile. M-am uitat la Web Pen Testing cu Burp Suite. Ar fi ceva mai usor de atins ca nivel ca apoi sa continui cu OSCP? Ce alte recomandari puteti sa-mi faceti pe partea de Cyber Security in ceea ce priveste alte arii? Pentru a deveni Pen Tester sau IT Auditor ce alte cursuri/certificari as mai putea face?

s7 edge = bateria se descarca mai repede si dupa un an jumate bateria cedeaza, nu ramane incarcata mai mult de 1 minut + ca se incinge. M-am jucat cu ASUS ZenFone si pot sa spun ca este ok, isi merita bani.

eu am Xiaomi redmi 4x de mai bine de un an si nu am avut niciodata probleme. dimpotriva, vad ca e mai scump acum decat am dat pe el in 2017 si apropo de huawei si xiaomi, la intrebarea care se merita, avem prieteni o familie din China, mi'au spus ca Huawei e sub Xiaomi la ei

Asus Zenfone Max m1 nu se merită în comparație cu Xiaomi Redmi Note 5. Xiaomi este 800 de ron, pe când Asus-ul e undeva la 1100-1200. Pentru 1000mAh in plus eu zic că nu se merită. ( părerea mea ). Dacă cumperi un telefon SH, te expui la niște riscuri. De obicei, din câte am văzut, gadget-urile SH au în cele mai multe cazuri probleme fie de ordin estetic, fie de funcționare. Gândește-te așa : Dacă respectivul a pus produsul pe un site de anunțuri la un preț foarte bun, înseamnă ca tu nu știi ceva despre acel produs. Dacă el insistă că nu are timp să vă întâlniți undeva unde există Wi-Fi, ca să poți testa telefonul o perioadă mai îndelungată e posibil ca gadget-ul să aibe probleme, despre care tu nu știi. ( Posibil să fie blocat in vreo rețea, probleme cu ecranul, camera, bateria schimbată, etc... ) Și cel mai grav e atunci când băiatu' îți spune că vrea să-l livreze cu plată în avans, sau fără verificarea pachetului. Posibil ca vânzătorul să nu-ți fi spus despre toate problemele. ( vezi mai sus ). Poți să-ți dai seama dacă S7 edge e fake, doar ținăndu-l în mână. Cel fake are materiale de o calitate proastă și o greutate mai mică decât cel original. Există și clone mai bune, care sunt aproape identice cu telefonul.

E vorba de preturi de OLX care in magazin/pe emag sunt mai mari de atat. Xiaomi Mi A2 nu scoate mai putin in Antutu decat astea ? Ce altceva mi-ai mai recomanda de pe olx care sa fie performant si sa fie pana in 1100-1200 maxim, parca nu as da nici 1000 dar hai sa zicem ca poate dau atat pe un telefon ? De ce vinde lumea OnePlus 3T-5T si chiar si 6T, e problema si cu astea ? Multumesc mult !

Foarte fain! Daca ai planuri pentru OSCP incepe cu un curs de Linux, gasesti tu un Vmware Workstation, faci un dowload la Kali vm, faci download la niste masini virtuale de pe vulnhub.com, si te joci pe ele cateva luni. Poti sa incepi cu alea vechi de la ultimele pagini, alea au si 'walkthroughs' sau 'pas cu pas' . Apoi, in OSCP o sa ai deaface si cu ceva web application pentesting, si ceva exploit development. Cauta aici pe forum curs in romaneste de exploit development; pe mine m-a ajutat enorm sa fac partea de exploit dev. in examen. BurpSuite iti va fi f. folositor cand faci web app pentesting, dar vei folosi mai mult nikto si dirbuster, desi nu strica sa stii mai multe unelte. Eu zic ca dupa ce te joci destul cu Kali si masini virtuale vulnerabile, iti vei face o parere f buna daca asta vrei sa faci sau nu, desi pot sa iti spun ca nu e usor, avand in vedere ca ii un upgrade de la cunostintele tale de IT. Cauta pe torenta cursuri de la Sans, PDF-ul de la OSCP, cursuri Udemy, PluralSight, Pentester Academy, etc. Spor la treaba multa si noroc! Documenteaza totul!

Cand ai zeci de mii de endpoint-uri (interne sau externe), CEH nu prea mai are relevanta. Se merge mai mult pe strategii, chestii generale si un view mai de ansamblu, cam ceea ce se face in CISSP. Cu alte cuvinte lasi tehnicul in spate pentru baietii mai pasionati si o dai in (Security as a Service)/Management.

@Che Tu erai ala de la coada care te holbai la mine?

La oferta: Titlurile: https://m.imgur.com/a/xYtGaNE Documentele: https://wetransfer.com/downloads/9263b7163faf2142c7781dc08b81566420180827150434/734a80762464fcd8fcb7a14ba157359620180827150434/ec6c68 Succes

Vrei sa-l futi? Sigur nu pune interbari pe rst de genul "oare cu ce se ocupa unii" ? Altii in loc sa intrebe cu ce se ocupa unii, isi gasesc ei ceva cu care sa se ocupe sa se duca si eu cu sacosa la banca ;(

Daca il intrebi, iti va spune sigur ca si-a inceput viata de antreprenor facand iteme de CS:GO care le-a vandut si profitul l-a investit pe Forex. Acolo a folosit un bot bazat pe o retea neuronala si a facut multi bani. Majoritatea ii tine in conturi off-shore dar mai da si el de mila ceva statului Roman sa nu bata la ochi. La muiere, ca sa nu-i faca scandal, i-a setat o retea de dropshipping cu margele si i-o angajat niste content writers de incredere. Are asa de multi bani incat o trebuit sa isi alcatuiasca o metoda bazata pe sirul lui Fibonacci ca sa se descurce la tinut evidenta hartiilor de 200 lei. Are si un front, ca sa nu bata la ochi, un cabinet stomatologic unde ca sa nu plateasca o contabila a facut 4 ani de facultate, mai ales ca a fost pasionat si de metode de criptografie. P.S. - omul defapt era aelius. Are pula mare si e gigolo - face bani de pe cougars

Deep Exploit at Black Hat USA 2018 Arsenal. Overview DeepExploit is fully automated penetration tool linked with Metasploit. It has two exploitation modes. Intelligence mode DeepExploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. Brute force mode DeepExploit executes exploits thoroughly using all combinations of "Exploit module", "Target" and "Payload" of Metasploit corresponding to user's indicated product name and port number. DeepExploit's key features are following. Self-learning. DeepExploit can learn how to exploitation by itself (uses reinforcement learning). It is not necessary for humans to prepare learning data. Efficiently execute exploit. DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using self-learned data. Deep penetration. If DeepExploit succeeds the exploit to the target server, it further executes the exploit to other internal servers. Operation is very easy. Your only operation is to input one command. It is very easy!! Learning time is very fast. Generally, learning takes a lot of time. So, DeepExploit uses distributed learning by multi agents. We adopted an advanced machine learning model called A3C. Abilities of "Deep Exploit" Current DeepExploit's version is a beta. But, it can fully automatically execute following actions: Intelligence gathering. Threat modeling. Vulnerability analysis. Exploitation. Post-Exploitation. Reporting. Your benefits By using our DeepExploit, you will benefit from the following. For pentester: (a) They can greatly improve the test efficiency. (b) The more pentester uses DeepExploit, DeepExploit learns how to method of exploitation using machine learning. As a result, accuracy of test can be improve. For Information Security Officer: (c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach. Since attack methods to servers are evolving day by day, there is no guarantee that yesterday's security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. Our DeepExploit will contribute greatly to keep your safety. System component DeepExploit consists of the machine learning model (A3C) and Metasploit. The A3C executes exploit to the target servers via RPC API. The A3C is developped by Keras and Tensorflow that famous ML framework based on Python. It is used to self-learn exploit's way using deep reinforcement learning. The self-learned's result is stored to learned data that reusable. Metasploit is most famous penetration test tool in the world. It is used to execute an exploit to the target servers based on instructions from the A3C. Processing flow Intelligence mode Step 1. Port scan the training servers. DeepExploit gathers information such as OS, opened port number, product name, protocol on the target server. So, it executes the port scanning to training servers. After port scanning, it executes two Metasploit's command (hosts and services) via RPC API. ex) The result of hosts command. Hosts ===== address mac name os_name os_flavor os_sp purpose info comments ------- --- ---- ------- --------- ----- ------- ---- -------- 192.168.220.145 00:0c:29:16:3a:ce Linux 2.6.X server DeepExploit gets OS type using regular expression from result of hosts command. In above example, DeepExploit gets OS type as Linux. ex) The result of services command. Services ======== host port proto info ---- ---- ----- ---- 192.168.220.145 21 tcp vsftpd 2.3.4 192.168.220.145 22 tcp OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0 192.168.220.145 23 tcp Linux telnetd 192.168.220.145 25 tcp Postfix smtpd 192.168.220.145 53 tcp ISC BIND 9.4.2 ...snip... 192.168.220.145 5900 tcp VNC protocol 3.3 192.168.220.145 6000 tcp access denied 192.168.220.145 6667 tcp UnrealIRCd 192.168.220.145 8009 tcp Apache Jserv Protocol v1.3 192.168.220.145 8180 tcp Apache Tomcat/Coyote JSP engine 1.1 RHOSTS => 192.168.220.145 DeepExploit gets other information such as opened port numbers, protocol types, product name, product version using regular expression from result of service command. In above example, DeepExploit gets following information from the target server. Idx OS Port# Protocol product version 1 Linux 21 tcp vsftpd 2.3.4 2 Linux 22 tcp ssh 4.7p1 3 Linux 23 tcp telnet - 4 Linux 25 tcp postfix - 5 Linux 53 tcp bind 9.4.2 6 Linux 5900 tcp vnc 3.3 7 Linux 6667 tcp irc - 8 Linux 8180 tcp tomcat - Step 2. Training. DeepExploit learns how to method of exploitation using advanced machine learning model called A3C. The A3C consists of multiple neural networks. The neural networks takes the information of the training server gathered in Step1 as input and outputs some kinds of Payload. And the A3C uses the output Payload to Exploit to the training server via Metasploit. In accordance with the result (success / failure) of Exploit, the A3C updates the weight of the neural network (parameter related to attack accuracy). By performing the above processing (learning) with a combination of various inputs, an optimum Payload for input information is gradually output. In order to shorten the learning time, we execute this processing in multi threads. Therefore, learning by using various training servers, DeepExploit can execute accurate exploit according to various situations. So, DeepExploit uses training servers such as metasploitable3, metasploitable2, owaspbwa for learning. Training servers (one example) metasploitable2 metasploitable3 others Step 3. Testing. DeepExploit execute exploit to the testing server using learned result in Step2. It can execute exploits at pinpoint (minimum 1 attempt). Step 4. Post exploit. If DeepExploit succeeds in Exploit of the testing server, it executes exploit to the internal servers with the testing server as a springboard. Step 5. Generate report. DeepExploit generates a report that summarizes vulnerabilities. Report's style is html. Brute force mode Step 1. Getting target products. DeepExploit receives a target product name list from the user via the console. Each product names are separated by "@" mark. ex) Target product name list. wordpress@joomla@drupal@tikiwiki Step 2. Exploit. DeepExploit takes Exploit modules, Targets, Payloads of Metasploit corresponding to the specified products and executes exploit thoroughly using all combinations of them. Step 3. Post exploit. If DeepExploit succeeds in Exploit of the testing server, it executes exploit to the internal servers with the testing server as a springboard. Step 4. Generate report. DeepExploit generates a report that summarizes vulnerabilities. Report's style is html. Installation Step.0 Git clone DeepExploit's repository. local@client:~$ git clone https://github.com/13o-bbr-bbq/machine_learning_security.git Step.1 Install required packages. local@client:~$ cd machine_learning_security/DeepExploit local@client:~$ python install -r requirements.txt Step.2 Change the setting of Keras. Keras is library of machine learning linked with Tensorflow. So, you need to edit Keras config file "keras.json" before run Deep Exploit. local@client:~$ cd "your home directory"/.keras local@client:~$ vim keras.json keras.json { "epsilon": 1e-07, "floatx": "float32", "image_data_format": "channels_last", "backend": "tensorflow" } You rewrite the element of "backend" to "tensorflow". Installation is over. Usage Step.0 Initialize Metasploit DB Common Firstly, you initialize metasploit db (postgreSQL) using msfdb command. root@kali:~# msfdb init Step.1 Launch Metasploit Framework You launch Metasploit on the remote server that installed Metasploit Framework such as Kali Linux. root@kali:~# msfconsole ______________________________________________________________________________ | | | METASPLOIT CYBER MISSILE COMMAND V4 | |______________________________________________________________________________| \\ / / \\ . / / x \\ / / \\ / + / \\ + / / * / / / . / X / / X / ### / # % # / ### . / . / . * . / * + * ^ #### __ __ __ ####### __ __ __ #### #### / \\ / \\ / \\ ########### / \\ / \\ / \\ #### ################################################################################ ################################################################################ # WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF # ################################################################################ https://metasploit.com =[ metasploit v4.16.15-dev ] + -- --=[ 1699 exploits - 968 auxiliary - 299 post ] + -- --=[ 503 payloads - 40 encoders - 10 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > Step.2 Launch RPC Server You launch RPC Server of Metasploit following. msf> load msgrpc ServerHost=192.168.220.144 ServerPort=55553 User=test Pass=test1234 [*] MSGRPC Service: 192.168.220.144:55553 [*] MSGRPC Username: test [*] MSGRPC Password: test1234 [*] Successfully loaded plugin: msgrpc msgrpc options description ServerHost IP address of your server that launched Metasploit. Above example is 192.168.220.144. ServerPort Any port number of your server that launched Metasploit. Above example is 55553. User Any user name using authentication (default => msf). Above example is test. Pass Any password using authentication (default => random string). Above example is test1234. Step.3 Edit config file. You have to change following value in config.ini ...snip... [Common] server_host : 192.168.220.144 server_port : 55553 msgrpc_user : test msgrpc_pass : test1234 ...snip... [Metasploit] lhost : 192.168.220.144 config description server_host IP address of your server that launched Metasploit. Your setting value ServerHost in Step2. server_port Any port number of your server that launched Metasploit. Your setting value ServerPort in Step2. msgrpc_user Metasploit's user name using authentication. Your setting value User in Step2. msgrpc_pass Metasploit's password using authentication. Your setting value Pass in Step2. lhost IP address of your server that launched Metasploit. Your setting value ServerHost in Step2. Intelligence mode Step.4 Train Deep Exploit You execute Deep Exploit with training mode on the client machine. local@client:~$ python DeepExploit.py -t 192.168.184.132 -m train command options description -t, --target IP address of training vulnerable host such as Metasploitable2. -m, --mode Execution mode "train". Demo) learning with 10 threads. Step.5 Test using trained Deep Exploit You execute Deep Exploit with testing mode on the client machine. local@client:~$ python DeepExploit.py -t 192.168.184.129 -m test command options description -t, --target IP address of test target host. -m, --mode Execution mode "test". Demo) testing with 1 thread. Step.6 Check scan report. Please check scan report using any web browser. local@client:~$ firefox "Deep Exploit root path"/report/DeepExploit_report.html Brute force mode Step.4 Brute force Deep Exploit You execute DeepExploit with brute force mode on the client machine. local@client:~$ python DeepExploit.py -t 192.168.184.132 -p 80 -s wordpress@joomla@drupal@tikiwiki command options description -t, --target IP address of test target host. -p, --port Indicate port number of target server. -s, --service Indicate product name of target server. Demo) Brute force mode. Coming soon!! Step.5 Check scan report Please check scan report using any web browser. Tips 1. How to change "Exploit module's option". When Deep Exploit exploits, it uses default value of Exploit module options. If you want to change option values, please input any value to "user_specify" in exploit_tree.json as following. "unix/webapp/joomla_media_upload_exec": { "targets": { "0": [ "generic/custom", "generic/shell_bind_tcp", "generic/shell_reverse_tcp", ...snip... "TARGETURI": { "type": "string", "required": true, "advanced": false, "evasion": false, "desc": "The base path to Joomla", "default": "/joomla", "user_specify": "/my_original_dir/" }, Above example is to change value of TARGETURI option in exploit module "exploit/unix/webapp/joomla_media_upload_exec" to "/my_original_dir/" from "/joomla". Operation check environment Kali Linux 2017.3 (Guest OS on VMWare) Memory: 8.0GB Metasploit Framework 4.16.15-dev Windows 10 Home 64-bit (Host OS) CPU: Intel(R) Core(TM) i7-6500U 2.50GHz Memory: 16.0GB Python 3.6.1（Anaconda3） tensorflow 1.4.0 Keras 2.1.2 msgpack 0.4.8 docopt 0.6.2 More information MBSD Blog Sorry, now Japanese only. English version is coming soon Licence Apache License 2.0 Contact us Isao Takaesu takaesu235@gmail.com https://twitter.com/bbr_bbq Source