Leaderboard

https://phishingquiz.withgoogle.com/

Salut, Pentru fun voi da drumul la CTF-ul de mai jos. https://54.38.222.163/ Idea e sa luati flagurile, sau sa incercati sa puneti hostul in cap (facand prostii pe containere). Sa nu schimbati parola, daca cineva schimba parola imi spuneti si voi recrea containeru fara posibilitatea de a schimba parola. Rugamintea e sa nu stricati ceva si sa ma anuntati daca ati gasit ceva vulenrabilitate. Bafta. Se accepta si writeups dar sa nu le faceti publice, cel putin nu atat timp cat ruleaza. Orice problema imi ziceti aici sau pe chat. Sau pe whatsapp. Numaru vi-l pot da in privat cine are nevoie pentru o comunicare mai usoara.

Eu mi l-am luat pe asta: https://www.amazon.de/gp/product/B07DDCRFP6/ @theandruala mi-a recomandat site-urile: https://cleste.ro https://www.optimusdigital.ro/ro/ https://thepihut.com Pentru sistem de operare este: https://retropie.org.uk/ Pentru rom-uri: https://mednafen.github.io/ http://www.easyroms.com http://coolrom.com https://romsmania.cc/ https://www.romulation.net/ https://www.emuparadise.me http://romhustler.net/ http://coolrom.com/ https://vimm.net/

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange. This attack is possible by default and while no patches are available at the point of writing, there are mitigations that can be applied to prevent this privilege escalation. This blog details the attack, some of the more technical details and mitigations, as well as releasing a proof-of-concept tool for this attack which I’ve dubbed “PrivExchange”. Read more s-ar incadra la tutoriale, cautati sursa dupa titlu, ceva cu .io Edit: https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

This tool was created during our research at Checkpoint Software Technologies on Whatsapp Protocol. Here is the link to our blog post: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/ The Extension: Source: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint

https://github.com/kaimi-io/php-eval-unpacker Articol in rusa, folositi Google Translate: https://kaimi.io/2012/04/php-generic-eval-unpacker/

Update: