Leaderboard

https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/

Bitdefender is proud to announce PwnThyBytes Capture The Flag – our competitive ethical hacking contest September 17, 2019 2 Min Read We hope you’ve all enjoyed your summer holidays, chilling out on the beach, seeing new places and recharging your batteries. Because this autumn we’ve prepared the first edition of PwnThyBytes CTF, a top-notch global computer security competition, which we hope will be a fun and challenging experience for everybody. The contest starts on September 28th and we’re hyped to give you a sneak peek at what to expect. Information security competitions, such as capture the flag (CTF) contests, have surged in popularity during the past decade. Think of them almost like e-sports for ethical hacking. In line with our mission to safeguard users’ data, we at Bitdefender host this event to bring together some of the most skilled teams around the world in areas such as Reverse Engineering, Binary Exploitation, Web Application Auditing, Computer Forensics Investigation, and Cryptography. We extend a warm invitation to everyone connected to or interested in computer security. Build up a team of friends or seasoned professionals, or even have at it by yourself if that’s your thing. Pit yourselves against the most seasoned security professionals on the CTF scene. Enjoy the experience of displaying your techniques, learning new skills, competing with kindred spirits, all for the chance of claiming the rewards and the glory that comes with them. Do you like delving deep into programs, websites, and anything related to computers? Do you like challenging yourself for the pleasure of improvement? Do you want to see just how good you are compared to the rest? If any of these questions strikes a nerve, click here to register. We look forward to seeing you showcase your skills! What do I need to know? Some skills/knowledge you’ll need throughout the competition: Systems programming and OS internals (Linux, Windows), executable formats knowledge (ELF, PE) Reverse Engineering: anti-reverse techniques, anti-debugging techniques, packers, obfuscation, kernel modules Architectures: X86, X86_64, ARM, Web Assembly Vulnerability analysis and exploitation of binaries Web Application Auditing Computer forensics Investigation: memory forensics, software defined radio, file system forensics Cryptography: symmetric, asymmetric, post-quantum schemes and general math skills Graph algorithms What are the prizes? 1st place: 2,048 € 2nd place: 1,024 € 3rd place: 512 € Sursa: https://labs.bitdefender.com/2019/09/bitdefender-is-proud-to-announce-pwnthybytes-capture-the-flag-our-competitive-ethical-hacking-contest/

https://www.gl.com/protocol-analyzer-for-wireless-and-ip-networks.html Schema

Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day. There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years. I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users. Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286). We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019. Now, after several months of careful analysis of almost every byte of every one of the exploit chains, I’m ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse. This post will include: detailed write-ups of all five privilege escalation exploit chains; a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time, and analysis by fellow team member Samuel Groß on the browser exploits used as initial entry points. Let’s also keep in mind that this was a failure case for the attacker: for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen. Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them. I hope to guide the general discussion around exploitation away from a focus on the the million dollar dissident and towards discussion of the marginal cost for monitoring the n+1'th potential future dissident. I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time. I recommend that these posts are read in the following order: iOS Exploit Chain #1 iOS Exploit Chain #2 iOS Exploit Chain #3 iOS Exploit Chain #4 iOS Exploit Chain #5 JSC Exploits Implant Teardown https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

Powershell-RAT - Official Link Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This piece of code is Fully UnDetectable (FUD) by Anti-Virus (AV) software. This project must not be used for illegal purposes or for hacking into system where you do not have permission, it is strictly for educational purposes and for people to experiment with. Any suggestions or ideas for this tool are welcome - just tweet me on @ManiarViral RAT Architecture Diagram Screenshot On the first run of the Powershell-RAT user will get options as below: Using Hail Mary option to backdoor a Windows machine: Successfully taking screenshots of the user activity: Data exfiltrated as an email attachment using Gmail:

Irelevanta varsta, eu am 18. Ca sa-ti raspund despre Vue, nu prea conteaza. Eu la interviuri (Si am dat destul de multe pana acum), nu am fost luat la intrebari despre framework-uri, ci mai mult au fost intrebari de Javascript Vanilla, ce mergeau mai deep. Eu zic sa parcurgi un curs basic de Javascript, si apoi sa pui mana si sa intelegi tot ce scrie in seria de carti You Don't Know JS. Ca sa-ti faci o idee, am enumarat mai jos cateva intrebari comune ce mi-au fost mie adresate pe la interviuri, unele la companii destul de maricele ( IBM de exemplu). - Diferenta dintre var/let/const - Ce este scoping/hoisting ( Aici am fost pus o data si sa explic la nivel de ce face interpretor-ul JS, am fost intrebat si de Temporal Dead Zone) - Keyword-ul 'this', 2 companii mi-au dat de rezolvat probleme bazate pe asta. Problemele constau in mai multe obiecte ce returnau propriul context, si poate mai faceau si alte treburi pe langa. Deveneau tot mai complexe pentru ca puteai sa ai 4-5 obiecte carora le este dat un alt context ca si parametru in constructor, si era destul de usor sa pierzi firul. - La toate am fost intrebat de Event Loop, la 1 una dintre ele am fost pus si sa fac o schema in care arat event loop-ul, aka cum ajunge ceva in stack, cum ajunge in task queue, webapis, de exemplu la asta putini stiu ca setTimeOut() si altele related, sunt parte din webapi, si nu vin din V8 Engine. Again, asta e si ea o chestie la care te puteau prinde destul de easy. - La absolut toate interviurile am fost intrebat intr-un fel sau altul de modul in care type-urile primitive si type-urile non-primitive sunt date catre alte treburi (ex, alea non-primitive sunt date dupa locatia din memoria in timp ce alea primitive sunt date direct ca si valoare), la una dintre firme am avut si o problema pe baza acestei reguli. - Am fost intrebat si de Redux foarte mult, dar asta pentru ca eu am aplicat pe pozitii de React in general. Intrebariile de Redux erau destul de banale si constau in a explica diferenta dintre un dispatch/action/reducer/store, aka efectiv sa vorbesti de tot ciclul prin care trece state-ul. -Am fost intrebat la toate interviurile de pana acum pe React, de ciclul de viata al unei componente. Again, din cate vezi in general intrebariile nu sunt bazate neaparat pe framework-uri, si chiar daca eu am aplicat pe pozitii ce erau specifice pentru anumite framework-uri era esential sa stii js si la nivel mai deep. Deci de asta zic sa nu te focusezi neaparat pe Vue ci mai mult pe Javascript in sine. Vue e fun, dar aici in orasul meu are un job market cam scazut, daca vrei job cat mai repede bagi tare JS si React. Poti sa-mi scrii daca vrei sa te ajut cu prepararea pentru interviuri

PyRDP - Official Link PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you can look at them later Run console commands or PowerShell payloads automatically on new connections RDP Player: See live RDP connections coming from the MITM View replays of RDP connections Take control of active RDP sessions while hiding your actions List the client's mapped drives and download files from them during active sessions RDP Certificate Cloner: Create a self-signed X509 certificate with the same fields as an RDP server's certificate We have used this tool as part of an RDP honeypot which records sessions and saves a copy of the malware dropped on our target machine. PyRDP was first introduced in a blogpost in which we demonstrated that we can catch a real threat actor in action. In May 2019 a presentation by its authors was given at NorthSec and two demos were performed. The first one covered credential logging, clipboard stealing, client-side file browsing and a session take-over. The second one covered the execution of cmd or powershell payloads when a client successfully authenticates. In August 2019, PyRDP was demo'ed at BlackHat Arsenal (slides).

Life is too short to bother with such small and meaningless things like a laptop. Buy an Acer and find perfection in imperfection!!!

File has expired and does not exist anymore on this server