Leaderboard

Am fost sunat de catre cineva de la compania de telecomunicatii si am patit acest lucru, dar asta se intampla de fiecare data, indiferent ca e vorba de un serviciu, o banca si mai stiu eu ce. Mi se par doua lucruri idioate: 1. Ma pune sa fiu de acord ca apelul sa fie inregistrat cand eu sunt cel apelat 2. Imi cere o data personala (sigur, nu CNP, lucruri mai marunte gen data nasterii) dar nu mi se pare normal sa le dau unei persoane la intamplare care ma suna Eu de obicei ii intreb si pe ei daca sunt de acord ca apelul sa fie inregistrat (desi nu fac asta) si sa imi confirme ca sunt de la serviciul respectiv si ca au anumite date despre mine. Uneori a mers. Problema e urmatoarea: majoritatea inchid (si se mai si supara pe mine ) si e posibil sa nu aflu lucruri utile. Am patit asta la banca, dar am avut noroc ca am primit si SMS. Voi ce parere aveti despre asta? Sunt prea paranoic? Voi ce faceti? Cum e din punct de vedere legal? Pe de-o parte inteleg ca imi protejeaza datele personale, pe de alta parte nu prea.

Nu s-a spart nici un cont, cel mai probabil au facut auth bypass. Era un post interesant pe linkedin care zicea diferenta dintre a raporta un bug printr-un program bug bounty si a profita in acest fel. Diferenta era undeva la cateva sute de mii de euro. (pe oauth bypass twitter da 7700 dolari, ceea ce si mie sincer mi se pare extrem de putin) Anyway, ma bucur ca au muscat-o, poate poate vor lua securitatea mai in serios (nu doar twitter).

pwncat pwncat is a raw bind and reverse shell handler. It streamlines common red team operations and all staging code is from your own attacker machine, not the target. After receiving a connection, pwncat will setup some common configurations when working with remote shells. Unset the HISTFILE environment variable to disable command history Normalize shell prompt Locate useful binaries (using which) Attempt to spawn a pseudoterminal (pty) for a full interactive session pwncat knows how to spawn pty's with a few different methods and will cross-reference the methods with the executables previously enumerated. After spawning a pty, it will setup the controlling terminal in raw mode, so you can interact in a similar fashion to ssh. pwncat will also synchronize the remote pty settings (such as rows, columns, TERM environment variable) with your local settings to ensure the shell behaves correctly. Features and Functionality pwncat provides two main features. At it's core, it's goal is to automatically setup a remote PseudoTerminal (pty) which allows interaction with the remote host much like a full SSH session. When operating in a pty, you can use common features of your remote shell such as history, line editing, and graphical terminal applications. The other half of pwncat is a framework which utilizes your remote shell to perform automated enumeration, persistence and privilege escalation tasks. The local pwncat prompt provides a number of useful features for standard penetration tests including: File upload and download Automated privilege escalation enumeration Automated privilege escalation execution Automated persistence installation/removal Automated tracking of modified/created files pwncat also offers the ability to revert these remote "tampers" automatically The underlying framework for interacting with the remote host aims to abstract away the underlying shell and connection method as much as possible, allowing commands and plugins to interact seamlessly with the remote host. You can learn more about interacting with pwncat and about the underlying framework in the documentation. If you have an idea for a new privilege escalation method or persistence method, please take a look at the API documentation specifically. Pull requests are welcome! Github Introducing Pwncat

Man of culture as well