Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 09/09/20 in all areas

  1. Deci nu imi vine sa cred, din ce zic la stiri au folosit preoxid de hidrogen 12% sau mai mare concentratie adica decolorant de par lasat la "macerat" in acetona de unghii din care se decanteaza pe fundul recipientului o pudra cristalina ca si zaharul, acea pudra este explozibilul folosit sa bubuie bancomatele. Astia au ajuns sa faca explozibil din orice...
    2 points
  2. RST Con va avea loc pe data de 20 noiembrie 2020 (vineri). Asteptam sugestii si in legatura cu "site-ul oficial": https://rstcon.com/ De asemenea asteptam aplicarile pentru prezentari.
    2 points
  3. Nytro pernutele acelea de Ariel despre care spuneam, contin un acid anume ce topesc unele elemente indiferent de euro dolari se observa clar la UV PS lirele sunt to de plastic
    2 points
  4. Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge. September marks the seventh month in a row Microsoft has shipped fixes for more than 100 flaws in its products, and the fourth month in a row that it fixed more than 120. Among the chief concerns for enterprises this month is CVE-2020-16875, which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019. An attacker could leverage the Exchange bug to run code of his choosing just by sending a booby-trapped email to a vulnerable Exchange server. Also not great for companies to have around is CVE-2020-1210, which is a remote code execution flaw in supported versions of Microsoft Sharepoint document management software that bad guys could attack by uploading a file to a vulnerable Sharepoint site. Security firm Tenable notes that this bug is reminiscent of CVE-2019-0604, another Sharepoint problem that’s been exploited for cybercriminal gains since April 2019. Microsoft fixed at least five other serious bugs in Sharepoint versions 2010 through 2019 that also could be used to compromise systems running this software. And because ransomware purveyors have a history of seizing upon Sharepoint flaws to wreak havoc inside enterprises, companies should definitely prioritize deployment of these fixes, says Alan Liska, senior security architect at Recorded Future. Todd Schell at Ivanti reminds us that Patch Tuesday isn’t just about Windows updates: Google has shipped a critical update for its Chrome browser that resolves at least five security flaws that are rated high severity. If you use Chrome and notice an icon featuring a small upward-facing arrow inside of a circle to the right of the address bar, it’s time to update. Completely closing out Chrome and restarting it should apply the pending updates. Once again, there are no security updates available today for Adobe’s Flash Player, although the company did ship a non-security software update for the browser plugin. The last time Flash got a security update was June 2020, which may suggest researchers and/or attackers have stopped looking for flaws in it. Adobe says it will retire the plugin at the end of this year, and Microsoft has said it plans to completely remove the program from all Microsoft browsers via Windows Update by then. Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for Windows updates to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Source
    1 point
  5. Dude, intelege, nu au ce sa fac0227 cu banii, sa presupunem ce a spus Pacalici, cum ca ar fi casetele sigilate, bun, dar banii de unde ies prin fantã? Au orificii pe unde se injecteaza "cerneala" in caz de bum Se leaga ai sa te confingi
    1 point
  6. Da, e vorba de o inflamatie la coloana vertebrala. Scria pe undeva ca "se mai intampla" la testarea vaccinurilor. Cipul are prea multi tranzistori si undele sale bio-electro-magnetice interfereaza cu undele encefalo-neurlogice transmise de catre coloana vertebrala in corp (acele mesaje de Keep-Alive intre coloana si organe pentru a determina downtime-ul unora). Un fel de Human Jammer acest cip... Mama, as fi bun de facut o mizerie dinaceea de site conspirationist, as face avere.
    1 point
  7. The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer. advisory-info: Windows: StorageFolder Marshaled Object Access Check Bypass EoP Windows: StorageFolder Marshaled Object Access Check Bypass EoP Platform: Windows 10 2004/1909 Class: Elevation of Privilege Security Boundary: AppContainer Summary: The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer. Description: When a StorageFolder object is passed between processes it's custom marshaled using the CStorageFolderProxy class (CLSID: a5183349-82de-4bfc-9c13-7d9dc578729c) in windows.storage.dll. The custom marshaled data contains three values, a standard marshaled OBJREF for a Proxy instance in the originating process, a standard marshaled OBJREF for the original CStorageFolder object and a Property Store. When the proxy is unmarshaled the CStorageFolderProxy object is created in the client process, this redirects any calls to the storage interfaces to the creating process's CStorageFolder instance. The CStorageFolder will check access based on the COM caller. However, something different happens if you call a method on the marshaled Proxy object. The call will be made to the original process's Proxy object, which will then call the real CStorageFolder method. The problem is the Proxy and the real object are running in different Apartments, the Proxy in the MTA and the real object in a STA. This results in the call to the real object being Cross-Apartment marshaled, this breaks the call context for the thread as it's not passed to the other apartment. As shown in a rough diagram. [ Client (Proxy::Call) ] => [Server [ MTA (Proxy::Call) ] => [ STA (Real::Call) ] ] As the call context is only captured by the real object this results in the real object thinking it's being called by the same process, not the AppContainer process. If the process hosting the StorageFolder is more privileged this can result in being able to read/write arbitrary files in specific directories. Note that CStorageFile is similarly affected, but I'm only describing CStorageFolder. In any case it's almost certainly the shared code which is a problem. I've no idea why the classes aren't using the FTM, perhaps they're not marked as Agile? If they were then the real object would be called directly and so would still be running in the original caller's context. Even if the FTM was enabled and the call context was maintained it's almost certainly possible to construct the proxy in a more privileged, but different process because of the asymmetric nature of the marshaling, invoke methods in that process which will always have to be performed out of process. Fixing wise, firstly I don't think the Proxy should ever end up standard marshaled to out of process callers, removing that might help. Also when a call is made to the real implementation perhaps you need to set a Proxy Blanket or enable dynamic cloaking and impersonate before the call. There does seem to be code to get the calling process handle as well, so maybe that also needs to be taken into consideration? This code looks like it's copied and pasted from SHCORE which is related to the bugs I've already reported. Perhaps the Proxy is not supposed to be passed back in the marshal code, but the copied code does that automatically? I'd highly recommend you look at any code which uses the same CFTMCrossProcClientImpl::_UnwrapStream code and verify they're all correct. Proof of Concept: I've provided a PoC as a C# project. The code creates an AppContainer process (using a temporary profile). It then uses the Partial Trust StorageFolderStaticsBrokered class, which is instantiated OOP inside a RuntimeBroker instance. The class allows opening a StorageFolder object to the AC profile's Temporary folder. The StorageFolderStaticsBrokered is granted access to any AC process as well as the \u"lpacAppExperience\u" capability which means it also works from Classic Edge LPAC. The PoC then uses the IStorageItem2::GetParentAsync method to walk up the directory hierarchy until it reaches %LOCALAPPDATA%. It can't go any higher than that as there seems to be some condition restriction in place, probably as it's the base location for package directories. The code then writes an arbitrary file abc.txt to the Microsoft sub-directory. Being able to read and write arbitrary files in the user's Local AppData is almost certainly enough to escape the sandbox but I've not put that much time into it. 1) Compile the C# project. It will need to grab the NtApiDotNet from NuGet to work. 2) Run the POC executable. Expected Result: Accessing files outside of the AppContainers directory is blocked. Observed Result: An arbitrary file is written to the %LOCALAPPDATA%\\Microsoft directory. This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2020-09-23. Disclosure at an earlier date is also possible if agreed upon by all parties. Related CVE Numbers: CVE-2020-0886. Found by: forshaw@google.com Download: GS20200908185407.tgz (18 KB) Source
    1 point
  8. Solutia e mult mai simpla. Ce cauti tu se numeste A.R.D.F. ( Amateur Radio Direction Finding) sau pe scurt Fox Hunting, o ramura a radioamatorismului. De ce ai nevoie. Un emitator si un receptor dotat cu un S metru, adica un indicator de semnal maxim analog sau digital. in cazul tau la iesire cuplezi un modul Arduino ce comanda robotul in cauza. Deasemeni si o antena foarte directiva. Pentru constructie iti recomand doua module RF pe 433 Mhz, le poti achizitiona de la magazinele de unde cumperi si modulul Arduino. La receptor adaugi o antena directiva, eu personal iti recomand sa folosesti un magnetic loop, sunt extrem de directive si usor de construit. Aici gasesti datele: https://www.google.com/search?q=70cm+band+magnetic+loop+antenna&oq=70cm+band+magnetic+loop+antenna&aqs=chrome..69i57.12239j0j7&sourceid=chrome&es_sm=122&ie=UTF-8 Tot ce trebuie sa faci e ca sa scrii un program ce mentine directia de deplasare a robotului pe semnalul maxim receptionat. Daca vrei date mai multe cauta pe un motor de cautare - Ham Radio ARDF Succes
    1 point
  9. UDP vs. TCP: A Quick Comparison Sep 7 2020 Some background you may or may not care about# I took a networking class in college. It wasn’t a great experience, as the professor was at the school really just to pursue research, leaving us peasant students to 5-question long exams, each 25% of our grade and with .05% of the content from 200+ long slide decks. Needless to say, it wasn’t a very useful class. So here I am, some number of years into my cybersecurity career, able to recognize and speak about different network protcols at fluctuating levels depending on the day. It’s time to change that. I want to understand, like really understand what’s going on. This blog post is going to cover some of the most fundamental concepts in the networking world: UDP and TCP, two transport-level protocols. UDP (User Datagram Protocol)# UDP is a connectionless, message-oriented protocol. It functions through the sending and receiving of packets without having to establish a connection between a client and server. As a result, once a message has been sent, there is no further communication with the message receiver. Additionally, the packets are not numbered. This means that packets are not guaranteed to arrive in order, or even to arrive at all. UDP does not wait for acklowedgement of message receipt, it simply yeets the message and moves on. Due to its connectionless nature, UDP is good for real-time information delivery. As messages are told to be transmitted, they are transmitted. Packets may be dropped due to lack of congestion control. Because the sender isn’t waiting for an ack, nor is the receiver going to send an ack, dropped packets will go unnoticed by both the client and server. This is okay in certain real-time examples, such as streaming. A momentary glitch will not deter a viewer. This also means that UDP is able to support broadcasting. Error checking in UDP occurs through a 16-bit checksum. The checksum is used as follows: the sender computes the checksum corresponding to the data being sent and stores it in the header; upon receipt, the receiver computes the checksum using the received data and compares it to the checksum in the header. It’s important to note that the checksum is mandatory in IPv6 but not IPv4. The UDP segment, or the data portion, of an IP packet includes an 8-byte header followed by variable length data. The header is composed as follows: The first 4 bytes of the header store the port numbers of the source and destination. The next 2 bytes of the header store the length of the UDP segment. The last 2 bytes of the header store the checksum. TCP/IP (Transmission Control Protocol)# TCP is a handshake-based, connection-oriented protocol. TCP provides a continuous flow of data through a manner of sending numbered packets which ensure correct receipt order. While this takes more time than UDP, which sends as instructed and receives as is, it makes TCP the more reliable transport protocol of the two. If packets are dropped, they can be recognized as missing and then retransmitted. The reliability provided by TCP makes it a choice protocol in situations requiring packet receipt acknowledgement and/or ensured packet delivery. However, this reliability and congestion control behavior comes at a cost of overhead. TCP is slower than UDP due to the latency created by establishing and maintaining connections. Checksum use is required by TCP, for both IPv4 and IPv6. This ensures error detection despite IP version. A TCP header is between 20 and 60 bytes. Like the UDP header, there are reserved bytes for the source and destination port numbers, there is also a field to store the amount of data to be transmitted during the session, and the checksum is included towards the end. The large quantity of additional header space, compared to UDP, is used to store information required to establish connections, maintain connections, and support the acknowledgements required for the reliability aspects (i.e. syn/ack behavior) of the protocol. TL;DR# UDP is the less reliable protocol, but can be used for real-time data delivery, including broadcasting, due to its constant stream of packet transmission. TCP is a more reliable but slower data transport protocol used for data transmission between two endpoints. It uses acknowledgements to confirm packet receipt. Both protocols support checksums, which should be utilized for error detection. Sursa: https://casey.is/blogging/udpvstcp/
    1 point
  10. Am tot auzit de acel lucru cu marcarea banilor, dar oare e pe bune? Nu cred ca s-ar mai face atatea astfel de porcarii daca ar fi. Banii sunt tinuti in casete, fiecare caseta cu un anumit tip de bancnota. Dar nu am vazut sa fie altceva pe acolo (am vazut bancomat deschis, de aproape sa zicem). PS: Mai e un mit conform careia "Brrrrr"-ul acela cand sunt adusi banii ar fi doar un MP3, are cineva idee? De fapt asta e singura mea reala curiozitate legata de ATM-uri
    1 point
  11. Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more. Dependency Walker (depends.exe) Home Page
    1 point
×
×
  • Create New...