Leaderboard

Sa moara Kev Bibi daca stiu. Dar pot sa-ti spun intr-un PM numele ei daca esti interesat.

PCAP-ATTACK Container of PCAP captures mapped to the relevant attack tactic. Files Directory of \PCAP-ATTACK-master 10/09/2020 11:37 AM <DIR> . 10/09/2020 11:37 AM <DIR> .. 09/25/2020 10:52 AM <DIR> Command and Control 09/25/2020 10:52 AM <DIR> CredAccess 09/25/2020 10:52 AM <DIR> Discovery 09/25/2020 10:52 AM <DIR> Evasion 09/25/2020 10:52 AM <DIR> Lateral Movement 09/25/2020 10:52 AM <DIR> PrivEsc 09/25/2020 10:52 AM 80 README.md 2 File(s) 80 bytes Directory of \PCAP-ATTACK-master\Command and Control 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 36,173 cmds over dns txt queries and reponses.pcap 09/25/2020 10:52 AM 4,975,932 rdp_tunneling_meterpreter_portfwd.pcapng 2 File(s) 5,012,105 bytes Directory of \PCAP-ATTACK-master\CredAccess 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 11,060 CA_kerbrute_passwordspray_kerberos_AS-REQ.pcapng 09/25/2020 10:52 AM 16,596 CA_LM_SpoolSample_SMB_BiAuth.pcapng 09/25/2020 10:52 AM 11,340 CA_masterkey_rpc_protectedstorage.pcapng 09/25/2020 10:52 AM 5,424 CredAccess_BackupMasterKey_LSARPC_43_RetrievePrivateData.pcapng 09/25/2020 10:52 AM 25,940 DCShadow_add_primarygroupid_512_to_std_account.pcapng 09/25/2020 10:52 AM 11,024 DCSync_krbtgt_dcerpc_smb.pcapng 09/25/2020 10:52 AM 18,980 Remote_Pwd_Reset_RPC_Admin_Mimikatz_PostZeroLogon.pcapng 7 File(s) 100,364 bytes Directory of \PCAP-ATTACK-master\Discovery 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 11,004 Discovery_dcerp_srvsvc_NetShareEnum.pcapng 09/25/2020 10:52 AM 47,148 Discovery_impacket_rpcdump.pcapng 09/25/2020 10:52 AM 14,132 Discovery_privgroups_domain_admins_samr_lookupnames_req.pcapng 09/25/2020 10:52 AM 96,300 Discovery_PsLoggedOn_remotelocalusers_enum_winreg_lsarpc_dcerpc_smb.pcapng 09/25/2020 10:52 AM 152,444 discovery_scan_dcerpc_endpoint_mapper.pcapng 5 File(s) 321,028 bytes Directory of \PCAP-ATTACK-master\Evasion 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 7,824 DE_byt3bl33d3r_remote_eventservice_crash.pcapng 1 File(s) 7,824 bytes Directory of \PCAP-ATTACK-master\Lateral Movement 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 811,252 CVE-2020-1472_Zerologon_RPC_NetLogon_NullChallenge_SecChan_6_from_nonDC_to_DC.pcapng 09/25/2020 10:52 AM 70,940 Exploit_DoS_cve-2020-1350_dns_sig_maxspl0it.pcapng 09/25/2020 10:52 AM 19,188 LM_dcom_mmc20.application_dcerpc.pcapng 09/25/2020 10:52 AM 13,500 lm_mimikazt_skeleton_kerberos_rc4_etype.pcapng 09/25/2020 10:52 AM 207,816 LM_psexec_smb_dcerpc_epm_svcctl.pcapng 09/25/2020 10:52 AM 267,732 LM_rdp_sharprdp.pcapng 09/25/2020 10:52 AM 22,088 LM_smbexec_smb_dcerpc_svcctl_epm.pcapng 09/25/2020 10:52 AM 109,992 LM_WMI_ProcessCallCreate.pcapng 09/25/2020 10:52 AM 73,776 zerologon_mimikatz_ntlm_privacy_scan_and_exploit_encrypted.pcapng 9 File(s) 1,596,284 bytes Directory of \PCAP-ATTACK-master\PrivEsc 09/25/2020 10:52 AM <DIR> . 09/25/2020 10:52 AM <DIR> .. 09/25/2020 10:52 AM 2,364 CVE-2020-0796_SMBGhost_PrivEsc_Loopback_traffic.pcapng 1 File(s) 2,364 bytes Total Files Listed: 27 File(s) 7,040,049 bytes 20 Dir(s) 22,506,397,696 bytes free Download PCAP-ATTACK-master.zip or git clone https://github.com/sbousseaden/PCAP-ATTACK.git Source

Alege-ti de la inceput o latura pe care vrei sa mergi mai departe, pentru ca domeniul de cyber security se imparte in multe categorii, precum: - sysadmin - pentesting - identity management admin - network admin - etc. Din propria experienta, din identity management (un domeniu relativ nou in Romania), poti invata multe si poti pleca usor in afara la companii fortune 500 dupa ce castigi unul, doi, trei ani de experienta.

Salut, daca vrei sa lucrezi pe viitor in domeniul security, cauta-ti de la inceput un job pe latura asta. In prezent apar din ce in ce mai multe job-uri si in acest domeniu in Romania. Incearca sa gasesti ceva platit, chiar daca pe salariu nu foarte mare. Pana la urma nu faci voluntariat la companii care fac milioane de dolari.

am mai gasit un lucru cu ajutorul programului ProcessExplorer... acest program doar ofera parola, pentru a extrage fisierele, iTunes face totul pentru restaurarea dispozitivelor de la apple. Iar executabilul necesar pentru restaurare este AppleMobileDevicesService.exe in toate programele de monitorizare apare foarte putin acest mfc ... totul face iTunes cu dll.urile lui ... Acum totul sta in a gasi unde este parola sau cum face sa le dezarhiveze EDIT: din monitorizarea retelei. apare un apel TCP catre un ip, pe wireshark apare criptata aceasta comunicare

Cand m-am angajat eu pe 1600 RON am cautat ceva si stiam bine mai multe limbaje de programare cu proiecte in portofoliu. Si mai stiam si lucruri de security, pe langa ceva networking, Linux si altele (mi-a placut sa invat citind carti, inca imi place asta). Am aplicat la vreo 80 de firme si am fost la vreo 10-15 interviuri. Nu a fost deloc usor, cum ma asteptam si ma asteptam si la mai mult din punct de vedere financiar din cauza unor povesti auzite, dar realitatea m-a lovit. Insa am prins intr-un loc foarte OK pe ceea ce imi placea (pe langa security) la acel moment: C/C++ (nu existau job-uri pe security atunci, sau nu stiam eu de ele). Ce vreau eu sa fac zicandu-va aceste lucruri e sa va aduc cu picioarele pe pamant. Ca va duceti la interviuri, cereti 2000 de EUR si rad aia de voi. Chiar daca ati invatat ceva prin facultate, nu e atat de util in practica cum v-ati astepta. Security nu se face in facultate, deci un maxim 10-15% utilitate in faptul ca aveti o diploma. Daca mergeti pe programare nu veti stii decat limbajul si maxim ati avea 2-3 proiectele care nu se compara cu proiectele Enterprise cu tone de framework-uri si module care se leaga intre ele. Altfel spus, pentru angajatori, fara experienta, valoarea nu este extrem de mare si de aceea nici nu pot da salarii foarte mari din prima. Veti creste treptat, mai rapid la inceput si mai greu ulterior, dar aveti nevoie de rabdare. Legat de salariu, ganditi-va asa: daca ati fi angajatori si ar veni o persoana ca voi la interviu ce salariu i-ati da? Cred ca mai important decat salariul de inceput sunt alte lucruri: sa te asiguri ca ai colegi OK si ca poti invata de la ei. Sa te asiguri ca e interesant ce face firma ca sa nu lucrezi cu scarba. Sa te asiguri ca proiectele sunt frumoase si ca lucrand la ele vei invata multe lucruri. Si sa va ganditi foarte bine cand alegeti domeniul: ai ales Java? Probabil o sa mergi pe Java toata viata (desi nu e tocmai obligatoriu, va fi destul de greu sa faceti pe viitor o schimbare, mai ales din punct de vedere financiar).

Salut! Doar ce am terminat facultatea de cibernetica si am prins un post de internship pe Securitatea Informatiei. Vreau sa invat mai mult, mi se pare interesant domeniul de ethical hacking, pentest etc. dar nu stiu de unde sa incep. Din ce am citit as avea nevoie de ceva cunostinte de Linux, Python, C++ etc. Puteti sa imi dati ceva sfaturi/materiale de inceput? (orice ajutor e binevenit) Mersi.

Salut si felicitari! In primul rand invata ceea ce ai nevoie la internship. O sa te ajute acolo si probabil te pot ajuta mult colegii. Apoi, sfatul meu general e sa inveti cate putin din fiecare: Windows, Linux, Programare, Networking (inclusiv protocoale, in special HTTP), putina criptografie, mobile si SQL nu strica desigur. Abia ulterior poti invata despre atacuri, vulerabilitati si mai stiu eu ce cand ai deja bazele si intelegi cum functioneaza lucrurile.

Da, asta era, din cate am inteles practic ruleaza programul si face dump la procesul neobfuscat. BTW, imi poti da si mie executabilul pe privat?

Cu Ghidra poti face reverse eng destul de ok. Uite un exemplu cu un criptolocker nulled:

Compania pq.hosting este la noi la colocare.

@M4T3! la o platforma avem o arhitectura pentru 1 server de productie, unul de UAT si unul de DEV la Google Cloud. Au uptime 100% din 2017. Factura anuala era peste £100k. Iti dau datele de contact la Account Manager? #pulencurdecarevrei 😁

E al 8 lea tichet in 8 luni, anteriorul a fost acum 3 saptamani... nu mai aveam rabdare sa detaliez

Normal nu ma bag in treburile altora. Ai doua site-uri acolo sau mai multe (doua ai specificat mai sus). Cel static (cu html), iti functiona fara probleme, iar cel dinamic (pe platforma wordpress) nu se putea conecta la baza de date (lucru care il vad si acum). Nefiind vorba de un serviciu cu administrare, atunci suportul functioneaza "best effort" si este la discretia furnizorului. Din punctul lui de vedere, lucrurile stau cam asa: - Serverul este UP - Conectivitatea este OK. Serviciile sunt treaba ta. Intra, verifica ce incarcare au procesele de pe server, verifica log-urile sa vezi de ce iti crapa MySQL si pune jucariile la punct. Cand cumperi un server, fie el virtual sau fizic, fara administrare inclusa, omul nu sta sa-ti faca management, si mai ales, nu la comanda. VPS-ul costa 4 euro lunar, iar o ora de administrare servere, costa minim 80 de euro, fie el si cel mai palmas sysadmin. Pune mana pe telefon, suna-l pe om si vorbeste cu el. E usor sa-ti puna un process watcher cu alerte pe acel VPS si sa intervina in caz de nevoie. Platesti ceva extra si ai o siguranta ca serviciul iti va functiona. Intreaba ce probleme sunt si ce-ti recomanda. E posibil ca ce ai, sa nu fie suficient pentru nevoile tale. O alta chestie: Cand deschizi un ticket de suport sau intrebi ceva tehnic pe un forum, incearca sa dai cat mai multe detalii despre problema cu care te confrunti. "Iar nu merge site-ul" nu este suficient. Incearca ceva de genul: Hai ca nu e greu. Pe bune. Daca nu te descurci sa formulezi o intrebare, lasa site-urile si apuca-te de pus gresie si faianta.

La vps de 4 euro pe luna, e cam treaba ta cum configurezi vps-ul si daca iti merge sau nu site-ul, poti sa le bati obrazul la baieti doar daca pica vps-ul din vina lor. Daca iti iei vps din alta parte, nu intereseaza pe nimeni ca nu iti merge site-ul atat timp cat vps-ul nu e "managed".

Buna, forumul meu este games4all . ro si as vrea daca se poate sa imi dati un atac flood sa vad daca rezista. Multumesc

Nu rezista nimic. De unde veniti cu ideile astea. Totul tine de volum si pana la urma iti taie hostingul chiar furnizorul tau. Daca nu o face el, e posibil ca si la randul lui sa fie blocat prin providerii lui. Daca-ti vin in mufa 50 gbps doua zile, pentru un client care plateste 15 euro lunar, iti convine? Furnizorii mari platesc 400-600 euro pe 1gbps si e 95th percentile.

Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalation: Writeup + POC By ZecOps Research Team | March 31, 2020 SHARE THIS ARTICLE 1.5k Shares 240 795 37 Introduction CVE-2020-0796 is a bug in the compression mechanism of SMBv3.1.1, also known as “SMBGhost”. The bug affects Windows 10 versions 1903 and 1909, and it was announced and patched by Microsoft about three weeks ago. Once we heard about it, we skimmed over the details and created a quick POC (proof of concept) that demonstrates how the bug can be triggered remotely, without authentication, by causing a BSOD (Blue Screen of Death). A couple of days ago we returned to this bug for more than just a remote DoS. The Microsoft Security Advisory describes the bug as a remote code execution (RCE) vulnerability, but there is no public POC that demonstrates RCE through this bug. Initial Analysis The bug is an integer overflow bug that happens in the Srv2DecompressData function in the srv2.sys SMB server driver. Here’s a simplified version of the function, with the irrelevant details omitted: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 typedef struct _COMPRESSION_TRANSFORM_HEADER { ULONG ProtocolId; ULONG OriginalCompressedSegmentSize; USHORT CompressionAlgorithm; USHORT Flags; ULONG Offset; } COMPRESSION_TRANSFORM_HEADER, *PCOMPRESSION_TRANSFORM_HEADER; typedef struct _ALLOCATION_HEADER { // ... PVOID UserBuffer; // ... } ALLOCATION_HEADER, *PALLOCATION_HEADER; NTSTATUS Srv2DecompressData(PCOMPRESSION_TRANSFORM_HEADER Header, SIZE_T TotalSize) { PALLOCATION_HEADER Alloc = SrvNetAllocateBuffer( (ULONG)(Header->OriginalCompressedSegmentSize + Header->Offset), NULL); If (!Alloc) { return STATUS_INSUFFICIENT_RESOURCES; } ULONG FinalCompressedSize = 0; NTSTATUS Status = SmbCompressionDecompress( Header->CompressionAlgorithm, (PUCHAR)Header + sizeof(COMPRESSION_TRANSFORM_HEADER) + Header->Offset, (ULONG)(TotalSize - sizeof(COMPRESSION_TRANSFORM_HEADER) - Header->Offset), (PUCHAR)Alloc->UserBuffer + Header->Offset, Header->OriginalCompressedSegmentSize, &FinalCompressedSize); if (Status < 0 || FinalCompressedSize != Header->OriginalCompressedSegmentSize) { SrvNetFreeBuffer(Alloc); return STATUS_BAD_DATA; } if (Header->Offset > 0) { memcpy( Alloc->UserBuffer, (PUCHAR)Header + sizeof(COMPRESSION_TRANSFORM_HEADER), Header->Offset); } Srv2ReplaceReceiveBuffer(some_session_handle, Alloc); return STATUS_SUCCESS; } The Srv2DecompressData function receives the compressed message which is sent by the client, allocates the required amount of memory, and decompresses the data. Then, if the Offset field is not zero it copies the data that is placed before the compressed data as is to the beginning of the allocated buffer. If we look carefully, we can notice that lines 20 and 31 can lead to an integer overflow for certain inputs. For example, most POCs that appeared shortly after the bug publication and crashed the system just used the 0xFFFFFFFF value for the Offset field. Using the value 0xFFFFFFFF triggers an integer overflow on line 20, and as a result less bytes are allocated. Later, it triggers an additional integer overflow on line 31. The crash happens due to a memory access at the address calculated in line 30, far away from the received message. If the code verified the calculation at line 31, it would bail out early since the buffer length happens to be negative and cannot be represented, and that makes the address itself on line 30 invalid as well. Choosing what to overflow There are only two relevant fields that we can control to cause an integer overflow: OriginalCompressedSegmentSize and Offset, so there aren’t that many options. After trying several combinations, the following combination caught our eye: what if we send a legit Offset value and a huge OriginalCompressedSegmentSize value? Let’s go over the three steps the code is going to execute: Allocate: The amount of allocated bytes will be smaller than the sum of both fields due to the integer overflow. Decompress: The decompression will receive a huge OriginalCompressedSegmentSize value, treating the target buffer as practically having limitless size. All other parameters are unaffected thus it will work as expected. Copy: If it’s ever going to be executed (will it?), the copy will work as expected. Whether or not the Copy step is going to be executed, it already looks interesting – we can trigger an out of bounds write on the Decompress stage since we managed to allocate less bytes then necessary on the Allocate stage. As you can see, using this technique we can trigger an overflow of any size and content, which is a great start. But what is located beyond our buffer? Let’s find out! Diving into SrvNetAllocateBuffer To answer this question, we need to look at the allocation function, in our case SrvNetAllocateBuffer. Here is the interesting part of the function: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 PALLOCATION_HEADER SrvNetAllocateBuffer(SIZE_T AllocSize, PALLOCATION_HEADER SourceBuffer) { // ... if (SrvDisableNetBufferLookAsideList || AllocSize > 0x100100) { if (AllocSize > 0x1000100) { return NULL; } Result = SrvNetAllocateBufferFromPool(AllocSize, AllocSize); } else { int LookasideListIndex = 0; if (AllocSize > 0x1100) { LookasideListIndex = /* some calculation based on AllocSize */; } SOME_STRUCT list = SrvNetBufferLookasides[LookasideListIndex]; Result = /* fetch result from list */; } // Initialize some Result fields... return Result; } We can see that the allocation function does different things depending on the required amount of bytes. Large allocations (larger than about 16 MB) just fail. Medium allocations (larger than about 1 MB) use the SrvNetAllocateBufferFromPool function for the allocation. Small allocations (the rest) use lookaside lists for optimization. Note: There’s also the SrvDisableNetBufferLookAsideList flag which can affect the functionality of the function, but it’s set by an undocumented registry setting and is disabled by default, so it’s not very interesting. Lookaside lists are used for effectively reserving a set of reusable, fixed-size buffers for the driver. One of the capabilities of lookaside lists is to define a custom allocation/free functions which will be used for managing the buffers. Looking at references for the SrvNetBufferLookasides array, we found that it’s initialized in the SrvNetCreateBufferLookasides function, and by looking at it we learned the following: The custom allocation function is defined as SrvNetBufferLookasideAllocate, which just calls SrvNetAllocateBufferFromPool. 9 lookaside lists are created with the following sizes, as we quickly calculated with Python: >>> [hex((1 << (i + 12)) + 256) for i in range(9)] [‘0x1100’, ‘0x2100’, ‘0x4100’, ‘0x8100’, ‘0x10100’, ‘0x20100’, ‘0x40100’, ‘0x80100’, ‘0x100100’] It matches our finding that allocations larger than 0x100100 bytes are allocated without using lookaside lists. The conclusion is that every allocation request ends up in the SrvNetBufferLookasideAllocate function, so let’s take a look at it. SrvNetBufferLookasideAllocate and the allocated buffer layout The SrvNetBufferLookasideAllocate function allocates a buffer in the NonPagedPoolNx pool using the ExAllocatePoolWithTag function, and then fills some of the structures with data. The layout of the allocated buffer is the following: The only relevant parts of this layout for the scope of our research are the user buffer and the ALLOCATION_HEADER struct. We can see right away that by overflowing the user buffer, we end up overriding the ALLOCATION_HEADER struct. Looks very convenient. Overriding the ALLOCATION_HEADER struct Our first thought at this point was that due to the check that follows the SmbCompressionDecompress call: if (Status < 0 || FinalCompressedSize != Header->OriginalCompressedSegmentSize) { SrvNetFreeBuffer(Alloc); return STATUS_BAD_DATA; } SrvNetFreeBuffer will be called and the function will fail, since we crafted OriginalCompressedSegmentSize to be a huge number, and FinalCompressedSize is going to be a smaller number which represents the actual amount of decompressed bytes. So we analyzed the SrvNetFreeBuffer function, managed to replace the allocation pointer to a magic number, and waited for the free function to try and free it, hoping to leverage it later for use-after-free or similar. But to our surprise, we got a crash in the memcpy function. That has made us happy, since we didn’t hope to get there at all, but we had to check why it happened. The explanation can be found in the implementation of the SmbCompressionDecompress function: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 NTSTATUS SmbCompressionDecompress( USHORT CompressionAlgorithm, PUCHAR UncompressedBuffer, ULONG UncompressedBufferSize, PUCHAR CompressedBuffer, ULONG CompressedBufferSize, PULONG FinalCompressedSize) { // ... NTSTATUS Status = RtlDecompressBufferEx2( ..., FinalUncompressedSize, ...); if (Status >= 0) { *FinalCompressedSize = CompressedBufferSize; } // ... return Status; } Basically, if the decompression succeeds, FinalCompressedSize is updated to hold the value of CompressedBufferSize, which is the size of the buffer. This deliberate update of the FinalCompressedSize return value seemed quite suspicious for us, since this little detail, together with the allocated buffer layout, allows for a very convenient exploitation of this bug. Since the execution continues to the stage of copying the raw data, let’s review the call once again: memcpy( Alloc->UserBuffer, (PUCHAR)Header + sizeof(COMPRESSION_TRANSFORM_HEADER), Header->Offset); The target address is read from the ALLOCATION_HEADER struct, the one that we can override. The content and the size of the buffer are controlled by us as well. Jackpot! Write-what-where in the kernel, remotely! Remote write-what-where implementation We did a quick implementation of a Write-What-Where CVE-2020-0796 Exploit in Python, which is based on the CVE-2020-0796 DoS POC of maxpl0it. The code is fairly short and straightforward. Local Privilege Escalation Now that we have the write-what-where exploit, what can we do with it? Obviously we can crash the system. We might be able to trigger remote code execution, but we didn’t find a way to do that yet. If we use the exploit on localhost and leak additional information, we can use it for local privilege escalation, as it was already demonstrated to be possible via several techniques. The first technique we tried was proposed by Morten Schenk in his Black Hat USA 2017 talk. The technique involves overriding a function pointer in the .data section of the win32kbase.sys driver, and then calling the appropriate function from user mode to gain code execution. j00ru wrote a great writeup about using this technique in WCTF 2018, and provided his exploit source code. We adjusted it for our write-what-where exploit, but found out that it doesn’t work since the thread that handles the SMB messages is not a GUI thread. Due to this, win32kbase.sys is not mapped, and the technique is not relevant (unless there’s a way to make it a GUI thread, something we didn’t research). We ended up using the well known technique covered by cesarcer in 2012 in his Black Hat presentation Easy Local Windows Kernel Exploitation. The technique is about leaking the current process token address by using the NtQuerySystemInformation(SystemHandleInformation) API, and then overriding it, granting the current process token privileges that can then be used for privilege escalation. The Abusing Token Privileges For EoP research by Bryan Alexander (dronesec) and Stephen Breen (breenmachine) (2017) demonstrates several ways of using various token privileges for privilege escalation. We based our exploit on the code that Alexandre Beaulieu kindly shared in his Exploiting an Arbitrary Write to Escalate Privileges writeup. We completed the privilege escalation after modifying our process’ token privileges by injecting a DLL into winlogon.exe. The DLL’s whole purpose is to launch a privileged instance of cmd.exe. Our complete Local Privilege Escalation Proof of Concept can be found here and is available for research / defensive purposes only. Summary We managed to demonstrate that the CVE-2020-0796 vulnerability can be exploited for local privilege escalation. Note that our exploit is limited for medium integrity level, since it relies on API calls that are unavailable in a lower integrity level. Can we do more than that? Maybe, but it will require more research. There are many other fields that we can override in the allocated buffer, perhaps one of them can help us achieve other interesting things such as remote code execution. POC Source Code Remediation We recommend updating servers and endpoints to the latest Windows version to remediate this vulnerability. If possible, block port 445 until updates are deployed. Regardless of CVE-2020-0796, we recommend enabling host-isolation where possible. It is possible to disable SMBv3.1.1 compression in order to avoid triggers to this bug, however we recommend to do full update instead if possible. Sursa: https://blog.zecops.com/vulnerabilities/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/

Dacă ții neapărat să fie românesc, https://hosterion.ro/ Dacă nu, https://www.hetzner.com/ sunt foarte calitativi și la prețuri ok.

https://pq.hosting/en/vps https://looking.house/company.php?id=105 ?

Pai dai daca tot zici ca poti