Leaderboard
Popular Content
Showing content with the highest reputation on 10/25/20 in all areas
-
Nmap Automator – a tool I used during OSCP for simple recon Attribution nmapAutomator A script that you can run in the background! Summary I have created this script as I was preparing for my OSCP exam. The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing. This will ensure two things: 1) Automate nmap scans. 2) Always have some recon running in the background. Once you find the inital ports in around 10 seconds, you then can start manually looking into those ports, and let the rest run in the background with no interaction from your side whatsoever. Features: Quick: Shows all open ports quickly (~15 seconds) Basic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes) UDP: Runs "Basic" on UDP ports (~5 minutes) Full: Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes) Vulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes) Recon: Runs "Basic" scan "if not yet run", then suggests recon commands "i.e. gobuster, nikto, smbmap" based on the found ports, then prompts to automatically run them All: Runs all the scans consecutively (~20-30 minutes) I tried to make the script as efficient as possible, so that you would get the results as fast as possible, without duplicating any work. Feel free to send your pull requests and contributions Requirements: Required: Gobuster v3.0 or higher, as it is not backward compatible. You can update gobuster on kali using: apt-get update apt-get install gobuster --only-upgrade Other Recon tools used within the script include: nmap Vulners sslscan nikto joomscan wpscan droopescan smbmap enum4linux dnsrecon odat Examples of use: ./nmapAutomator.sh <TARGET-IP> <TYPE> ./nmapAutomator.sh 10.1.1.1 All ./nmapAutomator.sh 10.1.1.1 Basic ./nmapAutomator.sh 10.1.1.1 Recon If you want to use it anywhere on the system, create a shortcut using: ln -s /PATH-TO-FOLDER/nmapAutomator.sh /usr/local/bin/ TODO features list pull requests are more than welcome Support DNS resolution "use of urls/domains instead of IPs" Properly identify url extensions "testing index extensions for code 200" Add more port-based automatic recon options Add an nmap progress bar2 points
-
Facebook Launches Pysa – Instagram Security Tool – As Open Source Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code. Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications. Please refer to our documentation to get started with our security analysis. Requirements To get started, you need Python 3.6 or later and watchman working on your system. On MacOS you can get everything with homebrew: $ brew install python3 watchman On Ubuntu, Mint, or Debian; use apt-get: $ sudo apt-get install python3 python3-pip watchman We tested Pyre on Ubuntu 16.04 LTS, CentOS 7, as well as OSX 10.11 and later. Setting up a Project We start by creating an empty project directory and setting up a virtual environment: $ mkdir my_project && cd my_project $ python3 -m venv ~/.venvs/venv $ source ~/.venvs/venv/bin/activate (venv) $ pip install pyre-check Next, we teach Pyre about our new project: (venv) $ pyre init This command will set up a configuration for Pyre (.pyre_configuration) as well as watchman (.watchmanconfig) in your project's directory. Accept the defaults for now – you can change them later if necessary. Running Pyre We are now ready to run Pyre: (venv) $ echo "i: int = 'string'" > test.py (venv) $ pyre ƛ Found 1 type error! test.py:1:0 Incompatible variable type [9]: i is declared to have type `int` but is used as type `str`. This first invocation will start a daemon listening for filesystem changes – type checking your project incrementally as you make edits to the code. You will notice that subsequent invocations of pyre will be faster than the first one. For more detailed documentation, see https://pyre-check.org. Join the Pyre community See CONTRIBUTING.md for how to help out. License Pyre is licensed under the MIT license.1 point
-
1 point
-
1 & 2 checked. Pt astazi: Werder - Hoffenheim -> > 1.5 rep. 2 De Minaur - Hubert -> De Minaur -2 .5 Sugerez sa se mai trezeasca una doua persoane sa mai posteze cate ceva. Asa ar fi frumos.1 point
-
Microsoft has unveiled a new open-source "matrix" that hopes to identify all the existing attacks that threaten the security of machine learning applications. Image: securitylab.ru Microsoft and non-profit research organization MITRE have joined forces to accelerate the development of cyber-security's next chapter: to protect applications that are based on machine learning and are at risk of new adversarial threats. The two organizations, in collaboration with academic institutions and other big tech players such as IBM and Nvidia, have released a new open-source tool called the Adversarial Machine Learning Threat Matrix. The framework is designed to organize and catalogue known techniques for attacks against machine learning systems, to inform security analysts and provide them with strategies to detect, respond and remediate against threats. The matrix classifies attacks based on criteria related to various aspects of the threat, such as execution and exfiltration, but also initial access and impact. To curate the framework, Microsoft and MITRE's teams analyzed real-world attacks carried out on existing applications, which they vetted to be effective against AI systems. With AI systems increasingly underpinning our everyday lives, the tool seems timely. From finance to healthcare, through defense and critical infrastructure, the applications of machine learning have multiplied in the past few years. But MITRE's researchers argue that while eagerly accelerating the development of new algorithms, organizations have often failed to scrutinize the security of their systems. Surveys increasingly point to the lack of understanding within industry of the importance of securing AI systems against adversarial threats. Companies like Google, Amazon, Microsoft and Tesla, in fact, have all seen their machine learning systems tricked in one way or the other in the past three years. Algorithms are prone to mistakes, therefore, and especially so when they are influenced by the malicious interventions of bad actors. In a separate study, a team of researchers recently ranked the potential criminal applications that AI will have in the next 15 years; among the list of highly-worrying prospects, was the opportunity for attack that AI systems constitute when algorithms are used in key applications like public safety or financial transactions. As MITRE and Microsoft's researchers note, attacks can come in many different shapes and forms. Threats go all the way from a sticker placed on a sign to make an automated system in a self-driving car make the wrong decision, to more sophisticated cybersecurity methods going by specialized names, like evasion, data poisoning, trojaning or backdooring. Centralizing the various aspects of all the methods that are known to effectively threaten machine learning applications in a single matrix, therefore, could go a long way in helping security experts prevent future attacks on their systems. MITRE's researchers are hoping to gather more information from ethical hackers, thanks to a well-established cybersecurity method known as red teaming. The idea is to have teams of benevolent security experts finding ways to crack vulnerabilities ahead of bad actors, to feed into the existing database of attacks and expand overall knowledge of the possible threats. Microsoft and MITRE both have their own Red Teams, and they have already demonstrated some of the attacks that were used to feed into the matrix as it is. They include, for example, evasion attacks on machine-learning models, which can modify the input data to induce targeted misclassification. Via zdnet.com1 point
-
1 point
-
film; toate sunt obligate sa cotizeze pentru campanie. fiind institutii publice, numirile sunt politice. se intampla oricand e nevoie de bani la buget pentru a indeplini diferite cerinte, sarcini, nevoi ale unora.. anaf e destul de slaba dpdv meu, ca sa functioneze cum trebuie, sa duca la capat scopul lor, au mult de munca. personalul este imbatranit sau fara experienta, munca de roboti in mare parte si muuulta birocratie. de controale ii las pe altii sa vb, nu am nimic. pe ce nisa ai afacerea?1 point
-
This app allows you to simulate how any origami crease pattern will fold. It may look a little different from what you typically think of as "origami" - rather than folding paper in a set of sequential steps, this simulation attempts to fold every crease simultaneously. It does this by iteratively solving for small displacements in the geometry of an initially flat sheet due to forces exerted by creases. You can read more about it in our paper: Fast, Interactive Origami Simulation using GPU Computation by Amanda Ghassaei, Erik Demaine, and Neil Gershenfeld (7OSME) All simulation methods were written from scratch and are executed in parallel in several GPU fragment shaders for fast performance. The solver extends work from the following sources: Origami Folding: A Structural Engineering Approach by Mark Schenk and Simon D. Guest Freeform Variations of Origami by Tomohiro Tachi Built by Amanda Ghassaei as a final project for Geometric Folding Algorithms. Code available on Github. If you have interesting crease patterns that would make good demo files, please send them to me (Amanda) so I can add them to the Examples menu. My email address is on my website. Thanks! Instructions: Slide the Fold Percent slider to control the degree of folding of the pattern (100% is fully folded, 0% is unfolded, and -100% is fully folded with the opposite mountain/valley assignments). Drag to rotate the model, scroll to zoom. Import other patterns under the Examples menu. Upload your own crease patterns in SVG or FOLD formats, following these instructions. Export FOLD files or 3D models ( STL or OBJ ) of the folded state of your design ( File > Save Simulation as... ). Visualize the internal strain of the origami as it folds using the Strain Visualization in the left menu of the Advanced Options. If you are working from a computer connected to a VR headset and hand controllers, follow these instructions to use this app in an interactive virtual reality mode. External Libraries: All rendering and 3D interaction done with three.js path-data-polyfill helps with SVG path parsing FOLD is used as the internal data structure, methods from the FOLD API used for SVG parsing Arbitrary polygonal faces of imported geometry are triangulated using the Earcut Library Portability to multiple VR controllers by THREE.VRController.js VR GUI by dat.guiVR numeric.js for linear algebra operations FileSaver for client-side file saving GIF and WebM video export uses CCapture jQuery, Bootstrap, and the Flat UI theme used to build the regular GUI You can find additional information in our 7OSME paper and this website. Source: origamisimulator.org0 points
-
0 points