Leaderboard
Popular Content
Showing content with the highest reputation on 01/26/21 in all areas
-
Cred ca vei avea aceleasi rezultate ca ale publicului tau tinta corespunzator articolelor de pe site.2 points
-
Nici nu stiu cu ce sa incep..linkul de signup duce pe login..care..saraca pagina..arata..2 points
-
Asta e scuza sa nu apara protestatari anti 5g Musk edition, ii radiaza doar pe aia de si-au tras antene2 points
-
1 point
-
Pff https://www.hackerville.ro/2021/01/24/hackerii-te-pot-lasa-fara-conturi/ "Hackerii folosesc coduri rău intenționate, dar majoritatea se ascund doar la vedere. Poate fi extrem de eficient."1 point
-
Starlink internet este acum disponibil pentru inregistrare si in Romania sub forma Beta testing. Echipamentul pentru receptie costa aproximativ 600$ cu tot cu transport iar abonamentul lunar 100 $ dolari. Internetul de la Starlink nu este totusi unul mobil. Inregistrarea contractului se face pe o adresa fixa iar echipamentul trebuie instalat si utilizat doar la adresa respectiva. Securizarea Starlink impiedica receptia semnalului (sau a accesului la internet) in afara coordonatelor Lat, Long GPS specificate in contract ce corespund cu adresa de shipping (livrare si instalare). Sistemul este astfel conceput pentru ca nimeni sa nu poata intercepta traficul decat doar de la coordonatele de instalare a echipamentului de receptie specificate in contract. Partea proasta este ca tehnologia este una identica cu cea satelitara de pana acum care nu merge sau merge prost atunci cand ninge sau ploua abundent, cand sunt nori de furtuna ori copaci la locatia receptorului (antenei satelit). Si lipsa mobilitatii este un punct minus dar poate compensa viteza internetului cuprinsa intre 50 si 150 Mb/s cu latenta intre 40 si 20 ms si ccare va ajunge in viitor undeva la 19-16 ms. Pretul pentru U.S este unul decent in special pentru zonele fara acoperire unde serviciile actuale ajung si la 500$ - 800$ pe luna pentru 150 Mb/s bandwith. Inregistrare : https://www.starlink.com/ Termeni: https://www.starlink.com/faq1 point
-
Starlink satellites are scheduled to send internet down to all users within a designated area on the ground. This designated area is referred to as a cell. Your Starlink is assigned to a single cell. If you move your Starlink outside of its assigned cell, a satellite will not be scheduled to serve your Starlink and you will not receive internet. This is constrained by geometry and is not arbitrary geofencing. sursa faq1 point
-
1 point
-
Intrebare, FAQ-ul lor zice incontinuu sa descarc aplicatia lor ca sa ai cel mai bun semnal de la satelit. Daca am semnal pe telefon sa folosesc aplicatia, de ce mai am nevoie de echipament? Sa fac ratie pe Filelist cand e soare si frumos afara?1 point
-
New campaign targeting security researchers Adam Weidemann Threat Analysis Group Published Jan 25, 2021 Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with. In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They've used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control. Actor controlled Twitter profiles. Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including “guest” posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers. Example of an analysis done by the actor about a publicly disclosed vulnerability. While we are unable to verify the authenticity or the working status of all of the exploits that they have posted videos of, in at least one case, the actors have faked the success of their claimed working exploit. On Jan 14, 2021, the actors shared via Twitter a YouTube video they uploaded that proclaimed to exploit CVE-2021-1647, a recently patched Windows Defender vulnerability. In the video, they purported to show a successful working exploit that spawns a cmd.exe shell, but a careful review of the video shows the exploit is fake. Multiple comments on YouTube identified that the video was faked and that there was not a working exploit demonstrated. After these comments were made, the actors used a second Twitter account (that they control) to retweet the original post and claim that it was “not a fake video.” Tweets demonstrating the actors' “exploits” Security researcher targeting The actors have been observed targeting specific security researchers by a novel social engineering method. After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together, and then provide the researcher with a Visual Studio Project. Within the Visual Studio Project would be source code for exploiting the vulnerability, as well as an additional DLL that would be executed through Visual Studio Build Events. The DLL is custom malware that would immediately begin communicating with actor-controlled C2 domains. An example of the VS Build Event can be seen in the image below. Visual Studio Build Events command executed when building the provided VS Project files In addition to targeting users via social engineering, we have also observed several cases where researchers have been compromised after visiting the actors’ blog. In each of these cases, the researchers have followed a link on Twitter to a write-up hosted on blog.br0vvnn[.]io, and shortly thereafter, a malicious service was installed on the researcher’s system and an in-memory backdoor would begin beaconing to an actor-owned command and control server. At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions. At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have. Chrome vulnerabilities, including those being exploited in the wild (ITW), are eligible for reward payout under Chrome's Vulnerability Reward Program. We encourage anyone who discovers a Chrome vulnerability to report that activity via the Chrome VRP submission process. These actors have used multiple platforms to communicate with potential targets, including Twitter, LinkedIn, Telegram, Discord, Keybase and email. We are providing a list of known accounts and aliases below. If you have communicated with any of these accounts or visited the actors’ blog, we suggest you review your systems for the IOCs provided below. To date, we have only seen these actors targeting Windows systems as a part of this campaign. If you are concerned that you are being targeted, we recommend that you compartmentalize your research activities using separate physical or virtual machines for general web browsing, interacting with others in the research community, accepting files from third parties and your own security research. Actor controlled sites and accounts Research Blog https://blog.br0vvnn[.]io Twitter Accounts https://twitter.com/br0vvnn https://twitter.com/BrownSec3Labs https://twitter.com/dev0exp https://twitter.com/djokovic808 https://twitter.com/henya290 https://twitter.com/james0x40 https://twitter.com/m5t0r https://twitter.com/mvp4p3r https://twitter.com/tjrim91 https://twitter.com/z0x55g LinkedIn Accounts https://www.linkedin.com/in/billy-brown-a6678b1b8/ https://www.linkedin.com/in/guo-zhang-b152721bb/ https://www.linkedin.com/in/hyungwoo-lee-6985501b9/ https://www.linkedin.com/in/linshuang-li-aa696391bb/ https://www.linkedin.com/in/rimmer-trajan-2806b21bb/ Keybase https://keybase.io/zhangguo Telegram https://t.me/james50d Sample Hashes https://www.virustotal.com/gui/file/4c3499f3cc4a4fdc7e67417e055891c78540282dccc57e37a01167dfe351b244/detection (VS Project DLL) https://www.virustotal.com/gui/file/68e6b9d71c727545095ea6376940027b61734af5c710b2985a628131e47c6af7/detection (VS Project DLL) https://www.virustotal.com/gui/file/25d8ae4678c37251e7ffbaeddc252ae2530ef23f66e4c856d98ef60f399fa3dc/detection (VS Project Dropped DLL) https://www.virustotal.com/gui/file/a75886b016d84c3eaacaf01a3c61e04953a7a3adf38acf77a4a2e3a8f544f855/detection (VS Project Dropped DLL) https://www.virustotal.com/gui/file/a4fb20b15efd72f983f0fb3325c0352d8a266a69bb5f6ca2eba0556c3e00bd15/detection (Service DLL) C2 Domains: Attacker-Owned angeldonationblog[.]com codevexillium[.]org investbooking[.]de krakenfolio[.]com opsonew3org[.]sg transferwiser[.]io transplugin[.]io C2 Domains: Legitimate but Compromised trophylab[.]com www.colasprint[.]com www.dronerc[.]it www.edujikim[.]com www.fabioluciani[.]com C2 URLs https[:]//angeldonationblog[.]com/image/upload/upload.php https[:]//codevexillium[.]org/image/download/download.asp https[:]//investbooking[.]de/upload/upload.asp https[:]//transplugin[.]io/upload/upload.asp https[:]//www.dronerc[.]it/forum/uploads/index.php https[:]//www.dronerc[.]it/shop_testbr/Core/upload.php https[:]//www.dronerc[.]it/shop_testbr/upload/upload.php https[:]//www.edujikim[.]com/intro/blue/insert.asp https[:]//www.fabioluciani[.]com/es/include/include.asp http[:]//trophylab[.]com/notice/images/renewal/upload.asp http[:]//www.colasprint[.]com/_vti_log/upload.asp Host IOCs Registry Keys HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\KernelConfig HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverConfig HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSL Update File Paths C:\Windows\System32\Nwsapagent.sys C:\Windows\System32\helpsvc.sys C:\ProgramData\USOShared\uso.bin C:\ProgramData\VMware\vmnat-update.bin C:\ProgramData\VirtualBox\update.bin Sursa: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/0 points