Leaderboard

#####->Spionarea unei adrese de e-mail oferita de google (g-mail)<-##### Sa presupunem ca aveti acces la o adresa de e-mail oferita de google ,fie ca este a prietenei ,a sefului sau pur si simplu este prinsa intr-un stealer si vreti sa-i spionati corespondenta acelei persoane .Luam in calcul si ipoteza ca acea persoana poate sa fie suspicioasa la un moment dat ,din diferite motive ,si isi poate schimba parola , deci nu veti mai avea acces la ea . Google ne ofera pe tava o metoda foarte simpla de a spiona corespondenta unei persoane mai ales ca majoritatea utilizatorilor unei adrese de e-mail sunt persoane "simple" ,fara prea multe cunostinte in domeniu si nu se vor uita niciodata in setarile contului pentru simplu fapt ca nu au de ce sa faca asta .Pur si simplu isi fac o adresa e-mai si o folosesc ! Sa incepem ,e foarte simplu ! 1)Intru in contul victimei si accesez meniul "setari" 2)In meniul "setari" accesez submeniul "Redirec?ionare ?i POP/IMAP" 3)In submeniul "Redirec?ionare ?i POP/IMAP" accesez "Adaugati o adresa pentru redictionare" 4)Adaug adresa mea 5)Google imi trimite un cod de confirmare ,ce stupid ,codul trebuia trimis pe tel victimei 6)Intru in contul meu si confirm codul 7)Ma loghez iarasi in contul victimei , accesez meniul "setari , submeniul "Redirec?ionare ?i POP/IMAP si bifez activarea redictionarii , apoi salvez setarile (in josul paginii ) 8)Victima primeste un e-mail si o copie a acestuia este trimisa catre mine 9)DONE!

In my travels, it has come to my attention that some folks have not taken or had the time to document a checklist or bullet list of actions to perform during an infection or an outbreak. In response I’ve created a decision tree to help as a guide for following a step by step process for malware analysis. The site is response.ortizonline.com . The site basically contains a mindmap created using freeplane that steps the users through the process of analyzing a machine for malware. It provides links to both Symantec , 3rd party, fee and open source tools. The majority of the information has been mostly compiled from NIST SP800-83 , and public symantec KB articles. I hope this is something that community members find useful and can provide feedback to improve. Please provide any feedback and I'll be happy to update the decision tree. Below is a sample of the decision tree. Cheers, Netrunner 1. Suspect Worm 1.1. Manual Analysis and Remediation Steps 1.1.0. Run Full System AntiVirus Scan 1.1.0.1. Did it find and Eliminate Threat? 1.1.0.1.1. IF Yes, ensure all other computers are up to date and get a scan performed. 1.1.0.1.2. IF No Then GOTO 1.1.1 [*] 1.1.1. Symantec SEP Support Tool Power Eraser Option? http://www.symantec.com/techsupp/home_homeoffice/products/sep/Sep_SupportTool.exe 1.1.1.1. LINK http://www.symantec.com/techsupp/home_homeoffice/products/sep/Sep_SupportTool.exe 1.1.1.2. Did it find a possible Threat? 1.1.1.2.1. IF Yes, consider acquiring binary for online analysis at step 1.1.3 to ensure it is not a false positive. 1.1.1.2.1.1. IF 1.1.3 does not identify as a known file and you can validate its an unknown internal application, then proceed to FIX. [*] 1.1.1.2.2. IF No Then GOTO 1.1.2 [*] 1.1.1.2.3. Did SEP_Support_Tool identify any negative reputation files? 1.1.1.2.3.1. If negative reputation files are identified, acquire for further analysis.GOTO step 1.1.3. [*] 1.1.2. Symantec Endpoint Recovery Tool CD-ROM Boot Disk 1.1.2.1. LINK http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010041515464348 1.1.2.2. Did it find and Eliminate Threat? 1.1.2.2.1. IF Yes, consider acquiring binary for online analysis at step 1.1.3. 1.1.2.2.2. IF No Then consider 1.1.6 for memory analysis of possible zero day threat. [*] 1.1.3. Web Analysis? 1.1.3.1. Use www.threatexpert.com to get High Level overview of the threat. Analysis 1.1.3.1.1. LINK http://www.threatexpert.com 1.1.3.1.2. If binary was uploaded for analysis, what were the results? 1.1.3.3.1. Does threatexpert.com identify the binary as a virus by any other AV vendor? 1.1.3.3.2. Does threatexpert.com NSRL listing identify the binary as known good? 1.1.3.3.3. Does threatexpert.com Symantec Reputation identify the threat as "suspicious"? [*] 1.1.3.2. Use Anubis.iseclab.org to obtain highly detailed program analysis and pcap file for analysis. 1.1.3.2.1. LINK http://anubis.iseclab.org [*] 1.1.3.3. Use VirusTotal - Free Online Virus, Malware and URL Scanner 1.1.3.3.1. Does virustotal.com identify the binary as a virus by any other AV vendor? 1.1.3.3.2. Does virustotal.com NSRL listing identify the binary as known good? 1.1.3.3.3. Does virustotal.com Symantec Reputation identify the threat as "suspicious"? [*] 1.1.4. Network Traffic Analysis WireShark | Analyzing Wireless Solutions that work 1.1.4.1. If Anubis provides a pcap file for analysis, is any content able to be leveraged in order to create a SEP IPS Custom Signature 1.1.4.2. SEP Firewall Rule with specific port activity and associated application with Packet capture enabled. [*] 1.1.5. Clean Boot Disk Analysis and Extraction with Helix https://www.e-fense.com/store/index.php?_a=viewProd&productId=11 Malware Analysis and Response Step by Step Decision Tree | Symantec Connect

Stiu bugul l-am postat pe rst cu luni in urma: http://rstcenter.com/forum/15846-phpmyadmin-php-code-injection-rce-poc-v0-11-a.rst Important este ca inca mai gasesti ff multe servere vulnerabile, e util de verificat, manual cum imi place mie cand faci un pen-testing. In rest pot spune ca pe mine ma scaneaza de zor tot felul de astfel de boti dar mi-am configurat csf-ul cand primeste info de la alte tools de securitate ca au fost incercari de scanare da automat ban permanent. Oricum toate porturile in afara de mail, http/s, ftp sunt non-default, la fel si adresele gen /phpmyadmin, /mail etc... Loginurile http le am: force https, apoi basic auth, apoi verifica php informatiile de login daca au fost aprobate de apache si basic auth s-a facut cu success. A si la 4 loginuri gresite ban permanent din csf . (iar asta e doar o mica parte din securitatea fol de mine) PS: uite scannerul tau: http://www.exploit-db.com/exploits/8992/ e vechi si e public. o_O Published: 2009-06-22 PS2: no offence, vinde si u ceva facut de tine! eu prefer sa postez moca sau deloc, bani fac din altele...