Leaderboard

This is my first share hope not gonna mess up.... have fun with your study 1. Burp Suite Video Training size:635 MB unrar to:1.25 GB Link:https://mega.co.nz/#!MBBhBawZ!nTQTj4B9XadEfoJcBJpjWkXxVSqCgytrzsBk4KtUT1o 2. Tactical Tips and Tricks: Burp Suite size:318MB unrar to: 638 MB Link:https://mega.co.nz/#!pcgmyCbL!vctaNMDWhGHa1K5KjYzELGjkbsoLOQMr8xOcyUAsaTs 3. Burp Suite Essentials Ebook size:11.4MB Format avilable: AZW3/EPUB/MOBI/PDF Link:https://mega.co.nz/#!oR53WZ5Q!U7RfhkDeGs-Hd1EmwOBAwJ_5fYKsb30187ZgaRIjS6k 4. Burp Sute Pro 1.6.12 size:12.8MB Install note: dont try to update it may not work if the crack work then great, just use the BurpLoader.jar Link:https://mega.co.nz/#!dNRlwaxb!O_pC_SaRFaghsnD2WHei0du8X7Yuaa0wcec9hop7g9c Here is few more links i found some forums thanks to the orignial posters... Kaotic Creations: BURP SUITE - PART I: INTRO via SQL INJECTION http://kaoticcreations.blogspot.gr/2011/11/burp-suite-part-ii-sql-authentication.html http://kaoticcreations.blogspot.gr/2011/12/burp-suite-part-iii-lfi-exploitation.html http://kaoticcreations.blogspot.gr/2012/01/burp-suite-part-v-mapping-target.html http://kaoticcreations.blogspot.gr/2011/12/burp-suite-part-iv-lfi-exploit-via-log_20.html http://kaoticcreations.blogspot.gr/2012/01/burp-suite-part-vi-more-fun-exploiting.html http://kaoticcreations.blogspot.gr/2012/01/burp-suite-part-vii-lfi-exploit-via.html SANS Tutorial for BURP Intruder : http://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214?show=fuzzing-approach-credentials-discovery-burp-intruder-33214&cat=testing BURP Suite tutorials by Jeremy Druin (webpwnized): http://www.youtube.com/user/webpwnized/search?query=burp-suite Burp Suite: A Comprehensive Web Pen Testing - JoshinGeneral - CarolinaCon9 : How to pentest iphone apps with BURP: http://jordan-wright.github.io/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/ “Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp http://blog.spiderlabs.com/2014/02/reversing-non-proxy-aware-https-thick-clients-w-burp.html

La cat de prost esti, stai dracu' in Rromania si nu mai pleca in alte parti sa faci neamul de ras. Ai auzit de pasapoarte biometrice? Mai ales daca e prima oara cand intri intr-o tara ti-l verifica prin aparat. Cele fake care trec de verificari se fac pe multe mii de euro, nu pe forumuri publice si doar prin contacte de incredere. Stai in banca ta si fute oi pe plaiurile natale!

'Bashware' is a clever new type of malware that major antivirus programs can't detect. Microsoft surprised the technology world last year when it announced that users will be able to run native Linux applications in Windows 10 without virtualization. While this feature is meant to help developers, researchers believe it could be abused by attackers to hide malware from security products. Researchers from security firm Check Point Software Technologies developed a technique that uses Bash, the Linux command-line interface—or shell—that's now available in Windows, to make known malware undetectable. They named the result Bashware. The Windows 10 feature, called the Windows Subsystem for Linux (WSL), tricks Linux applications into believing they're communicating with the Linux kernel—the core part of the operating system that includes hardware drivers and essential services. In reality, those applications communicate with the WSL, which translates their system calls into equivalents for the Windows kernel. WSL was first announced in March 2016 and was added as a beta feature in the Windows 10 Anniversary Update, which was released in August 2016. Microsoft announced that it will become a fully supported feature in the upcoming Fall Creators Update. "WSL seems to be well designed. What allows Bashware to operate the way it does is the lack of awareness by various security vendors" WSL makes it easier for developers who need to write and test code both in Windows and Linux to do so without the overhead of a virtual machine. Many developers, whether they prefer Windows as their primary desktop OS or just need it for Visual Studio and other development tools, also like the simplicity of the Linux command line utilities for interacting with different programming language interpreters and component repositories. As it stands now, WSL is not turned on by default and users need to enable "development mode" on their systems in order to use it. However, Check Point claims that its Bashware attack automates the steps needed to silently enable WSL, download the Ubuntu-based userspace environment that comes with it, and then run malware inside. Linux programs executed through WSL will appear in Windows as "pico processes," a new type of process that is structurally different than those spawned by regular Windows applications. During their tests, the Check Point researchers found no security products that monitor pico processes, even though Microsoft provides a special application programming interface called the Pico API that can be used to do this. This apparent lack of interest by security vendors towards WSL might be the result of a widespread belief that users need to enable the feature manually and most of them won't do it because they don't have a need for it. However, according to Bashware's creators, "it's a little-known fact" that entering the developer mode can be achieved by modifying a few registry keys and this can be done silently in the background by an attacker who has the right privileges. A system reboot is indeed required under normal circumstances to enable WSL, but attackers could simply wait for victims to turn off their computers or could trigger a critical error to force a reboot, the Check Point researchers told me in an email. There might also be a way to load the WSL drivers manually without restarting the computer, but this method is still being investigated, they said. "We see it as both vital and urgent for security vendors to support this new technology in order to prevent threats such as the ones demonstrated by Bashware" What's interesting about Bashware is that attackers don't have to write malware programs for Linux in order to run them through WSL on Windows. Thanks to a program called Wine, they can use the technique to directly hide known Windows malware. In some ways, Wine is the equivalent of WSL on Linux, as it allows Linux users to run Windows programs on their systems without virtualization. The Bashware attack installs Wine inside the downloaded Ubuntu userspace environment and then launches Windows malware through it. Thanks to WSL, those malicious programs will be spawned back into Windows as pico processes, hiding them from security software. Check Point's Gal Elbaz and Dvir Atias are not the first security researchers to warn that attackers could abuse WSL to run malware. Reputed Windows internals expert Alex Ionescu called attention to the same risks in 2016 in talks at Black Hat USA and Microsoft's BlueHat conference. Ionescu, who is the vice president of endpoint detection and response strategy at security firm CrowdStrike, maintains a GitHub repository with his research on WSL. To some extent Bashware builds on Ionescu's prior findings, but the technique is adapted to the current state of WSL. It shows that one year later many security vendors are still not prepared to deal with this new technology. The good news is that in order to use Bashware, attackers need to already have administrator privileges on their victims' computers. This means they need to first compromise those systems using more traditional methods: phishing emails with malicious attachments, documents rigged with exploits for unpatched vulnerabilities, social engineering tricks, stolen administrative credentials and so on. Gaining admin rights on Windows computers is not necessarily a hard thing to do, and attackers do it all the time. However, these extra steps give security products a chance to detect and break attack chains before Bashware can be used to hide malicious payloads. The Check Point researchers declined to name the security products whose detection mechanisms they managed to bypass, noting that their goal is for this research to serve as a wakeup call for the entire security industry. WSL is not a common attack vector and if attackers were to use it as a source of attacks, they would first need to download malware onto the targeted computer, said Adam Bromwich, senior vice president of security technology and response at Symantec. "Based on this WSL architecture, Symantec's scanners, machine learning and protection technologies are designed to scan and detect malware created using WSL." Kaspersky Lab told me in an email it plans to modify its antivirus software to detect this type of malware in the future. Currently, all of the company's products can detect malware downloaders and other Windows-based parts of such attacks, Kaspersky Lab said. Antivirus firm Bitdefender did not immediately respond to a request for comment. We will update this post if we hear back. Update: This post has been updated with comment from Kaspersky, and has been updated to include more context about previous research in this area. Via vice.com

Eight Bluetooth-related vulnerabilities (four that are critical) affecting over 5 billion Android, Windows and Linux devices could allow attackers to take control of devices, access corporate data and networks, and easily spread malware to other devices. Nearly all devices with Bluetooth capabilities, including smartphones, TVs, laptops, watches, smart TVs, and even some automobile audio systems, are vulnerable to this attack. If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a "man-in-the-middle" to gain access to critical data and networks without user interaction. The vulnerabilities were found in the Bluetooth implementations in Android, Microsoft, Linux and iOS versions pre-iOS 10. Armis reported the vulnerabilities to Google, Microsoft, and the Linux community. Google and Microsoft are releasing updates and patches on Tuesday, September 12. Others are preparing patches that are in various stages of being released. These vulnerabilities are the most serious Bluetooth vulnerabilities identified to date. Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device. These proximity-based network vulnerabilities could allow attackers to create broad malware infections that could spread from one infected device to many others by wirelessly connecting to other devices over Bluetooth. The device-to-device connectivity nature of Bluetooth means an airborne (or "BlueBorne") attack could easily spread without any action required by a user. "These silent attacks are invisible to traditional security controls and procedures. Companies don't monitor these types of device-to-device connections in their environment, so they can't see these attacks or stop them," said Yevgeny Dibrov, CEO of Armis. "The research illustrates the types of threats facing us in this new connected age." There are two specific methods attackers could use with exploit code. They could: Connect to the target device in an undetected manner, then remotely execute code on that device. This would allow the attacker to take full control of a system, up to and including leveraging the device to gain access to corporate networks, systems, and data. Conduct a Man-in-the-Middle attack — effectively creating a Bluetooth Pineapple — to sniff traffic being sent between Bluetooth-enabled devices or spoof a legitimate Bluetooth device and hijack the connection and redirect traffic. This would enable attackers to download malware to devices and take complete control of them. This attack would not require additional hardware, as it uses the Bluetooth connection on the device against the device itself. The automatic connectivity of Bluetooth, combined with the fact that nearly all devices have Bluetooth enabled by default, makes these vulnerabilities all the more serious and pervasive. Once a device is infected with malware, it can then easily broadcast the malware to other Bluetooth-enabled devices in its vicinity, either inside an office or in more public locations. While waiting for the patch, users can disable Bluetooth to protect devices. SURSA: htp:/www.prnewswire.com/news-releases/armis-identifies-new-airborne-cyber-threat-blueborne-that-exposes-almost-every-device-to-remote-attack-30051700.html

mu(e) online ?

Am stat o cateva ore cautand acest curs, toate torrent-urile sunt moarte.: Pentester Academy Linux Assembly and Shellcoding Course | MEGA Parola arhivei este: nNFFWQgpmfvMHGr2EhET

De ce e "powerfull" C++: 1. cross-platform - Compilatoare atat open-source cat si comerciale 2. optimizat - Un limbaj interpretat nu va ajunge niciodata la viteza sa 3. capabil - Pointeri, mostenire, polimorfism si tot ce ti-ai putea dori de la un limbaj de programare 4. biblioteci - STL, Boost, OpenSSL si multe alte biblioteci sunt create pentru a fi folosite din C++ 5. stabil - Standard vechi, bine definit, implementat si inteles De ce nu e popular? 1. Nu e pentru cei slabi de inima.

Cei interesati sa trimita un PM. Am nevoie de o persoana cu experienta. 😁 Ofer intre £500 si £1500 / task, plata cum doriti voi.