Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 12/08/17 in all areas

  1. Gluma revizuita: A boy asked his bitcoin-investing dad for $20. Dad: $15.56? What do you need $24.21 for?
    4 points
  2. IOTA mai are mult de mers in sus. Recomand! Sunt seriosi si au parteneriate cu multe companii. Imi apare asemanatoare situatia cu early days ETH. Am luat initial la 16k satoshi, am vandut la 35k si acum caut sa iau iar pentru ca se pare ca s-a stabilizat pe la 24k satoshi. Incerc sa acumulez si BAT cand sunt dips pentru ca e pret foarte mic momentan si proiectul e super misto. In plus, Brave browser se misca excelent. Easy 10x in cateva luni.
    3 points
  3. Mai este loc in google search results www.google.ro/search?q=christmas+eve+massacre Astia au obrazul si mai gros decat politicienii nostri https://cointelegraph.com/news/two-chinese-exchanges-help-themselves-to-user-funds https://www.coindesk.com/huobi-sbi-announce-plan-japanese-bitcoin-exchanges/
    1 point
  4. A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the mitigation capabilities of security products. In Process Hollowing attack, hackers replace the memory of a legitimate process with a malicious code so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running. Since all modern antivirus and security products have been upgraded to detect Process Hollowing attacks, use of this technique is not a great idea anymore. On the other hand, Process Doppelgänging is an entirely different approach to achieve the same, by abusing Windows NTFS Transactions and an outdated implementation of Windows process loader, which was originally designed for Windows XP, but carried throughout all later versions of Windows. Here's How the Process Doppelgänging Attack Works: Before going further on how this new code injection attack works, you need to understand what Windows NTFS Transaction is and how an attacker could leverage it to evade his malicious actions. NTFS Transaction is a feature of Windows that brings the concept of atomic transactions to the NTFS file system, allowing files and directories to be created, modified, renamed, and deleted atomically. NTFS Transaction is an isolated space that allows Windows application developers to write file-output routines that are guaranteed to either succeed completely or fail completely. According to the researcher, Process Doppelgänging is a fileless attack and works in four major steps as mentioned below: Transact—process a legitimate executable into the NTFS transaction and then overwrite it with a malicious file. Load—create a memory section from the modified (malicious) file. Rollback—rollback the transaction (deliberately failing the transaction), resulting in the removal of all the changes in the legitimate executable in a way they never existed. Animate—bring the doppelganger to life. Use the older implementation of Windows process loader to create a process with the previously created memory section (in step 2), which is actually malicious and never saved to disk, "making it invisible to most recording tools such as modern EDRs." Process Doppelgänging Evades Detection from Most Antiviruses Liberman told The Hacker News that during their research they tested their attack on security products from Windows Defender, Kaspersky Labs, ESET NOD32, Symantec, Trend Micro, Avast, McAfee, AVG, Panda, and even advance forensic tools. In order to demonstrate, the researchers used Mimikatz, a post-exploitation tool that helps extract credentials from the affected systems, with Process Doppelgänging to bypass antivirus detection. When the researchers ran Mimikatz generally on a Windows operating system, Symantec antivirus solution caught the tool immediately, as shown below: However, Mimikatz ran stealthy, without antivirus displaying any warning when executed using Process Doppelgänging, as shown in the image at top of this article. Liberman also told us that Process Doppelgänging works on even the latest version of Windows 10, except Windows 10 Redstone and Fall Creators Update, released earlier this year. But due to a different bug in Windows 10 Redstone and Fall Creators Update, using Process Doppelgänging causes BSOD (blue screen of death), which crashes users' computers. Ironically, the crash bug was patched by Microsoft in later updates, allowing Process Doppelgänging to run on the latest versions of Windows 10. I don't expect Microsoft to rush for an emergency patch that could make some software relying on older implementations unstable, but Antivirus companies can upgrade their products to detect malicious programs using Process Doppelgänging or similar attacks. This is not the very first time when enSilo researchers have discovered a malware evasion technique. Previously they discovered and demonstrated AtomBombing technique which also abused a designing weakness in Windows OS. In September, enSilo researchers also disclosed a 17-year-old programming error in Microsoft Windows kernel that prevented security software from detecting malware at runtime when loaded into system memory. Via thehackernews.com
    1 point
  5. Investiti in oua. Multumiti-mi mai tarziu.
    1 point
  6. sursa Cum plm sa apelezi la statul rR0 pentru asa ceva? poate te trezesti cu vreun control si-ti inchide sala Poti incerca la firmele private in vederea redirectionarii a 2% din profit ( pizdele care sunt la contabilitate stiu sigur despre ce e vorba )- donare catre sala, de ex. sub forma unor burse private pentru cei mici Doua categorii de contribuabili pot redirectiona 2% din impozitul pe venit
    -1 points
  7. -1 points
  8. Ce hristosi inseamna asta? E un tutorial foarte aiurea. Solutia profesionala e sa folosesti RSACryptoServiceProvider plus AES din c#. Ai toate librariile deaja implementate. (Nota: RC4 e depreciat si nu ar trebui folosit pt aplicatii reale) Ca nota: RSA e un algoritm de criptare asimetric. Toata puterea RSA sta in key exchange si signing. E o idee proasta sa criptezi o poza/un text/un document cu RSA. Dimensiunea mesajului criptat va fi mult prea mare. Plus cheia este uriasa(1024 de biti!!!) RSA are ca proprietati speciale faptul ca cheia privata 'nu se poate' obtine din cheia publica. Ca aplicate RSA se foloseste pentru a schimba niste mesaje mici in marime care contin chei aleatorii. Aceste chei aleatorii sunt folosite apoi pt a cripta mesajul(mare in dimensiune) cu un algoritm simetric(ex AES). RSA se poate folosi si la semnare. Adica demonstrarea ca detii cheia privata. Daca chiar vrei sa construiesti ceva si ai nevoie de securitate criptografica pune aici sau prin PM planul proiectului si ce astepti de la el. Nu ma declar expert in criptografie dar iti pot da niste sfaturi/pareri. Daca doar vrei sa inveti este mult mai util sa te legi de librariile deja implemenmtate si documentate. Daca le intelegi pe alea si stii sa le folosesti ai un avantaj mare.
    -1 points
  9. Ba ce draq spamati cu prostii? UTN tau nu are valoare! Am mai spus de 10 ori. Moneda este CENTRALIZATA. Si pretul unei unitati (1 UTN) nu va fi niuciodata mai mare de 0.01$. 50UTN = 0.5$. MAMA SA SPAMAM CU TOTII PT 50CENTI!!!!11 Citeste white-paperul monetei si vezii modelul. de acolo iti poti da seama cat de mare o sa ajunga valoare monedei. (hint: o sa ramana la 0.01, moneda are mecanism de inflatie)
    -1 points
  10. Daca faci fork si incepi sa dezvolti moneda ma bag ca developer Pulencur trece de 100.000$ marketCap in 4 saptamani. Rinkeby contract at 0x2C3B63308fD5Be47375571AE61E31D7c9FC94Fa2 Nu e non-profit.
    -1 points
×
×
  • Create New...