Leaderboard

Synopsis: CarHacking.Tools is a script I built to help people who are interested in exploring car hacking and research to get a quick start. I decided to invest the time into building this script after spending many hours finding, installing, configuring many of the tools available and very little of it actually "hacking" a car. Link: https://carhacking.tools/

Eu ajunsesem anul 2 la contabilitate (si informatica de gestiune). Nu prea se facea info afara de foxpro. Mi-am dat seama ca e de cacat, mi-am bagat pula, m-am angajat si in final am terminat cibernetica(info ec). Acum sunt programator. Dc iti doresti sa stii ca la 23 de ani esti tanar. La master aveam colegi si de 47. Bafta!

Din experienta mea: engineering e alta treaba. Trebuie sa cunosti binisor domeniul si sa te duca mintea. Fara experienta ca dev e cam greu sa fii un inginer bun. Ca dev cel mai important skill e sa cunosti limbajul de programare. Algoritmii se cam duc pe pl daca inveti in schimb STL sau Java Collections. Ca sa devii dev nu-ti trebuie multa facultate dar se asteapta de la tine sa poti programa mai orice. (si daca se poate sa scrii cod calumea). Daca vrei sa mergi pe ramura asta exerseaza cat de mult poti si incearca sa programezi chestii pt un portofoliu. Front end are limita de intrare mai mica. Nu ai mult de invatat dar iti trebuie si un simt artistic. Trebuie sa te pricepi la "ce vrea utilizatorul" "ce arata bine". Sa cunosti tot felul de smecherii in HTML CSS NetBeans JS e un mare plus. Sys admin e alta treaba. Iti trebuie un skillset diferit. Trebuie sa ai cunostinte Unix shell, retelistica, sisteme de operare, configurari si mentenanta. Daca vrei asa ceva trebuie sa devii familiar cu Unix si cum se fac instalari si configurari. PS: In teorie nu iti trebuie musai facultate dar o diploma e utila. PSS: Daca tot ai licenta in drept, de ce sa nu faci ceva tot legat de drept. Consultanta legala asupra programelor. Scrii termeni si conditii. Consultanta pt firme de securitate. Ceva financiar + legal. Plm. Ceva unde iti poti folosi si dreptul. Faci si tu un ban in plus. Decat sa faci un curs de programare si sa lucrezi ca junior dev tot restul vietii, ca nu ai facultate.

700 euro cu template tau. Site+Admin. 75% avans.

Synopsis: As of early 2018, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent every day. With so much chatter, the potential for online scams, rumours and fake news is huge. It doesn’t help then, if threat actors have an additional weapon in their arsenal to leverage the platform for their malicious intentions. Check Point Research, however, recently unveiled new vulnerabilities in the popular messaging application that could allow threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers immense power to create and spread misinformation from what appear to be trusted sources. Our team observed three possible methods of attack exploiting this vulnerability – all of which involve social engineering tactics to fool end-users. A threat actor can: Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group. Alter the text of someone else’s reply, essentially putting words in their mouth. Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it’s visible to everyone in the conversation. Following the process of Responsible Disclosure, Check Point Research informed WhatsApp of their findings. From Check Point Research’s view, we believe these vulnerabilities to be of the utmost importance and require attention. Link: https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

Synopsis: In this writeup, I'll describe a new technique to crack WPA PSK (Pre-Shared Key) passwords. In order to make use of this new attack you need the following tools: hcxdumptool v4.2.0 or higher hcxtools v4.2.0 or higher hashcat v4.2.0 or higher This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called "Simultaneous Authentication of Equals" (SAE). The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame. At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers). The main advantages of this attack are as follow: No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack) No more waiting for a complete 4-way handshake between the regular user and the AP No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results) No more eventual invalid passwords sent by the regular user No more lost EAPOL frames when the regular user or the AP is too far away from the attacker No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds) No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string Source: https://hashcat.net/forum/thread-7717.html

PeNet PeNet is a parser for Windows Portable Executable headers. It completely written in C# and does not rely on any native Windows APIs. Furthermore it supports the creation of Import Hashes (ImpHash), which is a feature often used in malware analysis. You can extract Certificate Revocation List, compute different hash sums and other useful stuff for working with PE files. For help see the Wiki. The API reference can be found hrere: http://secana.github.io/PeNet License Apache 2 Copyright 2016 Stefan Hausotte Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Sursa: https://github.com/secana/PeNet

Website: https://buckets.grayhatwarfare.com/ Via: