Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 06/13/20 in Posts

  1. 14 points
    Salut, Lucrez la o platforma de CTI marca RST. Caut oameni care doresc sa se implice activ in aceasta latura a securitatii si sa populeze platforma intr-un mod cat mai eficient. Voi oferi suport atat cat imi permite timpul. Nu sunt bani in joc, dar e o ocazie destul de buna de a invata si a aprofunda acest domeniu. Vom face o multime de chestii interesante. Cu o astfel de experienta ai sanse foarte mari in a printe un job pe partea de Security. Toti cei care sunt interesati de acest subiect si vor sa participe sa scrie aici sau sa-mi trimita un PM. Voi crea un server de discord pt asta si vom discuta mai multe in chat. Infrastructura o platesc eu. Targetul final este de a ajuta cat mai multi oameni sa se dezvolte pe partea asta si de ce nu sa devenim o sursa de incredere pentru companii sau organizatii romanesti in principal. Pentru cei care vor sa se implice activ va astept aici: https://discord.gg/3fjHp6U Chestii facute pana acum: 1. Am ridicat urmatoarele platforme: MISP, TheHive, Cortex Chestii care sunt pe short list: 1. Populat platforma MISP cu ceva evente sample pentru a putea intelege mecanismul acesteia 2. Testat anumiti analyzers din Cortex 3. Create 1-2 cazuri in Hive pentru a ne familiariza cu conceptul de Security Operations Center 4. Email catre cateva surse de threat intel pentru a ne oferi suport in acest proiect, nu cu produsurile finale ale lor dar cu ceva beta Daca stiti ceva surse de threat intel care au trial version sau sunt dispusi sa ne sustina in acest proiect let me know. Am sa postez in acest topic evolutia
  2. 13 points
    Salutare la toti de mult nu am mai intrat pe forum si am fost activ dar acum am un pic de timp :) si m-am gandit sa mai postez si eu ceva. O zi buna va doresc. Buffer Overflow Attack in PDF ShapingUp. https://youtu.be/7wxQmmHjrLc
  3. 8 points
    STAGIU DE VOLUNTARIAT / PRACTICĂ LA CERT-RO Directorul General al CERT-RO Dan Cîmpean caută un număr de patru (4) voluntari pe perioada: 21 Iulie 2020 - 15 Septembrie 2020 , care sunt interesați să trăiască timp de două (2) luni experiența profesională a unui Director din Centrul Național de Răspuns la Incidente de Securitate Cibernetică. Condiții de participare: · Student(ă) sau absolvent(ă) de studii superioare · Cunoștințe de limba engleză nivel cel puțin mediu · Interesat(ă) de a activa, lucra și învăța în una din instituțiile de vârf ale Guvernului României · Un (1) student și o (1) studentă din București, ce vor activa la CERT-RO · Un (1) student și o (1) studentă din județe, ce vor activa online · Disponibilitate de a activa in medie 2 ore pe zi, flexibil. Selecția se va face de către Departamentul HR al CERT-RO pe baza CV-urilor primite. CV-ul trebuie trimis la adresa de mail HR@CERT.RO până la data de 17 iulie 2020, 23:59.
  4. 7 points
    Am patit si eu, suna la provider si spunele sa te scoata de pe 5g.
  5. 7 points
    https://digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=18427&view=map https://twitter.com/search?q=DDoS&src=trend_click https://www.rt.com/usa/491933-verizon-tmobile-att-outage/
  6. 6 points
    Daca virusi s-ar (mai) putea raspandi prin browsere, fii sigur ca ai fi plin. Eu ti-as recomanda o sesiune de hipnoterapie sa incerci sa-ti aduci aminte ce-ai cautat la ultima betie.
  7. 4 points
    Ma putica, tu inca umbli cu morcovul si cu alte cacaturi de-astea de hackeri periculosi. Tu inca te bucuri cand dai un difeis. Nu intelegi ca locul tau nu este aici?
  8. 4 points
    Am trecut noi peste Sality, Confiqer... Trecem si peste Covid.
  9. 4 points
    Este un Buffer Overflow în pdf software, dar bineînțeles a durat mai mult ca în video pana am exploatat vulnerabilitatea. Pasul unul care este cel mai greu, este sa modifici pdf în asa fel încât sa se prăbușească și crash-ul să îl conduci pană poti executa codul shell. în video era deja despărțit pdf-ul iar in kali convertez pdf iinteriorul in Hex code si pe urma e tipic Buffer Overflow.
  10. 4 points
    Ce mouse sa inlocuiasca ba? Ce back up sa faca ba? Cu tot cu rat? Ba inconstientilor, nu mai bagati oamenii in cacat cu buna stiinta.
  11. 4 points
    Am facut si eu ceva de genul asta, dar din lipsa de timp, am abandonat proiectul. Eu aveam si cuckoo instalat pe un dedicat. Am cumparat un domeniu care a fost anterior folosit ca si serviciu de mail temporar, am pus catch all pe el si luam toate mailurile pe care le primeam pe zi (15-20k) , extrageam atasamentele, le bagam in cuckoo si de acolo luam indicatori de compromitere ca sa populez MISP. Erau destul de multe date si era interesant. Problema a fost lipsa de timp. Mai am ceva scripturi pe care le foloseam ca sa automatizez, dar nu cred ca e ceva quality pe acolo Am improvizat foarte mult si cred ca ce faceam eu intr-o suta de linii, altcineva rezolva mult mai usor. Important e ca functiona
  12. 4 points
    Atacurile vin de la cipurile implantate in oameni folosind termometrele fara contact.Este clar ca Bill Gates vrea sa il darame pe Trump si sa presia controlul SUA.Este dovada puterii 5G-ului!!!
  13. 3 points
    Daca este destinat scopurilor educationale(desi nu cred), de ce nu pui mana sa inveti ceva? Poti sa explici cu ce este educational? Daca vrei sa faci "teste" de ce nu folosesti un tool comun gen hydra etc, ca sa-ti validezi ce vrei tu sa faci acolo. Cu ce te ajuta sa muti arhiva din pl in python?Vrei sa inveti python?Fa-o...lasa arhivele. Cred ca si tu esti in brigada lui boyka ala
  14. 3 points
    Shell Link Binary File Format, which contains information that can be used to access another data object. The Shell Link Binary File Format is the format of Windows files with the extension "LNK", we call it a shortcut file. Regarding the structure of this format is very complicated, Microsoft has provided a document about LNK file format for reference[1]. I've followed the Microsoft patches for a long time. In 2018, I found that they had 2 LNK bugs which were fixed and all of them were RCE. Recently, @Lays found a bunch of LNK file parsing bugs, so with this binary file format I think it is suitable for fuzzing. However, you need to reverse and learn how to handle this LNK file on Windows. Introduction File Explorer, previously known as Windows Explorer, is a file manager application that has been included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the screen such as the taskbar and desktop. Explorer has a lot of features, each version of the operating system has been upgraded it by Microsoft. Here I discovered that the Explorer will automatically parsing the LNK file if the LNK file appears in the context that the Explorer is accessing. For example, if we are on the desktop, the Explorer will parse the LNK files that appear on the desktop and maybe in some secondary directory (about the depth of the folder that the Explorer can access, I don't know). Introduce parsing LNK file in Explorer How can we build an arsenal to fuzz this LNK file format? We need to rely on Explorer, debug it, use Windbg attach to process explorer.exe: I put break-point at 2 functions are CreateFileA and CreateFileW, I guess that Explorer will use it to read the file before parsing. After a few breaks on the CreateFileW function, I saw the explorer calling the CreateFileW function with the file "Process Hacker 2.lnk", this LNK file is on the desktop. I view the call stack at this breakpoint: We can see that a series of APIs related to CShellLink are called in the windows.storage.dll. Here I returned to MSDN to learn about these CShellLink related API and I found this[2]: It is possible to create an LNK parsing program using the IShellLink interface. Based on what MSDN provides I use IPersistFile to load and parsing LNK files, this is the harness I use to fuzzing. I debug the test with the harness that I built on the file "test_debug.lnk" Comparing the call stack between my harness and Explorer looks quite similar. I decided to use this harness for fuzzing. Fuzzing LNK Corpus for this LNK file I found is also quite available on the Github repo. I found and downloaded, then used them to fuzz. With the familiar winafl[3] and Dynamorio[4], I used it with coverage_module windows.storage.dll. Run fuzzing with 1 master and 7 slave. About fuzzing and coverage, you can read my blogs before[5][6]. After some time running fuzzing, I went back to check my crashes, I found 4 unique crashes: Out of bound read in windows_storage!CRegFolder::_AttributesOf Out of bound read in windows_storage!CRegFolder::_CreateCachedRegFolder Out of bound read in shell32!CControlPanelCategoryFolder::_IsValidCategoryPidl Double free in windows_storage!DSA_DestroyCallback I checked these 4 crashes on Explorer, only double-free bug can cause explorer.exe crash, 3 out of bound read bugs do not cause explorer.exe crash. I reported all 4 bugs to Microsoft, Microsoft only accepted one of my double-free bug, they rejected the rest because the crash did not occur on the default configuration of the system and could not be exploited (regarding the default configuration of the system, I think due to the harness I use is not complete like Explorer when parsing 1 LNK file). CVE-2020-1299 The double-free bug I found above was fixed in this June patch of Microsoft, here is a bit of the cause of this bug: We have struct DSA as follows: DSA object: struct DSA { INT nItemCount; LPVOID pData; INT nMaxCount; INT nItemSize; INT nGrow; }; DSA object[7] is initialized at DSA_Create[8] and insert items with DSA_InsertItem[9]. While inserting additional items, it will allocate a memory area for the pData field in the struct DSA. When releasing DSA object, the program has called DSA_DestroyCallback function twice to release the same DSA object. The function s_DestroyCacheItemCB has an error: When freeing the pData field, it did not check the availability of this memory, resulting in a double-free bug. The pData memory has been free before, I don't analyze further why the DSA object was destroyed twice due to some condition in the previous thread. For this bug, we can use after free on the DSA object to trigger RCE. Conclusion Above is the whole process I researched to find an attack surface for the LNK file, apply fuzzing to find fault of the LNK parsing process. At the time I found this bug, I only targeted the windows.storage.dll DLL without knowing that LNK had another type: LNK search (after ZDI published blog which analyzed a bug of @Lays, I realized this format)[10]. In addition to windows.storage.dll used to parsing LNK files, there are also windows.storage.search.dll and StructuredQuery.dll. The following blog I will talk about some bugs I found in StructuredQuery.dll but Microsoft does not fix it although it may cause DOS temporarily. Microsoft suggests that I can blog about those bugs and they are confident that they can answer every customer's questions with bugs they don't fix. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943 https://docs.microsoft.com/en-us/windows/win32/shell/links https://github.com/googleprojectzero/winafl https://github.com/DynamoRIO/dynamorio https://ezqelusia.blogspot.com/2020/05/start-fuzzing-fuzz-various-image-viewers.html https://ezqelusia.blogspot.com/2020/05/microsofts-first-bug.html https://docs.microsoft.com/en-us/windows/win32/api/dpa_dsa/ https://docs.microsoft.com/en-us/windows/win32/api/dpa_dsa/nf-dpa_dsa-dsa_create [https://docs.microsoft.com/en-us/windows/win32/api/dpa_dsa/nf-dpa_dsa-dsa_insertitem https://www.zerodayinitiative.com/blog/2020/3/25/cve-2020-0729-remote-code-execution-through-lnk-files Researcher: linhlhq from Infiniti Team - VinCSS (a member of Vingroup). Source
  15. 3 points
    Nu conteaza, facem conferinta online apoi mergem la bere la gramada - maxim 4 la masa sau cat o mai fi. Si acolo ne batem joc de Gogoasa
  16. 3 points
    Cred ca nimeni, nici de la DefCamp nici de pe RST, nici macar Iohannis nu ne poate spune cum evolueaza cacatul asta. Mie sincer mi-a placut Cisco Live de anul asta. Decat sa ma duc in Berlin si sa dau 1200 de euro, mai bine am urmarit de acasa cu o punga de cipsuri in mana. Daca asa va fi si la DefCamp, e super marfa.
  17. 3 points
    Sa instalezi windowsul curat si sa te gandesti data viitoare ca lururile gratis de pe internet, vin cu un cost.
  18. 3 points
    Sa va faceti o idee cum arata momentan. Asa arata o parte din evenimente: Totul este automatizat in ceea ce priveste AlienVault. Mai avem cateva chestii mici la care lucram. Asa arata un eveniment random: P.S. Nu va faceti grija, nu e nimic confidential. Toate sunt TLP White deci e ok
  19. 2 points
  20. 2 points
    I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently exe, dll and sys files). Read on for further information. Motivation During a recent research project, I had to track down a bug that Microsoft fixed in one of the drivers. I needed to find out which update fixed the bug. I knew that the bug exists on an unpatched RTM build, and is fixed on a fully patched system. All I needed was the dozens of file versions of that driver, so that I could look at them manually until I find the version that introduced the fix. Unfortunately, to the best of my knowledge there was no place where one could get just these dozens of files without downloading extra GBs of data, be it ISOs or update packages. While searching for the simplest solution, these are the options I considered: Install an unpatched RTM build with automatic updates disabled, and install each update manually. Get the driver file after each installed update. A more efficient option would be to do a binary search, installing the middle update first, and then continuing with the relevant half of the updates depending on whether that update fixed the bug. Extract each version of the file from a Windows package, such as an update package that can be download from the Microsoft Update Catalog or an archive from the Unified Update Platform. Look for the driver files on the internet. There are various fishy “dll fixer” websites that claim to provide versions of system files. Unfortunately, not only that these websites are mostly loaded with ads and the files are sometimes wrapped with a suspicious exe, they also don’t provide any variety of versions for a given file, usually having only one, seemingly randomly selected version. There are also potentially useful services like VirusTotal, but I didn’t find any such service which allows to freely download the files. Option 3 didn’t work, and I chose option 2 over 1 since downloading and extracting update packages seemed quicker than updating the OS every time. I also chose the Microsoft Update Catalog over the Unified Update Platform, since the latter is not really documented and is more obscure, and other than that provides no obvious benefits. Also, the update history is nicely documented by Microsoft: Windows 10 update history. There’s also Windows 7 SP1 update history and Windows 8.1 update history, but I focused on Windows 10. What’s in an update package Each update package that can be downloaded from the Microsoft Update Catalog is an msu file, which is basically a cab archive. Extracting it results in some metadata and another cab archive, which in turn contains the Windows files of the update. The update files are divided to assemblies, each assembly having a manifest file and a folder with the actual files. I expected that it would be enough to grab the file I’m looking for from the corresponding folder, but it turns out that newer update packages contain forward and reverse differentials instead of the actual files. Only 6 KB, no MZ header, clearly not the file I’m looking for. A quick search about the diff patching algorithm didn’t yield results, and I’d need the base Windows version anyway, so this option didn’t look appealing anymore. Just before giving up and trying the other options (the Unified Update Platform and installing updates manually), I looked at the information that is available in the manifest file. The only potentially interesting piece of information that I found is the list of files, which, among various unhelpful (for me) information, contains the file’s SHA256 hash: <?xml version="1.0" encoding="utf-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v3" manifestVersion="1.0" copyright="Copyright (c) Microsoft Corporation. All Rights Reserved."> <assemblyIdentity name="Microsoft-Windows-SMBServer-v2" version="10.0.19041.153" processorArchitecture="amd64" language="neutral" buildType="release" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" /> <dependency discoverable="no" resourceType="Resources"> <!-- ... --> </dependency> <file name="srv2.sys" destinationPath="$(runtime.drivers)\" sourceName="srv2.sys" importPath="$(build.nttree)\" sourcePath=".\"> <securityDescriptor name="WRP_FILE_DEFAULT_SDDL" /> <asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:Transforms> <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha256" /> <dsig:DigestValue>pD5a0dKSCg7Kc0g1yDyWEX8n8ogPj/niCIy4yUR7WvQ=</dsig:DigestValue> </asmv2:hash> </file> <memberships> <!-- ... --> </memberships> <instrumentation xmlns:ut="http://manifests.microsoft.com/win/2004/08/windows/networkevents" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <!-- ... --> </instrumentation> <localization> <!-- ... --> </localization> <trustInfo> <!-- ... --> </trustInfo> </assembly> You can see it under DigestValue, encoded as base64. In this case, that’s pD5a0dKSCg7Kc0g1yDyWEX8n8ogPj/niCIy4yUR7WvQ= which translates to a43e5ad1d2920a0eca734835c83c96117f27f2880f8ff9e2088cb8c9447b5af4. Can a SHA256 hash help me get the file? Maybe… The Microsoft Symbol Server Having some experience with the Microsoft Symbol Server, I know that it doesn’t only store symbol files, but also the PE (Portable Executable) files themselves. You can refer to the great article Symbols the Microsoft Way by Bruce Dawson for more details, but the most important detail for us is that the format for the path to each PE file in a symbol server is: “%s\%s\%08X%x\%s” % (serverName, peName, timeStamp, imageSize, peName) This means that all we need to retrieve the file from the Microsoft Symbol Server is to know the file’s timestamp and image size. But at this point, we only have the file’s SHA256 hash. VirusTotal to the rescue VirusTotal is a well known service for scanning files and URLs with multiple antivirus products and online scan engines. In addition to the scan results, VirusTotal displays some information about the submitted files. For PE files, it displays information such as imports and resources, but more importantly, it also displays the files’ timestamp and a list of sections. The latter can be used to calculate the file’s image size. In addition, if the file was scanned with VirusTotal before, the information can be retrieved by providing the file hash. That means that for each file previously scanned by VirusTotal, the SHA256 hash is enough to deduce the correct path on the Microsoft Symbol Server and download the file. Back to our example, the a43e5ad1d2920a0eca734835c83c96117f27f2880f8ff9e2088cb8c9447b5af4 hash can be found on VirusTotal, and the parameters that we need are the creation time: Creation Time: 2096-10-28 20:47:11 And the last section in the list of sections: Name: .reloc Virtual Address: 798720 Virtual Size: 12708 … You can Google for an “epoch converter” to convert the creation time to an epoch timestamp: 4002295631, or in hex: 0xee8e2f4f. You might need to append “GMT” to prevent the converter from reading the creation time as a local time. To calculate the image size, just add the virtual address and size of the last section: 798720+12708 = 811428 = 0xc61a4, and then align to the size of a page, which is 0x1000: 0xc7000. Combining the above, we can now build our download link: https://msdl.microsoft.com/download/symbols/srv2.sys/EE8E2F4Fc7000/srv2.sys Here’s a simple Python script which generates a Microsoft Symbol Server link from a file name and a file hash, automating what we just did manually. P.S. In case you’re wondering how come the file was created in 2096, it wasn’t. Starting with Windows 10, the timestamps of the system’s PE files are actually file hashes, a change that was made to allow reproducible builds. For more details see Raymond Chen’s blog post, Why are the module timestamps in Windows 10 so nonsensical?. P.P.S. If you read Bruce Dawson’s article, you saw that he talked about possible collisions in case there are two different files with the same timestamp and image size. He also described how Chrome had this exact problem. But Chrome used real timestamps, what about the pseudo-timestamps which are in fact file hashes that Windows 10 is using? In Windows’ case there are many collisions. I stumbled upon one, and got curious about the actual amount of such collisions, so I wrote a script to find all of them. Here’s the result, 3408 collisions! For most collisions (all but 54) the only different section is .rsrc which contains resource information, which means that the code and the data are the same. Perhaps the hashing algorithm isn’t affected by that section. I took one specific example (aitstatic.exe) and compared my system’s file (in a collision list) with the file served by the symbol server. The two had a different file version, the file served by the symbol server wasn’t signed, and the checksum (the real checksum field in the PE header, not the timestamp-checksum) was different. Also the file that was served by the symbol server was different than all of the files that I found in update packages. Looks like the symbol server sometimes returns a development file instead of a production one, which might be unsigned and have a different version. It might be confusing, and I’ve been bitten by this once, so remember: never trust the version of a file you download from the Microsoft Symbol Server. The other 54 collisions are of .NET PE files, and in this case other sections are different as well. But that doesn’t really matter, since they’re not available via the symbol server at all. Building an index That’s how I solved my problem, downloading several update packages and getting the driver files with the help of VirusTotal. But since all the files are so conveniently available via the Microsoft Symbol Server, I thought that it would be nice to index all of the files once, making the links for all PE files and versions available and saving myself and others from having to go through the procedure in the future. All I had to do is to get the list of updates from the Windows 10 update history page (for now, I looked only at Windows 10 updates), download these updates from the Microsoft Update Catalog, fetch the file names and hashes, query VirusTotal for these hashes, and make some nice interface to search in this index and generate links. Getting the list of updates That was the easy part, a simple Python script did the job. A funny thing I noticed is that the help page titles are edited manually, since they’re almost uniform, but some of them contain minor mistakes. Here are two examples for pages with a properly formatted title: June 18, 2020—KB4567523 (OS Build 19041.331) May 19, 2019—KB4505064 (OS Build 17134.766) And here are a couple of examples of titles with minor mistakes: May 21, 2019—KB4497934 (OS Build OS 17763.529) (an extra “OS”) September 29, 2016 — KB3194496 (OS Builds 14393.222) (“Builds”, but just one build) January 26, 2017—KB 3216755 (OS Build 14393.726) (the only entry with a space after “KB”) July 16, 2019—KB4507465 (OS Build 16299.1296 ) (a space before “)”) Downloading the updates from the Microsoft Update Catalog Most updates are available for three architectures: x86, x64 and ARM64. There are also updates for Windows Server in addition to Windows 10, but most, if not all of them are the same files for both Windows 10 and Windows Server. For now, I decided to limit the scope to x64. This part wasn’t as easy as the previous one, mainly because it’s so time consuming. In addition, it turned out that not all of the updates are available in the Microsoft Update Catalog. Out of the 502 updates available for Windows 10 while writing these lines, only 355 are available for x64. Out of the 147 which aren’t available, 27 are for Windows 10 Mobile (discontinued), one is only for x86, and one is only for Windows Server 2016. The other 118 are truly missing, 2 of which have a “no longer available” notice, and the others’ absence is not explained. Here is a detailed table with all of the updates and their availability for x64. Querying VirusTotal There are files of various types in the update packages, including non-PE files such as txt and png. For now, I decided to focus on exe, dll and sys which are the most common PE file types, even though there are other PE file types such as scr. Querying VirusTotal is quite simple, as I demonstrated with the Python script in the previous section about VirusTotal. The problem was that I needed to query information about 134,515 files, which is not a small amount. I was afraid of a strict rate limiting, but fortunately, the rate limiting wasn’t so strict. After a while I got a response similar to the following: { "error": { "code": "TooManyRequestsError", "message": "More than 1000 requests from 66.249.66.153 within a hour" } } So no more than 1000 requests within an hour, which means 5.5 days of downloading. I could use more computers, but that would be inconvenient. Even though it’s not too bad, I was uncomfortable seeing my script waiting every hour for the next quota of 1000 requests, so I used PyMultitor, the Python Multi Threaded Tor Proxy tool created by Tomer Zait. I heard about the tool a while ago, and finally had the perfect use case for it. I was pleasantly surprised how stable and easy to use it is (stability should also be attributed to the Tor project). With PyMultitor, I was able to reduce the time to 3 days of downloading. Of course, no data is returned if a file was never submitted to VirusTotal. Out of the 134,515 files, 108,470 were submitted, which is a success rate of 80.6%. Not bad! Also, 190 of the files were submitted, but the report for them didn’t contain details about the PE format. Rescanning them solved the problem. The result After building the index of files, I created a simple website which displays the data in a table. Here it is: Winbindex - the Windows Binaries Index All the files that were found in the update packages are listed, but currently only exe, dll and sys files have download links, except for those that weren’t submitted to VirusTotal. Possible further work I think that the index can already be very useful, but it’s not complete. Here are some things that can be done to further improve it: Indexing files from base builds. Currently, files which don’t appear in any update package, but appear in the initial Windows release aren’t indexed. To fill the gap, I’ll probably have to get the corresponding ISO files of the initial Windows releases. Indexing files which aren’t available on VirusTotal. There are several possible options here: Automating a VM that updates itself and grabs all the files. Understanding the diff algorithm to be able to get all the files from the update packages. Using the Unified Update Platform, although I’m not familiar enough with it to say if it can help with this. Indexing files of other architectures: x86 and ARM64, and of other Windows versions: Windows 7, Windows 8/8.1. I don’t plan to do any of that in the near future, but I might do that one day when I stumble upon another task which requires it. Source m417z.com
  21. 2 points
    Mister equality of outcome right here. Sunt curios daca esti capabil sa definesti un sistem de valori pe baza a ceea ce crezi tu ca va salva lumea. Pentru ca vad ca te consideri intelectual, altfel nu ai avea pareri atat de radicale impotriva intregului sistem actual.
  22. 2 points
    de asta nu e ok sa bea mamele in timpul sarcinii
  23. 2 points
  24. 2 points
    Aelius e spion Mossad? Explica de ce nu poate sa fie activ mereu, probabil investigheaza fetisuri personal :))))))))) Ce-i cu asta, bre?
  25. 2 points
    Security researchers detected a new ransomware strain that leveraged piracy as a means of distributing itself to Mac users. On June 29, a Twitter user reached out to Malwarebytes about a malicious Little Snitch installer that was available for download on a Russian forum known for sharing torrent links. A close look at the installer revealed that it used a generic icon and arrived within a disk image file. Upon activation, this resource loaded the legitimate installer and uninstaller apps for Little Snitch, a program which alerts users when an app attempts to connect to a web server. The program also installed an executable called “patch” in the /Users/Shared directory. After a script moved it to a location that appeared to relate to Little Snitch and renamed it “CrashReporter” for the purpose of blending in, “patch” removed itself from the /Users/Shared directory, launched its copy and then launched the Little Snitch installer. This process didn’t go so well, however. As Malwarebytes explained in its research: Further investigation revealed that the threat relied on a malicious installer for DJ software called “Mixed In Key 8.” The malware delivered by that installer was similarly hesitant to get to work, but after Malwarebytes changed the clock setting of its virtual machine, disconnected from the network and restarted the computer a few times, the ransomware finally sprung into action and launched its encryption routine. This process led the threat to encrypt settings files and the keychain files, thus producing error messages and spinning beach balls. Researchers at the security firm learned from others that the Mac ransomware eventually deployed a ransom note with instructions for payment. Even so, it was unable to replicate this behavior. Screenshot of encryption message posted to RUTracker forum (Source: Malwarebytes) This isn’t the first time that researchers have detected ransomware targeting Mac users. Back in 2017, for instance, researchers spotted another crypto-malware strain that relied on cracks to pirate commercial software for distribution. As such, organizations should follow these steps to prevent a ransomware infection from occurring in the first place. Via tripwire.com
  26. 2 points
    Live: Guess who's back! After a rather long pause, Security Espresso's Meetups are back, in an online format! We're sure that you miss the gatherings and the beers, but rest assured it's all going to happen anyway! Our first virtual meetup will happen online and will be streamed to YouTube. Make sure to join our Telegram group if you didn't already so you can ask any questions you might have for the speakers: https://t.me/secespresso Without further ado, here are the speakers for Security Espresso Meet-up 0x23: 19:00 → 19:45 ☠️ Principles of heap-based exploits on Windows 7 & 10 x32 📣 Stefan Nicula - Senior Threat Researcher @ Avira Protection Labs, Twitter: @stefan_nicula A successful userland heap memory corruption exploit on Windows requires a good grasp on the mechanisms behind the Heap Manager. The talk aims to tackle Windows Heap Manager internals such as Backend vs Frontend Allocators, VirtualAlloc, heap memory layout, Windows 10 vs Windows 7 Heap Manager differences and Windows Heap Integrity protection. We will also explore heap exploit principles for Use-after-free and Double Free exploits like primitives, allocators, precise heap spraying, stack pivot and ROP chaining. In a future part 2 of the presentation, we will dive into more advanced techniques related to memory information leak, type confusion, abusing vtable pointers and Windows ATP protection bypasses. 19:45 → 20:00 ⏸ Break 20:00 → 20:45 🕶 Opsec guide for the security enthusiast 📣 Dan Demeter - Security Researcher @ GReAT, Twitter: @_xdanx 📣 Marco Preuss - Director @ GReAT, Europe, Twitter: @marco_preuss As more and more metadata is passively collected at a large scale, one might question the boundaries set by governments in regards to privacy and personal life. We believe privacy is a fundamental human right and, by using the right tools, it can still be achieved. During this beginner’s opsec guide we will present techniques and tools to protect your digital communications, as well as your equipment. Some covered topics: - Corporate communication crisis management - Encryption and secure communication - Physical device security - Network activity monitoring - Travelling to foreign countries 20:45 → ∞ 🍻 Virtual beer on Discord! Attendance policy: BYOD (bring your own drink). 🔗 Join us: https://discord.gg/7kCdJp8
  27. 2 points
    Offline nu vom risca sa organizam o activitate de dimensiunea celei de anul trecut, insa lucram la o agenda virtuala, sper eu, interesanta. Sunt deacord cu @Nytro si @Zatarraapropo de "socializarea" offline dar nu cu riscuri de sanatate. Worst case, un hangouts cu bere personalizata cu palariile DefCamp. @SynTAX ce ti-a placut la CISCO?
  28. 2 points
  29. 2 points
    Pai daca la service ti au zis ca e arsa placa de baza cum am putea noi sa iti zicem de aici altceva?
  30. 2 points
    Nu v-a m-ai drogaț ! Jocuri-le dauneaza grav sanatati !
  31. 2 points
    Nu stiu care e parerea celorlalti, dar mie mi se pare incredibil ce faci acolo Ai putea sa explici putin ce se intampla p-acolo si pentru noi astia mai slabuti? Thanks & really impressive work!
  32. 2 points
    Pager-ul functioneaza pe frecvente radio inferioare frecventelor GSM si nu merge pe baza de SIM card. Acoperirea cu semnal radio a regiunilor era asigurata de retelele de radiotelecomunicatii a statului si ulterior s-au privatizat in firme subsidiare dar care au dat faliment o data cu aparitia si dezvoltarea retelelor GSM si mai noi a internetului WIFI. Incepand din 2018 nu stiu sa mai fie servicii active de paging radio in RO. Licentele de emisie - receptie costa foarte mult ca si procedura de obtinere si licentiere inclusiv training-ul la STS. Aparatura este si ea scumpa de emisie receptie pentru dispecere si nu renteaza deoarece exista alternative mai avantajoase. Totusi radioul si gsm-ul nu sunt singurele metode de comunicatie ce pot fi implementate daca doresti sa vii cu ceva inovator fara sa achizitionezi licente radio si aprobari sa stii ca nu este imposibil. Succes !
  33. 2 points
    Daca un bun/lucru/produs vine gratis inseamna ca tu esti produsul.
  34. 2 points
    Bună, fie ca esti un nou rookie in sec, sau poate tocmai ai auzit de rst, sau un "zeu" gen Nytro , cine stie care este scopul tau aici, dar, pentru absolut toti posibilii cititori va doresc o zi buna si toate cele. Scopul meu aici, momentan, e doar sa mai dau un ochi, sa mai vad ocazionalu "imi trebuie niste bitcoin dar am cash", iar pe privat " ma rezolvi de 3m" LOL In special celora care ma stiu, ma adresez umil, cu recentele intamplari din viata mea, sau poate doar va scaldati in bani, orice m-ar ajuta, de la citirea acestui mesaj la SEO, un share etc. Mici firmituri ce se strang incet, apelez la voi. Accidentul s-a intamplat acu aproximativ 3 ani, din care 1 l-am petrecut in spital... Am fost destul de rau, acum sunt mai bine, mental / psihic. Dar, multumita internetului am gasit ceva ce m-ar putea ajuta, in Bangkok, exista o asa-zisa procedura numita "stimulare epidurala" sau "epidural stimulation" in eng. Care se face intr-o clinica privata, iar ei se lauda intr-una cu succesuri. Imi pun si eu putina speranta in omenire si in mine, pentru a trece si acest obstacol si a-mi recăpăta viata ce o aveam odata, pe picioarele mele. Bottom line: facebook.com/donate/1935406726595693 Am nevoie de ajutorul vostru fosti "colegi" in bune si rele. Cine poate , ma va ajuta, cine nu, asta e ,iti multumesc oricum pentru timpul acordat si iti urez o zi bună. Multumesc tuturor anticipat , remain cool m8s. Edit:am si paypal, zyxescu@yahoo.com .
  35. 2 points
    it's always DNS (OR BGP)
  36. 2 points
  37. 2 points
    Hmm .. ai putea sa te bazezi pe baze de date offline cu vulnerabilitati si sa faci licenta in asa fel incat sa prezinti exemple particulare de softuri ce pot fi testate cu asa ceva. Imposibil insa sa nu ai o marja de eroare la acel calcul pe care va trebui sa o mentionezi ba chiar sa o detaliezi. Ti-l fac eu dar incepem sa vorbim de la 4000 LEI in sus cu avans. Daca esti ok cu asta da-mi mesaj.
  38. 2 points
    Tu cauta un programator bun in python...ca si restul vor cauta oameni buni care stiu sa faca ceva, nu sa plateasca pe altul sa faca. N-am sa inteleg niciodata de ce stati 3/4 ani in facultate ca la sfarsit sa cumparati tema de licenta...Nu poti tu sa-ti faci licenta?Nici o rusine, nu e un capat de lume, dar macar fii constient ca nici diploma nu ti-o meriti
  39. 2 points
    Sper ca l au luat si pe ala de dadea pe aici exploit fud si scria cu font gay
  40. 2 points
    Nu esti indexat si nu ai vizite deoarece mai sunt inca 41241242353425234234 site-uri la fel ca al tau, acceasi tema, accelasi continut, nimic unic pe el. Poti incerca sa iti scrii singur descrierile la filme si sa nu le mai copiezi din alta parte daca vrei sa ai macar o sansa.
  41. 2 points
    Administrez servere linux (orice distributie) cat si FreeBSD. Experienta in domeniu: ~22 de ani In mare, din cunostintele ce le am si ce servicii pot oferi: - Politici de securitate atat pe FreeBSD cat si pe linux - Solutii antispam si solutii de securitate pentru servere de email - Orice arhitectura de server(e) web (content delivery & caching, dual strat, clusters) - MySQL, PostgreSQL, PHP - Tehnici avansate de mitigare atacuri DDoS. - Sisteme de detectie si prevenire a intruziunilor - Audit de securitate si pregatire in vederea certificarii ISO 27001 (+ analiza riscuri) Instalez, configurez si optimizez orice fel de daemon sau aplicatie open source. De asemenea, ofer consultanta pentru necesitati hardware. Ofer factura pentru toate serviciile oferite. Pentru cotatii de pret, trimite un email te rog la tex at unixteacher dot org (sau un mesaj privat)
×
×
  • Create New...