Leaderboard
Popular Content
Showing content with the highest reputation since 01/25/18 in all areas

10 pointshttps://www.blackhat.com/asia18/presenters/IonutPopescu.html

8 pointsIn caz ca sunt ceva politisti pe aici (hai, stiu ca sunt). Invividul are/avea adresa ip 82.78.148.48. Scapatine de puslamalele astea. Noi vrem sa tinem forumul curat, voi vreti activitate :)))) Toata lumea va fi fericita. inetnum: 82.78.148.0  82.78.148.255 netname: RORESIDENTIAL descr: RCS & RDS Residential descr: City: Predeal

8 points

8 pointsChatul ala e un rahat si propun eliminarea lui din forum (scoaterea linkului catre el) pentru ca:  Este total izolat fata de forum si nu are nicio legatura cu el in ceea ce priveste utilizatorii  Oamenii se aleg cu ban acolo pe diverse motive (dar niciunul bine argumentat)  In timp ce forumul este orientat catre IT si mai sunt permise discutii despre altele, chatul este un bordel utilizat pentru schimb de linkuri cu manele si cacaturi sinistre  Daca se incepe o discutie tehnica pe chat, este imediat intrerupta de salam, guta, micul muc ala slinos care behaie in microfon si alte tiganci mustacioase.

7 pointsPentru ca intensitatea curentului electric reprezinta numarul de electroni ce trec printro sectiune a unui conductor in unitatea de timp. Daca de obicei citesti libertatea si cancan, nu ai de unde afla informatii utile :))))) E ca si cum teai scarpina la pula, teai uita la meci de fotbal si ai avea pretentia sa inveti chestii despre fizica.

6 pointsNu tiau dat voie sa iesi de mult timp pe afara,asa e?

5 points5 luni? Am stat mai mult in casa fara sa duc lipsa de ceva. Raspunsul la intrebarea ta e: carcera. Izolare totala, mancare la botu' calului si oportunitati extraordinare de dezvoltare personala, precum:  Pentru dezvoltarea memoriei: Apucate de scris un blog in imaginatie, cu baza de date in memorie. Scrii in fiecare zi un post si recitesti saptamanal toate posturile. Cand devine prea usor, scrie si niste comentarii la fiecare post.  Pentru companie: Invata sa apreciezi fiecare gandac. Cu cat mai multi, cu atat mai mult te poti considera si tu apreciat. Wiki e un start bun inainte sa intri: https://en.wikipedia.org/wiki/Cockroach  Pentru depresie & dezvoltare intelectuala: Invata sa apreciezi depresia, pentru ca se regaseste doar in persoanele capabile de auto reflectie. Tot ceea ce reprezinta e certitudinea ca iti doresti sa evoluezi.  Pentru meditatie: Gandestete in fiecare zi la ce ai facut ca sa ajungi acolo. Cu fiecare iteratie, motivul o sa ti se para din ce in ce mai prostesc, asta te va feri in viitor sa faci aceeasi greseala; asta daca inchisoare in sine nu are acelasi efect. Si priveste partea buna: Nu e niciuna, insa, intelegand asta, vei avansa la un nou nivel de cunoastere.

This post cannot be displayed because it is in a forum which requires at least 10 posts to view.

5 pointsIntroduction alkhaser is a PoC "malware" application with good intentions that aims to stress your antimalware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. Download You can download the latest release here. Possible uses You are making an antidebug plugin and you want to check its effectiveness. You want to ensure that your sandbox solution is hidden enough. Or you want to ensure that your malware analysis environment is well hidden. Please, if you encounter any of the antianalysis tricks which you have seen in a malware, don't hesitate to contribute. Features Antidebugging attacks IsDebuggerPresent CheckRemoteDebuggerPresent Process Environement Block (BeingDebugged) Process Environement Block (NtGlobalFlag) ProcessHeap (Flags) ProcessHeap (ForceFlags) NtQueryInformationProcess (ProcessDebugPort) NtQueryInformationProcess (ProcessDebugFlags) NtQueryInformationProcess (ProcessDebugObject) NtSetInformationThread (HideThreadFromDebugger) NtQueryObject (ObjectTypeInformation) NtQueryObject (ObjectAllTypesInformation) CloseHanlde (NtClose) Invalide Handle SetHandleInformation (Protected Handle) UnhandledExceptionFilter OutputDebugString (GetLastError()) Hardware Breakpoints (SEH / GetThreadContext) Software Breakpoints (INT3 / 0xCC) Memory Breakpoints (PAGE_GUARD) Interrupt 0x2d Interrupt 1 Parent Process (Explorer.exe) SeDebugPrivilege (Csrss.exe) NtYieldExecution / SwitchToThread TLS callbacks Process jobs Memory write watching AntiDumping Erase PE header from memory SizeOfImage Timing Attacks [AntiSandbox] RDTSC (with CPUID to force a VM Exit) RDTSC (Locky version with GetProcessHeap & CloseHandle) Sleep > SleepEx > NtDelayExecution Sleep (in a loop a small delay) Sleep and check if time was accelerated (GetTickCount) SetTimer (Standard Windows Timers) timeSetEvent (Multimedia Timers) WaitForSingleObject > WaitForSingleObjectEx > NtWaitForSingleObject WaitForMultipleObjects > WaitForMultipleObjectsEx > NtWaitForMultipleObjects (todo) IcmpSendEcho (CCleaner Malware) CreateWaitableTimer (todo) CreateTimerQueueTimer (todo) Big crypto loops (todo) Human Interaction / Generic [AntiSandbox] Mouse movement Total Physical memory (GlobalMemoryStatusEx) Disk size using DeviceIoControl (IOCTL_DISK_GET_LENGTH_INFO) Disk size using GetDiskFreeSpaceEx (TotalNumberOfBytes) Mouse (Single click / Double click) (todo) DialogBox (todo) Scrolling (todo) Execution after reboot (todo) Count of processors (Win32/Tinba  Win32/Dyre) Sandbox known product IDs (todo) Color of background pixel (todo) Keyboard layout (Win32/Banload) (todo) AntiVirtualization / FullSystem Emulation Registry key value artifacts HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VBOX) HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (QEMU) HARDWARE\Description\System (SystemBiosVersion) (VBOX) HARDWARE\Description\System (SystemBiosVersion) (QEMU) HARDWARE\Description\System (VideoBiosVersion) (VIRTUALBOX) HARDWARE\Description\System (SystemBiosDate) (06/23/99) HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE) HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE) HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0 (Identifier) (VMWARE) Registry Keys artifacts "HARDWARE\ACPI\DSDT\VBOX__" "HARDWARE\ACPI\FADT\VBOX__" "HARDWARE\ACPI\RSDT\VBOX__" "SOFTWARE\Oracle\VirtualBox Guest Additions" "SYSTEM\ControlSet001\Services\VBoxGuest" "SYSTEM\ControlSet001\Services\VBoxMouse" "SYSTEM\ControlSet001\Services\VBoxService" "SYSTEM\ControlSet001\Services\VBoxSF" "SYSTEM\ControlSet001\Services\VBoxVideo" SOFTWARE\VMware, Inc.\VMware Tools SOFTWARE\Wine File system artifacts "system32\drivers\VBoxMouse.sys" "system32\drivers\VBoxGuest.sys" "system32\drivers\VBoxSF.sys" "system32\drivers\VBoxVideo.sys" "system32\vboxdisp.dll" "system32\vboxhook.dll" "system32\vboxmrxnp.dll" "system32\vboxogl.dll" "system32\vboxoglarrayspu.dll" "system32\vboxoglcrutil.dll" "system32\vboxoglerrorspu.dll" "system32\vboxoglfeedbackspu.dll" "system32\vboxoglpackspu.dll" "system32\vboxoglpassthroughspu.dll" "system32\vboxservice.exe" "system32\vboxtray.exe" "system32\VBoxControl.exe" "system32\drivers\vmmouse.sys" "system32\drivers\vmhgfs.sys" Directories artifacts "%PROGRAMFILES%\oracle\virtualbox guest additions\" "%PROGRAMFILES%\VMWare\" Memory artifacts Interupt Descriptor Table (IDT) location Local Descriptor Table (LDT) location Global Descriptor Table (GDT) location Task state segment trick with STR MAC Address "\x08\x00\x27" (VBOX) "\x00\x05\x69" (VMWARE) "\x00\x0C\x29" (VMWARE) "\x00\x1C\x14" (VMWARE) "\x00\x50\x56" (VMWARE) Virtual devices "\\.\VBoxMiniRdrDN" "\\.\VBoxGuest" "\\.\pipe\VBoxMiniRdDN" "\\.\VBoxTrayIPC" "\\.\pipe\VBoxTrayIPC") "\\.\HGFS" "\\.\vmci" Hardware Device information SetupAPI SetupDiEnumDeviceInfo (GUID_DEVCLASS_DISKDRIVE) QEMU VMWare VBOX VIRTUAL HD System Firmware Tables SMBIOS string checks (VirtualBox) ACPI string checks (VirtualBox) Driver Services VirtualBox VMWare Adapter name VMWare Windows Class VBoxTrayToolWndClass VBoxTrayToolWnd Network shares VirtualBox Shared Folders Processes vboxservice.exe (VBOX) vboxtray.exe (VBOX) vmtoolsd.exe(VMWARE) vmwaretray.exe(VMWARE) vmwareuser(VMWARE) vmsrvc.exe(VirtualPC) vmusrvc.exe(VirtualPC) prl_cc.exe(Parallels) prl_tools.exe(Parallels) xenservice.exe(Citrix Xen) WMI SELECT * FROM Win32_Bios (SerialNumber) (VMWARE) SELECT * FROM Win32_PnPEntity (DeviceId) (VBOX) SELECT * FROM Win32_NetworkAdapterConfiguration (MACAddress) (VBOX) SELECT * FROM Win32_NTEventlogFile (VBOX) SELECT * FROM Win32_Processor (NumberOfCores) (GENERIC) SELECT * FROM Win32_LogicalDisk (Size) (GENERIC) DLL Exports and Loaded DLLs kernel32.dll!wine_get_unix_file_nameWine (Wine) sbiedll.dll (Sandboxie) dbghelp.dll (MS debugging support routines) api_log.dll (iDefense Labs) dir_watch.dll (iDefense Labs) pstorec.dll (SunBelt Sandbox) vmcheck.dll (Virtual PC) wpespy.dll (WPE Pro) CPU Hypervisor presence using (EAX=0x1) Hypervisor vendor using (EAX=0x40000000) "KVMKVMKVM\0\0\0" (KVM) "Microsoft Hv"(Microsoft HyperV or Windows Virtual PC) "VMwareVMware"(VMware) "XenVMMXenVMM"(Xen) "prl hyperv "( Parallels) "VBoxVBoxVBox"( VirtualBox) AntiAnalysis Processes OllyDBG / ImmunityDebugger / WinDbg / IDA Pro SysInternals Suite Tools (Process Explorer / Process Monitor / Regmon / Filemon, TCPView, Autoruns) Wireshark / Dumpcap ProcessHacker / SysAnalyzer / HookExplorer / SysInspector ImportREC / PETools / LordPE JoeBox Sandbox Macro malware attacks Document_Close / Auto_Close. Application.RecentFiles.Count Code/DLL Injections techniques CreateRemoteThread SetWindowsHooksEx NtCreateThreadEx RtlCreateUserThread APC (QueueUserAPC / NtQueueApcThread) RunPE (GetThreadContext / SetThreadContext) Sursa & download: https://github.com/LordNoteworthy/alkhaser

5 pointsDomnul @Usr6 mia trasat sarcina sa scriu writeupul (modul in care am rezolvat problema). Asa ca hai sa incepem. Nivelul 0 Challengeul incepe cu o poza, jpeg: TheBodyguard.jpeg si cu un fisier script python (denumit de mine password_encoder.py) Mai intai analizam poza (eu am preferat binwalk) si observam ca are concatenat la sfarsit un fisier zip: Avand in vedere faptul ca avem si un script python ce pare sa codeze parola, putem presupune ca arhiva atasata este parolata. In mod normal binwalk incearca sa dezarhiveze/decomprime arhivele pe care le intalneste, dar in acest caz near incurca mai mult, asa ca vom rula binwalk extract carve TheBodyguard.jpg. Acum avem un dosar _TheBodyguard.jpg.extracted unde vom gasi un fisier 14757.zip (deoarece a fost gasit la offsetul 0x14757). Daca vom incerca sa dezarhivam acest fisier zip, ne vom lovi de necesitatea unei parole. Nivelul 1 Acum vom analiza scriptul python, pentru a determina parola. La prima vedere pare cam complicat, asa ca vom incerca sa urmarim executia de la capat la inceput. Stim ca avem outputul "You need this:201,203,165,195,165,191,205,187,181,191,173,187,173,187,193,199,", asa ca vom cauta codul ce genereaza aceasta linie; si il gasim pe ultimul rand al scriptului. Observam ca apeleaza functia enc2 cu avand ca prim parametru parola noastra, iar ca al 2lea parametru rezultatul functiei enc2. Daca analizam corpul functiei enc2 observam ca aceasta functie concateneaza suma valorilor numerice a caracterelor de cele 2 stringuri primite ca parametrii (t1 si t2). Aici observam ca lungimea lui t1 trebuie sa fie mai mica sau egala cu lugimea lui t2. Altfel vom avea erori. Dar t2 este de fapt parola noastra codata cu enc1. Iar in enc1 observam ca facem ROT+3 (adica "a" devine "d", "b" devine "e", etc), doar daca este o litera mica; altfel sarim peste. Din datele de mai sus deducem ca parola este formata doar din litere mici, mai exact din 16 litere mici. Inarmati cu aceste date vom incerca o implementare in python (ipython mai exact): Mai intai extragem sumele de caractere ca un array de intregi (In [3] in ipython). Apoi generam toate sumele posibile ce pot rezulta din utilizarea functiei enc2 (ne intereseaza doar sumele ca valori numerice; argumentul functiei str din bucla for) si le stocam in dictionarul nostru (declarat in In [4]), impreuna cu literele aferente care au generat suma (o suma poate fi generata cu mai multe litere, cum poate fi observat in Out [8]). La sfarsit generam toate combinatiile posibile si obtinem 8 posibile parole, dar prima pare cea mai promitatoare. O utilizam si ne alegem cu un fisier prng, fara nici o extensie. Nivelul 2 Deoarece fisierul prng nu are nici o extensie, vom apela la utilitarul file pentru a identifica subiectul. Aflam ca este tot o arhiva de tip zip, asa ca il redenumim in prng.zip. In momentul in care incercam sa il dezarhivam, ne lovim de o parola si un indiciu sub forma altui script python: De aceasta data, scriptul se vrea un pseudo random number generator, ce isi genereaza seedul dintro structura python folosita pentru stocarea datei. Aceasta tip de date (named tuple) este strurata in felul urmator: pozitia 0: anul (accesabil si prin membrul tm_year) pozitia 1: luna (accesabil si prin membrul tm_mon) pozitia 2: ziua lunii (accesabil si prin membrul tm_day) pozitia 3: ora zile in format 24h (accesabil si prin membrul tm_hour) pozitia 4: minutele (accesabil si prin membrul tm_min) pozitia 5: secundele (accesabil si prin membrul tm_sec) pozitia 6: ziua saptamanii (accesabil si prin membrul tm_wday) pozitia 7: ziua din an (accesabil si prin membrul tm_yday) pozitia 8: decalajul aferent orei de vara (accesabil si prin membrul tm_isdst) Noi nu suntem interesati decat de pozitiile 0, 2, 3, 4, 5. Pe de alta parte, analizand functia password_gen, observam ca pozitiile pare din stringul seed sunt pastrate (deci sunt cifre mereu) iar pozitiile impare sunt inlocuite cu litere din alfabet, aflate la pozitia respectiva (din punct de vedere lexicografic). De aici putem deduce ca parola noastra nu poate fi mai lunga de 27 de caractere (deoarece ultimul caracter poate fi o cifra). In continuare vom face niste supozitii legate de data folosita ca seed, si anume vom presupune ca este data crearii/modificarii fisierului din arhiva (sau foarte aproape). In fond si la urma urmei putem oricand sa facem bruteforce pe parola cu un program asemanator John The Ripper, folosind ca masca pentru parola ?db?dc?df?dh?dj?dl?dn?dp?dr?dt?dv?dx?dz?d. Daca listam continutul arhivei (folosind unzip l prng.zip) nu vom avea decat data, ora si minutele, nu si secundele. Ca atare vom face o listare mai completa a arhivei in speranta ca vom obtine o data completa, folosind comanda unzip Z l v prng.zip: Inarmati cu aceste date, vom incerca un mic script python: Mai intai declaram o functie care va calcula acea variabila seed ce se afla la inceputul scriptului original, folosind un struct_time ca argument. Apoi copiem functia password_gen. In ultimul rand vom crea o variabila timestruct (de tip struct_time) ce va contine data fisierului, folosind functia strptime (adica vom aplica o functie de parsing pe stringul cu data). Avand aceste detalii, apelam functia password_gen pentru a obtine seedul ce serveste ca parola. Din nefericire aceasta parola nu a functionat, dar putem presupune ca suntem pe aproape. Daca presupunem ca nu avem secundele corecte putem genera o lista de parole (unice) pentru fiecare secunda posibila: Incercand aceste variante, descoperim ca "2b1d3f2h" este parola potrivita, si obtimem un fisier ' .64'. Nivelul 3 Fisierul obtinut la pasul anterior nu pare prea darnic in a ne prezenta vreun indiciu; utilitarul file nu ne poate spune decat ca avem de aface cu un fisier text ASCII cu terminatii de linie CRLF (adica Windows/DOS). La o analiza mai atenta, observam ca avem de aface cu un fisier cu mai multe linii, fiecare linie avand un numar diferit de spatii alble (caracterul ASCII 0x20). Din start am presupus ca avem de aface cu ceva base64 si ca numarul de spatii albe este relevant. Aici mam blocat din cauza propriei prostii si neatentii, si am pierdut cam o saptamana (adica aproximativ 10 ore distribuite dea lungul a 7 zile). Cand am inceput challangeul, cel deal 2lea indiciu era deja postat. Asa ca mam folosit de el. Indiciul decodat ne spune Inarmat cu aceste informatii, e timpul pentru niste experimente. Mai intai citim fisierul, si il spargem in linii de spatii si observam ca avem 12 linii. Acum sa vedem cate spatii albe avem pe fiecare linie (in poza In [5] si Out [6]). Deci nici un numar nu trece de valoarea 64, iar cum fisierul are extensia 64, indiciul a fost codat in base64 si ni sa si precizat ca indiciul "este 2 indicii", probabil aceste numere sunt indecsii alfabetului base64. Construim o variabila (in poza este denumita alphabet la linia In [7]) in care vom stoca alfabetul base64 (vom folosi alfabetul clasic, AZaz09+/). Acum folosim sirul de numere de mai sus ca indecsi si... neam blocat. Obtinem S3+waDCjc4li, care decodat ne da urmatorul sir de bytes: Problema este extrem de simpla: noi avem niste lungimi de siruri de spatii albe, deci, pornesc de la 1, dar arrayurile in python pornesc de la 0. Si asa am pierdul degeaba o saptamana, incercand tot felul de alfabete ezoterice, si cautand alte explicatii. Pana la urma lam contactat pe @Usr6 care ma trezit la realitate De indata ce corectam problema indexului obtinem solutia.

4 points

4 points

4 pointsSomeone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS. “This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat, referring to Apple's history. “It’s a huge deal.” Update, February 8, 08:27 a.m.: Apple filed a copyright takedown request with GitHub and forced the company to remove the code. Sursa: https://motherboard.vice.com/en_us/article/a34g9j/iphonesourcecodeibootiosleak

4 pointsPlm, toti samsarii din Vitan vand jafuri aduse din Germania cu kilometrajul dat inapoi si nu sunt obligati sa plateasca impozit. De puscarie pentru inselaciune nici nu se pune problema. Eu zic sa ne organizam si maine sa iesim in fata Guvernului. #DreptatePentru@Andreiasul

This post cannot be displayed because it is in a forum which requires at least 10 posts to view.

4 pointswhois e atat de sarac, incat soarecii umbla la el prin casa cu lacrimi in ochi de foame :))))))))

4 pointssi voi chiar credeti povestea lui pula belita asta? hai ma ce dracu..... traim in secolul manipularii grosolane (nici nu zic ca nu e treaba platita de high end wall street fuckers)....... nigga please

4 pointsAS FLYING, CAMERAWIELDING machines get ever cheaper and more ubiquitous, inventors of antidrone technologies are marketing every possible idea for protection from hovering eyes in the sky: Dronespotting radar. Dronesnaggingshotgun shells. Antidrone lasers, falcons, even dronedowning drones. Now one group of Israeli researchers has developed a new technique for that dronecontrol arsenal—one that can not only detect that a drone is nearby, but determine with surprising precision if it's spying on you, your home, or your highsecurity facility. Researchers at Ben Gurion University in Beer Sheva, Israel have built a proofofconcept system for countersurveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject—a window, say—someone might want to guard from potential surveillance. Then they remotely intercept a drone's radio signals to look for that pattern in the streaming video the drone sends back to its operator. If they spot it, they can determine that the drone is looking at their subject. In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone's encrypted video. "This is the first method to tell what is being captured in a drone's [firstpersonview] channel" despite that encryption, says Ben Nassi, one of the Ben Gurion researchers who wrote a paper on the technique, along with a group that includes legendary cryptographer and coinventor of the RSA encryption algorithm Adi Shamir. "You can observe without any doubt that someone is watching. If you can control the stimulus and intercept the traffic as well, you can fully understand whether a specific object is being streamed." The researchers' technique takes advantage of an efficiency feature streaming video has used for years, known as "delta frames." Instead of encoding video as a series of raw images, it's compressed into a series of changes from the previous image in the video. That means when a streaming video shows a still object, it transmits fewer bytes of data than when it shows one that moves or changes color. That compression feature can reveal key information about the content of the video to someone who's intercepting the streaming data, security researchers have shown in recent research, even when the data is encrypted. Researchers at West Point, Cornell Tech, and Tel Aviv University, for instance, used that feature as part of a technique to figure out what movie someone was watching on Netflix, despite Netflix's use of HTTPS encryption. The encrypted video streamed by a drone back to its operator is vulnerable to the same kind of analysis, the Ben Gurion researchers say. In their tests, they used a "smart film" to toggle the opacity of several panes of a house's windows while a DJI Mavic quadcopter watched it from the sky, changing the panes from opaque to transparent and back again in an onoff pattern. Then they showed that with just a parabolic antenna and a laptop, they could intercept the drone's radio signals to its operator and find that same pattern in the drone's encrypted data stream to show that the drone must have been looking at the house. In another test, they put blinking LED lights on a test subject's shirt, and then were able to pull out the binary code for "SOS" from an encrypted video focused on the person, showing that they could even potentially "watermark" a drone's video feed to prove that it spied on a specific person or building. All of that may seem like an elaborate setup to catch a spy drone in the act, when it could far more easily be spotted with a decent pair of binoculars. But Nassi argues that the technique works at ranges where it's difficult to spot a drone in the sky at all, not to mention determine precisely where its camera is pointed. They tested their method from a range of about 150 feet, but he says with a more expensive antenna, a range of more than a mile is possible. And while radar or other radio techniques can identify a drone's presence at that range, he says only the Ben Gurion researchers' trick actually know where it's looking. "To really understand what’s being captured, you have to use our method," Nassi says. Rigging your house—or body—with blinking LEDs or smart film panels would ask a lot of the average dronewary civilian, notes Peter Singer, an author and fellow at the New America Foundation who focuses on military and security technology. But Singer suggests the technique could benefit highsecurity facilities trying to hide themselves from flying snoops. "It might have less implications for personal privacy than for corporate or government security," Singer says. DJI didn't respond to WIRED's request for comment. Nor did Parrot, whose drones Nassi says would also be susceptible to their technique. If the Ben Gurion researchers' technique were widely adopted, determined drone spies would no doubt find ways to circumvent the trick. The researchers note themselves that dronepiloting spies could potentially defeat their technique by, for instance, using two cameras: one for navigation with firstperson streaming, and one for surveillance that stores its video locally. But Nassi argues that countermeasure, or others that "pad" video stream data to better disguise it, would come at a cost of realtime visibility or resolution for the drone operator. The spyversus spy game of aerial drone surveillance is no doubt just getting started. But for the moment, at least, the Israeli researchers' work could give spying targets an unexpected new way to watch the watchers—through their own airborne eyes  WIRED.

4 pointsThe previous two blog posts describe how a Stack Based Buffer Overflow vulnerability works on x86 (32 bits) Windows. In the first part, you can find a short introduction to x86 Assembly and how the stack works, and on the second part you can understand this vulnerability and find out how to exploit it. This article will present a similar approach in order to understand how it is possible to exploit this vulnerability on x64 (64 bits) Windows. First part will cover the differences in the Assembly code between x86 and x64 and the different function calling convention, and the second part will detail how these vulnerabilities can be exploited. ASM for x64 There are multiple differences in Assembly that need to be understood in order to proceed. Here we will talk about the most important changes between x86 and x64 related to what we are going to do. Articol complet: https://nytrosecurity.com/2018/01/24/stackbasedbufferoverflowsonx64windows/

3 pointsAm ajuns la concluzia ca mouseurile low budget sunt cele mai bune asa le schimbam si eu inainte pana mia cazut in mana unu la 15 lei parca, il am de vreo 3 ani si merge perfect, da cu flit la toate steelseries de leam folosit. astai http://www.comrace.ro/mouseagileropticalsilverblackps2agm108l.html

3 pointsAdded support for Chrome 64 (32 bits) to NetRipper https://github.com/NytroRST/NetRipper

3 pointsIati carti cu tine sau spune acasa sati aduca multe carti. Citeste si nu asculta ce vorbeste lumea (hotii, cum sa faci una/alta). Si daca esti in lanturi, mintea poate fi in paradis. Aia nu iti poate lua nimeni.

3 points

3 pointsOptimization by natural selection Evolutionary algorithms are a heuristicbased approach to solving problems that cannot be easily solved in polynomial time, such as classically NPHard problems, and anything else that would take far too long to exhaustively process. When used on their own, they are typically applied to combinatorial problems; however, genetic algorithms are often used in tandem with other methods, acting as a quick way to find a somewhat optimal starting place for another algorithm to work off of. The premise of an evolutionary algorithm (to be further known as an EA) is quite simple given that you are familiar with the process of natural selection. An EA contains four overall steps: initialization, selection, genetic operators, and termination. These steps each correspond, roughly, to a particular facet of natural selection, and provide easy ways to modularize implementations of this algorithm category. Simply put, in an EA, fitter members will survive and proliferate, while unfit members will die off and not contribute to the gene pool of further generations, much like in natural selection. Context In the scope of this article, we will generally define the problem as such: we wish to find the best combination of elements that maximizes some fitness function, and we will accept a final solution once we have either ran the algorithm for some maximum number of iterations, or we have reached some fitness threshold. This scenario is clearly not the only way to use an EA, but it does encompass many common applications in the discrete case. Initialization In order to begin our algorithm, we must first create an initial population of solutions. The population will contain an arbitrary number of possible solutions to the problem, oftentimes called members. It will often be created randomly (within the constraints of the problem) or, if some prior knowledge of the task is known, roughly centered around what is believed to be ideal. It is important that the population encompasses a wide range of solutions, because it essentially represents a gene pool; ergo, if we wish to explore many different possibilities over the course of the algorithm, we should aim to have many different genes present. Selection Once a population is created, members of the population must now be evaluated according to a fitness function. A fitness function is a function that takes in the characteristics of a member, and outputs a numerical representation of how viable of a solution it is. Creating the fitness function can often be very difficult, and it is important to find a good function that accurately represents the data; it is very problemspecific. Now, we calculate the fitness of all members, and select a portion of the topscoring members. Multiple objective functions EAs can also be extended to use multiple fitness functions. This complicates the process somewhat, because instead of being able to identify a single optimal point, we instead end up with a set of optimal points when using multiple fitness functions. The set of optimal solutions is called the Pareto frontier, and contains elements that are equally optimal in the sense that no solution dominates any other solution in the frontier. A decider is then used to narrow the set down a single solution, based on the context of the problem or some other metric. Genetic Operators This step really includes two substeps: crossover and mutation. After selecting the top members (typically top 2, but this number can vary), these members are now used to create the next generation in the algorithm. Using the characteristics of the selected parents, new children are created that are a mixture of the parents’ qualities. Doing this can often be difficult depending on the type of data, but typically in combinatorial problems, it is possible to mix combinations and output valid combinations from these inputs. Now, we must introduce new genetic material into the generation. If we do not do this crucial step, we will become stuck in local extrema very quickly, and will not obtain optimal results. This step is mutation, and we do this, quite simply, by changing a small portion of the children such that they no longer perfectly mirror subsets of the parents’ genes. Mutation typically occurs probabilistically, in that the chance of a child receiving a mutation as well as the severity of the mutation are governed by a probability distribution. Termination Eventually, the algorithm must end. There are two cases in which this usually occurs: either the algorithm has reached some maximum runtime, or the algorithm has reached some threshold of performance. At this point a final solution is selected and returned. Example Now, just to illustrate the result of this process I will show an example of an EA in action. The following gif shows several generations of dinosaurs learning to walk by optimizing their body structure and applied muscular forces. From left to right the generation increases, so the further right, the more optimized the walking process is. Despite the fact that the early generation dinosaurs were unable to walk, the EA was able to evolve the dinosaurs over time through mutation and crossover into a form that was able to walk. Sursa: https://towardsdatascience.com/introductiontoevolutionaryalgorithmsa8594b484ac

3 pointsUnii au uitat sa cheme preotul la sfintit https://www.express.co.uk/news/world/916617/bitcoinminingfirerussiaArtemVladivostok

3 pointsSalutare, mam gandit ca la cei mai incepatori cat si la cei mai avansati lear prinde bine o lista cu masini virtuale vulnerabile pentru a exersa/aprofundiza cunostintele de pentesting/hacking. Mai jos aveti o lista masinute cu, care sa va jucati in timpul liber 1. Kioptrix Level 1 2. Kioptrix Level 2 3. Kioptrix Level 3 4. Kioptrix Level 4 5. Kioptrix Level 5 6. Fristileaks 1.3 7. Stapler 1 8. VulnOS 1.2 9. SickOS 1.2 10. BrainPan 1 11. HackLab:Vulnix 12. /dev/random: Scream 13. PwnOS 2.0 14. SkyTower 15. Mr. Robot 16. Pwnlab init 17. IMF 18. Hacking Albania 19. Tr0ll 1 20. Tr0ll 2 21 Lord Of The Root 22. Pegasus 23. PwnOs 1.0 24. DC 416 25. Hackfest 2016: Quaoar 26. Hackfest 2016: Orcus 27. Hackfest 2016: Sedna 28. Hollynix 1 29. Hollynix 2 30. Necromancer 31. SpiderSec 32. Wallabys Nightmare 33. Booby 1 34. /dev/random: Sleepy 35. Droopy V0.2 36. Webgoat 37. Multilidae Aici aveti linkurile la cateva din ele: Kioptrix: Level 1 (#1) https://www.vulnhub.com/entry/kioptrixlevel11,22/ Kioptrix: Level 1.1 (#2) https://www.vulnhub.com/entry/kioptrixlevel112,23/ Kioptrix: Level 1.2 (#3) https://www.vulnhub.com/entry/kioptrixlevel123,24/ Kioptrix: Level 1.3 (#4) https://www.vulnhub.com/entry/kioptrixlevel134,25/ Kioptrix: 2014 https://www.vulnhub.com/entry/kioptrix20145,62/ FristiLeaks: 1.3 https://www.vulnhub.com/entry/fristileaks13,133/ Stapler: 1 https://www.vulnhub.com/entry/stapler1,150/ VulnOS: 2 https://www.vulnhub.com/entry/vulnos2,147/ SickOs: 1.2 https://www.vulnhub.com/entry/sickos12,144/ Brainpan: 1https://www.vulnhub.com/entry/brainpan1,51/ HackLAB: Vulnix https://www.vulnhub.com/entry/hacklabvulnix,48/ /dev/random: scream https://www.vulnhub.com/entry/devrandomscream,47/ pWnOS: 2.0 https://www.vulnhub.com/entry/pwnos20prerelease,34/ SkyTower: 1 https://www.vulnhub.com/entry/skytower1,96/ MrRobot: 1 https://www.vulnhub.com/entry/mrrobot1,151/ PwnLab: init https://www.vulnhub.com/entry/pwnlabinit,158/ IMF https://www.vulnhub.com/entry/imf1,162/ Webgoat https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project Multilidae https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project Daca mai stiti vreuna care nu este pe lista, spuneti si o adaugam. Have fun xD

3 pointsWicked Cool Shell Scripts: 101 Scripts for Linux, OS X, and UNIX Systems, 2nd Edition Shell scripts are an efficient way to interact with your machine and manage your files and system operations. With just a few lines of code, your computer will do exactly what you want it to do. But you can also use shell scripts for many other essential (and notsoessential) tasks. This second edition of Wicked Cool Shell Scripts offers a collection of useful, customizable, and fun shell scripts for solving common problems and personalizing your computing environment. Each chapter contains readytouse scripts and explanations of how they work, why you’d want to use them, and suggestions for changing and expanding them. You’ll find a mix of classic favorites, like a disk backup utility that keeps your files safe when your system crashes, a password manager, a weather tracker, and several games, as well as 23 brandnew scripts, including: A ZIP code lookup tool that reports the city and state A Bitcoin address information retriever A suite of tools for working with cloud services like Dropbox and iCloud Tools for renaming and applying commands to files in bulk Image processing and editing tools Whether you want to save time managing your system or just find new ways to goof off, these scripts are wicked cool! http://emagazinepdf.com/2016/11/wickedcoolshellscripts101scriptsforlinuxosxandunixsystems2ndedition/

3 pointsEu ce să mai zic? Umblu 8 luni pe an cu simbolul sărăciei între picioare

3 pointshai vlad, nu te mai ascunde, stim toti ca te rupi pe manele. p.s: ma plictisisem sa intru pe chat si sa vad pornuri, dunno, nu vad nimic funny, that's all.

3 points“One must acknowledge with cryptography no amount of violence will ever solve a math problem.” Cryptocurrencies like Bitcoin and Ethereum use a peertopeer decentralized system to conduct transactions. Since the entire process is online, there are fears that the transactions maybe volatile and hackable , but they are not because cryptocurrency uses cryptography to make their transactions extremely secure. Digital Signatures One of the most important cryptographical tools that are used in cryptocurrency is the concept of signatures. What is a signature in real life and what are its properties? Imagine a paper that you have signed with your signature, what should a good signature do? It should provide verification. The signature should be able to verify that it is you who actually signed the paper. It should be nonforgeable. No one else should be able to forge and copy your signature. Nonrepudiation. If you have signed something with your signature, then you should not be able to take it back or claim that someone else has done it instead of you. In the real world, however, no matter how intricate the signature, there are always chances of forgery, and you cannot really verify signatures using simple visual aids, it is very inefficient and nonreliable. Cryptography gives us a solution to this by means of “digital signatures” which is done via the use of “keys”. So, what are keys? And how are the used in the blockchain? Before we explore those, it is important to know more about basic cryptography. What is Cryptocurrencies Cryptography? Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those, for whom it is intended for, can read and process it. Cryptography has been used for thousands and thousands of years by people to relay messages without detection. In fact, the earliest use of cryptography was seen in the tomb taken from Old Kingdom in Egypt circa 1900 BCE. Cryptography has existed in the modern society through one way or another. Encryption is one of the most critical tools used in cryptography. It is a means by which a message can be made unreadable for an unintended reader and can be read only by the sender and the recipient. In modern technology, there are three forms of encryption that are widely used, symmetric cryptography, asymmetric cryptography, and hashing. Symmetric Cryptography Symmetric cryptography is the earliest known cryptographic method known to man. The concept is very simple and if we were to break it down to steps, this is what it will look like: You have a message M that you want to send over to your friend. You encrypt the message with a Key and get a cipher text C. Your friend gets your cipher text C. She then decrypts the cipher text using the same Key to retrieve message M. If we were to show a visual representation of the process, this is what it will look like. The are two types of symmetric cryptography: Stream Ciphers. Block Ciphers. What is stream ciphers? Stream cipher basically means using a fixed key which replaces the message with a pseudorandom string of characters. It is basically the encryption of each letter one at a time. We are going to discuss 3 kinds of stream ciphers to give you an idea of how stream ciphers work: Onetime pad with alphabets. Onetime pad with XOR gate. Linear feedback shift register. Onetime pad with alphabets For doing this encryption we need to have a key which has the same number of characters as the message and it must be used one time only (hence the term “onetime pad”). Suppose for this example we are going to send a message, “MEET ME OUTSIDE” to our friend Bob. But we don’t want anyone intercepting our message. This is why, Bob and us have decided to use a onetime pad which goes like this: “B D U F G H W E I U F G W” As you can see, the pad has the same number of characters as the message as well, i.e. 13. Now, this is a very simple example of the onetime pad, we are using this because we feel it is the best example to use to understand this tactic. Now, one more thing you need take note of, every alphabet will be replaced by its numeric equivalent in during the process. The numerical mapping goes like this: During the process, there will be 6 pieces of data that we need which are: Basically, the numerical equivalent of each alphabet. Ok, now that we have built the foundations, let’s move on to the actual process. Original Message (OM): The original message that we are passing through. In this case “MEET ME OUTSIDE”. Numerical Original Message (NOM): The numerical equivalent of the original message, OTP: The Onetime Pad. Numerical OTP (NOTP): The numerical equivalent of the OTP. NCT: The numerical cipher text which is NOM+NOTP mod 26 CT: The cipher text which is the alphabetical equivalent of the numbers in the NCT. So, we need to send the message “MEET ME OUTSIDE” and we need to use the onetime pad to encrypt it. The encryption process So, let’s start off by putting in the message in the OM We put the message “MEET ME OUTSIDE” in the OM row.Ok, so what happened here? Next, we used the numerical mapping table to get the numerical equivalent of each alphabet. So, let’s refer to the mapping table and see what we get: In the OTP row we put in the key that we were already given which is, in case you have forgotten, “B D U F G H W E I U F G W”.It’s just simple substitution, we will take these values and put it in NOM row. Now, in the NOTP row we used the same number mapping table and found the equivalent numerical values of the key which are: “1, 3, 20, 5, 6, 7, 22, 4, 8, 20, 5, 6, 22”. In the new row, for the Numerical cipher text (NCT) we add the NOTP and NOM and mod the result by 26 to get our NCT. So, finally the message “MEET ME OUTSIDE” turns into a pseudorandom series of characters “N H Y Y S L K Y B M N J A”.That’s how you find the values for NCT and then you use the mapping table and find the corresponding alphabets which are: “N H Y Y S L K Y B M N J A”. That is how the encryption process works. The decryption process Now we will see how we can decrypt the message using the exact same key. Let’s see the data that Bob has with him: He has the encrypted message that he has gotten from me. He has the key that both of us share. He has the mapping table to find the numerical equivalents. So, how will he decrypt the message using this data? He will map the numerical values of both the key and the encrypted message to get NCT and NOTP. He will then calculate the NOM (Numerical value of the original message) by doing this calculation: NOM = NCT — NOTP mod 26. He will use the mapping table to retrieve the corresponding alphabets. So, let’s see how the NOM calculation work? Now, if we map the NOM to its alphabetical equivalent using the mapping table then we get: “MEET ME OUTSIDE” And just like that, the message is encrypted and decrypted using the same key. Onetime pad with XOR gate XOR or “Exclusive OR” is a logic gate. What is a logic gate? A logic gate usually takes in 2 inputs and gives out 1 output. The inputs and outputs are binary values, meaning they can be 1 or 0. A XOR logic gate takes in 2 binary inputs and gives out a high output ONLY when the inputs are different. Meaning, if A and B are inputted to a XOR gate then the out C will be 1 ONLY when A is not equal to B. The XOR gate looks like this: This what the XOR truth table look like: The encryption process Suppose you have a plain text data which you want to send to your friend Alice. First, you’ll convert it to its binary form. Suppose the message that you have is this: 00011110 Now you have the key, the key that you share with your recipient and suppose you have passed the key through an algorithm which gives you the equivalent binary result: 01001010. So now that you have the key, you are going to XOR each corresponding individual bits to get the resulting cipher text output. Cipher Text = Plain Text XOR Key So if you XOR both the data the key that you will get is: “01010100” This is the cipher text that Alice will get from you. The decryption process So now, how will Alice decrypt your message and retrieve the original one? This is the data that she has: So what is she going to do? It is simple. She will simply XOR the key and the cipher text and she will retrieve the original message! See for yourself: And just like that, she will retrieve the original message. Linear feedback shift register What is a linear feedback shift register? It is a function whose future output completely depends on its earlier (or current) state. This will become clearer as you keep reading so don’t get scared off! The idea of this style of a stream cipher is to predetermine a key with your recipient which will be a linear feedback shift register function which will be used by you to determine the code. Suppose you spoke to your friend Bob and determined that this is the formula that you both want to go with (credit to Daniel Rees from Youtube for this formula). E(i+3) = E(i+1) + 2E(i+2) mod 26. And let’s also assume that prior to sending this message you and Bob determined that E(1) = 2 and E(2) = 4. Now you can see that in this equation, all future outputs are dependent upon the previous outputs. So, suppose the message that you want to send to Bob is “MEET ME”. Since there are 6 characters, we need to determine 6 values of E() to act as key. We already have predetermined the values of E(1) and E(2). Now we need to calculate E(3) to E(6). E(3) = E(1) + 2E(2) mod 26 = 10. E(4) = E(2) + 2E(3) mod 26 = 24. E(5) = E(3) + 2E (4) mod 26 = 6. E(6) = E(4) + 2E(5) mod 26 = 10. So, now that we have the keys, let’s start the decryption. The encryption process So now that we have the key and message, let’s create the table: To get the numerical cipher text, you add the key and the corresponding numerical value of the alphabet that you map from this table that we have already seen before: Now, to get the numerical value of the cipher texts, add the key and the numerical value of the original message and mod with 26. So you get: Now use the mapping table again to find the corresponding alphabets and you get “OIORSO”. That’s the encrypted message. The decryption of this message is really hard especially if you don’t have the key. An expert might spot a pattern though. You will need computers to beak this code. Examples of Stream Ciphers used in the real world. The Rivest Cipher 4 of the RC4 Used in WEP aka wired equivalent protocol for wireless network security. Also an option in TLS/HTTPS for encrypting web traffic. Since it has been cracked so many times it is not recommended for use anymore. The A5/1 Use for encrypting GSM (Global System for Mobile communication) phone data and communication. Edward Snowden in his leaks revealed that the NSA routinely keeps breaking GSM for surveillance purposes so it is not a secured mode of encryption anymore. So, that is pretty much it about stream ciphers, time to move on to block ciphers. What is block ciphers? Block ciphers are a form of symmetric cryptography which uses a key of a fixed length to encrypt a block of fix length. Let’s start by checking out a very common substitution cipher that you must have seen before: So, if someone were to tell you that they got a message which says “EFBD” and wants you to decrypt it and get the original message instead, how will you do it? You will simply see the table, see which alphabets correspond to which and then simply substitute right? So “EFBD” is the cipher for “FACE”. Now let’s check out the plain text and the ciphertext and compare them: Plain: A B C D E F Cipher: F A B C D E So, as you can see, the cipher text is basically the plain text shifted the right by one. So, in this particular case: That, in essence, is what a block cipher is. Given an input plain text and a key it can generate a unique cipher text. One more thing that is extremely important and should be noted. Given the key, anyone can decipher the cipher text from the plain text and vice versa. The examples that we are giving here are all extremely simplistic, the block cipher happens with HUGE chunks of data. If we are looking for a visual representation of a block cipher the this is what it will look like: Another interesting property of the block cipher is that if the key changes then that changes the output cipher text pretty drastically. Let’s do a test with the data we have right now. Now, we have 3 keys for the 3 different cipher texts. In cipher text 1 we are shifting to the right once. In cipher text 2 we are shifting to the right twice. In cipher text 3 we are shifting to the right thrice. So, let’s see what happens when we parse the input “FACE” through all these different ciphers. When key =1, FACE becomes EFBD When key = 2, FACE becomes DEAC When key = 3, FACE becomes CDFB As you can see, the output cipher text changes everytime you change the key. In the example we have very little data, imagine doing this with HUGE amounts of data, the output will change drastically every single time. There are two rules for a block cipher to be considered valid: You must be able to derive the plain text from the cipher text and vice versa given a key. The function must be efficiently computable. There is one more important thing that you need to take note of when it comes to block ciphers. The block sizes are fixed so the input plain text needs to be of the same size as the block size. If the input is bigger than the block then it needs to break down to get the correct size, if the input is smaller, then it needs to be padded with some junk data to fit the block size. Examples of block ciphers Data Encryption Standard (DES) Block sizes of 64 bits. Key size of 56 bits. Was the government standard till 2001. Advanced Encryption Standard (AES) 128 bit blocksize. 128, 192 or 256 bit key size. Considered very secure and widely used nowadays The advantage of symmetric cryptography Even though symmetric cryptography has some major problems (which we will discuss in a bit) the biggest advantage of symmetric cryptography is that it requires very little overhead. You just need to share one single key with your recipient to go forward with this method. Even now, a lot of software use this method in conjunction with asymmetric cryptography to provide fast and efficient encryption/decryption services. The problems with symmetric cryptography Even though the overhead is significantly lesser, there are a lot of problems with symmetric cryptography. Problem #1: The shared key The fact that the encryption and decryption is done with one single key is a huge problem. First and foremost, the sharing of the key needs to be done in a very secured manner, if anyone gets hold the of key then all your data will be compromised. Problem #2: It is not scalable Another huge problem with symmetric cryptography is that it is not scalable at all. Suppose Alice runs an information center and sends data via symmetric key cryptography. It’s ok if she is only dealing with 3–4 clients. But the most clients she gets, the more unique public keys she will have to handle and take care of. Eventually, it will become too much to handle. Because of these vulnerabilities of symmetric key cryptography, a solution was needed, and in the 1970’s it finally came. James Ellis’s breakthrough In 1970, British mathematician and engineer James Ellis thought of an idea which was based on a simple concept. What if encryption and decryption were inverse operations based on 2 different keys? In traditional cryptography i.e. symmetrical cryptography, the message had to be sent along with the key to the intended person for them to decrypt the message, but this presented the very real idea of an attacker getting their hands on the key. Ellis envisaged that the receiver of the message couldn’t be a passive party, and they had to have a “padlock” and a “key” for themselves. The padlock could be sent to anyone in the world but the key had to be kept private. So, anyone can send a message to the receiver by locking it with their padlock and since only the receiver has the key, only they can open it. Now, this was the theory, there needed to be a practical form of this theory, and that came because of two brilliant principles: The trapdoor function. The Diffie–Hellman key exchange. What is the trapdoor function? A trapdoor function aka a oneway function is a function where it is easy to go from one state aka the domain to the other state aka the range but it is hard to go back from the range to the domain unless you have knowledge of a key which is called the trapdoor function. Diagrammatically it is represented like this: The trapdoor functions are based on the idea of keys. Wherein the public key (K) is used to go from the domain to range. In order to come back to the domain from the range we have to use a trapdoor function which is also known as the private key (k). It is also implied that the private key and public key are mathematically related to each other and also they have to related to each other via another trapdoor function f() such that K= f(k) so that the private key is infeasible to be determined by the public key . A simple example of this is a multiplication of large numbers. Suppose you have two numbers 171 and 118 then it is simple to determine that 171 * 118 = 20178. However, if you just know 20178 then it is hard for you to determine what the initial numbers were unless you have a key with you, in this case the knowledge of just one of the two numbers, to determine the second one. What is the DiffieHellman key exchange? Suppose, there are two people Alice and Bob and they want to attack a bank. However, they are on either sides of the bank and they can only communicate with each other via a shared line which is being tapped by the bank. Something like this. Keep in mind, everything that Alice and Bob say to each other will be eavesdropped upon by the bank. So, how can they both decide on a date to attack the bank without the bank getting to know about it and without Alice and Bob explicitly exchanging that information? This conundrum can be answered by the DiffieHellman key exchange; it is a concept by which two parties can get hold of secret information without sharing it. To understand how the DiffieHellman works, we need to use one of the most famous applications of this theory, the secret colour exchange. For this there are 3 things that you need to keep in mind: Alice and Bob both publicly agree that yellow is going to be the common paint that they are both going to use. Alice then secretly keeps to herself that she is also going to use orange along with yellow. Bob secretly decides that he is going to use aqua along with yellow. Stage One Since it was publicly declared that yellow is going to be the colour of choice: Bank: Has Yellow Alice: Has Yellow Bob: Has Yellow Stage Two Now Alice mixes in her private colour aka orange with yellow and gets a composite colour which we will call CA. At the same time, Bob mixes his private colour aqua with yellow and creates composite colour CB. So, at the end of stage two this is what things look like: Bank: Yellow Alice: CA Bob: CB Stage Three Now, Alice and Bob will send each other their respective colours, which will promptly get tapped by the bank. However, the bank now faces a problem. Colour combinations are a trapdoor function. While it is easy for someone to combine two colours and generate a third colour, it is infeasible for them to determine the first two colours from the given third colour. So, the bank will get hold of CA and CB but will have no idea which are the colours that has gone into its creation. So, this is what things are looking like right now: Bank: Yellow, CA, CB. Alice: CB Bob: CA. Stage Four Now, Alice and Bob are once again going to mix their secret colours into the mix that they have received from the other person, so now both of them are going to have a mix of yellow, orange and aqua which is brown. The bank, however, will only have CA and CB because they have no idea what the secret colours are. So, this is what things look like now: Bank: Yellow, CA and CB. Alice: Brown. Bob: Brown. And this is where the trick lies, by not revealing their secret colours, both Bob and Alice have, in their possession, the colour brown, even though they never explicitly exchanged brown with each other. This is what the diagram of this entire exchange looks like: This is the representation of the DiffieHellman exchange, but a mathematical means was needed to make sure that there could be practical applications of this as well. For this reason, the modulus function was used. The mathematical form of the DiffieHellman exchange Suppose there is a generator g for a finite field of size n. And in that field, we choose two random values a and b. It will be hard for an attacker to determine g^ab given only g, g^a and g^b. This is the condition which activates the trapdoor function. Given this condition, two parties can exchange messages and reach the same conclusion without explicitly communicating it with each other. So, mathematically this is what happens. Alice chooses a random value “a” from the field n and determines a message M1 such that: Similarly, Bob chooses a random value “b” from the field n and creates message M2 such that: Both Alice and Bob can now relay the message to each other. Alice now determines special message K by doing the following: K = M2^a mod n= g^ab mod n. Bob now determines the same message K by: K = M1 ^ a mod n = g^ab mod n. So, both Alice and Bob reached the same conclusion without explicitly sharing this information. This DiffieHellman key exchange was invaluable in the formation of asymmetric cryptography: What is asymmetric cryptography? Asymmetric cryptography utilizes two keys, a public key and a private to encrypt and decrypt a particular data. The use of one key cancels out the use of the other. The diagrammatic representation of it looks like this: There are two real world use of asymmetric cryptography that we will look into in this guide and both are important for their own reasons: The RivestShamirAdleman algorithm aka the RSA. The Elliptical Curve Cryptography. What is the RSA algorithm? The RSA algorithm is the most widely used and popular asymmetric cryptographic algorithm in history. It is named after MIT professors Rivest, Shamir and Adleman who discovered this algorithm. Now, how does it work? The idea is derived from the breakthroughs that DiffieHellman had. So, these are the variables that we will work with: Suppose you have the secret message “m”. “m” raised to the power of a random number e and then the modulus of that with a random number N will give you the cipher text c. Basically. m^e mod N= c Take note, it is EASY to perform this function to get the output c BUT given only c, e and N it is difficult to get the message “m”. It will require a lot of trial and error. This is the oneway trapdoor function that we will apply to find “m”. But now, the idea of the trapdoor function is to have a key which will make the reverse process (the decryption) simple for the recipient. So, for that we will need to find a random variable “d” which will make this process possible: Now keep in mind, c = m^e mod N, so on substituting. OR So, in the above equations: Public key = e and N. Private key = d. Now, before we even begin to see the method behind the madness, let’s do a simple calculation to see how the entire process works. (Shout out to Anthony Vance’s youtube channel for this example). Suppose the message that you have to send is 42. In other words, m=42. Along with that: e = 17. N = 3233. d = 2753 The encryption process c = m^e mod N. Using simple substitution: c = 42¹⁷ mod 3233 = 2557. So the cipher text is 2557. The decryption process Let’s do c^d mod N. 2557²⁷⁵³ mod 3233 This gives us the value of m that is 42. Genius isn’t it? Now, remember when we talked about trapdoor functions we came to the conclusion that private and public key needs to be mathematical derivatives of each other in a way that: F(private key) = public key, where F() is another trapdoor function. It should be difficult for anyone to determine the private key from the public key. In fact, it should be so difficult that it will take the world’s most powerful computer decades upon decades to derive one from the other. To answer this conundrum, we go back centuries and meet our next genius, Euclid. Euclid and prime factorization Euclid found out centuries ago that any number > 1 can be written as a product of prime numbers. Eg. 15 can be written as 5*3. 255 can be written as 5*17*3. Let’s go back to our two equations: C= m^e mod N. Here, N is the key in the trapdoor function. While N maybe publicly known it should be hard to determine prime factors that make up the number N. If you know the prime factors, then it is child’s play to discover the product N. Eg. You can use your web browser to multiply two huge numbers and find the product in less than a second: It took less than a second, 0.22 seconds, to do the calculation. And the bigger the number gets, it will take a little more time, but still, the calculations will be done super fast. However, if you input a huge number and ask your computer to find its prime factors then it may take days, months and even years to find the prime factors. This is the trapdoor function that cryptographers used to determine the value of N. This is basically, the heart of the trick. This is what you have to do to use RSA algorithm: First, generate a big random prime number P1. Generate a second big random prime number P2. Find N by calculating P1 and P2. Hide the values of P1 and P2 and make N public. N should be a huge number and it will take the most sophisticated machines in the world decades to find the values of P1 and P2. So to summarise, N is the trapdoor and its prime factors P1 and P2 are the keys to the trapdoor. Ok, so now we have determined how N is calculated and the trapdoor that works in it. But we still haven’t determined the value of “e” and “d” and we still haven’t seen how the private key is derived from the public key. In order to generate all these remaining values, we need to find a function that depends on knowing the factorization of N. And for that we need to go and visit our next genius, Leonhard Euler. Euler and breakability In 1760, Swiss mathematician Leonhard Euler did some path breaking studies. He studied the nature of numbers and more specifically the breakability of the numbers which he called the phi function. Basically given phi(N) where N is a random integer, the value of N will be the number of numbers between 1 and N which do not share any common factors with N. So, if N is 8 then: The numbers between 1–8 are: 1,2,3,4,5,6,7 and 8. Among these numbers, only 1,3,5 and 7 don’t share any factors with 8 except 1. Meaning, phi(8) = 4. Now, calculating the phi function is difficult except for one case. To know this, check out the following graph. The graph tracks the distribution of phi values over integers upto 1000. See that straight green line at the top which is conveniently arranged? That is the phi of prime numbers. Since the definition of a prime number is that it is unfactorizable apart from by itself, for any prime number p the phi(p) = p1. Let’s see this in practice. Suppose you have a prime number 7. The numbers between 1 and 7 are: 1,2,3,4,5,6,7. The only number that shares a factor with 7 in this series is…7! So the phi(7) = 6. Similarly, if you were to find the phi of a large prime number say 541 then: Phi(541) = 541–1 = 540. It becomes very simple to calculate the phi for a prime number. And this gains, even more, significance when you consider the multiplicative nature of phi functions. What is the multiplicative nature of phi functions? For any two numbers A and B: Phi(A*B) = phi(A) * phi(B). Now, let’s go back to algorithms. Alice has determined two large prime numbers P1 and P2 and has determined a number N by doing P1 * P2. So, using the multiplicative property of phi functions: Phi(N) = phi(P1) * phi(P2). OR Phi(N) = (P1–1)*(P2–1). And just like that, we have discovered the trapdoor function for phi. If we know the prime factors of N then it is easy to calculate the phi(N). For eg. the number 77 has prime factors 7 and 11. So phi(77) = (7–1)*(11–1) = 60. It becomes very easy when you know the prime factors of N. Now, one final bit of mathematical wizardry was required. We have the phi function and we have the modular exponentiation functions that we have determined before, we need to bring these two together in one neat equation. And for this, we turn to Euler for help once again. The Euler’s theorem Euler’s theorem states that: For any two numbers m and n that don’t share a factor: m ^ phi(n) ≡ 1 mod n Meaning, for any two numbers m and n, as long as they don’t share a factor, m raised to the phi(n) divided by n will always leave a remainder of 1. Let’s see this in an example. Suppose, m= 8 and n = 5. Phi(5) = 4 So, 8 ^ 4 = 4096. Replacing this in the Euler’s theorem equation: 4096 ≡ 1 mod 5 holds true because 4096 on being divided by 5 leaves a remainder of 1. Now, the equation: m ^ phi(n) ≡ 1 mod n needs to be modified a little bit before we get our final solution. Modification #1 1^k = 1 for all k. So, keeping this in mind, if in m ^ phi(n) ≡ 1 mod n we multiply the exponent phi(n) with any number k, the final solution will be 1^k which is still 1. Now, this modifies the equation like this: m ^ k*phi(n) ≡ 1 mod n Modification #2 For all m, m*1 = m. So, in our modified equation, if we multiply both sides by m we get: m*m ^ k*phi(n) ≡ m*1 mod n Which becomes: m ^ k*phi(n)+1 ≡ m mod n Now, this is the final form of our equation. Before we proceed, let’s bring back the old equations to refresh our memory: c = m^e mod N. m = c^d mod N m ^ e*d mod N = m Now, checkout the last equation doesn’t that look similar to our new modified equation: m ^ k*phi(n)+1 ≡ m mod n And this is the breakthrough. On comparing the two equations, we get: e*d = k*phi(n) + 1 We FINALLY have an equation where the value of e and d depends on phi(n). Now, since we already know the value of e, it is easy to calculate d, the private key, ONLY if the factorization of N is known (which is a secret that Alice has kept to herself). So, d= (k*phi(n) + 1)/e. This is the trapdoor that will undo the encryption done by her private keys e and n. Example to see how this all works Suppose Bob and Alice are exchanging messages. Bob wants to send a message M to Alice where M=89. Now, Alice needs to generate her keys. She uses to prime numbers p1 and p2 where: P1 = 53. P2 = 59. N = P1 * P2 = 53 * 59 = 3127. Phi (N) = Phi(P1) * Phi (P2) = (P1–1) * (P2–1) = 52 * 58 = 3016 Now, she needs to generate a value e which will have no factors with the value of phi(N). So, she decides e = 3. Now, she will generate her private key d: d = (k*phi(N) + 1)/e Taking k = 2 we get: d = (2* 3016 + 1) / 3 = 2011. Now, she will lock up all the values except N and e which are her public key and make the knowledge of these two global. Bob encrypts the message Now, Bob needs to send message M, which is 89, and he needs to calculate the cipher text c such that: c = M^e mod N. Now, we know that: M = 89, e = 3 and N = 3127. So: c = 89³ mod 3127 = 1394. He then sends it over to Alice. Alice decrypts the message Alice gets the cipher text and all that she has to do is to decrypt it using her private key d which we know to be 2011. So, Alice does this calculation: c^d mod N 1394²⁰¹¹ mod 3127 which is 89 aka the original message M. And this, is the RSA algorithm, the most widely used cryptographic algorithm What is elliptical curve cryptography? Elliptical curve cryptography is what is used by bitcoin, ethereum etc. for their encryption purposes. So what is an elliptical curve? An elliptical curve is any curve that satisfies the following equation: Y² = x³ + ax + b Where (x,y) is a point on the curve and a and b are constants. There are infinite curves that you can make. The following is how one of these curves, in general, look like: What are the properties of an elliptic curve? The curve is symmetric across the x axis. Any line that goes through 2 points on the curve will intersect the curve on a third point. Any tangent on the curve will intersect the curve on one more point. Performing maths on the curve. Addition property of the curve Suppose there are two points on the curve V and A. Let’s trace those on the curve and put a line through them. This will intersect the curve on a third point. We will call this third point X, and we will reflect it on the curve like this: The reflection of X is a point which will incidentally be (V+A). This is the additive property of the elliptical curve. Interesting note. If we add two reflections with each other aka if we were to add X and V+A in the graph above, we will get infinity. The reason for that is that the line through X and (V+A) will intersect the curve at infinity. Multiplication property of the curve Now, what if we want to add a number to itself? Like suppose we have a point V, what do we do to find 2V? We will run a tangent through V and intersect it at a point in the graph and then find the reflection of the point on the curve. That reflection will be 2V. This is also the multiplicative property of the graph because we are finding points which are basically the multiplication of an integer with the point itself. Now suppose we want to find 3V. We will join V and 2V and then reflect the point of intersection, like this: You see how the points cycle across the graph? This is what gives it its security. Mathematical properties of an elliptical curve Property #1: The points on the curve form an Abelian group The properties of the Abelian group are as follows: They have identity. The have inverses aka reflections. The points are associative meaning for three points A, B and C on the curve: (A+B) + C = A + (B+C). The points are closed on the curve. The points are commutative meaning for two points A and B. A+B = B+A. Property #2: Multiplication on the curve is fast All multiplication done on the curve can be done very fast. Now suppose we have a point P and we want to find 100P. Instead of adding the number to itself 100 times we can do the following: Add the point P to itself to get 2P. Add 2P and P to get 3P. Add 3P to itself to get 6P. Add 6P to itself to get 12P. Add 12P to itself to get 24P. Add 24P and P to get 25P. Add 25P to itself to get 50P. Add 50P to itself to get 100P. So, instead of going through 99 steps you cut short the entire thing to just 8 steps. Property #3: Division on the curve is slow Whilst multiplication is fast, the division is very slow. Suppose we have Q = nP and we want to find the value of n by dividing Q by P. We can’t really do that. We will have to manually go through the numbers one by one to find a value which satisfies the equation. This makes it very slow. This is called the discrete logarithmic problem and this is what gives the curves its trapdoor function i.e. it is easy to multiply n and P to get Q but given Q and P it is infeasible to get n. The elliptical curve DiffieHellman key exchange So, till now we have seen the various properties of the curve and we have also seen that the curve has a trapdoor function. Now how do we determine whether it is usable for cryptography or not? Let’s test it out with the DiffieHellman key exchange. Suppose we have Alice and Bob and they want to both come up with a common secret without anyone knowing what it is and without explicitly exchanging its information with one another. How will they do that via elliptical curves? Firstly, they will publicly agree on a curve to use and a point P on the curve. This will be public knowledge and available to everyone. In secret, however, Alice will choose a secret point “a” and Bob will choose a secret point “b”. Alice will compute “aP” and send it over to Bob. Anyone can intercept this message, however, even with the knowledge of P they will never be able to determine the value of “a” because, as we have already determined, there is a trapdoor function which will make division infeasible. Similarly, Bob will come up with the value “bP” and send it over to Alice. Alice will then multiply her secret key to the message that she gets from Bob to get a(bP). Bob will do the same and come up with b(aP). Since all the points on the curve are Abelian: a(bP) = b(aP). And just like that, they have come upon a secret shared information. So as we can see. The curve satisfies the DiffieHellman key exchange. So how does signature verification work on the elliptical curves? (Note: This is what specifically happens in bitcoin) Before we see how the process works let’s checkout certain variables and their meaning that we will be using the following equations. Private key = d. Message = z. Public key = Q. G will be a constant point on the graph which will be provided by bitcoin. “k” is a random number which will be generated automatically for every unique signature. “n” is another constant that will be provided by Bitcoin. Ok, so now let’s see how the maths behind the verification work. Signing a message Public key Q = dG. (it is impossible to get the private key from Q and G because division in infeasible). Now we will multiply the G with the random number “k” and plot that point on the graph. The coordinates of that point are (x,y). i.e. (x,y) = kG Next, we determine two values r and s such that: r = x mod n. s = (z + rd) k^1 mod n The reason why we generate r and s is because these are the coordinates of our signature. So, we send the point (r,s) for verification. Verifying a message The verifiers will conduct a simple equation: z*s^1*G + r*s^1*Q The value of this equation will give us the point (x,y). Now, the verifiers can simply compare the x coordinates. They don’t have the x coordinate given directly to them from the sender BUT they have the values of r and n. And as we already know that r = x mod n, and then they can simply solve for x. If the values of x match out, then this means that the signature is verified! Bonus: A deeper look into the maths Let’s check out the equation that the verifiers will have to do once again: Step 1: z*s^1*G + r*s^1*Q We know that Q = d*G, let’s simply substitute the value. Step 2: z*s^1*g + r*s^1*d*G We can take (z + r*d) common Now remember, we have already established that s = (z+r*d)*k^1 mod n ,let’s substitute the values here: Step 4: (z+r*d)*(z+r*d)^1*k*G The (z+r*d)*(z+r*d)^1 cancel each other out and we are left with: Step 5: k*G which is the coordinate (x,y) that the sender originally sent. What could go wrong in Elliptical curves? While it goes without saying that elliptical curves are the best mode of cryptography out there, the fact remains that it still has few vulnerabilities: What if a wrong curve was chosen? If the curve has a loop in it then there is a possibility that 1001P = P for any point P on the curve. A weak curve maybe is chosen which can be broken into. It has its weaknesses but they are pretty manageable weaknesses. RSA vs EEC. Why did bitcoin and ethereum go with elliptical curves? The reason why EEC was chosen over RSA is because it offers the same level of security as RSA by consuming far less bits. Eg. for a 256bit key in EEC to offer the same level of security RSA will have to provide a 3072bit key. Similarly, for a 384bit key in EEC the RSA will have to provide a 7680 bit key to provide the same level of security! As can be seen, EEC is far more efficient than RSA. Fun Fact: The NSA has declared that a 384bit key in EEC is strong and secure enough to encrypt top level secret documents. How do the keys work in blockchain? As mentioned above, bitcoin and ethereum use elliptical curve cryptography. So, what happens when someone sends you money on the blockchain? They send you the money to your public address which is basically the hash of your public key and some additional information. As we have seen above, the public key is derived mathematically from your private key. Public and private keys are both large integer values and they are represented, for brevity’s sake, via the Wallet Import Format (WIF) which consists of letters and numbers. A sample private key and public address looks like this in WIF: Obviously, you shouldn’t share your private key with the world like we just did! The private key is used to sign off on the transaction that the user wants to do. So, if someone has access to your private key, they can sign off on transactions using your private key and, in essence, steal from you. Also, as you can see, the private key is longer than the public address. So, how is a public key derived from the private key in the blockchain? Let’s take the example of bitcoin for this specific example. Suppose, Alice wants to generate her keys so that she can conduct transactions on the blockchain. This is what she will do: First, she will generate her 256bit private key. She can either do so manually OR she will use an autogenerator. This is an example of a private address generator that you can find in a walletgenerator.net: Next, she will have to generate the public address which the algorithm inside that wallet will do automatically by following these steps. First, her private key will be parsed through the SHA 256 hashing algorithm to get a hash. Then hash will be parsed through the RIPE MD 160 function and a new hash will be generated and a copy of it will be kept aside, let’s call this PART A. Then the hash will be hashed through SHA 256 to generate another hash. Then the new hash will be hashed through SHA 256 again to generate another hash. The first 7 bits of this hash will be saved, let’s call it PART B. PART A and PART B will be added up and the result is the public address. It is infeasible for this process to be reversed in a way that the public address can be used to generate the private key. It will take the world’s most powerful computer 40000000000000000000000000000000 years to complete this calculation! Safe to say your address and key are secure. So how does the signing process work (a simple overview)? Suppose Alice wants to send 500 BTC to Bob. She will follow the following steps: She will create transaction and sign it off with her private key. She will the send the transaction to Bob’s public address. Bob can then decrypt the message by using Alice’s public key to verify that it was indeed Alice who sent him the bitcoins and the transaction is deemed complete. If this were to be shown in an image this is what it will look like: Conclusion So, as can be seen, public key cryptography aka asymmetric cryptography is one of the backbones of cryptocurrency. It is impossible to even imagine how bitcoin and ethereum would have been secure without it. Every time you make a transaction, be thankful to all the mathematicians and cryptographers who have made this wonderful medium possible. If you enjoy my articles , please feel free to nominate me as a LinkedIn Top Voice . Sursa: https://medium.com/@jna1x3/holygrailofcryptocryptocurrenciesthescienceofcryptography773851a23b3c

3 pointshttps://news.sky.com/story/russiannuclearscientistsarrestedforusingsupercomputertominebitcoin11242612

3 points

3 points

3 points

3 pointsComertul de date cu caracter personal este interzis. Mucles.

3 pointshttps://pwnthecode.com/ Enjoy! PS: Momentan nu te poti loga cu ajutorul social media, dar cred ca te descurci si cu cont normal. Nu prea e timp si fiecare face ce poate.

3 points

3 pointsAm rezolvat , a fost o mica neintelegere dar totul a fost ok dupa . Recomand , face proiectele in timp si e serios !

3 pointsMai tot ce e cloud mining e Ponzi actual sau in devenire. Nu e sustenabil/profitabil din nici un punct de vedere, cel mai simplu poate fi luat matematic. De vazut discutii interminabile pe bitcointalk pe tema asta. Unii merg pe longgame (onoreaza plati o perioada mai indelungata) ca sa adune mai multi creduli si apoi dau tun direct proportional. Daca ar fi profitabil nu ar da altora ci ar tine pentru ei caci daca e vorba de capital pentru ceva profitabil se poate face rost usor.

2 points

2 points

2 pointsE ca si cum ai juca barbut si vor sa le dai impozit din ei. Banii aia pe carei iei, au fost deja impozitati. Ei la fiecare mana prin care trece banul, vor impozit. Dale la muie, nu au ce sati faca.

2 pointssalut, si eu folosesc walletul de mymonero  pt comisioane mai mici iti sugerez cryptopia (adica din mymonero trimiti in cryptopia si de acolo convertesti la btc/usdt/nzdt/ltc/dodge si cu astea poti converti la alte monede)  pt monero iti recomand acest pool datorita comisionului mic, a puterii de minare destul de mare (nu astepti cu zilele pt rewardul tau) si ai si low payout: https://monero.hashvault.pro/en/#!/ daca teai orientat catre cryptonight (monero) iti sugerez sa minezi alte monede precum ETN sau ISTN (recomand ETN), poti mina ETN pe poolul acesta(este cel mai bun si mai serios pool dintre toate pe care leam testat): https://etn.spacepools.org/# un exchange fara comisiona este cobinhood dar momentan are doar cateva monede (punel pe wachlist)  pentru ETN ca sati faci o idee: Nota bene: walletul de ETN il faci din paper wallet(generare initiala)+ download https://github.com/electroneum/electroneum/releases (trebuie sa downloadezi tot blockchainul pt ETN  o sa dureze ceva) + import paper wallet gasesti pe youtube tutorial daca nu te descurci pentru cryptonight in general cand minezi cu cpu trebuie sa ai in vedere urmatorul aspect foarte important:  numarul de threaduri = Cache procesor impartit la 2 *daca ai 24 threaduri la procesor si doar 12Mb Cache atunci vei folosi doar 6 threaduri (12/2=6) >> cate 2Mb per thread. **recomand xmrstak (linux/windows compilat din sursa si scos comisionul de developer > donatelevel.h) spor

This post cannot be displayed because it is in a forum which requires at least 10 posts to view.

2 points

2 points

2 points

2 pointshttp://elf.cs.pub.ro/asm/wiki/home =============================== https://wasm.in Pentru studiu masm vezi codul sursa de la Pony.

2 pointsDe bateriile de pe iPhone ne plangem toti uneori, dar cand vine vorba de performanta... nu cred ca se plange nimeni. Cand vad pe cineva care se plange de iPhone, nu stiu la ce se refera; cred ca na avut in mana un iPhone minim o luna. In fine, everybody with their shit. Eu zic sati iei iPhone 7 daca e OK ca nai Jack la el. Daca iti trebuie jack, iati 6s. Eu zic ca no sa regreti.

2 points