Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation since 04/10/19 in all areas

  1. 15 points
    Am dezvoltat o aplicatie pentru hackeri, dar nu o pot publica deoarece ar afecta tot Internetul... ./nytro --exploit https://nasa.gov Hacking in progres... Got access to admin panel: admin : WeWereNotReallyOnTheMoon@Fake Got root! ssh root@nasa.gov... root@nasa.gov:/ ./nytro --hack-facebook https://facebook.com/profile/MarkZukuBergu Hacking in progress... Got account password: IAmZaBossOfZaMoney2020 ./nytro --hack-my-firend Gigel Hacking in progress... Finding home address: Str. Tuicii, Nr. 2, Casa 3 Finding naked pictures... Holy shit, you don't want to see them... Este foarte periculoasa. Desi unii nu o sa creada, este mai pericoloasa chiar si decat Coailii v10.
  2. 12 points
    XSS Reflected - api.office.com = 500$. XSS Reflected - [*].live.com = 1.200$ recompensa. Aceasta problema necesita interactiunea utilizatorului.
  3. 11 points
    Pentru ca de multe ori am cerut ajutorul aici si de prea putine ori l-am oferit inapoi, va pun la dispozitie toate cartile mele de Cisco. Doar Cisco am ca asa mananc painea zilnica. https://we.tl/t-m69KrEzFGx https://we.tl/t-HrRwcciXqn De asemenea, pentru cine merita am toate cursurile de la INE (CCNA, CCNP & CCIE), atat R&S cat si Security, CBTNuggets, GNS3WorkBench, Pearson IT Certifications, Packt, RouteHUB si IpExperts, care se gasesc foarte greu astazi, pentru ca IpExperts a fost inchis. Cine stie, cunoaste. Ca sa va incadrati la culoarea rosie nu trebuie sa fi cerut invitatii FileList si sa fiti vechi. Toate cursurile video sunt platite si downlodate, asa ca e dreptul meu sa aleg cui le dau. PS: De ceva timp am inceput sa-mi blestem zilele cu CCIE-ul si as avea mare nevoie de cursurile celor de la IpExperts. Cum ei nu mai sunt pe piata, iar eu am doar CCNP de la ei, nu prea am de unde sa le mai iau. Cine le are si crede ca le merit, multumesc.
  4. 11 points
    Cei cu probleme sa ma contacteze. Am in familie epidemilog si pe boli infectioase... (printre singurii pe tara) caz de .... pt oameni pe aici. Nu e de bani. Nici nu se pune problema. https://www.doctorbun.ro/doctor-marinela-tranca_35581.html nr de tel pe privat se cere doar la cazuri confirmate in familie.. fara chestii aiurea cu intrebari. // se dau doar sfaturi de la specialist in cazuri confirmate/izolare. Lasati mesaj pe webmaster@nationalisti.ro cu nr de tel cei cu probleme.
  5. 11 points
    When hunting for security issues, the pursuit for uncharted assets and obscure endpoints often ends up taking the focus away from obvious, but still critical, functionality. If you approach a target like you are the first person to ever perform a security assessment on it, and check everything thoroughly, I believe you are bound to find something new — especially if the code you are testing has been in continuous development for a while. This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages: the login form. Initial discovery While exploring PayPal’s main authentication flow, I noticed a javascript file containing what appeared to be a CSRF token and a session ID: This immediately drew my attention, because providing any kind of session data inside a valid javascript file usually allows it to be retrieved by attackers. In what is known as a cross-site script inclusion (XSSI) attack, a malicious web page can use an HTML <script> tag to import a script cross-origin, enabling it to gain access to any data contained within the file. Sure enough, a quick test confirmed the XSSI vulnerability and, although a javascript obfuscator was used to randomize variable names on each request, the interesting tokens were still placed in fairly predictable locations, making it possible to retrieve them with just a bit of extra work. However, a secret is only as good as the damage you can do with it. I immediately set out to find out what exactly _csrf and _sessionID were and if they could actually be used in a real attack. Digging further After countless attempts to replace regular CSRF tokens inside authenticated requests on PayPal’s platform with the value of _csrf, I came to the conclusion that a classic cross-site request forgery attack was not possible using this specific token. Similarly, a victim’s _sessionID was unfortunately not enough to impersonate them on PayPal’s site. Next, I went back to the vulnerable script and followed the tokens to find what they were actually used for. This led to a deep dive into one of PayPal’s main protection mechanisms used to prevent brute force attacks, the security challenge. While this functionality is used in many places, I will be focusing on the main login form. The idea is pretty simple: After a few failed login attempts, you are required to solve a reCAPTCHA challenge before you can try again. The implementation, however, may raise some eyebrows. Upon detecting a possible brute-force attempt, the response to the next authentication attempt is a page containing nothing but a Google captcha. If the captcha is solved by the user, an HTTP POST request to /auth/validatecaptcha is initiated. The familiar _csrf and _sessionID are present in the request body, as well as two other values, which we will get to a bit later. The response to the captcha validation request is meant to re-introduce the user into the authentication flow. To this end, it contains a self-submitting form with all the data provided in the user’s latest login request, including their email and plain text password. I realized that, with the correct timing and some user interaction, knowing all the tokens used in this request was enough to get the victim’s PayPal credentials. In a real-life attack scenario, the only user interaction needed would have been a single visit to an attacker-controlled web page. So I went back and tried to figure out what the missing parameters were. This was easier than expected: The value of jse was not validated at all. recaptcha was the token provided by Google upon solving a reCAPTCHA challenge. It was not tied to a specific session, so any valid token— for example, from an automated solving service — would be accepted. Exploitation Putting all this together, I created a proof of concept that demonstrated the whole process, except for integrating a captcha solving service. First, the proof of concept would exploit the initial XSSI vulnerability to get a set of tokens which were valid in the victim’s session. It would then launch a few authentication requests with random credentials from the victim’s browser, simulating a brute force attempt, which would trigger the security challenge flow. Once the victim logged in to PayPal using the same browser, the cached random credentials would be replaced by the user’s own email and password. The last step was obtaining a fresh reCAPTCHA token, after which the plain text credentials would be retrieved from the /auth/validatecaptcha endpoint and displayed on the page. The final page shown by my proof of concept code contained your email and password I later found that the same vulnerable process was also used on some unauthenticated checkout pages, allowing plain text credit card data to be leaked using the same technique. Disclosure The proof of concept, along with all relevant information, was submitted to PayPal’s bug bounty program on the 18th of November 2019, and was validated by HackerOne 18 days later. Following a quick acknowledgement by the PayPal team and a few additional questions, I was awarded a $15,300 bounty on the 10th of December. The reward amount corresponds with the bug’s 8.0 (High) CVSS score, which is the same score that I had initially suggested when submitting the report. A patch was applied around 24 hours later, meaning that the bug was fixed only five days after PayPal became aware of it — quite an impressive turnaround time. Fix and prevention advice The /auth/validatecaptcha endpoint now requires an additional CSRF token, which cannot be leaked using cross-site script inclusion. While this properly fixes the vulnerability, I believe that the whole thing could have been prevented when designing the system by following one of the oldest and most important pieces of infosec advice: Never store passwords in plain text. By the way, I am looking to do security assessments and bug bounty program management work. I have experience in security testing, vulnerability triage, as well as a background in software development. Does this sound of interest to you? You can get in touch via alex@ethicalhack.ro. Source https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
  6. 11 points
    Ba, urmaresc forumu asta din umbra de ceva timp, nu am mai postat. Dar cat puteti ba sa fiti de terminati? Oare prostia asta a voastra nu are limite? Ce baza de date ba, ca aia era cu persoane de prin anii 90'. 80% din cei care sunt in baza aia de date au murit. Numa invitatii filelist, coduri, dork-uri si baze de date visati. Sa faceti ceva pentru viitoru vostru n-ati face. Ai aici oameni care sunt guru in Linux, care stiu Python si alte lucruri utile si voi cereti baze de date.
  7. 11 points
    https://www.politiaromana.ro/ro/copii-disparuti 17 copii disparuti https://www.politiaromana.ro/ro/persoane-disparute 350 de adulti disparuti Nu-i pasa nimanui ca nu ai cum sa afli de ei decat daca vizitezi paginile alea. Dar apare un caz la TV in emisiunile colorate sa atraga atentia idiotilor si toata tara ia foc cum ca nu functioneaza sistemul. Si absolut tot ce reusiti sa faceti e sa amestecati intr-o oala cu cacat care nu va duce niciodata nicaieri. Rasuciti aceleasi idei invechite pe-o parte si pe-alta ca sa dati impresia ca voua chiar va pasa, fara niciun rezultat. Absolut in fiecare caz e la fel. Hai sa presupunem ca se "mobilizeaza" toti hackerii din univers si o gasesc pe fata aia. Ce s-a rezolvat? Au salvat o viata, cum ramane cu restul de 367? Cum decizi ce caz e mai urgent de rezolvat? De ce sa mobilizam hackeri pentru o problema care nu tine de ei? Hackerii aia nu au si ei ocupatiile si problemele lor? Cine-i manageriaza pe hackeri astfel incat sa lucreze cat mai eficient? Si vorbim doar despre domeniul oamenilor disparuti aici. Imagineaza-ti doar cata lume are altfel de probleme urgente din alte domenii. De-aia au aparut organizatii precum politia, spitalele, armata, s.a.m.d, sa se poata mobiliza, sa aibe deja un raspuns la intrebarile alea si sa-si faca treaba. Si sa presupunem ca totusi se intampla o minune si se mobilizeaza hackerii si rezolva cazul, cum ramane cu problema de baza si anume ca un sistem infiintat pentru a rezolva astfel de probleme, nu functioneaza? De ce nu se protesteaza impotriva lui? Poate pentru ca suntem constienti ca natie ca nimeni nu ar fi in stare sa faca o treaba mai buna? Sau poate doar nu ne pasa mai mult de un joc de imaginatie prostesc pe care-l exercita cei ca tine acum. Nu are niciun sens sa concentrezi atentia tuturor pe un anumit lucru, cu atat mai putin a celor care nu se ocupa cu asta, pentru ca tot ce-ai obtine intr-un final e o clona a sistemului actual. Ce rost are sa reinventezi roata? Singura optiune e sa militezi pentru rezolvarea problemelor din sectoarele abilitate. In alta ordine de idei, de ce exista persoane ca tine care nu pot sa conceapa ca un lucru nu poate fi rezolvat? Uite o statistica cu crimele din Romania de anul trecut, imagineaza-ti cate sunt nerezolvate si acum. Sigur, intervine mereu in discutie situatia utopica in care toata lumea se mobilizeaza sa rezolve ceva anume, dar de cate ori s-a intamplat asta dealungul istoriei? Si, mai ales, in care univers e posibil asa ceva? E doar o idee aruncata in vant de mancatori de cacat ca sa creeze vizualizari pe bloguri si emisiuni. BREAKING NEWS: Realitate e urata, se intampla crime care nu vor fi rezolvate la timp, toata lumea are probleme de rezolvat, iar emisiunile colorate fac bani din numarul de urmaritori si se incheie la o ora predefinita, deci, oare cat le pasa lor de ce se intampla cu adevarat, daca la sfarsitul orei se incheie emisiunea si incepe un film de comedie?! Food for thought.
  8. 10 points
    Voi porni aici o lista cu plangeri care va ramane pinned sa o vada toti cei care se gandesc sa angajeze de pe RST. Tineti bine minte ca toata lumea exagereaza in caracterizarea sa personala pentru a obtine un job. Nu mai credeti toate balivernele debitate de oricine de pe aici. Verificati portofoliile si urmariti-le activitatea pe retelele sociale sa va dati seama ce fel de oameni sunt. Daca nu aveti acces la ele, macar intrebati useri de pe aici ce parere au de alti useri. Trimiteti-mi pe PM alte topicuri de genul care va vin in minte sa le adaug in lista.
  9. 9 points
    Scuzati-ma ca intervin, dar am si eu o mica precizare de facut. Baieti, cum puteti sa discutati despre 5G sau COVID sau teorii ale conspiratiei cu Bill Gates si pula mea cand voi nu aveti teorii minime despre cum functioneaza o retea, despre cum functioneaza un virus in organism sau despre bani? Nu mai rezist sa vad atatia prosti care isi dau cu parerea. Ba nene, esti programator? Vorbeste frate de 0 si 1, vorbeste de clase si ce plm mai e prin programare. Lasati virusii ca mai sunt copii pe aici care vad ce debitati voi si uite asa se naste inca o generatie de retardati. E de bun simt, DE BUN SIMT, sa nu iti dai cu parerea despre ceva ce nu stii. Stiu ca e palpitant, e wow sa pari interesant, dar daca voi habar n-aveti sa treceti strada, cum discutati de virusi? Da, este foarte bine sa va informati, sa nu fiti niste oi. Si eu fac asta. Si eu cred ca acest virus nu provine de la un liliac(wtf) dar totusi, nu am destule informatii. De ce sa debitez pe aici prostii? A aparut prostia aia cu 5G. Mi-am luat o carte despre cum functioneaza undele radio doar pentru ca voiam sa vad daca e ceva adevarat. Nu am inteles subiectu, cu toate ca am citit aproape 500 de pagini, nu imi dau cu parerea. E chiar asa greu sa fiti rezonabili? Sa nu mai zic ca unii dintre voi sunteti atat de idioti, atat de batuti in cap incat voi credeti asa: Bill Gates ala a facut un virus care o sa omoare milioane de oameni pe planeta si a vorbit despre treaba asta acu X ani. Sincer acum, chiar sunt calm dar cum puteti sa fiti asa de idioti? Adica gen eu sunt Bill Gates si o sa dau o bomba nucleara sa omor rusii ca nu imi plac mie rusii. Si ce fac? Vorbesc despre asta cu cativa ani inainte? Vreti sa fiti vectori de opinie? Citit carti frate. Nu mai ctiti pe Facebook si pe stirismechere.ro sau ce fantoma de site-uri mai exista. Citit frate carti. Despre virusi. Si veti afla de exemplu ca noi suntem virusii pe aceasta planeta. Si ca virusii de exemplu sunt primele forme de particule ce au supravietuit in celule parazitare. Nu mai fiti ignoranti si nu mai inaintati forme de informare dubioase. Noi astia cu putin creier stim sa va delimitam si sa va bagam in cutia penibilului dar mai sunt altii care va cred si uite asa, din cauza unora ca voi, primesc eu mesaje pe whatsapp de imi vine sa arunc telefonu pe geam.
  10. 9 points
  11. 9 points
    "-m conntrack --ctstate NEW" Deci ala trimite pachete si tu le arunci pe conntrack. E ca si cum ar da tiganii cu pietre dupa tine si tu ai sta sa le numeri
  12. 9 points
    Cam liniste pe aici
  13. 9 points
    curl http://wttr.in
  14. 8 points
  15. 8 points
    Multora ne lipseste timpul, dar incept de azi vom fi activi (again) in zona de VIP. Deci cine crede ca e suficient de bun incat sa aduca valoare dati-mi un PM si vedem ce putem face. Vom incepe prin a discuta chestii de bug bounty care nu le putem exploata si prin putin brainstorming, poate obtinem ceva. Am recreat grupul de VIPs, se pare ca nu il aveam pe aceasta platforma. Am sa incep sa dau VIP la membrii vechi + activi in BugBounty/Pentest. Momentan au VIP urmatorii: @SynTAX @0xStrait @Fi8sVrs @akkiliON @MrGrj Daca mai e cineva care e vechi pe aici si vrea sa participe sa-mi dea PM. Pentru cei noi, ma voi gandi la ceva teste pentru a putea fi acceptati ca si membri. P.S. Daca vi se pare o initiativa proasta de a reactiva asta va rog sa va abtineti si sa ne lasati sa ne facem damblaua. Mersi
  16. 8 points
    Pe networking pot sa-ti spun eu pentru ca in domeniul asta lucrez. Este la fel ca orice alta ramura din tech. Ai joburi de inceput, unde faci sa zicem Level 1 Support, deschizi tickete, faci niste verificari minimale pe echipamente, iei legatura cu oamenii din teren, field engineers, si cam asta in mare parte. Urmaresti ticketul de la inceput pana la sfarsit insa te apropii foarte putin de tehnic. Practic este o secretara care are un limbaj dezvoltat pe networking. Asta ar fi incepator. Ca posturi poti gasi diferite denumiri, care fac acelasi lucru: NOC Engineer, 1st Level Support, IT Help Desk, NMC Engineer (Network Monitoring Center). La medium, sunt inginerii care pot trata singuri cap coada un ticket. Care au acces deplin pe echipamente si pot sa aduca diferite modificari / imbunatatiri retelei. Ai nevoie de un minim CCNA, ideal CCNP, dar depinde de firma bineinteles. La avansat treaba este mai complicata si este foarte vast. Aici deja se imparte in echipe de Switching si echipe de Routing. Dupa care poti sa te bagi ori pe Routing & Switching, ori pe Security, strict de networking. Aici fara CCNP si probabil putin descurcaret nu prea poti face fata. Vorbim totusi de arhitecti de retea si alte lucruri. Am prieteni care au CCIE-ul si fac WAN-uri in Germania si Olanda. Sa faci chestia asta, nu prea poti fara ani de experienta si sa fii dedicat. Ce zice Nytro are dreptate. Posturi de networking pur nu-s foarte multe in Romania dar si cele care sunt concureaza cu centre din afara. Cum ar fi Cisco Systems, Datanet, GTS Telecom si lista mai poate cuprinde multe alte firme. La partea de certificari eu ce am invatat dupa atatia ani este ca: nu conteaza certificarea, ci ceea ce stii. Dar nu prea ai cum sa stii multe daca nu ai certificare. E gen o mana spala pe cealalta. Daca iei cap coada un CCNP R&S ai sa vezi sa gasesti scenarii cu care te intalnesti poate odata pe an in real world, dar atunci cand te intalnesti, esti stapan pe tine. De inceput cred ca poti incepe cu un Comptia Network+ dar repet, de inceput. Daca vrei ceva mai nisat, poti merge cu certificarile de la Cisco. Strict vorbind pentru certificarile Cisco, dupa ce am facut ccna si ccnp si cochetez asa... sfios si timid cu CCIE-ul, este asa: La CCNA e ceva gen: wow, nice, uite ce este internetul. La CCNP e ceva gen: uite, asta poate face un router si asta poate face un switch. Iar la CCIE iti dai seama ca nu stii nimic de networking.
  17. 8 points
    Cine e student si nu are bani de bilet, sunt dispus sa platesc eu (cateva)
  18. 8 points
    Maday.conf ( https://www.mayday-conf.com ) este prima conferinta internationala de cyber security din Cluj Napoca (24-25 octombrie) iar RST este community partener al evenimentului. Acest eveniment s-a nascut din pasiunea pentru security si isi doreste in primul rand sa ajute la dezvoltarea oamenilor care sunt interesati de acest domeniu. In timpul evenimentului o sa aiba loc prezentari referitoare la ultimele tehnici folosite de pentesteri, de Incident Responders dar si lucruri precum identificarea TTPs folosite de catre atacatori. Mai mult, in cadrul evenimentului o sa avem CTF-uri cu premii, exercitii cyber dar si workshop-uri. Pentru a primi notificari in timp real va puteti abona la newsletter pe www.mayday-conf.com, follow la pagina de Facebook ( https://www.facebook.com/MayDayCon ) / Twitter ( https://twitter.com/ConfMayday) sau intra pe grupul de Slack ( https://maydayconf.slack.com/join/shared_invite/enQtNTc5Mzk0NTk0NTk3LWVjMTFhZWM2MTVlYmQzZjdkMDQ5ODI1NWM3ZDVjZGJkYjNmOGUyMjAxZmQyMDlkYzg5YTQxNzRmMmY3NGQ1MGM) Acum urmeaza surpriza... Pentru ca "sharing is caring" organizatorii ofera membrilor RST 10 vouchere de acces pentru ambele zile. Acestea pot fi obtinute printr-un private message catre Nytro (care sa includa o adresa de email) pana la data de 1 septembrie iar selectia se va face in functie de urmatoarele criterii: - numarul de postari pe forum - numarul de like-uri si upvote-uri primite pe postari - proiecte publicate in forum - vechimea pe RST URL: https://www.mayday-conf.com
  19. 8 points
    După ce faceți muncă pe 2 lei, mai luați și țeapă. Bravo, așa meritați.
  20. 8 points
    mi-ai speriat motanul in pana mea :))))
  21. 7 points
    San Francisco: Electric automaker Tesla has once again challenged hackers to find bugs in its connected cars. The Elon Musk-run company is returning to the annual hackers' competition "Pwn20wn" to be held in Vancouver in March, reports electrek. Some Model 3 cars and $1 million in award money will be up for grabs. In March last year, a group of hackers won a Tesla Model 3 and $35,000 for hacking into its systems. Amat Cama and Richard Zhu of team called 'Fluoroacetate' exposed a vulnerability in the vehicle system during the hacking competition. The hackers targeted the infotainment system on the Tesla Model 3. According to the Electric Vehicle maker, such hacking events it test as well as improve its security systems. Hackers have also demonstrated how they could trick a Tesla Model S to enter into the wrong lane by using a method called "adversarial attack", a way of manipulating a Machine Learning model.
  22. 7 points
    Nu stiu de ce ma acuzati de lucruri pe nedrept, mereu cand mi-a cerut cineva invitiatie i-am trimis.
  23. 7 points
    Salutări, eu sunt Iulian și am câtiva ani de experiență în online, pe câteva ramuri și domenii legate în general de a ajuta diferite afaceri în online să se promoveze și alte servicii conexe. Așa cum spune și titlul, ofer următoarele servicii: Web design - creare site-uri de prezentare în HTML/CSS ori pe WordPress și magazine online pe OpenCart / Shopify SEO - Optimizare SEO și creșterea site-urilor în Google Consultanță pentru strategii de promovare online și rulare de anunțuri pe Facebook / Google Ads Administrare pagini de Facebook - creare de conținut și integrarea cross-platform cu bloguri/altele Marketing și promovare online - Growth marketing în acest sens Prețurile diferă de la proiect la proiect. Pentru proiecte mici, poate exista un preț fix. Pentru proiecte medii sau mari și long-term collaborations, tariful meu este de 12 euro pe oră pentru majoritatea serviciilor de mai sus. Pentru organizații non-profit / proiecte open source / proiecte educative, îmi pun la dispoziție serviciile și în mod gratuit. Quick contact: Telegram - https://t.me/jreister90 Discord - jreister#8860 Telefon în privat.
  24. 7 points
  25. 7 points
    pai du-te, daca te cheama ....
  26. 6 points
    Salut, Cisco ofera niste cursuri de Cybersecurity si de Python free. Mai sunt si altele dar pentru mine neinteresante. Personal il fac acum pe cel de la Python care este oferit de Python Institute si este chiar ok. Interfata ok, explicatii ok, exemple ok, teste ok. https://www.cisco.com/c/m/en_sg/partners/cisco-networking-academy/index.html Mai sus gasiti lista cu aceste cursuri. Primiti si o certificare la final (pe care va sftauiesc sa o folositi pe post de hartie igienica si sa nu mai dati iama la Mega Image ca azi n-am mai gasit nimic). Bafta! PS: Pentru cei care se pregatesc sa imi spuna ca sunt niste certificari de cacat. Nu conteaza certificarea ci ce stiti voi. Dar certificarea va ajuta sa treceti de HR, adica de acele domnisoare care stiu cum se aplica oja pe unghii mai mult decat diferenta dintre CCENT si CCIE, ca tot m-am lovit de problema asta curand.
  27. 6 points
    Simplu. Te uiti si tu la ala care a intrat in tine si tuseste. Daca e mai mai mic ca tine, il cotonogesti. Daca e mai mare ca tine, nu e chiar asa rau cu covid.
  28. 6 points
    We found 6 critical PayPal vulnerabilities – and PayPal punished us for it by Bernard Meyer February 17, 2020 in Security 6 19 SHARES Share on FacebookShare on Twitter In the news, it seems that PayPal gives a lot of money to ethical hackers that find bugs in their tools and services. In March 2018, PayPal announced that they’re increasing their maximum bug bounty payment to $30,000 – a pretty nice sum for hackers. On the other hand, ever since PayPal moved its bug bounty program to HackerOne, its entire system for supporting bug bounty hunters who identify and report bugs has become more opaque, mired in illogical delays, vague responses, and suspicious behavior. When our analysts discovered six vulnerabilities in PayPal – ranging from dangerous exploits that can allow anyone to bypass their two-factor authentication (2FA), to being able to send malicious code through their SmartChat system – we were met with non-stop delays, unresponsive staff, and lack of appreciation. Below, we go over each vulnerability in detail and why we believe they’re so dangerous. When we pushed the HackerOne staff for clarification on these issues, they removed points from our Reputation scores, relegating our profiles to a suspicious, spammy level. This happened even when the issue was eventually patched, although we received no bounty, credit, or even a thanks. Instead, we got our Reputation scores (which start out at 100) negatively impacted, leaving us worse off than if we’d reported nothing at all. It’s unclear where the majority of the problem lies. Before going through HackerOne, we attempted to communicate directly with PayPal, but we received only copy-paste Customer Support responses and humdrum, say-nothing responses from human representatives. There also seems to be a larger issue of HackerOne’s triage system, in which they employ Security Analysts to check the submitted issues before passing them onto PayPal. The only problem – these Security Analysts are hackers themselves, and they have clear motivation for delaying an issue in order to collect the bounty themselves. Since there is a lot more money to be made from using or selling these exploits on the black market, we believe the PayPal/HackerOne system is flawed and will lead to fewer ethical hackers providing the necessary help in finding and patching PayPal’s tools. Vulnerabilities we discovered In our analysis of PayPal’s mobile apps and website UI, we were able to uncover a series of significant issues. We’ll explain these vulnerabilities from the most severe to least severe, as well as how each vulnerability can lead to serious issues for the end user. #1 Bypassing PayPal’s two-factor authentication (2FA) Using the current version of PayPal for Android (v. 7.16.1), the CyberNews research team was able to bypass PayPal’s phone or email verification, which for ease of terminology we can call two-factor authentication (2FA). Their 2FA, which is called “Authflow” on PayPal, is normally triggered when a user logs into their account from a new device, location or IP address. How we did it In order to bypass PayPal’s 2FA, our researcher used the PayPal mobile app and a MITM proxy, like Charles proxy. Then, through a series of steps, the researcher was able to get an elevated token to enter the account. (Since the vulnerability hasn’t been patched yet, we can’t go into detail of how it was done.) The process is very simple, and only takes seconds or minutes. This means that attackers can gain easy access to accounts, rendering PayPal’s lauded security system useless. What’s the worst case scenario here? Stolen PayPal credentials can go for just $1.50 on the black market. Essentially, it’s exactly because it’s so difficult to get into people’s PayPal accounts with stolen credentials that these stolen credentials are so cheap. PayPal’s authflow is set up to detect and block suspicious login attempts, usually related to a new device or IP, besides other suspicious actions. But with our 2FA bypass, that security measure is null and void. Hackers can buy stolen credentials in bulk, log in with those credentials, bypass 2FA in minutes, and have complete access to those accounts. With many known and unknown stolen credentials on the market, this is potentially a huge loss for many PayPal customers. PayPal’s response We’ll assume that HackerOne’s response is representative of PayPal’s response. For this issue, PayPal decided that, since the user’s account must already be compromised for this attack to work, “there does not appear to be any security implications as a direct result of this behavior.” Based on that, they closed the issue as Not Applicable, costing us 5 reputation points in the process. #2 Phone verification without OTP Our analysts discovered that it’s pretty easy to confirm a new phone without an OTP (One-Time Pin). PayPal recently introduced a new system where it checks whether a phone number is registered under the same name as the account holder. If not, it rejects the phone number. How we did it When a user registers a new phone number, an onboard call is made to api-m.paypal.com, which sends the status of the phone confirmation. We can easily change this call, and PayPal will then register the phone as confirmed. The call can be repeated on already registered accounts to verify the phone. What’s the worst case scenario here? Scammers can find lots of uses for this vulnerability, but the major implication is unmissable. By bypassing this phone verification, it will make it much easier for scammers to create fraudulent accounts, especially since there’s no need to receive an SMS verification code. PayPal’s response Initially, the PayPal team via HackerOne took this issue more seriously. However, after a few exchanges, they stopped responding to our queries, and recently PayPal itself (not the HackerOne staff) locked this report, meaning that we aren’t able to comment any longer. #3 Sending money security bypass PayPal has set up certain security measures in order to help avoid fraud and other malicious actions on the tool. One of these is a security measure that’s triggered when one of the following conditions, or a combination of these, is met: You’re using a new device You’re trying to send payments from a different location or IP address There’s a change in your usual sending pattern The owning account is not “aged” well (meaning that it’s pretty new) When these conditions are met, PayPal may throw up a few types of errors to the users, including: “You’ll need to link a new payment method to send the money” “Your payment was denied, please try again later” How we did it Our analysts found that PayPal’s sending money security block is vulnerable to brute force attacks. What’s the worst case scenario here? This is similar in impact to Vulnerability #1 mentioned above. An attacker with access to stolen PayPal credentials can access these accounts after easily bypassing PayPal’s security measure. PayPal’s response When we submitted this to HackerOne, they responded that this is an “out-of-scope” issue since it requires stolen PayPal accounts. As such, they closed the issue as Not Applicable, costing us 5 reputation points in the process. #4 Full name change By default, PayPal allows users to only change 1-2 letters of their name once (usually because of typos). After that, the option to update your name disappears. However, using the current version of PayPal.com, the CyberNews research team was able to change a test account’s name from “Tester IAmTester” to “christin christina”. How we did it We discovered that if we capture the requests and repeat it every time by changing 1-2 letters at a time, we are able to fully change account names to something completely different, without any verification. We also discovered that we can use any unicode symbols, including emojis, in the name field. What’s the worst case scenario here? An attacker, armed with stolen PayPal credentials, can change the account holder’s name. Once they’ve completely taken over an account, the real account holder wouldn’t be able to claim that account, since the name has been changed and their official documents would be of no assistance. PayPal’s response This issue was deemed a Duplicate by PayPal, since it had been apparently discovered by another researcher. #5 The self-help SmartChat stored XSS vulnerability PayPal’s self-help chat, which it calls SmartChat, lets users find answers to the most common questions. Our research discovered that this SmartChat integration is missing crucial form validation that checks the text that a person writes. How we did it Because the validation is done at the front end, we were able to use a man in the middle (MITM) proxy to capture the traffic that was going to Paypal servers and attach our malicious payload. What’s the worst case scenario here? Anyone can write malicious code into the chatbox and PayPal’s system would execute it. Using the right payload, a scammer can capture customer support agent session cookies and access their account. With that, the scammer can log into their account, pretend to be a customer support agent, and get sensitive information from PayPal users. PayPal’s response The same day that we informed PayPal of this issue, they replied that since it isn’t “exploitable externally,” it is a non-issue. However, while we planned to send them a full POC (proof of concept), PayPal seems to have removed the file on which the exploit was based. This indicates that they were not honest with us and patched the problem quietly themselves, providing us with no credit, thanks, or bounty. Instead, they closed this as Not Applicable, costing us another 5 points in the process. #6 Security questions persistent XSS This vulnerability is similar to the one above (#5), since PayPal does not sanitize its Security Questions input. How we did it Because PayPal’s Security Questions input box is not validated properly, we were able to use the MITM method described above. Here is a screenshot that shows our test code being injected to the account after refresh, resulting in a massive clickable link: What’s the worst case scenario here? Attackers can inject scripts to other people’s accounts to grab sensitive data. By using Vulnerability #1 and logging in to a user’s account, a scammer can inject code that can later run on any computer once a victim logs into their account. This includes: Showing a fake pop up that could say “Download the new PayPal app” which could actually be malware. Changing the text user is adding. For example, the scammer can alter the email where the money is being sent. Keylogging credit card information when the user inputs it. There are many more ways to use this vulnerability and, like all of these exploits, it’s only limited by the scammer’s imagination. PayPal’s response The same day we reported this issue, PayPal responded that it had already been reported. Also on the same day, the vulnerability seems to have been patched on PayPal’s side. They deemed this issue a Duplicate, and we lost another 5 points. PayPal’s reputation for dishonesty PayPal has been on the receiving end of criticism for not honoring its own bug bounty program. Most ethical hackers will remember the 2013 case of Robert Kugler, the 17-year old German student who was shafted out of a huge bounty after he discovered a critical bug on PayPal’s site. Kugler notified PayPal of the vulnerability on May 19, but apparently PayPal told him that because he was under 18, he was ineligible for the Bug Bounty Program. But according to PayPal, the bug had already been discovered by someone else, but they also admitted that the young hacker was just too young. Another researcher earlier discovered that attempting to communicate serious vulnerabilities in PayPal’s software led to long delays. At the end, and frustrated, the researcher promises to never waste his time with PayPal again. There’s also the case of another teenager, Joshua Rogers, also 17 at the time, who said that he was able to easily bypass PayPal’s 2FA. He went on to state, however, that PayPal didn’t respond after multiple attempts at communicating the issue with them. PayPal acknowledged and downplayed the vulnerability, later patching it, without offering any thanks to Rogers. The big problem with HackerOne HackerOne is often hailed as a godsend for ethical hackers, allowing companies to get novel ways to patch up their tools, and allowing hackers to get paid for finding those vulnerabilities. It’s certainly the most popular, especially since big names like PayPal work exclusively with the platform. There have been issues with HackerOne’s response, including the huge scandal involving Valve, when a researcher was banned from HackerOne after trying to report a Steam zero-day. However, its Triage system, which is often seen as an innovation, actually has a serious problem. The way that HackerOne’s triage system works is simple: instead of bothering the vendor (HackerOne’s customer) with each reported vulnerability, they’ve set up a system where HackerOne Security Analysts will quickly check and categorize each reported issue and escalate or close the issues as needed. This is similar to the triage system in hospitals. These Security Analysts are able to identify the problem, try to replicate it, and communicate with the vendor to work on a fix. However, there’s one big flaw here: these Security Analysts are also active Bug Bounty Hackers. Essentially, these Security Analysts get first dibs on reported vulnerabilities. They have full discretion on the type of severity of the issue, and they have the power to escalate, delay or close the issue. That presents a huge opportunity for them, if they act in bad faith. Other criticisms have pointed out that Security Analysts can first delay the reported vulnerability, report it themselves on a different bug bounty platform, collect the bounty (without disclosing it of course), and then closing the reported issue as Not Applicable, or perhaps Duplicate. As such, the system is ripe for abuse, especially since Security Analysts on HackerOne use generic usernames, meaning that there’s no real way of knowing what they are doing on other bug bounty platforms. What it all means All in all, the exact “Who is to blame” question is left unanswered at this point, because it is overshadowed by another bigger question: why are these services so irresponsible? Let’s point out a simple combination of vulnerabilities that any malicious actor can use: Buy PayPal accounts on the black market for pennies on the dollar. (On this .onion website, you can buy a $5,000 PayPal account for just $150, giving you a 3,333% ROI.) Use Vulnerability #1 to bypass the two-factor authentication easily. Use Vulnerability #3 to bypass the sending money security and easily send money from the linked bank accounts and cards. Alternatively, the scammer can use Vulnerability #1 to bypass 2FA and then use Vulnerability #4 to change the account holder’s name. That way, the scammer can lock the original owner out of their own account. While these are just two simple ways to use our discovered vulnerabilities, scammers – who have much more motivation and creativity for maliciousness (as well as a penchant for scalable attacks) – will most likely have many more ways to use these exploits. And yet, to PayPal and HackerOne, these are non-issues. Even worse, it seems that you’ll just get punished for reporting it. Share19TweetShare Bernard Meyer Bernard Meyer is a security researcher at CyberNews. He has a strong passion for security in popular software, maximizing privacy online, and keeping an eye on governments and corporations. You can usually find him on Twitter arguing with someone about something moderately important. Sursa: https://cybernews.com/security/we-found-6-critical-paypal-vulnerabilities-and-paypal-punished-us/
  29. 6 points
    Nu e nimeni mai presus de altcineva, nici aia de radeti de astia care pun intrebari aiurea, nici aia care radeti de cei deja mentionati, nici eu ca incerc sa va atrag atentia, nici aia care-si dau ochii peste cap si ies de pe subiectele astea, nici aia de nici nu intra pe-astea, nici aia care-au plecat de pe forum ca nu mai aveau ce face, nimeni. Nu e despre cine e mai superior, nu e despre bunastarea voastra mentala in urma a ceea ce cititi pe aici, nu e despre cat de incapabili sunteti voi sa intelegeti ce (vi) se scrie, nu e despre cat de usor sunteti de starnit intr-o discutie fara sens sau un meci de injuraturi neinspirate; un forum e doar o colectie de informatii, iar RST contine informatii din securitate, ce e pe langa ar trebui ignorat, iar de fiecare data cand nu le ignorati, tot ce faceti e sa contribuiti la inmultirea discutiilor pe langa. Cum interpretati voi ce se scrie pe-aici e fix problema voastra daca ajunge sa va afecteze. Puteti sa jigniti pe cine vreti, dar nu va veti rezolva niciodata problema initiala ca ati devenit afectati la un text pe un forum. Si e cu atat mai rau daca nici nu va era adresat. Legat de raspunsurile pe langa subiect sau jignirile de prin majoritatea topicurilor de genul... Rolul forumului astuia nu a fost niciodata sa stea dupa curul nimanui sa-l invete ceva; se posteaza cacaturi si chestii interesante, daca nu esti in cautare de auto satisfacere, te feresti de topicurile in care se injura orbeste, iti iei informatia si-ti vezi de treaba. Daca ai o intrebare de pus, o pui si interpretezi raspunsul. Si nu are rost sa te astepti sa ti se raspunda mereu pozitiv. Nu-ti e nimeni dator cu asta, insa, daca te strofoci un pic sa fii macar politicos, cel mai probabil ti se va raspunde politicos.
  30. 6 points
    Ba daca esti prost macar taci, sa nu se afle ca esti. Tu chiar nu vezi ca atragi numa hate? In toate topicurile esti negativist, deaia se comporta ceilalti rau cu tine. Pula mea nu stiu de ce nu ti-ai luat ban pana acum, probabil ai vre-un membru din staff care-ti tine spatele sau poate donezi pentru plata server-ului, altfel nu-mi explic. Util nu esti deloc pe forum-ul asta, in toate reply-urile tale descurajezi si instigi la ura. Cunostinte dovedite = 0 Prostie = 100% Lauda = 100% Dezinformare prin minciuna = 100% Ajutor pentru ceilalti membri = 0% (ba mai rau descurajezi si instigi la ura) Respect pentru cei din jur = 0% Content de calitate = 0% Facem un poll pt. ban Vasile? Cine se baga? Comunicam prin Upvote
  31. 6 points
    Real-Time Voice Cloning This repository is an implementation of Transfer Learning from Speaker Verification to Multispeaker Text-To-Speech Synthesis (SV2TTS) with a vocoder that works in real-time. Feel free to check my thesis if you're curious or if you're looking for info I haven't documented yet (don't hesitate to make an issue for that too). Mostly I would recommend giving a quick look to the figures beyond the introduction. SV2TTS is a three-stage deep learning framework that allows to create a numerical representation of a voice from a few seconds of audio, and to use it to condition a text-to-speech model trained to generalize to new voices. Video demonstration (click the picture): Papers implemented URL Designation Title Implementation source 1806.04558 SV2TTS Transfer Learning from Speaker Verification to Multispeaker Text-To-Speech Synthesis This repo 1802.08435 WaveRNN (vocoder) Efficient Neural Audio Synthesis fatchord/WaveRNN 1712.05884 Tacotron 2 (synthesizer) Natural TTS Synthesis by Conditioning Wavenet on Mel Spectrogram Predictions Rayhane-mamah/Tacotron-2 1710.10467 GE2E (encoder) Generalized End-To-End Loss for Speaker Verification This repo News 20/08/19: I'm working on resemblyzer, an independent package for the voice encoder. You can use your trained encoder models from this repo with it. 06/07/19: Need to run within a docker container on a remote server? See here. 25/06/19: Experimental support for low-memory GPUs (~2gb) added for the synthesizer. Pass --low_mem to demo_cli.py or demo_toolbox.py to enable it. It adds a big overhead, so it's not recommended if you have enough VRAM. Quick start Requirements You will need the following whether you plan to use the toolbox only or to retrain the models. Python 3.7. Python 3.6 might work too, but I wouldn't go lower because I make extensive use of pathlib. Run pip install -r requirements.txt to install the necessary packages. Additionally you will need PyTorch (>=1.0.1). A GPU is mandatory, but you don't necessarily need a high tier GPU if you only want to use the toolbox. Pretrained models Download the latest here. Preliminary Before you download any dataset, you can begin by testing your configuration with: python demo_cli.py If all tests pass, you're good to go. Datasets For playing with the toolbox alone, I only recommend downloading LibriSpeech/train-clean-100. Extract the contents as <datasets_root>/LibriSpeech/train-clean-100 where <datasets_root> is a directory of your choosing. Other datasets are supported in the toolbox, see here. You're free not to download any dataset, but then you will need your own data as audio files or you will have to record it with the toolbox. Toolbox You can then try the toolbox: python demo_toolbox.py -d <datasets_root> or python demo_toolbox.py depending on whether you downloaded any datasets. If you are running an X-server or if you have the error Aborted (core dumped), see this issue. Wiki How it all works (WIP - stub, you might be better off reading my thesis until it's done) Training models yourself Training with other data/languages (WIP - see here for now) TODO and planned features Contribution Feel free to open issues or PRs for any problem you may encounter, typos that you see or aspects that are confusing. I try to reply to every issue. I'm working full-time as of June 2019. I won't be making progress of my own on this repo, but I will still gladly merge PRs and accept contributions to the wiki. Don't hesitate to send me an email if you wish to contribute. Sursa: https://github.com/CorentinJ/Real-Time-Voice-Cloning
  32. 6 points
    Sursa: https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/README.md PENTESTING-BIBLE hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources. MORE THAN 1000 LINK MORE TO COME
  33. 6 points
    Ești un gay Ești o gay Ești maro la chiloței
  34. 6 points
  35. 6 points
    Am adaugat suport pentru Windows x64, Linux x86 si Linux x64. https://www.defcon.org/html/defcon-27/dc-27-demolabs.html#Shellcode Compiler
  36. 6 points
  37. 6 points
    Ala cred e fratele vostru de aici :))) kfollow si celalalte 20 de nicknames
  38. 6 points
    Daca ti-ai cumparat si camera buna te poti apuca de videochat.
  39. 6 points
    Scuze frate, de abea am venit de pe baltă. Ca sa compensez pentru intarziere, al doilea cod e din partea casei.
  40. 6 points
    Salutare all, In curand lansam acesta conferinta in Bucuresti, 17-18 Octombrie. HTZ pune accent foarte mare pe Ethical Hacking, iar dupa cum stim din ce in ce mai des apar incidente majore in industrie (data breaches or damage). Noi ne deosebim fata de alte conferinte prin challenge-urile de pen-testing, facute in totalitate de staff-ul nostru. Prin aceste challenge-uri va punem la incercare creativitatea si totodata skill-urile voastre de: pen-testing, scripting, social engineering, crypto si multe altele. Scopul nostru este va aruncam in mijlocul actiunii, sa ne indepartam putin de platformele online, sa interactionam mai mult face to face, sa ne cunoastem si altfel ... nu doar dupa NickName :). Challenge-urile incep in data de 11-12 Octombrie si o sa fie nevoie de deplasare prin Bucuresti, in diferite Geo Locations pentru a finaliza challenge-urile. Fiecare challenge te va ghida catre alt challenge! Evident, exista niste reguli pentru aceste challenge-uri, aceste reguli se regasesc pe website-ul nostru https://www.hackthezone.com/tickets/rules-and-tactics . La finalul acestor challenge-uri, ne vedem cu totii la conferinta din data de 17-18 Octombrie, in Crystal Palace Ballrooms, Calea Rahovei 198A, Sector 5. Da, o sa fim si noi pe scena sa va prezentam fiecare challenge cum trebuia rezolvat (walkthrough scenarios) si decernarea premiului. Premiul este luat de o singura persoana, the best of the best! Poti sa participi si cu echipa. Nu este nici o problema, dar tot cel mai bun timp facut de o persoana o sa fie premiat :D la final ... va impartiti voi premiul. La conferinta o sa avem mai speakers de top ce vor ilustra diferinte puncte de vedere despre IT Security, cum evolueaza atacatorii, cum am putea sa ne aparam mai bine si nu numai. Biletele pot fi achizitionate de aici : https://www.iabilet.ro/bilete-hackthezone-conference-challenges-43985 Website-ul nostru o sa fie in permanentat actualizat, iar mici detalii pot fie modificate sau imbunatatite. Pentru intrebari sau nelamuriri, puteti sa ne gasiti si pe canalul nostru de Slack la : https://www.hackthezone.com/slack . Have fun! AlexHTZ
  41. 6 points
    Why? I needed a simple and reliable way to delete Facebook posts. There are third-party apps that claim to do this, but they all require handing over your credentials, or are unreliable in other ways. Since this uses Selenium, it is more reliable, as it uses your real web browser, and it is less likely Facebook will block or throttle you. As for why you would want to do this in the first place. That is up to you. Personally I wanted a way to delete most of my content on Facebook without deleting my account. Will this really delete posts? I can make no guarantees that Facebook doesn't store the data somewhere forever in cold storage. However this tool is intended more as a way to clean up your online presence and not have to worry about what you wrote from years ago. Personally, I did this so I would feel less attached to my Facebook profile (and hence feel the need to use it less). How To Use Make sure that you have Google Chrome installed and that it is up to date, as well as the chromedriver for Selenium. See here. On Arch Linux you can find this in the chromium package, but it will vary by OS. pip3 install --user delete-facebook-posts deletefb -E "youremail@example.org" -P "yourfacebookpassword" -U "https://www.facebook.com/your.profile.url" The script will log into your Facebook account, go to your profile page, and start deleting posts. If it cannot delete something, then it will "hide" it from your timeline instead. Be patient as it will take a very long time, but it will eventually clear everything. You may safely minimize the chrome window without breaking it. How To Install Python MacOS See this link for instructions on installing with Brew. Linux Use your native package manager Windows See this link, but I make no guarantees that Selenium will actually work as I have not tested it. Bugs If it stops working or otherwise crashes, delete the latest post manually and start it again after waiting a minute. I make no guarantees that it will work perfectly for every profile. Please file an issue if you run into any problems. Sursa: https://github.com/weskerfoot/DeleteFB
  42. 6 points
    Daca aveti cont pe blockchain si il verificati (cu id) veti primi/ati primit deja niste Stellar (XLM). Daca nu, va puteti face cont aici https://www.blockchain.com/getcrypto si dupa verificare id va crediteaza contul cu ceva sume random. Majoritatea spun ca au primit echivalentul a 20-30 eur. Eu am primit echivalentul a 45 eur. XLM-ul se poate converti apoi in ETH sau BTC (sau altele) pe site-uri gen binance sau alte echivalente. Spor!
  43. 6 points
    Da, doar ca trebuie sa-ti pui windows-ul un modul de editare keyloggere. Vezi in C:/Windows/System32 ca este un fisier hal.dll Trebuie sa-l redenumesti in "Ehal.dll" si sa dai restart la pc.Asa windows-ul va sti ca este in Edit mode. Cand deschizi urm data keyloggerul o sa-ti apara interfata pentru editare, si tu bifezi nsite checkbox-uri cu ce vrei sa faca. //Am editat numele fisierului
  44. 6 points
    Razi ca melcul la priza. Depinde cum si unde anunta ISP-ul adresele IP sau daca bazele de date utilizate la geolocalizare au update-urile la zi. Se poate specifica orasul si poti chiar sa faci o functie bash weather() { if [ $# -eq 0 ] then echo "Usage: weather city_name" else curl -s http://wttr.in/$1 fi } Dupa ce o faci, poti introduce functia in profilul tau (ex: ~/.bashrc pentru root sau ~/.bash_profile pentru user). Dupa adaugare, pentru a relua environmentul trebuie sa te reautentifici sau sa executi comanda "source ~/.bashrc" sau "source ~/.bash_profile" (dupa caz) Demo aelius@macbook:~$ weather Usage: weather city_name aelius@macbook:~$ weather Lorrach Weather report: Lorrach \ / Partly cloudy _ /"".-. 16 °C \_( ). ↓ 6 km/h /(___(__) 10 km 0.0 mm ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Thu 18 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ │ _ /"".-. 13 °C │ _ /"".-. 19 °C │ _ /"".-. 20 °C │ _ /"".-. 17 °C │ │ \_( ). ← 5-8 km/h │ \_( ). ↙ 6-7 km/h │ \_( ). ↙ 8-13 km/h │ \_( ). ↙ 7-14 km/h │ │ /(___(__) 20 km │ /(___(__) 19 km │ /(___(__) 18 km │ /(___(__) 19 km │ │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Fri 19 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ │ _ /"".-. 15 °C │ _ /"".-. 23 °C │ _ /"".-. 21 °C │ _ /"".-. 19 °C │ │ \_( ). ↖ 5-7 km/h │ \_( ). → 3-4 km/h │ \_( ). ↓ 6-10 km/h │ \_( ). ↖ 4-7 km/h │ │ /(___(__) 20 km │ /(___(__) 19 km │ /(___(__) 16 km │ /(___(__) 16 km │ │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Sat 20 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ _`/"".-. Patchy rain po…│ \ / Partly cloudy │ \ / Partly cloudy │ _`/"".-. Patchy rain po…│ │ ,\_( ). 15..16 °C │ _ /"".-. 21 °C │ _ /"".-. 19 °C │ ,\_( ). 14 °C │ │ /(___(__) ← 4-5 km/h │ \_( ). ↙ 6 km/h │ \_( ). ↓ 9-12 km/h │ /(___(__) ↙ 7-13 km/h │ │ ‘ ‘ ‘ ‘ 20 km │ /(___(__) 19 km │ /(___(__) 17 km │ ‘ ‘ ‘ ‘ 19 km │ │ ‘ ‘ ‘ ‘ 0.7 mm | 23% │ 0.0 mm | 0% │ 0.1 mm | 50% │ ‘ ‘ ‘ ‘ 0.1 mm | 25% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ Follow @igor_chubin for wttr.in updates aelius@macbook:~$ weather Mannheim Weather report: Mannheim \ / Sunny .-. 19 °C ― ( ) ― ← 15 km/h `-’ 10 km / \ 0.0 mm ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Thu 18 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ \ / Sunny │ \ / Sunny │ \ / Partly cloudy │ \ / Partly cloudy │ │ .-. 13..14 °C │ .-. 18 °C │ _ /"".-. 19 °C │ _ /"".-. 16 °C │ │ ― ( ) ― ← 15-18 km/h │ ― ( ) ― ← 19-22 km/h │ \_( ). ↙ 16-25 km/h │ \_( ). ↙ 16-28 km/h │ │ `-’ 20 km │ `-’ 20 km │ /(___(__) 20 km │ /(___(__) 20 km │ │ / \ 0.0 mm | 0% │ / \ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Fri 19 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ \ / Partly cloudy │ │ _ /"".-. 15 °C │ _ /"".-. 20 °C │ _ /"".-. 20 °C │ _ /"".-. 18 °C │ │ \_( ). ← 13-15 km/h │ \_( ). ← 13-15 km/h │ \_( ). ← 11-15 km/h │ \_( ). ↙ 9-14 km/h │ │ /(___(__) 20 km │ /(___(__) 20 km │ /(___(__) 20 km │ /(___(__) 20 km │ │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ 0.0 mm | 0% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ ┌─────────────┐ ┌──────────────────────────────┬───────────────────────┤ Sat 20 Apr ├───────────────────────┬──────────────────────────────┐ │ Morning │ Noon └──────┬──────┘ Evening │ Night │ ├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤ │ \ / Partly cloudy │ \ / Sunny │ \ / Partly cloudy │ \ / Clear │ │ _ /"".-. 16 °C │ .-. 20 °C │ _ /"".-. 22 °C │ .-. 20 °C │ │ \_( ). ↙ 11-13 km/h │ ― ( ) ― ↙ 14-16 km/h │ \_( ). ↙ 12-15 km/h │ ― ( ) ― ↙ 12-20 km/h │ │ /(___(__) 20 km │ `-’ 20 km │ /(___(__) 20 km │ `-’ 20 km │ │ 0.0 mm | 0% │ / \ 0.0 mm | 0% │ 0.0 mm | 0% │ / \ 0.0 mm | 0% │ └──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘ Follow @igor_chubin for wttr.in updates aelius@macbook:~$
  45. 5 points
    Salutare, am facut ceva prezentare pentru Bluekeep. Daca doriti sa o vedeti va las linkul aici: https://drive.google.com/open?id=1VfZGrB70rzcGJmZGkRUmAQs854qVoZoV
  46. 5 points
  47. 5 points
    Security Tool Chest Anticipating and mitigating security threats is critical during software development. This paper is going to detail and investigate security vulnerabilities and mitigation strategies to help software developers build secure applications and prevent operating system leaks. This paper examines common vulnerabilities, and provides relevant mitigation strategies, from several relevant perspectives. This paper hopes to encompasses the cyber Kill chain as part of the five stage compramision stages, displaying relevant tools, books and strategies at each stage. Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration DLL Architecture References Reference Link : https://github.com/jmscory/Security-Tool-Chest/blob/master/README.md#reconnaissance
  48. 5 points
×
×
  • Create New...