begood

Origin Storage launched the Enigma self-encrypted drive (SED). Incorporating the 256-bit AES hardware encrypted 2.5” hard drives from Toshiba it provides permanent full disk encryption on the fly, which means no speed degradation when reading and writing data. Enigma SED is a compatible upgrade with all SATA based notebooks. Each hard drive is supplied with the correct fitting kit pre-mounted ready to fit straight into the laptop. Developed by WinMagic, MySecureDoc Express possesses a pre-boot authentication system that allows the user to authenticate using a password, removing the need for the drive to rely on the laptop’s BIOS which means that it is now possible to upgrade SATA based system to an Enigma SED. The Enigma SED solution also includes a data transfer cable and Acronis hard drive cloning software which provides a quick and simple way to move existing data from the laptops non-encrypted hard drive to the fully encrypted Enigma SED. Key features: * 256-bit AES hardware encryption * TCG “OPAL Standard SED” Drive * Supports Windows 7 * No BIOS Limitations * Password pre-boot authentication * 100% compatible matched solution * Fits SATA based laptop * Real-time encryption * Transfer existing data with ease * No speed degradation * Capacities up to 500GB and rising. http://www.net-security.org/secworld.php?id=9198

We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank’s IT Infrastructure and see how far we could get without detection. This is a bit different than most penetration tests as we weren’t tasked with identifying risks as much as we were with demonstrating vulnerability… The first step of any penetration test is reconnaissance. Reconnaissance is the military term for the passive collection of intelligence about an enemy prior to attacking that enemy. It is technically impossible to effectively attack an enemy without first obtaining actionable intelligence about the enemy. Failure to collect good intelligence can result in significant casualties, unnecessary collateral damage and a completely failed attack. In penetration testing, damages are realized by downed systems and a loss of revenue. Because this engagement required stealth, we focused on the social attack vectors and Social Reconnaissance. We first targeted FaceBook with our “FaceBook from the hackers perspective“ methodology. That enabled us to map relationships between employees, vendors, friends, family etc. It also enabled us to identify key people in Accounts Receivable / Accounts Payable (“AR/AP”). In addition to FaceBook, we focused on websites like Monster, Dice, Hot Jobs, LinkedIn, etc. We identified a few interesting IT related job openings that disclosed interesting and useful technical information about the bank. That information included but was not limited to what Intrusion Detection technologies had been deployed, what their primary Operating Systems were for Desktops and Servers, and that they were a Cisco shop. Naturally, we thought that it was also a good idea to apply for the job to see what else we could learn. To do that, we created a fake resume that was designed to be the “perfect fit” for a “Sr. IT Security Position” (one of the opportunities available). Within one day of submission of our fake resume, we had a telephone screening call scheduled. We started the screening call with the standard meet and greet, and an explanation of why we were interested in the opportunity. Once we felt that the conversation was flowing smoothly, we began to dig in a bit and start asking various technology questions. In doing so, we learned what Anti-Virus technologies were in use and we also learned what the policies were for controlling outbound network traffic. That’s all that we needed… Upon completion of our screening call, we had sufficient information to attempt stealth penetration with a high probability of success. The beauty is that we collected all of this information without sending a single packet to our customer’s network. In summary we learned: * That the bank uses Windows XP for most Desktops * Who some of the bank’s vendors were (IT Services) * The names and email addresses of people in AR/AP * What Anti-Virus technology the bank uses * Information about the banks traffic control policies Based on the intelligence that we collected we decided that the ideal scenario for stealth penetration would be to embed an exploit into a PDF document and to send that PDF document to the bank’s AR/AP department from the banks trusted IT Services provider. This attack was designed to exploit the trust that our customer had with their existing IT Services provider. When we created the PDF, we used the new reverse https payload that was recently released by the Metasploit Project. (Previously we were using similar but more complex techniques for encapsulating our reverse connections in HTTPS). We like reverse HTTPS connections for two reasons: * First, Intrusion Detection Technologies cannot monitor encrypted network traffic. Using an encrypted reverse connection ensures that we are protected from the prying eyes of Intrusion Detection Systems and less likely to trip alarms. * Second, most companies allow outbound HTTPS (port 443) because its required to view many websites. The reverse HTTPS payload that we used mimics normal web browsing behavior and so is much less likely to set off any Intrusion Detection events. Before we sent the PDF to the our customer we checked it against the same Antivirus Technology that they were using to ensure that it was not detected as malware or a virus. To evade the scanners we had to “pack” our pseudo-malware in such a way that it would not be detected by the scanners. Once that was done and tested, we were ready to launch our attack. When we sent the PDF to our customer, it didn’t take long for the victim in AP/AR to open it, after all it appeared to be a trusted invoice. Once it was opened, the victim’s computer was compromised. That resulted in it establishing a reverse connection to our lab which we then tunneled into to take control of the victims computer (all via HTTPS). Once we had control, our first order of operation was to maintain access. To do this we installed our own backdoor technology onto the victims computer. Our technology also used outbound HTTPS connections, but for authenticated command retrieval. So if our control connection to the victims computer was lost, we could just tell our backdoor to re-establish the connection. The next order of operation was to deploy our suite of tools on the compromised system and to begin scoping out the internal network. We used selective ARP poisoning as a first method for performing internal reconnaissance. That proved to be very useful as we were able to quickly identify VNC connections and capture VNC authentication packets. As it turns out, the VNC connections that we captured were being made to the Active Directory (“AD”) server. We were able to crack the VNC password by using a VNC Cracking Tool. Once that happened we were able to access, the AD server and extract the servers SAM file. We then successfully cracked all of the passwords in that file, including the historical user passwords. Once the passwords were cracked, we found that the same credentials were used across multiple systems. As such, we were not only able to access desktops and servers, but also able to access Cisco devices, etc. In summary, we were able to penetrate into our customers IT Infrastructure and effectively take control of the entire infrastructure without being detected. We accomplished that by avoiding conventional methods for penetration and by using our own unorthodox yet obviously effective penetration methodologies. This particular engagement was interesting as our customers goal was not to identify all points of risk, but instead was to identify how deeply we could penetrate. Since the engagement, we’ve worked with that customer to help them create barriers for isolation in the event of penetration. Since those barriers have been implemented, we haven’t been able to penetrate as deeply. As usual, if you have any questions or comments, please leave them on our blog. If there’s anything you’d like us to write about, please email me the suggestion. If I’ve made a grammatical mistake in here… I’m a hacker not an English major. SNOsoft Research Team: Hacking Your Bank

This is a software and instructions bundle for hacking encrypted wireless networks WEP WPA and WPA2 I managed to crack all three encryption using these using windows XP + Atheros AR5005G Wireless Network Adapter. Please do not use this in any illegal way. (educational purposes only) Includes: -Working copy of aircrack -Airowizard -Commview Drivers -Netstumbler (to view hidden networks and see their amplitudes) -MAC Address Changer -Thompson router pass-key generator -Video instructions NOTE: YOU MUST HAVE A WIFI CARD THAT SUPPORTS COMMVIEW! If you have ANY trouble feel free to email me at: bagsda@hotmail.com Dont forget to seed Magnet link torrent hash : EBADE7409C7C637ED03B225E24E99556154DCDE9 (google it) Wireless Network Hacking software/instructions (WEP WPA WPA2) (download torrent) - TPB

sorry about that. imi facea fi?e forumul si a trebuit sa editez. POST UPDATED.

Q: Who is behind the Cyber Security Challenge A: The Challenge is bringing together leading experts in cyber security from across the UK and beyond. They are working together to design and develop a series of challenges/competitions that will test the nation’s cyber security skills. This group is led by a management team consisting of professional bodies, government departments, private industry, and public sector organisations. A full list of the participants can be found at about us. Q: If Cyber Security Challenge UK Ltd is a private company, is this a money-making initiative? A: No. The Challenge is a not for profit company and many leading people are giving us their time and donating facilities because they understand the value of our work. It is designed to help create an environment where we can grow and improve the quality of the UK pool of cyber security talent. To get there we need to take some important project management and administrative steps and we have established a legal entity to manage what is a complex small business. Q: Are you collaborating with the US given it has run cyber challenges in the past? A: Yes, this is a valuable partnership. Those running the US Challenge have been very supportive. The Sans Institute is a founder sponsor of Cyber Security Challenge UK and both they and The Cyber Crime Unit from the US Department of Defense have offered to share competition material with us. Q: Why are you launching now when you are not open to candidates? A: We decided to announce the challenge first to the information security community. Whilst we are already deep into the planning and design of the games, we want to encourage as many organisations and individuals from the sector as possible to participate and support the Challenge in a variety of ways. Q: When will you be accepting candidates? A: We have yet to set a date because we need to finish development of the competitions/games. Things are moving forward rapidly and we fully anticipate launching to candidates in Autumn 2010. Q: Why did you participate in a survey? A: We wanted to evidence the reasons why the Challenge is needed and the results speak for themselves. 90% have difficulty in recruiting and nearly 60% expect there to be more jobs in cyber security in the next 5 years. There is an increasing need for cyber security professionals and a current deficiency. The survey was sponsored by Sans who collected some fascinating material for a Sans Booklet on the Top 20 Coolest Jobs in Cyber Security. We also got a lot of useful data on cyber security jobs to help inform people of the variety and interest of jobs in the profession. The results of the survey, including some quotes about what people said about their jobs is on our website. Q: What will the competitions look like and who will run them? A: The competitions will be a series of online games that will test candidates’ cyber security abilities. Whilst the focus of each competition is yet to be confirmed, the first three are most likely to be focused on defending networks, identifying website code vulnerabilities, and digital forensics. These will all be virtual tasks that anyone can access online, allowing any number of competitors to enter from any computer. Each competition will follow a different format to offer true variety. Some may be designed for teams, others for individuals. Q: Will there be more than one winner? A: We have yet to determine whether we will bring the finalists from all competitions together for a single face to face workshop and final or whether we will run separate workshops and finals for each competition. There will be a number of winners and prizes will include opportunities to further careers for example through private sector training courses, internships in leading companies and scholarships. Q: Can you give me more detail on what candidates will be asked to do? A: They will be asked to solve the sort of problems cyber security professionals encounter every day. This may range from defending technology networks from attack, to identifying malicious code in websites. At stage two it is likely that candidates will need to demonstrate technical, interpersonal, and decision making skills. Initially our competitions will not test all the skills business and Government need and we expect to grow over time to meet the variety of the need. As our plans solidify we will publish more information. Q: What happens to successful candidates that show promise? Is there a second round? A: Those that succeed in the first set of competitions will go on to round two which will comprise face to face challenges and some training and development. These plans are also in development but we have received some fantastic creative ideas from companies interested in working on that part of the Challenge. More about this will be revealed when we launch to competitors. http://cybersecuritychallenge.org.uk/

word !

posteaza pe forumul lor. era hertz, nu stiu daca si altii.

retine atat doar : 8ADKY5 iar apoi bit.ly

Mata-i grasa _)_ ratonu' ala-i motto-ul nostru !

This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity - benefits many other related cheat sheets don't exactly provide. The core will be a frequently updated JSON file which you can download, mirror, host, fork, modify for own special purposes. We will also provide an eye-friendly HTML5 (haha) version of the cheat sheet showing the vectors and the detailed descriptions as well as providing click-to-see examples and more. X ...will be stored in JSON like this (storage format specs are not done yet): { id:1, type:2, name:'XSS via onscroll', data: 'X', description: 'A small vector displaying the HTML5 form and formac ... the supported browsers.', browsers:{'Opera':['10.5']}, payload:{'pos_1':'javascript:alert(1)'}, tags:['xss', 'html5', 'ff', 'gc'] } ...and finally displayed nicely on a HTML5 page using the JSON data. The main goal of the project is to be as open as possible. You have a new vector or issue to add? Just post a ticket and we will take care of it. You want to contribute to the JSON or other parts of the code base? Drop us a line and we will most probably add you as a committer. html5security - Project Hosting on Google Code Cei mai interesati de proiect, check this. //wtf is wrong with the the forum ? brb

te durea mana sa incerci ? da, ti-l citeste si din pom !

merge brici. meh, forum.torrents.ro e forum vechi si cu foarte multi useri, printre care si de calitate.

Vulnerabilitati site-uri SQLI si XSS si altele - TORRENTs.RO vreau sa vad caterinca ! Un y! id : WknZs

remuszica ban un an, poate mai cresti. motiv : ultimele 20 de threaduri au ajuns sau la cele mai penale posturi sau la cosul de gunoi.

ca ti-o fi greu sa dai google... ps: nu postati parola.

)))))))))))) ce mutra face baba din public O fost? actri?? porno înghite foc topless, la Britain's Got Talent - VIDEO ?I FOTO | REALITATEA .NET

Bun venit.

Nu neaparat. Is ratati si la 50 de ani, care dau p'aci si habar nu au de chestii pe care le face un baietel de 15 ani.

Challenge closed. Rezolvarea scrisa de Lemish @ hackpedia.info : Hackpedia - View topic - [begood] RST MD5 Math Challenge Un "sub-challenge" : Scrie cel mai eficient program in ce limbaj de programare doresti, care sa rezolve probleme de genul acesta. evident cu sursa publica.

http://www.pvmgarage.com/en/2010/04/touch-the-future-create-an-elegant-website-with-hmtl-5-and-css3/ Multiupload.com - upload your files to multiple file hosting sites!

Sa inteleg ca tu esti valul Cancan ?

puah, zbori. ban. http://www.virustotal.com/analisis/7a395d0c4525ad45b5a77bfd33f058a99b0d3d5311ee0fdeb4cfe68e523f1b1f-1271766360

@daatdraqq sigur are si boase daca a intrat pe un forum de genul.

"Haiduci" , "web-golani", "cavaleri ai internetului", hackerii de la Romanian National Security au averizat c? ac?iunile lor vor continua în s?pt?mânile ce urmeaz?. Ei nu vor ataca siteurile, ci vor transmite doar mesaje ??rilor care sunt neprietenoase cu românii. Un grup de 20 de tineri "lucreaz?" la Romanian National Security, gruparea care a "spart" siturile The Telegraph ?i Le Monde, la o distan?? de cinci zile. Într-un interviu pentru Evenimentul Zilei unul dintre membrii grup?rii a povestit care este modul de ac?ionare ?i ce îi îndeamn? s? fac? asta. Tân?rul, în vârst? de 17 de ani nu a vrut s?-?i dezv?luie identitatea. De fapt, a spus el, cei 20 de membri ai grup?rii nu se cunosc între ei. Doar p?rin?ii lui, care sunt ?i ei na?ionali?ti, ?tiu ceea ce face ?i sunt de acord cu asta. În rest, are o via?? normal? - "preg?tire pentru bac, gr?tare în week-end ?i întâlniri cu iubita". Tân?rul a spus c? semnalul de alarm? a fost tras pentru c? "românii sunt, în general, mult prea toleran?i. Publicitate Ne-am s?turat s? fim îmbrânci?i, trebuie s? punem piciorul în prag!". El a ?inut s? precizeze c? Romanian National Security nu este format? din rasi?ti ?i a ?inut s? le cear? scuze "romilor care duc o via?? onest? ?i cunosc atât munca cinstit?, cât ?i respectul". De?i românii sunt cunoscu?i ca fiind foarte buni informaticieni, metoda de operare presupune ?i o foarte bun? sincronizare a celor care vor s? modifice un site. " Site-urile s-au «spart» printr-o metod? numita SQL Injection, prin care am extras datele de logare ale administratorilor, ne-am logat sub contul acestora, în panoul de control, de unde am uploadat pe serverul lor un script care ne u?ura munca ?i care ne d?dea acces la tot serverul. Prin scriptul acela am modificat prima pagin?", a descris tân?rul metoda de operare. "Dac? voiam, puteam sustrage informa?ii confiden?iale, puteam infecta calculatoarele redac?iei ?i pe cele ale cititorilor care accesau site-ul", a ad?ugat hackerul, dar s-au limitat la a afi?a un mesaj în român?, pentru ca englezii ?i francezii "s?-?i bat? capul cu traducerea". Cavalerii internetului se dezic îns? de infractorii informatici. Ei nu ?i-au folosit niciodat? cuno?tin?ele în IT pentru beneficii materiale, informatica ?i securitatea IT fiind pentru ei "un hobby". Reamintim c? hackerii români care au spart site-ul lemonde.fr au cerut presei franceze s? respecte România. "Aceasta nu este o mi?care de rezisten??, un protest, sau o revolt?! Este strigatul întregului popor român ce face apel la fra?ii no?tri care au uitat c? ?i în venele noastre circul? un sânge român. Sângele ce-a fost jertfit ?i v?rsat pe câmpurile de lupt? pentru a fi scris? istoria neamului nostru cere acum DREPTATE. Eroii patriei noastre nu vor muri niciodat?! Vrem s? nu se uite CINE l-a v?rsat pentru ca România s? existe ast?zi pe hart?, s? le amintim copiilor ?i nepo?ilor no?tri, s? îi respect?m cu onoarea cuvenit?. Ne-a ajuns atâta ?batjocur?.?iganii nu sunt Români! Nu ei ne-au scris istoria! Când vorbi?i despre compatrio?ii no?tri nu mai folosi?i expresiile "?igani Români". Noi v-am respectat Fran?a, voi ne ve?i respecta ROMANIA! R.N.S. VEGHEAZ? pentru ca aceste lucruri s? fie înf?ptuite", au scris ace?tia. Web-golanii de la RNS povestesc cum au spart site-ul Le Monde - Cotidianul

cum scapa unu, i squash him. am arma noua matura ! ))))))))))))))))