begood

Learn how to hide your mac address, capture data over wireless, decrypt it and then decode it for reviewing. In this video a live demo of the following tools will be shown - airpcap, mac makeup, netwitness, cain, truecrypt, and wireshark. How to Covertly Monitor Encrypted WIFI Networks Tutorial

According to Thursday reports about 25000 organizations around the world has been affected by the Botnet. This Botnet is newly discovered virus and affected 75000 systems in these organizations. According to the Va-based detection company Herndon the Net witness have told that this new invasion dubbed the “Kneber Botnet” after the username linking the contaminated system world wide, they gather the user logins qualifications to online economic systems, community network sites and e-mail systems. This system information is basically used by the hackers. With the help of this information they break into the user accounts and steal the business. They can also steal the government’s important information. The hackers can change the personal, online and financial identities with the help of this information. The company officials said that Kneber Botnet had snagged about 68000 corporate and personal login qualifications. The sites which have been affected by this discovery include Palo Alto-based Facebook Inc. and Sunnyvale-based Yahoo Inc.’s e-mail system. According to a report that the Mountain View-based Google Inc. had taken a decision that they will move out of China because the hackers in China have targeted g-mail and its other sites. Kneber is a ZeuS Trojan Botnet which has the ability to steal the main information from a computer. It only affects the Windows Machines and the computers which are running Windows XP Professional SP2. These computer systems make majority of the Botnet. Though this Botnet targets only the big organizations but they grow there targets by convincing the user to visit the malicious websites and by making them download things from there. So all the computer users be aware of this Botnet. Kneber Botnet

ce parere aveti despre filmul "the invention of lying" ? mi se pare *cea mai buna* explicatie pentru "inventarea" divinitatii.

Annotation (Harper's Magazine): Keyword: Evil

Human evolution - Wikipedia, the free encyclopedia nu e un lant, ci ce e o ramificatie.

TROJAN PASSWORD STEALER Virustotal. MD5: bae937f496111848aaa0f6efa28cc731 Suspicious.Insight Heuristic.BehavesLike.Win32.PasswordStealer.H Trojan:W32/Swisyn.gen!B

de aveti nevoie de hashuri sparte, va stau la dispozitie, asta vreau s-o vad =)

Azi, pe la 10, exact când am plecat spre sal?, primesc un telefon cu num?r ascuns. R?spund ca un om curios. el: "Alo", pe un ton calm, "Sunt baiatu de la cablu, v-am sunat în legatur? cu problema dumneavoastr?". eu: "Da? de la ce companie suna?i? " el: dupa o pauz? ?i un "???" mai alungit "De la compania dumneavoastr? de cablu, TV" ?i a inventat el un nume în grab?, "PTV" eu: "Aha", pe un ton plictisit, deja eram sigur ca e o gluma proast? eu: "Vai de mine, dar ce s-a întamplat??" pe un ton speriat încerc?nd s? m? adaptez situa?iei comice el: "Dumneavoastr? v? numi?i Mihai Tchaikovsky ?" eu: pufnind în râs, "DESIGUR! eu sunt descendentul direct al lui Tchaikovsky!!!!" eu : "La cât va pot a?tepta, azi? s?pt?mâna asta? Azi este o problema.. mi-a murit pisica, ?i m? duc cu prietena s? o îngrop pe la 17" el: uimit, ne?tiind ce s? zica ) : "?????..." eu: adaug eu repede "azi la 15 v? convine ? c? pe atunci sunt liber !" el: "Sta?i s? verific, la 15 e perfect !" el : "Pe ce strad? sta?i dumneavoastr??" eu: "Dapoi nu scrie pe contract strada mea? sunt sigur ca este notat?" el: iar se blocheaz?...deja îmi era mila de el "ah..." eu: încercând s?-l ajut, "îmi imaginez ca e?ti pe teren ?i nu ai contractul cu tine", îi zic o adres? la abureala "strada Frunzei num?rul 3 apartament 12" el: "ok" eu: "Sper c? m? suna?i la 15, nu vreau s? întarzii la înmormantarea pisicii mele !!" el: asta era like WTF O_o cri cri... dezam?git ca nu i-a ie?it figura zice am?rât, "V? sun." Înc? nu e 15.. mai astept

vi'l inchide rapid.

Harvard / Cambridge depinde ce vrei tu, te interesezi de profesorii pe care ii vei avea, cauti info despre ei, poate fi si faculta mai slaba, daca ai ca profesor un geniu.

titlul spune "erase the tracks", asta implica a lasa urme in prealabil. depinde de sistemul de operare in cauza. daca nu vrei sa lasi urme de la bun inceput e alta poveste.

script kiddies have lotz of fun => they become interested => they learn.

chiar o sa fie ceva... nessus + metasploit + core impact + nmap + neXpose = luv.

Today we announced that CORE IMPACT Pro will be integrated with Metasploit in our next scheduled product release. As such, I just thought that I’d take the opportunity to let you know why we decided to do this. Actually, the answer is quite simple, and it’s the same reason we do most of what we do in our products: we integrated with Metasploit because our customers wanted us to do it. This type of integration is actually something we’ve heard a good deal of feedback about, and so we’ve been examining the idea internally for a couple of years. Many of our customers run Metasploit alongside IMPACT Pro for the same reason that many people used two scanners when Nessus was free for commercial use… that is, because they can. Even though IMPACT Pro has far broader, deeper security content, including most of what’s in Metasploit, the truth is that it only takes that one vulnerability that you’ve missed for the bad guys to get in. If in a particular instance Metasploit has something we don’t, or something implemented differently so that it applies to a particular environment in another way, it’s worth it for testers to have that opportunity to double check and cross-reference their work. In addition, many people run Metasploit for a while just to get started with penetration testing or because of budget reasons before they move on to using IMPACT Pro. Often they’ve learned certain things from using Metasploit, or may have customizations that they built in the framework that they haven’t yet moved over to IMPACT Pro. We want to support that evolution. And finally, there’s the double-edged sword of being able to use an attack tool that’s fully available to anyone, as Metasploit is. It’s always possible that someday it will be used against you, so, it’s a good idea to try it out on yourself in addition to leveraging the comprehensive testing provided by IMPACT Pro. Based on the feedback we received across our customer base, from our most technical consulting and red team clients to those who primarily use IMPACT Pro’s automation to point and shoot, we are providing two levels of Metasploit integration for each type of user. For the expert, who is using Metasploit by hand to test systems, we’ll provide a way for a system with Meterpreter loaded on it through a Metasploit compromise to then have an IMPACT Pro agent loaded on it. This way, the user can use IMPACT Pro’s follow-on tools, including pivoting, local privilege escalation, assessment of multiple attack vectors and reporting, with that system in our product’s environment. For the point and shoot user, we are integrating our automation with Metasploit’s db_autopwn feature so that they can take advantage of Metasploit’s basic capabilities via IMPACT Pro without first having to learn how to use them. Many people may ask why we would integrate with the “competition,” especially since the Metasploit project is now owned by a commercial entity and likely to spawn new commercial products. Our view is that the Metasploit Project is not purely competition (see my blog post on the topic when the project was acquired) and that open source projects in every market help educate users and bring together creative ideas to push the involved technology’s value even further. Every new user of Metasploit is a new potential user of IMPACT Pro in the future. The framework allows more people to see and understand what the penetration testing process can do for them, and then they can look to us for the most advanced, commercial automated penetration testing technology that has been professionally built and matured for almost a decade. We know that to be successful, we have to provide the most value in IMPACT Pro that we can, and that this value is best defined by our customers; as long as we keep listening to them, we will continue to stay ahead of any competition. A market leader always benefits most from continuing development in its space as long as they stay open to their current and future customers, and can move quickly to address demand. As I said above, the real reason we’re announcing Metasploit integration today is the same reason we do almost everything we do at Core Security today – because our users wanted it. -Fred Pinkett, Vice President of Product Management Integrating CORE IMPACT Pro with the Metasploit Project Core Security Technologies

sunt curios, la va ajuta sa faceti DoS la un browser ? fortezi utilizatorul sa il redeschida ? pierde date utilizatorul ? ce-i asa deosebit ? vreau idei. sa zicem ca la un server inteleg la ce foloseste DoS-ul dar, la un browser ?

OpenVas and db_autopwn on backtrack 4 http://www.youtube.com/watch?v=BY2LCGUjm7k merita vazut, ms devianc3.

The Autopwn feature of Metasploit can be used to turn it into a security scanner. This is a brief demonstration on the metasploit framework's autopwn feature using an nmapped host(s) and service(s) as exploitation targets and automating/launching the exploits based on nmapped ports. In this video, the author first creates a database in Metasploit using the db_create command. Then he scans the host using the db_nmap command, which also stores the scan information in the DB. He then runs Db_autopwn to try various exploits on the remote host and break into it. Thanks to xsploitedsecurity for creating this video. This is a recommended watch for pentesters! Turning Metasploit into a Vulnerability Scanner using Autopwn Tutorial

The TippingPoint Zero Day Initiative (ZDI) is proud to announce that the annual Pwn2Own contest is back again this year at the CanSecWest security conference held in Vancouver, BC on March 24th 2010. As the contest name implies, if you successfully exploit a target you get to keep it along with a ZDI cash prize and related benefits. This is our 4th year running and to commemorate we have increased the total cash prize amount to $100,000 USD. If you're unfamiliar with the past history of this competition check out the archived 2008 and 2009 blog entries. This year the competition will have two main technology targets. In keeping with tradition the first portion of the event will attempt to bring to light the current security posture of market-leading web browser and operating system pairings. The multifaceted web browser continues to occupy a critical presence on the client-side attack surface. As Adobe, Google, and an estimated 30 other companies affected in the Aurora incident can attest to, the security posture of these products merits a yearly public evaluation by the research community at large. The second portion of Pwn2Own 2010 offers bounties for vulnerabilities affecting mobile phones. The increased presence and capabilities of smart phones has brought with it the same security issues and attention traditionally reserved for non hand-held platforms. Vulnerabilities in parsing media, dynamic web content, e-mail, and other client-side issues have been published in the past. Additionally, many of the communication protocols that mobile phones implement are the focus of a burgeoning field of security research (ex: Lackey, Langlois, Bailey). The data stored and communicated across these devices is increasing in value to attackers. Registration Pwn2Own will be held over the course of three days starting on March 24th with the browser and the mobile contests running concurrently. To register for the competition, send us an e-mail at ZDI@tippingpoint.com. Competitors will be assigned a random half hour time slot. Following the Contest This blog entry will be updated frequently and serve as the main point of information dissemination. Additionally, you can get real-time updates and provide real-time feedback via our ZDI Twitter account @theZDI. Please direct all press inquiries to: Jennifer Lake <jlake@tippingpoint.com> Target: Web Browsers $40,000 of the total $100,000 cash prize pool is allotted to the web browser portion of the contest, each target is worth $10,000. The browser targets this year will include the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari. To highlight the efficacy of operating system level protections we have structured the ZDI bonus point amounts to reflect the difficulty of exploitation. Once a target has been successfully compromised it will be removed from the competition. Thus, a successful day one attack on a specific browser must overcome the latest and greatest flagship operating system with all exploit mitigations activated in their default state. Day 1 The target pairings for day one are: * Microsoft Internet Explorer 8 on Windows 7 * Mozilla Firefox 3 on Windows 7 * Google Chrome 4 on Windows 7 * Apple Safari 4 on MacOS X Snow Leopard In addition to the underlying laptop and $10,000 USD cash prize, successful competitors on day one receive 20,000 ZDI bonus points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas. Day 2 The target pairings for day two are: * Microsoft Internet Explorer 7 on Windows Vista * Mozilla Firefox 3 on Windows Vista * Google Chrome 4 on Windows Vista * Apple Safari 4 on MacOS X Snow Leopard In addition to the underlying laptop and $10,000 USD cash prize, successful competitors on day two receive 15,000 ZDI bonus points which immediately qualifies them for Bronze standing. Benefits of ZDI Bronze standing include a one-time $1,000 USD cash payment and a 10% monetary bonus on all ZDI submissions in 2011. Day 3 The target pairings for day three are: * Microsoft Internet Explorer 7 on Windows XP * Mozilla Firefox 3 on Windows XP * Google Chrome 4 on Windows XP * Apple Safari 4 on MacOS X Snow Leopard In addition to the underlying laptop and $10,000 USD cash prize, successful competitors on day three receive 9,999 ZDI bonus points which puts them just one ZDI submission away from Bronze standing for the year ;-) Target: Mobile Phones $60,000 of the total $100,000 cash prize pool is allotted to the mobile phone portion of the contest, each target is worth $15,000. A successful hack on these targets must result in code execution with little to no user-interaction. Expect updates on the rules as the contest approaches. The current target list is as follows: * Apple iPhone 3GS * RIM Blackberry Bold 9700 * A Nokia device running Symbian S60 (likely the E62) * A Motorola phone running Android (likely the Droid) In addition to the mobile device and $15,000 USD cash prize, successful competitors will receive 20,000 ZDI bonus points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas. Any non remote code execution entries accepted by the judges reduces the point giveaway to 9,999 ZDI bonus points which puts the competitor just one ZDI submission away from Bronze standing for the year ;-) Happy hunting TippingPoint | DVLabs | Pwn2Own 2010

ma bad, *berea face bine la suflet*

n-are sens sa te distrezi ?! error, error, system overload, autopwn.

...vezi pagina 1.

o alternativa mai "umana" :

bravo, era si relevant punctul tau de vedere ca intotdeauna. btw, s-a chinuit cineva sa-l scaneze pana acum ?

ahahahahhahahahahaha