Jump to content


  • Posts

  • Joined

  • Last visited


11 Good

About Amidamaru

  • Rank
    Registered user
  • Birthday 03/01/1978

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Am vrut sa-ti scriu ceva dar mi-am dat seama suficient de repede ca nu se merita. Intram in polemici aiurite. Imi sterg si postul initial.
  2. Da-i inainte prietene @spirited_wolf. La cati mai multi follow'ers pe facebook si twitter. "Pacat" pentru voi ca in RO inca va trebuie vize.
  3. " In the real example cases, you will see in this post, escaping SHOULD NOT be the option ... please go for encoding. I found many instances of the following types of reflections in the wild where one SHOULD NOT use escaping but unfortunately it is there. " Original source
  4. Interesant. Mai ales partea asta: "One common reason to build a REST API is to communicate with a JavaScript front-end through AJAX. For some applications, these requests should be allowed to come from any domain, not just your API’s home domain. By default, most browsers disallow this behavior, so let me show you how to set up cross-origin resource sharing (CORS) in Bottle to allow this: " REST si CORS sunt, aparent, ca soaricele si pisica. Daca testezi 10 site-uri cu REST, inclusiv gov sau mil, in 8 din ele CORS este configurat aiurea si poti avea niste surprize majore. Anyway, merci pentru articol.
  5. Un write up frumos din partea unei tanti din Romania ce aparent traieste in Canada. Contine cateva puncte bune. " Are penetration testing phases different from the ones of a malicious attack? The answer is no. Both malicious attackers and penetration testers go through the same stages or phases in their attacks/tests: 1. Gathering Information phase. During this stage, as much as possible data on the target is collected (e.g. the target IP address range, domain name registration records, mail server records, etc.), to design the blueprint of the target. 2. Scanning phase. The target is scanned for entry points such as wireless access points, lnternet gateways, available systems, running services, vulnerability lists, and port listening. Other tests would check if default user IDs, passwords, and guest passwords have been disabled or changed and no remote login is allowed. 3. Gaining Access phase. Based on the vulnerabilities which were identified during scanning, attempts are made to access the system. To accomplish this task, one could use automated exploit tools, or legitimate information obtained from social engineering. 4. Maintaining Access phase. Once access has been acquired, attempts are made to escalate the privileges to root/admin and then to upload a piece of code (also named “backdoor”) on the target so that access to the target is maintained independent from the authorized entry points into the system/network. This will allow to connect to the target anytime. 5. Covering Tracks phase. This phase is same important as the previous ones, as leaving a mark can show how elevated access to protected resources can be obtained and this information can be later on maliciously be used by others with access to the system. This phase involves restoring the system to normal pretest configurations, which includes removing files, cleaning logs, registry entries, deleting the uploaded backdoor, etc. " Source: Adeptus Mechanicus PenTest - DEICE-S1.140
  6. CVE-2015-1793 Overview: The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. Si video explanation: explaining video
  7. Are Eastern European and Middle Eastern hacking groups looking to recreate a digital Ottoman Empire? Norse Intelligence Analysis Team has identified several indicators that reveal a trend involving groups located in the Middle East working closely with European hackers to share Tactics, Techniques, and Procedures (TTPs) for conducting politically and ideologically-motivated hacks. link
  8. Corect. Ca si experienta personala, am testat in timp diferite tipuri de CV-uri, EU format, UK format. Whatever. Ideea este ca de exemplu, este foarte greu sa ai un CV okay pentru un job localizat in US sau Asia / Pacific. Fiecare cu stilul lor. Eu am platit la un moment dat o firma din UK pentru CV + Scrisoare de intentie + Linkedin profile = 100 Lire. Nu a fost foarte mult. Diferenta s-a vazut aproape imediat pe zonele unde se merge pe stilul Anglo Saxon(UK / Australia / NZ / US / Middle East / etc). CV-ul este maxim 1.5 pagini, scurt si la obiect, fara Ion Creanga style. Eventual, da-mi PM si cred ca pot sa-ti trimit ce firma am folosit. daca nu iti raspund imediat nu te speria, exista o mega diferenta de fus orar intre noi Ahh, si inca o chestie. Cu ceva timp in urma am folosit asta pentru a crea un alt tip de CV. Ideea mi s-a parut interesanta si output-ul este nice. https://jsonresume.org/getting-started/ Toate cele bune.
  9. Link-ul initial nu mai merge. Mirror link: Syngress.Hacking.Web.Intelligence
  10. From personal experience referitor la b?ie?ii astia din Praga, ING. "Banii e foarte putini". atât pentru pozi?iile junior cât ?i senior. Pare interesant ca ?i experien?? de viata dar daca pui pe hârtie parc? nu prea r?mâne cine ?tie ce $ pentru a merita. Iar via?? nu est chiar ieftina nici pe acolo. Similar ?i pentru pozi?iile ING, Polonia. E aceia?i discu?ie. Acum ?ine de fiecare.
  11. Salut, Ar exista pe undeva un joc de genul celui de mai jos dar pentru Assembly? CheckiO PS. Pentru cei interesati uite si un link cu referire si la alte site-uri oarecum similare: Exercism Help - Alternatives Merci!
  12. Nice description mah_one but somehow you've spoiled the beauty of that level
  13. Amidamaru


    FYI: Cuponul acela nu mai merge. Se poate insa cumpara cursul cu reducere semnificata prin site-ul Python Networking. Probabil este al lui. Eu l-am luat asa ca-i de al nostru si a terminat si Politehnica
  • Create New...