Amidamaru

Am vrut sa-ti scriu ceva dar mi-am dat seama suficient de repede ca nu se merita. Intram in polemici aiurite. Imi sterg si postul initial.

Da-i inainte prietene @spirited_wolf. La cati mai multi follow'ers pe facebook si twitter. "Pacat" pentru voi ca in RO inca va trebuie vize.

New download link: http://bit.ly/1NUYzbf

" In the real example cases, you will see in this post, escaping SHOULD NOT be the option ... please go for encoding. I found many instances of the following types of reflections in the wild where one SHOULD NOT use escaping but unfortunately it is there. " Original source

Interesant. Mai ales partea asta: "One common reason to build a REST API is to communicate with a JavaScript front-end through AJAX. For some applications, these requests should be allowed to come from any domain, not just your API’s home domain. By default, most browsers disallow this behavior, so let me show you how to set up cross-origin resource sharing (CORS) in Bottle to allow this: " REST si CORS sunt, aparent, ca soaricele si pisica. Daca testezi 10 site-uri cu REST, inclusiv gov sau mil, in 8 din ele CORS este configurat aiurea si poti avea niste surprize majore. Anyway, merci pentru articol.

Un write up frumos din partea unei tanti din Romania ce aparent traieste in Canada. Contine cateva puncte bune. " Are penetration testing phases different from the ones of a malicious attack? The answer is no. Both malicious attackers and penetration testers go through the same stages or phases in their attacks/tests: 1. Gathering Information phase. During this stage, as much as possible data on the target is collected (e.g. the target IP address range, domain name registration records, mail server records, etc.), to design the blueprint of the target. 2. Scanning phase. The target is scanned for entry points such as wireless access points, lnternet gateways, available systems, running services, vulnerability lists, and port listening. Other tests would check if default user IDs, passwords, and guest passwords have been disabled or changed and no remote login is allowed. 3. Gaining Access phase. Based on the vulnerabilities which were identified during scanning, attempts are made to access the system. To accomplish this task, one could use automated exploit tools, or legitimate information obtained from social engineering. 4. Maintaining Access phase. Once access has been acquired, attempts are made to escalate the privileges to root/admin and then to upload a piece of code (also named “backdoor”) on the target so that access to the target is maintained independent from the authorized entry points into the system/network. This will allow to connect to the target anytime. 5. Covering Tracks phase. This phase is same important as the previous ones, as leaving a mark can show how elevated access to protected resources can be obtained and this information can be later on maliciously be used by others with access to the system. This phase involves restoring the system to normal pretest configurations, which includes removing files, cleaning logs, registry entries, deleting the uploaded backdoor, etc. " Source: Adeptus Mechanicus PenTest - DEICE-S1.140

CVE-2015-1793 Overview: The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. Si video explanation: explaining video

Are Eastern European and Middle Eastern hacking groups looking to recreate a digital Ottoman Empire? Norse Intelligence Analysis Team has identified several indicators that reveal a trend involving groups located in the Middle East working closely with European hackers to share Tactics, Techniques, and Procedures (TTPs) for conducting politically and ideologically-motivated hacks. link

Corect. Ca si experienta personala, am testat in timp diferite tipuri de CV-uri, EU format, UK format. Whatever. Ideea este ca de exemplu, este foarte greu sa ai un CV okay pentru un job localizat in US sau Asia / Pacific. Fiecare cu stilul lor. Eu am platit la un moment dat o firma din UK pentru CV + Scrisoare de intentie + Linkedin profile = 100 Lire. Nu a fost foarte mult. Diferenta s-a vazut aproape imediat pe zonele unde se merge pe stilul Anglo Saxon(UK / Australia / NZ / US / Middle East / etc). CV-ul este maxim 1.5 pagini, scurt si la obiect, fara Ion Creanga style. Eventual, da-mi PM si cred ca pot sa-ti trimit ce firma am folosit. daca nu iti raspund imediat nu te speria, exista o mega diferenta de fus orar intre noi Ahh, si inca o chestie. Cu ceva timp in urma am folosit asta pentru a crea un alt tip de CV. Ideea mi s-a parut interesanta si output-ul este nice. https://jsonresume.org/getting-started/ Toate cele bune.

Link-ul initial nu mai merge. Mirror link: Syngress.Hacking.Web.Intelligence

From personal experience referitor la b?ie?ii astia din Praga, ING. "Banii e foarte putini". atât pentru pozi?iile junior cât ?i senior. Pare interesant ca ?i experien?? de viata dar daca pui pe hârtie parc? nu prea r?mâne cine ?tie ce $ pentru a merita. Iar via?? nu est chiar ieftina nici pe acolo. Similar ?i pentru pozi?iile ING, Polonia. E aceia?i discu?ie. Acum ?ine de fiecare.

Salut, Ar exista pe undeva un joc de genul celui de mai jos dar pentru Assembly? CheckiO PS. Pentru cei interesati uite si un link cu referire si la alte site-uri oarecum similare: Exercism Help - Alternatives Merci!

+1

Nice description mah_one but somehow you've spoiled the beauty of that level

FYI: Cuponul acela nu mai merge. Se poate insa cumpara cursul cu reducere semnificata prin site-ul Python Networking. Probabil este al lui. Eu l-am luat asa ca-i de al nostru si a terminat si Politehnica

Ideea este ca Scapy a fost creat pentru asa ceva. C-ul mai putin. Dar chiar nu are importanta. Ideea este ca atunci cand, sa spunem "te alearga ursul Panda", unele lucruri se fac mai usor daca se foloseste metoda cea mai potrivita.

Felicitari pentru munca pe care ai depus-o. Si mai ales in C, jos palaria. Acum, doar ca o opinie, poti sa incerci acelasi lucru si cu Python Scapy. Este cam de 200 de ori mai simplu.

Multumesc mult pentru tutoriale si mai ales pentru munca depusa. Sper ca intr-o zi, daca ne vom intalnii, sa iti ofer si 1+ bere(i)

"File was not found." ...

Merci mult. Pai atunci sa ma apuc de treaba si sa trag un PoC functional.

Hello, Multumesc. Il incerc acum. Aseara eram mult prea rupt... asadar aceasta: user = tweepy.Cursor(api.followers, screen_name="<targeted_twitter_account>").items() va devenii: try: user = tweepy.Cursor(api.followers, screen_name="<targeted_twitter_account>").items() except tweepy.error.TweepError: pass

Absolut. "bla bla" a fost inlocuit cu token-urile corespunzatoare generate de twitter pentru contul meu.

Hello, Un nene a descoperit cum sa traga followers de pe conturi de twitter, Collecting Twitter Followers with 25 lines of Python, si a scris un script in Python2 dupa cum urmeaza: " import tweepy import time #insert your Twitter keys here consumer_key ='bla bla' consumer_secret='bla bla' access_token='bla bla' access_secret='bla bla' auth = tweepy.auth.OAuthHandler(consumer_key, consumer_secret) auth.set_access_token(access_token, access_secret) api = tweepy.API(auth) list= open('/go-to-war/Desktop/twitter_list.txt','w') if(api.verify_credentials): print 'We sucessfully logged in' user = tweepy.Cursor(api.followers, screen_name="<targeted_twitter_account>").items() while True: try: u = next(user) list.write(u.screen_name +' n') except: time.sleep(15*60) print 'We got a timeout ... Sleeping for 15 minutes' u = next(user) list.write(u.screen_name +' n') list.close() " Intrebarea mea este, l-a incercat cineva si i-a mers? Eu l-am pornit, sta o perioda pana expira cele 15 minute alocate unui interval valid de interogare si pe urma iese cu urmatoarea eroare: "Traceback (most recent call last): File "twitter_followers_harvesting.py", line 28, in <module> u = next(user) File "/usr/lib/python2.7/dist-packages/tweepy/cursor.py", line 110, in next self.current_page = self.page_iterator.next() File "/usr/lib/python2.7/dist-packages/tweepy/cursor.py", line 60, in next cursor=self.next_cursor, *self.args, **self.kargs File "/usr/lib/python2.7/dist-packages/tweepy/binder.py", line 179, in _call return method.execute() File "/usr/lib/python2.7/dist-packages/tweepy/binder.py", line 162, in execute raise TweepError(error_msg, resp) tweepy.error.TweepError: [{'message': 'Sorry, that page does not exist', 'code': 34}] " Merci fain.

Asta-i o chestie foarte tare ce trebuie studiata in continuare. Multumesc mult

Short question: Challenge-ul acesta mai este de actualitate?