Jump to content

QuoVadis

Active Members
  • Content Count

    2563
  • Joined

  • Last visited

  • Days Won

    173

QuoVadis last won the day on October 12

QuoVadis had the most liked content!

Community Reputation

2145 Excellent

About QuoVadis

  • Rank
    Arbiter elegantiae
  • Birthday 12/25/1869

Profile Information

  • Gender
    Female

Converted

  • Biography
    N/A
  • Location
    మీ మనస్సు లో
  • Interests
    N/A

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Varianta lor: https://nordvpn.com/blog/official-response-datacenter-breach/ Sunt client la ei de vreo 7-8 ani dar platesc (de black Friday cand au reduceri mari) doar in bitcoin dat prin tumbler si cont pe dummy mail de Rusia.
  2. Tex incepe sa rada si Nytro e prea finut. Sa-i umple frigiderul la Gecko
  3. Daca ati fi sa pariati... (eu am facut-o deja 😎), pe cine ati miza sa intre in turul 2 si apoi sa castige? Doar de curiozitate...
  4. Daca ai fi oferit si cate o invitatie filelist celor care participa adunai inca 50 oameni 😂
  5. Sursa Financial Times. La revedere cryptografie asa cum o stim? ...
  6. What the actual fuck... intru rar, ca nu am vreme, dar cand vad topic-uri de genul parca imi vine sa intru si mai rar.
  7. https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/
  8. Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day. There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years. I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users. Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286). We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019. Now, after several months of careful analysis of almost every byte of every one of the exploit chains, I’m ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse. This post will include: detailed write-ups of all five privilege escalation exploit chains; a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time, and analysis by fellow team member Samuel Groß on the browser exploits used as initial entry points. Let’s also keep in mind that this was a failure case for the attacker: for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen. Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them. I hope to guide the general discussion around exploitation away from a focus on the the million dollar dissident and towards discussion of the marginal cost for monitoring the n+1'th potential future dissident. I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time. I recommend that these posts are read in the following order: iOS Exploit Chain #1 iOS Exploit Chain #2 iOS Exploit Chain #3 iOS Exploit Chain #4 iOS Exploit Chain #5 JSC Exploits Implant Teardown https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
  9. Day rates - se aplica la contracte fixe, temporare Full time - contractele full time, de obicei permanente sau de minim 2-3 ani PDF download: https://we.tl/t-6Kp5kwZhtY Sursa: hays.co.uk Acestea sunt ciferele brute, din care se trage impozitul pe venit si national insurance. Se poate calcula aici net-ul: https://www.gov.uk/estimate-income-tax Pe langa salarii multe companii ofera pachete destul de consistente gen: - contributia angajatorului egala cu cea a angajatului la pensie pana la un anumit procent (ex: daca angajatul contribuie 12% din salar la pensie, angajatorul contribuie si el 12% din salar la pensie) - car/travel allowance/season ticket loan - tax-free loan pentru bicicleta (pana la £1k) - reduceri/gratuitati gym, entertainment, produse electronice, etc. - lucru flexibil de acasa - contributii financiare la dezvoltare profesionala - orice altceva negociati sau ofera deja angajatilor firma respectiva
  10. Daca ai mai facut asa ceva sau te pricepi, trimite-mi un PM: am un GUI local facut in Ms Access VBA ce este cuplat la un SQL server local. Voi muta DB-ul in AWS dar am nevoie de cineva sa rescrie front-endul (in Python de preferinta dar deschis si la altele).
  11. https://www.bbc.co.uk/programmes/articles/mXtpBVzfVHYswmRFN7gtKb/is-there-a-spy-in-your-pocket
  12. Ca tot mai erau dispute pe aici... https://www.bbc.co.uk/news/uk-england-manchester-48595271 Nu stiu daca adevarul e de o parte sau de alta ori la mijloc insa morala e: "In God we trust, all others must pay cash" sau "contract or gtfo"
  13. QuoVadis

    Cumpar Avios

    Valabil again ↑
×
×
  • Create New...