Jump to content

QuoVadis

Active Members
  • Posts

    2713
  • Joined

  • Days Won

    192

Everything posted by QuoVadis

  1. "Doreste sa se apuce de vlogging, ce parere aveti ? Are sanse ? "
  2. Am dat join ca sa te intreb cat ai pierdut?
  3. ...Ca sa faca loc la state-sponsored hacking
  4. Vezi pe https://gloryholefoundation.com
  5. http://www.promotor.ro/masini-noi/news/vezi-cum-arata-cea-mai-mare-benzinarie-din-tara-foto-16629875 dafuq.... din astea le gasesti prin Europa prin cucuietii de munte.. la iesire din sate
  6. Daca ii trimiti 50 mesaje private la @aelius merge si asa, iti va promova thread-ul in categorie.
  7. OFF: De acum cateva saptamani... Plin de intelepciune ON: Daca vrei sa prinzi ceva idei referitoare la btc trading fa research-ul necesar pe bitcointalk.org - Pe localbitcoins se poate face ceva profit daca iti alegi anumite nise (wallets/currencies) si zone sau ai "conexiuni" si ii speli acolo. Altfel vei sta la maruntisuri caci lumea prefera sa tranzactioneze cu cei care au facut-o deja (la fel cum si eu fac de fiecare data).
  8. Ratele de acolo de obicei sunt bune/competitive, in jur de 2-3%.. daca astepti pomana, mai asteapta Pentru ca e vorba cam de 1200 eur, putini se vor risca fara ceva escrow cum e pe lbc.
  9. La ce pret are btc-ul momentan se merita. Banda e aproape irelevanta, e vorba de ceva mb / luna. Uita-te catre ceva de genul https://shop.bitmain.com/productDetail.htm?pid=00020170713062803148UbTJizc906C9
  10. If you don't know how to do it, it's not for you. Try ballet instead.
  11. Si... ce sa le facem noi, sa-i luam de nevasta? Da-i in pula mea de muricani abjecti. ISPs de acolo oricum vand info clientilor pentru profit si 'nspemii de servicii secrete le urmaresc fiecare miscare, ca sanchi, teroristii. #JewPower
  12. Mai foloseste cineva doar Kerberos in 2017...? Chiar si companiile dinozaur au inceput sa se mute pe ADFS si alte cele... (chiar daca AD DS / ADFS folosesc Kerb auth ticket)
  13. tl;dr alta postare de rahat "marca Che" destinata gunoiului Ai gresit adresa, ai gresit mentalitatea.
  14. Ransomware attacks are an alarming trend of 2017. There have been many such attacks, but the ones that made the headlines are WannaCry and NotPetya (also known as Petya, Petya.A, ExPetr, and other names). With lessons of the previous epidemic heeded, specialists across the globe promptly reacted to the new challenge and, in a matter of hours after the first computers became infected, began analyzing encrypted disks. As early as June 27, the first descriptions[1] of how NotPetya spreads and infects computers appeared. Even better, a vaccine[2] to prevent NotPetya infections was found. If NotPetya is unable to obtain administrator privileges when running, it performs AES encryption of user files only and the operating system continues to work. Unfortunately, recovering user files in that case requires knowing the private RSA key (which is allegedly available for purchase on the Darknet for 100 bitcoins). The below method for recovering data works only if NotPetya had administrator privileges and used the Salsa20 algorithm to encrypt the entire hard drive. It turned out that the creators of NotPetya made an error in their implementation of the Salsa20 algorithm. Due to this error, half of the encryption key bytes were not used in any way. This reduction in key length from 256 to 128 bits, unfortunately, still does not leave any hope of decrypting data in a reasonable time. However, certain peculiarities of how the Salsa20 algorithm was applied allow recovering data, no key necessary. How Salsa20 works Salsa20 is a synchronous stream cipher in which encryption generates a key-dependent keystream, and the bytes of this keystream are added to the bytes of plaintext using the XOR operation. For decryption, the procedure must be repeated. For the keystream to be computed for any offset in the stream, the keystream generator s20_expand32() generates a 64-byte keystream array into which the following is mixed: · 256 bits (32 bytes) of the encryption key · 8 bytes of the nonce (number used once) random sequence · 16 bytes of the sigma constant ("expand 32-byte k" or "-1nvalid s3ct-id") · 64 bits (8 bytes) of the block number in the stream The figure below, taken from a Check Point report, shows how data is arranged: 64 bytes of the array pass through the mixing function; the resulting 64 bytes are used as a keystream fragment. It should be noted that the generated keystream fragments are always aligned to a border multiple of 64 bytes. For example, to encrypt 7 bytes starting at offset 100, we must find the block number that has the first byte (100/64 == 1), compute a keystream for this block, and use 7 bytes from it starting from the offset (100%64 == 36). If there are not enough bytes in the block, a keystream is generated for the next block, and so on. While encrypting a single stream (a disk is regarded by NotPetya as one stream), neither the key nor nonce changes. Therefore, for each encrypted disk, the only variable that affects the keystream is the block number. As designed by the creators of Salsa20, 264 blocks of 64 bytes each allow generating a keystream with a period of 270 ~ 1021 bytes. This is a fairly long period for almost any practical applications, and hard disks of this capacity will certainly not appear any time soon. However, implementing all this was a bit more difficult. Actual keystream period in NotPetya Look at the prototype of the function s20_crypt32(); disk sectors are encrypted by calling this function. enum s20_status_t s20_crypt32(uint8_t *key, uint8_t nonce[static 8], uint32_t si, uint8_t *buf, uint32_t buflen) A byte offset in the stream is passed through the si (probably Stream Index) argument. And judging by the type of the argument, it is clear that it only contains 32 bits, rather than 64 bits. This value goes to the keystream after being divided by 64, so a maximum of 26 bits remains. // Set the second-to-highest 4 bytes of n to the block number s20_rev_littleendian(n+8, si / 64); Now consider another figure taken from the same report. Highlighted in gray are the bytes that do not affect keystream generation due to an error in the implementation of the function s20_rev_littleendian(). So out of 26 bits of the block number, only 16 bits (bytes at offset 0x20-0x21) affect the keystream. Therefore, the maximum keystream period is 216=65,536 blocks of 64 bytes each—or 4 megabytes. The volume of encrypted data on a hard drive is many times larger than 4 megabytes, so many different pieces of data are encrypted using the same keystream fragments. This fact allows implementing a trivial attack based on known plaintext. Another error The developers' errors do not end here. When the function s20_crypt32() is called, they pass... the number of the 512-byte sector instead of the offset value in bytes! Sectors are usually encrypted in pairs (1,024 bytes per access), which means that the keystream used to encrypt two neighboring sector pairs is the same in 1,022 bytes (offset by 2 bytes). Heuristics for Known Plaintext Attack Modern versions of Windows use the NTFS file system, which employs a whole number of different structures; most of their fields are fairly predictable. What's more, disks contain a great many files whose contents are also quite predictable (in whole or in part). First 512 bytes of the keystream To validate the encryption key, NotPetya encrypts sector 0x21, which contains predefined values (all bytes 0x07). This gives us 512 bytes of the keystream. Recovering the keystream by MFT NotPetya does not encrypt the first 16 MFT records (32 sectors) but encrypts all the others. Each file record begins with the sequence "FILE" usually followed by bytes 30 00 03 00 (UpdateSequenceArrayOffset = 0x30, UpdateSequenceArrayLength = 3). Theoretically, these 4 bytes can have other values, but they are almost always the same for all file records within the same logical NTFS partition. So from one file record (occupying two sectors), 8 bytes of the keystream can be retrieved, and each neighboring record provides two more bytes (and the possibility to verify the six previously obtained bytes). The final records are almost entirely composed of zeros, which can provide up to 1,024 additional bytes of the keystream. After the keystream fragments used to encrypt the MFT are retrieved, the entire structure of the file system can be recovered. Recovering the keystream by known files NotPetya also encrypts the first two sectors of each file longer than 1,024 bytes. The cluster size usually exceeds 2 sectors (it can be 8 sectors, for example). In that case, after finding the encrypted header of any file and skipping 1,024 bytes, we can easily retrieve the next 3 kilobytes in plaintext. If we have a file in which exactly the same 3 kilobytes are at the offset of 1,024 bytes from the header, the file header will very likely also be the same. So we can retrieve up to 1,024 additional bytes of the keystream. A clean install of Windows XP contains 8,315 files in the Windows folder. In Windows 8.1 installed on an actively used computer, this number exceeds 200,000. Chances are that many of them match the files on an encrypted disk. Thanks to this, indexing DLL and EXE files from available Windows installations (preferably of the same version and with similar updates installed) may be enough to recover the keystream completely. Having retrieved keystream fragments, you can also proceed to attempt recovery of unique files. Prospects and pitfalls Manual recovery of an encrypted disk is a tedious task—the process can take hours and requires a large amount of free disk space. Few users have a spare empty disk as large as the one that is encrypted, and attempting experiments on an infected original disk is a fool's errand. So those wishing for an easy, hassle-free recovery tool are still out of luck. On the bright side, we can expect that professional service providers will be able to recover more data than has been the case to date. Companies that specialize in data recovery are likely to come up with the necessary software, thanks to their experience and expertise. That said, there are still a few snags in the way of recovery. The algorithm for selecting sectors to be encrypted (and which therefore need to be decrypted) contains errors as well (for example, when parsing NTFS structures), and this can have an effect on the result. Recovering data from a hard drive using the described method requires applying certain heuristics. The completeness of data recovery depends on many factors (disk size, free space, and fragmentation) and may be able to reach 100% for large disks that contain many standard files (OS and application components that are identical on many machines and have known values). As stated at the beginning of this article, this method unfortunately cannot be used to decrypt files that were encrypted with the AES algorithm, which is used by NotPetya when it is unable to obtain administrator privileges. SOURCE
  15. gaddafi^^ Fuck me, uite ca avem si experti in organisational culture si corporate psychology. Am uitat ca Ro e tara expertilor in toate... ma aplec cu umilinta
  16. Puzzle No.1 – Monday 3 July We've got something new for you today. It's a puzzle that's been set for us by GCHQ and the kind of thing they use to recruit staff. We'll be setting a new puzzle every day so why not have go and see if you could make it as a GCHQ codebreaker. Puzzle Take the digits 1,2,3 up to 9 in numerical order and put either a plus sign or a minus sign or neither between the digits to make a sum that adds up to 100. For example, one way of achieving this is: 1 + 2 + 34 - 5 + 67 - 8 + 9 = 100, which uses six plusses and minuses. What is the fewest number of plusses and minuses you need to do this? The answer will be published on the Today website from 6am on Tuesday 4 July. source
  17. Have you tried here https://gloryholefoundation.com ?
  18. Professional Penetration Testing walks you through the entire process of setting up and running a pen test lab. Penetration testing—the act of testing a computer network to find security vulnerabilities before they are maliciously exploited—is a crucial component of information security in any organization. With this book, you will find out how to turn hacking skills into a professional career. Chapters cover planning, metrics, and methodologies; the details of running a pen test, including identifying and verifying vulnerabilities; and archiving, reporting and management practices. Free download: aHR0cHM6Ly9nb28uZ2wvYVBIOVp5 Buy: https://www.amazon.com/Professional-Penetration-Testing-Creating-Learning-ebook/dp/B00DRF0ICK/
  19. Ukraine's government, National Bank and biggest power companies all warned of cyberattacks Tuesday. Airports and metro services in the country were also reportedly affected, though it appears they're victims of another massive ransomware outbreak that's spreading across the world fast and hitting a significant number of critical infrastructure providers. Whispers of WannaCry abound, though security experts said a different breed, named Petya, was to blame. "[We're seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry's first hours," said Kaspersky Lab's Costin Raiu. "We are seeing infections from many different countries." One firm, BitDefender, said it believed a similar strain called GoldenEye was actually responsible. Later, security firms, including Kaspersky and Avast, said the malware responsible was actually an entirely new ransomware that had borrowed Petya code. Regardless of what malware was used, the attacks have gone global. This morning saw major Danish shipping and energy company Maersk report a cyber attack, noting on its website: "We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack." And Russian oil industry giant Rosnoft said it was facing a "powerful hacker attack." Major British advertiser WPP said on Facebook it was also hit by an attack, while law firm DLA Piper also confirmed it had been targeted by hackers. None offered specifics on the nature of those hacks. Sources told Forbes of one U.S. target: pharmaceuticals company Merck. One source said the problem extended to global offices, including those in Ireland, with both phones and PCs out of action, and employees going home. Merck Sharp & Dohme (MSD), the U.K. subsidiary of Merck, confirmed its network was compromised. "We're trying to understand the level of impact," a spokesperson said. "We're trying to operate as normally as possible." Articol complet: https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#8ec1fc67abd6
  20. Depinde de domeniul in care vrei sa te specializezi caci "computer science" e la fel ca "medicina", sunt foarte multe domenii si sub-domenii. Si apoi depinde de unde si ce vrei sa lucrezi dupa ce termini. Caci daca vrei sa lucrezi in afara tarii, o universitate din UK arata mai bine (chiar daca tehnic poate ca nu te pregateste la fel de mult - aici ma refer la cele mai slabe caci daca te duci la ceva bun din top 10 le surclaseaza mult pe cele din Ro, aka se pisa pe ele cu stropi) pe CV decat ceva pulifric din Ro. Mai ales daca vrei sa ramai in UK sa lucrezi dupa. Asta pentru ca ei cunosc standardele de aici si de multe ori chiar au partneriate si internship-uri cu universitatile. Unii chiar merg in sandwich-year intre anul 2 si 3. (Si cand spun UK se pot intelege si alte tari, nu e musai UK. ) Daca vrei sa lucrezi in Babuinland dupa, da mai bine stai in Bucuresti, nu are rost sa iti faci datorii de £27k. Dar si unii recruiteri in Ro vor vedea studiile in afara (pe langa lb engleza fluenta - avantaj) ca ceva ce te deosebeste de restul. Si universitatea nu iti va turna informatie si cunostinta cu palnia in cap, doar iti ofera o structura si o disciplina/maturitate a gandirii, eventual te scoate putin din comfortul propriu intr-un sens pozitiv, in rest tine doar de individ "to make the most of it". Si aici universitatile din UK le surclaseaza mult pe cele din Ro referitor la resurse (fizice si electronice), contacte in industrie, research in domeniu, etc. Si apoi oportunitatile in timpul studentiei, cand esti aici fizic sunt altele fata de cele din Ro, mai ales daca esti undeva aproape de Londra sau hub-urile "tech". I-am spus si in privat, nu umbla cainii cu covrigi in coada pe aici, nu e totul roz, sunt nasoale si pe aici cum sunt peste tot. Dar apoi calitatea vietii este alta. Ca si angajat esti tratat diferit, ai mult mai multe drepturi, "employment law" este mult mai avansat, definit si enforced decat in Babuinland. Si apoi poti sa iei restul la rand.. calitatea vietii, transportul, sanatatea, distractia, mentalitatea oamenilor, etc. Pana la urma sunt ani din viata ta pe care nu ii vei putea da inapoi si in mare masura iti vor influenta restul vietii. Trebuie sa alegi ceva ca apoi sa poti dormi noaptile, in loc sa stai cu gandul "ce ar fi fost daca..." si sa ai regrete (ia marturiseste, @MrGrj, iti dai pumni in coaie acum? Daca nu probabil inca nu ai ajuns la criza varstei mijlocii... )
×
×
  • Create New...