QuoVadis

The team details what they call “cloak and dagger” exploits which can take over the UI of most versions of Android (including 7.1.2). Given it’s nature, it is difficult to fix and also difficult to detect. Cloak and Dagger is an exploit that takes advantage of two permissions in order to take control the UI without giving the user a chance to notice the malicious activity. The attack uses two permissions: SYSTEM_ALERT_WINDOW (“draw on top“) and BIND_ACCESSIBILITY_SERVICE (“a11y“) that are very commonly used in Android apps. We have outlined this in the past, but what makes this vulnerability so acute is the fact that applications requesting SYSTEM_ALERT_WINDOW are automatically granted this permission when installed via the Google Play Store. As for enabling an Accessibility Service, a malicious application is able to quite easily socially engineer a user into granting it. The malicious application could even be set up to use an Accessibility Service for a semi-legitimate purpose, such as monitoring when certain applications are open to change certain settings. Once these two permissions have been granted, the number of attacks that could occur are numerous. Stealing of PINs, two-factor authentication tokens, passwords, or even denial-of-service attacks are all possible. This is thanks to the combination of overlays to trick the user into thinking they are interacting with a legitimate app and the Accessibility Service being used to intercept text and touch input (or relay its own input). We theorized such a vulnerability a few months back, wherein we would create a proof-of-concept application that uses SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE in order to draw an overlay over the password entry screen in the XDA Labs app and intercept key input to swipe passwords. This application we envisioned would be an auto-rotation managing application which would use an overlay for the purposes of drawing an invisible box on screen to control rotation (rather than request WRITE_SETTINGS which would raise flags) and an Accessibility service to allow the user to control auto-rotate profiles on a per-app basis. In theory, this would be one example of an application using “cloak-and-dagger.” However, none among our team were willing to risk their developer accounts by challenging Google’s automated app scanning systems to see if our proof-of-concept exploit would be allowed on the Play Store. In any case, these researchers did the work and submitted test applications to prove that the use of these two permissions can indeed be a major security issue: As you can see, the attacks are invisible to users and allow full control over the device. Currently all versions of Android starting from Android 5.1.1 to Android 7.1.2 are vulnerable to this exploit, given the fact that it takes advantage of two permissions otherwise used for completely legitimate purposes. Don’t expect a true fix for this issue to come to your device anytime soon, though it should be noted that the changes made to SYSTEM_ALERT_WINDOW in Android O will partially address this flaw by disallowing malicious apps from completely drawing over the entire screen. Furthermore, Android O now alerts with via notification if an application is actively drawing an overlay. With these two changes, it’s less likely that a malicious application can get away with the exploit if the user is attentive. How do you protect yourself on versions before Android O? As always, install only apps that you trust from sources that you trust. Make sure the permissions they request line up with what you expect. As for the hundreds of millions of regular users out there, according to a Google spokesperson Play Store Protect will also provide necessary fixes to prevent the cloak and dagger attacks. How exactly it will accomplish this is unclear, but hopefully it involves some way of detecting when these two permissions are being used maliciously. I doubt that it would be able to detect all such cases, though, so in any case it’s best for you to monitor what permissions are being granted to each application you install. SOURCE: https://www.xda-developers.com/cloak-and-dagger-exploit-uses-overlays-and-accessibility-services-to-hijack-the-system/

"Athena" - like the related "Hera" system - provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation. Athena v1.0 User Guide Athena Technology Overview Athena (Design) Athena (Demo) Athena (Design/Engine) https://wikileaks.org/vault7/#Athena

@Iceman. ofera-le si niste vouchere KFC, sa vezi cum iti dublezi vanzarile..

Cum au spus si cei de mai sus btc-ul se poate da prin tumblere specifice si nu ti-l mai gaseste nici dracu'. Sunt tot felul de variante si metode si daca depui nitel efort li se pierde urma. La lucru am primit atacuri masive si initial credeam ca sunt ransomware-uri dar unele sunt pdf-uri cu exploit-uri si altele sunt link-uri care atunci cand dai click un script iti downloadeaza tot ce ai salvat in browser: user, parole, cookies, etc. Ce e nasol e ca astfel de chestii vor da apa la moara pentru propaganda si legi stupide care nu au nici o treaba cu astfel de lucruri. Meanwhile, in Rromania..

Probabil stii astea deja: pentru performanta foloseste nginx (daca nu o faci deja) si mai poti umbla la setarile de acolo. Apoi la la setarile de la db (my.cnf) putin tuning (depinde si ce db folosesti). Depinde si de setarile din php, mai ales opcache la care ii poti da disable si sa faci php-fpm on demand decat dinamic, etc. Apoi la wp, pe langa pluginuri, tema, etc. setarile din db unele pot capata putin tuning pentru performanta (ex: tabela wp_options are un default la autoload pus pe yes si poti verifica daca uneori dureaza prea mult sa-i adaugi un index la column, etc.).

http://www.digi24.ro/stiri/externe/rusia/rusia-anunta-ca-doua-nave-s-au-ciocnit-in-marea-neagra-713724 Damn!

Ai incercat aici https://gloryholefoundation.com/ ? Ofera tool gratuit pentru ddos, e conectat la un botnet puternic.

La anii aia (studentiei) sunt multi naivi, necopti la minte, din simplul fapt ca au fost tinuti pe palme de parinti care au dus greul si pentru ei. Aparuse pe net ceva studiu (nu stiu cat de credibil e) ca 2 milioane de romani sufera de depresie. Sa vedem ce urmeaza in anii urmatori din acest punct de vedere. Insa cert este ca realitatea ii va izbi rapid, fara mila. Putini se vor adapta, iar majoritatea... vor vota PSD.

• The main objectives of a Zero-day attack are for hackers or attackers to be able steal sensitive information, legal documents, enterprises data, and other information. We have analyzed the lifecycle of Zero-day vulnerabilities and different detection methodologies. • In this paper, we propose a novel hybrid layered architecture framework for Zero-day attack detection and analysis in real-time, which is based on statistics, signatures, and behavior techniques. To enhance our architecture, we used an SVM approach in order to provide unsupervised learning and minimize false alarm detection capabilities. • In this research, we focus on integrating the anomaly detection and signature generation based methods. In a layered approach, layers are supposed to execute dedicated functionality in parallel. Parallel work of each layer improves the performance of our proposed approach. In this paper, we also present the different experimental comparisons we made between our approach and various standard parameters and our result shows a high detection rate of Zero-day attacks. Download: aHR0cHM6Ly93ZS50bC9ybzk0RElGYzBO

https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/ In summary, the following two vulnerabilities were found: An information leak in the authentication process between the Drivelog Connector Dongle and the Drivelog Connect smart phone application. Security holes in the message filter in the Drivelog Connector dongle. The information leak allowed us to quickly brute-force the secret PIN offline and connect to the dongle via Bluetooth. Once connected to the dongle, security holes in the message filter of the dongle enabled us to inject malicious messages into the vehicle CAN bus. In our research, we were able to turn off the engine of a moving car while within Bluetooth range. As troubling as that is, in a more general sense, since we can use the dongle to inject malicious messages into the CAN bus, we may have been able to manipulate other ECUs on the network. If an attacker were to implement this attack method in the wild, we estimate that he could cause physical effects on most vehicles on the road today. This post describes the basic setup and capabilities of the Drivelog dongle and its accompanying mobile app. We describe the research in the order in which it was carried out. That is, first we describe how we uncovered potential security holes in the message filter and then we describe how we uncovered the information leak in the authentication process between the dongle and the app. We then describe a complete attack flow.

De unde apar creaturile astea... 'tu-va mamele alea proaste care nu v-o avortat!

Sfatul meu este sa te limitezi la cat dai cu bata in balta pe aici... pentru ca e domeniu public si se face departamentul universitatii de rahat chiar daca esti un reprezentant indirect (student).

Tocmai ma pregateam sa dau la muie la toti profesorii de acolo care te lasa sa faci astfel de chestii fara nici o etica de research. Insa m-am oprit apoi gandidu-ma ca ei poate nu stiu ce faci tu inca. Daca nu ai dat pe la cursurile de etica si epistemologie, da-ti 2 palme, vorbeste cu profesorii si apoi revino. Succes!

@spider Pai daca tinerii frumosi si liberi au frecat menta in loc sa mearga la vot.. au votat cei de mai sus si pentru ei:

http://www.digi24.ro/stiri/actualitate/social/asistatii-social-nu-vor-sa-munceasca-703542 Lehamite level 10..

https://github.com/x0rz/EQGRP

Da-i pm la @aelius , are o colectie intreaga de spargatori

https://wikileaks.org/vault7/#Marble Framework Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" - 676 source code files for the CIA’s secret anti-forensic Marble Framework. https://wikileaks.org/vault7/#Dark Matter Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware. https://wikileaks.org/ciav7p1/ A series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

Daca vrei mocangeala vezi AWS si Google Cloud. Sau chiar https://www.alpharacks.com/myrack/cart.php?a=add&pid=231 unde ai la 3 lei / luna. Daca bagi in seama toti ... la ce te mai plangi aici?

Ce servicii bre sa incerce lumea la tine tu-ti ma-ta aia grasa si coclita?! Ai gazduire de la un provider puscat (HostGator) care era ceva acum un deceniu si bagi burtologie ca esti specializat si pulencur la plural ("suntem specializati" - tu'va'n gat de specialisti ca daca va pun sa instalati un lamp nu aveti habar) - cine e tampit sa isi tina fisierele la un pitiponc de liceu? Doar altii la fel de pitiponci si la fel de cretini. Vii pe un forum unde marea majoritate au lucrat/lucreaza cu provideri adevarati si tu incerci sa faci gat ca ai merita sa fii bagat in seama. Mergi dracu' pe forumuri de metinari, "cantar straic" si alte cele si iti gasesti clienti (prosti).

De ce si-ar incredinta cineva fisierele unui copil? Ar trebui sa fie ori prost ori sa umble cu balarii. So, intrebarea (retorica) este: de ce te-ai complica cu astfel de oameni? Daca nu aveti de lucru...

Recomand http://psihiatrie-bucuresti.com/

https://www.facebook.com/sectiapolitic/videos/401204223588550/?hc_ref=NEWSFEED Vi se da muie in direct, cu tupeu, cu jet puternic si cu nervi ca de ce nu inghititi tot: unde sunt tinerii? mai #rezista? #Rezistati pana ardeti iarasi de vii ca sobolanii in gauri!

aHR0cDovL3guY28vNmxxMzQ=

Uite astea 2 ce am gasit asa pe fuga. Mai adu-mi aminte saptamana viitoare si caut mai multe. https://www.amazon.co.uk/dp/B019OMDRXG/ Download: aHR0cHM6Ly93d3cuZHJvcGJveC5jb20vcy93a3BtMTd0NWYzbXU1bmIvRGlnaXRhbCUyMEZvcmVuc2ljcy56aXA/ZGw9MQ== https://www.amazon.co.uk/dp/B01986MFIG/ Download: aHR0cHM6Ly93d3cuZHJvcGJveC5jb20vcy84Z2xqMHdlMXZ2dWZmaHkvT3BlcmF0aW5nJTIwU3lzdGVtcyUyMEZvcmVuc2ljcy56aXA/ZGw9MQ== LE: dintr-o alta colectie, sa-mi zici daca iti "surad" vreuna din astea: Cyber Forensics - A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition ISBN: 9780849383281 Digital Forensics for Handheld Devices ISBN: 9781439898772 Machine Learning Forensics for Law Enforcement, Security, and Intelligence ISBN: 9781439860694 What Every Engineer Should Know About Cyber Security and Digital Forensics ISBN: 9781466564527 Multimedia Security - Watermarking, Steganography, and Forensics ISBN: 9781439873311