Jump to content

QuoVadis

Active Members
  • Posts

    2713
  • Joined

  • Days Won

    192

Everything posted by QuoVadis

  1. (Parca vad cum sar toti scraperii si scanagiii nu dam nume... ) Research announced today that for the first time ever it is making quantum computing available to members of the public, who can access and run experiments on IBM’s quantum processor. Press release: http://www-03.ibm.com/press/us/en/pressrelease/49661.wss More info & sign-up: http://www.research.ibm.com/quantum/
  2. Deja va faceti conturi in disperare si aici si umpleti index-ul so topic closed. Ii trimiteti PM cu adresa de mail sau daca doriti sa comunicati cu @greenie Bafta!
  3. Social media giant Facebook has paid a $10,000 reward to a 10-year-old Finnish boy for finding a glitch in its picture sharing app Instagram. Jani, whose last name was not released for privacy reasons, is the youngest ever recipient of Facebook's "bug bounty", paid to users who find bugs or weaknesses in its platforms. "I wanted to see if Instagram's comment field could stand malicious code. Turns out it couldn't," Jani told Finland's Iltalehti newspaper. Facebook said the glitch was fixed in February and the reward was paid in March. Jani, who is still too young to have a Facebook or Instagram account of his own, said he learned coding from Youtube videos and found a way to delete user comments from Instagram accounts. "I could have deleted anyone's comments from there. Even Justin Bieber's," he told Iltalehti. He said he was thinking about a career in data security, but for now his plans include buying a new bike and a football with his reward money. SOURCE
  4. Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia's criminal underworld, a security expert told Reuters. The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru (MAILRq.L), Russia's most popular email service, and smaller fractions of Google (GOOGL.O), Yahoo (YHOO.O) and Microsoft (MSFT.O) email users, said Alex Holden, founder and chief information security officer of Hold Security. It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago. Holden was previously instrumental in uncovering some of the world's biggest known data breaches, affecting tens of millions of users at Adobe Systems (ADBE.O), JPMorgan (JPM.N) and Target (TGT.N) and exposing them to subsequent cyber crimes. The latest discovery came after Hold Security researchers found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records. After eliminating duplicates, Holden said, the cache contained nearly 57 million Mail.ru accounts - a big chunk of the 64 million monthly active email users Mail.ru said it had at the end of last year. It also included tens of millions of credentials for the world's three big email providers, Gmail, Microsoft and Yahoo, plus hundreds of thousands of accounts at German and Chinese email providers. "This information is potent. It is floating around in the underground and this person has shown he's willing to give the data away to people who are nice to him," said Holden, the former chief security officer at U.S. brokerage R.W. Baird. "These credentials can be abused multiple times," he said. LESS THAN $1 Mysteriously, the hacker asked just 50 roubles – less than $1 – for the entire trove, but gave up the dataset after Hold researchers agreed to post favourable comments about him in hacker forums, Holden said. He said his company’s policy is to refuse to pay for stolen data. Such large-scale data breaches can be used to engineer further break-ins or phishing attacks by reaching the universe of contacts tied to each compromised account, multiplying the risks of financial theft or reputational damage across the web. Hackers know users cling to favourite passwords, resisting admonitions to change credentials regularly and make them more complex. It's why attackers reuse old passwords found on one account to try to break into other accounts of the same user. After being informed of the potential breach of email credentials, Mail.ru said in a statement emailed to Reuters: "We are now checking, whether any combinations of usernames/passwords match users' e-mails and are still active. "As soon as we have enough information we will warn the users who might have been affected," Mail.ru said in the email, adding that Mail.ru's initial checks found no live combinations of user names and passwords which match existing emails. A Microsoft spokesman said stolen online credentials was an unfortunate reality. "Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access." Yahoo and Google did not respond to requests for comment. Yahoo Mail credentials numbered 40 million, or 15 percent of the 272 million unique IDs discovered. Meanwhile, 33 million, or 12 percent, were Microsoft Hotmail accounts and 9 percent, or nearly 24 million, were Gmail, according to Holden. Thousands of other stolen username/password combinations appear to belong to employees of some of the largest U.S. banking, manufacturing and retail companies, he said. Stolen online account credentials are to blame for 22 percent of big data breaches, according to a recent survey of 325 computer professionals by the Cloud Security Alliance. In 2014, Holden, a Ukrainian-American who specialises in Eastern European cyber crime threats, uncovered a cache of 1.2 billion unique credentials that marked the world's biggest-ever recovery of stolen accounts. His firm studies cyber threats playing out in the forums and chatrooms that make up the criminal underground, speaking to hackers in their native languages while developing profiles of individual criminals. Holden said efforts to identify the hacker spreading the current trove of data or the source or sources of the stolen accounts would have exposed the investigative methods of his researchers. Because the hacker vacuumed up data from many sources, researchers have dubbed him "The Collector". Ten days ago, Milwaukee-based Hold Security began informing organisations affected by the latest data breaches. The company's policy is to return data it recovers at little or no cost to firms found to have been breached. "This is stolen data, which is not ours to sell," said Holden. SOURCE
  5. @adrian94 te-am mai avertizat odata in privinta comportamentului. Pacalici se referea la faptul ca nu ai avut rabdare sa primesti raspuns si dupa 7 minute ai postat iarasi. Crezi ca lumea e la cheremul tau aici sa raspunda la secunda? Revizuieste-ti limbajul si atitudinea. Ultimul avertisment inainte sa capeti aripi! closed
  6. Exista buton de report. Use it!
  7. Da, cer iertare ca nu am pus ceva advanced pentru Reckon cel expert in pentesting. Mii de scuze!
  8. Understand what SQL injection is and coupled with SQLMap, how it can infiltrate your system Protect your system against XSS vulnerabilities by using XSSER Safeguard user credentials by figuring out how Bruteforcing works Get to know Remote Command Execution and how it can affect your system Analyze Cross-Site Request Forgery attacks to defend your system against them Inspect open proxies and open redirects to shield your system from them Understand Clickjacking and the best approach to elude it Download (valabil 7 zile): aHR0cDovL3guY28vNmxnRXo=
  9. Nu e nevoie de nimic special. O poti face in Excel: https://www.extendoffice.com/documents/excel/642-excel-generate-random-string.html https://excelzoom.com/generate-a-random-character-string/
  10. Ceva bun, al 2-lea cel mai votat de aici, de iepuroi: Crack WEP, WPA, WPA2, WPS, EAP/Radius based wireless networks Creating a practice lab for wireless penetrating testing purposes Sniff out and analyze wireless packets from the air Penetrate wireless networks based on the enterprise versions of WPA and WPA2 Attack the WLAN infrastructure itself using DoS attacks, Fake APs, and other techniques Download (valabil 7 zile): aHR0cDovL3guY28vNmxnRG8= Pasteti fericiti!
  11. Am mentionat mai sus, doar video. Conform voturilor, cele mai multe au fost pentru "Learning Python Web Penetration Testing". Am pus aici. Pe luni poate voi pune si no .2 cel mai votat.
  12. Understand the web application penetration testing methodology and toolkit Interact with web applications using Python and the Requests library Write a web crawler/spider with the Scrapy library Create an HTTP bruteforcer based on Requests Create a Password bruteforcer for Basic, NTLM, and Forms authentication Detect and exploit SQL injections vulnerabilities by creating a script all by yourself Intercept and manipulate HTTP communication using Mitmproxy Download (valabil 7 zile): aHR0cDovL3guY28vNmxnRGQ=
  13. Off: ce ar trebui sa te ingrijoreze mai tare e faptul ca probabil trage si de alte cele... On: cate "device-urI" poti sa ai incat sa fie asa un mare calvar incat sa nu vrei sa schimbi parola. Si 15 sa fie, in 10 minute le-ai rezolvat.
  14. Doar video
  15. Ce tutoriale video ati dori de aici: https://www.packtpub.com/packtlib/tech/Penetration%20Testing ? Nu promit nimic insa vedem ce aduce iepurasul.. Vot deasupra ^^
  16. @adydryan imi pare rau ca ai patit nasoale Insa de lucrul asta mi-au dat multi pana acum de grija: sa nu imi reziliez vreodata contractul de munca actual pana nu am o oferta pe masa in scris, fie ca e prin posta fie ca e electronic, dar in scris sa fie (pentru ca apoi se poate actiona in instanta pentru pierderi materiale, cel putin in alte tari, nu stiu exact legislatia din Ro). Poate ca ai auzit proverbul cu datul vrabii din mana pentru cioara de pe gard. Sa le fie de invatura mai ales altora care citesc aici.
  17. US Supreme Court approves expanded hacking powers " The DoJ wants judges to be able to issue remote search warrants for computers located anywhere that the United States claims jurisdiction, which could include other countries. " " Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once "
  18. Termina cu prostiile si vezi-ti de scoala!
  19. ( America.. the land of freedom.. and democracy ) A Philadelphia man suspected of possessing child sexual abuse images has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child sex abuse crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The suspect's attorney, Federal Public Defender Keith Donoghue, urged a federal appeals court on Tuesday to release his client immediately, pending the outcome of appeals. "Not only is he presently being held without charges, but he has never in his life been charged with a crime," Donoghue wrote (PDF) in his brief to the 3rd US Circuit Court of Appeals. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain images of child sex abuse. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple, in which a magistrate ordered the gadget maker to write code to assist the authorities in unlocking the iPhone used by one of two shooters who killed 14 people at a San Bernardino County government building in December. The authorities dropped that case after they paid a reported $1 million for a hack. Donoghue wrote that his client's "first claim is that the district court lacked subject matter jurisdiction. The claim stems from the government’s apparently unprecedented use of an unusual procedural vehicle to attempt to compel a suspect to give evidence in advance of potential criminal charges. Specifically, the government took resort not to a grand jury, but to a magistrate judge pursuant to the All Writs Act, 28 U.S.C. § 1651." The defense also claims that "compelling the target of a criminal investigation to recall and divulge an encryption passcode transgresses the Fifth Amendment privilege against self-incrimination." The Supreme Court has never addressed the compelled decryption issue. But Donoghue says the court came close in 2000 when it said a suspect cannot be forced "to disclose the sequence of numbers that will open a combination lock." A federal appeals court ruled in 2012, however, that a bank-fraud defendant must decrypt her laptop, but the ruling wasn't enforced as the authorities obtained the password elsewhere. The Electronic Frontier Foundation has weighed in on the suspect's plight, telling the circuit court in a friend-of-the-court brief (PDF) that "compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them. The Fifth Amendment provides an absolute privilege against such self-incriminating compelled decryption." The authorities have called two witnesses. One was the suspect's sister who claimed she looked at images of child abuse with her brother at his house. The other was a forensic examiner who testified that it was his "best guess" that child pornography was on the drives," Donoghue wrote. The investigation began in 2015 when Pennsylvania prosecutors were monitoring the online network Freenet and executed a search warrant of the man's home. Donoghue wrote that investigators had decrypted a Mac Pro using a recovery key discovered on the iPhone 5S the authorities seized from his client's residence. He said no images of child sex abuse were found. The authorities want the suspect to decrypt two external drives discovered in the search. SOURCE
  20. Cateva puncte de vedere: - au folosit vulnerabilitati (nu backdoors) pentru a identifica proprietarii anumitor site-uri (Silk Road, pedofili, etc.); daca unii si le hosteaza acasa sau pe anumite servicii "statice" (mai ales daca vor uptime) cred ca sunt mult mai usor de identificat decat userii in miscare care navigheaza pe anumite site-uri. Spre exemplu un user de pe WiFi public cu CyberGhost free si Tor are o anumita protectie.. sau unul care isi ia un vps cu bitcoin dat prin mixer si pe care seteaza un vpn si apoi public wifi - vpn - Tor. - astfel de "investigatii" pot pica de multe ori la tribunal. vezi aici - FBI pana acum au rezistat insa e posibil sa fie obligati in viitor intr-un proces sa demonstreze cum au obtinut dovezile. Ceea ce va duce la perfectionarea Tor - unii folosesc mai intai Tails si apoi Tor sau chiar Tails - anon vpn - Tor. Ca doar asa ii indeamna IS pe simpatizanti
  21. Ai rabdare! Ai postat la doar de 25 minute intre ele.. Nu sta nimeni sa iti raspunda la secunda! LE: Varianta cea mai usoara e sa dai un search in Google Play la "custom locale" si sa incerci cateva apps de pe acolo, sunt destule gratuite, si sa vezi daca vreuna functioneaza cum trebuie. Unele au reviews slabe dar altora le-a mers. Incearca mai ales cu app-ul Language Enabler.
  22. Momentan nu sunt indexate cum trebuie in acel tab. Spre exemplu tutorialul video ce l-am pus apare acolo, chiar daca nu e in sectiunea stiri. Ii s-au urcat piticii pe creier la robotul de @sleed ca a zis ca face 1000 postari si apoi se lasa de RST si in ultimele zile a facut numai post hunting. Am zis ca doar de ciuda ii sterg cateva si apoi ii dau restrict la postari sa ramana cu 995
  23. This friendly video course will teach you the Unity from scratch and develop fun example games, deploying them to your favourite platforms: 2 and a half hours of Unity screencast tutorials, broken into bite-sized sections; Create 3D graphics, sound, and challenging gameplay; Build game UI, high score tables, and other extra features; Program powerful game logic with C# scripting - Understand the basic project structure and the other core elements of a Unity Game - Find out what it takes to build a “Scene” – a Unity3D game level - Jump into Unity Scripting as you learn to implement basic Interactivity - Discover the secrets of game audio (3D sounds and Music) in Unity3D - Master the Unity3D GUI and GUISkin system to create your own UI - Forge links between scenes to turn disparate levels into a cohesive game - Create High Score Lists and other user retention systems using Unity3D - Transform your PC or Mac game into an Android game using Unity3D’s multi-platform capabilities and Unity3D Pro for Android. Download video lessons (availability 7 days): aHR0cHM6Ly93d3cuZHJvcGJveC5jb20vcy80c2UydTAxdWw3ZTViZncvVmlkZW8lMjBsZXNzb25zJTIwLSUyMFVuaXR5M0QlMjBnYW1lJTIwZGV2ZWxvcG1lbnQuemlwP2RsPTE= Download project files (availability 7 days): aHR0cHM6Ly93d3cuZHJvcGJveC5jb20vcy9qNW1pZXk2ZG9qN3dobHMvUHJvamVjdCUyMGZpbGVzJTIwLSUyMFVuaXR5JTIwM0QlMjBHYW1lJTIwRGV2ZWxvcG1lbnQuemlwP2RsPTE= Download Unity3D: click Tutorials: click Documentation: click
  24. Prima impresie conteaza si multi useri se vor lovi de asta si vor judeca marfa dupa ambalaj. In ziua de astazi, look-ul si feel-ul sunt esentiale, pentru ca oamenii compara produsele, chiar involuntar (in subconstient) si fac anumite alegeri. Nu am momentan un Raspi 3B la indemana.. ai incercat sa vezi daca merge pe asa ceva? Daca nu.. poate ceva pentru viitor? Ca Raspbian OS tot e Debian-based si cred ca multe scoli ar fi interesate de niste low-cost Raspberrys cu Edu Ro pe ele. (daca e un OS bun, poate deveni o chestie comerciala chiar, devenind reseller de Raspi cu OS la pachet )
  25. A massive database of Mexican voter records was made publicly accessible on the internet, a US security researcher has discovered. The names, addresses, dates of birth and voter ID numbers of 87 million Mexicans appeared to be listed in the cache. It was discovered by Chris Vickery, who had been browsing unsecured databases, with a security tool called Shodan. The voter data has since been taken offline. "When I opened it up in my database, viewer I saw names, obvious addresses and identifying numbers. I started Googling the addresses to see where they were," Mr Vickery told the BBC. "All the addresses turned out to be in Mexico. I thought, 'This is a Mexican voter database - it has to be.'" Mr Vickery had made his discovery on 14 April, he said, and initially had trouble reaching an official to warn about the leak. After mentioning the database during a talk at Harvard last week, a Mexican who happened to be in the audience helped to authenticate the data. "He was able to authenticate his father's entry in the database - he said, 'Oh my God, that's my address, that's everything,'" said Mr Vickery. A journalist, also present at the talk, helped Mr Vickery to inform the Mexican National Electoral Institute, which organises federal elections in the country. SOURCE and more info
×
×
  • Create New...