metasploit2015

A collaboration between SUSE and Red Hat is going to bring relief to Linux users the world over: they'll be able to patch their systems without reboots. The live patching infrastructure looks set to become available in version 3.20 of the Linux kernel. The two organisations introduced their distribution-specific live patching solutions a month apart in 2013 – SUSE's kGraft hit in February, and Red Hat's Kpatch arrived in March. As SUSE developer Jiri Kosina explains on the Linux Kernel Mailing List, an early shot at live patching called kSplice was acquired and turned into a proprietary service. He says the SUSE and Red Hat approaches were different: “kPatch is issuing stop_machine()”, inspecting processes and deciding whether the system is safe to patch; “kGraft provides a per-thread consistency during one single pass of a process through the kernel and performs a lazy contiguous migration of threads from 'unpatched' universe to the 'patched' one at safe checkpoints.” After a discussion at the Linux Plumbers' Conference in Dusseldorf in 2014, the different parties worked out the basis of the new approach. A key aspect of the live-patching infrastructure, Kosina says, is that it's “self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). “It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving)”, he continues. Red Hat and SUSE will port their current solutions to the common infrastructure, “abandoning their out-of-tree code”. Kosina's post to the list is addressed to "Linus" and says "Live patching core is available for you to pull at git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-linus. Over to you, Mr Torvalds. ® Source

Google’s unwavering vulnerability disclosure deadlines are the latest chapter in a decades-long debate about how to best inform affected users that there’s a security problem with their software. Since the start of the year, Google’s 90-day clock has most notably ticked down to zero on a trio of flaws in Microsoft products and two others in Apple’s OS X. And upon doing so, Google’s researchers shared with the world technical details and proof of concept code for each vulnerability. Proponents of Google’s policy will argue that 90 days is plenty of time for a vendor to address a “responsibly” disclosed vulnerability. Opponents argue that a zero day is a zero day, and in such cases, a greater cut of attackers has vital information for exploit building when the details are public. Google, being the giant that it is, threw more gasoline on the controversial fire when, with one of the Microsoft flaws, it refused to sit on the details reportedly for two more days until Microsoft said it would be ready with a patch. Today, Google announced several adjustments to its disclosure policy, one of them being a 14-day grace period afforded to vendors that inform Google before the expiration of the 90-day deadline that a patch is scheduled for release within the 14-day extension. “Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+),” the Project Zero team said in its announcement. “As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances. We remain committed to treating all vendors strictly equally,” the researchers wrote. “Google expects to be held to the same standard; in fact, Project Zero has bugs in the pipeline for Google products (Chrome and Android) and these are subject to the same deadline policy.” Google also announced that the first public mention of a vulnerability needs to include a CVE identifier and that Google will obtain a pre-assigned one for vulnerabilities that go past deadline. It also said that if a 90-day deadline expires on a weekend or a U.S. public holiday, the deadline will be extended to the next working day. “Putting everything together, we believe the policy updates are still strongly in line with our desire to improve industry response times to security bugs, but will result in softer landings for bugs marginally over deadline,” Google said. “Finally, we’d like to call on all researchers to adopt disclosure deadlines in some form, and feel free to use our policy verbatim if you find our data and reasoning compelling.” This should make some major vendors breathe a little easier. Microsoft, for its part, said that it disagrees with arbitrary deadlines because of the uniqueness of vulnerabilities and variables introduced during patch development and testing time. “We prioritize security updates based on the probability and impact to customers,” said Chris Betz, head of the Microsoft Security Response Center. “When finders publically disclose vulnerability information with exploit details, they are increasing the potential for attack for millions of customers.” Google isn’t the only major technology company with a disclosure deadline. HP’s Zero Day Initiative, one of the first vulnerability programs, has a 120-day deadline, while CERT at the Software Engineering Institute at Carnegie Mellon University, a DHS-sponsored organization, has a 45-day deadline. Deadlines ensure that vendors don’t sit on vulnerabilities for months, or years in some cases. “The idea of disclosure deadlines is an old one and in practice in a lot of organizations,” said Katie Moussouris, chief policy officer at HackerOne. “The idea behind it is that people are protected and risk is minimized by limiting the window of exposure caused by an unpatched vulnerability.” Google, meanwhile, made its case that its disclosure policies are working, with vulnerabilities patched consistently and quicker by most of the affected vendors. It says, for example, that Adobe has patched 37 vulnerabilities reported by Google inside of the 90-day deadline; 154 Project Zero vulnerabilities overall (85 percent) were fixed inside of 90 days. Sursa

Dennis Fisher talks with Ryan Naraine, the long lost co-founder of Threatpost, about the upcoming Kaspersky Security Analyst Summit in Cancun and how much the conference has grown in the last few years. Download: Sursa

The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems. Sounds like most months, for sure. But what sets this month apart is the regular stream of disclosures from researchers in the hours and days following patches from Microsoft. The latest surrounds MS15-010, a bulletin that patches six critical remote code execution, security bypass and privilege escalation bugs in the Windows kernel-mode driver. That bulletin includes a security feature bypass in CNG.sys, or the Cryptography Next Generation kernel-mode driver, disclosed by Google’s Project Zero research team. The vulnerability was out in the open for close to two weeks after Project Zero’s 90-day disclosure window expired. Details on a privilege escalation vulnerability, CVE-2015-0057, in the Windows kernel GUI component, the Win32k.sys module, yesterday were shared by researchers at enSilo. According to CTO Udi Gavo, all versions of Windows are affected, including the Windows 10 Technical Preview, and attackers could exploit the bug and gain control over the compromised computer. “A threat actor that gains access to a Windows machine (say, through a phishing campaign) can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization,” he said in a published report. The vulnerability can be exploited by modifying one bit in Windows, the report said. The exploit works, enSilo said, despite the presence of numerous kernel-level protections instituted by Microsoft, in particular in Windows 8.1. Kernel DEP, ASLR, SMEP and others are mitigations that prevent code execution within certain kernel regions, but some researchers have already developed bypasses. EnSilo provides technical details on the vulnerability in its report, in particular an examination of the xxxEnableWndSBArrows function which enables and disables scrollbars in Windows. “Through a single call, this function can alter the state of both scrollbars,” the report said. “It is precisely within this function wherein the vulnerability lies.” On Tuesday, consultancy JAS Global Advisors released details on critical vulnerabilities in Group Policy that expose Windows users to man-in-the-middle attacks, remote code execution attacks, and security bypasses. The Jasbug, as it was nicknamed, was reported in January 2014 but since it was a design issue rather than one related to an implementation, it required some re-engineering by Microsoft. “The vulnerability is remotely exploitable and may grant the attacker administrator level privileges on the target machine/device,” JAS said. “Roaming machines – domain-joined Windows devices that connect to corporate networks via the public Internet (e.g. from hotels and coffee shops) – are at heightened risk.” JAS said that computers connecting over a virtual private network should be immune to compromise. Further mitigating the risk, JAS said, is that a number of scenarios have to be in place for exploits to work. “It certainly doesn’t work universally and it depends on some funky misconfigurations and happenstance. But it works frequently enough to be of concern,” JAS said in its advisory. Microsoft also addressed reports with a silent feature update in Visual Studio (KB3001652) that was causing Windows machines to lock up. The update has since been re-released after it was removed from Windows Update. Sursa

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some versions also push ransomware. Experts, however, aren’t sure this will give birth to a rash of campaigns centered on Rig. “I do not think this will be really noticeable,” said French exploit kit researcher Kafeine, who found the leak being advertised on a hacker board. He said the main pushers of Rig do no operate on the same forum. “Following this leak, the crooks might get cold feet and try to stay under the radar to elude law enforcement’s attention,” said a report posted yesterday by researchers at Trustwave SpiderLabs. “As a result we’d expect to see less activity. On the other hand, script kiddies may now use this source code to try and deploy their own infection schemes for quick and easy profit.” A U.K. researcher known as MalwareTech said the leaker is likely a Rig Exploit Kit reseller who tried to scam potential buyers by charging prices 40 percent higher than “official” Rig sellers, as well as asking $3,000 for access to a private forum that did not exist, according to screenshots from his website. “It seems like the RIG owner was less than pleased with the reseller’s antics because the next day, in a conversation with another member, the owner declared that he had suspended the reseller for attempting to scam customers, which isn’t surprising given he was requesting that people pay him $3000 for access to an imaginary private forum,” MalwareTech wrote on his website. No honor among thieves. Undaunted, the reseller took to Twitter creating an account that riffed on researchers from Malware Must Die. In a series of tweets, the reseller said he was in possession of Rig source code and a database dump; he also provided a download link. MalwareTech said the password-protected file was deleted after a couple dozen downloads. He said, however, that he confirmed the leak was legitimate with three other sources. The leak, however, is incomplete and it appears the reseller leaked only files he had access to, Trustwave SpiderLabs said. “In addition to parts of the source code, the contents of the leak included a partial export of the server database,” Trustwave said. Its researchers thus had access to infection stats and saw only about 1,200 since the leak. Sursa

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial firms by setting up a watering hole attack on the site that would go on to drop a malicious .DLL. Researchers with Invincea and iSIGHT Partners worked in tandem to dig up information about the group, which was able to compromise a part of Forbes.com’s website that appears to users before they’re ported over to articles they’ve clicked on. That portion of the site, Forbes.com’s Thought of the Day, is powered by a Flash widget. According to researchers with Invincea the group was able to use a zero day vulnerability to hijack that widget for a short period, from Nov. 28 to Dec. 1. Over the course of those four days, the group targeted visitors to the site who worked at a handful of unnamed U.S. defense and financial firms. Researchers with iSIGHT discovered that in addition to the Flash flaw, the attackers also exploited an Internet Explorer vulnerability, a zero day that helped attackers bypass Address Space Layout Randomization (ASLR) in IE 9. While the Adobe bug, a buffer overflow (CVE-2014-9163) was patched back on Dec. 9, the ASLR mitigation bypass (CVE-2015-0071) was one of many patched yesterday in Microsoft’s monthly Patch Tuesday round of patches, an update that was especially heavy on Internet Explorer fixes. In a technical writeup of the attack yesterday, Invincea explained how Forbes’ site was able to redirect to an IP address, load the Flash exploit, and drop a DLL, hrn.dll, to be loaded into the machine’s memory. “Once in memory, the exploit gains administrative privileges and opens a command prompt,” Invincea’s executive summary reads, “Next the victim system was scanned to report on its current patch levels, network mapping, and complete IP configuration, including any VPN connections.” Both firms agreed to set their disclosures for yesterday to coincide with Microsoft’s patching of the Internet Explorer bug. While Chinese APT groups have been in the news lately – some reports have already pinned last week’s Anthem breach on shadowy hackers from the PRC – several firms are already familiar with the APT group behind this campaign. FireEye, first published research on the group back in 2013, referring to the collective as the Sunshop Group. Researchers there caught the group carrying out a campaign that hit a series of victims – a science and technology journal, a website for evangelical students, etc. – by exploiting an IE zero day and several Java bugs in May of that year. Throughout its research, dating back to 2010, iSIGHT has taken to calling the group Codoso Team. This attack, like others its linked back to them, used similar malware (Derusbi) and called on a command and control (C+C) domain its been seen using in the past as well. Regardless of what it goes by, the group has been seen targeting U.S. government entities, the military/defense sector, and financial services groups for at least five years running. FireEye found the same group was also responsible for hacking the Nobel Peace Prize Committee website in 2010. That attack also used a watering hole and made use of a browser (Firefox) zero day. While neither iSIGHT or Invincea could give concrete numbers regarding the number of victims Codoso was able to compromise with this campaign, both were firm in their stance that the attacks were highly targeted in nature and only visitors who worked at the defense and financial firms were infected. Sursa

Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise. The platform, called ThreatExchange, already counts Pinterest, Yahoo, Tumblr, Twitter, Bitly and Dropbox among its early members. The cost is free, and most of the heavy lifting is done by Facebook’s infrastructure. The platform developers were also cognizant of some of the concerns enterprises have about sharing threat data, from both a competitive and risk management standpoint. Privacy controls are built in to ThreatExchange that not only sanitize information provided by members, but also allows contributors to share data with all of the exchange’s members, or only particular subsets. In addition to threat information shared by contributors, open source threat intelligence feeds are pulled into the platform. Mark Hammell, manager of Facebook’s threat infrastructure team, would not identify any of the open source feeds until some legal machinations are worked out. Facebook will homogenize all of those respective feeds’ data formats and make them consumable via ThreatExchange. “We’re able to leverage a huge community doing security research independently and give them a platform,” Hammell said. Hammell said he hopes the initial partner list grows to include other technology companies with a large Internet footprint. Microsoft, for example, has developed its own information sharing platform called Interflow, while the FBI announced last winter that it was releasing an unclassified version of its malware repository in the hopes of spurring public-private sharing of threat data. “If some reasonably large Internet properties cooperate on attacks they’ve seen and responded to, the vast majority of the Internet will be safer,” Hammell said. “We want to bring in more companies like that and eventually broaden it beyond big companies to smaller web properties and researchers. We want to create a forum where we can share attack and threat information in an easy way and share it with as many who want to receive it. “We realize that any problem that affects the Internet affects our products in lockstep,” Hammell said. “The corollary there is that the more we can do to take on larger problems the Internet is facing, the better our products will be and the safer the Internet will be.” ThreatExchange is an API-based exchange; IT admins will be able to consume threat data via the APIs and write signatures and other protections accordingly. Participants can share threat data such as malware samples, lists of malicious URLs and other indicators of compromise that make sense. While participants will be able to see the data, the will not be able to tell where it’s coming from, though everyone will have access to list of members. “You can see URLs that are known as bad, or metadata, but you cannot tell where it’s coming from; there is no attribution in the data,” Hammell said. Privacy controls within the framework allow contributors to publish breach data such as domains used in an attack or malware hashes and select who sees it. Facebook said there was one added use case where a contributor is allowed to select only specific other organizations to share data with. “The classic example is an attack you’re investigating where only you and a few companies are targeted,” Hammell explained. “They can collaborate together on that particular attack and share data, but perhaps they don’t feel it’s appropriate to go wider because it may tip their hand and alert the attacker, or it would not be beneficial to the investigation if others started poking at the infrastructure and possibly disrupt the work they’re doing. It’s an important scenario to get right.” Hammell added that the platform is free, and the intent is for it to stay that way. “We want the platform to be a medium to share what people want to share,” he said. Sursa

In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats. The center will analyze intelligence contributed by several agencies, along with the private sector, a model that will face some serious hurdles. The proposed Cyber Threat Intelligence Integration Center will fall under the Office of the Director of National Intelligence and it will not be responsible for actually gathering any threat intelligence. Rather, it will serve as an aggregation point for information collected by intelligence agencies and, the Obama administration hopes, private companies. A major piece of the plan for the CTIIC is for it to be a point of information exchange with the private sector, said Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, in a speech Tuesday. That’s a strategy that the United States government has been trying to implement for the better part of two decades now in various incarnations. But there are two main issues with the information-sharing model: the government tends to hoard its intelligence and the private sector tends not to want to give and get nothing in return. Monaco said that for the CTIIC to be effective, both sides need to get past those challenges and start helping one another. “We’re not going to bottle up intelligence. We want the flow of information to go both ways,” Monaco said. In her speech at the Wilson Center in Washington, Monaco said that the CTIIC will be modeled after the National Counterterrorism Center and will draw on what the government and intelligence community learned about responding to and tracking threats after 9/11. She also hinted that the administration is going to be more aggressive in the future in tracking and prosecuting cyber criminals and other attackers. “There are structural, cultural and organizational shifts made in the government in counter-terror that also apply to cyber,” she said. “Those who would do us harm should know they will be found and they will be held to account.” Monaco cited the attack on Sony Pictures late last year as a key example of the kind of attack that the new CTIIC will be able to deal with. “That was a game-changer, because it wasn’t about profit, it was about a dictator trying to impose censorship,” she said. “Which is why we took the extraordinary step of identifying the attackers publicly.” Administration officials blamed the Sony hack on North Korea and later imposed more sanctions on the country as a result. Monaco did not specify when the CTIIC would be operational or who would be part of the new group. Sursa

Numai trebuie! Da'ti tc please

Dute ba in pula lui @nytro Ce e aici, se vinde carduri aici de ai facut topic asta?

Ce ratie ai pe cont?

Te-am dat si eu pm...

Gata, nici nu le vazusem:))

]Zippyshare.com -

Download: Zippyshare.com - 2.sql.zip Parola: rstforums

L-am gasit si eu in logs, parola este: parola21 /N-am schimbat-o eu am gasit-o doar in logs de la stealer!

ala e Yahoo ets

O bucata de la mine:)) n0kzor:adel1n sa va fie cu folos!

Done, destul de usor..

Mersi, siteul contine multe dorkuri folositoare.

Un reupload te rog, am mare nevoie de asa ceva.

E grav, de unde pân? unde c? eu sunt kronzy sau castiel? P.S Rog un admin s? verifice dac? eu am acelas ip cu kronzy sau localitate sau altceva, sunt dup? ip real..

Las? prostiile astea ?i f? ceva serios, orcum s?-?i zic ?i ce ai cerut tu: Pentru "flood" nu o s? po?i pic?, î?i dai seam?, google cu 1 root, mai bine pe acel root faci un server de IRC mai faci rost de unu scanezi bagi 200-300 de bo?i ?i câ?iva pma ?i dup? dai în metinele pe care joci ?i serverele de cantar straic, bine? Pentru scan utilizeaz? arhiv? aceea postat? aici în 2012 Linux SSH bruteforce sau unixcode sau gosh, dar î?i trebuie ?i un dic?ionar cu parole bune, nu multe c? degeaba ai 1.000.000 de parole dac? toate sunt stupide.