Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by gigiRoman

  1. Malware as a service, crima sau afacere?

    Vezi tu, este exact ca in afirmatia lui Snowden: https://mobile.twitter.com/snowden/status/975147858096742405 Cred ca important e de ce parte a baricadei te afli. Si asta e disclaimerul lui @nytro pentru netripper, deci baga mare. Legal disclaimer Usage of NetRipper for attacking targets without prior mutual consent is illegal. It is the end user's responsability to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program!
  2. https://linuxhint.com/gnuroot-tutorial/ Poti sa instalezi si aplicatii de linux.
  3. Sigur nu avea ceva embedded pdful ala?
  4. Certificari in domeniul Securitatii

    Pentru sustinerea certificarilor poti incerca pearson vue bucuresti https://home.pearsonvue.com Newhorizons vad ca ofera training in principiu. Trainingurile sunt scumpe si inutile. Cel mai bine inveti pe cont propriu.
  5. https://github.com/comaeio/OPCDE/blob/master/2017/Windows Operating System Archaeology - Matt Nelson/Windows Operating System Archaeology.pdf
  6. Certificari in domeniul Securitatii

    Cred ca in principiu pentru a accesa anumite proiecte o firma trebuie sa aiba persoane licentiate. Licenta e o garantie a capacitatilor firmei. Daca se face un caiet de sarcini pentru o licitatie de exemplu. Vezi si: http://www.legi-internet.ro/legislatie-itc/semnatura-electronica/legea-semnaturii-electronice/ordin-privind-procedura-de-acordare-suspendare-aayi-retragere-a-deciziei-de-acreditare-a-furnizorilor-de-servicii-de-certificare/ordin-mcsi-8882011.html Uite linkul asta de exemplu: https://www.google.ro/url?sa=t&source=web&rct=j&url=http://www.ancom.org.ro/uploads/links_files/20140828_evaluare_a_vulnerabilitatilor_informatice.pdf&ved=2ahUKEwjyxLmmvNrZAhWP6aQKHaDCDv8QFjAEegQIABAB&usg=AOvVaw0SBFGOHcXho9OCVdioTTYU Vezi 7.4 Echipa de proiect
  7. Ce carti mai cititi?

  8. Certificari in domeniul Securitatii

    Check this: https://www.google.ro/url?sa=t&source=web&rct=j&url=http://andrei.clubcisco.ro/cursuri/5master/sric-asr/cursuri/11.%20Certificari%20profesionale.pdf&ved=2ahUKEwi0nqXwntjZAhVJyKQKHTfqBcEQFjAGegQIABAB&usg=AOvVaw1y9Lrr0dfgcfsTvE1el6Q3
  9. Mai era si prezentarea de la defcamp 2017: https://def.camp/wp-content/uploads/dc2017/Day 1_ Olga & Alexey_ATM every day trouble.pdf
  10. Scoala auto

    http://www.drpciv.ro/info-portal/dlExamSignUp.do Fa-ti cont direct pe siteul politiei ca daca bagi multe chestionare e posibil sa iti pice aceleasi intrebari si la examen. Si parca e mocca. Cel putin in 2010 era.
  11. https://enigma0x3.net

  12. Offensive security

    Unele mai au seed; Sursa: http://tparser.org/Offensive-security Nu garantez ca sunt curate. Результатов по запросу: «Offensive security» 1-18 из 18 Имя торрента Z Размер Сидер Личер T M Offensive-Security PWK Penetration Testing with Kali Other (Other) 678 MB 10 6 Offensive-Security - OSWP - WiFu Other (Other) 843 MB 11 5 Offensive Security PWK v1.0.1 (2014) PDF Other (E-books) 17 MB 11 0 Offensive Security 101 - Videos & PDF Video (Movies) 308 MB 1 4 Offensive Security - Penetration Testing with BackTrack v3.2 Other (E-books) 10 MB 4 1 Offensive Security - Penetration Testing with BackTrack (Lab Gui Other (E-books) 9 MB 3 0 Offensive Security - Wireless Attacks ( WiFu) v2.0.pdf Other (E-books) 14 MB 3 0 Offensive Security Labs Other (Other) 308 MB 3 0 Offensive Security - BackTrack to the Max Cracking the Perimeter Other (E-books) 3 MB 3 0 Offensive.Security.PWB.v3.0.pdf Other (E-books) 9 MB 2 1 Pack Offensive Security complet - Backtrack Other (E-books) 104 MB 2 1 Offensive Security 101 Online Training Video (Movie clips) 341 MB 2 0 Offensive Security 101 [2008] Компьютерные сети и безопасность 313 MB 1 1 Offensive Security WIFU v2.0 Other (E-books) 14 MB 1 0 Offensive Security - Sample video Video (Movie clips) 13 MB 0 1 BackTrack - Offensive Security Other (E-books) 312 MB 0 1 Offensive Security - Advanced Windows Exploitation (AWE) v 1.1 Other (E-books) 33 MB 0 0 Offensive Security Lecture Videos FSU 2013 Video (Other) 2.97 GB 0 0
  13. Pentest cheatsheet

    Sursa: https://pen-testing.sans.org/resources/downloads Trebuie sa va faceti cont! Pen Test: Command Line Kung Fu Attack Surfaces, Tools & Techniques Ultimate Pen Test Poster Intrusion Discovery Cheat Sheet for Windows Intrusion Discovery Cheat Sheet for Linux Windows Command Line Cheat Sheet Netcat Cheat Sheet Misc Pen Test Tools Cheat Sheet Pen Test Rules of Engagement Worksheet Pen Test Scope Worksheet Pen Test: Command Line Kung Fu Download Here Top Attack Surfaces, Tools & Techniques Download Here Top Ultimate Pen Test Poster Download Here Top Intrusion Discovery Cheat Sheet for Windows Ever wonder if your Windows machines have been compromised, but don't know where to look to find the bad guys' presence? This cheat sheet is designed to help Windows administrators and security personnel to better execute and in-depth analysisof their system in order to look for signs of compromise. Each technique is covered from both a GUI and command-line perspective, acting as a nice bridge between these two important aspects of modern Windows machines. Some organizations print out and laminate these sheets, distributing them among their operations staff to help them better understand their systems and detect attackers in their midst. Windows Cheat Sheet (279 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Intrusion Discovery Cheat Sheet for Linux Organized along the same lines as the Windows cheat sheet, but with a focus on Linux, this tri-fold provides vital tips for system administrators and security personnel in analyzing their Linux systems to look for signs of a system compromise. Each command is described in detail, allowing users to search for unusual processes, network activity, strange files, unexpected cron jobs, and more. Linux Cheat Sheet (266 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Windows Command Line Cheat Sheet Many tools in a penetration tester's arsenal are designed to get command shell on vulnerable target machines. And, often, Windows machines are in the crosshairs, lacking critical patches or being run by click-happy users that blindly open files sent during a carefully scoped penetration test. But, what do you do on a Windows box once you get shell? These cheat sheets help pen testers master the Windows Command Line to exercise significant control over compromised Windows machines. Windows Command Line Cheat Sheet (135 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Netcat Cheat Sheet Netcat is one of the most flexible tools in a pen tester's arsenal, but some penetration testers only scratch the surface of its capabilities. These cheat sheets describe the specific commands needed to use Netcat super effectively in penetration tests, including as an impromptu client, gender-bender relay, file transfer tool, banner grabber, port scanner, and more. If you think you know Netcat, check out this cheat sheet for even more devious uses of this remarkably powerful tool. Netcat Cheat Sheet (131 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Misc Pen Test Tools Cheat Sheet This cheat sheet provides tips for maximizing the effectiveness of some of the most useful free tools available for penetration testers and vulnerability assessment personnel: Metasploit, Meterpreter, fgdump, and hping. The sheet is a handy reference with practical, hands-on, command-line oriented tips every penetration tester should know. Misc Tools Cheat Sheet (147 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Rules of Engagement Worksheet When planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best. At worst, you may wind up in prison! With the goal of keeping professional penetration testers out of orange jump suits at the state penitentiary, this worksheet walks a tester through a series of questions to establish a firm set of agreed-upon rules to ensure an effective penetration test. Rules Of Engagement Worksheet (8 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Scope Worksheet Modern penetration tests can include a myriad of activities against a multitude of potential targets. Trying to hack everything or leaving something ultra-important out are a sure way to execution of a sub-optimal pen test. A penetration tester can use this worksheet to walk through a series of questions with the target system's personnel in order to help tailor a test's scope effectively for the given target organization. Scope Worksheet (12 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking
  14. Security blog

  15. Sursa:http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html Spring 2014 Lectures & Videos This page contains all the lecture Lecture Slides and youtube videos for the Spring 2014 semester of this course. Course Lecture Videos / Slides / Reading: Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic. Week 1 (Intro / Overview): Lecture 1: Intro, Ethics, & Overview: This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics. Resources: [Lecture Slides] Required reading: 0x200 up to 0x260 (HAOE) Lecture 2: Secure C Coding 101: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Reading: 0x260 up to 0x280 (HAOE) Week 2 (Secure C / Code Auditing): Lecture 3: Secure C Coding 102: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Required reading: 0x280 up to 0x300 (HAOE) and 0x350 up to 0x400 Suggested reading:Understanding Integer Overflow in C/C++Integer Undefined Behaviors in Open Source Crypto Libraries Lecture 4: Code Auditing: Auditing C Code, basic tips / strategies / and exercises Resources: [Lecture Slides] Reading: article on file i/o security Week 3 (Permissions Spectrum): Holiday (No Class, Jan 20) MLK Day Holiday Lecture 5: The Permissions Spectrum: Intro to Vulnerability Research topics and the Permissions spectrum. Resources: [Lecture Slides] Week 4 (Reverse Engineering Week): Lecture 6: Reverse Engineering Workshop 1 Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Resources: [Slides (pdf)] [Slides (pptx)] Class RE Exercises (Archive) Lecture 7: Reverse Enginerring Workshop 2: Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Week 5 (Fuzzing Week): Lecture 8: Fuzzing Lecture 1 Coverage of Fuzzing techniques for SDL, VR, and other applications. [Slides] Lecture 9: MIDTERM REVIEW: [No class video, see slides!] [Midterm Review Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): MIDTERM 1 [no video for this class] Lecture 10: Fuzzing Lecture #2 and Exploitation Lecture 101: PART 1: PART 2: There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures. Resources: [Fuzzing Slides] [Exploitation Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): Lecture 11: Exploit Development 102 Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode. Resources: [Slides] Reading: Read 0x500 up to 0x540 in HAOE (Writing shellcode) Read 0x6A0 up to 0x700 in HAOE This class was cancelled (postponed to next week) Week 7 (Exploit Development / Networking): Lecture 12: Exploit Development 103 Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc...) Resources: [Slides] Reading: Read 0x680 up to 0x6A0 in HAOE Lecture 13: Networking Lecture 101: This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122) Resources: [Lecture Slides] Required reading: Read 0x400 up to 0x450 in HAOE. Related reading (not required): Defcon 18 - How to hack millions of routers- Craig Heffner Week 8 (Exploit Dev / Web Application Hacking/Security) Lecture 14: Exploit Development 102 Resources: [Slides] Reading: Read 0x450 up to 0x500 in HAOE(27 pages) Read 0x540 up through 0x550 in HAOE(11 pages) Read Chapter 1 in WAHH (15 pages) Lecture 15: Wireshark and Web Application Hacking/Security 101 [Video on Wireshark coming soon] Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy. Resources: [SLIDES] Required Reading: Chapters 2-3 in WAHH OWASP Top 10 Related Reading: PHP: A Fractal of Bad Design Week 10 (Web Applications): Lecture 16: Web Application Hacking/Security 102 Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos. Resources: [Slides] Required Reading: Reading: Chapters 9 of WAHH Related Reading:Advaned SQLi Lecture 17: Web Application Hacking/Security 103 Resources: [SLIDES] Required Reading: "SSL and the future of Authenticity" Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL Read Chapter 10 in WAHH Week 11 (Web Applications and Exploitation): Lecture 18: Web Application Hacking/Security 104 and Exploitation 104 This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF. Resources: [Slides] Required Reading: Reading: Chapters 12 of WAHH Chapter 0x550 in HAOE Related Video: (IDS/IPS Detection, Evasion, VOIP hacking) Lecture 19: Midterm review #2 and Exploitation 105 ROP Lecture: This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc... This lecture is just the concepts, next time is the demos. Resources: [Slides] Reading: ROPC blog post part 1 Week 12 (ROP and Metasploit): Lecture 21: Guest Lecturer Devin Cook on ROP and a brief history of exploitation Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed. Resources: [Slides] Required Reading: ROPC part 2 blog post Lecture 22: Metasploit This lecture covers the Metasploit framework. Resources: [Slides] Week 13 (MIDTERM #2 and Post Exploitation): MIDTERM #2 [No video / lecture] Lecture 23: Meterpreter and Post Exploitation Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources: Slides] Week 14 (Forensics and Incident Response): Lecture 24: Volatility and Forensics Old video covering Volatility and performing forensic analysis on hacked machines. Resources: [Slides] Lecture 25: Revisiting Old Topics Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources: [Slides] Week 15 (Last Week: Physical Security and Social Engineering): Lecture 26: Social Engineering Lecture 27: Physical Security & Locks/Lockpicking This work is licensed under a Creative Commons license.
  16. Help for me ? Password decyrpt ?

    P-asta il stiti? https://github.com/lanjelot/patator
  17. @mariuss615Exista posibilitatea ca balenele sa isi faca un cartel? E o combinatie win-win ca sa scoata mai multi jucatori cu sume mici din joc. Plus ca eu daca scot la vanzare 1000000 btc nu inseamna ca ii si vand.
  18. Pai ideea nu e sa le vinzi, ci sa le scoti pe piata. Doar scoaterea la vanzare scade valoarea. Ca se ofera mai multi bitcoini pentru aceeasi cerere. Doar cresterea ofertei cand cererea ramane constanta face ca pretul sa scada.
  19. Intrebare: dc cineva detine 1.000.000 de bitcoini si ii tine la ciorap=> cf. Cerere-oferta creste valoarea ca nu sunt lichiditati pe piata. Daca ala vrea sa faca mai multi bani trebuie doar sa le dea drumul pe piata => va exploda oferta, pretul va scadea drastic, apoi el va avea bani sa cumpere si mai mult, profitand la maxim de pozitia privilegiata pe care o are. E plauzibil?
  20. Cem Paya

    Mi-am amintit de Cem Paya, ala care a lucrat initial la google wallet. Dc va intereseaza blogul omului https://randomoracle.wordpress.com/author/cemp/
  21. Wicked Cool Shell Scripts: 101 Scripts for Linux, OS X, and UNIX Systems, 2nd Edition Shell scripts are an efficient way to interact with your machine and manage your files and system operations. With just a few lines of code, your computer will do exactly what you want it to do. But you can also use shell scripts for many other essential (and not-so-essential) tasks. This second edition of Wicked Cool Shell Scripts offers a collection of useful, customizable, and fun shell scripts for solving common problems and personalizing your computing environment. Each chapter contains ready-to-use scripts and explanations of how they work, why you’d want to use them, and suggestions for changing and expanding them. You’ll find a mix of classic favorites, like a disk backup utility that keeps your files safe when your system crashes, a password manager, a weather tracker, and several games, as well as 23 brand-new scripts, including: A ZIP code lookup tool that reports the city and state A Bitcoin address information retriever A suite of tools for working with cloud services like Dropbox and iCloud Tools for renaming and applying commands to files in bulk Image processing and editing tools Whether you want to save time managing your system or just find new ways to goof off, these scripts are wicked cool! http://emagazinepdf.com/2016/11/wicked-cool-shell-scripts-101-scripts-for-linux-os-x-and-unix-systems-2nd-edition/
  22. Pentetrarea Romania

    Prin gat in cur: https://capitalresearch.org/person/jacob-grandstaff/content/
  23. Help needed...

    tparser.org Os + Networking: https://www.sans.org/security-resources/
  24. Check torrents: http://tparser.org/Offensive-security