gigiRoman

Sursa: https://pen-testing.sans.org/resources/downloads Trebuie sa va faceti cont! Pen Test: Command Line Kung Fu Attack Surfaces, Tools & Techniques Ultimate Pen Test Poster Intrusion Discovery Cheat Sheet for Windows Intrusion Discovery Cheat Sheet for Linux Windows Command Line Cheat Sheet Netcat Cheat Sheet Misc Pen Test Tools Cheat Sheet Pen Test Rules of Engagement Worksheet Pen Test Scope Worksheet Pen Test: Command Line Kung Fu Download Here Top Attack Surfaces, Tools & Techniques Download Here Top Ultimate Pen Test Poster Download Here Top Intrusion Discovery Cheat Sheet for Windows Ever wonder if your Windows machines have been compromised, but don't know where to look to find the bad guys' presence? This cheat sheet is designed to help Windows administrators and security personnel to better execute and in-depth analysisof their system in order to look for signs of compromise. Each technique is covered from both a GUI and command-line perspective, acting as a nice bridge between these two important aspects of modern Windows machines. Some organizations print out and laminate these sheets, distributing them among their operations staff to help them better understand their systems and detect attackers in their midst. Windows Cheat Sheet (279 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Intrusion Discovery Cheat Sheet for Linux Organized along the same lines as the Windows cheat sheet, but with a focus on Linux, this tri-fold provides vital tips for system administrators and security personnel in analyzing their Linux systems to look for signs of a system compromise. Each command is described in detail, allowing users to search for unusual processes, network activity, strange files, unexpected cron jobs, and more. Linux Cheat Sheet (266 KB) Related Course SEC504: Hacker Techniques, Exploits & Incident Handling Top Windows Command Line Cheat Sheet Many tools in a penetration tester's arsenal are designed to get command shell on vulnerable target machines. And, often, Windows machines are in the crosshairs, lacking critical patches or being run by click-happy users that blindly open files sent during a carefully scoped penetration test. But, what do you do on a Windows box once you get shell? These cheat sheets help pen testers master the Windows Command Line to exercise significant control over compromised Windows machines. Windows Command Line Cheat Sheet (135 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Netcat Cheat Sheet Netcat is one of the most flexible tools in a pen tester's arsenal, but some penetration testers only scratch the surface of its capabilities. These cheat sheets describe the specific commands needed to use Netcat super effectively in penetration tests, including as an impromptu client, gender-bender relay, file transfer tool, banner grabber, port scanner, and more. If you think you know Netcat, check out this cheat sheet for even more devious uses of this remarkably powerful tool. Netcat Cheat Sheet (131 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Misc Pen Test Tools Cheat Sheet This cheat sheet provides tips for maximizing the effectiveness of some of the most useful free tools available for penetration testers and vulnerability assessment personnel: Metasploit, Meterpreter, fgdump, and hping. The sheet is a handy reference with practical, hands-on, command-line oriented tips every penetration tester should know. Misc Tools Cheat Sheet (147 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Rules of Engagement Worksheet When planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best. At worst, you may wind up in prison! With the goal of keeping professional penetration testers out of orange jump suits at the state penitentiary, this worksheet walks a tester through a series of questions to establish a firm set of agreed-upon rules to ensure an effective penetration test. Rules Of Engagement Worksheet (8 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking Top Pen Test Scope Worksheet Modern penetration tests can include a myriad of activities against a multitude of potential targets. Trying to hack everything or leaving something ultra-important out are a sure way to execution of a sub-optimal pen test. A penetration tester can use this worksheet to walk through a series of questions with the target system's personnel in order to help tailor a test's scope effectively for the given target organization. Scope Worksheet (12 KB) Related Course SEC560: Network Penetration Testing and Ethical Hacking

https://lmgsecurity.com/blog/

Sursa:http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html Spring 2014 Lectures & Videos This page contains all the lecture Lecture Slides and youtube videos for the Spring 2014 semester of this course. Course Lecture Videos / Slides / Reading: Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic. Week 1 (Intro / Overview): Lecture 1: Intro, Ethics, & Overview: This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics. Resources: [Lecture Slides] Required reading: 0x200 up to 0x260 (HAOE) Lecture 2: Secure C Coding 101: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Reading: 0x260 up to 0x280 (HAOE) Week 2 (Secure C / Code Auditing): Lecture 3: Secure C Coding 102: What you absolutely need to know about secure coding in C. C is everywhere. Resources: [Lecture Slides] Required reading: 0x280 up to 0x300 (HAOE) and 0x350 up to 0x400 Suggested reading:Understanding Integer Overflow in C/C++Integer Undefined Behaviors in Open Source Crypto Libraries Lecture 4: Code Auditing: Auditing C Code, basic tips / strategies / and exercises Resources: [Lecture Slides] Reading: article on file i/o security Week 3 (Permissions Spectrum): Holiday (No Class, Jan 20) MLK Day Holiday Lecture 5: The Permissions Spectrum: Intro to Vulnerability Research topics and the Permissions spectrum. Resources: [Lecture Slides] Week 4 (Reverse Engineering Week): Lecture 6: Reverse Engineering Workshop 1 Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Resources: [Slides (pdf)] [Slides (pptx)] Class RE Exercises (Archive) Lecture 7: Reverse Enginerring Workshop 2: Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email). Week 5 (Fuzzing Week): Lecture 8: Fuzzing Lecture 1 Coverage of Fuzzing techniques for SDL, VR, and other applications. [Slides] Lecture 9: MIDTERM REVIEW: [No class video, see slides!] [Midterm Review Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): MIDTERM 1 [no video for this class] Lecture 10: Fuzzing Lecture #2 and Exploitation Lecture 101: PART 1: PART 2: There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures. Resources: [Fuzzing Slides] [Exploitation Slides] Week 6 (MIDTERM 1 and Exploit Development Week 1): Lecture 11: Exploit Development 102 Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode. Resources: [Slides] Reading: Read 0x500 up to 0x540 in HAOE (Writing shellcode) Read 0x6A0 up to 0x700 in HAOE This class was cancelled (postponed to next week) Week 7 (Exploit Development / Networking): Lecture 12: Exploit Development 103 Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc...) Resources: [Slides] Reading: Read 0x680 up to 0x6A0 in HAOE Lecture 13: Networking Lecture 101: This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122) Resources: [Lecture Slides] Required reading: Read 0x400 up to 0x450 in HAOE. Related reading (not required): Defcon 18 - How to hack millions of routers- Craig Heffner Week 8 (Exploit Dev / Web Application Hacking/Security) Lecture 14: Exploit Development 102 Resources: [Slides] Reading: Read 0x450 up to 0x500 in HAOE(27 pages) Read 0x540 up through 0x550 in HAOE(11 pages) Read Chapter 1 in WAHH (15 pages) Lecture 15: Wireshark and Web Application Hacking/Security 101 [Video on Wireshark coming soon] Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy. Resources: [SLIDES] Required Reading: Chapters 2-3 in WAHH OWASP Top 10 Related Reading: PHP: A Fractal of Bad Design Week 10 (Web Applications): Lecture 16: Web Application Hacking/Security 102 Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos. Resources: [Slides] Required Reading: Reading: Chapters 9 of WAHH Related Reading:Advaned SQLi Lecture 17: Web Application Hacking/Security 103 Resources: [SLIDES] Required Reading: "SSL and the future of Authenticity" Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL Read Chapter 10 in WAHH Week 11 (Web Applications and Exploitation): Lecture 18: Web Application Hacking/Security 104 and Exploitation 104 This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF. Resources: [Slides] Required Reading: Reading: Chapters 12 of WAHH Chapter 0x550 in HAOE Related Video: (IDS/IPS Detection, Evasion, VOIP hacking) Lecture 19: Midterm review #2 and Exploitation 105 ROP Lecture: This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc... This lecture is just the concepts, next time is the demos. Resources: [Slides] Reading: ROPC blog post part 1 Week 12 (ROP and Metasploit): Lecture 21: Guest Lecturer Devin Cook on ROP and a brief history of exploitation Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed. Resources: [Slides] Required Reading: ROPC part 2 blog post Lecture 22: Metasploit This lecture covers the Metasploit framework. Resources: [Slides] Week 13 (MIDTERM #2 and Post Exploitation): MIDTERM #2 [No video / lecture] Lecture 23: Meterpreter and Post Exploitation Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources: Slides] Week 14 (Forensics and Incident Response): Lecture 24: Volatility and Forensics Old video covering Volatility and performing forensic analysis on hacked machines. Resources: [Slides] Lecture 25: Revisiting Old Topics Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources: [Slides] Week 15 (Last Week: Physical Security and Social Engineering): Lecture 26: Social Engineering Lecture 27: Physical Security & Locks/Lockpicking This work is licensed under a Creative Commons license.

P-asta il stiti? https://github.com/lanjelot/patator

@mariuss615Exista posibilitatea ca balenele sa isi faca un cartel? E o combinatie win-win ca sa scoata mai multi jucatori cu sume mici din joc. Plus ca eu daca scot la vanzare 1000000 btc nu inseamna ca ii si vand.

Pai ideea nu e sa le vinzi, ci sa le scoti pe piata. Doar scoaterea la vanzare scade valoarea. Ca se ofera mai multi bitcoini pentru aceeasi cerere. Doar cresterea ofertei cand cererea ramane constanta face ca pretul sa scada.

Intrebare: dc cineva detine 1.000.000 de bitcoini si ii tine la ciorap=> cf. Cerere-oferta creste valoarea ca nu sunt lichiditati pe piata. Daca ala vrea sa faca mai multi bani trebuie doar sa le dea drumul pe piata => va exploda oferta, pretul va scadea drastic, apoi el va avea bani sa cumpere si mai mult, profitand la maxim de pozitia privilegiata pe care o are. E plauzibil?

Mi-am amintit de Cem Paya, ala care a lucrat initial la google wallet. Dc va intereseaza blogul omului https://randomoracle.wordpress.com/author/cemp/

Wicked Cool Shell Scripts: 101 Scripts for Linux, OS X, and UNIX Systems, 2nd Edition Shell scripts are an efficient way to interact with your machine and manage your files and system operations. With just a few lines of code, your computer will do exactly what you want it to do. But you can also use shell scripts for many other essential (and not-so-essential) tasks. This second edition of Wicked Cool Shell Scripts offers a collection of useful, customizable, and fun shell scripts for solving common problems and personalizing your computing environment. Each chapter contains ready-to-use scripts and explanations of how they work, why you’d want to use them, and suggestions for changing and expanding them. You’ll find a mix of classic favorites, like a disk backup utility that keeps your files safe when your system crashes, a password manager, a weather tracker, and several games, as well as 23 brand-new scripts, including: A ZIP code lookup tool that reports the city and state A Bitcoin address information retriever A suite of tools for working with cloud services like Dropbox and iCloud Tools for renaming and applying commands to files in bulk Image processing and editing tools Whether you want to save time managing your system or just find new ways to goof off, these scripts are wicked cool! http://emagazinepdf.com/2016/11/wicked-cool-shell-scripts-101-scripts-for-linux-os-x-and-unix-systems-2nd-edition/

Prin gat in cur: https://capitalresearch.org/person/jacob-grandstaff/content/

http://www.stiri-economice.ro/ce-sunt-banii-fiat-moneda-fiduciara.html

Incearca cu google translate.

https://www.google.ro/amp/s/olivierdemeulenaere.wordpress.com/2017/10/22/a-propos-des-cryptomonnaies-la-strategie-blockchain-a-la-loupe-valerie-bugault

Poti sa faci informatica economica la ase la idd si e mai bine vazut. Plus ca pe diploma de licenta nu scrie id sau zi. Doar pe aia de master am vazut ca e.

Ai perfecta dreptate, man. Plus ca in engleza sunt scrise cu limbaj de lemn. Eu am invatat programarea mai pe taraneste, cu vectori si nu cu arrays, de exemplu.

Daca toti rusii aia ar fi scris in engleza, am fi inteles si noi.

De adaugat si: Webgoat https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project Si multilidae https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project Astea erau la un moment dat pe la master.

Mi-am amintit de partenerul vostru la def.camp si anume codette. Pai au oeganizare ca in coreea de nord. Tre sa facem ceva asemanator. Deja sunt ong. Mottoul lor:"Se lucrează de zor la planuri de a cuceri lumea și nu trebuie să ratezi ce pregătește Codette pentru tine: urmărește-ne pe Facebook, Twitter și Instagram! Nu o să îți pară rău!"

Defapt vulnerabilitatea era la tracking services. Ca device-ul nu se apuca sa trimita date aiurea catre orice server. Si avand cartela sim e in spatele unui nat. Ei au gasit vulnerabilitati in serverul catre care trimiteau deviceurile. Trackerele se seteaza in principiu prin usb sau prin sms si poti sa ii pui verificarea nr de tel de la care vine solicitarea. Dar fiindca prostii aia nu si-au securizat siteul...

https://crypto.stanford.edu/cs155/syllabus.html

http://librarie.gandeste.org/cumpara/a-ucide-plutocatia-ghid-practic-pentru-demontarea-sistemului-valerie-7718946

https://crypto.stanford.edu/cs251/syllabus.html

Vezi daca te ajuta videoul asta: https://www.google.ro/url?sa=t&source=web&rct=j&url=%23&ved=0ahUKEwjr_vbW5NLYAhUSbVAKHSA1Ds4QwqsBCC8wAw&usg=AOvVaw0VTJzWxrN8ZFOD4xbU2nov

If You're Not Paying For It, You Become The Product

Sau pui linkul asta: https://hosts-file.net/emd.txt In scriptul asta logarytm/adaway.py la variabila default_host_sources Pagina de git pt adaway este: https://github.com/logarytm/adaway.py