Jump to content

Massaro

Active Members
  • Posts

    194
  • Joined

  • Last visited

  • Days Won

    7

Massaro last won the day on November 24 2022

Massaro had the most liked content!

Reputation

170 Excellent

About Massaro

  • Rank
    Registered user
    Contributor

Recent Profile Visitors

6013 profile views
  1. Hai, ma, ce problema ai :))))) Bucura-te ca nu-ti arata Romania, sa stie aia ca esti cigany :)))))) Nu erai conectat si de aia nu aveai reclamele la care sperai
  2. adaugi pp dupa youtube(pp).com/restu_linkului
  3. @Nytro daca tot e deschis topicul: e normal sa isi dea refresh pagina dupa ce dau un like la o postare? gen daca dau like la primul post si is multe posturi pe pagina si eu dau scroll rpd in jos dupa like, isi da refresh la postul la care am dat like
  4. Massaro

    simple-regex

    Tocmai ce am dat de el. N-am putut invata regex veac, o sa ma folosesc de asta momentan. https://simple-regex.com
  5. makestrongpassword.com’s server IP address could not be found.
  6. Asa cum e indicat si aici, eu il pun in spate la un VPN. Blocat pt public prin Firewall, lasat doar Private si pt Domain. Daca cineva vrea sa faca pasii de mai sus pe PC-ul propriu din whatever reason, sa ajungeti la Group Policy folositi "gpedit.msc", "GPMC.MSC" e doar pentru servere care au AD (sunt Domain Controllers).
  7. Salut, cred ca a mai intrebat cineva: sunt sanse sa se salveze prezentarile? Sunt la munca pana la 17:00, iar unele prezentari sunt appealing.
  8. Lucrez la o firma micuta, dar in dezvoltare, vindem lucruri fizice, nu suntem cu software sau ceva, eu ma ocup de tot ce tine de partea de IT, iar recent am cumparat un server pe care rulam Windows Server. Momentan tot ce folosim e AD, DHCP, VPN, un DNS si am pus si un server de SAGA pe el. La vara sunt sponsorizat din partea firmei cu un curs in care sa-mi dezvolt cunostintele. Sa ajung sa pot securiza serverul cat de cat si sa cam stiu cu ce se mananca in parte. Ce cursuri, tips and tricks pentru un incepator imi recomandati?
  9. Am lucrat la ceva de genul care functiona pe atunci. Cam acum 2 ani: faceai o mizerie de server unde le puneai binduri playerilor pe toate tastele (bind "k" "connect slo.boz" ca si exemplu), nu puneai direct connect cand intrau pe server. Sunt curios daca au blocat cum au facut-o, au bagat-o la comanda de slowhacking? Mergea pe atunci, cum am mai spus. Redirecte pe zi, nu stiu, erau peste 1000 oricum. Se merita. Era lejera toata treaba, facut si web.
  10. Earlier this year, Citizen Lab managed to capture an NSO iMessage-based zero-click exploit being used to target a Saudi activist. In this two-part blog post series we will describe for the first time how an in-the-wild zero-click iMessage exploit works. Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we've ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states. E mult de citit. Sursa aici.
  11. Massaro

    CVE trends

    CVE Trends - crowdsourced CVE intel "Hi, my name's Simon, and I wanted a way to monitor trending CVEs on Twitter. So I built CVE Trends; it collates real-time information about tweeted CVEs. CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs. If you have any questions, suggestions, or feedback then please reach out to me on Twiter @SimonByte or via my website: SJBell.com."
  12. Researchers have unearthed a new remote access trojan (RAT) for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said. The Dutch cybersecurity firm said it found samples of the RAT on several online stores, including an unnamed country's largest outlet. CronRAT's standout feature is its ability to leverage the cron job-scheduler utility for Unix to hide malicious payloads using task names programmed to execute on February 31st. Not only does this allow the malware to evade detection from security software, but it also enables it to launch an array of attack commands that could put Linux eCommerce servers at risk. "The CronRAT adds a number of tasks to crontab with a curious date specification: 52 23 31 2 3," the researchers explained. "These lines are syntactically valid, but would generate a run time error when executed. However, this will never happen as they are scheduled to run on February 31st." The RAT — a "sophisticated Bash program" — also uses many levels of obfuscation to make analysis difficult, such as placing code behind encoding and compression barriers, and implementing a custom binary protocol with random checksums to slip past firewalls and packet inspectors, before establishing communications with a remote control server to await further instructions. Armed with this backdoor access, the attackers associated with CronRAT can run any code on the compromised system, the researchers noted. "Digital skimming is moving from the browser to the server and this is yet another example," Sansec's Director of Threat Research, Willem de Groot, said. "Most online stores have only implemented browser-based defenses, and criminals capitalize on the unprotected back-end. Security professionals should really consider the full attack surface." CronRAT: A New Linux Malware That's Scheduled to Run on February 31st (thehackernews.com)
  13. Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain access to its Managed WordPress hosting environment on September 6 with the help of a compromised password, using it to obtain sensitive information pertaining to its customers. It's not immediately clear if the compromised password was secured with two-factor authentication. The Arizona-based company claims over 20 million customers, with more than 82 million domain names registered using its services. GoDaddy revealed it discovered the break-in on November 17. An investigation into the incident is ongoing and the company said it's "contacting all impacted customers directly with specific details." The following information is believed to have been accessed by the intruder — Email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress customers Original WordPress Admin password that was set at the time of provisioning was exposed sFTP and database usernames and passwords associated with its active customers, and SSL private keys for a subset of active customers GoDaddy said it's in the process of issuing and installing new certificates for the impacted customers. As a precautionary measure, the company also stated it has reset the affected passwords and it's bolstering its provisioning system with added security protections. According to Wordfence CEO Mark Maunder, "GoDaddy stored sFTP passwords in such a way that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords, or providing public key authentication, which are both industry best practices." While data breaches are no longer a sporadic occurrence, the exposure of email addresses and passwords presents risk of phishing attacks, not to mention enable the attackers to breach the vulnerable WordPress sites to upload malware and access other personally identifiable information stored in them. "On sites where the SSL private key was exposed, it could be possible for an attacker to decrypt traffic using the stolen SSL private key, provided they could successfully perform a man-in-the-middle (MITM) attack that intercepts encrypted traffic between a site visitor and an affected site," Maunder said. sursa: GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data (thehackernews.com)
×
×
  • Create New...