Dragos

Nu exista un standard pentru cum sa faci query la o baza de date si sa-ti afiseze JSON-uri. Fiecare site are logica lui pentru generarea JSON-urilor in functie de ce au ei nevoie. Incearca urmatoarele: vezi daca poti sa parcurgi JSON-ul dintr-o pagina principala care iti afiseaza toate ID-urile evenimentelor si care poate ofera paginare vezi documentatia de la aplicatie, poate exista vreo metoda pe care nu ai gasit-o pentru query vezi daca aplicatia nu poate cumva sa-ti trimita tie evenimentele la X timp catre un endpoint de-al tau incearca sa contactezi service provider-ul / creatorul aplicatiei sa vezi care ar fi cea mai buna optiune pentru parcurgerea evenimentelor

GDPR? Banned + locked

Trebuie sa gasesti ceva ce poate sa genereze venit pasiv si sa-l implementezi la nivel de securitate cibernetica, de exemplu bloguri/vloguri/social media in care sa integrezi reclame sau vanzare de aplicatii/cursuri (sau sa fii intermediar sau reseller pentru Romania pentru companii mari). Greu nu e, dar trebuie sa-ti dedici timp sa gasesti ceva ce nu e supra exploatat pe piata din Romania sau pe piata pe care vrei sa o targetezi.

Intrebare, ce faci mai exact de ai nevoie de atata monitorizare? Si eu lucrez ca sysadmin (Okta+AD), am loguri generate despre mine (ce am instalat, ce rulez pe calculator, timestamp-uri, alerte daca fac prostii gen sa modific hosts file) si la randul meu creez aplicatii care genereaza giga de loguri zilnice pentru ca lucrez cu date HIPAA. Dar monitorizare la nivel de actiune (screen grabbing, keylogging, etc.) e la alt nivel. Faci ceva in mod special cu datele? Lucrezi hybrid? Esti pe pozitie entry level sau nu au incredere in tine?

Sa adaug la ce a zis gigiRoman, iti instalezi Fiddler pe calculator, configurezi cu ce trebuie si dupa pe telefon te conectezi pe wi-fi pe aceeasi retea cu calculatorul si iti pui datele de la calculator pentru proxy. https://docs.telerik.com/fiddler/configure-fiddler/tasks/configureforios https://www.telerik.com/blogs/how-to-capture-android-traffic-with-fiddler

Salut si bine ai revenit.

Poti incerca https://fingerprint.com/products/bot-detection/.

Depinde foarte mult ce intelegi prin hartuire. Daca e doxxing, poze furate din telefon, amenintari, etc., mergi la politie si fa plangere. Sunt si ONG-uri care te pot ajuta. Instagram are si un articol sa-i ajute pe politisti https://www.facebook.com/help/instagram/494561080557017. Daca doar te streseaza cu mesaje aiurea sau se ia de tine fara motiv, blocheaza-l.

Ori incerci sa recreezi adresa aia de email si sa-ti recuperezi contul, ori gasesti invitatie la cineva.

This topic is 10 years old.

Pe ce nisa sunt blog-urile? Ce ai nevoie mai exact pentru administrare? Cat timp ai nevoie sa fie administrate?

One by one. Use youtube-dl or other similar tools.

Nu trebuie neaparat sa incalce o anumita lege, poate sa-i justifice prin declaratia unica cum fac youtuberii, PFA sau altele, asta in cazul in care ofera ceva la schimb in urma "donatiilor". Daca nu ofera nimic la schimb, donatia e considerata donatie si din cate stiu, nu se poate impozita.

Primesti certificat de nastere nou la schimbarea numelui, cel putin in anumite cazuri. In cazul unui apropiat, a primit certificat de nastere nou dupa ce a luat numele de familie al tatalui adoptiv, chit ca are peste 18 ani.

Pai cand isi striga cineva copiii la masa, te duci si tu cu ei? Iti trebuie motiv concret sa iti schimbi numele, primaria TM are un ghid destul de ok.

Ai ban prin htaccess https://htaccessbook.com/block-ip-address/

S-au pus pe treaba rusii sa readuca la viata Emotet si sa dea cu flood la dusmani.

Ultima data era cineva de la Mediafax care manage-uia feed-ul. Tot Yahoo-ul Romania e facut pe pile, nu are treaba support-ul.

Am incarcat pe Github mare parte din challenge-uri. O sa updatam repository-ul in functie de cum primim sursele. Crypto Coliziune https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/crypto/coliziune Hash-uri https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/crypto/hash-uri Forensics Forensics VM https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/forensics/forensics-vm Miscellaneous Apelul interceptat https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/apelul-interceptat Discutii https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/discutii Forum https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/forum Networking Bruteforce https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/networking/bruteforce Pwn Boferk https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/pwn/boferk PWN Windows https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/pwn/pwn-windows Reversing Shellcode https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/shellcode Crack me https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/crack-me Pop-up https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/pop-up Stegano Steago https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/stegano/steago Web RST Coin https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/rst-coin API securizat https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/api-securizat Simple Admin Panel https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/simple-admin-panel Turnament https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/turnament DNS lookup https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/dns-lookup Eat safe https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/eat-safe Inception https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/inception Pastebin https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/pastebin Link https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/link

Daca s-ar sparge usor conturile de Steam, compania n-ar mai fi colosul care e astazi. Vorbeste cu prietenul tau sa ajungeti la o intelegere. Daca nu reusesti, contacteaza support-ul de la Steam sa vezi ce poti rezolva.

Stock goes brrrrr https://www.marketwatch.com/story/okta-shares-fall-9-6-as-fallout-from-data-breach-continues-271648047367?mod=mw_quote_news

Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment. A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement. "We will provide updates as more information becomes available," he added. The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was "ONLY on Okta customers." Security experts told Reuters the screenshots appeared to be authentic. "I definitely do believe it is credible," said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta's internal tickets and its in-house chat on the Slack messaging app. Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be "very vigilant right now." In an email, Tentler added, "There are timestamps and dates visible in the screenshots indicating January 21st of this year, which suggests they may have had access for two months." Sursa: https://edition.cnn.com/2022/03/22/tech/okta-report-of-breach/index.html Screenshot-uri: https://twitter.com/billdemirkapi/status/1506107157124722690

Trebuie sa se alinieze astrele ca sa poata fi folosita vulnerabilitatea. Mare parte din aplicatiile care genereaza PDF-uri iau totul din baza de date. Singura chestie unde as vedea asta e intr-o aplicatie care iti pune semnatura pe un PDF existent generat tot prin dompdf, asta in cazul in care cine a facut aplicatia nu a stiut sa puna validare pe input, macar ceva de genul ^[a-zA-Z -]{6,50}$ O alternativa buna, folosita, testata la dompdf e tcpdf. Face minuni pe shared hosting.

Sa adaug la ce a zis @SirGod, AI-ul de la Chess.com e propriu si are feed zilnic sa invete din miile de jocuri jucate pe platforma. Stie sa se uite in functie de ELO si sa inteleaga daca o mutare a fost smart (!!) sau daca a fost blunder (?!). Iti trebuie un AI caruia sa-i dai sute de mii, poate milioane de jocuri ca sa ajunga la acelasi nivel. E un proiect de lunga durata si pe o nisa deja saturata de chess.com, aimchess si celelalte copii. Nu are cine sa-ti fure ideea pentru ca e riscanta si cu profit de abia in cativa ani. Plus, daca vrei sa-l promovezi, trebuie sa aduci FMi/IMi/GMi care sa joace. Si de ce sa joace la tine pe site daca e deja chess.com unde sunt deja toti, are parteneriat cu FIDE si ofera cam tot ce se poate?

Cand un user uploadeaza o poza, poti sa pui in baza de date sau in fisierul text ce nume i s-a generat la poza. Trebuie sa mentii o legatura ce user are ce poza.