Jump to content

Dragos

Moderators
  • Posts

    2652
  • Joined

  • Last visited

  • Days Won

    72

Everything posted by Dragos

  1. Dragos

    Buna ziua

    Salut si bine ai revenit.
  2. Poti incerca https://fingerprint.com/products/bot-detection/.
  3. Depinde foarte mult ce intelegi prin hartuire. Daca e doxxing, poze furate din telefon, amenintari, etc., mergi la politie si fa plangere. Sunt si ONG-uri care te pot ajuta. Instagram are si un articol sa-i ajute pe politisti https://www.facebook.com/help/instagram/494561080557017. Daca doar te streseaza cu mesaje aiurea sau se ia de tine fara motiv, blocheaza-l.
  4. Ori incerci sa recreezi adresa aia de email si sa-ti recuperezi contul, ori gasesti invitatie la cineva.
  5. Pe ce nisa sunt blog-urile? Ce ai nevoie mai exact pentru administrare? Cat timp ai nevoie sa fie administrate?
  6. One by one. Use youtube-dl or other similar tools.
  7. Nu trebuie neaparat sa incalce o anumita lege, poate sa-i justifice prin declaratia unica cum fac youtuberii, PFA sau altele, asta in cazul in care ofera ceva la schimb in urma "donatiilor". Daca nu ofera nimic la schimb, donatia e considerata donatie si din cate stiu, nu se poate impozita.
  8. Primesti certificat de nastere nou la schimbarea numelui, cel putin in anumite cazuri. In cazul unui apropiat, a primit certificat de nastere nou dupa ce a luat numele de familie al tatalui adoptiv, chit ca are peste 18 ani.
  9. Pai cand isi striga cineva copiii la masa, te duci si tu cu ei? Iti trebuie motiv concret sa iti schimbi numele, primaria TM are un ghid destul de ok.
  10. Ai ban prin htaccess https://htaccessbook.com/block-ip-address/
  11. Ultima data era cineva de la Mediafax care manage-uia feed-ul. Tot Yahoo-ul Romania e facut pe pile, nu are treaba support-ul.
  12. Am incarcat pe Github mare parte din challenge-uri. O sa updatam repository-ul in functie de cum primim sursele. Crypto Coliziune https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/crypto/coliziune Hash-uri https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/crypto/hash-uri Forensics Forensics VM https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/forensics/forensics-vm Miscellaneous Apelul interceptat https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/apelul-interceptat Discutii https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/discutii Forum https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/miscellaneous/forum Networking Bruteforce https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/networking/bruteforce Pwn Boferk https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/pwn/boferk PWN Windows https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/pwn/pwn-windows Reversing Shellcode https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/shellcode Crack me https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/crack-me Pop-up https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/reversing/pop-up Stegano Steago https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/stegano/steago Web RST Coin https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/rst-coin API securizat https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/api-securizat Simple Admin Panel https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/simple-admin-panel Turnament https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/turnament DNS lookup https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/dns-lookup Eat safe https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/eat-safe Inception https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/inception Pastebin https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/pastebin Link https://github.com/RSTCon/rstcon-ctf-II-challenges/tree/main/web/link
  13. Daca s-ar sparge usor conturile de Steam, compania n-ar mai fi colosul care e astazi. Vorbeste cu prietenul tau sa ajungeti la o intelegere. Daca nu reusesti, contacteaza support-ul de la Steam sa vezi ce poti rezolva.
  14. Stock goes brrrrr https://www.marketwatch.com/story/okta-shares-fall-9-6-as-fallout-from-data-breach-continues-271648047367?mod=mw_quote_news
  15. Authentication services provider Okta Inc is investigating a report of a digital breach, the company said on Tuesday, after hackers posted screenshots showing what they claimed was its internal company environment. A hack at Okta could have major consequences because thousands of other companies rely on the San Francisco-based firm to manage access to their own networks and applications. The company was aware of the reports and was investigating, Okta official Chris Hollis said in a brief statement. "We will provide updates as more information becomes available," he added. The screenshots were posted by a group of ransom-seeking hackers known as LAPSUS$ on their Telegram channel late on Monday. In an accompanying message, the group said its focus was "ONLY on Okta customers." Security experts told Reuters the screenshots appeared to be authentic. "I definitely do believe it is credible," said independent security researcher Bill Demirkapi, citing pictures of what appeared to be Okta's internal tickets and its in-house chat on the Slack messaging app. Dan Tentler, the founder of cybersecurity consultancy Phobos Group, said he too believed the breach was real and urged Okta customers to be "very vigilant right now." In an email, Tentler added, "There are timestamps and dates visible in the screenshots indicating January 21st of this year, which suggests they may have had access for two months." Sursa: https://edition.cnn.com/2022/03/22/tech/okta-report-of-breach/index.html Screenshot-uri: https://twitter.com/billdemirkapi/status/1506107157124722690
  16. Trebuie sa se alinieze astrele ca sa poata fi folosita vulnerabilitatea. Mare parte din aplicatiile care genereaza PDF-uri iau totul din baza de date. Singura chestie unde as vedea asta e intr-o aplicatie care iti pune semnatura pe un PDF existent generat tot prin dompdf, asta in cazul in care cine a facut aplicatia nu a stiut sa puna validare pe input, macar ceva de genul ^[a-zA-Z -]{6,50}$ O alternativa buna, folosita, testata la dompdf e tcpdf. Face minuni pe shared hosting.
  17. Sa adaug la ce a zis @SirGod, AI-ul de la Chess.com e propriu si are feed zilnic sa invete din miile de jocuri jucate pe platforma. Stie sa se uite in functie de ELO si sa inteleaga daca o mutare a fost smart (!!) sau daca a fost blunder (?!). Iti trebuie un AI caruia sa-i dai sute de mii, poate milioane de jocuri ca sa ajunga la acelasi nivel. E un proiect de lunga durata si pe o nisa deja saturata de chess.com, aimchess si celelalte copii. Nu are cine sa-ti fure ideea pentru ca e riscanta si cu profit de abia in cativa ani. Plus, daca vrei sa-l promovezi, trebuie sa aduci FMi/IMi/GMi care sa joace. Si de ce sa joace la tine pe site daca e deja chess.com unde sunt deja toti, are parteneriat cu FIDE si ofera cam tot ce se poate?
  18. Cand un user uploadeaza o poza, poti sa pui in baza de date sau in fisierul text ce nume i s-a generat la poza. Trebuie sa mentii o legatura ce user are ce poza.
  19. Iti trebuie o ancora/legatura, ce user are ce poza. De exemplu, in fisierul tau text, poti sa ai ceva de genul Georgescu|Marcel|Bucuresti|poza1.jpg Popescu|Vasile|Cluj-Napoca|poza2.jpg Mateescu|Cornel|Constanta|poza3.jpg Pozele sunt salvate in folderul uploads, ca sa le afisezi poti avea ceva de genul <div class="table-responsive"> <table class="table table-hover table-dark"> <thead> <tr> <th scope="col">Nume</th> <th scope="col">Prenume</th> <th scope="col">Adresa</th> </tr> </thead> <tbody> <?php if(file_exists("log.txt")) { $bin = file_get_contents("log.txt"); $bin = explode("\n", $bin); foreach($bin as $bins) { $bins = explode("|", $bins); echo "<tr><td>$bins[0]</td><td>$bins[1]</td><td>$bins[2]</td><img src='uploads/$bins[3]'></td></tr>"; } }else{ echo "<tr><td colspan='4'>Oops :(</td></tr>"; } ?> </tbody> </table> </div>
  20. Ce incerci sa faci mai exact? Scriptul listeaza datele intr-un tabel. Cum sunt datele astea legate de pozele din upload? Ai vreun identificator comun?
  21. Retea de calculatoare pe care o poti folosi sa faci anumite lucruri, gen DDOS. https://en.wikipedia.org/wiki/Botnet
  22. Se cam da cap in cap cu ce s-a intamplat pana acum. In mare parte se intampla asta cu ordin judecatoresc. Adica un dump de date, la ce ii ajuta fara cheia de decriptare? Metadate, se dadeau si pana acum cu ordin judecatoresc. Tot ce misca pe internet are o adresa IP, explicatia e de genul celui de la bacalaureat in care trebuie sa infloresti fraza sa aiba un numar de cuvinte. Accesul la sistemele informatice pentru a copia sau extrage datele existente se da cap in cap cu GDPR si e o chestie cam ofensiva pentru companii. Adica cere prin ordin judecatoresc si ti se va da, nu ai de ce sa primesti tu Gigel de la SRI/politie/DIICOT un acces pe server sa copiezi chestii de munca si chestii de la altii "in caz ca" (sau poate sa si adaugi ca cine ti-a dat accesul nu s-a uitat sa-ti dea read-only si simti datoria sa instalezi si un honeypot ca daca tot ai acces).
×
×
  • Create New...