Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


Usr6 last won the day on October 15

Usr6 had the most liked content!

Community Reputation

1932 Excellent


About Usr6

  • Rank
    Registered user
  • Birthday 01/01/19

Profile Information

  • Gender


  • Interests
    Malware Analysis, Software Testing, Reverse , etc.

Recent Profile Visitors

3288 profile views
  1. Cyber Security Base

    Cyber Security Base with F-Secure is a free course series by University of Helsinki in collaboration with F-Secure Cyber Security Academy that focuses on building core knowledge and abilities related to the work of a cyber security professional. About the Course Series The course series consists of multiple smaller courses, each with a specific theme. Themes include a brief introduction to cyber security, operational security, web software development, types of vulnerabilities typical of web software, discovery and mitigation of such vulnerabilities, and advanced topics such as secure software architectures and cryptography. There will be several case studies as well as projects for participants. At the end of the course series, we'll also organize a friendly competition where participants get to find and fix vulnerabilities within a limited time frame. The course will launch on 31st of October, 2017. More information at: mooc.fi. The material for the last year's course is still available here. Leave us your email and we will send you updates about Cyber Security Base with F‑Secure https://cybersecuritybase.github.io/
  2. http://www.openvim.com/
  3. Fun with secrets

    Security in computer science is a huge point every individual and company. Communications (either between humans or human-network or whichever online communication) are susceptible to be sniffed or manipulated. For example, using http instead of https is insecure (sometimes even tagged by your browser as untrustful) as information that goes through it is not encrypted and someone is able to impersonate your accounts with the collected data. This is why https everywhere and privacy badger are recommended for secure browsing. But when we say "encrypt", what are we referring to? Back in the days when computers weren't a thing, cryptography already existed. Maths has always been there to protect our communications. Sometimes it was a letter, sometimes it was a note or a messenger, but there were tons of witty ways of hiding messages. For example, the "monoalphabetic substitution system" is a bijective application e: A -> A Being A an alphabet an A* the chain aggregation over A with arbitrary length: e: A* -> A*, [e(X0 X1 ...) = e(X0) e(X1)...] An example of this is the Cesar cipher. This consist on cyclic displacement to the right, mathematically (with displacement = +3): e: Z23 -> Z23, [e(x) = x+3 (mod 23)] Note it's Z23 because Roman alphabet length = 23. Unfortunately this method (that you might have used as a kid to pass notes) has a huge security hole: letters Periodicity Analysis. Let me explain myself. Every language has an already study that shows the periodicity a letter appears in such language. Even if the letters are mixed, if we take this numbers (in English, for example, most used letters are E or T) we can guess the message. There's a similar cipher version called "Polyalphabetic substitution system". This system uses a keyword to cipher all the message. (It's like repeating monoalphabetic many times). Let me show you an example: our keyword is TUX and our message is HELP ME OBI WAN KENOBI We have our alphabet tagged with numbers, like this: A B C ... X Y Z 1 2 3 ... 23 24 25 So TUX is equal to 19,20,23 And HELP ME OBI WAN KENOBI is equal to 7,4,11,15,12,4,14,1,8,22,0,13,10,4,13,14,1,8 Now we set the numbers in TUX in the message, like this: H E L P M E O B I W A N K E N O B I T U X T U X T U X T U X T U X T U X 19 20 23 19 20 23 19 20 23 19 20 23 19 20 23 19 20 23 And now we add the value setted to the original value (in mod 25). H E ... B I 7 + 19 4 + 20 ... 1 + 20 8 + 23 A Y ... V F And so HELPMEOBIWANKENOBI = AYIIGBHVFPUKDYKHVF This system is a little bit more complex but also vulnerable to periodicity analysis if we know the keyword length. We also have Hill cipher, which consist in matrix cipher. For example, we can cipher the word MATH, using the key matrix = ([32],[15]) M,A = ([12],[0]) in the alphabet T,H = ([10],[7]) ([32],[15])([12],[0]) = ([0],[12]) ([32],[15])([10],[7]) = ([71],[54]) = ([35][18]) **in mod 36 (alphanumeric)** So MATH = AM95 This system is way more secure than the others. There's also the so called transposition systems in which consist in changing the letters order (the periodicity analysis also fails here). For example: This lasts were very used in the WW2, alongside One-time-pad and notebooks ciphers. In general, there are certain rules a cryptosystem must follow. For example, the secret must be hidden with the algorithm and the power of this algorithm is in it's form, not the way the algorithm is hidden to the public. (This is the main problem some users have with privative cryptography). Most of the mathematical rules can be found in Communication theory of secrecy systems , a study by C.E. Shannon about the matter. Current ciphering works in bits, not letters, and latests cryptography studies are developing quantum cryptography, for the upcoming of quantum computers. This could mean a complete chaos for regular computer cryptography, and we shall be on guard! On the mean time we can keep writing love notes and letter in basic cryptography. It is said that it worked with Don Juan , who made a woman fall in love with him after he deciphers a message she cipher with Vigenere. Sursa: https://dev.to/terceranexus6/fun-with-secrets-2p3
  4. There is no pre-established order of items in each category, the order is for contribution. If you want to contribute, please read the guide. Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Return Oriented Programming Windows memory protections Bypassing filter and protections Typical windows exploits Exploit development tutorial series Corelan Team Fuzzysecurity Securitysift Whitehatters Academy TheSprawl Expdev-Kiuhnm Tools Windows stack overflows Stack Base Overflow Articles. Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] Stack Smashing as of Today - by Hagen Fritsch [2009] SMASHING C++ VPTRS - by rix [2000] Windows heap overflows Heap Base Overflow Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Exploiting the MSRPC Heap Overflow Part 1 - by Dave Aitel (MS03-026) [September 2003] Exploiting the MSRPC Heap Overflow Part 2 - by Dave Aitel (MS03-026) [September 2003] Windows heap overflow penetration in black hat - by David Litchfield [2004] Glibc Adventures: The Forgotten Chunk - by François Goichon [2015] Pseudomonarchia jemallocum - by argp & huku The House Of Lore: Reloaded - by blackngel [2010] Malloc Des-Maleficarum - by blackngel [2009] free() exploitation technique - by huku Understanding the heap by breaking it - by Justin N. Ferguson [2007] The use of set_head to defeat the wilderness - by g463 The Malloc Maleficarum - by Phantasmal Phantasmagoria [2005] Exploiting The Wilderness - by Phantasmal Phantasmagoria [2004] Advanced Doug lea's malloc exploits - by jp Kernel based Windows overflows Kernel Base Exploit Development Articles. How to attack kernel based vulns on windows was done - by a Polish group called “sec-labs” [2003] Sec-lab old whitepaper Sec-lab old exploit Windows Local Kernel Exploitation (based on sec-lab research) - by S.K Chong [2004] How to exploit Windows kernel memory pool - by SoBeIt [2005] Exploiting remote kernel overflows in windows - by Eeye Security Kernel-mode Payloads on Windows in uninformed - by Matt Miller Exploiting 802.11 Wireless Driver Vulnerabilities on Windows BH US 2007 Attacking the Windows Kernel Remote and Local Exploitation of Network Drivers Exploiting Comon Flaws In Drivers I2OMGMT Driver Impersonation Attack Real World Kernel Pool Exploitation Exploit for windows 2k3 and 2k8 Alyzing local privilege escalations in win32k Intro to Windows Kernel Security Development There’s a party at ring0 and you’re invited Windows kernel vulnerability exploitation A New CVE-2015-0057 Exploit Technology - by Yu Wang [2016] Exploiting CVE-2014-4113 on Windows 8.1 - by Moritz Jodeit [2016] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Windows Kernel Exploitation - by Simone Cardona 2016 Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects - by Saif Sherei 2017 Windows Kernel Exploitation : This Time Font hunt you down in 4 bytes - by keen team [2015] Abusing GDI for ring0 exploit primitives - [2016] Windows Kernel Memory Corruption Windows Kernel Memory Corruption Exploit Development Articles. Remote Windows Kernel Exploitation - by Barnaby Jack [2005] windows kernel-mode payload fundamentals - by Skape [2006] exploiting 802.11 wireless driver vulnerabilities on windows - by Johnny Cache, H D Moore, skape [2007] Kernel Pool Exploitation on Windows 7 - by Tarjei Mandt [2011] Windows Kernel-mode GS Cookies and 1 bit of entropy - [2011] Subtle information disclosure in WIN32K.SYS syscall return values - [2011] nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques - [2011] SMEP: What is it, and how to beat it on Windows - [2011] Kernel Attacks through User-Mode Callbacks - by Tarjei Mandt [2011] Windows Security Hardening Through Kernel Address Protection - by Mateusz "j00ru" Jurczyk [2011] Reversing Windows8: Interesting Features of Kernel Security - by MJ0011 [2012] Smashing The Atom: Extraordinary String Based Attacks - by Tarjei Mandt [2012] Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012] Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement - by MJ0011 [2012] MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit - [2013] KASLR Bypass Mitigations in Windows 8.1 - [2013] First Dip Into the Kernel Pool: MS10-058 - by Jeremy [2014] Windows 8 Kernel Memory Protections Bypass - [2014] An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - by Weimin Wu [2014] Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool - [2014] Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit - by Aaron Adams [2015] Exploiting MS15-061 Microsoft Windows Kernel Use-After-Free (win32k!xxxSetClassLong) - by Dominic Wang [2015] Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit - by Cedric Halbronn [2015] Abusing GDI for ring0 exploit primitives - by Diego Juarez [2015] Duqu 2.0 Win32k exploit analysis - [2015] Return Oriented Programming The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls Blind return-oriented programming Sigreturn-oriented Programming Jump-Oriented Programming: A New Class of Code-Reuse Attack Out of control: Overcoming control-flow integrity ROP is Still Dangerous: Breaking Modern Defenses Loop-Oriented Programming(LOP): A New Code Reuse Attack to Bypass Modern Defenses - by Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng [2015] Systematic Analysis of Defenses Against Return-Oriented Programming -by R. Skowyra, K. Casteel, H. Okhravi, N. Zeldovich, and W. Streilein [2013] Return-oriented programming without returns -by S.Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy [2010] Jump-oriented programming: a new class of code-reuse attack -by T. K. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang [2011] Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection - by L. Davi, A. Sadeghi, and D. Lehmann [2014] Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard - by E. Göktas, E.Athanasopoulos, M. Polychronakis, H. Bos, and G.Portokalidis [2014] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 1 - by Marco Mastropaolo [2005] Buffer overflow attacks bypassing DEP (NX/XD bits) – part 2 - by Marco Mastropaolo [2005] Practical Rop - by Dino Dai Zovi [2010] Exploitation with WriteProcessMemory - by Spencer Pratt [2010] Exploitation techniques and mitigations on Windows - by skape A little return oriented exploitation on Windows x86 – Part 1 - by Harmony Security and Stephen Fewer [2010] A little return oriented exploitation on Windows x86 – Part 2 - by Harmony Security and Stephen Fewer [2010] Windows memory protections Windows memory protections Introduction Articles. Data Execution Prevention /GS (Buffer Security Check) /SAFESEH ASLR SEHOP Bypassing filter and protections Windows memory protections Bypass Methods Articles. Third Generation Exploitation smashing heap on 2k - by Halvar Flake [2002] Creating Arbitrary Shellcode In Unicode Expanded Strings - by Chris Anley Advanced windows exploitation - by Dave Aitel [2003] Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server - by David Litchfield Reliable heap exploits and after that Windows Heap Exploitation (Win2KSP0 through WinXPSP2) - by Matt Conover in cansecwest 2004 Safely Searching Process Virtual Address Space - by Matt Miller [2004] IE exploit and used a technology called Heap Spray Bypassing hardware-enforced DEP - by Skape (Matt Miller) and Skywing (Ken Johnson) [October 2005] Exploiting Freelist[0] On XP Service Pack 2 - by Brett Moore [2005] Kernel-mode Payloads on Windows in uninformed Exploiting 802.11 Wireless Driver Vulnerabilities on Windows Exploiting Comon Flaws In Drivers Heap Feng Shui in JavaScript by Alexander sotirov [2007] Understanding and bypassing Windows Heap Protection - by Nicolas Waisman [2007] Heaps About Heaps - by Brett moore [2008] Bypassing browser memory protections in Windows Vista - by Mark Dowd and Alex Sotirov [2008] Attacking the Vista Heap - by ben hawkes [2008] Return oriented programming Exploitation without Code Injection - by Hovav Shacham (and others ) [2008] Token Kidnapping and a super reliable exploit for windows 2k3 and 2k8 - by Cesar Cerrudo [2008] Defeating DEP Immunity Way - by Pablo Sole [2008] Practical Windows XP2003 Heap Exploitation - by John McDonald and Chris Valasek [2009] Bypassing SEHOP - by Stefan Le Berre Damien Cauquil [2009] Interpreter Exploitation : Pointer Inference and JIT Spraying - by Dionysus Blazakis[2010] Write-up of Pwn2Own 2010 - by Peter Vreugdenhil All in one 0day presented in rootedCON - by Ruben Santamarta [2010] DEP/ASLR bypass using 3rd party - by Shahin Ramezany [2013] Bypassing EMET 5.0 - by René Freingruber [2014] Typical windows exploits Real-world HW-DEP bypass Exploit - by Devcode Bypassing DEP by returning into HeapCreate - by Toto First public ASLR bypass exploit by using partial overwrite - by Skape Heap spray and bypassing DEP - by Skylined First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability Exploit codes of bypassing browsers memory protections PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d Old ms08-067 metasploit module multi-target and DEP bypass PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass SMBv2 Exploit - by Stephen Fewer Microsoft IIS 7.5 remote heap buffer overflow - by redpantz Browser Exploitation Case Study for Internet Explorer 11 - by Moritz Jodeit [2016] Exploit development tutorial series Exploid Development Tutorial Series Base on Windows Operation System Articles. Corelan Team Exploit writing tutorial part 1 : Stack Based Overflows Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode Exploit writing tutorial part 3 : SEH Based Exploits Exploit writing tutorial part 3b : SEH Based Exploits – just another example Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Exploit writing tutorial part 7 : Unicode – from 0x00410041 to calc Exploit writing tutorial part 8 : Win32 Egg Hunting Exploit writing tutorial part 9 : Introduction to Win32 shellcoding Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s Cube Exploit writing tutorial part 11 : Heap Spraying Demystified Fuzzysecurity Part 1: Introduction to Exploit Development Part 2: Saved Return Pointer Overflows Part 3: Structured Exception Handler (SEH) Part 4: Egg Hunters Part 5: Unicode 0x00410041 Part 6: Writing W32 shellcode Part 7: Return Oriented Programming Part 8: Spraying the Heap Chapter 1: Vanilla EIP Part 9: Spraying the Heap Chapter 2: Use-After-Free Part 10: Kernel Exploitation -> Stack Overflow Part 11: Kernel Exploitation -> Write-What-Where Part 12: Kernel Exploitation -> Null Pointer Dereference Part 13: Kernel Exploitation -> Uninitialized Stack Variable Part 14: Kernel Exploitation -> Integer Overflow Part 15: Kernel Exploitation -> UAF Part 16: Kernel Exploitation -> Pool Overflow Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit) Heap Overflows For Humans 101 Heap Overflows For Humans 102 Heap Overflows For Humans 102.5 Heap Overflows For Humans 103 Heap Overflows For Humans 103.5 Securitysift Windows Exploit Development – Part 1: The Basics Windows Exploit Development – Part 2: Intro to Stack Based Overflows Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Windows Exploit Development – Part 4: Locating Shellcode With Jumps Windows Exploit Development – Part 5: Locating Shellcode With Egghunting Windows Exploit Development – Part 6: SEH Exploits Windows Exploit Development – Part 7: Unicode Buffer Overflows Whitehatters Academy Intro to Windows kernel exploitation 1/N: Kernel Debugging Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver Intro to Windows kernel exploitation 3/N: My first Driver exploit Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver Backdoor 103: Fully Undetected Backdoor 102 Backdoor 101 TheSprawl corelan - integer overflows - exercise solution heap overflows for humans - 102 - exercise solution exploit exercises - protostar - final levels exploit exercises - protostar - network levels exploit exercises - protostar - heap levels exploit exercises - protostar - format string levels exploit exercises - protostar - stack levels open security training - introduction to software exploits - uninitialized variable overflow open security training - introduction to software exploits - off-by-one open security training - introduction to re - bomb lab secret phase open security training - introductory x86 - buffer overflow mystery box corelan - tutorial 10 - exercise solution corelan - tutorial 9 - exercise solution corelan - tutorial 7 - exercise solution getting from seh to nseh corelan - tutorial 3b - exercise solution Expdev-Kiuhnm WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 - Reverse Engineering IE Internet Explorer 10 - From one-byte-write to full process space read/write Internet Explorer 10 - God Mode (1) Internet Explorer 10 - God Mode (2) Internet Explorer 10 - Use-After-Free bug Internet Explorer 11 - Part 1 Internet Explorer 11 - Part 2 Tools Disassemblers, debuggers, and other static and dynamic analysis tools. angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab. BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework. Binary Ninja - Multiplatform binary analysis IDE supporting various types of binaries and architecturs. Scriptable via Python. binnavi - Binary analysis IDE for reverse engineering based on graph visualization. Bokken - GUI for Pyew and Radare. Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages. codebro - Web based code browser using clang to provide basic code analysis. dnSpy - .NET assembly editor, decompiler and debugger. Evan's Debugger (EDB) - A modular debugger with a Qt GUI. GDB - The GNU debugger. GEF - GDB Enhanced Features, for exploiters and reverse engineers. hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols. IDA Pro - Windows disassembler and debugger, with a free evaluation version. Immunity Debugger - Debugger for malware analysis and more, with a Python API. ltrace - Dynamic analysis for Linux executables. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands. pestudio - Perform static analysis of Windows executables. Process Monitor - Advanced monitoring tool for Windows programs. Pyew - Python tool for malware analysis. Radare2 - Reverse engineering framework, with debugger support. SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. strace - Dynamic analysis for Linux executables. Udis86 - Disassembler library and tool for x86 and x86_64. Vivisect - Python tool for malware analysis. X64dbg - An open-source x64/x32 debugger for windows. Sursa: https://github.com/enddo/awesome-windows-exploitation
  5. About 20 million CCTV cameras have been installed with AI technology in China Such technology can be used to identify a person's age, gender and clothes Police can track down criminals using facial recognition and their database China has installed over 20 million cutting-edge security cameras in what is believed to be the world's most advanced surveillance system. The camera system, facilitated with artificial intelligence technology, is part of the 'Sky Net' operation, which is China's anti-corruption programme mainly aimed to track down fugitives. Such technology can identify a pedestrian or a motorist, which can help policemen in their search for criminals. Video playing bottom right... China has launched AI-equipped security system on 20 millions cameras across the country The new technology can identify a person's age, gender and colour of clothes (left). It can also scan on vehicles and identify the types and colours (right) Video footage posted by China Central Television in a documentary today displays what a real-time CCTV captures on screen. It has then been shared and re-posted by the local media including k618.cn. A number of boxes pop up next to a person with details of their age, gender, and colour of the clothes The same technology can apply on vehicles as well, identifying the type of vehicles and its colour. K618.cn reported that the pedestrian-scanning function used computer vision technology to pinpoint passersby on the road. It allows GPS tracking and facial recognition to help policemen locate criminals on the loose. A signal will be alarmed to the police if the recognition matches any criminals in the database. It can provide gps tracking and facial recognition to help locating criminals on the loose China claimed to have the world's most advanced security system with 20 million CCTV cameras across the country Over 20 million CCTV cameras equipped with AI technology have been installed in China, crowning to be the world's most advanced surveillance system. Operation 'Sky Net' was launched in 2015 as the Chinese central government aimed to hunt for corrupt fugitive officials, crack down on underground banks and confiscate misappropriated assets, according to Bloomberg. It has now extended to catch fugitives in local community in different cities across China. In April, China has started to use facial recognition technology to catch jaywalkers in Shenzhen. Portraits of offenders will be uploaded to a LED screen displayed on the side of the road immediately. The new surveillance system had feared the citizens that the techonology was a use to monitor their daily lives. 'Why are there so many child abductors around if the Sky Net is really working?' wrote web user 'xianzaihe_89'. 'We don't have any privacy anymore under the watch of the Chinese government!' said web user 'neidacongmin' Sursa: http://www.dailymail.co.uk/news/article-4918342/China-installs-20-million-AI-equipped-street-cameras.html
  6. A group of AI experts from The University of Nottingham and Kingston University managed to create a new method by which two-dimensional images of faces can be converted into 3D using machine learning. The researchers trained a convolutional neural-network to perform the task by feeding it tons of data on people’s faces. From there it figured out how to guess what a new face looks like from an previously unseen pic, including parts that it can’t see in the photograph. The 3D computer vision project really has to be seen to be believed, and you can try it out in a nifty demo here. The website doesn’t really do the full technology justice, but it’s bloody cool. Members of the team, which consists of Aaron S. Jackson, Adrian Bulat, Vasileios Argyriou, and Georgios Tzimiropoulos, will be presenting their work next month at the International Conference on Computer Vision in Venice. Aaron Jackson told via email: "The website demonstrating it was a quick mashup over the course of a few evenings. I basically made it because I thought seeing yourself in 3D is fun. A lot of research in computer vision is hard to present in a fun way because it’s things like new methods for detecting points on a face." An artificial intelligence that can turn pictures into faces is the tip of the iceberg here. The implications go far beyond amusing technology journalists for hours at a time with a website. In reality computer vision is one of the most useful purposes for deep learning and we can’t wait to see what Jackson and his fellow developers do next. Sursa: https://safeum.com/blog/2738-this-ai-program-can-make-3d-face-models-from-a-selfie.html
  7. If you’re a target for either financially motivated cyber-criminals, or nation state grade attackers, chances are your security team feels outgunned — the bad guys have the time, the skills, and the resources to affect a data-breach, and they only have to succeed once, while your security team has to get it right every time. What if you could turn the tables on them? Deception technology excels at detecting these attacks by shifting the cognitive, economic and time costs of the attack back onto the attacker. The principles of deception have been around for years, and recently, they’ve become the secret weapon of purple teams and threat hunters worldwide. The good news is, you can get started seeing the benefits of deception for free using a plethora of open-source honeypots that you can deploy immediately. We’re firm believers that deception is so crucial to detecting lateral movement, uncovering privilege escalation, and building threat intelligence, that any deception, even old-school honeypots are valuable. Whenever we’re on the road, we make it a point to give a shout-out to some of these tools, and will happily help you plan how you can use them. For free, no strings attached. Just get in touch! Caveat Emptor: You get what you pay for — Some of these tools may no longer be supported, and will require leg-work to get going, but they’re a great way to get familiar with deception. They’re also emulations, not real systems, so don’t expect high-interaction activity. While we’ll offer friendly advice around how you can use them, we don’t officially support them. For more on planning effective deception, check out our strategy focused blog-posts: 10 Questions To Ask Your Deception Provider 7 Deadly Sins – How to Fail at Implementing Deception Network services Cowrie – Cowrie is an SSH honeypot based off an earlier favourite called Kippo. It will emulate an interactive SSH server with customisable responses to commands. Another alternative is HonSHH which sits between a real SSH server and the attacker, MiTMing the connection and logging all SSH communications. Dionaea is a multi-protocol honeypot that covers everything from FTP to SIP (VoIP attacks). Where it really excels is for SMB decoys. It can even simulate malware payload execution using LibEmu to analyse multi-part stagers. IOT (Internet of Things) decoys Honeything emulates the TR-069 WAN management protocol, as well as a RomPager web-server, with vulnerabilities. Other IoT decoys can be created by emulating embedded telnet / FTP servers, for example with BusyBox. SCADA/ICS decoys ConPot emulates a number of operational technology control systems infrastructure, including protocols like MODBUS, DNP3 and BACNET. It comes with a web-server that can emulate a SCADA HMI as well. GasPot emulates a Veeder Root Gaurdian AST that is commonly used for monitoring in the oil and gas industry. Database and NoSQL honeypots MongoDB-HoneyProxy emulates an insecure MongoDB database. Hackers regularly scan the interwebs looking for administrators who had an ‘oops moment’ and exposed their DB to the world. ElasticHoney emulates an ElasticSearch instance, and looks for attempted remote code execution. Credential honeypots and honeytokens DCEPT by Dell SecureWorks places deceptive credentials in Microsoft’s Active Directory. Canarytokens by the great guys at Thinkst let you place different types of decoy data across your systems, waiting for an attacker to trigger them. Honeyclients and malware analysis Thug is a ‘honeyclient’ that mimics the behaviour of a web-browser to analyse client-side exploits. It can be used to analyse dodgy links, determining whether they serve up malicious JavaScript, ActiveX or Flash components. It can download payload samples and integrates with VirusTotal to analyse what gets served. Cuckoo Sandbox is not really a honeypot, but it’s a great sandbox for malware analysis. You can safely and programmatically execute possible malware samples, including binaries, Microsoft Office documents and emails within a Cuckoo VM and receive a full report on what code executed, what file / registry changes were made, and what network callbacks were observed. Pair it with VMCloak to automatically build sandbox VM’s that are harder for malware to fingerprint. All-in-One Honeydrive is a GNU/Linux distribution that comes pre-installed with a lot of active defence capabilities. Consider it the anti-Kali. MHN combines Snort, Kippo, Dionaea and Conpot, and wraps them for easy installation and use. Setting up most of these in a lab should be a fairly simple weekend project for the seasoned security professional. You can then run red-team style attacks against them to figure out exactly what sort of telemetry you can expect. Finally, you can tweak the source to reduce how easily they can be fingerprinted (don’t forget to submit patches to the authors if you do). If you’d like to take the next step with professional deception technology, check out our IllusionBLACK platform by seeing a live demo. Sursa: https://www.smokescreen.io/practical-honeypots-a-list-of-open-source-deception-tools-that-detect-threats-for-free/
  8. Puteti incerca si Privazer http://privazer.com/
  9. Lecture 1 - Introduction to x86 Assembly Slides Presentation Lecture 2 - Reverse Engineering Machine Code Pt. 1 Slides Presentation Lecture 3 - Reverse Engineering Machine Code Pt. 2 Slides Presentation Lecture 4 - Reverse Engineering Machine Code Pt. 3 Slides Presentation Lecture 5 - Executable File Formats Slides Presentation Lecture 6 - Modern Vulnerability Exploitation: The Stack Overflow Slides Presentation Lecture 7 - Modern Vulnerability Exploitation: The Heap Overflow Slides Presentation Lecture 8 - Modern Vulnerability Exploitation: Shellcoding Slides Presentation Lecture 9 - Modern Vulnerability Exploitation: Format String Attacks Slides Presentation Sursa: https://codebreaker.ltsnet.net/resources
  10. Pentru tine nu:)) pentru cei noi: contine cate un pic din toate, chestii de baza cat sa intelegi despre ce e vorba intr-o discutie infosec, sa stii ce sa cauti pe google daca ai nevoie de help. Daca n-ai avut contact cu programarea inveti sa intelegi/modifici c/python, ce e aia o vulnerabilitate, cum functioneaza un exploit, un xss, cu exemple, explicatii si etc. Mie mi s-a parut destul de ok realizat cursul si il recomand tuturor celor preocupati de domeniul it indiferent daca vor sa-si faca o cariera in infosec sau nu
  11. https://www.elearnsecurity.com/affiliate/redeem?code=ONM-FEW
  12. If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised. CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance. Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month. This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide. Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware. Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker's remote command-and-control servers. Moreover, the unknown hackers signed the malicious installation executable (v5.33) using a valid digital signature issued to Piriform by Symantec and used Domain Generation Algorithm (DGA), so that if attackers' server went down, the DGA could generate new domains to receive and send stolen information. "All of the collected information was encrypted and encoded by base64 with a custom alphabet," says Paul Yung, V.P. of Products at Piriform. "The encoded information was subsequently submitted to an external IP address 216.126.x.x (this address was hardcoded in the payload, and we have intentionally masked its last two octets here) via a HTTPS POST request." The malicious software was programmed to collect a large number of user data, including: Computer name List of installed software, including Windows updates List of all running processes IP and MAC addresses Additional information like whether the process is running with admin privileges and whether it is a 64-bit system. According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app. "The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week," Talos said. However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation. Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. The latest version is available for download here. Sursa: http://thehackernews.com/2017/09/ccleaner-hacked-malware.html
  13. A few hours ago a cryptocurrency miner appeared on The Pirate Bay website, using the computer resources of visitors to mine Monero coins. The operators of The Pirate Bay are testing it as a new way to generate revenue, but many users aren't happy. Four years ago many popular torrent sites added an option to donate via Bitcoin. The Pirate Bay was one of the first to jump on board and still lists its address on the website. While there’s nothing wrong with using Bitcoin as a donation tool, adding a Javascript cryptocurrency miner to a site is of a totally different order. A few hours ago many Pirate Bay users began noticing that their CPU usage increased dramatically when they browsed certain Pirate Bay pages. Upon closer inspection, this spike appears to have been caused by a Bitcoin miner embedded on the site. The code in question is tucked away in the site’s footer and uses a miner provided by Coinhive. This service offers site owners the option to convert the CPU power of users into Monero coins. The miner does indeed appear to increase CPU usage quite a bit. It is throttled at different rates (we’ve seen both 0.6 and 0.8) but the increase in resources is immediately noticeable. The miner is not enabled site-wide. When we checked, it appeared in the search results and category listings, but not on the homepage or individual torrent pages. There has been no official comment from the site operators on the issue (update, see below), but many users have complained about it. In the official site forums, TPB supermoderator Sid is clearly not in agreement with the site’s latest addition. “That really is serious, so hopefully we can get some action on it quickly. And perhaps get some attention for the uploading and commenting bugs while they’re at it,” Sid writes. Like many others, he also points out that blocking or disabling Javascript can stop the automatic mining. This can be done via browser settings or through script blocker addons such as NoScript and ScriptBlock. Alternatively, people can block the miner URL with an ad-blocker. Whether the miner is a new and permanent tool, or perhaps triggered by an advertiser, is unknown at the point. When we hear more this article will be updated accordingly. Update: We were told that the miner is being tested for a short period (~24 hours) as a new way to generate revenue. This could eventually replace the ads on the site. More info may be revealed later. Sursa: https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/
  14. The Eye of ...

    md5 (OldGarage.jpg) = 1427C48D8CAB1CF6CB6C628FDEBCC0D7
  15. https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-caliskan-islam.pdf