Usr6

Linux LPIC-1 Series 02:07 LPI Series Intro 28:30 Using the command line 27:30 More command line skills 29:48 Command line skills part 3 28:20 Processes 27:58 Configuration 33:18 Installation issues 33:10 Filesystems 38:31 Package management 33:15 X windows 28:49 Kernel modules 26:29 Printing 26:20 Administrative tasks I 32:59 Administrative tasks II 42:22 Shell Scripting 36:53 Basic Networking 26:39 Network services 1 31:47 Network services 2 29:13 Basic security Linux LPIC-2 Series 02:50 LP-2 Series Intro 32:56 The Linux Kernel: Customizing and Compiling 28:33 Boot Loaders and the Boot Process 27:13 Linux Filesystems 30:50 Samba and NFS: Sharing Files across the Network 28:00 RAID 27:42 System Maintenance 30:23 PERL Scripting 27:17 Troubleshooting Problems in Linux 28:45 Networking in Linux 30:48 The Apache Web Server 28:54 DNS and BIND 31:38 Mail and News 31:23 Network Management 28:24 SSH: Client and Server Linux+ Series (BEGINNERS) (w Update) 35:04 Introduction to Using Linux 28:14 Intro to Linux Part 2 24:34 Planning your installation 33:46 Pre-installation Hardware Considerations 29:12 Installation of Linux 36:39 Installing and Updating Software in Linux 36:12 User Administration in Linux 33:19 Administration of Filesystems and Security 36:53 Administration of Networks in Linux 34:57 Linux Essentials 33:06 Configuring Printing and File Sharing 28:24 Configuration Files and Related Topics 36:50 Maintenance of a Linux System 27:31 Troubleshooting Problems in a Linux System 29:53 Troubleshooting in Linux Part 2 23:43 Troubleshooting in Linux Part 3 25:51 Hardware Issues in Linux 25:03 More Hardware Issues in Linux 04:22 Linux+ 2004 Update Intro 16:36 Multimedia in Linux 18:06 Introduction to sed and awk 24:26 Security Issues Part 1 18:13 Security Issues Part 2 24:03 Printing and Mail 25:35 Hodgepodge: Learning to Learn Linux Intermediate to Advanced Linux Series 07:48 Series Intro 33:55 Pre-Installation Considerations 28:36 Installation Issues ? Working with Hard Disks 36:43 More Installation Issues 33:16 Advanced Installation Issues 24:47 Post Installation 29:24 X windows 27:29 Window Managers and Desktop Environments 32:49 Package Management 30:30 The Linux Rescue and Recovery Process 27:13 User Administration 32:06 Groups 25:21 The Linux Kernel 26:45 The Linux Kernel Part 2 26:35 The Network File System (NFS) 31:44 Apache Web Server 28:48 Mail Services 28:57 DNS and Bind 26:42 FTP and Internet News 34:03 Shell Scripts 32:22 Introduction to Perl 31:10 Performance Monitoring 26:48 Security 24:05 Security 2 Download: 1.63 GB Free File Hosting, Online Storage &amp File Upload with FileServe Free File Hosting, Online Storage &amp File Upload with FileServe Free File Hosting, Online Storage &amp File Upload with FileServe Free File Hosting, Online Storage &amp File Upload with FileServe Free File Hosting, Online Storage &amp File Upload with FileServe Free File Hosting, Online Storage &amp File Upload with FileServe Sursa

Offensive.Security.CTP.v1.0 [2008] Offensive.Security.PWB.v.2.0 [Lab ex, 2007, bt2] Offensive.Security.PWB.v2.2 [Lab guide,2009, bt3] Offensive.Security.PWB.v3.0 [Lab guide,2010, bt4] Offensive.Security.Security.101 [Lab ex , 2007,bt2] Offensive.Security.WiFu.v2.0 [introduction to practical wireless attacks, 2009] Offsec-sample-report [sample penetration test report,v1.7,2008] CTP=Cracking the Perimeter PWB=Penetration testing With Backtrack download:Download 6f6666736563203a20637470207077622077696675.rar for free on Filesonic.com pass:6f6666736563203a20637470207077622077696675 sursa

Let's start with my methodology for hunting malware. Basically, WFP prevents a user from altering a legitimate windows process. If an attempt is made to alter one such file, the user will be informed that an attempt to alter a Windows protected file has taken place and either the alteration will simply be prevented from making a change, or the file will be copied from the version that is stored in dllcache. Here is an example of file modification being prevented: c:\Windows\System32>echo test123 >> dllhost.exe Access is denied. Here is an example of what the error looks like in the system logs: c:\tw_pogue1\CEPOGUE-NGQ83PM\vol\evt_sys.txt: 506,System,Windows File Protection,INFORMATION,CEPOGUE-NGQ83PM,11/23/2011 10:05:42 AM,64001,None,"File replacement was attempted on the protected system file dllhost.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.2180, the version of the system file is 5.1.2600.2180." So, what many attackers will do, is slightly misspell the names of legitimate binaries so as to make them "look" like legitimate ones...something I call, "malware subterfuge". So instead of using the name, "dllhost.exe", they will use something like, "dl1host.exe" or, "dllhsot.exe". Alternatively, they can use the legitimate name if it's not in the same directory as the legitimate Windows binary. So, instead of making using, "C:\Windows\system32\dllhost.exe" they will use, "C:\Windows\System32\drivers\dllhost.exe". Because of WFP, spotting malware can be easier for investigators who know what they are looking for. Also, you can see that WFP makes it difficult for an attacker to name their binary a legitimate Windows name, from a legitimate directory. Difficult, but not impossible. As Harlan correctly pointed out on his blog, " http://windowsir.blogspot.com/", WFP can be disabled. This may sound scary, but actually happens all the time when Windows makes updates to existing files through the Windows Update process. Additionally, Harlan documented this process briefly in his book, "Windows Forensic Analysis, Second Edition" on pages 328 - 330. As Harlan states, "I found that there is reportedly an undocumented API call called SfcFileException (www.bitsum.com/aboutwfp) that will allegedly suspend WFP for one minute. WFP "listens" for file changes and "wakes up" when a file change event occurs for one of the designated protected files, and does not poll the protected files on a regular basis to determine whether any have been modified in some way. Suspending WFP for one minute is more than enough time to infect a file, and once WFP resumes there is no other way for it to detect that that a protected file has been modified." Later, in a conversation with Harlan, we talked about the frequency of just such an attack. Personally, I have never seen this, and Harlan indicated that he has only seen it a few times. So, this was one of those things that is heavy in theory and light in research. So, I wanted to see what it would really look like if I disabled WFP and made a modification to a protected file. Would it leave behind any indicators of compromise in memory, event logs, or a forensic timeline? My first step in answering these questions was to get a hold of the tools mentioned by Harlan from Bitsum Technology. I contacted the developer, who was gracious enough to send me a copy for research. I have left his name out of this post for privacy (No, I will not release his code, so don't ask!). If you want to do your own research, feel free to visit Bitsum Technologies like I did. With my copy of WFP_deprotect in "hand", I copied it to a Windows XP VM that I use for malware analysis. To keep things simple (as I am only trying to illustrate the potential of the tool, and the IOC left behind by modification) I decided to only append a series of capital, "AAAA"s to the end of a protected file. So, I stopped WFP: Next, let's take a MD5 checksum of dllhost.exe for validation that we have successfully modified our target file. c:\Windows\System32>md5deep dllhost.exe a63dc5c2ea944e6657203e0c8edeaf61 c:\Windows\System32\dllhost.exe OK, next, I ran a strings against the target file so make sure there was not the same string content that I decided to use. In this case, a series of upper case letter "A"s. C:\test>strings c:\WINDOWS\system32\dllhost.exe | grep AAAAAAAA Now, I am going to simply append 20 upper case "A"s to the end of the target file. C:\test>echo AAAAAAAAAAAAAAAAAAAA >> c:\WINDOWS\system32\dllhost.exe Let's run strings against the target file to see if the modification took. C:\test>strings c:\WINDOWS\system32\dllhost.exe | grep AAAAA AAAAAAAAAAAAAAAAAAAA <-- This is the results of the grep search. Now let's check the MD5 checksum of the target file to see if it changed...as you can see by comparing it to the value from our initial MD5, it didn. C:\test>md5deep c:\WINDOWS\system32\dllhost.exe 6fb2c878750a84946efacfc50c8e1f59 c:\WINDOWS\system32\dllhost.exe Finally, I waited the minute that it would take for WFP to kick back on, and I rebooted the system. Then, I ran strings against the target file again, and check it out...my "A"s are now at the end of the file. Mission accomplished. I successfully edited a file that was protected by WFP. Once WFP kicked back on, the modified version of the target file is now the version that the system considers to be "good". Any attempt to modified the new version of the WFP protect file by users, or AV, or anything else (except by the same means that I used to modify the file in the first place) would be stopped. Now, my change was relatively simple...I just threw some "A"s at the end of the file. Think about the implications if I had more nefarious goals in mind. I could modify a WFP protected file, allowing it to maintain its original functionality while maybe appending a key logger, or memory dumper to the end of the file. Now, the new weaponized process would have a legitimate Windows name, run from a legitimate directory, BECAUSE it would actually BE the legitimate file as far as the operating system was concerned. OK, so let's say I am working a case where this actually happened. My initial effort to detect malware would not yield any results because all of the running processes would have their expected names, and be running from their expected directories. So now what? Are we all hosed if we run into this, or are there IOCs that would be left behind by this kind of modification? Well, don't lose faith, because there indeed ARE IOCs...which I am about to explain... First of all, the forensic timeline (one of my favorite tools) would show access and modification times that would be updated: Below are the entries from the Master File Table ($MFT), the Standard_Information (SI) attribute is on the top (above the file name), and the File_Name (FN) attribute are on the bottom (below the file name). Notice the Access and Change dates are Nov 23, 2011, which is the date I ran my test. M: Wed Nov 23 15:35:37 2011 Z A: Wed Nov 23 16:04:46 2011 Z C: Wed Nov 23 16:04:28 2011 Z B: Wed Nov 23 15:35:37 2011 Z FN: dllhost.exe Parent Ref: 865 Parent Seq: 3 M: Wed Nov 23 15:35:37 2011 Z A: Wed Nov 23 15:35:54 2011 Z C: Wed Nov 23 15:48:56 2011 Z B: Wed Nov 23 15:35:37 2011 Z M: Wed Nov 23 16:07:57 2011 Z A: Wed Nov 23 16:23:54 2011 Z C: Wed Nov 23 16:23:54 2011 Z B: Thu Aug 23 12:00:00 2001 Z FN: dllhost.exe Parent Ref: 29 Parent Seq: 1 M: Wed Aug 4 06:56:50 2004 Z A: Wed Nov 23 16:05:41 2011 Z C: Wed Nov 23 16:05:42 2011 Z B: Wed Jan 26 20:37:00 2011 Z Remember our error from the system event logs? Let's take a closer look in conjunction with the timeline data... c:\tw_pogue1\CEPOGUE-NGQ83PM\vol\evt_sys.txt: 506,System,Windows File Protection,INFORMATION,CEPOGUE-NGQ83PM,11/23/2011 10:05:42 AM,64001,None,"File replacement was attempted on the protected system file dllhost.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.2180, the version of the system file is 5.1.2600.2180. Within two (2) seconds, the original file from the ServicePackFile directory is accessed, created again in the LastGood directory, accessed in dllcache, and the modified back to its original state in the system32 directory. Wed Nov 23 2011 10:05:41,5120,.a..,r/rrwxrwxrwx,0,0,32127-128-3,"C:/WINDOWS/ServicePackFiles/i386/dllhost.exe" Wed Nov 23 2011 10:05:41,5126,.acb,r/rrwxrwxrwx,0,0,974-128-4,"C:/WINDOWS/LastGood/system32/dllhost.exe" Wed Nov 23 2011 10:05:47,5120,.ac.,r/rrwxrwxrwx,0,0,978-128-1,"C:/WINDOWS/system32/dllcache/dllhost.exe" Wed Nov 23 2011 10:07:57,5166,m...,r/rrwxrwxrwx,0,0,975-128-3,"C:/WINDOWS/system32/dllhost.exe" OK...so we can see the attempted change, but what about the actual change? Is there any evidence of that? Well...not really, no. I ran my volatile collection script against the VM which gathers a huge amount of data as well as the contents of memory. Apart from dllhost.exe being present, apart from the timeline, there were not any IOCs of modification. Pretty scary huh! So, what can we learn from testing this type of attack? First of all, knowing that this type of attack vector exists is a good start! Second, it underscores the importance of creating a forensic timeline, and understanding how to read its contents. Third, it is critically important to conduct live analysis in cases where you suspect that malware is present. Simply relying on AV signatures to identify and prevent malicious process from being executed is just not going to be effective anymore. Good investigators are going to need to start getting better at behavioral analysis, and being well versed enough with how operating systems "should" run under "normal" conditions so that they can quickly identify spot something that is "abnormal". Finally, we are going to have to get better at identifying multiple data points that all indicate the same activity did (or did not) take place. For example, simply identifying the presence of a file would be a single data point. However, if you identify the presence of that same file AND can match that up with an entry in the event logs AND see timeline activity, AND have live analysis data that show "unusual" behavior, THEN you may have something a bit more noteworthy. In such a case, you could use that intel to help identify the likely malicious process, and extract it for further analysis. So bottom line, while this is a relatively simple attack, it can present an extremely difficult scenario for an forensic investigator to successfully identify. Successful detection will require a combination of techniques, that yield multiple data points that will need to be expertly strung together so that a meaningful theory can be formulated. sursa

prezentare: pe scurt: Math Biology Chemistry Organic Chemistry Healthcare and Medicine Physics Cosmology and Astronomy Computer Science History Art History American Civics Finance lista completa a cursurilor: Khan Academy

Helios is a patent-pending advanced malware detection system. This downloadable version is a technology preview, however it is under development to becoming a complete enterprise level solution to managing malware. This includes centralized monitoring, system snapshots etc. Helios has been designed to detect, remove and innoculate against modern rootkits. What makes it different from conventional antivirus / antispyware products is that it does not rely on a database of known signatures. We believe that malware, by definition, has to perform malicious actions on your system. By observing which software performs malicious behaviour, you can better detect malware. Thus Helios uses a 'behavioural' analysis engine as opposed to signatures. The upside to this is that we can catch malware that is 'unknown' in the wild, or for which signature based products do not have a signature definition. Download: Helios: http://helios.miel-labs.org/downloads/Helios.zip Helios-lite: http://helios.miel-labs.com/downloads/Helios-Lite.zip Home Minimum requirements: Windows XP Service Pack 2 512 MB RAM. (256 MB for Helios Lite) 1 Ghz or higher processor (no requirement for Helios Lite) Video tutorial: Detecting processes hidden using function hooks Detecting processes hidden using FuTo (handle table DKOM) Helios v/s Antivirus against an undetectable FuTo Helios' Inoculation Features v/s Malware

Download:104 116 116 112 58 47 47 119 119 119 46 109 117 108 116 105 117 112 108 111 97 100 46 99 111 109 47 57 67 79 53 70 81 50 52 56 52 /L.E. pentru a putea fi utilizat offline c:\WINDOWS\system32\drivers\etc\host 127.0.0.1 chromecrypter.co.uk ccv25.php <html> <body> <font color="white"> noleechersfound</font> <body> </html> se adauga fisierul ccv25.php in www, testat cu UwAmp

Introduction Possible scenarios Case 1. Reading and writing to memory Case 2. Loading unsigned drivers Case 3. Classic anti-rootkits Case 4. Hidden MBR From theory to practice Comodo Time Machine Norton GoBack PC Back Pro and Rollback Rx RestoreIT Hide and seek Conclusion Introduction It is no secret that some legitimate products use rootkit technologies. Various proactive antivirus protection tools are capable of hooking system functions in one way or another. Malicious code also uses algorithms of this type. However, antivirus software differs from malicious code in that it does not attempt to hide the modifications it introduces into the system. Many are aware of data encryption software, such as TrueCrypt. Such programs can encrypt entire partitions or disks. To be able to encrypt a system partition, the creators of this type of software need to implement a proprietary loading routine and modify the master boot record (MBR). Similar technologies are also used in modern bootkits; however, security software, unlike bootkits, does not attempt to conceal its proprietary loader. Like encryption software, some third-party boot loaders (LILO, GRUB) also use MBR modification technology. Rootkit technologies based on system function hooks are also used in various commercial copy protections, especially in games, and many of these copy protections can be particularly aggressive. Using rootkit technologies in legitimate products can cause just as much harm as good. It’s a fine line between secure and dangerous implementation of a technology, and a poorly-implemented product can easily be exploited by cybercriminals. As a result, extreme caution is required. The Sony scandal back in 2005, when the company produced new technology to try to prevent its audio CDs being copied, highlighted the risk. Sony’s protection used rootkit technologies which malware could have used to mask malicious components. In other words, the key software component had been written so poorly it could be used in a way unforeseen by its developers. Is there sufficient justification for using rootkit technologies in legitimate software? When they are used in legitimate programs, how great is the risk that the OS and user data might be compromised? Just how fine is the line between legal and criminal methods? Possible scenarios Before getting down to specifics, I will broadly outline several cases when legitimate rootkits or poorly written drivers could compromise the security system. These cases have been selected to encourage further discussion. When speaking about potential threats, I will use the concepts of legitimate signatures and signed drivers. Obviously, most companies prefer to sign their own software; in 64-bit operating systems, a kernel-mode driver must be signed in order to run. In antivirus products, checking against a whitelist is one of the factors used when assigning a program to a specific software category. Let us assume a legitimate, digitally-signed driver is being abused by cybercriminals. Such a driver would pass a scan as it is listed as software with a trusted signature, even if it is being used for malicious purposes. Therefore, a legitimate, digitally-signed driver is potentially dangerous if it uses rootkit technologies with inadequate authentication mechanisms. Case 1. Reading and writing to memory. Imagine a complex protector or crypter with algorithms which call for reading and writing to memory. These functions are executed in kernel mode. For the software to operate, a kernel-mode driver is required. Under Windows x64 this driver must have an officially purchased signature – it must be legal. This driver will almost certainly pass the scan test as it is on the whitelist of software with trusted signatures and won’t flag up any problems. Let us assume the driver is poorly written and contains no checks that would minimize or eliminate the risk of abuse. Malware writers can then use this driver to unhook the system functions of an antivirus product by using the reading and writing functions provided by the driver. Cybercriminals can disable proactive protection or disrupt the antivirus program’s critical processes from the kernel. Case 2. Loading unsigned drivers Imagine an application containing a signed driver that allows unsigned drivers to be loaded into memory. The unsigned drivers will be loaded manually: the signed driver has to reproduce the actions of the system loader, create a primary thread etc. Such a driver could completely compromise the Windows x64 signature check mechanism. Case 3. Classic anti-rootkits As well as searching for anomalies, classic anti-rootkits such as GMER, RKU, RootRepeal etc., can also provide the capability outlined above for reading/writing kernel memory. They also often have functionality for killing processes or threads, unloading dynamic modules, etc. Even though the driver controlling this may have a legitimate signature, if it is poorly written, cybercriminals can easily use it for malicious ends. Case 4. Hidden MBR Imagine security software that creates file system snapshots, either on demand or according to a schedule. The main aim of such a product is to facilitate a rollback of the system to a point in the past before data was damaged or a malware infection occurred. However, system files can be damaged in such a way that the operating system cannot be loaded. To restore to a specified point, the system can be loaded from an external media, or an MBR modification mechanism can be used. By implementing a customized loader, data can be restored before the operating system is loaded. To protect against damage to an MBR and/or loader, a kernel-mode driver may be used that hides traces of modifications to the master boot record, returning false contents when reading, and writing new records to a different sector. If this kind of driver is poorly implemented, several unpleasant scenarios are possible. Firstly, a cybercriminal may figure out the algorithm of the driver’s operation and use it as a rootkit component in a malicious program. Secondly, if the MBR has been infected by bypassing the hook, the cybercriminal does not need to hide it from security software installed on the computer. Unfortunately, in this case, theory has more or less been put into practice. From theory to practice Kaspersky Lab products implement a powerful anti-rootkit tool that detects hidden objects such as disk sectors, files, registry keys etc., bypassing the hooks implemented in malicious programs. We collect statistics about various anomalies detected on users’ computers via the Kaspersky Security Network (KSN) cloud service. While analyzing the obtained data we have identified several legitimate programs that use rootkit technologies. Summary table: legitimate software using rootkit technologies Program Name Vendor Object Concealment Method Presence of signature COMODO Time Machine Comodo MBR Filter driver + Norton GoBack Symantec MBR Filter driver - PC Back Pro Digicore Technologies MBR Filter driver + Rollback Rx Horizon DataSys MBR Filter driver + RestoreIT Farstone MBR Filter driver + Comodo Time Machine Norton GoBack PC Back Pro and Rollback Rx RestoreIT Hide and seek I was surprised to see MBRs being hidden and investigated how the products reviewed in the previous section would behave if the MBR was modified while bypassing the filter driver. I installed one of the above products on a computer and modified the MBR using the following algorithm: Write a 512-byte 0xAA sequence to the MBR while bypassing the filter; Make a dump of the MBR on the hard drive using the anti-rootkit tool RootRepeal; Check that the recorded sequence is in the MBR; Read the disk using Hiew (“hiew32 \\.\physicaldrive0”); Check that when reading the MBR it still yields false contents. After the MBR is re-written, all the above products keep returning false contents when the MBR is read, thus deceiving the user. Unsurprisingly, the computer didn’t boot after a restart, because I added junk data to the MBR – so there is no way to call up the restoration console which is supposed to protect the user. Secondly, if any bootkit (e.g. Winlocker) infects the MBR, bypassing the filter driver on a system where any of the reviewed products is installed, then it would have a free rootkit driver at its disposal: when reading the MBR, the legal kernel-mode driver with a legitimate signature will still return false contents. The restoration console may also stop working. Thirdly, there is the potential risk of killing the system if partition editing tools are used simultaneously with any of the above products: these tools may receive misleading data as they operate. The best case scenario is that the tools will simply no longer function as required. As a result, users of this software may find themselves in a situation where: They are unable to find out that the MBR has been infected; Malware on the computer is hidden with the help of a legitimate utility; The system restoration software does not work when serious problems occur; Using partition editing tools renders the system inoperable. Conclusion Although some of the products reviewed above may have been updated or are no longer being maintained by their vendors, it is very likely that other similar products exist, using similar questionable methods. It is also possible that the kernel-mode drivers reviewed above may be used for illegal purposes, such as hiding an MBR infection; the availability of a digital signature will only exacerbate the situation. Where the required expertise and tools are available, it will not be too difficult to figure out the drivers’ operation algorithm. All modern security products include a self-protection module for the sole purpose of defending its own critical parts – files, registry keys, processes etc. – from threats posed by malicious programs. Imagine that this self-protection module starts to conceal files, sectors and keys rather than guaranteeing security. Would you feel comfortable using such a product? How do you know it’s not hiding other things? Would any user feel comfortable knowing that certain things could be going on without them being aware of it? I would like to offer some recommendations to the manufacturers of the products reviewed above, as well as their counterparts: It is perfectly legal to modify MBR, but rootkit technologies should not be used in your products. There are other technologies available; there is no need to hide anything from the users. The restoration console can be implemented as a startup disk or removable drive. If there isn’t one already, there should be a caller authentication algorithm in drivers. The fine line between legitimate and illegal use of rootkit technologies is easily crossed. What’s more difficult is building a good quality product. In the world of security software, simple solutions are not necessarily the best. Articol complet

Advanced Persistent Threat attack (APT-attack) http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814 + un link util SANS Information Security Reading Room:SANS: Information Security Reading Room - Computer Security White Papers

Exploit writing tutorial part 01 : Stack Based Overflows Exploit writing tutorial part 02 : Stack Based Overflows – jumping to shellcode Exploit writing tutorial part 03 : SEH Based Exploits Exploit writing tutorial part 3b : SEH Based Exploits – just another example Exploit writing tutorial part 04 : From Exploit to Metasploit – The basics Exploit writing tutorial part 05 : How debugger modules & plugins can speed up basic exploit development Exploit writing tutorial part 06 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Exploit writing tutorial part 07 : Unicode – from 0×00410041 to calc Exploit writing tutorial part 08 : Win32 Egg Hunting Exploit writing tutorial part 09 : Introduction to Win32 shellcoding Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube

istealer http://epic9.xhost.ro/

Ankit Fadia Certifed Ethical Hacking Courses 2011 - AFCEH 5.0 Genre: Video Training | Size: 1.38 GB The Ankit Fadia Certified Ethical Hacker (AFCEH) course is a world class certification program in Ethical Hacking that aims at training and certifying a whole new generation of ethical hackers in the field of computer security. More than 20,000 ethical hackers globally have undergone the AFCEH training, hence creating the next generation army of ethical hackers. The live interactive sessions, video lectures, bestselling text books, question bank, practical lab sessions and real life examples will take participants inside the minds of an ethical hacker and teach them how to fight the cyber criminals on the Internet. Program Contents 1. Planning an Attack IP Addresses Enumerating Remote Systems Hiding Your IP Address Tracing an IP Address 2. Preparing an Attack Network Reconnaissance Port Scanning Daemon Banner Grabbing and Port Enumeration ICMP Scanning Firewall Enumeration OS Detection Sniffing 3. Hacking Windows Introduction Passwords The Look and Feel Security Checklists 4. Network Hacking 5. Email Hacking Introduction Tracing Emails Email Forging The Post Office Protocol (POP) Mailbombing Cracking Email Accounts Securing Email 6. Instant Messenger Hacking 7. Web Hacking 8. Input Validation Attacks 9. Buffer Overflows 10. Intellectual Property Thefts Introduction & Case Studies Trojans Sniffers Keyloggers Spyware Software Traditional Data Hiding Techniques 11. Social Engineering Attacks 12. Password Cracking Decrypted 13. TCP/IP: A Mammoth Description 14. Identity Attacks Introduction Proxy Servers IP Spoofing Onion Routing 15. Computer Forensics 16. DOS Attacks 17. Cryptography, Firewalls and Error Messages 18. Batch File Programming 19. Viruses Torn Apart 20. Wireless Hacking 21 .Windows Vista Security Analysis 22. USB Hacking 23. System Hacking 24. UNIX Security Loopholes 25. Investigating Cyber Crimes 26. Intrusion Detection Systems 27. Browser Security 28. Windows 7 Security Loopholes 29. Wireless Security 30. Bluetooth Security: Hacking Mobile Phones 31. Latest Information Gathering Techniques 32. Latest Security Vulnerabilities 33. 2010 Security Updates 34. Intrusion Detection Systems 35. Intrusion Prevention Systems 36. Software Hacking 37. Protecting CDs and DVDs AFCEH 5.0 also contains new secrets, tips and tricks on all the above mentioned topics like scanning, network reconnaissance, windows hacking, password cracking, email hacking, DOS attacks, social engineering and many others. Download: Download 1l.DIVFA1202.rar for free on Filesonic.com or FilePost.com: Download DIVFA1202.part1.rar - fast & secure! FilePost.com: Download DIVFA1202.part2.rar - fast & secure! FilePost.com: Download DIVFA1202.part3.rar - fast & secure! FilePost.com: Download DIVFA1202.part4.rar - fast & secure! FilePost.com: Download DIVFA1202.part5.rar - fast & secure! FilePost.com: Download DIVFA1202.part6.rar - fast & secure! sursa +linkuri suplimentare download

ai fi fost bun de moderator pe tpu ce dracu are a face o copchila care se plictiseste cu " Anunturi importante si regulile forumului" pe un forum de securitate? daca ai ajuns sa ceri ajutor pt 1749...NO COMMENT

This video will introduce some of the concepts and tools used to allow you to gain a better understanding and be able to detect malware when you become infected. part1: part2: programe utilizate:autoruns, regshot, process explorer (procexp), wireshark, process monitor (procmon), netcat, vsftpd

cracked by:furious Download:aHR0cDovL3d3dy5tdWx0aXVwbG9hZC5jb20vMVpLVjFSV0ROOQ Scan: PI

Thomas Wilhelm has delivered pen testing training to countless security professionals and now through the pages of this book you can benefit from his years of experience as a professional penetration tester and educator. After reading this book you will be able to create a personal penetration test lab that can deal with real-world vulnerability scenarios. Penetration testing is the act of testing a network to find security vulnerabilities before they are exploited by phishers, digital piracy groups, and countless other organized or individual malicious hackers. The material presented will be useful to beginners all the way through to advanced practitioners. The material presented will be useful to beginners all the way through to advanced practitioners. * Find out how to turn hacking and pen testing skills into a professional career * Understand how to conduct controlled attacks on a network through real-world examples of vulnerable and exploitable servers * Master project management skills necessary for running a formal penetration test and setting up a professional ethical hacking business * Discover metrics and reporting methodologies that provide experience crucial to a professional penetration tester * Learn through video the DVD includes instructional videos that replicate classroom instruction and live, real-world vulnerability simulations of complete servers with known and unknown vulnerabilities to practice hacking skills in a controlled lab environment Book contents: PART I - Setting Up Chapter 1: Introduction Chapter 2: Ethics and Hacking Chapter 3: Hacking as a Career Chapter 4: Setting up Your Lab Chapter 5: Creating and Using PenTest Targets in Your Lab Chapter 6: Methodologies Chapter 7: PenTest Metrics Chapter 8: Management of a PenTest PART II - Running a PenTest Chapter 9: Information Gathering Chapter 10: Vulnerability Identification Chapter 11: Vulnerability Verification Chapter 12: Compromising a System and Privilege Escalation Chapter 13: Maintaining Access Chapter 14: Covering Your Tracks PART III - Wrapping Everything Up Chapter 15: Reporting Results Chapter 16: Archiving Data Chapter 17: Cleaning Up Your Lab Chapter 18: Planning for Your Next PenTest Appendix A - Acronyms Appendix B - Definitions DVD contents: * Video courses offered by Heorot.net 1. Heorot.net Penetration Testing Fundamentals Course (HPTF) 2. Heorot.net Intermediate Penetration Testing Course (HIPT) * Server images to use in a penetration test lab 1. De-ICE LiveCDs - servers that provide hacking challenges of different levels of dif?culty; intended to mimic vulnerabilities found on real-world servers 2. pWnOS - a server designed with vulnerabilities that can be exploited using exploit code from www.milw0rm.org; intended to be run within a VM 5. Hackerdemia - a LiveCD training platform used to learn various penetration test tools 4. WebGoat - a Web server configured with multiple web-based vulner- abilities; developed and maintained by the Open Web Application Security Project (OWASP) 5. BackTrack - a LiveCD Linux distribution containing multiple PenTest tools already installed and ready to use download book:FileServe sursa dvd

mai tzine minte cineva ? sau sau

On November 8, a long-living botnet of more than 4,000,000 bots was taken down by the FBI and Estonian police in cooperation with Trend Micro and a number of other industry partners. In this operation, dubbed Operation Ghost Click by the FBI, two data centers in New York City and Chicago were raided and a command & control (C&C) infrastructure consisting of more than 100 servers was taken offline. At the same time the Estonian police arrested several members in Tartu, Estonia articol complet: // nu accepta link direct http://goo.gl/3KmaQ

Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family. Capture BAT is able to monitor the state of a system during the execution of applications and processing of documents, which provides an analyst with insights on how the software operates even if no source code is available. Capture BAT monitors state changes on a low kernel level and can easily be used across various Win32 operating system versions and configurations. Capture BAT provides a powerful mechanism to exclude event noise that naturally occurs on an idle system or when using a specific application. This mechanism is fine-grained and allows an analyst to take into account the process that cause the various state changes. As a result, this mechanism even allows Capture to analyze the behavior of documents that execute within the context of an application, for example the behavior of a malicious Microsoft Word document The program has a console interface and a small set of parameters: -L output.txt output to a file. -C Copy all the deleted or modified files folder logs -N Save all incoming and outgoing traffic to a file. Pcap in logs -H Displays help Prerequisites: Microsoft Windows 2000 sp 4; Microsoft Windows XP sp 2; for Microsoft Vista no service pack is needed. Microsoft Visual C++ 2005 Redistributable Package f the network dump functionality is used, Capture BAT requires the WinPcap 4.0.1 libraries. The application will be installed into C:\program files\capture. Note that a reboot will be forced by the setup program. CaptureBAT.exe -cn-l report.txt report.txt Download: http://www.mcs.vuw.ac.nz/~cseifert/Capture-BAT/CaptureBAT-Setup-2.0.0-5574.exe MD5: c1894e46ffe89be6ca35729d9dab6145 http://www.mcs.vuw.ac.nz/~cseifert/Capture-BAT/CaptureBAT-Setup-2.0.0-5574-src.zip MD5: 0086e7c01e481992284092ea0f9de20f surse:1,2

offensive security labs backtrack 3 (pdf-ul) Multiupload

- Reverse connection Remote Administration Tool. - BaseCode64, Xor, RC4 and AES traffic encryption (depends on features, etc ... Obviously they do not use same encryption ciphers due to application stability and performance. Some ciphers would make this software a lot slower and unstable if used for certain features) - Language support - View options - Multi port support - Remote connection search option - Injection option to create new servers - Anti debugging options to create new server - Startup methods option to create new server - Password protection method to create new server - Optional binder option to create new server - Icon changer option to create new server - Delayed execution option to create new server - Customizable installation folder and file name to create new server - Ftp logs support - Automatic DNS updater - Multi profiles builder - UAC (Vista and Seven protection) bypass on server - Keylogger option - Password recovery tool (browser, msn, windows ...) - Very light stub (~265kb) - Chat feature - File manager - Registry editor - Services manager - Windows manager - Processes manager - Clipboard manager - Socks 4/5 Proxy - Http Proxy - Mass features - Installed programs manager - Remote desktop (with capture) - Remote webcam view (with capture) - Capture audio - Remote download and execute - DOS prompt - Send message boxes - Control desktop items (taskbar, icon, start menu) - Active ports list - Server control (update, disconnect, restart) - Remote open HTTP URL - Send file and execute - CD Open and Close - Reverse Mouse Option - Remote Power Options (Shutdown, Restart, etc ...) - Remote Mouse Lock - Remote Keyboard Lock - Remote Icons Hide/show - Remote Start Hide/show - Group support (connections can be organized in groups) - Several function that can be performed from group panel - URL visiter (with hidden feature) - VBscript console - Multi-user keylogger/file search - Local file erases tool (erase files beyond recovery) - Local startup manager tool - Startup manager - Programs assist - Connection log incorporated in the client GUI - CyberGate has task managers for client and server on connecting - Task logs - Add Notes for your connections if you want - Multiple tabs in the client making your life easier (connections tab, group panel tab, client tasks tab, etc ...) - Automatically map ports if your router supports uPnP - GeoIP server tracking for accurate remote computer localization tracking - Easy search function on password recovery tool - Thumbnails view on file manager allowing display all images of a remote folder - Lock station (ability to lock CyberGate after a certain time of idling or by button press to avoid outsiders from accessing your CyberGate client - Webloader (a webdownloader with 3.5 Kb) - Windows OS bit system (x32/x64) - Recoded webcam capture - Recoded password recovery - Run remote files as admin - More then 70 skins to choose from Cracked by: Thugsndanation aka The Old Warrior Download: Multiupload.com - upload your files to multiple file hosting sites! video:

este infectat, la fel ca si celelalte 2 posturi cyberit.dyndns.info cyberitftp.dyndns.info @boby: daca tot vrei sa faci o fapta buna scaneaza fisierul intr-un sandbox online, nu pe vt. Este normal ca un hacktool sa fie detectat de av-uri, daca vezi un rat public fud atunci sa-ti dea de gandit SandBox-uri online: Anubis CwSandbox ThreatExpert etc.

este infectat, la fel ca si celelalte 2 posturi cyberit.dyndns.info cyberitftp.dyndns.info @boby: daca tot vrei sa faci o fapta buna scaneaza fisierul intr-un sandbox online, nu pe vt. Este normal ca un hacktool sa fie detectat de av-uri, daca vezi un rat public fud atunci sa-ti dea de gandit SandBox-uri online: Anubis CwSandbox ThreatExpert etc.

1. Click dr my computer 2. Properties 3. Advanced 4. Environment variables 5. System variables > New Variable name:devmgr_show_nonpresent_devices Variable value:1 ok, ok 1, 2, 3. Hardware 4. Device manager 5. View -> bifam Show hiddend devices acum ar trebui sa apara si driverele care nu mai sunt folosite Ex: suite de securitate dezinstalate, stickuri, carduri de memorie,mousi, telefoane, tastaturi, harduri, toate lucrurile care candva au avut nevoie de un driver Cand gasiti un driver de care nu mai aveti nevoie:Click dr >uninstall sursa: dupa un articol de pe faravirusi.com

Am avut curiozitatea sa vad in ce mod este influentata detectia av-urilor de semnatura digitala[fake] & file info, am folosit un server de stealer , rezultatele... server original: Result: 38/ 43 (88.4%) [vt] nedetectat de:Antiy-AVL, ByteHero, eSafe, Prevx, SUPERAntiSpyware s+digital signature: Result: 36/ 43 (83.7%) [vt] nedetectat de:Antiy-AVL, ByteHero, eSafe, nProtect, Prevx, SUPERAntiSpyware, TheHacker s+infoclone: Result: 36/ 43 (83.7%)[vt] nedetectat de:Antiy-AVL, ByteHero, eSafe, Prevx, Rising, SUPERAntiSpyware, TheHacker s+infoclone+digital signature: Result: 34/ 42 (81.0%) [vt] nedetectat de: Antiy-AVL, ByteHero, eSafe, nProtect, Prevx, Rising, SUPERAntiSpyware, TheHacker ... am mai testat si protectia oferita de sanbox in cazul unui stealer ( server rulat in sandbox ) =0

infectat si asta...