Jump to content

bio.sh

Active Members
 View Profile  See their activity

  • Posts

    103

  • Joined

  • Last visited

  • Days Won

    16

 Content Type 

Posts posted by bio.sh

  3. OSCP - pareri / sugestii

    in Discutii incepatori

    Posted

    On 3/9/2024 at 10:22 AM, itlstl said:

    Salutare, 

     

    Ar urma sa imi deconteze firma examenul de OSCP nu si learning/cursul. Daca ati trecut relativ recent prin asta imi puteti da ceva recomandari, materiale, pareri etc?

    Ca experienta am in jur de 5 ani in security (pentest, secops), am dat ceh-ul acum vreo 2 ani (dar nu cred ca se compara) iar asa pe tryhackme eram undeva in top 2% cu 80 ctf-uri rezolvate. 

    Recomandati alta platforma de ctf-uri? Ceva sa fie mai asemanator cu ce e la OSCP?

     

    As prefera ceva pareri personale/cum ati facut voi, ca asa ghiduri de pe internet o sa tot caut. 

    Thx

    Try this :

     

    1. Hackthebox OSCP VM's

    2. https://github.com/Orange-Cyberdefense/GOAD - Step up you AD Game :) 

    3. Bwapp - Ar trebui sa fie suficient pentru Web App Training.

    4. Last but not least, fa-ti cont direct la ei pe site (Prooving Grounds), unde gasesti vm's din fostul laborator + old exam machines. Unde poti sa-ti simulezi chiar un examen(the old one), care nu era focusat pe AD.

    Link : https://www.offsec.com/labs/

     

    Gl & Hf :) 

    • Like 1

  10. Cineva fura identitatea surorii mele, cum gasesc adresa lor prin contul de Instagram??

    in Tutoriale in romana

    Posted

    On 8/1/2020 at 9:28 PM, AlexandraTC said:

    Buna ziua, 

     

    De 2 ani de zile cineva face conturi de Instagram false si pune poze cu sora mea, le scrie tuturor prietenilor ei, si a devenit foarte obositor, câte 10 persoane ii scriu zilnic despre acest cont fals. 


    de fiecare data raportam, Instagram Închide contul si intr-o zi deschide unul nou.
     

    Am incercat sa apelez la poliție însă m-au sfătuit sa nu ii bag in seama....

     

    Problema este ca sora mea intra in depresie  din cauza acestui furt de identitate si nu stiu la cine sa apelez.
     

    Am nevoie de adresa acestei persoane pentru a opri nebunia asta. 
    Multumesc 

    Nu poti sa fii impersonat daca nu ai cont... :)  

  15. Raid Forums Is Down. Who’s Behind Its Apparent Seizure?

    in Stiri securitate

    Posted

    On February 25, Raid Forums—a popular illicit online community notorious for its high-profile large-scale database leaks—was allegedly seized by an unknown identity. As of this publishing, it is not clear why Raid Forums was taken down, or who was responsible. No official government agency in any country has claimed responsibility for seizing the Raid Forums domain, nor has any cyber threat group; Raid had been operating, more or less continuously, since 2015.

    Not enough information is available at this time to confirm what happened to Raid Forum. However, our intelligence related Raid’s takedown paints a complicated yet meaningful picture of what may have occurred, and serves as a picture of the current state of affairs for threat actors and the illicit communities in which they operate. Although the permanency of Raid’s takedown is yet to be determined, its closure puts it temporarily into a lineage of illicit communities that have ceased operations in recent memory. 

    Furthermore, the timeline of Raid’s takedown coincides with numerous aspects of the Ukraine-Russia war, which may provide clues into its takedown, although Flashpoint cannot confirm this connection at this time. There are also a number of clues about Raid’s owner—who goes by the moniker “Omnipotent,” “Omni” or “terminal”— as well as within posts on the forum itself prior to closing, as well as other illicit communities thereafter, that tell a compelling story. 

    Raiding Raid: A Timeline

    On February 7, the Raid Forums website began throwing database errors and users were unable to access the site until February 12. Immediately after the outage began, Raid users began speculating about whether or not Raid Forums had initially been compromised by authorities, as well as who was ultimately responsible for bringing Raid back online.

    If government authorities seized the domain and were not able to also seize servers hosting the actual forum, it is plausible the login portal clone was put up in an effort to harvest user credentials in order to maximize their leverage over the domain and use it as an intelligence collection opportunity.

    Initial outage

    Prior to the alleged seizure, Omnipotent purportedly went on a vacation between January 31 and February 7, the day of the recent outage, according to his Telegram bio. After the site was back up on February 12, Omnipotent did not comment on the outage. Furthermore, the site’s owner was not apparently active on the site up until the alleged seizure on February 25. It’s not immediately clear if another admin outside of Omnipotent would have had the access necessary to fix the site. Furthermore, neither a Raid Forum admin nor a moderator provided an explanation for the outage. 

    Notable developments before and after Russia invasion of Ukraine

    In the weeks leading up to its apparent seizure, Raid Forums saw an increasing amount of anti-Russian sentiment, and anti-Russian offerings in the form of potentially exploitive data, in the lead up to—and following—Russia’s invasion of Ukraine on February 24.

    • January 19: An established Raid Forums actor, called “Kristina,” posted a thread containing a renewed download link for a data dump, alleged to contain documents, emails, and passwords of the Russian military.
    • February 3: An offering to sell a 2TB array of Russian databases reportedly containing Russian personal information including full names, dates of birth, passport numbers, and tax information was posted to Raid Forums.
    • February 15: A Raid Forums user posted a Russian database for sale allegedly containing 61 million Russian phone numbers. 
    • February 24: On the day of the Russian invasion of Ukraine, Raid Forums took an open stance in the conflict when the admin “moot” announced that the site would be banning all users found to be connecting to the site from Russia. 
    • February 25: Raid threat actor “Kozak888” leaked a database belonging to a Russian express delivery and logistics company, Flashpoint confirmed. Kozak888 claimed that the Russian company provides services for the Russian federal government and stated that the database leak was a consequence of Russia’s invasion of Ukraine. Kozak888 revealed that the database contained 800 million records including full names, email addresses, and phone numbers. 
    • February 25: A user posted a thread requesting assistance in creating fake identification documents, allegedly in order to assist a friend escape Ukraine and find refuge in neighboring Moldova.
    • February 25: A user posted a thread encouraging users to begin collecting attackable ranges of Russian IP addresses. 

    Given the growing animosity towards Russia on the site, plus Raid’s decision to block users coming to the site from Russian IP addresses, Flashpoint will continue to monitor the situation, including the potential role that the forum’s anti-Russian rhetoric and alleged offerings may have had in the forum’s takedown. 

    Cloning to harvest

    Prior to the official announcement from the Raid Forums admin “Jaw” that the site had been seized on February 25, 2022, a clone of the Raid Forums login portal was put up in place of the homepage. It has remained up ever since. As of March 4 the cloned login portal was still active on raidforums[.]com.

    WC8U0Zj2nOq08e7-1118xe7tUoIDvun3YtxO8MsZ Raid’s seizure was first reported in a post in the official Raid Forums Telegram channel by a Raid Forum admin known as “Jaw.” The channel was subsequently locked and has stayed dark ever since. (Image: Flashpoint)

    However, when users enter their credentials into the portal, an error message appears for all users informing them that they have been banned from the site. This is an indication that whichever entity was responsible for seizing the site is potentially credential harvesting and logging visitor technical information such as IP addresses. 

    In the Telegram post by Raid Forums admin “Jaw”, it was also revealed the backup domain for Raid Forums would be rf[.]to, however, as of this publishing, this domain is inactive and it is unclear when, or if, the backup domain will be live. 

    Raid alternatives

    In response to threat actors actively seeking alternatives to Raid Forums on the site’s official Telegram channel during the site outage between February 7 and February 12, 2022, the Russian-language hacking forums XSS and Exploit were recommended alternatives to Raid Forums. 

    On February 27, 2022, a thread was posted on XSS informing users of the alleged seizure of Raid Forums and warning XSS users with Raid Forums accounts to avoid attempting to log into the site due to the likelihood of the site being compromised. In the same thread, one user speculated whether or not XSS would become flooded with Raid Forums users. 

    Based on the recommendations in the official Raid Forums Telegram channel, Flashpoint assesses that a significant number of former Raid Forums users may migrate to Exploit or XSS. However, due the anti-Russian sentiment felt by a large portion of Raid Forums users, these users may not be easily enticed to migrate to these Russian-language alternatives. 

    Although it’s unclear when or if Raid Forums will come back online, the highly active Raid Forums threat actor “pompompurin” claimed on XSS on March 3, 2022, that they were in contact with Raid Forums admins who revealed to them that the site should be coming back online in the near future. Pompompurin reiterated that all that is known at this time is that “someone” seized the domain and it is still unclear who or whether or not they are affiliated with a government entity.

     

    • Upvote 1

  16. BTC exploit

    in Off-topic

    Posted

    On 12/2/2017 at 7:07 PM, killerbeans24 said:

    This is such an interesting post and it will be nice to have a contact with you and discuss some exploits with you.  

     

    Please add me on jabber : cubba24@hot-chilli.eu

    Ask the admins for "Coaili"

    • Upvote 2

  18. Gls.ro IDOR

    in Bug Bounty

    Posted

    13 hours ago, SirGod said:

     

    Eu zic ca da. Presupun ca parcel IDs sunt incrementale, iar daca PIN-ul este din 4 caractere, fara rate limiting pe API, devine o problema. 

    Cica n-au rate limit :)) 

    • Sad 1

  19. Gls.ro IDOR

    in Bug Bounty

    Posted

    8 hours ago, akkiliON said:

    Da-le un e-mail daca vrei si vezi ce iti spun. Cred ca poti sa le trimiti un mesaj aici:

     

     

     

    Eu din ce imi amintesc, am raportat acum cativa ani o vulnerabilitate la Canon si au fixat problema... n-am primit nici un raspuns de la ei sau sa spuna multumesc macar. 🙃

     

    Chiar am de primit un colet de la ei astazi 😅.... cum a spus @SirGod, parola este din 4 caractere.... asta am observat si eu in SMS-ul pe care l-am primit..... Vezi daca merge brute-force attack.... eu nu am testat. 

     

    EDIT: Defapt, parola pe care am primit-o eu este din 5 caractere.... my bad. 😄

    O sa le scriu sa vad ce raspuns banal o sa-mi dea :)) 

×
×
  • Create New...