Jump to content


Active Members
  • Content Count

  • Joined

  • Days Won


Everything posted by OKQL

  1. Sunt o multime, esti dispus sa platesti? Posteaza in categoria potrivită, in primul rand e piraterie, next... mai ai ceva de zis? il am eu, dar pariu ca nu ai habar cum sa il folosesti
  2. Machine Learning for .NET ML.NET is a cross-platform open-source machine learning framework which makes machine learning accessible to .NET developers. ML.NET allows .NET developers to develop their own models and infuse custom machine learning into their applications, using .NET, even without prior expertise in developing or tuning machine learning models. ML.NET was originally developed in Microsoft Research, and evolved into a significant framework over the last decade and is used across many product groups in Microsoft like Windows, Bing, PowerPoint, Excel and more. ML.NET enables machine learning tasks like classification (for example: support text classification, sentiment analysis) and regression (for example, price-prediction). Download: https://github.com/dotnet/machinelearning.git Sources: https://github.com/dotnet/machinelearning https://dot.net/ml
  3. OKQL

    Android Pentesting

    Se pare ca Da
  4. Google Analytics is a good tool: it’s free, easy to implement, and has served me well over the years. However, partly because I’m not in love with Big Brother Google looking over the shoulder of all my website visitors, and partly because I like experiments in minimalism, I decided to replace Google Analytics on benhoyt.com with a simple analytics setup based on log file parsing. Log file parsing is an old-skool but effective way of measuring the traffic to your site. It works with or without JavaScript (my version uses a hybrid approach), and doesn’t send any data to Google or other tracking companies. To do this, I used three main tools: Amazon Cloudfront serving a transparent 1x1 pixel image (with logs going to S3) A Python script to convert the pixel logs to Apache/nginx “combined log format” GoAccess to actually parse the logs and show an analytics report This article describes why I used this approach and how I implemented it using GoAccess and a tiny bit of custom code. Cloudfront pixel My website is a simple and fast static site hosted via GitHub Pages (it’s probably handling a Hacker News traffic spike as you read this ;-). To use GoAccess, I needed a simple way to write to a log file whenever someone requests a page. I decided to use a ping to a pixel.png file hosted on S3 and served via Cloudfront. So I created a new S3 bucket and uploaded a single transparent 1x1 pixel.png file. Then I created a Cloudfront distribution with logging enabled and pointed it at the S3 bucket (logs go to another S3 bucket). Finally I added a small code snippet at the bottom of my page template (Cloudfront domain replaced to avoid bots hitting it from here): <script> if (window.location.hostname == 'benhoyt.com') { var _pixel = new Image(1, 1); _pixel.src = "https://cloudfront.example.net/pixel.png?u=" + encodeURIComponent(window.location.pathname) + (document.referrer ? "&r=" + encodeURIComponent(document.referrer) : ""); } </script> <noscript> <img src="https://cloudfront.example.net/pixel.png? u={{ page.url | url_encode }}" /> </noscript> If JavaScript is enabled, we create an image and point its src to the Cloudfront pixel file, with the URL and referrer encoded in the query string (my log converter will later decode the u and rparameters and output a log line in combined log format). If JavaScript is disabled, we only have the page URL (no referrer), but at least we can still log the request. Most tracking systems, including Google Analytics, don’t work at all without JavaScript. Why a pixel versus direct logging? In some ways it would have been simpler to put Cloudfront in front of GitHub Pages and point my benhoyt.com domain directly to Cloudfront. But I wanted to avoid having to modify DNS and fiddle with the SSL certificate in Cloudfront to prove out the approach. This does mean I had to write a log conversion script (to decode the u and r parameters in the query string). I may switch to the direct-to-Cloudfront approach later, but in the meantime the pixel-based approach works well, and is easier to change. Plus, writing a few dozen lines of Python is good therapy. The log converter So how does the converter script work? It reads Cloudfront log input files, decompresses them, decodes the u and r parameters in the pixel.pngquery string, and writes the output in combined log format. One of the things that’s nice about Python is its standard library. There’s a lesser-known package called fileinput which helps you read a bunch of input files line-at-a-time. Quoting from the help, typical use is: import fileinput for line in fileinput.input(): process(line) This iterates over the lines of all files listed on the command line (or stdin if there are no args). Exactly what you want for a text processing program. It also handles .gz files (like Cloudfront log files) seamlessly with a simple tweak: finput = fileinput.input(openhook=fileinput.hook_compressed) Once the script has read a Cloudfront log line and ensured it’s a pixel.png request, it decodes the query string and outputs in combined log format: # Decode "u" (URL) and "r" (referrer) in query string path = urllib.parse.unquote(query['u'][0]) referrer = urllib.parse.unquote(query.get('r', ['-'])[0]) try: date = datetime.datetime.strptime(fields['date'], '%Y-%m-%d') except ValueError: log_error(finput, 'invalid date: {}'.format(fields['date'])) continue user_agent = unquote(fields['cs(User-Agent)']) ip = fields['c-ip'] if fields['x-forwarded-for'] != '-': ip = fields['x-forwarded-for'] # Output in Apache/nginx combined log format print('{ip} - - [{date:%d/%b/%Y}:{time} +0000] {request} 200 - ' '{referrer} {user_agent}'.format( ip=ip, date=date, time=fields['time'], request=quote('GET ' + path + ' HTTP/1.1'), referrer=quote(referrer), user_agent=quote(user_agent), )) The output is a single log file with all the log lines in it. My site is fairly low traffic, so this should be fine for the foreseeable. At some point I’ll write a script to go into S3 and delete old logs. GoAccess Report GoAccess is a great little tool that does the actual parsing and presentation of the data. It can be used in the terminal mode, but I prefer to output an HTML report. Here’s a screenshot of the output (showing hits/visitors per day, and hits per URL): Looks like my articles about pygit and scandir are pretty popular (even though I wrote them a couple of years ago). There’s a bunch more detail, including an operating system breakdown: And referring domains: Obviously with log parsing you don’t get as much information as a JavaScript-heavy, Google Analytics-style system. There’s no screen sizes, no time-on-page metrics, etc. But that’s okay for me! I’m free of the Google, and I had a bit of fun building it. Feel free to reuse or hack my code: cloudfront_to_combined.py log converter analytics.sh bash script to drive the process Source
  5. Am gasit si eu ceva, este, cod rosu, galben, verde C1/C2 pt cazuri de urgenta la smurd, am auzit prin statie cand comunicau intre ei, sa stie pt ce vin pregatiti http://ambulantamh.ro/112/dispecerat/ Edit: este sigur si precis man, stiu asta de cand a facut bunica mea stop cardio-respirator ceva de genul mi-qu spus sa raman in telefon si am auzit in background "cod '123' (numai retin cifrele exact) pe adresa.. " data de mine Nu poti trimite politia locala pe un Salam Alecum incarcat cu TNT pregatit sa arunce orasul in aer Edit2, citez: [...] More...
  6. Salut, detine cinva lista de codyri petru apeluri de urgenta 112, spre exemplu: cod 1234 pt. violenta in familie; cod 4321 pt. incendii; cod 2341 pt. accidente rutiere. Banuiesc ca ar ajunge intr-un timp util fara prea multe explicatii prin telefon. Multumesc
  7. Engleza in prima linie, cursuri gasesti pe net
  8. 2FA daca lucrati la comun
  9. Evil-WinRAR-Generator Generator of malicious Ace files for WinRAR < 5.70 beta 1 Vulnerability by research.checkpoint.com Developed by @manulqwerty - IronHackers. Usage Help: ./evilWinRAR.py -h Generate a malicius archive: ./evilWinRAR.py -o evil.rar -e calc.exe Evil-WinRAR-Generator works out of the box with Python version 3.x on any platform. Proof of Concept (CVE-2018-20250) Screenshots Credits https://github.com/droe/acefile https://github.com/WyAtu/CVE-2018-20250 Source
  10. OKQL

    DC-6 Lab

    Description DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. This isn't an overly difficult challenge so should be great for beginners. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward. Download Download DC-6 here. Sha1 Signature - 21b782c260f0e20ffe39df762cd6b90b3f3888a2 Source
  11. OKQL

    Switch Color

    Nu-i mai puneti alb, il derutati #800080
  12. La cine te referi prin 'trompetisti'? A fost vorba sa am unde incasa taxele in Londra, monese, monzo, revolut, etc... nu te recunosc nici cu cnp, nici cu nr. tel cand vine vorba de sume
  13. Trompete de banci cu sediul in coltul strazii, vrei ceva serios, apeleaza sus, am pierdut cateva miare, ma cert cu ei prin fax-uri, de m-am plictisit
  14. OKQL


    Impaca-te cu ideea
  15. OKQL


  16. OKQL


    Omul este jucator de SA:MP, probabil a cautat un hack si a aterizat aici
  17. OKQL


    ^ pasionat de las vegas
  18. An apparent cyberattack on March 5 caused disruptions at a western U.S. electric utility by creating a denial of service condition, according to an official summary of Electric Disturbance Events reports processed by the U.S. Department of Energy (DOE) this year. The victimized power company has not been identified, but the incident lasted from 9:12 a.m. to 6:57 p.m. that day, affecting system operations in Kern and Los Angeles Counties in California, Salt Lake County in Utah, and Converse County in Wyoming. However, the even “did not impact generation, the reliability of the grid or cause any customer outages,” E&E News reported this week, quoting a DOE official. Additional reports quoted a DOE spokesperson as saying that the DoS condition stemmed from a “known vulnerability that required a previously published software update to mitigate.” The spokesperson added that the DOE “continues to work with our industry partners through the ISACs to ensure the dissemination of the appropriate mitigation information to manage their associated risks.” It remains unclear who in this case was responsible for interfering with operations. However, cyber experts agree that defending critical infrastructure facilities must remain a high priority, especially in light of recent government warnings about state-sponsored foreign cyber actors targeting the energy sector. Via scmagazine.com
  19. Winamp version 5.12 playlist (.pls) buffer overflow exploit with ASLR + EGGHUNT + REV_SHELL. Written in Python. Download: winamp512pls-overflow.tgz (3.1 KB) Source
  20. The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs. Currently it can be run either as a standalone tool or within Xcode. The standalone tool is invoked from the command line, and is intended to be run in tandem with a build of a codebase. The analyzer is 100% open source and is part of the Clang project. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications. Viewing static analyzer results in Xcode Download: Mac OS X Latest build (10.8+): checker-279.tar.bz2 (built November 14, 2016) Release notes This build can be used both from the command line and from within Xcode Installation and usage Other Platforms For other platforms, please follow the instructions for building the analyzer from source code. Source
  21. Attackers have been actively exploiting a critical zero-day vulnerability in the widely used Oracle WebLogic server to install ransomware, with no clicking or other interaction necessary on the part of end users, researchers from Cisco Talos said on Tuesday. The vulnerability and working exploit code first became public two weeks ago on the Chinese National Vulnerability Database, according toresearchers from the security educational group SANS ISC, who warned that the vulnerability was under active attack. The vulnerability is easy to exploit and gives attackers the ability to execute code of their choice on cloud servers. Because of their power, bandwidth, and use in high-security cloud environments, these servers are considered high-value targets. The disclosure prompted Oracle to release an emergency patch on Friday. On Tuesday, researchers with Cisco Talos said CVE-2019-2725, as the vulnerability has been indexed, has been under active exploit since at least April 21. Starting last Thursday—a day before Oracle patched the zero-day vulnerability, attackers started using the exploits in a campaign to install “Sodinokibi,” a new piece of ransomware. In addition to encrypting valuable data on infected computers, the malicious program attempts to destroy shadow copy backups to prevent targets from simply restoring the lost data. Oddly enough, about eight hours after infection, the attackers exploited the same vulnerability to install a different piece of ransomware known as GandCrab. No interaction required “Historically, most varieties of ransomware have required some form of user interaction, such as a user opening an attachment to an email message, clicking on a malicious link, or running a piece of malware on the device,” Talos researchers Pierre Cadieux, Colin Grady, Jaeson Schultz, and Matt Valites wrote in Tuesday’s post. “In this case, the attackers simply leveraged the Oracle WebLogic vulnerability, causing the affected server to download a copy of the ransomware from attacker-controlled IP addresses 188.166.74[.]218 and 45.55.211[.]79.” The vulnerability is easy to exploit because all that’s required is HTTP access to a vulnerable WebLogic server. Its severity rating under the Common Vulnerability Scoring System is 9.8 out of a possible 10. The attackers send vulnerable servers a POST command that contains a PowerShell command that downloads and then executes a malicious file called “radm.exe.” Besides PowerShell, attackers also exploit CVE-2019-2725 to use the Certutil command-line utility. Other files that get downloaded and executed include office.exe and untitled.exe. The ransom note shown in part above and in full below demands targets pay $2,500 worth of bitcoin within two days to obtain the decryption key that will unlock the encrypted data. After that deadline, the ransom doubles to $5,000. The attackers provide instructions explaining how cryptocurrency novices can establish a bitcoin wallet and obtain the digital currency, going as far as recommending use of Blockchain.info. The attacks are notable for their use of a high-severity zero-day in software that’s widely used in cloud environments. The combination means attacks are likely to continue. Organizations that use WebLogic should make installing Friday’s patch a top priority. Via https://arstechnica.com/information-technology/2019/04/zeroday-attackers-deliver-a-double-dose-of-ransomware-no-clicking-required/
  22. Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security in 2018. Unfortunately, these webcasts still seem to be needed because there is a prevalent attitude that it is somehow possible to get endpoint security with full synergy and it will be bulletproof and under a single pane of glass. All with cyber threat intelligence and A.I. sprinkled in with a bit of EDR magic to stop all attacks. Everyone at all levels of the IT hierarchy needs to be aware that no single piece of technology will stop all attacks. Ever. So we keep doing this. Slides Available Here: https://blackhillsinformationsecurity.shootproof.com/gallery/8579747/ Listen: https://www.blackhillsinfosec.com/podcast-sacred-cash-cow-tipping-2019/ Source:blackhills
  23. If you're interested in learning to reverse engineer Android applications (both DEX and native code), check out the workshop at https://maddiestone.github.io/AndroidAppRE Source: https://github.com/maddiestone/AndroidAppRE
  24. This is the proof of concept source code for CVE-2019-3719, a vulnerability in most of all Dell machines that allowed for remote code execution. See the blog post here. Usage: python3 main.py [Interface Name] [Victim IP] [Gateway IP] [Payload Filename] Demo Source: https://github.com/D4stiny/Dell-Support-Assist-RCE-PoC
  • Create New...