Jump to content

mrreboot

Active Members
  • Posts

    268
  • Joined

  • Last visited

  • Days Won

    10

Everything posted by mrreboot

  1. Ⓜ️ Pluralsight 1 Year Premium worth 199$ For Free! Benefits: 500 Hours of Premium Watch time, Quality Educative Videos + Certification. https://www.pluralsightone.org/product/education/code-org-redemption-3m 📍Video : https://www.youtube.com/watch?v=0p4a80YRh5w Happy New Year 😍
  2. All the deals for InfoSec related software/tools this Black Friday / Cyber Monday ❤️ Hope you all have a well-deserved, happy thanksgiving and kudos to all those who contributed to this list. FAQ When do these sales end? Most end 29/30th November. When will most of the deals/discounts be here? Most likely 27th midday for USA, 28th November for the rest of the world, check back often! Can I add deals to the page? Yes, please follow formatting guidelines, provide a source and code. Has to be (loosely) infosec related. 🙈 means 1) Limited user run 2) Great deal or 3) Highly recommended *Disclaimer: I have included my own, and other discount codes sent in directly. Hacker Essentials Stickermule https://www.stickermule.com/deals $19 down from $65, free shipping Tools GRAYHATWARFARE (Cloud Storage Buckets Search Engine) 🙈 https://buckets.grayhatwarfare.com/packages Up to 50% off IDA Pro https://www.hex-rays.com/cgi-bin/quote.cgi/products 25% OFF for all IDA Home purchases Maltego OSINT tool https://buy.maltego.com 50% off Maltego Pro annual subscription Burp Bounty Pro Extension https://order.shareit.com/cart/view 20% off with code: CYBERBOUNTY Pulsedive Threat Intelligence 🙈 https://pulsedive.com/about/pro $5 PRO accounts with code: TRYFOR5 SecurityTrails 🙈 https://securitytrails.com/ 100 recurring free API credits by retweeting Tenable https://www.tenable.com/buy 50% off Nessus PRO with code: takehalf WPScan https://wpscan.com/ 25% off Starter and Pro accounts with code: BLACKFRIDAY2020 VMware https://store-us.vmware.com/ 30% off new licenses, 19% off upgrades. No code required Faraday https://faradaysec.com/landing-black-friday/ 30% off and Free training on new licenses. MalwareBytes https://try.malwarebytes.com/black-friday/ 50% off Malwarebytes Premium, 40% OFF Malwarebytes Premium + Privacy ESET https://www.eset.com/us/cyber-weekend-2020/ 40% off all security software 010 Editor https://www.sweetscape.com/010editor/ 30% off Little Snitch (macOS Firewall) https://www.obdev.at/products/littlesnitch/order.html 30% OFF Murus and Vallum (macOS Firewall (pf)) https://murusfirewall.com/ 50% OFF Detectify 🙈 https://detectify.com/lp/black-friday-professional-plan-offer 20% off annual subscription + mention "Kate sent me", to get a Go Hack Yourself hoodie as well with purchase. Sn1per Professional 🙈 https://xerosecurity.com/wordpress/black-friday-sale/ $49 savings on Sn1per Professional v8.0 + Command Execution Add-on Kon-Boot (Windows and MacOS local password bypass) https://kon-boot.com/?NOVEMBER=1 25% off Kon-Boot Windows, MacOS, and 2in1 personal and commercial licenses. Intuitibits (WiFi Explorer Standard, Transfer (TFTP), Wifi Signal) https://www.intuitibits.com Various discounts Books: Bug Bounty Playbook 2 (verified) https://payhip.com/b/nRia Discount on full price NoStarch Press https://nostarch.com/ 33.7% off + free shipping with code BLACKFRIDAY20 *domestic orders only, $50 min O'Reilly Books https://www.oreilly.com/ 50% discount with code: CM20CS Apress https://www.apress.com/us/shop/cybermonday-sale All eBooks $6.99 each with code: CYBER20AP Pearson https://www.pearsonitcertification.com/promotions/booksgiving-buy-2-plus-books-or-ebooks-save-55-142246 Buy 2, save 55% + free US shipping with code: BOOKSGIVING Humble Bundle https://www.humblebundle.com/ 45% off Premium Agile Stationary (cybersecurity card games) https://agilestationery.co.uk/ 40% off automatically apply when buying 3 or more products Courses & Training: OffSec AWAE 🙈 https://www.offensive-security.com/awae-oswe/ Various discounts per labs length Udemy (Hacking Training - online) https://www.udemy.com All courses $10.99 INE (eLearnSecurity, so eJPT, eCPPT) https://ine.com/ 40% off with code: BF40 PluralSight https://www.pluralsight.com/offer/2020/bf-cm-40-off 40% discount Lets Defend http://letsdefend.io/ 50% off with code: BLCKFRDY PentesterLab (Hacking Training/Platform - online) 🙈 https://pentesterlab.com/pro/ One-year: US$146.52 instead of US$199.99 Student (3-month): US$27.99 instead of US$34.99 DroneSec (Drone Security Training - online unlocks 1st December) 🙈 https://training.dronesec.com 65% discount on bundle with code: DONOTSHAREBLACKFRI 20% discount on live training with code: BF20 Social Engineering Training 🙈 (Robin Dreeke, retired FBI Special Agent and Chief of the Counterintelligence Behavioral Analysis Program) https://www.peopleformula.com/online-training 25% discount with code: infosec25 CloudGuru (was Linux Academy) https://acloudguru.com/pricing Various deals Zero2Automated Malware Analysis Course https://courses.zero2auto.com/beginner-bundle 20% off with code: BLACKFRIDAYSALES Practical DevSecOps https://www.practical-devsecops.com/black-friday/ 15% off OSINTion Training https://blackfriday.theosintion.com/ 33% off courses with code: 2020BF1337OSINT OSINT Combine 🙈 https://academy.osintcombine.com/ 40% off all courses with code: BLACKFRIDAY Whizlabs https://www.whizlabs.com/ 50% off all products with code: BLACKFRIDAY50 ISACA https://www.isaca.org/go/flash 15% off CISA/CISM/CRISC training & certs Kaplan https://www.kaptest.com/study/gre/black-friday-and-cyber-monday-gre-deals/ Claim deals are incoming shortly... Networkdefense.io https://www.networkdefense.io/library/ 20% off all courses. No code required. International Cybersecurity Institute https://www.icsi.co.uk/pages/black-friday-offer 50% off courses with code: BF50 Cybrary (Hacking Training/Platform - online) https://www.cybrary.it/ 70% discount Cybr (Training/Platform/Community - online) 🙈 https://cybr.com/ Up to 74% off Hacker House (Hands on Hacking) 🙈 https://hacker.house/training/ 35% discount with code: HACKFRIDAY Dawid Czagan's Web Hacking Secrets 🙈 https://silesiasecuritylab.com/ 90% discount promo code: BlackFriday2020 Services: ProtonMail https://protonmail.com/blog/black-friday-2020/ 33-50% discounts NordVPN https://nordvpn.com/offer/great-deal/ 68% discount + 3 months free F-Secure TOTAL and FREEDOME VPN https://www.f-secure.com/en/home/products/total 50% off with code: BLACKWEEK 1Password https://1password.com/promo/black-friday/the-verge/ 50% off family account Lowendbox https://lowendbox.com/blog/lowendbox-has-mind-blowing-offers-coming-this-black-friday-cyber-monday-season/ Variety of deals Priveasy (Open Source Privacy and Security Services) https://Priveasy.org Get additional 90 days free at checkout with code: 6ffbb6ff46 Surfshark VPN https://surfshark.com/deals 83% off + 3 months free LastPass https://www.lastpass.com/offer/cyber-week-2020 40% off LastPass Premium for new users Hardware: DJI 🙈 https://store.dji.com/event/black-friday-sale-2020 Up to 46% off Osmo Action $199 down from $369 SouthOrdPicks https://www.southord.com/ 25% discount with code: CHEER25 SOS Soultions (Hardware Kits) https://www.sossolutions.nl/black-friday-2020 Various discounts ifixit https://www.ifixit.com/News/47143/our-black-friday-sale-is-here-and-bigger-than-ever Multiple discounts + free shipping over $50 with code: FIXSHIP Hak5 https://shop.hak5.org/ Various discounts Sparkfun https://www.sparkfun.com/news/3513 Various Discounts Newsletters: Cybersecurity Market Insights Newsletter https://gumroad.com/securityinsights 15% for monthly and annual Pro subscriptions with code: security15off InfoSec Black Friday Deals (2019) These were key deals last year, so keep an eye out and update if released. Hacker Essential Stickermule https://www.stickermule.com/deals $19 down from $65, free shipping Software: Acrylic WiFi Hacking Suite https://www.acrylicwifi.com/ 30% discount with code: BLACKFRIDAY VMware (Virtual Machine Application) Workstation Pro & Fusion Pro, Workstation & Player https://store-au.vmware.com/?PID=3211374&PubCID=1397064&cjevent=3533e3c6115911ea839000790a1c0e0f 45-60% off - BF2019 RoyalTS (Toolbox for remote computing) Royal TS (Win) and Royal TSX (macOS) Individual User Licenses https://royalapps.com/ts/win/buy 50% discount with code BLACKFRIDAY19 WiFi Explorer Pro https://www.adriangranados.com/ https://buy.paddle.com/checkout/43767240-chreaa50fc5abeb-c5a30d6d5b $50 discount Hardware: SouthOrdPicks https://www.southord.com/ 25% discount with code HOLLY19 Pelican Cases https://www.pelican.com/us/en/shop/black-friday/ 30% with code: HOLIDAY Yubico/Yubikey https://www.yubico.com/store/black-friday-2019 $20 OFF two YubiKeys or $100 OFF orders of $400 or more Hak5 https://shop.hak5.org/ 50% discount and free shipping DJI (for hacking drones) https://store.dji.com/guides/dji-black-friday-deals-2019-guide/ 40% discount ifixit https://www.ifixit.com/Black-Friday Multiple discounts + free shipping with code: BLUEANDBLACK19 SparkFun https://www.sparkfun.com/news/3134 15-25% discount SeeedStudio https://www.seeedstudio.com/thanksgiving_50_off_sale.html 50% discount with code: THANKS50 Airspy SDR Tools https://airspy.com/ https://www.rtl-sdr.com/airspy-30-off-black-friday-sale-coupon-now-active/ 30% discount with code: AWARDWINNING2019 LAB401 SDR/RFID Equiptment https://lab401.com/blogs/news/black-friday-cyber-monday-sales 15%+ discount with code: BFCM2019 Southord Lockpicking https://www.southord.com/ 15% off with coupon HOLLY19 Maltronics WiFi Keyloggers https://maltronics.com/collections/wifi-keyloggers 20% discount Courses & Training: Applied Network Defense Online Training https://networkdefense.io/ 20% discount all courses NoStarch Press https://nostarch.com/ 42% discount with code ULTIMATE42 Udemy (Hacking Training - online) https://www.udemy.com All courses $10.99 eLearnSecurity https://www.elearnsecurity.com/ 25% discount with code: BLK-019 PluralSight https://www.pluralsight.com/offer/2019/bf-cm-40-off 40% discount PentesterAcademy (Hacking Training/Platform - online) http://www.pentesteracademy.com/thanksgiving $39 down from $99 or $489p/y down from $1188p/y PentesterLab (Hacking Training/Platform - online) https://pentesterlab.com/pro/one_year https://twitter.com/PentesterLab/status/1199792188609024000?s=20 26.74% discount DroneSec (Drone Hacking Training - offline) https://dronesec.com/collections/training 40% discount code: BLACKFRIDAY19 in email subject Cybrary (Hacking Training/Platform - online) https://www.cybrary.it/ 66% discount Packt Publishing https://packtpub.com/ e-Books and videos $10 each or 3 for $25 O'Reilly Books https://www.oreilly.com/online-learning/cybermonday-2019.html 50% discount with code: CM19CS GNS3 Academy https://gns3.teachable.com/ $7 all courses with code: BLACKFRIDAY19 Pearson http://www.pearsonitcertification.com/promotions/black-friday-2019-buy-2-save-55-142103 Buy 2 or more courses for 55% discount with code: BF2019 SANS https://www.sans.org/online-security-training/specials?msc=hpslider1 Apple Hardware or $350 off any course Hackers Academy https://www.hackersacademy.com/bundles?bundle_id=special-offer 88% discount Linux Academy https://linuxacademy.com/pricing/individual/ $150 off Practical DevSecOps https://www.practical-devsecops.com/black-friday/ $400 OFF on course bundle or or $120-$180 OFF on each course. Manning Publications http://enews.manning.com/q/4qVD2DZvQIJ_yR-6w3SkoEx9ucisTjoscZlyhs8T0J5vCawQV4WfDDi9R 50% on any purchase over $50 with code: CYBERWEEK Leetcode https://www.leetcode.com/ $30 off annual subscription w/ code THANKS2019 ISACA https://isaca.org/info/cisa-certification-ready/index.html/ 15% off CISA/CISM/CRISC training & cert with code CYBERWEEK19CISA Networkdefense.io https://www.networkdefense.io/library/ 20% off Apress https://www.apress.com/us/shop/cybermonday-sale?token=cyberweek19 $7 deals PTrace Advanced Software Exploitation https://www.psec-courses.com/courses/advanced-software-exploitation 20% off with code BLACKFRIDAY2019 Linux Foundation training and certifications https://training.linuxfoundation.org/cyber-monday-2020-sneak-peek/ 40%-60% discounts starting on Monday on certification, training, and cert+training bundles Services: ProtonMail https://protonmail.com/blog/black-friday-2019/ 33-50% discount NordVPN https://nordvpn.com/offer/brand/ 83% discount The Hacker News https://deals.thehackernews.com/ 15% off with coupon BFSAVE15 F-Secure FREEDOME VPN 50% w/ code BLACKWEEK https://campaigns.f-secure.com/blackweek/en_global/?ecid=10916 1Password https://1password.com/promo/black-friday/the-verge/?cjevent=8fec730612de11ea80ac00f80a1c0e14/ 50% off via Verge Whizlabs https://www.whizlabs.com/ 50% off Lowendbox https://lowendbox.com/blog/happy-thanksgiving-from-lowendbox-black-friday-cyber-monday-offers-are-coming/ Variety of deals Continuing Education Kaplan https://www.kaptest.com/study/gre/black-friday-and-cyber-monday-gre-deals/ Kaplan: $300 off GRE and similar UNCONFIRMED / TBA (2018) These were key deals last year, so keep an eye out and update if released. Tindie (Hardware, Electronics, IoT) https://www.tindie.com/browse/sale/ Multiple discounts Pastebin https://pastebin.com/pro?coupon=blackfriday ??% discount Attify (IoT Exploitation Training/Hardware) https://www.attify-store.com/ ??% off with coupon code itrainsec Financial Malware Analysis course (live on-line course December 7-10) https://www.itrainsec.com/financial-re 20% discount until Tuesday Dec 1 with code: BLCKFRDYFMA How to edit formatting At the end of a normal sentance, place a backslash for newline () Alternatively with a link, you can double-space ( ) Credits If you'd like to DM me a deal rather than submitting a PR: @securitymeta_ Thanks to 0ldMate referring me to @Infosec_Taylor who has a fantastic twitter thread as well, adding in some of those deals here! Also thanks to webyeti, grabbed some deals from: https://www.webyeti.ninja/blog/hackerblkfri - more non-infosec deals in there too. Shoutout to some discounts grabbed from Dutchosintguy, @gabsmashh Thanks to those that have sent pull requests, and @reV_sh_ on twitter, among others. Thanks to those who credited and helped spread the word! https://github.com/instadoodledavid/Infosec-Deals-2020 https://github.com/Securityinfos/Black-Friday-Deals https://github.com/Dutchosintguy/Blackfriday-Deals-2020 Source
  3. O posibilitate ar fi ca "oferta" să vină chiar de la cineva de la morgă pentru a incasa mai mulți bani de la asigurare. Sincer nu știu cum stă treaba în România, dar aici anumite case de asigurări au gen un preț fix economic pentru înmormântările "standard", în schimb dacă e caz de covid mă gândesc că se schimbă treaba si costurile urcă, gen: materiale de protecție folosite, incinerare, etc..
  4. Microsoft is offering hackers up to $100,000 if they can break the security of the company’s custom Linux OS. The software giant built a compact and custom version of Linux last year for its Azure Sphere OS, which is designed to run on specialized chips for its Internet of Things (IoT) platform. The OS is purpose-built for this platform, ensuring basic services and apps run isolated in a sandbox for security purposes. Microsoft now wants hackers to test the security of the Azure Sphere OS, paying up to $100,000 if the Pluton security subsystem or Secure World sandbox is breached. The bug bounty program is part of a three-month research challenge that runs from June 1st until August 31st. “We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” explains Sylvie Liu, a security program manager at Microsoft’s Security Response Center. MICROSOFT WANTS A GROUP OF SECURITY RESEARCHERS TO JOIN THE CHALLENGE The challenge is focused on the Azure Sphere OS itself, and not the underlying cloud portion that’s already eligible for Azure bounty program awards. Microsoft is specifically looking for a group of security researchers to try and break its Linux OS security. Physical attacks are out of scope, but researchers can apply to be part of the challenge here. Azure Sphere was announced at last year’s Build developer conference, and it’s still relatively new. Businesses like Starbucks are rolling out Azure Sphere to secure its store equipment, which feeds back data points on the type of beans, coffee temperature, and water quality for every shot of espresso. Microsoft CEO Satya Nadella sees IoT devices as a key area for the company, describing its cloud business as the biggest hardware business at Microsoft earlier this year. Nadella is chasing the billions of IoT devices that analysts predict will be in use over the next decade. Azure Sphere is a key part of the mission to help secure and manage these devices, and part of Microsoft’s increased push to win a world beyond Windows that’s increasingly moving to cloud computing.
  5. Mi s-a parut interesanta ideea. Software developers can accidentally leak sensitive information, particularly secret keys for third party services, across code hosting platforms such as GitHub, GitLab and BitBucket. https://shhgit.darkport.co.uk/
  6. 28 Jan 20 Wawa Breach May Have Compromised More Than 30 Million Payment Cards In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach. On the evening of Monday, Jan. 27, a popular fraud bazaar known as Joker’s Stash began selling card data from “a new huge nationwide breach” that purportedly includes more than 30 million card accounts issued by thousands of financial institutions across 40+ U.S. states. The fraud bazaar Joker’s Stash on Monday began selling some 30 million stolen payment card accounts that experts say have been tied back to a breach at Wawa in 2019. Two sources that work closely with financial institutions nationwide tell KrebsOnSecurity the new batch of cards that went on sale Monday evening — dubbed “BIGBADABOOM-III” by Joker’s Stash — map squarely back to cardholder purchases at Wawa. On Dec. 19, 2019, Wawa sent a notice to customers saying the company had discovered card-stealing malware installed on in-store payment processing systems and fuel dispensers at potentially all Wawa locations. Pennsylvania-based Wawa says it discovered the intrusion on Dec. 10 and contained the breach by Dec. 12, but that the malware was thought to have been installed more than nine months earlier, around March 4. The exposed information includes debit and credit card numbers, expiration dates, and cardholder names. Wawa said the breach did not expose personal identification numbers (PINs) or CVV records (the three-digit security code printed on the back of a payment card). A spokesperson for Wawa confirmed that the company today became aware of reports of criminal attempts to sell some customer payment card information potentially involved in the data security incident announced by Wawa on December 19, 2019. “We have alerted our payment card processor, payment card brands, and card issuers to heighten fraud monitoring activities to help further protect any customer information,” Wawa said in a statement released to KrebsOnSecurity. “We continue to work closely with federal law enforcement in connection with their ongoing investigation to determine the scope of the disclosure of Wawa-specific customer payment card data.” “We continue to encourage our customers to remain vigilant in reviewing charges on their payment card statements and to promptly report any unauthorized use to the bank or financial institution that issued their payment card by calling the number on the back of the card,” the statement continues. “Under federal law and card company rules, customers who notify their payment card issuer in a timely manner of fraudulent charges will not be responsible for those charges. In the unlikely event any individual customer who has promptly notified their card issuer of fraudulent charges related to this incident is not reimbursed, Wawa will work with them to reimburse them for those charges.” Gemini Advisory, a New York-based fraud intelligence company, said the biggest concentrations of stolen cards for sale in the BIGBADABOOM-III batch map back to Wawa customer card use in Florida and Pennsylvania, the two most populous states where Wawa operates. Wawa also has locations in Delaware, Maryland, Virginia and the District of Columbia. According to Gemini, Joker’s Stash has so far released only a small portion of the claimed 30 million. However, this is not an uncommon practice: Releasing too many stolen cards for sale at once tends to have the effect of depressing the overall price of stolen cards across the underground market. “Based on Gemini’s analysis, the initial set of bases linked to “BIGBADABOOM-III” consisted of nearly 100,000 records,” Gemini observed. “While the majority of those records were from US banks and were linked to US-based cardholders, some records also linked to cardholders from Latin America, Europe, and several Asian countries. Non-US-based cardholders likely fell victim to this breach when traveling to the United States and utilizing Wawa gas stations during the period of exposure.” Gemini’s director of research Stas Alforov stressed that some of the 30 million cards advertised for sale as part of this BIGBADABOOM batch may in fact be sourced from breaches at other retailers, something Joker’s Stash has been known to do in previous large batches. Gemini monitors multiple carding sites like Joker’s Stash. The company found the median price of U.S.-issued records in the new Joker’s Stash batch is currently $17, with some of the international records priced as high as $210 per card. “Apart from banks with a nationwide presence, only financial institutions along the East Coast had significant exposure,” Gemini concluded. Representatives from MasterCard did not respond to requests for comment. Visa declined to comment for this story, but pointed to a series of alerts it issued in November and December 2019 about cybercrime groups increasingly targeting fuel dispenser merchants. A number of recent high-profile nationwide card breaches at main street merchants have been linked to large numbers of cards for sale at Joker’s Stash, including breaches at supermarket chain Hy-Vee, restaurant chains Sonic, Buca di Beppo, Krystal, Moe’s, McAlister’s Deli, and Schlotzsky’s, retailers like Bebe Stores, and hospitality brands such as Hilton Hotels. Most card breaches at restaurants and other brick-and-mortar stores occur when cybercriminals manage to remotely install malicious software on the retailer’s card-processing systems. This type of point-of-sale malware is capable of copying data stored on a credit or debit card’s magnetic stripe when those cards are swiped at compromised payment terminals, and that data can then be used to create counterfeit copies of the cards. The United States is the last of the G20 nations to make the shift to more secure chip-based cards, which are far more expensive and difficult for criminals to counterfeit. Unfortunately, many merchants have not yet shifted to using chip-based card readers and still swipe their customers’ cards. According to stats released in November by Visa, more than 3.7 million merchant locations are now accepting chip cards. Visa says for merchants who have completed the chip upgrade, counterfeit fraud dollars dropped 81 percent in June 2019 compared to September 2015. This may help explain why card thieves increasingly are shifting their attention to compromising e-commerce merchants, a trend seen in virtually every country that has already made the switch to chip-based cards. Many filling stations are upgrading their pumps to include more cyber and physical security — such as end-to-end encryption of card data, custom locks and security cameras. In addition, newer pumps can accommodate more secure chip-based payment cards that are already in use and in some cases mandated by other G20 nations. But these upgrades are disruptive and expensive, and many fuel station owners are putting them off until it is absolutely necessary. Prior to late 2016, fuel station owners in the United States had until October 1, 2017 to install chip-capable readers at their pumps. Station owners that didn’t have chip-ready readers in place by then would have been on the hook to absorb 100 percent of the costs of fraud associated with transactions in which the customer presented a chip-based card yet was not asked or able to dip the chip. Yet in December 2016, Visa — by far the largest credit card network in the United States — delayed the requirements, saying fuel station owners would be given until October 1, 2020 to meet the liability shift deadline. Either way, Wawa could be facing steep fines for failing to protect customer card data traversing its internal payment card networks. In addition, at least one class action lawsuit has already been filed against the company. Finally, it’s important to note that even if all 30 million of the cards that Joker’s Stash is selling as part of this batch do in fact map back to Wawa locations, it’s highly unlikely that more than a small percentage of these cards will actually be purchased and used by fraudsters. In the 2013 megabreach at Target Corp., for example, fraudsters stole roughly 40 million cards but only ended up selling between one to three million of those cards. Source: https://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/
  7. Top 25 RCE Bug Bounty Reports The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness. #1 Title: Potential pre-auth RCE on Twitter VPN Company: Twitter Bounty: $20,160 Link: https://hackerone.com/reports/591295 #2 Title: RCE on Steam Client via buffer overflow in Server Info Company: Valve Bounty: $18,000 Link: https://hackerone.com/reports/470520 #3 Title: Struct type confusion RCE Company: Shopify Bounty: $18,000 Link: https://hackerone.com/reports/181879 #4 Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution Company: Valve Bounty: $12,500 Link: https://hackerone.com/reports/351014 #5 Title: Git flag injection — local file overwrite to remote code execution Company: GitLab Bounty: $12,000 Link: https://hackerone.com/reports/658013 #6 Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload Company: SEMrush Bounty: $10,000 Link: https://hackerone.com/reports/403417 #7 Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message Company: Valve Bounty: $9,000 Link: https://hackerone.com/reports/631956 #8 Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi) Company: LocalTapiola Bounty: $6,800 Link: https://hackerone.com/reports/303061 #9 Title: Remote Code Execution at http://tw.corp.ubnt.com Company: Ubiquiti Inc. Bounty: $5,000 Link: https://hackerone.com/reports/269066 #10 Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability Company: Flash (IBB) Bounty: $5,000 Link: https://hackerone.com/reports/139879 #11 Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop` Company: Imgur Bounty: $5,000 Link: https://hackerone.com/reports/212696 #12 Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/502758 #13 Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File Company: Mail.ru Bounty: $4,000 Link: https://hackerone.com/reports/683957 #14 Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice Company: Starbucks Bounty: $4,000 Link: https://hackerone.com/reports/592400 #15 Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/ Company: Shopify Bounty: $3,000 Link: https://hackerone.com/reports/73567 #16 Title: Unchecked weapon id in WeaponList message parser on client leads to RCE Company: Valve Bounty: $3,000 Link: https://hackerone.com/reports/513154 #17 Title: Drupal 7 pre auth sql injection and remote code execution Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/31756 #18 Title: RCE via ssh:// URIs in multiple VCS Company: The Internet Bug Bounty Program Bounty: $3,000 Link: https://hackerone.com/reports/260005 #19 Title: Remote Code Execution on Git.imgur-dev.com Company: Imgur Bounty: $2,500 Link: https://hackerone.com/reports/206227 #20 Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability] Company: PHP (IBB) Bounty: $1,500 Link: https://hackerone.com/reports/198734 #21 Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE Company: Lob Bounty: $1,500 Link: https://hackerone.com/reports/520717 #22 Title: Remote code execution using render :inline Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/113928 #23 Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage) Company: Ruby on Rails Bounty: $1,500 Link: https://hackerone.com/reports/473888 #24 Title: Remote code execution on rubygems.org Company: RubyGems Bounty: $1,500 Link: https://hackerone.com/reports/274990 #25 Title: WordPress SOME bug in plupload.flash.swf leading to RCE Company: Automattic Bounty: $1,337 Link: https://hackerone.com/reports/134738 Bonus: 10 Zero Dollars RCE Reports #1 Bonus Title: Read files on application server, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/178152 #2 Bonus Title: XXE in DoD website that may lead to RCE Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/227880 #3 Bonus Title: Remote Code Execution (RCE) in a DoD website Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/248116 #4 Bonus Title: Remote Unrestricted file Creation/Deletion and Possible RCE. Company: Twitter Bounty: $0 Link: https://hackerone.com/reports/191884 #5 Bonus Title: RCE on via CVE-2017–10271 Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/576887 #6 Bonus Title: Ability to access all user authentication tokens, leads to RCE Company: GitLab Bounty: $0 Link: https://hackerone.com/reports/158330 #7 Bonus Title: Remote Code Execution via Extract App Plugin Company: Nextcloud Bounty: $0 Link: https://hackerone.com/reports/546753 #8 Bonus Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███ Company: U.S. D.o.D. Bounty: $0 Link: https://hackerone.com/reports/678496 #9 Bonus Title: Remote Code Execution in Rocket.Chat Desktop Company: Rocket.chat Bounty: $0 Link: https://hackerone.com/reports/276031 #10 Bonus Title: [npm-git-publish] RCE via insecure command formatting Company: Node.js third-party modules Bounty: $0 Link: https://hackerone.com/reports/730121 Source
  8. In timpul liber hackthebox.eu, vizionez content de la "IppSec" mai rau ca pe Netflix
  9. When hunting for security issues, the pursuit for uncharted assets and obscure endpoints often ends up taking the focus away from obvious, but still critical, functionality. If you approach a target like you are the first person to ever perform a security assessment on it, and check everything thoroughly, I believe you are bound to find something new — especially if the code you are testing has been in continuous development for a while. This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages: the login form. Initial discovery While exploring PayPal’s main authentication flow, I noticed a javascript file containing what appeared to be a CSRF token and a session ID: This immediately drew my attention, because providing any kind of session data inside a valid javascript file usually allows it to be retrieved by attackers. In what is known as a cross-site script inclusion (XSSI) attack, a malicious web page can use an HTML <script> tag to import a script cross-origin, enabling it to gain access to any data contained within the file. Sure enough, a quick test confirmed the XSSI vulnerability and, although a javascript obfuscator was used to randomize variable names on each request, the interesting tokens were still placed in fairly predictable locations, making it possible to retrieve them with just a bit of extra work. However, a secret is only as good as the damage you can do with it. I immediately set out to find out what exactly _csrf and _sessionID were and if they could actually be used in a real attack. Digging further After countless attempts to replace regular CSRF tokens inside authenticated requests on PayPal’s platform with the value of _csrf, I came to the conclusion that a classic cross-site request forgery attack was not possible using this specific token. Similarly, a victim’s _sessionID was unfortunately not enough to impersonate them on PayPal’s site. Next, I went back to the vulnerable script and followed the tokens to find what they were actually used for. This led to a deep dive into one of PayPal’s main protection mechanisms used to prevent brute force attacks, the security challenge. While this functionality is used in many places, I will be focusing on the main login form. The idea is pretty simple: After a few failed login attempts, you are required to solve a reCAPTCHA challenge before you can try again. The implementation, however, may raise some eyebrows. Upon detecting a possible brute-force attempt, the response to the next authentication attempt is a page containing nothing but a Google captcha. If the captcha is solved by the user, an HTTP POST request to /auth/validatecaptcha is initiated. The familiar _csrf and _sessionID are present in the request body, as well as two other values, which we will get to a bit later. The response to the captcha validation request is meant to re-introduce the user into the authentication flow. To this end, it contains a self-submitting form with all the data provided in the user’s latest login request, including their email and plain text password. I realized that, with the correct timing and some user interaction, knowing all the tokens used in this request was enough to get the victim’s PayPal credentials. In a real-life attack scenario, the only user interaction needed would have been a single visit to an attacker-controlled web page. So I went back and tried to figure out what the missing parameters were. This was easier than expected: The value of jse was not validated at all. recaptcha was the token provided by Google upon solving a reCAPTCHA challenge. It was not tied to a specific session, so any valid token— for example, from an automated solving service — would be accepted. Exploitation Putting all this together, I created a proof of concept that demonstrated the whole process, except for integrating a captcha solving service. First, the proof of concept would exploit the initial XSSI vulnerability to get a set of tokens which were valid in the victim’s session. It would then launch a few authentication requests with random credentials from the victim’s browser, simulating a brute force attempt, which would trigger the security challenge flow. Once the victim logged in to PayPal using the same browser, the cached random credentials would be replaced by the user’s own email and password. The last step was obtaining a fresh reCAPTCHA token, after which the plain text credentials would be retrieved from the /auth/validatecaptcha endpoint and displayed on the page. The final page shown by my proof of concept code contained your email and password I later found that the same vulnerable process was also used on some unauthenticated checkout pages, allowing plain text credit card data to be leaked using the same technique. Disclosure The proof of concept, along with all relevant information, was submitted to PayPal’s bug bounty program on the 18th of November 2019, and was validated by HackerOne 18 days later. Following a quick acknowledgement by the PayPal team and a few additional questions, I was awarded a $15,300 bounty on the 10th of December. The reward amount corresponds with the bug’s 8.0 (High) CVSS score, which is the same score that I had initially suggested when submitting the report. A patch was applied around 24 hours later, meaning that the bug was fixed only five days after PayPal became aware of it — quite an impressive turnaround time. Fix and prevention advice The /auth/validatecaptcha endpoint now requires an additional CSRF token, which cannot be leaked using cross-site script inclusion. While this properly fixes the vulnerability, I believe that the whole thing could have been prevented when designing the system by following one of the oldest and most important pieces of infosec advice: Never store passwords in plain text. By the way, I am looking to do security assessments and bug bounty program management work. I have experience in security testing, vulnerability triage, as well as a background in software development. Does this sound of interest to you? You can get in touch via alex@ethicalhack.ro. Source https://medium.com/@alex.birsan/the-bug-that-exposed-your-paypal-password-539fc2896da9
  10. https://www.cnet.com/news/nordvpn-user-accounts-were-compromised-and-passwords-exposed-report-says/ Cred ca mai merg
  11. Nu m-am interesat de unde sunt, pentru ce il folosesc eu nu prea conteaza.
  12. Sincer versiunea "prime" merge destul de bine. Tinand cont ca nu ma conectez din aceasi tara mi se pare chiar ok. Same country as connection
  13. WindScribe is definitely one of the most popular VPN service among users worldwide (check in-depth review -> Googlce trends). The company is famous for its fully functional FREE version with 10 GB data, dedicated servers for streaming, unlimited bandwidth and unique technology called R.O.B.E.R.T. (“Remote Omnidirectional Badware Eliminating Robotic Tool”) which helps to blocks Ads, trackers and malware. With a strong AES-256 encryption the company doesn’t have a huge pool of servers but spread them over 55 countries and 100 cities. Another innovative thing about WindScribe is the ability to build your own subscription plan, so the price can start from $1/month. So any additional location will cost you $1/month and add 10 GB on top of your allowed monthly bandwidth. Also you can select “unlimited bandwidth + R.O.B.E.R.T.” for additional $1/month. The company also runs promotions, special offers and deals from time to time so you can save some extra. A good time to find exclusive WindScribe coupon or promo code is Black Friday, New Year, Halloween, etc. So don’t miss a chance to save big on a top rated VPN service "HOWTO" WindScribe - build a custom plan with "Build a Plan" option and save upto 90% off of the original price
  14. Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users. Both the accused are members of the infamous Romanian hacking group called Bayrob. Nicolescu was the group leader whereas Miclaus served as the co-conspirator. The third accused, Tiberiu Danet, is also a member of the same group. In November 2018, Danet pleaded guilty to eight of the charges and will be sentenced on January 8, 2020. See: Dutch Police Nabs Romanian Gang for Stealing $590K worth of iPhones According to the official press release, the duo was found guilty of 21 counts of money laundering, wire fraud, identity theft, and malware development for mining bitcoin and monero cryptocurrencies through utilizing host computers’ resources apart from other crimes. “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” said FBI Special Agent in Charge Eric Smith. “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals and bring justice to the victims.” The Bayrob Group was founded in 2007 and operated actively until the apprehension and extradition of its key members, including the group leader Nicolescu, in 2016. This group operated from the outskirts of Bucharest and carried out different hacking and malware campaigns including spam emails loaded with dangerous Trojans sent as harmless messages from renowned firms and enterprises. The emails mostly contained attachments hiding the Bayrob botnet, and were sent from the IRS, Norton, and Western Union. As soon as the user clicked on the attachment, the computer got infected with the malware, and all the installed malware protection tools got disabled while access to websites of law enforcement agencies was also blocked. The attackers copied the email contacts of the victim through the malware and sent the infected emails to them as well. Through the botnet, the Romanian hacker group managed to steal $4 million. Moreover, the group also developed crypto miners to mine for Bitcoin and Monero and scan and transfer the victims’ crypto wallet ownership along with the funds. They also stole personal data from the infected computers including credit card information, login credentials, and usernames/passwords on different websites. Furthermore, the malware enabled the system to register AOL accounts, which were used to send more malicious emails. The duo got 100,000 email accounts registered through this method and subsequently sent out tens of millions of infected emails. They also replaced legitimate websites like eBay with fake replicas and when the victim accessed these websites, they were tricked into entering their credentials to the fake webpage instead of the authentic ones. It did not end here; the group also used eBay for their nefarious objectives. The duo placed over 1,000 fake listings of motorbikes and automobiles on eBay and uploaded malware-infected images on these listings. Users who clicked on the images were redirected to fake eBay ordering pages where the victims were encouraged to pay for the items. A person was hired to play the role of fictional eBay Escrow Agent whose only job was to collect the money from the victim and transfer it to the hacker duo. “These sentences handed down today reflect the dynamic landscape in which international criminals utilize sophisticated cyber methods to take advantage of and defraud, unsuspecting victims anywhere in the world,” added Special Agent Smith. Source https://www.hackread.com/20-years-prison-romanian-hackers-infected-computers/
  15. The official Cayman Islands tourism website brags about the territory's stunning beaches, exotic wildlife and contemporary art museums. Yet, it's probably better known for the allegations of money laundering made against it by other governments, including that of the United States, which is what makes the claim that hackers published 2TB of the Cayman National bank's confidential data interesting. A pseudonymous Twitter account called Distributed Denial of Secrets--a play on the distributed-denial of service attacks that can bring down even the largest websites-- said on Saturday that it was releasing "copies of the servers of Cayman National Bank and Trust." The account has also claimed to have released more information over the last few days and to have upgraded its servers to cope with traffic spikes. Cayman National operates numerous branches in the Cayman Islands proper, Isle of Man and Dubai. Distributed Denial of Secrets claimed that it's "allegedly been used for money laundering by Russian oligarchs and others" as well, which is why it published the bank's confidential data. The goal appears to be giving people access to private information that could prove or disprove those allegations of wrongdoing. Distributed Denial of Secrets said it didn't hack Cayman National itself. Instead, the data appears to have been stolen by someone called "Phineas Fisher," and its revelation was announced by HackBack alongside an explanation of Fisher's actions. A copy of the original statement can be found in the tweets discussing this leak and a report from Unicorn Riot; a translated version was also shared to Pastebin. Cayman National doesn't appear to have acknowledged the alleged leak on its website or social media profiles. It does say on its website that it's requiring clients to share additional information "in connection with the regulations of the global financial industry," however, and that many of its services would be unavailable on November 17 because of "a major upgrade and maintenance programme." The company also offered a helpful tip on its Facebook profile earlier today: "Refrain from accessing Online Banking through open and public access points, such as Internet cafes, public libraries, etc." That's a remarkably odd thing to share on Facebook while people on platforms like Twitter and Hacker News discuss a purported leak of terabytes' worth of private information. Phineas Phisher - Hack Back - Bank https://pastebin.com/8rXhtqgr More info https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/ Full archive and backups
  16. https://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-the-vbulletin-rce-cve-2019-16759-exploit/
  17. Vechime: 2012 Balanta: 45.00 € Ultima plata: 2017 Pret: 100 € Tara aprobare: Spania Nu a mai avut activitate de 2 ani aprox. A fost generat cu continut legal in limba spaniola si engleza. Plata de prefertat in crypto: ETH, BTC, XLM
  18. Amazon has thousands of workers around the world who listen to and review private Alexa conversations with the goal of helping improve the speech assistant’s technology, according to Bloomberg. The report said the Amazon team transcribes the recordings and shares the conversations with other parts of the company in order to make Alexa’s “understanding of human speech” better. The team is spread across different regions, including Boston, India, and Romania, Bloomberg said, and some of the workers review up to 1,000 audio clips per shift. Amazon has never publicly disclosed the role of this group or the fact that human interference is part of Alexa’s voice technology. An Amazon spokesperson noted that employees don’t have direct access to information that can identify the people speaking or the account that the snippet came from. However, Bloomberg reported that recordings are associated with account numbers, device serial numbers and the owner’s first name. The spokesperson said: Source: https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio
  19. Am vazut ca nu vrei py, dar mie mi s-a parut super simplu si usor de folosit, in caz ca te razgandesti. Eu in python am folosit selenium + pyvirtualdisplay (poti emula si rezolutia dorita)
  20. Ai incercat http://www.nirsoft.net/utils/fastresolver.html ? Script in powershell. https://gallery.technet.microsoft.com/scriptcenter/Resolve-IP-Addresses-from-df4cbbe5#content
  21. The world’s most popular Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers' personal records. The stolen data includes usernames, passwords in plain text, email addresses, IP addresses and last names of around 13.5 Million of 000Webhost's customers. According to a recent report published by Forbes, the Free Hosting service provider 000Webhost was hacked in March 2015 by an anonymous hacker. In a post on its official Facebook page, the hosting company has acknowledged the data breach and posted the following statement: "We have witnessed a database breach on our main server. A hacker used an exploit in old PHP version to upload some files, gaining access to our systems. Although the whole database has been compromised, we are mostly concerned about the leaked client information." The stolen data was obtained by Troy Hunt, an Australian security researcher, who received the data from an anonymous source and also confirmed the authenticity of the data. "By now there's no remaining doubt that the breach is legitimate and that impacted users will have to know," Hunt wrote in a blog post published Wednesday. "I'd prefer that 000webhost be the ones to notify [its customer] though." 000Webhost Ignored Data Breach Warnings Continuously 000Webhost web Hosting company repeatedly failed to pay attention to the early warnings by Troy Hunt and the Forbes journalist, but the company ultimately decided to ignore them. What's even Worse? The Web Hosting company did not even follow fundamental and standard security practices to ensure the security of its customers. Data breaches are common these days. Just a few days back, we reported about a serious data breach at TalkTalk – the biggest phone and broadband provider in the UK that put the personal data of its 4 Million customers at risk. But, What could a Security Breach lead to? Severe damage to company's reputation Loss of consumer trust Thousands of dollars in penalties and fines Personal data loss cost infinite Temporary or Permanent Closure Note: At the time of writing, 000webhost.com website is temporarily down. What Should You Do Now? For security reasons, the team at Free Hosting service has changed all customers' passwords to the random values and implemented encryption, without giving any direct notice to its affected customers. That means, if you are one of those 13.5 Million 000webhost clients, then you need to follow the password reset process to generate a new password in order to access your account. However, 000Webhost said: "We removed all illegally uploaded pages as soon as we became aware of the [data] breach. Next, we changed all the passwords and increased their encryption to avoid such mishaps in the future." Storing customers passwords in plain text, ignoring early warnings, and then implementing encryption to prevent further damages. SOURCE
  22. Baietii nu se jucau. https://www.facebook.com/PolitiaRomanawww.politiaromana.ro/videos/794474967330406/
  23. Tipic ratatilor vocabularul tau, crezi ca daca ma injuri rezolvi ceva? Nu-ti convine, da-mi report.
×
×
  • Create New...