Nytro

Exploiting PHP Format String Bugs the Easy Way I’ve been spending a lot of time poking through the PHP source-code lately, and twice now I’ve come across format string vulnerabilities. [1][2] I don’t consider format string bugs particularly interesting in-and-of themselves (they’re well known, and well understood), but it turns out PHP format strings are special. PHP adds functionality that makes these bugs a breeze to exploit. Let me explain… First though, full disclosure: this technique is not entirely my own. The original idea was inspired by Stefan Esser (@i0n1c) back in November of 2015. [3] If you enjoy security research, especially relating to PHP, I would highly recommend you follow him! Ok, PHP handles most format strings using custom internal functions. There are lots of these defined all throughout the code. For instance let’s grep for function definitions containing a format string as an argument. This isn’t perfect or scientific, but it gives you an idea. 1 2 andrew@thinkpad /tmp % grep -PRHn "const char ?\* ?(format|fmt)" ./php-7.0.3 | wc -l 149 I won’t post all of those, but here are two examples. In fact, these are the same functions that were erroneously called in the two bugs linked below. 1 2 3 static void zend_throw_or_error(int fetch_type, zend_class_entry *exception_ce, const char *format, ...) ZEND_API ZEND_COLD zend_object *zend_throw_exception_ex(zend_class_entry *exception_ce, zend_long code, const char *format, ...) ... etc ... Most, if not all, of these internal format string functions ultimately call either “xbuf_format_converter” (defined in main/spprintf.c), or “format_converter” (defined in main/snprintf.c). These two functions actually do the work of walking along the string and substituting specifiers with their corresponding values. This would be totally uninteresting, except for the fact that PHP adds one block that you don’t see in other format string implementations. From “main/spprintf.c”… Articol complet: https://jmpesp.org/blog/index.php/2016/07/28/exploiting-php-format-string-bugs-the-easy-way/

Defeating Antivirus Real-time Protection From The Inside 28 July 2016 on assembly, hacking, antivirus Hello again! In this post I'd like to talk about the research I did some time ago on antivirus real-time protection mechanism and how I found effective ways to evade it. This method may even work for evading analysis in sandbox environments, but I haven't tested that yet. The specific AV I was testing this method with was BitDefender. It performs real-time protection for every process in user-mode and detects suspicious behaviour patterns by monitoring the calls to Windows API. Without further ado, let's jump right to it. What is Realtime Protection? Detecting malware by signature detection is still used, but it is not very efficient. More and more malware use polymorphism, metamorphism, encryption or code obfuscation in order to make itself extremely hard to detect using the old detection methods. Most new generation AV software implement behavioral detection analysis. They monitor every running process on the PC and look for suspicious activity patterns that may indicate the computer was infected with malware. As an example, let's imagine a program that doesn't create any user interface (dialogs, windows etc.) and as soon as it starts, it wants to connect and download files from external server in Romania. This kind of behaviour is extremely suspicious and most AV software with real-time protection, will stop such process and flag it as dangerous even though it may have been seen for the first time. Now you may ask - how does such protection work and how does the AV know what the monitored process is doing? In majority of cases, AV injects its own code into the running process, which then performs Windows API hooking of specific API functions that are of interest to the protection software. API hooking allows the AV to see exactly what function is called, when and with what parameters. Cuckoo Sandbox, for example, does the same thing for generating the detailed report on how the running program interacts with the operating system. Let's take a look at how the hook would look like for CreateFileW API imported from kernel32.dll library. This is how the function code looks like in its original form: 76B73EFC > 8BFF MOV EDI,EDI 76B73EFE 55 PUSH EBP 76B73EFF 8BEC MOV EBP,ESP 76B73F01 51 PUSH ECX 76B73F02 51 PUSH ECX 76B73F03 FF75 08 PUSH DWORD PTR SS:[EBP+8] 76B73F06 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] ... 76B73F41 E8 35D7FFFF CALL <JMP.&API-MS-Win-Core-File-L1-1-0.C> 76B73F46 C9 LEAVE 76B73F47 C2 1C00 RETN 1C Now if an AV was to hook this function, it would replace the first few bytes with a JMP instruction that would redirect the execution flow to its own hook handler function. That way AV would register the execution of this API with all parameters lying on the stack at that moment. After the AV hook handler finishes, they would execute the original set of bytes, replaced by the JMP instruction and jump back to the API function for the process to continue its execution. This is how the function code would look like with the injected JMP instruction: Hook handler: 1D001000 < main hook handler code - logging and monitoring > ... 1D001020 8BFF MOV EDI,EDI ; original code that was replaced with the JMP is executed 1D001022 55 PUSH EBP 1D001023 8BEC MOV EBP,ESP 1D001025 -E9 D72EB759 JMP kernel32.76B73F01 ; jump back to CreateFileW to instruction right after the hook jump CreateFileW: 76B73EFC >-E9 FFD048A6 JMP handler.1D001000 ; jump to hook handler 76B73F01 51 PUSH ECX ; execution returns here after hook handler has done its job 76B73F02 51 PUSH ECX 76B73F03 FF75 08 PUSH DWORD PTR SS:[EBP+8] 76B73F06 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] ... 76B73F46 C9 LEAVE 76B73F47 C2 1C00 RETN 1C There are multiple ways of hooking code, but this one is the fastest and doesn't create too much bottleneck in code execution performance. Other hooking techniques involve injecting INT3 instructions or properly setting up Debug Registers and handling them with your own exception handlers that later redirect execution to hook handlers. Now that you know how real-time protection works and how exactly it involves API hooking, I can proceed to explain the methods of bypassing it. There are AV products on the market that perform real-time monitoring in kernel-mode (Ring0), but this is out of scope of this post and I will focus only on bypassing protections of AV products that perform monitoring in user-mode (Ring3). The Unhooking Flashbang As you know already, the real-time protection relies solely on API hook handlers to be executed. Only when the AV hook handler is executed, the protection software can register the call of the API, monitor the parameters and continue mapping the process activity. It is obvious that in order to completely disable the protection, we need to remove API hooks and as a result the protection software will become blind to everything we do. In our own application, we control the whole process memory space. AV, with its injected code, is just an intruder trying to tamper with our software's functionality, but we are the king of our land. Steps to take should be as follows: Enumerate all loaded DLL libraries in current process. Find entry-point address of every imported API function of each DLL library. Remove the injected hook JMP instruction by replacing it with the API's original bytes. It all seems fairly simple until the point of restoring the API function's original code, from before, when the hook JMP was injected. Getting the original bytes from hook handlers is out of question as there is no way to find out which part of the handler's code is the original API function prologue code. So, how to find the original bytes? The answer is: Manually retrieve them by reading the respective DLL library file stored on disk. The DLL files contain all the original code. In order to find the original first 16 bytes (which is more than enough) of CreateFileW API, the process is as follows: Read the contents of kernel32.dll file from Windows system folder into memory. I will call this module raw_module. Get the base address of the imported kernel32.dll module in our current process. I will call the imported module imported_module. Fix the relocations of the manually loaded raw_module with base address of imported_module (retrieved in step 2). This will make all fixed address memory references look the same as they would in the current imported_module (complying with ASLR). Parse the raw_module export table and find the address of CreateFileW API. Copy the original 16 bytes from the found exported API address to the address of the currently imported API where the JMP hook resides. This will effectively overwrite the current JMP with the original bytes of any API. If you want to read more on parsing Portable Executable files, the best tutorial was written by Iczelion (the website has a great 90's feel too!). Among many subjects, you can learn about parsing the import table and export table of PE files. When parsing the import table, you need to keep in mind that Microsoft, with release of Windows 7, introduced a strange creature called API Set Schema. It is very important to properly parse the imports pointing to these DLLs. There is a very good explanation of this entity by Geoff Chappel in his The API Set Schema article. Stealth Calling The API unhooking method may fool most of the AV products that perform their behavioral analysis in user-mode. This however does not fool enough, the automated sandbox analysis tools like Cuckoo Sandbox. Cuckoo apparently is able to detect if API hooks, it put in place, were removed. That makes the previous method ineffective in the long run. I thought of another method on how to bypass AV/sandbox monitoring. I am positive it would work, even though I have yet to put it into practice. For sure there is already malware out there implementing this technique. First of all, I must mention that ntdll.dll library serves as the direct passage between user-mode and kernel-mode. Its exported APIs directly communicate with Windows kernel by using syscalls. Most of the other Windows libraries eventually call APIs from ntdll.dll. Let's take a look at the code of ZwCreateFile API from ntdll.dll on Windows 7 in WOW64 mode: 77D200F4 > B8 52000000 MOV EAX,52 77D200F9 33C9 XOR ECX,ECX 77D200FB 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4] 77D200FF 64:FF15 C0000000 CALL DWORD PTR FS:[C0] 77D20106 83C4 04 ADD ESP,4 77D20109 C2 2C00 RETN 2C Basically what it does is pass EAX = 0x52 with stack arguments pointer in EDX to the function, stored in TIB at offset 0xC0. The call switches the CPU mode from 32-bit to 64-bit and executes the syscall in Ring0 to NtCreateFile. 0x52 is the syscall for NtCreateFile on my Windows 7 system, but the syscall numbers are different between Windows versions and even between Service Packs, so it is never a good idea to rely on these numbers. You can find more information about syscalls on Simone Margaritelli blog here. Most protection software will hook ntdll.dll API as it is the lowest level that you can get to, right in front of the kernel's doorstep. For example if you only hook CreateFileW in kernel32.dll which eventually calls ZwCreateFile in ntdll.dll, you will never catch direct API calls to ZwCreateFile. Although a hook in ZwCreateFile API will be triggered every time CreateFileW or CreateFileA is called as they both eventually must call the lowest level API that communicates directly with the kernel. There is always one loaded instance of any imported DLL module. That means if any AV or sandbox solution wants to hook the API of a chosen DLL, they will find such module in current process' imported modules list. Following the DLL module's export table, they will find and hook the exported API function of interest. Now, to the interesting part. What if we copied the code snippet, I pasted above from ntdll.dll, and implemented it in our own application's code. This would be an identical copy of ntdll.dll code that will execute a 0x52 syscall that was executed in our own code section. No user-mode protection software will ever find out about it. It is an ideal method of bypassing any API hooks without actually detecting and unhooking them! Thing is, as I mentioned before, we cannot trust the syscall numbers as they will differ between Windows versions. What we can do though is read the whole ntdll.dll library file from disk and manually map it into current process' address space. That way we will be able to execute the code which was prepared exclusively for our version of Windows, while having an exact copy of ntdll.dll outside of AV's reach. I mentioned ntdll.dll for now as this DLL doesn't have any other dependencies. That means it doesn't have to load any other DLLs and call their API. Its every exported function passes the execution directly to the kernel and not to other user-mode DLLs. It shouldn't stop you from manually importing any other DLL (like kernel32.dll or user32.dll), the same way, if you make sure to walk through the DLLs import table and populate it manually while recursively importing all DLLs from the library's dependencies. That way the manually mapped modules will use only other manually mapped dependencies and they will never have to touch the modules that were loaded into the address space when the program was started. Afterwards, it is only a matter of calling the API functions from your manually mapped DLL files in memory and you can be sure that no AV or sandbox software will ever be able to detect such calls or hook them in user-mode. Conclusion There is certainly nothing that user-mode AV or sandbox software can do about the evasion methods I described above, other than going deeper into Ring0 and monitoring the process activity from the kernel. The unhooking method can be countered by protection software re-hooking the API functions, but then the APIs can by unhooked again and the cat and mouse game will never end. In my opinion the stealth calling method is much more professional as it is completely unintrusive, but a bit harder to implement. I may spend some time on the implementation that I will test against all popular sandbox analysis software and publish the results. As always, I'm always happy to hear your feedback or ideas. You can hit me up on Twitter @mrgretzky or send an email to kuba@breakdev.org. Enjoy and see you next time! Sursa: https://breakdev.org/defeating-antivirus-real-time-protection-from-the-inside/

Tplmap Tplmap (short for Template Mapper) is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities (SSTI). This assists SSTI exploitation to compromise the application and achieve remote command execution on the operating system. The tool can be used by security researches and penetration testers, to detect and exploit vulnerabilities and study the template injection flaws. Tplmap template capabilities can be extended via plugins. Several sandbox break-out methodologies came from James Kett's research Server-Side Template Injection: RCE For The Modern Web App and other original researches. As advanced features Tplmap detects and achieves command execution in case of blind injections and is able to inject in code context. Link: https://github.com/epinna/tplmap

Uninitialized Stack Variable – Windows Kernel Exploitation Introduction We are going to discuss about use of Uninitialized Stack Variable vulnerability. This post will brief you about what is an uninitialized variable, what could be the adverse effect of uninitialized variable vulnerability in your code. We will discuss this by taking example of an Uninitialized Stack Variable vulnerability implemented in HackSys Extreme Vulnerable Driver. We will understand what the problem in the code is, how we can trigger it, and finally, how we can exploit it in Kernel mode to get SYSTEMprivilege. Uninitialized Variable Wikipedia: In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software. Articol complet: http://www.payatu.com/uninitialized-stack-variable/

Windows 10 x86/wow64 Userland heap Published July 5, 2016 | By Corelan Team (corelanc0d3r) Introduction Hi all, Over the course of the past few weeks ago, I received a number of "emergency" calls from some relatives, asking me to look at their computer because "things were broken", "things looked different" and "I think my computer got hacked". I quickly realized that their computers got upgraded to Windows 10. We could have a lengthy discussion about the strategy to force upgrades onto people, but in any case it is clear that Windows 10 is gaining market share. This also means that it has become a Windows version that is relevant enough to investigate. In this post, I have gathered some notes on how the userland heap manager behaves for 32bit processes in Windows 10. The main focus of my investigation is to document the similarities and differences with Windows 7, and hopefully present some ideas on how to manipulate the heap to increase predictability of its behavior. More specifically, aside from documenting behavior, I am particularly interested in getting answers to the following questions: How does the back-end allocator behave? What does it take to activate the LFH? What are the differences in terms of LFH behavior between Win7 and Win10, if any? What options do we have to create a specific heap layout that involves certain objects to be adjacent in memory? (objects of the same size, objects of different sizes) Can we perform a "reliable" and precise heap spray? As I am a terrible reverse engineer, it’s worth noting that the notes below are merely a transcript of my observations, and not backed by disassembling/decompiling/reverse engineering ntdll.dll. Furthermore, as the number of tests were limited (far below what would be needed to provide some level of statistical certainty), I am not 100% sure that my descriptions can be considered a true representation of reality. In any case, I hope the notes will inspire people to do more tests, to perform reverse engineering on some of the heap management related code, and share more details on how things were implemented. This post assumes that you already have experience with the Windows 7 heap and its front-end and back-end allocators, and that you understand the output of various !heap commands. In my test applications, I’ll be using the default process heap. It would be fair to assume that the notes below apply to all windows heaps and applications that rely on the windows heap management system. Throughout this post, I will use the following terminology: chunk: a contiguous piece of memory block: size unit, referring to 8 bytes of memory. (Don’t be confused when you see the word "block" in WinDBG output. WinDBG uses the term "block" to reference a chunk. I am using different terminology. virtualallocdblock: a chunk that was allocated through RtlAllocateHeap, but is larger than the VirtualMemoryTHreshold (and thus is not stored inside a segment, but rather as a separate chunk in memory), and managed through the VirtualAllocdBlocks list. (offset 0x9c in the heap header) segment: the heap management unit, managed by a heap, used to allocate & manage chunks. The segment list is managed inside the heap header (offset 0xa4) SubSegment: the LFH management unit used to manage LFH chunks Articol complet: https://www.corelan.be/index.php/2016/07/05/windows-10-x86wow64-userland-heap/

Pangu 9 Internals Tielei Wang & Hao Xu & Xiaobo Chen Te a m P a n g u Agenda ✤iOS Security Overview ✤Pangu 9 Overview ✤Userland Exploits ✤Kernel Exploits &Kernel Patching ✤Persistent Code Signing Bypass ✤Conclusion Download: http://blog.pangu.io/wp-content/uploads/2016/08/us-16-Pangu9-Internals.pdf

S-au publicat slide-urile si whitepapers (cele care au) de la Blackhat 2016 US: Link: https://www.blackhat.com/us-16/briefings.html

If you get caught using a VPN in the UAE, you will face fines of up to $545,000 UAE has introduced a federal law banning the use of VPNs to try to avoid paying for expensive VOIP services. By Mary-Ann Russon July 27, 2016 16:41 BST UAE President Sheikh Khalifa bin Zayed Al Nahyan (right) has issued new federal laws banning the use of VPNs in the countryReuters The President of the United Arab Emirates (UAE) has issued a series of new federal laws relating to IT crimes, including a regulation that forbids anyone in the UAE from making use of virtual private networks (VPN) to secure their web traffic from prying eyes. The new law states that anyone who uses a VPN or proxy server can be imprisoned and fined between Dh500,000-Dh2,000,000 ($136,000-$545,000, £415,000, €495,000) if they are found to use VPNs fraudently. VPNs are services that allow users anywhere in the world to connect to a private network on the internet. These are useful for online privacy, as they hide the user's actual location.Previously, the law was restricted to prosecuting people who used VPNs as part of an internet crime, but UK-based VPN and privacy advocate Private Internet Access says that the law has now changed to enable police in the UAE to go after anyone who uses VPNs to access blocked services, which is considered to be fraudulent use of an IP address. However, they can also be used to circumvent region restrictions on content – such as tricking Netflix US into thinking that foreign users are based in that country, or bypassing state censorship in China or Turkey to access services like Twitter and Facebook or even pornographic websites. VPNs are also often used in conjunction with the Tor anonymity network to access websites hidden on the Dark Web. The fight against free VoIP apps At the moment, a large number of people residing in the UAE utilise VPNs in order to access popular apps that are inaccessible from within the Gulf nation like WhatsApp, Snapchat and Viber, which are messaging and voice apps that make use of Voice over IP (VoIP) technology to deliver voice calls over the internet for free. VoIP "over-the-top" apps have long been a thorn in the sides of telecoms operators around the world, because consumers no longer need to pay international calling rates to speak to their loved ones – they can just speak to them on Skype, WhatsApp, Facebook Messenger, Viber or Snapchat. But the UAE is one of the first governments in the world to actually regulate on behalf of and for its telecoms companies in order to help them stem loss of revenue from VoIP apps. Etisalat and du are the only two companies in the world that have been granted licences by the UAE government to offer commercial VoIP services, which can be expensive, and rather than enable citizens and residents to have choice about what services they want to use, the government is assisting UAE's telecom providers in upholding a monopoly on voice calls made in the country. Although experts have criticised the UAE and Etisalat and du in the past for seeking to block the voice calling features in Snapchat, Skype and Whatsapp from working in the UAE, the UAE's telecoms regulator stands by the Etisalat and du, and also says that the apps should be banned due to security concerns. Sursa: http://www.ibtimes.co.uk/if-you-get-caught-using-vpn-uae-you-will-face-fines-545000-1572888

Doi ruşi au fost arestaţi după ce au spart două bancomate din Capitală Doi cetăţeni ruşi au fost arestaţi preventiv de magistraţii Tribunalului Bucureşti, fiind acuzaţi că au spart două bancomate din Capitală, de unde au reuşit să sustragă aproape 250.000 de lei, informează News.ro. Foto: Gulliver/Getty Images Potrivit procurorilor Direcţiei de Investigare a Infracţiunilor de Criminalitate Organizată şi Terorism (DIICOT), în noaptea de 2 iulie, cei doi cetăţeni ruşi - Artur Shcherbina şi Artem Kuznetsov - au pătruns în incinta zonei de 24h banking a unei bănci din Sectorul 2 din Bucureşti, unde, în timp ce Kuznetsov a asigurat paza, celălalt a decupat un segment din partea din faţă a ATM-ului, s-a conectat ilegal la sistemul informatic şi a generat comenzi care au determinat eliberarea sumei de 10.995 de lei din dispenserul bancomatului. În aceeaşi noapte, cei doi au spart şi o unitate bancară din Sectorul 6, reuşind să fure 236.800 de lei din bancomat. DIICOT precizează că acţiunea celor doi face parte din categoria de atacuri "Jackpotting”, fiind de tipul "Black Box”, în care autorii decupează o porţiune din masca ATM-ului pentru a avea acces la infrastructura acestuia. Dispenserul de bancnote este deconectat de la sistemul bancomatului, iar un dispozitiv extern deţinut de către autori ("Black Box”) este conectat la dispenser. Dispozitivul lansează comenzi către dispenser, având ca rezultat eliberarea neautorizată a banilor din ATM. Anchetatorii au stabilit că astfel de atacuri au fost înregistrate recent şi în alte ţări europene, între care Germania şi Italia. Cei doi ruşi locuiau într-un hotel din Ploieşti, iar în urma percheziţiilor făcute în 25 iulie în camera în care erau cazaţi au fost găsite şi ridicate dispozitive pentru tăiere, dispozitive de conectare la sistemul informatic şi accesorii folosite la comiterea celor două atacuri. Cetăţenii ruşi au fost reţinuţi de procurori, pentru infracţiunile de acces ilegal la un sistem informatic, furt calificat şi distrugere, iar marţi Tribunalului Bucureşti a dispus arestarea preventivă a acestora pentru 30 de zile. Sursa: http://www.digi24.ro/Stiri/Digi24/Actualitate/Stiri/Doi+rusi+au+fost+arestati+preventiv+dupa+ce+au+spart+doua+bancom

In acest an conferinta OWASP locala va avea loc pe 6 octombrie la Sheraton Hotel Bucharest si va fi un eveniment de o zi cu prezentari si doua traininguri focusate pe securitatea aplicatiilor. Detaliile despre OWASP Bucharest AppSec Conference 2016 vor fi publicate aici: https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2016 Inregistrarea prezentarilor se realizeaza aici. Oportunitatile de sponsorizare sunt in acest document. Va puteti inscrie cu prezentari sau workshop-uri din urmatoarele arii si nu numai: • Security aspects of new / emerging web technologies / paradigms / languages / frameworks • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC, etc. • Security of web frameworks (Struts, Spring, ASP.Net MVC, RoR, etc) • Vulnerability analysis (code review, pentest, static analysis etc) • Threat modelling of applications • Mobile security and security for the mobile web • Cloud security • Browser security and local storage • Countermeasures for application vulnerabilities • New technologies, paradigms, tools • Application security awareness and education • Security in web services, REST, and service oriented architectures • Privacy in web apps, Web services and data storage Important: termenul limita pentru inscrierea prezentarilor este 28 august lista speakerilor confirmati va fi anuntata pe 1 septembrie conferinta va avea loc pe 6 octombrie prezentarile vor avea durata de 40 de minute fiecare va exista un speaker agreement

Nu, activitatea se desfasoara la sediul Dell/SecureWorks (Bucuresti). Lucrez la SecureWorks, firma care face parte din Dell.

Job-uri la Dell: Windows System Administrator: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/windows-system-administrator-86347 Network Security Engineer - Firewall: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-security-engineer-firewall-87655 IT Project Manager - Software: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/it-project-manager-software-89906 Technical Support Manager: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-support-manager-91575 Network Support Senior Specialist - Cloud: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-design-senior-specialist-91619 Network Support Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineering-consultant-critical-incident-team-90776 VMWare Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vmware-consultant-critical-incident-team-91171 Software Development Senior Specialist - .NET and Oracle: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/.net-senior-software-developer-internal-it-90723 DLP Platform Engineer: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/dlp-platform-engineer-91683 Incident Management Advisor: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/incident-management-advisor-92485 Java Software Developer - Credit Card Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91832 Java Software Developer - Leasing Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91840 Sr. Java Software Developer - Leasing Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91863 Storage Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/storage-consultant-critical-incident-team-91298 Job-uri la SecureWorks: Vulnerability Specialist - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-specialist-85444 Penetration Tester - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/penetration-tester-87625 Linux System Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/linux-system-administrator-secureworks-89426 Junior Linux Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/junior-linux-administrator-secureworks-bucharest-89427 Technical Testing Tools Developer - Ruby & JavaScript - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-testing-tools-developer-ruby-javascript-88418 Information Security Risk Management Advisor - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-risk-management-advisor-secureworks-bucharest-89300 Desktop Support Analyst - Rotating Shifts - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/desktop-support-analyst-rotating-shifts-secureworks-bucharest-91424 Application Support Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/application-support-engineer-secureworks-90450 Security Systems Manager - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/security-systems-manager-secureworks-90978 Network Engineer - Firewall - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineering-advisor-secureworks-90650 Front-End Web Developer - JavaScript - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/front-end-web-developer-javascript-secureworks-bucharest-89905 Data Protection Analyst - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/data-protection-analyst-secureworks-91890 SharePoint Designer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/sharepoint-designer-secureworks-bucharest-89716 Data Loss Prevention Advisor - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/data-loss-prevention-advisor-secureworks-90261 Information Security Specialist - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-specialist-rotating-shifts-secureworks-91948 Information Security Team Leader - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-team-leader-secureworks-91949 Skype System Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/skype-system-administrator-secureworks-92615 Internship - Security Solutions - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/internship-security-solutions-secureworks-92325 McAfee Security Specialist - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/mcafee-security-specialist-rotating-shifts-secureworks-91852 Vulnerability Management Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-management-engineer-secureworks-92247 Senior McAfee ePO Platform Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-mcafee-epo-platform-engineer-secureworks-91792 Lista completa job-uri disponibile: http://p.rfer.us/DLLiBIN7O

Job-uri pe "security" (dar nu numai) la o firma care ofera doar servicii de "security" (Penetration Testing, Incident Response, Managed Security Services etc.): http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/search/5379111

Testez chiar acum. Da, nu prea merge de pe Tor. Ciudat. Foate ciudat. O sa ii intreb pe baietii de la hosting daca stiu ceva despre asta. Nu avem nicio regula in iptables (sau orice altceva) legat de Tor. Mai banam IP-uri cand primim DDOS, dar acum nu mai e niciun IP blocat.

Internship - Security Solutions - Rotating Shifts - SecureWorks Internship - Security Solutions - Rotating Shifts - SecureWorks Bucharest, Romania SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We've been consistently recognized by industry analysts, readers' polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide. Key Responsibilities Are you interested to start a career in Information Security? Then Dell SecureWorks is where you want to start! We are looking for passionate people that want to join our battle to protect our customers from Cybercrime. In this role you will be given a chance to learn from professionals that focus on providing the best cybersecurity services for the our clients. You will enjoy a multicultural, diverse and dynamic experience, during this 3 months contract, having the possibility to become a permanent employee. This role implies a rotating shift schedule of 12/24 -12/48 with the intial training period in regular business hours schedule (8 h/day). Your core focus will be: - Learn what security operations mean for all the SOC roles (Infosec, Vulnerability Management, Penetration Testing, Security Risk Management, Data Loss Prevention) - Get accustomed with some of the most complex security systems deployed on the customers served in SecureWorks Romania - Learn the SecureWorks culture and meet our local and global specialists As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned. Essential Requirements - You are passionate about the IT and Networking industry - You want to develop your Information Security skills - You are analytical and security focused - You like to spot trends and big picture - You have prioritization skills, sense of urgency - You communicate well to build relationship and trust - You are fluent in English. Desirable Requirements - Ideally recent graduate or final year student in a technically focused University - Basic knowledge of IT Security - Any IT certifications are a plus (CCNA, CompTIA Security+) SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages. 16000J94 http://dell.referrals.selectminds.com/jobs/internship-security-solutions-secureworks-92325

OSCP.

A prezentat la Defcamp in detaliu. Vezi daca gasesti slide-urile.

http://andreicostin.com/index.php/brain/2009/11/14/ratb_card_activ_hacked http://andreicostin.com/media/blogs/brain/RATB_Card_Security_Assessment_v0_1.pdf

Fake, aparent.

After a long development cycle (including many betas and release candidates to get everything just exactly perfect) we're pleased to announce the availability of the new stable release. You'll find updates throughout the system, with the latest development tools and recent versions of applications, window managers, desktop environments, and utilities. The Linux kernel is updated to version 4.4.14 (part of the 4.4.x kernel series that will be getting long-term support from the kernel developers). We've brought together the best of these and other modern components and worked our magic on them. If you've used Slackware before, you'll find the system feels like home. For additional information, see the official announcement and the release notes. For a complete list of included packages, see the package list. Build scripts for all kinds of additional software for Slackware 14.2 can be found on the slackbuilds.org website. Want to give Slackware 14.2 a test drive without modifying your disk drive? Then check out Slackware Live Edition! This is a complete Slackware installation that can run from a CD, DVD, or USB stick. Thanks to Eric Hameleers for the great work on this! Here's where to find it: http://bear.alienbase.nl/mirrors/slackware/slackware-live/ Need help? Check out our documentation site, docs.slackware.com. Stop by and share your knowledge! Please consider supporting the Slackware project by picking up a copy of the Slackware 14.2 release from the Slackware Store. The discs are off to replication, but we're accepting pre-orders for the official 6 CD set and the DVD. The CD set is the 32-bit x86 release, while the DVD is a dual-sided disc with the 32-bit x86 release on one side and the 64-bit x86_64 release on the other. Thanks to our subscribers and supporters for keeping Slackware going all these years. Thanks to the Slackware team for all the hard work getting 14.2 ready for action! And of course, thanks to all the open source developers upstream, and to the Slackware community on linuxquestions.org for all the help with bug reports, suggestions, and patches. We couldn't have done it without you. Enjoy the new stable release! Pat and the Slackware crew +--------------------------+ Slackware 14.2 for ARM is also available. For details, see: http://arm.slackware.com Link: http://www.slackware.com/

Nu am aprobat topicul deoarece suna dubios. Posteaza din nou, putin mai explicit, deoarece nu se intelegea exact asta.

Mda... https://dev.mysql.com/doc/refman/5.7/en/blob.html

http://9gag.com/gag/aB1rZ3D Rezultat: http://9gag.com/gag/aXwXgXg

O solutie simpla si eficienta ar fi urmatoarea: 1. Faci o lista cu fisierele in care pastrezi si marimea lor (poti face si o sortare prin insertie, adica sa le ordonezi in functie de marime pentru optimizare) 2. Parcurgi lista si vezi care fisiere au aceeasi dimensiune (o sa iti fie usor daca lista e ordonata) 3. Pentru fisierele cu aceeasi marime, le compari byte cu byte, doar sa ai grija sa faci comparatia intre fiecare fisier si toate celelalte cu aceeasi dimensiune Nu este deloc practic sa faci hash-uri (ca idee) deoarece dureaza foarte mult. O comparatie byte cu byte este mult mai rapida. Ca sa faci hash-ul unui fisier iei toti bytes si ii treci printr-o gramada de operatii matematice ca apoi sa rezulte un hash, iar aceste operatii dureaza foarte mult. Comparatia simpla se face in O(n). E doar o idee.

https://www.facebook.com/sarah.leblanc.718/media_set?set=a.10101369198638985&type=3&pnref=story