Nytro

Pangu 9 Internals Tielei Wang & Hao Xu & Xiaobo Chen Te a m P a n g u Agenda ✤iOS Security Overview ✤Pangu 9 Overview ✤Userland Exploits ✤Kernel Exploits &Kernel Patching ✤Persistent Code Signing Bypass ✤Conclusion Download: http://blog.pangu.io/wp-content/uploads/2016/08/us-16-Pangu9-Internals.pdf

S-au publicat slide-urile si whitepapers (cele care au) de la Blackhat 2016 US: Link: https://www.blackhat.com/us-16/briefings.html

If you get caught using a VPN in the UAE, you will face fines of up to $545,000 UAE has introduced a federal law banning the use of VPNs to try to avoid paying for expensive VOIP services. By Mary-Ann Russon July 27, 2016 16:41 BST UAE President Sheikh Khalifa bin Zayed Al Nahyan (right) has issued new federal laws banning the use of VPNs in the countryReuters The President of the United Arab Emirates (UAE) has issued a series of new federal laws relating to IT crimes, including a regulation that forbids anyone in the UAE from making use of virtual private networks (VPN) to secure their web traffic from prying eyes. The new law states that anyone who uses a VPN or proxy server can be imprisoned and fined between Dh500,000-Dh2,000,000 ($136,000-$545,000, £415,000, €495,000) if they are found to use VPNs fraudently. VPNs are services that allow users anywhere in the world to connect to a private network on the internet. These are useful for online privacy, as they hide the user's actual location.Previously, the law was restricted to prosecuting people who used VPNs as part of an internet crime, but UK-based VPN and privacy advocate Private Internet Access says that the law has now changed to enable police in the UAE to go after anyone who uses VPNs to access blocked services, which is considered to be fraudulent use of an IP address. However, they can also be used to circumvent region restrictions on content – such as tricking Netflix US into thinking that foreign users are based in that country, or bypassing state censorship in China or Turkey to access services like Twitter and Facebook or even pornographic websites. VPNs are also often used in conjunction with the Tor anonymity network to access websites hidden on the Dark Web. The fight against free VoIP apps At the moment, a large number of people residing in the UAE utilise VPNs in order to access popular apps that are inaccessible from within the Gulf nation like WhatsApp, Snapchat and Viber, which are messaging and voice apps that make use of Voice over IP (VoIP) technology to deliver voice calls over the internet for free. VoIP "over-the-top" apps have long been a thorn in the sides of telecoms operators around the world, because consumers no longer need to pay international calling rates to speak to their loved ones – they can just speak to them on Skype, WhatsApp, Facebook Messenger, Viber or Snapchat. But the UAE is one of the first governments in the world to actually regulate on behalf of and for its telecoms companies in order to help them stem loss of revenue from VoIP apps. Etisalat and du are the only two companies in the world that have been granted licences by the UAE government to offer commercial VoIP services, which can be expensive, and rather than enable citizens and residents to have choice about what services they want to use, the government is assisting UAE's telecom providers in upholding a monopoly on voice calls made in the country. Although experts have criticised the UAE and Etisalat and du in the past for seeking to block the voice calling features in Snapchat, Skype and Whatsapp from working in the UAE, the UAE's telecoms regulator stands by the Etisalat and du, and also says that the apps should be banned due to security concerns. Sursa: http://www.ibtimes.co.uk/if-you-get-caught-using-vpn-uae-you-will-face-fines-545000-1572888

Doi ruşi au fost arestaţi după ce au spart două bancomate din Capitală Doi cetăţeni ruşi au fost arestaţi preventiv de magistraţii Tribunalului Bucureşti, fiind acuzaţi că au spart două bancomate din Capitală, de unde au reuşit să sustragă aproape 250.000 de lei, informează News.ro. Foto: Gulliver/Getty Images Potrivit procurorilor Direcţiei de Investigare a Infracţiunilor de Criminalitate Organizată şi Terorism (DIICOT), în noaptea de 2 iulie, cei doi cetăţeni ruşi - Artur Shcherbina şi Artem Kuznetsov - au pătruns în incinta zonei de 24h banking a unei bănci din Sectorul 2 din Bucureşti, unde, în timp ce Kuznetsov a asigurat paza, celălalt a decupat un segment din partea din faţă a ATM-ului, s-a conectat ilegal la sistemul informatic şi a generat comenzi care au determinat eliberarea sumei de 10.995 de lei din dispenserul bancomatului. În aceeaşi noapte, cei doi au spart şi o unitate bancară din Sectorul 6, reuşind să fure 236.800 de lei din bancomat. DIICOT precizează că acţiunea celor doi face parte din categoria de atacuri "Jackpotting”, fiind de tipul "Black Box”, în care autorii decupează o porţiune din masca ATM-ului pentru a avea acces la infrastructura acestuia. Dispenserul de bancnote este deconectat de la sistemul bancomatului, iar un dispozitiv extern deţinut de către autori ("Black Box”) este conectat la dispenser. Dispozitivul lansează comenzi către dispenser, având ca rezultat eliberarea neautorizată a banilor din ATM. Anchetatorii au stabilit că astfel de atacuri au fost înregistrate recent şi în alte ţări europene, între care Germania şi Italia. Cei doi ruşi locuiau într-un hotel din Ploieşti, iar în urma percheziţiilor făcute în 25 iulie în camera în care erau cazaţi au fost găsite şi ridicate dispozitive pentru tăiere, dispozitive de conectare la sistemul informatic şi accesorii folosite la comiterea celor două atacuri. Cetăţenii ruşi au fost reţinuţi de procurori, pentru infracţiunile de acces ilegal la un sistem informatic, furt calificat şi distrugere, iar marţi Tribunalului Bucureşti a dispus arestarea preventivă a acestora pentru 30 de zile. Sursa: http://www.digi24.ro/Stiri/Digi24/Actualitate/Stiri/Doi+rusi+au+fost+arestati+preventiv+dupa+ce+au+spart+doua+bancom

In acest an conferinta OWASP locala va avea loc pe 6 octombrie la Sheraton Hotel Bucharest si va fi un eveniment de o zi cu prezentari si doua traininguri focusate pe securitatea aplicatiilor. Detaliile despre OWASP Bucharest AppSec Conference 2016 vor fi publicate aici: https://www.owasp.org/index.php/OWASP_Bucharest_AppSec_Conference_2016 Inregistrarea prezentarilor se realizeaza aici. Oportunitatile de sponsorizare sunt in acest document. Va puteti inscrie cu prezentari sau workshop-uri din urmatoarele arii si nu numai: • Security aspects of new / emerging web technologies / paradigms / languages / frameworks • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC, etc. • Security of web frameworks (Struts, Spring, ASP.Net MVC, RoR, etc) • Vulnerability analysis (code review, pentest, static analysis etc) • Threat modelling of applications • Mobile security and security for the mobile web • Cloud security • Browser security and local storage • Countermeasures for application vulnerabilities • New technologies, paradigms, tools • Application security awareness and education • Security in web services, REST, and service oriented architectures • Privacy in web apps, Web services and data storage Important: termenul limita pentru inscrierea prezentarilor este 28 august lista speakerilor confirmati va fi anuntata pe 1 septembrie conferinta va avea loc pe 6 octombrie prezentarile vor avea durata de 40 de minute fiecare va exista un speaker agreement

Nu, activitatea se desfasoara la sediul Dell/SecureWorks (Bucuresti). Lucrez la SecureWorks, firma care face parte din Dell.

Job-uri la Dell: Windows System Administrator: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/windows-system-administrator-86347 Network Security Engineer - Firewall: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-security-engineer-firewall-87655 IT Project Manager - Software: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/it-project-manager-software-89906 Technical Support Manager: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-support-manager-91575 Network Support Senior Specialist - Cloud: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-design-senior-specialist-91619 Network Support Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineering-consultant-critical-incident-team-90776 VMWare Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vmware-consultant-critical-incident-team-91171 Software Development Senior Specialist - .NET and Oracle: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/.net-senior-software-developer-internal-it-90723 DLP Platform Engineer: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/dlp-platform-engineer-91683 Incident Management Advisor: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/incident-management-advisor-92485 Java Software Developer - Credit Card Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91832 Java Software Developer - Leasing Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91840 Sr. Java Software Developer - Leasing Application: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-software-developer-java-91863 Storage Consultant - Critical Incident Team: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/storage-consultant-critical-incident-team-91298 Job-uri la SecureWorks: Vulnerability Specialist - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-specialist-85444 Penetration Tester - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/penetration-tester-87625 Linux System Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/linux-system-administrator-secureworks-89426 Junior Linux Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/junior-linux-administrator-secureworks-bucharest-89427 Technical Testing Tools Developer - Ruby & JavaScript - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/technical-testing-tools-developer-ruby-javascript-88418 Information Security Risk Management Advisor - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-risk-management-advisor-secureworks-bucharest-89300 Desktop Support Analyst - Rotating Shifts - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/desktop-support-analyst-rotating-shifts-secureworks-bucharest-91424 Application Support Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/application-support-engineer-secureworks-90450 Security Systems Manager - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/security-systems-manager-secureworks-90978 Network Engineer - Firewall - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/network-engineering-advisor-secureworks-90650 Front-End Web Developer - JavaScript - SecureWorks - Bucharest: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/front-end-web-developer-javascript-secureworks-bucharest-89905 Data Protection Analyst - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/data-protection-analyst-secureworks-91890 SharePoint Designer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/sharepoint-designer-secureworks-bucharest-89716 Data Loss Prevention Advisor - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/data-loss-prevention-advisor-secureworks-90261 Information Security Specialist - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-specialist-rotating-shifts-secureworks-91948 Information Security Team Leader - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/information-security-team-leader-secureworks-91949 Skype System Administrator - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/skype-system-administrator-secureworks-92615 Internship - Security Solutions - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/internship-security-solutions-secureworks-92325 McAfee Security Specialist - Rotating Shifts - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/mcafee-security-specialist-rotating-shifts-secureworks-91852 Vulnerability Management Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/vulnerability-management-engineer-secureworks-92247 Senior McAfee ePO Platform Engineer - SecureWorks: http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/senior-mcafee-epo-platform-engineer-secureworks-91792 Lista completa job-uri disponibile: http://p.rfer.us/DLLiBIN7O

Job-uri pe "security" (dar nu numai) la o firma care ofera doar servicii de "security" (Penetration Testing, Incident Response, Managed Security Services etc.): http://dell.referrals.selectminds.com/via/IonutP-5o7x6X/jobs/search/5379111

Testez chiar acum. Da, nu prea merge de pe Tor. Ciudat. Foate ciudat. O sa ii intreb pe baietii de la hosting daca stiu ceva despre asta. Nu avem nicio regula in iptables (sau orice altceva) legat de Tor. Mai banam IP-uri cand primim DDOS, dar acum nu mai e niciun IP blocat.

Internship - Security Solutions - Rotating Shifts - SecureWorks Internship - Security Solutions - Rotating Shifts - SecureWorks Bucharest, Romania SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyberattacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We've been consistently recognized by industry analysts, readers' polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide. Key Responsibilities Are you interested to start a career in Information Security? Then Dell SecureWorks is where you want to start! We are looking for passionate people that want to join our battle to protect our customers from Cybercrime. In this role you will be given a chance to learn from professionals that focus on providing the best cybersecurity services for the our clients. You will enjoy a multicultural, diverse and dynamic experience, during this 3 months contract, having the possibility to become a permanent employee. This role implies a rotating shift schedule of 12/24 -12/48 with the intial training period in regular business hours schedule (8 h/day). Your core focus will be: - Learn what security operations mean for all the SOC roles (Infosec, Vulnerability Management, Penetration Testing, Security Risk Management, Data Loss Prevention) - Get accustomed with some of the most complex security systems deployed on the customers served in SecureWorks Romania - Learn the SecureWorks culture and meet our local and global specialists As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned. Essential Requirements - You are passionate about the IT and Networking industry - You want to develop your Information Security skills - You are analytical and security focused - You like to spot trends and big picture - You have prioritization skills, sense of urgency - You communicate well to build relationship and trust - You are fluent in English. Desirable Requirements - Ideally recent graduate or final year student in a technically focused University - Basic knowledge of IT Security - Any IT certifications are a plus (CCNA, CompTIA Security+) SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages. 16000J94 http://dell.referrals.selectminds.com/jobs/internship-security-solutions-secureworks-92325

OSCP.

A prezentat la Defcamp in detaliu. Vezi daca gasesti slide-urile.

http://andreicostin.com/index.php/brain/2009/11/14/ratb_card_activ_hacked http://andreicostin.com/media/blogs/brain/RATB_Card_Security_Assessment_v0_1.pdf

Fake, aparent.

After a long development cycle (including many betas and release candidates to get everything just exactly perfect) we're pleased to announce the availability of the new stable release. You'll find updates throughout the system, with the latest development tools and recent versions of applications, window managers, desktop environments, and utilities. The Linux kernel is updated to version 4.4.14 (part of the 4.4.x kernel series that will be getting long-term support from the kernel developers). We've brought together the best of these and other modern components and worked our magic on them. If you've used Slackware before, you'll find the system feels like home. For additional information, see the official announcement and the release notes. For a complete list of included packages, see the package list. Build scripts for all kinds of additional software for Slackware 14.2 can be found on the slackbuilds.org website. Want to give Slackware 14.2 a test drive without modifying your disk drive? Then check out Slackware Live Edition! This is a complete Slackware installation that can run from a CD, DVD, or USB stick. Thanks to Eric Hameleers for the great work on this! Here's where to find it: http://bear.alienbase.nl/mirrors/slackware/slackware-live/ Need help? Check out our documentation site, docs.slackware.com. Stop by and share your knowledge! Please consider supporting the Slackware project by picking up a copy of the Slackware 14.2 release from the Slackware Store. The discs are off to replication, but we're accepting pre-orders for the official 6 CD set and the DVD. The CD set is the 32-bit x86 release, while the DVD is a dual-sided disc with the 32-bit x86 release on one side and the 64-bit x86_64 release on the other. Thanks to our subscribers and supporters for keeping Slackware going all these years. Thanks to the Slackware team for all the hard work getting 14.2 ready for action! And of course, thanks to all the open source developers upstream, and to the Slackware community on linuxquestions.org for all the help with bug reports, suggestions, and patches. We couldn't have done it without you. Enjoy the new stable release! Pat and the Slackware crew +--------------------------+ Slackware 14.2 for ARM is also available. For details, see: http://arm.slackware.com Link: http://www.slackware.com/

Nu am aprobat topicul deoarece suna dubios. Posteaza din nou, putin mai explicit, deoarece nu se intelegea exact asta.

Mda... https://dev.mysql.com/doc/refman/5.7/en/blob.html

http://9gag.com/gag/aB1rZ3D Rezultat: http://9gag.com/gag/aXwXgXg

O solutie simpla si eficienta ar fi urmatoarea: 1. Faci o lista cu fisierele in care pastrezi si marimea lor (poti face si o sortare prin insertie, adica sa le ordonezi in functie de marime pentru optimizare) 2. Parcurgi lista si vezi care fisiere au aceeasi dimensiune (o sa iti fie usor daca lista e ordonata) 3. Pentru fisierele cu aceeasi marime, le compari byte cu byte, doar sa ai grija sa faci comparatia intre fiecare fisier si toate celelalte cu aceeasi dimensiune Nu este deloc practic sa faci hash-uri (ca idee) deoarece dureaza foarte mult. O comparatie byte cu byte este mult mai rapida. Ca sa faci hash-ul unui fisier iei toti bytes si ii treci printr-o gramada de operatii matematice ca apoi sa rezulte un hash, iar aceste operatii dureaza foarte mult. Comparatia simpla se face in O(n). E doar o idee.

https://www.facebook.com/sarah.leblanc.718/media_set?set=a.10101369198638985&type=3&pnref=story

Interesant, cred... Util? Posibil. Banuiesc ca se poate implementa in engine-urile antivirusilor pentru heuristica.

Pe scurt, pentru toti: http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2eZVLh96Uk

Veit Hailperin, The Tale of a Fameless but Widespread Web Vulnerability Class - Security Fest 2016 Publicat pe 16 iun. 2016 Veit Hailperin is a security researcher and consultant at scip AG. They are based in Zürich, Switzerland with clients covering a wide range, from non-profit organizations and governmental agencies to banks and insurance companies. His research interests are focused on network and application layer security. Title: The Tale of a Fameless but Widespread Web Vulnerability Class Two keys components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no public tool available to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk we are going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI.

Mda, un script profesional ar trebui sa functioneze si fara JS. Nu cred ca am ce sa fac in aceasta privinta.

Nu prea mai avem timp de forum, cel putin eu... Nu vad de ce nu se poate inregistra cineva folosind Tor. Nu reusesc Guvernele sa opreasca Tor si reusim noi?