Nytro

[h=3]OWASP Xenotix XSS Exploit Framework[/h] OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. Features Scanner Modules Information Gathering Modules Exploitation Modules Auxiliary Modules Xenotix Scripting Engine URL: https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Sursa: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

[h=3]BeEF – The Browser Exploitation Framework[/h] BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context. Features Key Logger. Bind Shells. Port Scanner. Clipboard Theft. Tor Detection. Integration with Metasploit Framework. Many Browser Exploitation Modules. Browser Functionality Detection. Mozilla Extension Exploitation Support. URL: http://beefproject.com Susa: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

[h=3]Lynis[/h] Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers. Lynis performs an in-depth local scan on the system and is therefore much more thorough than network based vulnerability scanners. It starts with the bootloader and goes up to installed software packages. After the analysis it provides the administrator with discovered findings, including hints to further secure the system. Features System and security audit checks File Integrity Assessment System and file forensics Usage of templates/baselines (reporting and monitoring) Extended debugging features URL: https://cisofy.com/download/lynis/ Sursa: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

[h=3]OWASP ZAP – Zed Attack Proxy Project[/h] The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Features Open source Cross platform (it even runs on a Raspberry Pi!) Easy to install (just requires java 1.7) Completely free (no paid for ‘Pro’ version) Ease of use a priority Comprehensive help pages Fully internationalized Translated into over 20 languages Community based, with involvement actively encouraged Under active development by an international team of volunteers URL: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Sursa: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Unhide runs in Unix/Linux and Windows Systems. It implements six main techniques. Features Compare /proc vs /bin/ps output Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for unhide-linux version Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). Full PIDs space ocupation (PIDs bruteforcing). ONLY for unhide-linux version Compare /bin/ps output vs /proc, procfs walking and syscall. ONLY for unhide-linux version. Reverse search, verify that all thread seen by ps are also seen in the kernel. Quick compare /proc, procfs walking and syscall vs /bin/ps output. ONLY for unhide-linux version. It’s about 20 times faster than tests 1+2+3 but maybe give more false positives. URL: http://www.unhide-forensics.info Via: ToolsWatch.org – The Hackers Arsenal Tools Portal » 2014 Top Security Tools as Voted by ToolsWatch.org Readers

"Legile 'Big Brother' ?i cea privind cartele prepay nu extind monitorizarea ?i nu permit accesul la con?inutul comunica?iilor telefonice sau electronice f?r? mandat de la judec?tor, d? asigur?ri directorul SRI, George Maior. Intr-un interviu acordat în exclusivitate Ziare.com, George Maior a explicat care sunt inten?iile în privin?a noii forme a legii reten?iei datelor ?i a cartelelor prepay ?i la ce date va permite accesul f?r? mandat de la judec?tor legea securit??ii cibernetice: 'Nu putem s? ac?ion?m în scop preventiv în aceast? er? cu mijloacele lui Sherlock Holmes'. Directorul SRI a r?spuns acuza?iilor potrivit c?rora serviciile secrete din România ar fi prea puternice ?i prea pu?in controlate ?i a f?cut clarific?ri în scandalul ofi?erilor acoperi?i: 'exist? un regim de incompatibilit??i la care ?inem foarte mult în operarea acestei arme excep?ionale'. Articol complet: http://www.sri.ro/fisiere/discursuriinterviuri/Interviu_ianuarie_2015.pdf Intrebare: Nici legea cartelelor prepay nu reprezint? o extindere a monitoriz?rii? R?spuns: Nu se extinde monitorizarea asupra convorbirilor private. Pur ?i simplu trebuie s? existe o eviden?? a celor care cump?r? aceste cartele anonimizate, a?a cum exist? în foarte multe state europene. N-a? spune c? exist? un standard, dar o practic? exist?. Merge?i în Germania, în Marea Britanie ?i încerca?i s? lua?i o asemenea cartel?. Doua persoane au confirmat ca au cumparat recent cartele din Germania si Marea Britanie fara buletin. Deci astia MINT. Muie! Daca o sa se aprobe astfel de legi, nu numai in Romania, dar si in alte state, inseamna ca "Charlie" a fost o inscenare, alte atacuri inventate, pentru un mai mare control asupra populatiei. Stiu ca e doar o teorie a conspiratiei, dar ganditi-va la asta. // Muie garda

Tag-urile sunt pentru SEO. Par cam multe insa. Cine ne poate spune daca e ok sau nu?

5 Benefits of a penetration test January 5, 2015Adrian Furtuna Penetration testing projects are definitely fun for the passionate pentesters. However, the question is what are the real benefits of a pentest for the client company? What is the real value of a penetration test? Many clients have misconceptions and false assumptions about penetration testing and they are engaging this type of projects for the wrong reasons, like: After a penetration test I will be safe A penetration test will find all of my vulnerabilities I’ve heard that pentesting is ‘sexy’ so I would like one myself Companies who do penetration tests for these reasons do not get the real benefits of this service and they are practically throwing away the money. From my perspective, a penetration test has the following true benefits for the client company. Articol complet: 5 Benefits of a penetration test – Security Café

Nu se vor recupera Like-urile anterioare. O sa ma ocup de homepage cand am putin timp.

Am lasat in lateral doar Likes si Dislikes. Cred ca e de ajuns.

Da. Incerc sa le mut si nu imi iese. E posibil sa apara urat de tot paginile

Am pus sa poti da Like SAU Dislike, nu ambele. Sa vad ce imi mai permite plugin-ul. "Unlike" pare sa fie doar in versiunea Pro.

[h=3]Mobile eavesdropping via SS7 and first reaction from telecoms[/h] Mobile network operators and manufacturers finally said some words about vulnerabilities in the SS7 technology that allow an intruder to perform subscriber’s tracking, conversation tapping and other serious attacks. We reported some of these vulnerabilities and attack schemes in May 2014 at Positive Hack Days IV as well as here in our blog. In December 2014, these SS7 threats were brought to public attention again, at the Chaos Communication Congress in Hamburg, where German researchers showed some new ways mobile phone calls using SS7. The research have included more than 20 networks worldwide, including T-Mobile in the United States. Meanwhile, the Washington Post reports that GSMA did not respond to queries seeking comment about the vulnerabilities in question. For the Post’s article in August on location tracking systems that use SS7, GSMA officials acknowledged problems with the network and said it was due to be replaced over the next decade because of a growing list of security and technical issues. The reply from T-Mobile was more abstract: “T-Mobile remains vigilant in our work with other mobile operators, vendors and standards bodies to promote measures that can detect and prevent these attacks." We also found the first official reaction from Huawei: Huawei has obtained the vulnerability information from open channels and launched technical analysis. Again, not too much said. But it’s better that nothing, considering the fact that SS7 problem is not new: it’s traced back to the seventies of the last century. In the early two thousands SIGTRAN specification was developed; it allowed transferring SS7 messages over IP networks. Security flaws of upper levels of SS7 protocols were still presented. The telecom engineers had been alerting that subscriber locating and fraud schemes using SS7 are possible, since 2001. For obvious reasons, providers didn't want the public to know about these vulnerabilities. However, it's believed that law enforcement agencies used SS7 vulnerabilities to spy on mobile networks for years. In 2014, it was found out that there are private companies providing a whole range of the above-mentioned services to anyone who wants. For example, this is how the SkyLock service provided by the American company Verint works: Washington Post notes that Verint do not use their capabilities against American and Israeli citizens, "but several similar systems, marketed in recent years by companies based in Switzerland, Ukraine and elsewhere, likely are free of such limitations". The more detailed description of this tracking technology and other SS7 attacks could be found in our report “Vulnerabilities in SS7 mobile networks” published in 2014. Data presented in this report were gathered by Positive Technologies experts in 2013 and 2014 during consulting on security analysis for several large mobile operators and are supported by practical researches of detected vulnerabilities and features of the SS7 network. During testing network security, Positive Technologies experts managed to perform such attacks as discovering a subscriber's location, disrupting a subscriber's availability, SMS interception, USSD request forgery (and transfer of funds as a result of this attack), voice call redirection, conversation tapping, disrupting a mobile switch's availability. The testing revealed that even the top 10 telecom companies are vulnerable to these attacks. Moreover, there are known cases of performance of such attacks on the international level, including discovering a subscriber's location and tapping conversations from other countries. Common features of these attacks: The intruder doesn't need sophisticated equipment. We used a common computer with OS Linux and SDK for generating SS7 packets, which is publicly available on the web. Upon performing one attack using SS7 commands, the intruder is able to perform the rest attacks by using the same methods. For instance, if the intruder managed to determine a subscriber's location, only one step left for SMS interception, transfer of funds etc. Attacks are based on legitimate SS7 messages: you cannot just filter messages, because it may have negative influence over the whole service. An alternative way to solve the problem is presented in the final clause of this research. Read the full PDF report here. ?????: Positive Research ?? 12:21 AM Sursa: http://blog.ptsecurity.com/2015/01/mobile-eavesdropping-via-ss7-and-first.html

Foloseam vbSEO, dar nu mi-a placut niciodata: vBSEO’s Vulnerability Leads to Remote Code Execution | Sucuri Blog Am pus 3 noi plugin-uri de la DragonBye: - Advanced Post Thanks / Like (inlocuitor pentru Like-urile din vbSEO) - Advanced User Tagging (era pus de ceva timp, i-am facut update) - DragonByte SEO (inlocuitor pentru vbSEO, structura link-urilor asemanatoare) Asadar pot sa apara o gramada de probleme, atat de functionalitate cat si de securitate. Daca gasiti o problema o puteti posta sau imi dati PM. Pentru XSS se primeste VIP. Pentru altceva, discutam.

Doar la Likes e problema, ma ocup de asta. Pana diseara sper sa fie ok.

Exact astea au fost raportate de persoane de pe forum pentru Talpashit pentru vBulletin 4. Astia sunt retardati.

Test. @Nytro @Nytrofdgdfgfdg

Why do you need 6.7? Here is the changelog: https://www.hex-rays.com/products/ida/6.7/

V-am pus o noua tema de mobile. Ar trebui sa puteti intra mai usor acum.

E perfecta prima versiune. Hex-Rays face toti banii.

Tested, merge, decompiler pentru x64. Thanks!

Point, Click, Root. More than 300+ exploits! Presented in Black Hat 2014 Version 3.3.3 More than 300+ exploits Military grade professional security tool Exploit Pack comes into the scene when you need to execute a pentest in a real environment, it will provide you with all the tools needed to gain access and persist by the use of remote reverse agents. Remote Persistent Agents Reverse a shell and escalate privileges Exploit Pack will provide you with a complete set of features to create your own custom agents, you can include exploits or deploy your own personalized shellcodes directly into the agent. Write your own Exploits Use Exploit Pack as a learning platform Quick exploit development, extend your capabilities and code your own custom exploits using the Exploit Wizard and the built-in Python Editor moded to fullfill the needs of an Exploit Writer. Sursa: Exploit Pack

ExecutedProgramsList [h=4]Description[/h] ExecutedProgramsList is a simple tool that displays a list of programs and batch files that you previously executed on your system. For every program, ExecutedProgramsList displays the .exe file, the created/modified time of the .exe file, and the current version information of the program (product name, product version, company name) if it's available. For some of the programs, the last time execution time of the program is also displayed. [h=4]System Requirements[/h] This utility works on any version of Windows, starting from Windows XP and up to Windows 8. Both 32-bit and 64-bit systems are supported. [h=4]Data Source[/h] The list of previously executed programs is collected from the following data sources: Registry Key: HKEY_CURRENT_USER\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Registry Key: HKEY_CURRENT_USER\Microsoft\Windows\ShellNoRoam\MUICache Registry Key: HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted Registry Key: HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store Windows Prefetch folder (C:\Windows\Prefetch) Sursa: ExecutedProgramsList - Shows programs previously executed on your system

[h=1]Crypto200 with The POODLE Attack[/h] Tetcon is one of the biggest security conferences in Viet Nam. There are various talks which speak both in Vietnamese and English. In this year, the first time, organizers decided to host a hacking challenge – Capture The Flag (CTF) ! While CTF was running, I solved 3 tasks, such as: getit, next and “Who let the dog out?”. First two tasks is not quite hard. You should try it yourself. In this post, I would like to talk about “Who let the dog out?”. It’s about cryptography attack. In particular, it is the POODLE attack. And the author of this task is Thai Duong (thaidn), one of experts who find out this attack. Download: [TetCON CTF 2015] Crypto200 with The POODLE Attack

Cryptography Exercises Contents 1 source coding 3 2 Caesar Cipher 4 3 Ciphertext-only Attack 5 4 Classification of Cryptosystems-Network Nodes 6 5 Properties of modulo Operation 10 6 Vernam Cipher 11 7 Public-Key Algorithms 14 8 Double Encryption 15 9 Vigenere Cipher and Transposition 16 10 Permutation Cipher 20 11 Substitution Cipher 21 12 Substitution + Transposition 25 13 Affine Cipher 27 14 Perfect Secrecy 28 15 Feistel Cipher 38 16 Block Cipher 45 17 Digital Encryption Standard (DES) 46 18 Primitive Element 53 19 Diffie-Hellman Key Exchange 54 20 Pohlig-Hellman a-symmetric Encryption 58 21 ElGamal 59 22 RSA System 61 23 Euclid’s algorithm 65 24 Protocol Failure 66 25 Complexity 67 26 Authentication 68 27 Protocols 71 28 Hash Functions 73 29 Cipher Modes 78 30 Pseudo Random Number Generators 79 31 Linear Feedback Shift Register 80 32 Challenge Response 87 33 Application of error correcting codes in biometric authentication 89 34 General Problems 91 Download: http://www.iem.uni-due.de/~vinck/crypto/problems-crypto.pdf