Nytro

https://stuk.github.io/jszip/ https://gildas-lormeau.github.io/zip.js/ https://github.com/43081j/rar.js/ https://github.com/beatgammit/gzip-js https://github.com/abraidwood/minilzo-js https://github.com/nmrugg/LZMA-JS

Acultarea telefoanelor a devenit, în România, sport na?ional. Nu exist? dosar “serios” f?r? kilometri de stenograme. Dar aceasta este doar partea vizibil? a fenomenului, legal?, cu intercept?ri autorizate de un judec?tor ?i realizate din central?. Telefoanele sunt ascultate ?i localizate ?i în mod direct, f?r? ca operatorul GSM s? ?tie sau s? î?i dea acordul, de c?tre institu?ii, de servicii secrete, de oameni de afaceri sau de so?i gelo?i. Practic, aproape oricine î?i poate achizi?iona de pe pia?a neagr? aparatur? sau aplica?ii software ce pot fi folosite în acest scop. Achizi?ionarea unora dintre ele nici m?car nu este ilegal?. Exist? ?i metode de contracarare a intercept?rii convorbirilor, mai mult sau mai pu?in eficiente, fiecare dintre ele cu o serie de avantaje ?i dezavantaje. Important e s? ?tim, îns?, care sunt metodele prin care ni se poate viola intimitatea, în zona comunica?iilor mobile. Interceptorul – un fals releu GSM Re?eaua GSM a unui operator poate fi asem?nat? cu o plas? de sârm?. “Nodurile” sunt BTS-urile. Mai pe române?te, antenele sau releeele GSM. Telefonul se conecteaz? la BTS-ul în raza c?ruia de ac?iune se afl?. În cazul în care recep?ioneaz? mai multe relee, se conecteaz? la cel care are semnalul cel mai puternic. Exact de acest lucru se folosesc aparatele care intercepteaz? convorbirile telefonice. Interceptorul este, de fapt, un BTS fals. Este adus aproape, la câteva sute de metri de locul în care se afl? telefonul ce trebuie interceptat. Interceptoarele mai noi folosesc ?i o tehnic? numit? manipulare BCCH, prin care transmit c? nivelul semnalului pe care îl emit este foarte mare, de zeci de ori mai puternic decât în realitate. Este de ajuns, pentru a “p?c?li” telefoanele, c? acesta este BTS-ul cu cel mai bun semnal din zon?. Evident, a?a cum au fost “înv??ate”, se vor conecta la el. Interceptorul are, bineîn?eles, ?i o leg?tur? cu un releu real al operatorului GSM. Doar c?, din acest moment, toate convorbirile vor trece, mai întâi, pe aici, unde pot fi ascultate sau înregistrate. Anularea cript?rii În mod normal, transmiterea datelor de la telefon la BTS se face codat, prin intermediul unui algoritm de criptare. Operatorii GSM, de?i au anun?at în permanen?? c? î?i îmbun?t??esc nivelul de securitate, nu au progresat foarte mult în aceast? zon?. Oricum, modul de criptare este stabilit, îns?, de BTS, nu de telefon. În momentul în care telefonul este conectat la re?ea prin filtrul unui interceptor, acesta îi cere s? nu cripteze transmisia sau s? foloseasc? un protocol ceva mai vechi, mult mai u?or de decodat. În mod normal, telefoanele ar trebui s? afi?eze un semnal de alarm? în momentul în care nu este folosit? func?ia de criptare standard. Aceast? func?ie este, îns?, anulat? de c?tre operatorii de telefonie. Motivul, evident neoficial, este c? astfel sunt protejate ac?iunile autorit??ilor ?i ale serviciilor secrete, evitâdu-se deconspirarea acestora. Problema apare, îns?, în momentul în care este folosit un telefon în re?eaua 3G, unde decriptarea este extrem de anevoioas?, dac? nu imposibil?. Produc?torii de aparatur? de interceptare au g?sit solu?ii ?i la aceast? problem?. Pe frecven?ele 3G este emis un semnal de bruiaj, extrem de puternic. Dac? telefonul este setat doar pe 3G, va r?mâne f?r? semnal ?i nu va mai putea fi folosit. Dac? este setat în mod dual, 2G/3G, a?a cum se întâmpl? de obicei, telefonul va crede c? nu are semnal pe 3G ?i va comuta, automat, pe 2G. La comanda interceptorului, iconi?a de pe ecranul aparatului va indica tot recep?ie 3G, pentru a nu fi alertat posesorul acestuia. Categorii de interceptoare Interceptoarele pot fi grupate în trei mari categorii: active, semiactive ?i pasive. Cele active se comport? identic BTS-urilor, cu singura diferen?? legat? de eliminarea cript?rii. Ele identific? permanent telefoanele ce intr? în raza sa de ac?iune. În momentul intr?rii în func?iune a interceptorului, toate telefoanele din zona respectiv? se vor conecta, automat, la el. Se ?tie, îns?, c? fiecare telefon are o amprent? unic?, pe baza c?reia poate fi identificat. Este vorba despre IMEI (International Mobile Station Equipment Identity), un cod unic, format din 15 cifre. Pe baza acestui cod, operatorul interceptorului poate filtra convorbirile, astfel încât s? se concentreze doar asupra telefonului vizat. Pentru cei care fac asemenea opera?iuni în mod ilegal, acestea sunt ?i cele mai riscante. Pot fi detectate atât de operatorul GSM, care poate remarca o perturbare a traficului comunica?iilor din zon?, cât ?i de c?tre utilizatorii experimenta?i, în special de cei care folosesc aparatur? antiinterceptare. Aparatele semiactive emit doar pân? în momentul în care identific? telefonul, îl localizeaz? ?i calculeaz? cheia de criptare, dup? care trec în mod de recep?ie, pentru a nu fi detectate. Exist? ?i interceptoare pasive, care, sus?in produc?torii, sunt aproape imposibil de detectat. Numai c? acestea pot fi folosite în mod limitat, pentru telefoane care nu-?i schimb? pozi?ia, iar leg?tura se poate pierde ?i din alte motive, cum ar fi supraînc?rcarea BTS-urilor cele mai apropiate. Spy Interceptor Cea mai ieftin? solu?ie de interceptare ?i, totodat?, la îndemâna oricui, r?mâne instalarea unui program software în telefonul-?int?. Asemenea programe se vând la liber, pe internet, ?i au pre?uri cuprinse între câteva zeci de euro ?i câteva mii. Unele sunt, teoretic, pentru controlarea aparatului telefonic, în cazul în care este furat, altele pentru backup. Ele ruleaz? în fundal, sunt nedetectabile ?i permit controlul total al telefonului de la distan??, de pe un alt telefon cu num?r predefinit. Un soft de acest gen, care cost? sub 500 de euro, poate intercepta convorbirile, realiza intercept?ri ambientale, poate localiza telefonul-?int? prin GPS sau în func?ie de re?elele GSM din zon?, poate prelua SMS-uri sau efectua fotografii. Pân? ?i înc?rcarea cartelei pre-pay se poate face de la distan??, f?r? ca posesorul telefonului s? fie în?tiin?at în vreun fel. Acest procedeu este folosit în special de c?tre persoane particulare, care vor s?-?i supravegheze so?i/so?ii, dar ?i de unele firme care doresc s? aib? control total asupra angaja?ilor ?i le ofer? telefoane de serviciu astfel “preparate”. Licen?a pentru un soft de acest fel este, de obicei, nelimitat? în timp. Apelurile ?i SMS-urile “t?cute” Interceptoarele folosesc, extrem de mult, func?iile telefonului, dar f?r? ca proprietarul s? ?tie de acest lucru. Principala func?ie a unui “silent call” este interceptarea ambiental?. Altfel spus, folosirea microfonului telefonului-?int? pentru a asculta ce se petrece în jurul lui. Este ca ?i cum ar suna la num?rul respectiv ?i cineva i-ar r?spunde. De fapt, asta se ?i întâmpl?, doar c? tocmai telefonul este cel care-i r?spunde. În acela?i mod func?ioneaz? ?i SMS-urile invizibile. Acestea sunt folosite de c?tre operatorul care intercepteaz?, pentru a transmite diferite comenzi telefonului. Cunoscute ?i ca Flash SMS, aceste mesaje invizibile au fost folosite ini?ial de c?tre operatorii GSM pentru a-?i testa re?elele sau pentru a verifica dac? anumite telefoane sunt deschise ?i conectate, f?r? ca abona?ii s? fie deranja?i. Ulterior, metoda a fost preluat? de Poli?ie ?i servicii secrete, pentru a localiza un telefon în timp real. Exist? chiar ?i o discu?ie ce n-a ajuns la vreo concluzie, pentru c? anumite institu?ii sus?in c? folosirea acestor SMS-uri pentru localizare nu trebuie aprobat? de un judec?tor, pentru c? nu încalc? secretul comunica?iilor. Serviciile secrete folosesc SMS-urile invizibile în mai multe moduri: un num?r mare de mesaje trimise c?tre un telefon îi poate bloca acestuia semnalul sau îi poate consuma bateria în mod accelerat. Instrumente anti-interceptare Pe pia?? au fost scoase o serie de dispozitive care, sus?in cei care le vând, fac imposibil? interceptarea. Unele au ceva rezultate, altele sunt marketing pur. Telefonul cu IMEI dinamic. Este metoda cea mai sigur?, spun cei din domeniu. Automat sau manual, telefonul î?i poate schimba IMEI-ul, astfel c? interceptorul înregistreaz? dispari?ia sa ?i apari?ia unui alt telefon în re?ea. Pe deasupra, telefonul mai are o serie de elemente pe care le afi?eaz? în momentul în care detecteaz? c? ceva nu este în regul? ?i exist? posibilitatea s? fie interceptat. Alte func?ii utile ar fi detectarea ping-urilor de localizare a telefonului, detectarea silent-call-urilor (apelurile de interceptare ambiental?), protec?ie la perchezi?ia electronic?, ?tergerea automat? a istoricului apelurilor ?i SMS-urilor sau înregistrarea automat? a con?inutului audio a convorbirilor telefonice pentru o eventual? contra dovad? în cazul mistific?rii sau modific?rii probei audio, spun produc?torii. Telefoanele criptate. Este o solu?ie de comunicare între dou? aparate telefonice ce au instalate chei de criptare greu de spart. De regul?, îns?, folosirea unor astfel de aparate nu face decât s? atrag? aten?ia, iar serviciile de informa?ii au destule posibilit??i s? blocheze func?ionarea acestora, iar interceptarea s? fie f?cut? prin alte metode. GSM box. Sunt aparate care detecteaz? apelurile sau SMS-urile t?cute ?i îl avertizeaz? pe proprietar. Pot fi folosite împotriva încerc?rilor de interceptare ambiental?. Dar nu pot împiedica interceptarea convorbirilor, a?a cum sus?in, în mod fals, cei care le comercializeaz?. Husele antiinterceptare. Pot fi folositoare, în sensul c? blocheaz? orice semnal de la sau c?tre telefon. Doar c? telefonul nu poate fi folosit în niciun fel în acest timp. Mai r?mâne scoaterea bateriei din telefon. Dar nici m?car aceast? metod? nu este sigur?. Documenta?ia de specialitate arat? c? nu e nevoie nici de curent în telefon pentru a fi ascultat. Prin bombardarea cu microunde de o anumit? frecven??, microfonul va rezona inclusiv modula?iile de voce pe care le percepe. Metoda pare s? fi fost descoperit? de un rus ?i folosit?, la un moment dat, se spune, pentru ascultarea ambasadorului american la Moscova. Prin urmare, telefon ?i intimitate par s? fie doi termeni care nu pot fi al?tura?i. Stiri de ultima ora - ultimele stiri online - ZiuaNews.ro Sursa: Cine ?i cum ne intercepteaz? telefoanele | Lupul Dacic

Si uite asa incepe declinul Facebook. In sfarsit.

http://img-9gag-lol.9cache.com/photo/aBQWRVQ_460sa_v1.gif

CipherShed is free (as in free-of-charge and free-speech) encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. Learn more about how CipherShed works and the project behind it. CipherShed is cross-platform; It will be available for Windows, Mac OS and GNU/Linux. The CipherShed project is open-source, meaning the program source code is available for anyone to view. We encourage everyone to examine and audit our code, as well as encourage new ideas and improvements. We have several methods of communication for anyone to ask questions, get support, and become involved in the project. For more detailed information about the project, including contributing code and building from source, please visit our technical wiki. Sursa: https://ciphershed.org/

Site-ul IGPR, spart de Anonymous România, care a afi?at mesajul "Salut?ri din partea ciumpalacilor" de Andrei Dumitrescu - Mediafax Site-ul Poli?iei Române a fost spart de o grupare de hackeri care se recomand? "Anonymous România" ?i care a afi?at, la sec?iunea ?tiri, un mesaj cu titlul "Salut?ri din partea ciumpalacilor". Site-ul IGPR, spart de Anonymous România, care a afi?at mesajul "Salut?ri din partea ciumpalacilor" Pe prima pagin? a site-ului Inspectoratului General al Poli?iei Române (IGPR), la sec?iunea ?tiri, a fost postat vineri un mesaj care ar avea ca autor "Anonymous România". "V? salut?m domnilor. Noi suntem Anonymous. Noi suntem Legiunea. Noi suntem POPORUL ROMÂN sau desigur ciumpalacii. România, treze?te-te!". În februarie 2012, site-ul FMI.ro al Biroului Fondului Monetar Interna?ional în România a fost atacat de hackeri care se recomandau ca reprezentând mi?carea Anonymous ?i gruparea Antisec, la dou? zile dup? un atac similar asupra ANRE.ro. Site-ului era în mare parte func?ional, mai pu?in pagina de pornire, care a fost înlocuit? cu aceea?i secven?? video de un minut de pe YouTube afi?at? pe site-ul Agen?iei Na?ionale de Reglementare în domeniul Energiei (ANRE), înso?it? de mesajul "Hacked by Anonymous". Anonymous a postat atunci pe site-ul ANRE un videoclip de un minut, în care pe fond muzical apare We Are Anonymous, Antisec, care se încheie cu mesajul "Expect us". La sfâr?itul lunii mai 2012, DIICOT anun?a c? a anihilat gruparea Anonymous care accesa ilegal bazele de date ale unor institu?ii. Anchetatorii au f?cut atunci perchezi?ii la locuin?elor a 12 persoane din Bucure?ti, Ia?i, Alba-Iulia, Piatra Neam?, Cluj-Napoca, Drobeta-Turnu Severin, Arad, Craiova, Re?i?a ?i Târgu Mure?. DIICOT precizat c? gruparea infrac?ional? era constituit? din 14 persoane, cunoscut? sub denumirea Anonymous România. Liderul grup?rii a fost identificat ca fiind Gabriel B?l?neasa, atunci în vârst? de 24 de ani, din municipiul Piatra Neam?, cunoscut în mediul virtual cu nickname-urile "lulzcart, anonsboat, anonsweb, cartman". Acesta, împreun? cu Fábián Gábor ?i Pico? Mihai Emil, ar fi constituit gruparea, la care au aderat ?i alte persoane, implicat? în agresiunile de terorism cibernetic sub numele Anonymous România. Potrivit DIICOT, Anonymous România a desf??urat o vast? activitate infrac?ional? specific?, de criminalitate informatic?, ce a constat în accesarea ilegal? a sistemelor informatice, sustragerea de date confiden?iale sau nedestinate publicit??ii, precum ?i publicarea în mediul on-line a datelor exfiltrate. Bazele de date confiden?iale sau clasificate vizate erau administrate de institu?ii ?i persoane juridice publice, atât din România cât ?i din str?in?tate. Din punct de vedere tehnic ?i al modalit??ii concrete de operare, atacurile informatice lansate asupra serverelor ?i paginilor web ?int?, erau de tip SQL Injection, prin folosirea unor diferite aplica?ii informatice, respectiv Havij, SQL Map etc. În majoritatea cazurilor, dup? compromiterea ?i ob?inerea accesului neautorizat la site-urile vizate, membrii grup?rii aduceau modific?ri datelor informatice, executând atacuri de tip "Deface", constând în introducerea unei pagini web în locul paginii principale a site-ului, modificare care consta în general în postarea anumitor mesaje, link-uri ?i imagini prin care se revendica atacul ?i se promova gruparea de hackeri Anonymous România, preciza atunci DIICOT. Atacurile erau lansate în scopul ob?inerii de date informatice, date care erau dup? caz copiate sau transferate f?r? drept ?i publicate ulterior în mediul virtual pe diverse site-uri, ca dovad? a activit??ii de hacking. Membrii grup?rii au procedat astfel la lansarea de atacuri informatice asupra unui num?r de 29 de site-uri, p?trunderea neautorizat? în respectivele infrastructuri informa?ionale realizându-se prin înc?lcarea m?surilor de securitate implementate la nivelul serverelor care g?zduiau site-urile web ?int?. Activitatea infrac?ional? a dus la compromiterea total? sau par?ial? a paginilor ?i domeniilor de internet vizate, generând costuri semnificative în vederea recuper?rii datelor ?i implement?rii de noi m?suri de securitate, mai ar?ta DIICOT. Gruparea Anonymous este format? din persoane care se descriu drept lupt?tori pentru libertatea Internetului ?i au atacat în trecut mai multe site-ui, printre care ale Bisericii Scientologice, Amazon, Mastercard ?i alte altor companii, precum ?i ale unor guverne. NATO consider? gruparea Anonymous o amenin?are pentru alian?a militar?. Sursa: Site-ul IGPR, spart de Anonymous România, care a afi?at mesajul "Salut?ri din partea ciumpalacilor" - Mediafax

L-a testat cineva? Ce s-a putea face practic: cookie stealing.

Interesant. Cred. Nu stiu cat de utile sunt noile functionalitati... Arata dubios: auto match_name = [&name](const record& r) -> bool { return r.name == name; };

Microsoft Windows 8.1 Kernel Patch Protection Analysis & Attack Vectors Kernel Patch Protection (also known as "patchguard") is a Windows mechanism designed to control the integrity of vital code and data structures used by the operating system. It was introduced in Windows 2003 x64 and has been constantly improved in further Windows versions. In this article we present a descriptive analysis of the patchguard for the latest Windows 8.1 x64 OS, and primarily focus on patchguard initialization and attack vectors related to it. It is natural that kernel patch protection is being developed incrementally, so the initialization process is common for all versions of Windows that have patchguard. There are a lot of papers published about kernel patch protection on Windows, which describe the process of its initialization, so you may use references at the end of this article to obtain details. Initialization sources As widely known, the main component of patchguard is initialized in a misleadingly named function "KiFilterFiberContext". It will be the starting point of our investigation. Looking for cross-references doesn't help us much for pointing out its call site, but several articles help us by stating that patchguard initialization is called indirectly in a function "KeInitAmd64SpecificState". By indirectly we mean here not just an indirect call, but the usage of exception handlers. It is a very common trick often found in patchguard-related functions, as we'll see further. So, we have an initialization function call stack: [FONT=Courier New] (call) (call) (exception)[/FONT][FONT=Courier New]... --> Phase1InitializationDiscard --> ; KeInitAmd64SpecificState -> KiFilterFiberContext[/FONT] This type of initialization is described in more detail in [1]. By the way, this one is always called on the last CPU core, if it matters. However, it is not the only way that kernel uses to initialize patchguard. With a 4% probability patchguard context can also be initialized from a function also misleadingly called "ExpLicenseWatchInitWorker": [FONT=Courier New]... --> Phase1InitializationDiscard --> sub_14071815C (obviously with a stripped symbol because this one processes Windows license type for a current PC) --> ExpLicenseWatchInitWorker[/FONT] The pseudocode of this function looks like this: VOID ExpLicenseWatchInitWorker() { PVOID KiFilterParam; NTSTATUS (*KiFilterFiberContext)(PVOID pFilterparam); BOOLEAN ForgetAboutPG; // KiServiceTablesLocked == KiFilterParam KiFilterParam = KiInitialPcr.Prcb.HalReserved[1]; KiInitialPcr.Prcb.HalReserved[1] = NULL; KiFilterFiberContext = KiInitialPcr.Prcb.HalReserved[0]; KiInitialPcr.Prcb.HalReserved[0] = NULL; ForgetAboutPG = (InitSafeBootMode != 0) | (KUSER_SHARED_DATA.KdDebuggerEnabled -> -> 1); // 96% of cases will fail if ( __rdtsc() % 100 -> 3 ) ForgetAboutPG |= 1; if ( !ForgetAboutPG && KiFilterFiberContext(KiFilterParam) != 1 ) KeBugCheckEx(SYSTEM_LICENSE_VIOLATION, 0x42424242, 0xC000026A, 0, 0); } As you may notice, there is a small "present" in the “HalReserved” processor control block field left for this initialization case. Tracing down the guy who left it leads us to the very beginning of system startup: [FONT=Courier New]... --> KiSystemStartup --> KiInitializeKernel --> KeCompactServiceTable --> KiLockServiceTable -v ??????[/FONT] We have to pause here, because there is no code that puts data into HalReserved fields directly. As instead, it is done using the exception handler. And it is done in a different way from "KeInitAmd64SpecificState", because it doesn't trigger any exceptions. What it does instead is – it directly looks up the current instruction pointer, finds the corresponding function and it's exception handler manually, and then calls it. The exception handler of "KiLockServiceTable" function is an unnamed stub to the "KiFatalExceptionFilter". [FONT=Courier New]?????? ---> KiFatalExceptionFilter[/FONT] “KiFatalExceptionFilter” in turn looks up an exception handler for "KiServiceTablesLocked" function. And surprisingly it is the "KiFilterFiberContext"! Also, a parameter that is passed to "KiFilterFiberContext" is located right after the "KiServiceTablesLocked" function. It is a small structure: typedef struct _KI_FILTER_FIBER_PARAM { NTSTATUS (*PsCreateSystemThread)(); // a pointer to PsCreateSystemThread function KSTART_ROUTINE sub_140235C44; // unnamed checker subroutine KDPC KiBalanceSetManagerPeriodicDpc; // global DPC struct } KI_FILTER_FIBER_PARAM, *PKI_FILTER_FIBER_PARAM; "KiFatalExceptionFilter" stores these pointers to “HalReserved” fields. Creating patchguard context Let's get back to the "KiFilterFiberContext" function. It's pseudocode is given below: BOOLEAN KiFilterFiberContext(PVOID pKiFilterParam) { BOOLEAN Result = TRUE; DWORD64 dwDpcIdx1 = __rdtsc() % 13; DWORD64 dwRand2 = __rdtsc() % 10; DWORD64 dwMethod1 = __rdtsc() % 6; AntiDebug(); // Let's call sub_1406D6F78 KiInitializePatchGuardContext since it does initialize patchguard context Result = KiInitializePatchGuardContext(dwDpcIdx, dwMethod1, (dwRand2 < 6) + 1, pKiFilterParam, TRUE); // A 50% chance to create two patchguard contexts if (dwRand2 < 6) { DWORD64 dwDpcIdx2 = __rdtsc() % 13; DWORD64 dwMethod2 = __rdtsc() % 6; do { dwMethod2 = __rdtsc() % 6; } while ((dwMethod1 != 0) && (dwMethod1 == dwMethod2)); Result = KiInitializePatchGuardContext(dwDpcIdx2, dwMethod2, 2, pKiFilterParam, FALSE); } AntiDebug(); return Result; } It is rather clear, and with provided code we can assume that up to 4 patchguard contexts can be active on a running system simultaneously. Remember this one because wherever it is called, we can be 100% sure that a new patchguard context is being initialized. The function that creates and initializes patchguard context is so-called "KiInitializePatchGuardContext". It is a huge obfuscated function. I guess it is suitable to reference Alex's Ionescu tweet about it: "I love the new #Windows 8 Patch Guard. Fixes so many of the obvious holes in downlevel, and the new hyper-inlined obfuscation makes me cry." You bet it! IDA Pro's decompiler works on it ~20 min on 3770 Core i7 CPU and spews out 26K lines of code. It is not worth dealing with it as a single unit. Luckily, you can bite out small pieces of information that give you a clue about methods that the new patchguard uses. That's why we did not reverse engineer it entirely, as instead we took and analyzed several parts in it. Feel free to explore this function yourself, and you may discover new wonderful things! It takes 5 parameters on Windows 8.1: 1. Index of DPC routine to be called from a created patchguard DPC for checking the patchguard context. It may be one of these: // These ones don't use exception handlers to fire checks KiTimerDispatch (copied to random pool allocation) KiDpcDispatch (copied into patchguard context) // These use exception handlers to fire patchguard checks ExpTimerDpcRoutine IopTimerDispatch IopIrpStackProfilerTimer PopThermalZoneDpc CmpEnableLazyFlushDpcRoutine CmpLazyFlushDpcRoutine KiBalanceSetManagerDeferredRoutine ExpTimeRefreshDpcRoutine ExpTimeZoneDpcRoutine ExpCenturyDpcRoutine Also those 10 DPCs are regular system DPCs with useful payload, but when they encounter a DeferredContext which has non-canonical address, they fire a corresponding KiCustomAccessRoutine function. These functions are only called when an appropriate scheduling method is used (0, 1, 2, 5) 2. Scheduling method: These are the methods that are used to fire a patchguard DPC object that is created inside "KiInitializePatchGuardContext" function. KeSetCoalescableTimer (0). A timer object is created with a random fire period between 2 minutes and 2 minutes and 10 seconds. Prcb.AcpiReserved (1). In this case a patchguard DPC is fired when a certain ACPI event occurs, f.e. transitioning to idle state. In this case "HalpTimerDPCRoutine" checks if 2 minutes have passed since last queued by itself DPC, and queues another one, taken from Prcb.AcpiReserved field. Prcb.HalReserved (2). Here a patchguard DPC is queued when HAL timer clock interrupt occurs, in the "HalpMcaQueueDpc". It is also done with 2 minutes period at least. Queued patchguard DPC is taken from Prcb.HalReserved field. PsCreateSystemThread (3). In this case, patchguard DPC routine is not used, as instead a system thread is created. The thread procedure is taken from KI_FILTER_FIBER_PARAM structure. Patchguard DPC in turn is used just as a container of the address of a newly created patchguard context. KeInsertQueueApc (4). This time a regular kernel APC is queued to the one of the system threads with "KiDispatchCallout" APC procedure. No patchguard DPC is fired also. System thread is chosen based on its start address, i.e. it must be equal to either PopIrpWorkerControl or CcQueueLazyWriteScanThread. KiBalanceSetManagerPeriodicDpc (5). Patchguard DPC is stored in a global variable named "KiBalanceSetManagerPeriodicDpc". It is queued in "KiUpdateTimeAssist" function and "KeClockInterruptNotify" function within every "KiBalanceSetManagerPeriod" ticks. 3. This parameter can be either 1 or 2. We are not sure about how it affects "KiInitializePatchGuardContext" function, but it is somehow connected to the quantity of checks being done during patchguard context verification routine execution. 4. A pointer to KI_FILTER_FIBER_PARAM structure. It is noticeable that a method chosen inside "KiInitializePatchGuardContext" is selected based on the presence of this parameter. If it is present, a method bit mask is tested with 0x29 (101001b) which allows methods 0, 3 and 5. Otherwise methods 0, 1, 2 and 4 are available. That makes sense, because methods 3 and 5 require a valid KI_FILTER_FIBER_PARAM structure. 5. Boolean parameter which tells if NT kernel functions checksums have to be recalculated. As you might guess, the only scheduling method that can be initialized twice is 0, so "KiFilterFiberContext" takes this fact into account when chooses a method for a second call of "KiInitializePatchGuardContext". Firing a patchguard check Methods that fire patchguard DPC The main principle of patchguard check routine is to launch a patchguard context verification routine on a DPC level, and then queue a work item that will check vital system structures on a passive level with a proceeding context recreation and rescheduling. The verification work item uses a copy of "FsRtlUninitializeSmallMcb" function. You can check this one out, if you want to figure out how the check works. For the methods which use DPC activation there is a common code inside 10 listed DPC routines, which checks "DeferredContext" for being a non-canonical address. If it is OK, DPC just executes its payload. Otherwise one of 10 "KiCustomAccessRoutineX" functions is called. When "KiCustomAccessRoutineX" is called, (last 2 bits + 1) of "DeferredContext" are taken and used to roll along "KiCustomRecurseRoutineX". These recursive routines are cycled incrementing X value. When the roll is over, "KiCustomRecurseRoutineX" tries to dereference a DeferredContext value as a pointer, which inevitably generates #GP exception since this address is non-canonical. // Inside DPC routine if ( (DeferredContext >> 47) < 0xFFFFFFFFFFFFFFFFui64 && DeferredContext >> 47 != 0 ) // Is DeferredContext a canonical address { ... KiCustomAccessRoutineX(DeferredContext); ... } void KiCustomAccessRoutine9(DWORD64 DeferredContext) { return KiCustomRecurseRoutine9((DeferredContext & 3) + 1, DeferredContext); } void KiCustomRecurseRoutine9(DWORD dwRoll, DWORD64 DeferredContext) { DWORD dwNextRoll; DWORD64 go_go_GP; dwNextRoll = dwRoll - 1; if ( dwNextRoll ) KiCustomRecurseRoutine0(dwNextRoll, DeferredContext); Microsoft Windows 8.1 Kernel Patch Protection Analysis Page 11 / 18 go_go_GP = *DeferredContext; // #GP } // DPC routine call sequence ExpTimerDpcRoutine -> KiCustomAccessRoutine0 -> KiCustomRecurseRoutine0 ... KiCustomRecurseRoutineN IopTimerDispatch -> KiCustomAccessRoutine1 -> KiCustomRecurseRoutine1 ... KiCustomRecurseRoutineN IopIrpStackProfilerTimer -> ; KiCustomAccessRoutine2 -> KiCustomRecurseRoutine2 ... KiCustomRecurseRoutineN PopThermalZoneDpc -> KiCustomAccessRoutine3 -> KiCustomRecurseRoutine3 ... KiCustomRecurseRoutineN CmpEnableLazyFlushDpcRoutine -> KiCustomAccessRoutine4 -> KiCustomRecurseRoutine4 ... KiCustomRecurseRoutineN CmpLazyFlushDpcRoutine -> KiCustomAccessRoutine5 -> KiCustomRecurseRoutine5 ... KiCustomRecurseRoutineN KiBalanceSetManagerDeferredRoutine -> KiCustomAccessRoutine6 -> KiCustomRecurseRoutine6 ... KiCustomRecurseRoutineN ExpTimeRefreshDpcRoutine -> KiCustomAccessRoutine7 -> KiCustomRecurseRoutine7 ... KiCustomRecurseRoutineN ExpTimeZoneDpcRoutine -> KiCustomAccessRoutine8 -> KiCustomRecurseRoutine8 ... KiCustomRecurseRoutineN ExpCenturyDpcRoutine -> KiCustomAccessRoutine9 -> KiCustomRecurseRoutine9 ... KiCustomRecurseRoutineN Here comes vectored exception handling again. If you look up all the exception handlers for these DPC routines, you'll discover that there are several nested __try\__except and __try\__finally blocks. For example, "ExpTimerDpcRoutine" looks something like this: ... __try { __try { __try { __try { KiCustomAccessRoutine0(DeferredContext); } __finally { FinalSub1(); } } __except (FilterSub1()) // patchguard context decryption occurs here { // Nothing } } __finally { FinalSub2(); } } __except (FilterSub2()) { // Nothing } ... ExpCenturyDpcRoutine, ExpTimeZoneDpcRoutine, ExpTimeRefreshDpcRoutine, KiBalanceSetManagerDeferredRoutine, CmpLazyFlushDpcRoutine, CmpEnableLazyFlushDpcRoutine, PopThermalZoneDpc, ExpTimerDpcRoutine … -> _C_specific_handler IopIrpStackProfilerTimer , IopTimerDispatch … -> _GSHandlerCheck_SEH (GS check + _C_specific_handler) Depending on the DPC routine, decryption routine (based on KiWaitAlways and KiWaitNever variables) may reside in one of the exception filters, exception handlers or termination handlers. Further patchguard context verification occurs also inside decryption routine, right after the decryption. As for "KiTimerDispatch" and "KiDpcDispatch" DPC routines - they call patchguard context verification directly. Also, depending on the DPC routine a different type of patchguard context encryption is used (or not used at all). Other methods Method 3 creates a system thread. System thread procedure sleeps between 2 minutes and 2 minutes and 10 seconds using "KeDelayExecutionThread" or "KeWaitForSingleObject" on a kernel object, which is always not signaled. After the wait is timed out it decrypts patchguard context and executes verification routine. Method 4 inserts an APC with "KiDispatchCallout" function as a kernel routine and "EmpCheckErrataList" as a normal routine. Patchguard context decryption and validation occurs upon APC delivery to the target waiting thread, which happens almost immediately. A 2 minutes wait is located inside the verifier work item routine in this method. One more piece of a puzzle That would be it about patchguard initialization, but looking for the cross-references to KUSER_SHARED_DATA.KdDebuggerEnabled lead me to a suspicious function named "CcInitializeBcbProfiler". It is full of bit rotations and magic numbers, which forced me to check whether it is related to patchguard mechanism. [FONT=Courier New]... -> Phase1InitializationDiscard --> CcInitializeCacheManager --> CcInitializeBcbProfiler[/FONT] It seems to have the same roots! With 50% chance it queues DPC with "CcBcbProfiler" routine or a work item with an unnamed work item routine (which is almost identical to the "CcBcbProfiler" routine). This mechanism picks one random function from NT kernel module and checks its consistency every 2 minutes. It is interesting that all of the patchguard-related functions are located nearby, one after another starting from "FsRtlMdlReadCompleteDevEx". It tells us that they are likely to be located in a single compilation unit. This fact gives us a hope that all of the patchguard initialization paths have been covered in this article. Attacks Now, as we covered patchguard initialization, we know what wires of a patchguard bomb can be cut to defuse it! However, there are several ways depending on a patchguard DPC scheduling method. Since we cover a specific version of patchguard, i.e. Windows 8.1, we are going to use precomputed offsets for accessing the private kernel structures' fields. The common defusing principle is firstly to check if verification routine is in progress, and wait a bit if it is true. Then do the following: KeSetCoalescableTimer (0). Scan through the Prcb timer table and disable the one with suitable DPC object. AcpiReserved field (1). Zero this field out, so the DPC won't be fired again. HalReserved field (2). Same here. PspCreateSystemThread (3). Enumerate all threads in a system and unwind their stacks. Then check if a start routine from “KiServiceTablesLocked” structure is present in a call stack. If it is there, it's a patchguard thread. Disable it while it is in a wait state setting the wait time to infinite. APC (4). Take the current Prcb NUMA Node and its worker thread pool. Scan through its sleeping worker threads unwinding the stacks until "ExpWorkerThread" function. If there are functions that are not to be found in NT image runtime function data, try to unwind them sequentially with runtime data for "FsRtlMdlReadCompleteDevEx" and "FsRtlUninitializeSmallMcb". If succeeded, than it is a patchguard worker. Disable it setting the wait time to infinity. KiBalanceSetManagerPeriodicDpc (5). Zero this struct out. By disabling a timer we mean setting its due time to infinity, so it never fires. And by suitable DPC object we mean a DPC object with a deferred context set to a non-canonical address. Furthermore, you can additionally check this pointer to be valid after XORing its value with a quad-word following right after KDPC struct and ANDing it with 0xFFFF800000000000. As for the "CcBcbProfiler" piece, we consider it not to be relevant since there is a small chance that it will check exactly the needed function. Summary A quality of Windows 8.1 kernel patch protection mechanism is extremely high. There are a lot of interesting anti-debugging tricks used again dynamic analysis, f.e. resetting IDT before accessing debug registers (which leads you to hanging if you set break on debug registers access), overall obfuscation like using macroses for generating pseudo-random values, loop unrolling etc. It is also extremely difficult to do a static analysis since a lot of indirect function calls are used including the usage of exception handlers. It is a really nice tool to keep the system safe. Therefore we hope that as a developer you won't face situations when you need to disable this cool mechanism! Authors: Mark Ermolov, Artem Shishkin, Positive Research Sursa: Positive Research Center: Microsoft Windows 8.1 Kernel Patch Protection Analysis & Attack Vectors

Minim 50 de posturi pentru "Market".

Astia sunt roz. Nu-mi plac.

Cica ar fi administratorul indetectables.net.

Rpcsniffer RPCSniffer sniffs WINDOWS RPC messages in a given RPC server process. Download .zip Download .tar.gz View on GitHub RPCSniffer RPCSniffer sniffs RPC messages in a given RPC server process. General Information With RPCSniffer you can explore RPC Messages that present on Microsoft system. The data given for each RPC message contains the following details: Type (Async/Sync , Request/Response) Process number Thread number Procedure number Transfer Info GUID RPC minor version RPC major version [*]Interface Info GUID Dispatch table pointer Dispatch table size Dispatch table function pointer [*]Midl Info Dispatch pointer Server function address [*]RPC Flags [*]RPC Data Sursa: Rpcsniffer by AdiKo

tinfoleak – Get detailed information about a Twitter user activity The latest official version is 1.2 (03/02/2014). Download tinfoleak-1.2.tar.gz here. Some examples showing user tweets in Google Earth: [TABLE=width: 100%] [TR] [TD] [/TD] [TD][/TD] [/TR] [/TABLE] tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user (name, picture, location, followers, etc.) devices and operating systems used by the Twitter user applications and social networks used by the Twitter user place and geolocation coordinates to generate a tracking map of locations visited show user tweets in Google Earth! download all pics from a Twitter user hashtags used by the Twitter user and when are used (date and time) user mentions by the the Twitter user and when are occurred (date and time) topics used by the Twitter user You can filter all the information by: start date / time end date / time keywords Screenshots: [TABLE=width: 100%] [TR] [TD]Usage[/TD] [TD]Basic information[/TD] [TD]Client applications[/TD] [TD]Geolocation information[/TD] [/TR] [TR] [TD]Hashtags[/TD] [TD]User mentions[/TD] [TD]Find keywords[/TD] [TD][/TD] [/TR] [/TABLE] Sursa: » Tools Vicente Aguilera Diaz

SecurePHPWebAppCoding - SQL Injection - what is it and how to stop it? Abani Kumar Meher, 14 Sep 2014 Introduction In this article I have tried to cover some basic info about SQL injection, how we write code while developing a web application which results in SQL injection vulnerability, how attacker uses this flaw to gain unauthorized access and how can we change code little bit to overcome our mistakes and prevent attackers from using SQL injection in web application which makes our application more secure. This articles uses PHP and MySQL to show example but other languages have also similar function to prevent SQL injection. So lets see what SQL injection is. What is SQL Injection? SQL injection is a type of web application vulnerability using which an attacker can manipulate and submit a SQL command to retrieve unauthorized information from database. This type of attack mostly occurs when a web application executes data provided by user without validating or escaping it. SQL injection can give access to sensitive information such as financial data, credit card information or users personal information to the attacker and allows the attacker to manipulate data stored in database. It is not a database or web application server issue but it is a web application programming issue and most of the developers are not aware of this. What can an attacker achieve using SQL injection? Based on the application and how user data is handled by application, SQL injection attack is used for following. There are other scenario also. Unauthorized login:- Attacker can use SQL injection to get unauthorized access to users account and perform any action they want on that account. Privileges escalation:- A user with less privilege can use sql injection to login to an account with more privileges than his account and add more privileges to his account so that attacker can access more data/features of that application. Tamper with database data:- Attacker can update database data to change other profile details, change password which will result in problem for the other user. Dumping database:- Attacker can use SQL injection to dump all data from database and expose it with sensitive information like logins, credit card information etc of users. Deletion/destruction of data:- SQL injection can be used to delete data from database making website loose all records of user and all their details. Read files of web server:- Attacker can use SQL injection to load file present in web server and read the application code, configuration files etc. Damage company's reputation:- SQL injection can be used to dump all data and can be made it available publicly. No user likes their personal/sensitive data leaked. How can we prevent SQL injection? Never believe in user input and client side validation. Always validate user input on server end for specific data type or convert data to specific data type before using it in query. For string data, escape single quotes and double quotes or convert string to html entities(this will increase length of string, so depending upon the field type/length, use it). Try to avoid creating query using string concatenation. It is one of the main reason which makes a web application vulnerable to SQL injection but most of the developers use this approach to generate query because they find it easy without thinking or knowing about the mistake they are making. Use prepared statement and parameter binding. Whenever possible replace potentially dangerous characters for database from user input data. [TABLE=width: 500] [TR] [TD=align: center]Special Database Characters[/TD] [TD=align: center]Function in database[/TD] [/TR] [TR] [TD=align: center];[/TD] [TD=align: center]Query Delimiter[/TD] [/TR] [TR] [TD=align: center]'[/TD] [TD=align: center]Character data string delimiter[/TD] [/TR] [TR] [TD=align: center]--[/TD] [TD=align: center]Single line comment[/TD] [/TR] [TR] [TD=align: center]/* */[/TD] [TD=align: center]Multiline comment[/TD] [/TR] [TR] [TD=align: center][/TD] [TD][/TD] [/TR] [/TABLE] NOTE: Special database characters may vary from database to database. Use account with less permissions for web application to execute query. Now lets do some real work. Lets see how we write code which allows hacker to use SQL injection in website and with that we will see how can we write few more lines of code with that code to prevent SQL injection in website. We will see it using PHP but the same thing can be done to/using application written in other programming language. So lets begin. Lets see the classic example first which everyone says when you ask about SQL injection. Articol: SecurePHPWebAppCoding - SQL Injection - what is it and how to stop it? - CodeProject

[h=3]Defence - Beating Keyloggers to protect Domain Admin Creds - Windows[/h] Hi All, This post is a little different to what I normally do and I think it is a long time coming in general. Nowadays the bloggers in the IT Security community are all focusing on the hacks, exploits and ways to break in. I thought I would show you a way to improve the overall security of your network. This can be implemented quite easily and is a control mandated in the Internet Security Manual. For anyone not in Australia or not aware of the ISM here is the blurb from ASD. “The Australian Signals Directorate (ASD) produces the Australian Government Information Security Manual (ISM). The manual is the standard which governs the security of government ICT systems” Link: http://www.asd.gov.au/publications/Information_Security_Manual_2014_Controls.pdf I want to state that this is not the only way to design your network and this example is specifically for handling keylogging to protect your domain admin accounts. From what I am seeing there are two types of networks around these days. Flat Networks: Hosts, Admin hosts and Servers in same Subnet Layered networks: Hosts one subnet, admin another subnet and servers in another subnet In a flat network any normal host / admin host can RDP into any server. In a layered network normal hosts cannot RDP into the server subnet but admin hosts can. What does this mean for keyloggers? Flat Network In a flat network your domain admins / server admins are able to logon to any server they want with their admin credentials. If this is the same as there workstation credentials, email associated, this is a bad thing in general. For this example we will assume the following: The workstation credentials are different to the admin credentials. The workstation credential will be named BobSmith The admin credentials will be named BobAdmin. Layered Network Now expand on this, Bob is in a separate subnet to the rest of the environment and he can RDP to any server he chooses to. Bob has a keylogger that he doesn’t know about. When bob decides to logon to Server A he uses his BobAdmin account. Here is what it looks like. Attack #1 Bob logs in to RDP server. Meterpreter dumps out the password that is typed and Admin credentials are presented. Dammit! Isn’t defense in layers supposed to be better? Well yes. So you are now asking how do you protect the domain admin credentials? Easy… Setup a management server. Here is a picture of how it works. I dummied up some IP ranges to give you an example. Management Server: You can handle this one of two ways. Bob Smith needs a separate account that is allowed to RDP onto the management server but has no admin privileges on the management server. For example an account named bobRDP. bobRDP can only RDP to the management server and nowhere else. Bob Smith uses ‘BobSmith’ to RDP to the server and again has no admin privileges on the management server. Option 1 allows a little more separation of accounts and adds an administrative burden. Option 2 is a quick fix. It is important that BobSmith is only allowed to logon to the management server and nowhere else. Essentially the admin subnet is only allowed TCP 3389 / RDP to the management server NOWHERE ELSE! No other ports. For this example I am using option 2 because I’m lazy and it allows me to bang out this post quickly. Attack # 2 Permissions on Jump Server for bobsmith Pre meterpreter dump on Bobs workstation. Nothing showed. Bob RDPs to the management server Runs mstsc and RDPs to domain controller server. Open Command Prompt on Jump Server Open Command prompt on Nested RDP - Domain controller Dump of meterpreter keylogger after As you can see there is no remnants of bobAdmins password or him typing in the management server. Keylogging problem solved! Now people may look at this post and find so many ways around this design with other attack vectors. But, this post was specifically for one issue and that is to beatMy keyloggers nothing else. Hopefully this post has been helpful to you. Posted by Mickey Perre at 20:07 Sursa: Mickeys Security Blogspot: Defence - Beating Keyloggers to protect Domain Admin Creds - Windows

FLARE IDA Pro Script Series: MSDN Annotations IDA Pro for Malware Analysis September 11, 2014 | By Moritz Raabe | The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed Strings in Malware. As always, you can download these scripts at the following location: https://github.com/fireeye/flare-ida. We hope you find all these scripts as useful as we do. Motivation During my summer internship with the FLARE team, my goal was to develop IDAPython plug-ins that speed up the reverse engineering workflow in IDA Pro. While analyzing malware samples with the team, I realized that a lot of time is spent looking up information about functions, arguments, and constants at the Microsoft Developer Network (MSDN) website. Frequently switching to the developer documentation can interrupt the reverse engineering process, so we thought about ways to integrate MSDN information into IDA Pro automatically. In this blog post we will release a script that does just that, and we will show you how to use it. Introduction The MSDN Annotations plug-in integrates information about functions, arguments and return values into IDA Pro’s disassembly listing in the form of IDA comments. This allows the information to be integrated as seamlessly as possible. Additionally, the plug-in is able to automatically rename constants, which further speeds up the analyst workflow. The plug-in relies on an offline XML database file, which is generated from Microsoft’s documentation and IDA type library files. Features Table 1 shows what benefit the plug-in provides to an analyst. On the left you can see IDA Pro’s standard disassembly: seven arguments get pushed onto the stack and then the CreateFileA function is called. Normally an analyst would have to look up function, argument and possibly constant descriptions in the documentation to understand what this code snippet is trying to accomplish. To obtain readable constant values, an analyst would be required to research the respective argument, import the corresponding standard enumeration into IDA and then manually rename each value. The right side of Table 1 shows the result of executing our plug-in showing the support it offers to an analyst. The most obvious change is that constants are renamed automatically. In this example, 40000000h was automatically converted to GENERIC_WRITE. Additionally, each function argument is renamed to a unique name, so the corresponding description can be added to the disassembly. Table 1: Automatic labelling of standard symbolic constants In Figure 1 you can see how the plug-in enables you to display function, argument, and constant information right within the disassembly. The top image shows how hovering over the CreateFileA function displays a short description and the return value. In the middle image, hovering over the hTemplateFile argument displays the corresponding description. And in the bottom image, you can see how hovering over dwShareMode, the automatically renamed constant displays descriptive information. Functions Arguments Constants Figure 1: Hovering function names, arguments and constants displays the respective descriptions How it works Before the plug-in makes any changes to the disassembly, it creates a backup of the current IDA database file (IDB). This file gets stored in the same directory as the current database and can be used to revert to the previous markup in case you do not like the changes or something goes wrong. The plug-in is designed to run once on a sample before you start your analysis. It relies on an offline database generated from the MSDN documentation and IDA Pro type library (TIL) files. For every function reference in the import table, the plug-in annotates the function’s description and return value, adds argument descriptions, and renames constants. An example of an annotated import table is depicted in Figure 2. It shows how a descriptive comment is added to each API function call. In order to identify addresses of instructions that position arguments prior to a function call, the plug-in relies on IDA Pro’s markup. Figure 2: Annotated import table Figure 3 shows the additional .msdn segment the plug-in creates in order to store argument descriptions. This only impacts the IDA database file and does not modify the original binary. Figure 3: The additional segment added to the IDA database The .msdn segment stores the argument descriptions as shown in Figure 4. The unique argument names and their descriptive comments are sequentially added to the segment. Figure 4: Names and comments inserted for argument descriptions To allow the user to see constant descriptions by hovering over constants in the disassembly, the plug-in imports IDA Pro’s relevant standard enumeration and adds descriptive comments to the enumeration members. Figure 5 shows this for the MACRO_CREATE enumeration, which stores constants passed as dwCreationDisposition to CreateFileA. Figure 5: Descriptions added to the constant enumeration members Preparing the MSDN database file The plug-in’s graphical interface requires you to have the QT framework and Python scripting installed. This is included with the IDA Pro 6.6 release. You can also set it up for IDA 6.5 as described here (Precompiled PySide binaries for IDA Pro | Hex Blog). As mentioned earlier, the plug-in requires an XML database file storing the MSDN documentation. We cannot distribute the database file with the plug-in because Microsoft holds the copyright for it. However, we provide a script to generate the database file. It can be cloned from the git repository at https://github.com/fireeye/flare-ida together with the annotation plug-in. You can take the following steps to setup the database file. You only have to do this once. Download and install an offline version of the MSDN documentationYou can download the Microsoft Windows SDK MSDN documentation. The standalone installer can be downloaded from Download Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1 (ISO) from Official Microsoft Download Center. Although it is not the newest SDK version, it includes all the needed information and data extraction is straight-forward.As shown in Figure 6, you can select to only install the help files. By default they are located in C:\Program Files\Microsoft SDKs\Windows\v7.0\Help\1033. Figure 6: Installing a local copy of the MSDN documentation Extract the files with an archive manager like 7-zip to a directory of your choice. Download and extract tilib.exe from Hex-Ray’s download page at https://www.hex-rays.com/products/ida/support/download.shtml To allow the plug-in to rename constants, it needs to know which enumerations to import. IDA Pro stores this information in TIL files located in %IDADIR%/til/. Hex-Rays provides a tool (tilib) to show TIL file contents via their download page for registered users. Download the tilib archive and extract the binary into %IDADIR%. If you run tilib without any arguments and it displays its help message, the program is running correctly. Run MSDN_crawler/msdn_crawler.py <path to extracted MSDN documentation> <path to tilib.exe> <path to til files> With these prerequisites fulfilled, you can run the MSDN_crawler.py script, located in the MSDN_crawler directory. It expects the path to the TIL files you want to extract (normally %IDADIR%/til/pc/) and the path to the extracted MSDN documentation. After the script finishes execution the final XML database file should be located in the MSDN_data directory. You can now run our plug-in to annotate your disassembly in IDA. Running the MSDN annotations plug-in In IDA, use File – Script file… (ALT + F7) to open the script named annotate_IDB_MSDN.py. This will display the dialog box shown in Figure 7 that allows you to configure the modifications the plug-in performs. By default, the plug-in annotates functions, arguments and rename constants. If you change the settings and execute the plug-in by clicking OK, your settings get stored in a configuration file in the plug-in’s directory. This allows you to quickly run the plug-in on other samples using your preferred settings. If you do not choose to annotate functions and/or arguments, you will not be able to see the respective descriptions by hovering over the element. Figure 7: The plug-in’s configuration window showing the default settings When you choose to use repeatable comments for function name annotations, the description is visible in the disassembly listing, as shown in Figure 8. Figure 8: The plug-in’s preview of function annotations with repeatable comments Similar Tools and Known Limitations Parts of our solution were inspired by existing IDA Pro plug-ins, such as IDAScope and IDAAPIHelp. A special thank you goes out to Zynamics for their MSDN crawler and the IDA importer which greatly supported our development. Our plug-in has mainly been tested on IDA Pro for Windows, though it should work on all platforms. Due to the structure of the MSDN documentation and limitations of the MSDN crawler, not all constants can be parsed automatically. When you encounter missing information you can extend the annotation database by placing files with supplemental information into the MSDN_data directory. In order to be processed correctly, they have to be valid XML following the schema given in the main database file (msdn_data.xml). However, if you want to extend partly existing function information, you only have to add the additional fields. Name tags are mandatory for this, as they get used to identify the respective element. For example, if the parser did not recognize a commonly used constant, we could add the information manually. For the CreateFileA function’s dwDesiredAccess argument the additional information could look similar to Listing 1. [TABLE=width: 100%] [TR] [TD] <?xml version=”1.0? encoding=”ISO-8859-1??> <msdn> <functions> <function> <name>CreateFileA</name> <arguments> <argument> <name>dwDesiredAccess</name> <constants enums=”MACRO_GENERIC”> <constant> <name>GENERIC_ALL</name> <value>0×10000000</value> <description>All possible access rights</description> </constant> <constant> <name>GENERIC_EXECUTE</name> <value>0×20000000</value> <description>Execute access</description> </constant> <constant> <name>GENERIC_WRITE</name> <value>0×40000000</value> <description>Write access</description> </constant> <constant> <name>GENERIC_READ</name> <value>0×80000000</value> <description>Read access</description> </constant> </constants> </argument> </arguments> </function> </functions> </msdn> [/TD] [/TR] [/TABLE] Listing 1: Additional information enhancing the dwDesiredAccess argument for the CreateFileA function Conclusion In this post, we showed how you can generate a MSDN database file used by our plug-in to automatically annotate information about functions, arguments and constants into IDA Pro’s disassembly. Furthermore, we talked about how the plug-in works, and how you can configure and customize it. We hope this speeds up your analysis process! Stay tuned for the FLARE Team’s next post where we will release solutions for the FLARE On Challenge (www.flare-on.com). Sursa: FLARE IDA Pro Script Series: MSDN Annotations IDA Pro for Malware Analysis | FireEye Blog

Using this CLI tool you can download backups of devices assigned to your AppleID. Based on iphone-dataprotection script, so copyrights belong to respective owners. Offset operations added and other minor bugs fixed. This tool is for educational purposes only. Before you start, make sure it's not illegal in your country. Follow us on twitter @hackappcom and facebook Hackapp blog Mobile Applications Scanner hackapp.com [h=1]Example[/h] python iloot.py <appleID> <password> Sursa: https://github.com/hackappcom/iloot

Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be. See What's new! Feature Additions Intelli Fuzzer Context Based Fuzzer Blind Fuzzer HTA Network Configuration HTA Drive-By HTA Drive-By Reverse Shell JSFuck 6 Char Encoder jjencode Encoder aaencode Encoder IP to Location IP to GeoLocation IP Hinting Download Spoofer HTML5 Geolocation API Reverse TCP Shell Addon (Linux) OAuth 1.0a Request Scanner 4800+ Payloads SSL Error Fixed Download OWASP Xenotix XSS Exploit Framework or https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework Regards, Ajin | @ajinabraham Sursa: WebApp Sec: OWASP Xenotix XSS Exploit Framework v6 Released

[h=1]IDA Sploiter[/h] [TABLE] [TR] [TH]Download[/TH] [TD] idasploiter-1.0.zip [/TD] [/TR] [TR] [TH]Size[/TH] [TD] 25.4 KB [/TD] [/TR] [TR] [TH]Date[/TH] [TD]September 14th, 2014[/TD] [/TR] [TR] [TH]Version[/TH] [TD]1.0[/TD] [/TR] [/TABLE] IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool. Some of the plugin's features include a powerful ROP gadgets search engine, semantic gadget analysis and filtering, interactive ROP chain builder, stack pivot analysis, writable function pointer search, cyclic memory pattern generation and offset analysis, detection of bad characters and memory holes, and many others. The motivation for the development of IDA Sploiter was to make IDA Pro a comfortable, powerful and integrated environment for vulnerability research and exploit development. The plugin is designed to make many repetitive and time consuming tasks as effortless and natural as possible, so you can concentrate on other more challenging aspects of exploit development. To make the work with the plugin convenient, IDA Sploiter closely integrates with the IDA UI and exposes its functionality and various configurations through various views and forms. The plugin's logic uses IDA's powerful disassembly engine and various debugger plugins. As a result, IDA Sploiter can take advantage of many of IDA's unique features (e.g. building ROP chains remotely on a lab machine while effortlessly switching between debugger plugins). In the user guide below, you will find a comprehensive discussion of various plugin features and their sample use. Most of the sections are independent of each other, so you are welcome to jump ahead or read through the entire guide. Feel free to contact me if you have any questions, feature requests, bugs or just to say hello Table of Contents Installation Compatibility User guide Modules Filtering Modules Searching module selection [*]ROP gadgets Searching ROP gadgets Viewing ROP gadgets Syntactic and semantic gadget filters ROP chain builder Stack Pivoting Exporting [*]Writable function pointers Searching writable function pointers Viewing writable function pointers Pointer offsets Setting breakpoints Exporting [*]Memory patterns Creating a pattern Detecting a pattern [*]Comparing file to memory [*]Special Note [*]References Sursa: ida sploiter | projects | sprawl

[h=2]Text Processing in Python[/h] [h=3]David Mertz[/h] Intermediate This is an example-driven, hands on tutorial that carefully teaches programmers how to accomplish numerous text processing tasks using Python. [h=2]Probabilistic Programming and Bayesian Methods for Hackers: Using Python and PyMC[/h] [h=3]Cam Davidson-Pilon and community[/h] Intermediate aka 'Bayesian Methods for Hackers': An introduction to Bayesian methods + probabilistic programming in data analysis with a computation/understanding-first, mathematics-second point of view. All in pure Python [h=2]Explore Flask[/h] [h=3]Robert Picard.[/h] Intermediate This book is a collection of the best practices for using Flask. There are a lot of pieces to the average Flask application. [h=2]Building skills in Python[/h] [h=3]Steven F. Lot [/h] Beginner This 450+ page book has 42 chapters that will help you build Python programming skills through a series of exercises. This book includes six projects from straight-forward to sophisticated that will help solidify your Python skills. [h=2]web2py Complete Manual[/h] [h=3]Massimo Di Pierro[/h] Intermediate As you will learn in the following pages, web2py tries to lower the barrier of entry to web development by focusing on three main goals: ease of use, rapid development and security [h=2]Learning Python, 4th Edition[/h] [h=3]Mark Lutz[/h] Beginner It's an easy-to-follow self-paced tutorial, based on author and Python expert Mark Lutz's popular training course. [h=2]The Hitchhiker’s Guide to Python![/h] [h=3]Kenneth Reitz[/h] Beginner This opinionated guide exists to provide both novice and expert Python developers a best-practice handbook to the installation, configuration, and usage of Python on a daily basis. [h=2]Biopython[/h] [h=3]Various authors[/h] Intermediate This is a tutorial and cookbook for Biopython (Biopython is a set of freely available toos for biological computations. [h=2]Invent Your Own Computer Games with Python[/h] [h=3]Al Sweigart[/h] Intermediate Small and nice python game examples [h=2]Python Practice Book[/h] [h=3]Anand Chitipothu.[/h] Beginner This book is prepared from the training notes of Anand Chitipothu. Anand conducts Python trainings classes on a semi-regular basis in Bangalore, India. [h=2]Building skills in OOP[/h] [h=3]Steven F. Lot [/h] Intermediate How do you move from OO programming to OO design? This 301-page book has 49 chapters that will help you build OO design skills through the creation of a moderately complex family of application programs. [h=2]Python Cookbook, Third Edition[/h] [h=3]Various authors[/h] Intermediate This book is aimed at more experienced Python programmers who are looking to deepen their understanding of the language and modern programming idioms. [h=2]How to Tango with Django[/h] [h=3]Leif Azzopardi[/h] Beginner A beginner's guide to web development with Django 1.5.4. This book has been designed to get you going fast and to learn by example. You'll learn the key aspects of the Python Django Framework by developing an application called Rango. [h=2]Think Python[/h] [h=3]Allen B. Downey[/h] Beginner A very exhaustive book covering most of the language features, from datatypes to OOP and debugging. [h=2]Kivy programming Guide[/h] [h=3]Kivy[/h] Intermediate Discover Kivy the multitouch Python framework for desktop and mobile, and learn how to create a simple game. [h=2]Python para Desenvolvedores (2nd Edition)[/h] [h=3]Luiz Eduardo Borges[/h] Intermediate [PORTUGUESE] Este livro aborda assuntos que incluem: criação de interfaces com usuário, computação gráfica, aplicações para internet, sistemas distribuídos, entre outros. [h=2]Django Tutorial[/h] [h=3]Community[/h] Intermediate With this hands-on tutorial, discover Django the popular high-level Python Web framework that encourages rapid development and clean, pragmatic design. [h=2]Python Scientific lecture notes[/h] [h=3]by the community[/h] Intermediate Teaching material on the scientific Python ecosystem, a quick introduction to central tools and techniques. The different chapters each correspond to a 1 to 2 hours course with increasing level of expertise, from beginner to expert. [h=2]Programmez avec Python 2[/h] [h=3]Gérard Swinnen[/h] Beginner [FRENCH] Apprenez à programmer avec Python 2. Découvrez la programmation et le language Python grâce à cet ouvrage de référence. [h=2]Making games with Python and Pygame[/h] [h=3]Al Sweigart[/h] Intermediate Making Games with Python & Pygame” covers the Pygame library with the source code for 11 games. [h=2]Pyramid for Humans[/h] [h=3]Community[/h] Intermediate With this tutorial, discover Pyramid a Python web application development framework. Its primary goal is to make it easier for a Python developer to create web applications. [h=2]Problem Solving with Algorithms and Data Structures Using Python[/h] [h=3]B. Miller & D. Ranum[/h] Intermediate This book is a CS2 data structures textbook, with a review of Python concepts in chapter 1 [h=2]Flask microframework[/h] [h=3]Armin Ronacher[/h] Intermediate Learn the Flask web microframework by example. Flask aims to keep the core simple but extensible and gives you freedom to choose the libraries of your choice. [h=2]Learn Python The Hard Way[/h] [h=3]Zed A. Shaw[/h] Beginner Have you always wanted to learn how to code but never thought you could? Do you want to challenge your brain in a new way? [h=2]Python for you and me[/h] [h=3]Kushal Das[/h] Beginner A book for the total new comers into Python world. Was started as book for students before they read Python tutorial. [h=2]Programmez avec Python 3[/h] [h=3]Gérard Swinnen[/h] Beginner [FRENCH] Apprenez à programmer avec Python 3. Mise à jour du précédent ouvrage avec les spécificité de Python 3. [h=2]How to Think Like a Computer Scientist: Second Interactive Edition[/h] [h=3]B. Miller & D. Ranum[/h] Beginner This interactive book teaches you Python the interactive way, right in the browser. [h=2]Dive into Python (2004)[/h] [h=3]Mark Pilgrim[/h] Intermediate Dive Into Python is a free Python book (from 2004) for experienced programmers. It covers many basics of the language [h=2]Hacking Secret Ciphers with Python[/h] [h=3]Al Sweigart[/h] Beginner The book teaches complete beginners how to program in the Python programming language. The reader not only learns about several classical ciphers, but also how to write programs that encrypt and hack these ciphers. [h=2]Test-Driven Development with Python[/h] [h=3]Harry Percival[/h] Intermediate This book uses a concrete example—the development of a website, from scratch—to teach the TDD metholology, and how it applies to web programming, from the basics of database integration and javascript, going via browser-automation tools like Selenium, to advanced (and trendy) topics like NoSQL, websockets and Async programming. [h=2]Dive into Python 3[/h] [h=3]Mark Pilgrim[/h] Intermediate Dive Into Python 3 covers what's new in Python 3 and how its differs from Python 2. [h=2]High Performance Python tutorial[/h] [h=3]Ian Ozsvald[/h] Advanced In this 55 pages tutorial, Ian Ozsvald shows you a number of techniques to get a 10-500 performance increase in your Python apps, from profiling, to PyPy, numPy, Multiprocessing... [h=2]Python course[/h] [h=3]Patrick Fuchs / Pierre Poulain,[/h] Beginner [FRENCH] Beginner and progressive course about Python theory and concepts [h=2]Modeling Creativity[/h] [h=3]Tom De Smedt[/h] Intermediate Case studies in Python - using the libraries nodebox and pattern the author creates wonderful fractals and infographics; python code snippets included [h=2]A byte of Python[/h] [h=3]Swaroop C H[/h] Beginner This book aims to help you learn the wonderful Python language and show how to get things done quickly and painlessly - in effect 'The Perfect Anti-venom to your programming problems'. [h=2]Python 101 - Introduction to Python[/h] [h=3]Dave Kuhlman[/h] Beginner This document is a syllabus for a first course in Python programming. This course contains an introduction to the Python language, instruction in the important and commonly used features of the language, and practical excercises in the use of those features. [h=2]A bit of Python & other things.[/h] [h=3]Jesse Noller[/h] Beginner A usefull page with good links to read about Python [h=2]Snake Wrangling for Kids[/h] [h=3]Jason R. Briggs[/h] Beginner [DOWNLOAD REQUIRED] For children 8 years and older, who would like to learn computer programming. It covers the very basics of programming, and uses the Python programming language to teach the concepts. [h=2]Data Structures and Algorithms with Object-Oriented Design Patterns in Python[/h] [h=3]Bruno R. Preiss[/h] Intermediate This book is about the fundamentals of data structures and algorithms. It uses object oriented design patterns and teaches topics like stacks, queues, lists, hashing and graphs. There are also versions for other programming languages. [h=2]The Standard Python Library[/h] [h=3]Fredrik Lundh[/h] Intermediate This book provides a brief description of each module of the +200 Python standard library and usage examples [h=2]Python 3x Programming (sample)[/h] [h=3]Jody S. Ginther[/h] Beginner (4 free chapters) Python 3x Programming, Made Fun and Easier by Jody S. Ginther is for the beginning programmer who wants to learn visually and have some fun while learning programming. The full course will take the beginner from ground zero to making their own arcade style game complete with; music, sound, graphics, and how to make a distribution package to share it with your friends in 21 lessons. [h=2]Porting to Python 3: An in-depth guide[/h] [h=3]Lennart Regebro[/h] Intermediate This book guides you through the process of porting your Python 2 code to Python 3, from choosing a porting strategy to solving your distribution issues. Using plenty of code examples is takes you cross the hurdles and shows you the new Python features. [h=2]Programming Computer Vision with Python[/h] [h=3]Jan Erik Solem[/h] Advanced [PDF DRAFT] This book gives an entry point to hands-on computer vision (images, videos...) with enough understanding of the underlying theory and algorithms. [h=2]Think Complexity[/h] [h=3]Allen B. Downey[/h] Advanced This book is about complexity science, data structures and algorithms, intermediate programming in Python, and the philosophy of science. [h=2]Natural Language Processing with Python[/h] [h=3]S. Bird, E. Klein & E. Loper[/h] Advanced Practical introduction to programming for language processing, written by the creators of NLTK. [h=2]Think Stats[/h] [h=3]Allen B. Downey[/h] Advanced Think Stats is an introduction to Probability and Statistics for Python programmers. [h=2]Getting Started with Django[/h] [h=3]Kenneth Love[/h] Beginner Getting Started with Django (or GSWD) is a series of video-based lessons meant to take you from novice to competent [1], or maybe even beyond. [h=2]Building skills in Programming[/h] [h=3]Steven F. Lot [/h] Beginner How do you learn to program? Through a series of simple exercises that teach programming fundamentals with an easy-to-use, easy-to-learn programming language. [h=2]An introduction to Python[/h] [h=3]John C. Lusth[/h] Beginner A complete scholar overview of all Python 3 functionnalities from the Alabama University. [h=2]Python Module of the week[/h] [h=3]Doug Hellman[/h] Intermediate The Python Module of the Week series, or PyMOTW, is a tour of the Python standard library through short and concrete examples. It covers more than 50 modules. [h=2]Djen of Django[/h] [h=3]Agiliq[/h] Intermediate Djen of Django is a book consisting of a series of small Django projects based on small real-world examples. For instance, building a Pastebin, a Blog or a Project Management Application. Djen of Django focuses on teaching the reader Django best practices through the use of real-world examples. [h=2]Python Course[/h] [h=3]Google[/h] Beginner This is a free class for people with a little bit of programming experience who want to learn Python. [h=2]A Programmer's Guide to Data Mining[/h] [h=3]Ron Zacharski[/h] Intermediate A guide to practical data mining, collective intelligence, and building recommendation systems. [h=2]Python in Hydrology[/h] [h=3]Sat Kumar Tomer[/h] Beginner Python in Hydrology is written for learning Python using its applications in hydrology. The book covers the basic applications of hydrology, and also the advanced topic like use of copula. [h=2]Non-Programmer's Tutorial for Python 3[/h] [h=3]Josh Cogliati/Wikibooks/Others[/h] Beginner The Non-Programmers' Tutorial For Python 3 is a tutorial designed to be an introduction to the Python programming language. This guide is for someone with no programming experience. [h=2]Python para todos[/h] [h=3]Raúl González Duque[/h] Beginner [sPANISH] Libro sobre programación en Python a modo de tutorial, adecuado para todos los niveles de aprendizaje, desde novatos hasta expertos que quieren conocer más sobre Python. Sursa: PythonBooks - Learn Python the easy way !

SpyFiles 4 Release Documents Customers Database Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others. FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release. Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries aroud the world and documented its use against journalists, activists and political dissidents. Julian Assange, WikiLeaks Editor in Chief said: "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers." FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy Master. [TABLE=class: table table-bordered] [TR] [TH]File Name[/TH] [TH]Product Name[/TH] [TH]MD5[/TH] [TH]File Size[/TH] [/TR] [TR] [TD]ffrelay-debian-4.30.ggi.zip[/TD] [TD]FinFisher Relay v4.30[/TD] [TD]180caf23dd71383921e368128fb6db52[/TD] [TD]224K[/TD] [/TR] [TR] [TD]finspy_proxy.zip[/TD] [TD]FinSpy Proxy v2.10[/TD] [TD]3dfdac1304eeaaaff57cc11317768511[/TD] [TD]320K[/TD] [/TR] [TR] [TD]finspy_master.zip[/TD] [TD]FinSpy Master v2.10[/TD] [TD]03d93c49a536d149206f5524d87fa319[/TD] [TD]2.5M[/TD] [/TR] [/TABLE] WikiLeaks is also publishing previously unreleased copies of the FinFisher FinSpy PC spyware for Windows. This software is designed to be covertly installed on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone (you can find more details on FinSpy in the first SpyFiles release). In order to prevent any accidental execution and infection, the following files have been renamed and compressed in password protected archives (the password is "infected"). They are weaponised malware, so handle carefully. [TABLE=class: table table-bordered] [TR] [TH]File Name[/TH] [TH]Product Name[/TH] [TH]MD5[/TH] [TH]File Size[/TH] [/TR] [TR] [TD]finfisher.1.zip[/TD] [TD]FinSpy PC[/TD] [TD]2d5c810035dc0f83036fb12e8775817a[/TD] [TD]736K[/TD] [/TR] [TR] [TD]finfisher.2.zip[/TD] [TD]FinSpy PC[/TD] [TD]434b83eba7619cb706492ff019ade0d5[/TD] [TD]576K[/TD] [/TR] [/TABLE] In order to challenge the secrecy and the lack of accountability of the surveillance industry, analyzing the internals of this software could allow security and privacy researchers to develop new fingerprints and detection techniques, identify more countries currently using the FinFisher spyware and uncover human rights abuses. In addition, in this fourth iteration of the SpyFiles collection, WikiLeaks publishes the newly indexed material the same as the recent FinFisher breach (for which you can find the torrent file here), including new brochures and a database of the customer support website, that provide updated details on their productline and a unique insight into the company's customer-base. In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher's price list. WikiLeaks conservatively estimates FinFisher's revenue from these sales to amount to around €50,000,000. Within the full list of customers, it's worth noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition. Together with the previous releases, the SpyFiles collection represents a unique and central resource where to find extensive and exclusive documentation about the global surveillance industry, also indexed and searchable through the =9&sort=0"]WikiLeaks Search. Sursa: https://wikileaks.org/spyfiles4/index.html

ANAF a lansat platforma online prin care persoanele pot afla date despre situa?ia lor fiscal?. Cum func?ioneaz? "Spa?iul virtual privat" ANAF a lansat luni platforma online pe site-ul propriu prin care persoanele fizice pot solicita, în urma înregistr?rii ?i autentific?rii cu username ?i parol?, informa?ii precum situa?ia obliga?iilor de plat?, nivelul CAS declarat de angajator ?i decizia de impunere, r?spunsul venind tot electronic. Platforma, denumit? "Spa?iul virtual privat", este dedicat? deocamdat? persoanelor fizice, în cadrul unui proiect pilot pentru Bucure?ti ?i Ilfov, iar datele pot fi consultate 24 din 24 de ore. "În 2015 inten?ion?m s? extindem proiectul în toat? ?ara, iar dup? ce-l extindem se vor ad?uga în Spa?iul virtual privat ?i alte informa?ii, precum decizii de impunere pentru pl??i anticipate ?i pentru alte accesorii, soma?ii ?i titluri executorii. De asemenea, tot în 2015 vrem s? extindem programul ?i c?tre persoanele juridice, care se vor putea loga cu username ?i parol?", a declarat luni, ministrul Finan?elor Publice, Maria Ioana Petrescu, la lansarea platformei, la care a participat ?i premierul Victor Ponta. Ea a ar?tat c?, în prezent, firmele î?i pot verifica situa?ia fiscal? doar dac? de?in un certificat digital de semn?tur?, care se ob?ine contra cost. Bugetul pentru acest program pilot a fost zero, potrivit ministrului, la care a lucrat o echip? mixt? a ANAF ?i MFP, îns? pentru extinderea la nivel na?ional este nevoie de o infrastructur? de servere. "Suntem în discu?ie cu Banca Mondial? pentru ca serverele pe care trebuie s? le trimit? pentru modernizarea ANAF s? vin? în timp util pentru acest program", a precizat Petrescu. Persoanele fizice pot efectua solicit?rile online, dup? ce s-au autentificat în sistem, iar r?spunsurile sunt primite tot în cadrul aplica?iei, într-o sec?iune de mesaje, cu documentele cerute ata?ate. Obliga?iile de plat? trimise de ANAF sunt valabile pentru ultima zi a lunii anterioare interog?rii, iar deciziile de impunere se pot primi dac? sunt emise dup? data punerii în func?iune a sistemului. Pentru angaja?ii care au venituri doar din contracte individuale de munc? nu se emit decizii de impunere, astfel c? pentru înregistrarea în spa?iul virtual identificarea lor trebuie f?cut? direct la ghi?eul ANAF. Totodat?, ANAF va pune la dispozi?ia contribuabilului serviciul "Buletinul informativ fiscal", inclusiv în perioada de aplicare a proiectului pilot, care va include informa?ii publice cu caracter fiscal, precum calendarul obliga?iilor fiscale, nout??i legislative, ghiduri fiscale, campanii derulate ?i comunicate de pres?. Sursa: ANAF a lansat platforma online prin care persoanele pot afla date despre situa?ia lor fiscal?. Cum func?ioneaz? "Spa?iul virtual privat" - Mediafax

How to start blogging with Microsoft Word Alex Castle Sep 15, 2014 3:30 AM Blogging with Microsoft Word lets you use the richly featured word processor to circumvent many of the underpowered, sometimes unfriendly aspects of browser-based interfaces used by platforms like WordPress or Blogger. We'll show you several ways to write and publish blog posts directly from Word, using the tools and shortcuts you already know. While the this tutorial is written for Word 2013, the necessary features are available in all versions starting from Word 2007. WordPress WordPress is a super-popular, open-source blogging platform that’s designed to be flexible, customizable and user-friendly. WordPress is also very easy to use with Microsoft Word. If you haven’t already set up a WordPress blog, you can do it in just a few minutes. Just visit WordPress.com, pick a URL that’s not taken yet, and fill in some basic personal info. WordPress will try to upsell you to the $25-per-year hosting, but if you decline you’ll still have unlimited free hosting and a “[something].wordpress.com” domain name. You’ll be asked to pick a theme for your site, connect a social media account, and write an introductory post. You can skip the latter two steps and go back to change any of this stuff at a later time. Creating a WordPress blog is easy and intuitive on WordPress.com. Setting up a WordPress blog on your own web server isn't much harder, but takes little more time. You can also download and install WordPress on almost any web host. Many hosts have scripts that handle the setup for you, but you can always visit WordPress.org to download a copy of the software. (Note that the .org website is dedicated to the WordPress software itself, while the .com website is the hosted service.) After a quick confirmation of your email address, you’re ready to begin writing your first blog post. Open up Word and click File > New. From the templates menu, choose Blog Post and click Create. Crafting blog posts in Word provides a familiar interface and set of tools. Not all of Word's functionality is available, though. Click the button at the top left of the window marked Manage Accounts. In the dialog that pops up, you can add any number of accounts and choose which one to publish to. Click New Account and choose WordPress from the dropdown menu. You’ll be asked for your blog’s URL (enter it without the “www.”), account name, and password. Once you’ve done that, just use the formatting tools in Word to write as you normally would. When you’re done, click the Publish button in the top left. Your post will be uploaded to your WordPress blog. When viewed in a browser, WordPress posts crafted in Word will look as you expect them to. Spacing and colors are subject to the the theme you choose for your Blog, however. If you’d like to upload it but not make it public yet, click on the arrow under Publish and choose Publish as Draft. You’ll be able to find the post in your WordPress posts list, and you can publish it whenever you want. Blogger Another popular blogging platform is Google’s Blogger. Google account integration is obviously one of its advantages over WordPress, but Microsoft Word’s integration with the service isn’t quite as polished. Word can’t upload images directly to Blogger, for instance—you’ll have to go into the Blogger CMS (content management system) and add them manually. To get started, go to Blogger and log in with a Google account. The default setting is to link your Blogger blog to your Google+ account, but you could also choose to log in with a limited Blogger account. You’ll still log in with your Google account, but you can pick a new user name for the Blogger profile, and the two won’t be publicly linked. Creating a new Blogger blog is very simple, especially for the Google faithful. Next, you’ll see the Blogger dashboard, which shows you a (still empty) list of blogs you own. Click the “New Blog” button. Like WordPress, you choose a domain name as well as a theme for your site. Click “Create Blog,” and you’re ready to post. Back in Word, you can post to Blogger the same way as in the WordPress section above—just click File > New > Blog post and add your Blogger account information in the account manager. Because you can’t automatically upload images to Blogger using this method, your posts will have to be text-only. Still, you can use Word’s text-formatting options, such as headers, bold and italics and text alignment, and that will carry over to your blog post intact. Using other platforms Although WordPress and Blogger are better suited to fledgling bloggers, a few other blog platforms work with Microsoft Word’s publishing capability, including TypePad, and Microsoft’s own SharePoint. Here’s the trick you can use with alternative blogging platforms. Normally, if you copy and paste text from Word into a browser-based editor, the post will be utterly, irrevocably messed up by Word's usually-invisible formatting data, which turns into gibberish when you copy it into a different editor. Copying the Word text into a plaintext editor like Notepad strips out all the formatting data. Next, copy the text from Notepad into the target editor (like a web form). This will keep your post from breaking, but it strips out all the formatting, which kind of defeats the purpose of using Word in the first place. Converting your Word document to Google Docs format will strip out the parts of the Word document that don't translate well to a copy-and-paste. You can strip out the junk data without removing the formatting by using Google Drive. Just save your draft as a .doc or .docx file, then upload that to your Google Drive. Open the file using Google’s web-based word processor, Docs. The processor will automatically convert the word file into blog-friendly HTML, and you can copy-paste the whole post from the Google editor to your blog platform of choice, keeping all your formatting. This trick won’t work for all browser editors, and you might have to make a few corrective tweaks. Still, it’s a lot easier than reformatting a long post from scratch. Sursa: How to start blogging using Microsoft Word with WordPress or Blogger