Nytro

compile : Da, am avut si eu aceasta problema. Thread safe nu cred ca se poate face, cel putin nu in proportie de 100%, dar se poate incerca ceva: 1. Iti faci o lista cu toate threadurile 2. Faci GetThreadConext pe toate 3. Suspenzi toate thread-urile in afara de thread-ul curent si thread-ul care apeleaza functia hooked 4. Verifici daca vreun alt thread, bazat pe context, executa cod in acei bytes ai tai 5. Permiti doar executia acelor thread-uri: cel curent si cel care apeleaza functia 6. Dupa ce ai dat restore la bytes dai resume tuturor thread-urilor Ce poate sa nu mearga ok: 1. Sa apeleze un alt proces CreateRemoteThread si sa faca vreo prostie 2. Tot oprind si pornind thread-uri in mod "aleator" sa crape programul (la modul logic de functionare) O solutie 1337 ar fi: 1. Iei toate functiile pe care vrei sa pui hook 2. Aloci o zona de memorie cu read, write, execute 3. Copiezi functiile acolo (trebuie sa stii "dimensiunea" lor, nu te poti baza pe ret/retn) 4. Pui 5 x NOP + mov edi, edi inainte de fiecare functie 5. Modifici toti pointerii la functii catre noua locatie 6. Hook ca pe WinAPI cu jmp-5 + jmp (thread safe) Problema: - Daca procesul a facut GetProcAddress ramane cu vechiul pointer la functie + Dar acolo pui un simplu jmp catre noua locatie

Cum se face "safe": Microsoft WinAPI au acel "mov edi, edi" - 2 bytes care nu fac nimic si un singur ciclu de procesor special pentru asa ceva. Chiar daca era doar "push ebp, mov ebp, esp" tot nu era thread safe deoarece poate se executa prima instructine, apoi se punea hook si crapa. Doar WinAPI cu acel mov edi, edi permit sa fie sigur, se pune un jmp -5 (2 bytes, short jump, in loc de acel "mov edi, edi") si inainte de fiecare winapi sunt 5 NOP-uri in care se pune lejer un jmp. Util: Why do Windows functions all begin with a pointless MOV EDI, EDI instruction? - The Old New Thing - Site Home - MSDN Blogs A, am inteles intrebarea: 0. Cand pun hook-ul pastrez primii 5 bytes ai functiei intr-o variabila globala 1. Pun jmp indiferent de ce instructiune este si schimb astfel primii 5 bytes 2. In codul meu, la care se sare cu acel jump, fac "restore" la bytes originali 3. Schimb "return EIP-ul" de pe stack (ESP in momentul apelului) 4. Apelez functia originala si fac diverse lucruri normale 5. Return EIP-ul e modificat sa cada intr-o alta functie de-a mea, "reinsert_hook" 6. Acolo pun din nou hook-ul si ciclul continua

Black Hat 2013 - Clickjacking Revisted: A Perceptual View Of Ui Security Description: We revisit UI security attacks (such as clickjacking) from a perceptual perspective and argue that limitations of human perception make UI security difficult to achieve. We develop five novel attacks that go beyond current UI security defenses. Our attacks are powerful with a 100% success rate in one case. However, they only scratch the surface of possible perceptual attacks on UI security. We discuss possible defenses against our perceptual attacks and find that possible defenses either have an unacceptable usability cost or do not provide a comprehensive defense. Finally, we posit that a number of attacks are possible with a more comprehensive study of human perception. For More Information please visit : - Black Hat USA 2013 | Briefings Sursa: Black Hat 2013 - Clickjacking Revisted: A Perceptual View Of Ui Security

Researchers create malware that communicates via silent sound, no network needed Brad Chacos @BradChacos When security researcher Dragos Ruiu claimed malware dubbed “badBIOS” allowed infected machines to communicate using sound waves alone—no network connection needed—people said he was crazy. New research from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics suggests he’s all too sane. As outlined in the Journal of Communications (PDF) and first spotted by ArsTechnica, the proof-of-concept malware prototype from Michael Hanspach and Michael Goetz can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky! The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached. The most successful method was based on software developed for underwater communications. The laptops could communicate a full 65 feet apart from each other, and the researchers say the range could be extended by chaining devices together in an audio “mesh” network, similar to the way Wi-Fi repeaters work. While the research doesn’t prove Ruiu’s badBIOS claims, it does show that the so-called “air gap” defense—that is, leaving computers with critical information disconnected from any networks—could still be vulnerable to dedicated attackers, if attackers are first able to infect the PC with audio mesh-enabled malware. Sending data via sound Transmitting data via sound waves has one glaring drawback, however: It’s slow. Terribly slow. Hanspach and Goetz’s malware topped out at a sluggish 20 bits-per-second transfer rate, but that was still fast enough to transmit keystrokes, passwords, PGP encryption keys, and other small bursts of information. “We use the keylogging software logkeys for our experiment,” they wrote. “The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached, who is now able to read the current keyboard input of the infected victim from a distant place.” In another test, the researchers used sound waves to send keystroke information to a network-connected computer, which then sent the information to the “attacker” via email. Now for the good news: This advanced proof-of-concept prototype isn’t likely to work its way into everyday malware anytime soon, especially since badware that communicates via normal Net means should be all that’s needed to infect the PCs of most users. Nevertheless, it’s ominous to see the last-line “air gap” defense fall prey to attack—especially in an age of state-sponsored malware run rampant. Lead microphone image: visual.dichotomy via Flickr/Creative Commons Sursa: Researchers create malware that communicates via silent sound, no network needed | PCWorld

Ia, cei care ziceti ca "stiti" diverse, de exemplu limbaje de programare, demonstrati ca stiti.

As vrea sa aduc in discutie raspunsul meu oficial in legatura cu activitatile, plangerile si abuzurile care se petrec pe RST chat: ma doare-n pula. Cat timp nu stricati forumul, pe chat puteti sa va injurati, sa va futeti in cur, ce vreti voi. Dar nu pe forum.

Doar o parte.

O sa va recunoasteti intre voi ca doar o sa aveti toti tricouri cu "Fan Nytro" :->

Muie vBulletin.

Good guy TheTime

[h=2]A Huge List of Free Books[/h] [h=3]Graphics Programming[/h] GPU Gems GPU Gems 2 - ch 8,14,18,29,30 as pdf GPU Gems 3 Graphics Programming Black Book ShaderX series DirectX manual (draft) Learning Modern 3D Graphics Programming (draft) [h=3]Language Agnostic[/h] Object-Oriented Reengineering Patterns Foundations of Programming Computer Musings (lectures by Donald Knuth) The Cathedral and the Bazaar Patterns and Practices: Application Architecture Guide 2.0 Security Engineering Digital Signal Processing For Engineers and Scientists Getting Real Domain Driven Design Quickly OO Design Best Kept Secrets of Peer Code Review NASA Software Measurement Handbook NASA Manager Handbook for Software Development (PDF) Introduction to Functional Programming (class lectures and slides) How to Design Programs Guide to the Software Engineering Body of Knowledge Online Course Materials Algorithms (draft) Data Structures and Algorithms Essential Skills for Agile Development Programming Languages: Application and Interpretation Learn to Program Patterns of Software: Tales from the Software Community (PDF) How to write Unmaintainable Code The Art of Unix Programming The Definitive Guide to Building Code Quality How to Think Like a Computer Scientist Planning Algorithms Mathematical Logic - an Introduction (PDF) An Introduction to the Theory of Computation Developers Developers Developers Developers (broken download link?) Linkers and loaders Let's Build a Compiler Producing Open Source Software How to Write Parallel Programs Don't Just Roll the Dice 97 Things Every Programmer Should Know How Computers Work Introduction to Information Retrieval Is Parallel Programming Hard, And, If So, What Can You Do About It? Matters Computational Type Theory and Functional Programming Getting started with Open source development (PDF) Database Fundamentals (PDF) Clever Algorithms Summary of the GoF Design Patterns Flow based Programming Algorithms and Data-Structures (PDF) Compiler Construction (PDF) Project Oberon (PDF) The Little Book of Semaphores Essential Skills for Agile Development I Am a Bug Mining of Massive Datasets Data-Intensive Text Processing with MapReduce (PDF) Understanding IP Addressing: Everything you ever wanted to know (PDF) Operating Systems and Middleware (PDF and LaTeX) Think Stats: Probability and Statistics for Programmers (PDF, code written in Python) The Architecture of Open Source Applications [h=3]ASP.NET MVC[/h] NerdDinner Walkthrough [h=3]Assembly Language[/h] ProgrammingGroundUp (PDF) Paul Carter's Tutorial on x86 Assembly Software optimization resources by Agner Fog [h=3]Bash[/h] Advanced Bash-Scripting Guide Lhunath's Bash Guide [h=3]C / C++[/h] The new C standard - an annotated reference Matters Computational: Ideas, Algorithms, Source Code, by Jorg Arndt The C book Thinking in C++, Second Edition C++ Annotations Software optimization resources by Agner Fog Introduction to Design Patterns in C++ with Qt 4 (PDF) Object Oriented Programming in C (PDF) Beej's Guide to Network Programming Learn C the hard way Also see: The Definitive C++ Book Guide and List [h=3]C#[/h] C# School (covers C# 1.0 and 2.0) Threading in C# C# Yellow Book (intro to programming) C# Programming - Wikibook C# Essentials Data Structures and Algorithms with Object-Oriented Design Patterns in C# Illustrated C# 2008 (.zip, dead link) [h=3]Clojure[/h] Clojure Programming [h=3]ColdFusion[/h] CFML In 100 Minutes [h=3]DB2[/h] Getting started with IBM Data Studio for DB2 (PDF) Getting started with IBM DB2 development (PDF) Getting started with DB2 Express-C (PDF) [h=3]Delphi / Pascal[/h] Essential Pascal Version 1 and 2 The Tomes of Delphi [h=3]Django[/h] Djangobook.com [h=3]Erlang[/h] Learn You Some Erlang For Great Good [h=3]Flex[/h] Getting started with Adobe Flex (PDF) [h=3]F#[/h] The F# Survival Guide F Sharp Programming in Wikibooks Real World Functional Programming (MSDN Chapters) [h=3]Forth[/h] Starting Forth Thinking Forth [h=3]Git[/h] Pro Git The Git Community Book Git From The Bottom Up (PDF) [h=3]Grails[/h] Getting Start with Grails [h=3]Haskell[/h] Learn You a Haskell Real World Haskell [h=3]HTML / CSS[/h] Dive Into HTML5 HTML Dog Tutorials [h=3]Java[/h] Sun's Java Tutorials Thinking in Java How to Think Like a Computer Scientist Java Thin-Client Programming OSGi in Practice (PDF) Java 6 Tutorial (PDF) [h=3]JavaScript[/h] Eloquent JavaScript Crockford's JavaScript jQuery Fundamentals (starts with JavaScript basics) Mozilla Developer Network's JavaScript Guide Essential Javascript & jQuery Design Patterns for Beginners JavaScript (Node.js specific) Up and Running with Node The Node Beginner Book Mastering Node.js [h=3]Latex[/h] The Not So Short Introduction to LATEX (perfect for beginners) [h=3]Linux[/h] Advanced Linux Programming [h=3]Lisp[/h] COMMON LISP: An Interactive Approach A Short Course in Common Lisp Structure And Interpretation of Computer Programs A Gentle Introduction to Symbolic Computation (PDF) Practical Common Lisp On Lisp ANSI Common Lisp Common Lisp the Language, 2nd Edition Successful Lisp Let Over Lambda - 50 Years of Lisp Natural Language Processing in Lisp [h=3]Lua[/h] Programming In Lua (for v5 but still largely relevant) Lua Programming Gems (not entirely free, but has a lot of free chapters and accompanying code) [h=3]Maven[/h] Better Builds with Maven Maven by Example Maven: The Complete Reference Repository Management with Nexus Developing with Eclipse and Maven [h=3]Mercurial[/h] Mercurial: The Definitive Guide HGInit - Mercurial Tutorial by Joel Spolsky [h=3]Nemerle[/h] Nemerle [h=3].NET[/h] C# School (covers C# 1.0 and 2.0) Visual Studio Tips and Tricks (VS 2003-2005 only) Entity Framework Charles Petzold's .NET Book 0 Threading in C# C# Yellow Book (intro to programming) C# Programming - Wikibook C# Essentials Data Structures and Algorithms with Object-Oriented Design Patterns in C# Nemerle [h=3]NoSQL[/h] CouchDB: The Definitive Guide The Little MongoDB Book [h=3]Oberon[/h] Programming in Oberon (PDF) [h=3]Objective-C[/h] The Objective-C Programming Language [h=3]OCaml[/h] Unix System Programming in OCaml Introduction to OCaml (PDF) [h=3]Oracle Server[/h] Oracle's Guides and Manuals [h=3]Oracle PL/SQL[/h] PL/SQL Language Reference PL/SQL Packages and Types Reference Steven Feuerstein's PL/SQL Obsession - Videos and Presentations [h=3]Parrot / Perl 6[/h] Using Perl 6 (work in progress) [h=3]Perl[/h] Higher-Order Perl Perl The Hard Way Extreme Perl Perl Free Online EBooks (meta-list) The Mason Book Practical mod_perl Beginning Perl Embedding Perl in HTML with Mason Perl & LWP Perl for the Web Web Client Programming with Perl Modern Perl 5 [h=3]PHP[/h] Symfony2 Practical PHP Programming (wiki containing O'Reilly's PHP In a Nutshell) Zend Framework: Survive the Deep End [h=3]PowerShell[/h] Mastering PowerShell [h=3]Prolog[/h] Building Expert Systems in Prolog Adventure in Prolog Prolog Programming A First Course Logic, Programming and Prolog (2ed) Introduction to Prolog for Mathematicians Learn Prolog Now! Natural Language Processing in Prolog Natural Language Processing Techniques in Prolog Prolog techniques Applications of Prolog Simply logical [h=3]PostgreSQL[/h] Practical PostgreSQL [h=3]Python[/h] Byte of Python Building Skills in Python Version 2.5 Python Bibliotheca Think Python (PDF) Data Structures and Algorithms in Python Dive into Python How to Think Like a Computer Scientist: Learning with Python Python for Fun Invent Your Own Computer Games With Python Learn Python The Hard Way Thinking in Python The Django Book Snake Wrangling For Kids Natural Language Processing with Python [h=3]R[/h] The R Manuals The R Language R by example Computational Statistics, Jeremy Penzer [h=3]Ruby[/h] Programming Ruby Why's (Poignant) Guide to Ruby (mirror) Mr. Neighborly's Humble Little Ruby Book Ruby Best Practices MacRuby: The Definitive Guide Learn Ruby the hard way [h=3]Ruby on Rails[/h] Ruby on Rails Tutorial: Learn Rails By Example [h=3]Scala[/h] Programming in Scala, First Edition A Scala Tutorial for Java programmers (PDF) Scala By Example (PDF) Programming Scala Xtrace (Github) Lift (Github) Pro Scala: Monadic Design Patterns for the Web Exploring Lift (published earlier as "The Definitive Guide to Lift", PDF) [h=3]Scheme[/h] The Scheme Programming Language (Edition 4) [h=3]Smalltalk[/h] Free Online Smalltalk Books (meta-list) Squeak By Example (Smalltalk IDE) [h=3]Subversion[/h] Subversion Version Control (PDF) Version Control with Subversion [h=3]SQL[/h] Developing Time-Oriented Database Applications in SQL Use The Index, Luke! (a guide to SQL database performance for developers) Learn SQL The Hard Way [h=3]Vim[/h] A Byte of Vim Vim Recipes [h=3]Emacs[/h] An Introduction to Programming in Emacs Lisp (Third Edition) GNU Emacs manual Sursa: Become a Programmer, Motherfucker

Motherfucking Website http://motherfuckingwebsite.com/

Asta e gen: http://google.ro wget Dai comanda: g++ --help Si vezi ce inseamna "-o" ala. PS: L-am pus din greseala in aceasta categorie, dar acum vedem si noi cine reuseste sa "rooteze" ceva

1024-bit RSA encryption cracked by carefully starving CPU of electricity BY Sean Hollister 3 years ago Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply. Sursa: 1024-bit RSA encryption cracked by carefully starving CPU of electricity Nu e chiar o "stire" dar e interesanta abordarea.

Da, merge pe toate versiunile de kernel. Am incercat pe CentOS, RedHat si Arch si pe 32 si pe 64 de biti. Adica merge pe toate, de aia ii zice "CTF". Iei root pe orice.

Exista doar 2 tipuri de persoane (daca vreti, "hackeri negri") care fac bani: 1. Cei care fura date bancare (nicio legatura cu termenul "hacker") 2. Cei care scriu exploit-uri, le pun in exploitkit-uri si le vand pe blackmarket (adevaratii "hackeri negri") Restul sunt niste pule-blege care fac si ei cate un cacat pentru a supravietui de pe o zi pe alta. Multi de aici faceti chestii pe care ziceti ca le fac "hackerii negri". Cati ati facut peste 10.000 de euro astfel? Faceti o comparatie intre: 1. Anonymous care a obtinut acces la diverse rahaturi mai mari sau mai mici 2. Cei care participa la programe bug bounty Cati bani au facut anonimusii astfel? E doar un exemplu.

Doar de curiozitate, nu esti in Romania? Pentru ceilalti, in caz ca va plangeti de taxa: 1. Pentru organizare e nevoie de bani. Banii nu pica din cer. 2. Taxa e mica, mai ales pentru studenti. 3. Daca nu mai fumezi o saptamana ai banii de taxa. 4. Daca nu iesi 2 nopti la bere ai banii de taxa. 5. Daca nu iti cumperi telefon de 2000 RON ai bani de taxa. 6. Daca nu iti cumperi mouse de gaming ai bani de taxa. Pana la urma totul tine de voi. Daca chiar sunteti pasionati, veniti. Daca nu, ramaneti acasa, bagati un GTA/FIFA/CS si va aduceti aminte de acest topic cand imi puneti sosuri in shaorma.

Nu le mai dati COAILI v7.1 ca poate distrug RST astia mici...

Galaxy S3 era zilele trecute 1700 RON la emag si 1600 RON pe cel.ro. Azi cica era redus de la 2000 RON la 1500 RON. Practic, reducerile cred ca rareori trec de 10%. O sa imi iau si eu tigai si bormasina, ca tot romanu, nu imi trebuie, dar sunt la oferta... Sau cel putin asa zice toata lumea.

CSAW CTF 2013 Kernel Exploitation Challenge Table of Contents Introduction Understanding the Code Tracing the Vulnerable Code Path Leveraging the Vulnerability Circumventing Additional Obstacles Achieving Local Privilege Escalation Exploit Proof of Concept Bonus Points Introduction CSAW CTF 2013 was last weekend, and this year I was lucky enough to be named a judge for the competition. I decided to bring back the Linux kernel exploitation tradition of previous years and submitted the challenge “Brad Oberberg.” Four of the 15 teams successfully solved the challenge. Each team was presented with unprivileged access to a live VM running 32-bit Ubuntu 12.04.3 LTS. The vulnerable kernel module csaw.ko was loaded on each system, and successful exploitation would allow for local privilege escalation and subsequent reading of the flag. Source code to the kernel module was provided to each team, and may be viewed below (or downloaded here). Sursa: CSAW CTF 2013 Kernel Exploitation Challenge | Michael Coppola's Blog E cu rezolvari.

[h=1]Winamp shutting down after over 15 years[/h]By Jacob Kastrenakes on November 20, 2013 02:42 pm The famous media player Winamp will shut down next month, over 15 years after its initial release. Though Winamp eventually lost popularity, in the late '90s and early 2000s it was one of the go-to media players for listening to local music or radio streams. In 2002, Winamp's maker, Nullsoft, was acquired by AOL for over $80 million in stock, where it's remained in development until now. A Mac and an Android version were even released in recent years, though they never found the same fan base that its customizable Windows client did. No reason is given for Winamp's shutdown, but its popularity has certainly waned: simple, built-in audio solutions like iTunes are now ubiquitous across platforms, making Winamp a far more specialized app. In a retrospective published last year, Ars Technica reported that Winamp had existed for years on life support, but that those involved didn't believe it was dead yet. Now that it's nearly gone, those who want to relive old times should head over to Winamp's site before December 21st, when it'll no longer be available — its famous motto, of course, will always live on somewhere. Sursa: Winamp shutting down after over 15 years | The Verge Ce viata de cacat.

LiveLeak.com - 100.000 euro Hackers

Daca e cineva dornic (si este din Bucuresti) imi poate da PM. Ar fi de preferat cineva cu experienta.

[h=1]Google Engineering: Why does Google prefer the Java stack for its products instead of Python?[/h] Robert Love, Google Software Engineer and Manager on Web Search. Man, I cannot imagine writing let alone maintaining a large software stack in Python. We use C++, Go, and Java for production software systems, with Python employed for scripting, testing, and tooling. There are a bunch of reasons for the primacy of C++ and Java: Familiarity. Early Googlers were well-versed in C++. Performance. Java can be faster than Python; C++ can be faster than Java. Tooling. Tools for debugging, profiling, and so on are significantly better for Java than Python. Even C++ is easier to debug and understand in large systems. Concurrency. As you can imagine, Google systems are highly parallelized and many are highly threaded. Threading in Python is an unmitigated disaster. The global interpreter lock (GIL) is a giant pain in the ass. Lack of need for the prototyping prowess of Python. One commonly-cited strength of Python is that it is easier to rapidly prototype small systems in Python than Java and (to an even greater extent) C++. At Google, however, this benefit isn't all that appealing: We have a lot of powerful frameworks that make prototyping or extending existing systems easy. Folks tend to prototype by gluing a hack into an existing server rather than build an entirely new distributed system. Don't get me wrong, in the war of Perl versus Python, I come down on the side of Python. But I would never use it to build a production, scalable, mission critical, performant system—particularly one someone else may need to understand some day long in the future. Sursa: Robert Love's answer to Google Engineering: Why does Google prefer the Java stack for its products instead of Python? - Quora

Felicitari Alexandru, ti-ai facut numele, pozele si ce alte cacaturi mai ai pe Facebook publice pentru un cacat de referrer.