Jump to content

Nytro

Administrators
  • Posts

    18736
  • Joined

  • Last visited

  • Days Won

    711

Everything posted by Nytro

  1. Keccak and the SHA-3 Standardization Guido Bertoni1 Joan Daemen1 Michaël Peeters2 Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors NIST, Gaithersburg, MD February 6, 2013 The beginning The sponge construction Inside Keccak Analysis underlying Keccak Applications of Keccak, or sponge Some ideas for the SHA-3 standard Slides: http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf
  2. [h=1]A New Focus on Security in the Web Console[/h]Garrett Robinson Web developers need better tools to help them debug security issues. The Web Console, part of the Firefox Developer Tools, shows errors and warnings filtered into different categories. Firefox 23 adds a new category of messages to the Web Console: Security messages. Toggle buttons for categories of messages in the Web Console The Security toggle button and messages are red to warn developers, since some of these messages indicate that your site has a security vulnerability. Once we had a dedicated place for security messages, we had to decide what kinds of issues should be reported to developers. Ivan Alagenchev, a security engineering intern, spent the summer improving security reporting to fulfill the following goals: Warn developers about altered site behavior that is due to a security feature (for example, resource loads blocked by the Mixed Content Blocker or the Same Origin Policy). Warn developers about mistakes made in implementing security features (for example, using deprecated CSP headers, or mistyping an HSTS header). Warn developers about common security risks (for example, putting password fields on insecure pages). Here are example screenshots of some of the new Security messages: Warnings for loading mixed content Warning for detected password field on an insecure page. These specific messages are available to current Nightly users and will be part of upcoming stable releases. While security should be of paramount importance to any developer, it is a complex subject that is not always part of a web developer’s education and often appears at inconvenient times. This new messaging helps developers find security-related problems early on in the development life cycle so they can be resolved quickly and effectively. Additionally, these messages help educate developers about common issues in web security. Many of the new messages end with a “Learn More” link that takes you to a wiki with background information and advice for mitigating the security issue. Bug 863874 is the meta-bug for logging relevant security messages to the Web Console. If you have more ideas for useful features like the ones discussed here, or are interested in contributing, check out the metabug and its dependencies! Sursa: https://blog.mozilla.org/security/2013/09/04/a-new-focus-on-security-in-the-web-console/
  3. [h=1]Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption[/h] During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component. Exploitation of this vulnerability will allow full access to the router device. This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox platform. Shodanhq.com shows >290.000 entries for the ROSSSH search term. The 50 megs Mikrotik package including the all research items can be downloaded here: http://www.farlight.org/mikropackage.zip http://www.exploit-db.com/sploits/28056.zip Sursa: Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption Ok, acum am inteles. Zilele trecute am primit DDOS (cica) de pe 550+ IP-uri. ( Info ) Asa cum Shocker a sugerat, acele IP-uri erau routere Microtik. Am o vaga impresie ca aceasta este metoda prin care cine nu ne place a obtinut acces la acele routere.
  4. Uuu, astia platesc bine nu?
  5. Nytro

    TCPUDP in C

    [h=1]TCPUDP in C[/h] /* ============================================================================ Name : TCPServer.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : TCP-SERVER IN C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <errno.h> #include <unistd.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGTERM,signalhandler); int server_sock_fd,client_sock_fd; struct sockaddr_in server_addr; char readbuffer[256]="",writebuffer[256]=""; if(argc<2) { printf("please run as ./TCPServer <port-no> \n"); exit(1); } server_sock_fd=socket(AF_INET,SOCK_STREAM,0); perror("Create socket"); if(errno!=0) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_addr.s_addr=htonl(INADDR_ANY); server_addr.sin_port=htons(atoi(argv[1])); bind(server_sock_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Bind"); if(errno!=0) exit(errno); listen(server_sock_fd,1); perror("Listen"); if(errno!=0) exit(errno); while(1) { int i,j,k,array[20]; char temp[256]; i=0;j=0;k=0; strcpy(temp," "); client_sock_fd=accept(server_sock_fd,(struct sockaddr *)NULL,(socklen_t *)NULL); perror("Accept"); read(client_sock_fd,readbuffer,sizeof(readbuffer)); perror("Get Data"); if(strcmp(readbuffer," stop")) break; strcpy(writebuffer," "); for(i=0;i<=strlen(readbuffer);i++) { if(readbuffer!=':'&&i!=strlen(readbuffer)) { if((readbuffer-'0'<=9)) temp[j++]=readbuffer; } else { array[k++]=atoi(temp); j=0; strcpy(temp," "); } } int ntemp; for(i=0;i<k;i++) { for(j=0;j<k-i-1;j++) { if(array[j]>array[j+1]) { ntemp=array[j]; array[j]=array[j+1]; array[j+1]=ntemp; } } } for(i=0;i<k;i++) { strcpy(temp," "); sprintf(temp,"%d ",array); strcat(writebuffer,temp); } write(client_sock_fd,writebuffer,sizeof(writebuffer)); perror("Send Data"); close(client_sock_fd); perror("Close connection"); strcpy(readbuffer," "); } close(server_sock_fd); perror("Server Termination"); return errno; } /* ============================================================================ Name : TCPClient.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : TCP CLIENT in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <arpa/inet.h> #include <sys/socket.h> #include <unistd.h> #include <netinet/in.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGALRM==signum) { printf("Host timed Out\n"); exit(ETIMEDOUT); } if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGALRM,signalhandler); signal(SIGTERM,signalhandler); int socket_fd; char writebuffer[256]="",readbuffer[256]=""; struct sockaddr_in server_addr; int i; if(argc<4) { printf("please run as ./TCPClient <ip-address> <port-no> <numbers>/stop \n"); exit(1); } if(argc>3) { strcat(writebuffer,argv[3]); for(i=4;i<argc;i++) { strcat(writebuffer,":"); strcat(writebuffer,argv); } } socket_fd=socket(AF_INET,SOCK_STREAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[2])); inet_pton(AF_INET,argv[1],&server_addr.sin_addr.s_addr); perror("Ip address convertion"); if(errno) exit(errno); alarm(5); connect(socket_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Connection"); if(errno) exit(errno); write(socket_fd,writebuffer,sizeof(writebuffer)); perror("Send Data"); if(errno) exit(errno); read(socket_fd,&readbuffer,sizeof(readbuffer)); perror("Get Data"); if(errno) exit(errno); puts(readbuffer); close(socket_fd); perror("Connection close"); return errno; } /* ============================================================================ Name : UDPServer.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : UDP SERVER in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <errno.h> #include <sys/socket.h> #include <sys/types.h> #include <unistd.h> #include <arpa/inet.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGTERM,signalhandler); struct sockaddr_in server_addr,client_addr; char readbuffer[256]="",writebuffer[256]=""; int server_sock_fd; socklen_t len=sizeof(client_addr); if(argc!=2) { printf("please run as ./UDPServer <port-no>\n"); exit(1); } server_sock_fd=socket(AF_INET,SOCK_DGRAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[1])); server_addr.sin_addr.s_addr=htonl(INADDR_ANY); bind(server_sock_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Bind"); if(errno) exit(errno); while(1) { int i,j,k,array[20]; char temp[256]; i=0;j=0;k=0; recvfrom(server_sock_fd,readbuffer,sizeof(readbuffer),0,(struct sockaddr*)&client_addr,&len); perror("Get Data"); if(strcmp(readbuffer," stop")) break; strcpy(writebuffer," "); for(i=0;i<=strlen(readbuffer);i++) { if(readbuffer!=':'&&i!=strlen(readbuffer)) { if((readbuffer-'0'<=9)) temp[j++]=readbuffer; } else { array[k++]=atoi(temp); j=0; strcpy(temp," "); } } int ntemp; for(i=0;i<k;i++) { for(j=0;j<k-i-1;j++) { if(array[j]>array[j+1]) { ntemp=array[j]; array[j]=array[j+1]; array[j+1]=ntemp; } } } for(i=0;i<k;i++) { strcpy(temp," "); sprintf(temp,"%d ",array); strcat(writebuffer,temp); } sendto(server_sock_fd,writebuffer,sizeof(writebuffer),0,(struct sockaddr*)&client_addr,len); perror("Send Data"); } close(server_sock_fd); perror("Server Termination"); return errno; } /* ============================================================================ Name : UDPClient.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : UDP Client in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <errno.h> #include <unistd.h> #include <string.h> #include <arpa/inet.h> #include <signal.h> void signalhandler(int signum) { printf("Host Timed out\n"); exit(ETIMEDOUT); } int main(int argc,char *argv[]) { signal(SIGALRM,signalhandler); struct sockaddr_in server_addr; socklen_t len=sizeof(server_addr); char readbuffer[256]="",writebuffer[256]=""; int server_sock_fd,i; if(argc<4) { printf("please run as ./TCPClient <ip-address> <port-no> <numbers>/stop\n"); exit(1); } if(argc>3) { strcat(writebuffer,argv[3]); for(i=4;i<argc;i++) { strcat(writebuffer,":"); strcat(writebuffer,argv); } } server_sock_fd=socket(AF_INET,SOCK_DGRAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[2])); inet_pton(AF_INET,argv[1],&server_addr.sin_addr.s_addr); perror("Ip address convertion"); if(errno) exit(errno); sendto(server_sock_fd,writebuffer,sizeof(writebuffer),0,(struct sockaddr *)&server_addr,len); perror("Send Data"); alarm(5); recvfrom(server_sock_fd,readbuffer,sizeof(readbuffer),0,(struct sockaddr *)&server_addr,&len); perror("Get Data"); puts(readbuffer); close(server_sock_fd); perror("Close connection"); return errno; } Sursa: [C] TCPUDP in C - Pastebin.com
  6. In ziua de azi totul e pe bani...
  7. Si prezentarile se vor tine in limba... romana? Desigur, cele ale speakerilor romani ma refer.
  8. Nytro

    Este posibil?

    Da. Cand folosesti TrueCrypt, parola e pastrata in memorie pentru a putea decrypta datele cand e necesar. Programul doar o citeste de acolo. Nu e tocmai "rocket science". S-au scris, stupid, stiri despre acest tool: $300 tool can decrypt PGP, TrueCrypt files without a password | Chips | Geek.com E ceva absolut normal. Daca ii dai cuiva un harddisk cryptat cu truecrypt, fara sa fie decryptat de executia programului TrueCrypt cu parola corecta introdusa, e inutil.
  9. S-a mai discutat, insa intr-o maniera tehnica, frumos prezentata. [ https://rstforums.com/forum/74740-dos-exploit-pentru-webkit-nu-deschide-pagina-dac-folose-ti-mac-os-10-8-sau-ios-6-a.rst ] E ok si varianta pentru cocalari.
  10. Text Editor Edit text files, XML, HTML, Unicode and UTF-8 files, C/C++ source code, PHP, etc. Unlimited undo and powerful editing and scripting tools. Hex Editor Unequalled binary editing performance. Edit any file of any size. Use powerful Binary Templates technology to understand binary data. Disk Editor Find and fix programs with hard drives, memory keys, flash drives, CD-ROMs, etc Process Editor Investigate and modify memory from processes. Download: http://www.sweetscape.com/download/download_010editor.html Opinie: Aveam un fisier mare, de 250 MB, text. Aveam de selectat cam 80 MB din el si sa pun acele date in alt fisier. Notepad++ si gVim o sug grav, Notepad++ cel putin se fute si mi-a futut si Clipboard-ul, deci muie Notepad++. Am stat cam 20 de minute sa selectez textul tinand page down apasat si pula. Cu programelul asta am facut: 1. Mark selection start 2. Mark selection end 3. Copy/Paste Muie Notepad++. PS: E trial.
  11. Am mutat cateva (4-5) tutoriale aici. Cred ca ar fi mai usor de gasit pentru toata lumea sa le grupam astfel. La Tutoriale sunt multe altele si daca cineva e interesat in special de acest subiect le poate gasi aici mult mai usor.
  12. Da, ai dreptate. Folosesc portul 8291. Username admin cica ar fi, sa vad ce parola au. Hai coaie, dai DDOS de pe niste routere? Tool pentru conectarea la acele IP-uri: http://download2.mikrotik.com/winbox.exe
  13. Se pare ca au revenit baietii veseli. Nu prea inteleg de ce atacul DDOS vine dupa ora 00:00, oare pe ce fus orar or fi? In SUA e ora 18:20, in China e 06:00 dimineata. Nu am idee. Ce e interesant e ca vin de pe IP-uri de prin toata lumea. Din lipsa de somn am facut reverse DNS pe o parte dintre ele si rezultatul arata cam asa: 68-191-191-90.static.fdul.wi.charter.com host141-86-static.98-5-b.business.telecomitalia.it h-109-228-132-146.na.cust.bahnhof.se hosted-by.securefastserver.com arx68-8.araxinfo.com 177-069-215-197.static.ctbctelecom.com.br host-201-218-17-202.telconet.net ip-200-53-103-250-mty.marcatel.net.mx Wimax-Cali-190-0-16-58.orbitel.net.co 80-84-117-233.pool.symbios.ru adsl-90-151-59-151.nojabrsk.ru 82-160-137-162.tktelekom.pl yak-3062.union-tel.ru h88-150-189-101.host.redstation.co.uk manserv162.static.host.gvt.net.br shinevskiy.hrf.su expogospel.amplitudenet.com.br FAST-INTERNET-103-246-1-49.solnet.net.id pppoe-dynamic-pool-130.u2net.ru 234-50-251-80.pride-net.ru ip-91-232-85-10.xlnet.cz framan.dfc.unifi.it lvps91-250-113-166.dedicated.hosteurope.de static.217.12.113.67.tmg.md autoplan17-8.autoplan.com.br mail.martinbesta.cz ip-176-192-15-229.bb.netbynet.ru kvartal.brov.org hsreina.shadosoft-tm.com km-unallocated.gtu.net.ua www3386uj.sakura.ne.jp 196.216.74.10.swiftkenya.com clients-pools.vt.cooolbox.bg yak-3062.union-tel.ru lisg-sh.ELANinet.com tokiodance.metronv.ru 95-24-122-21.broadband.corbina.ru ec2-54-242-80-90.compute-1.amazonaws.com ec2-54-251-204-189.ap-southeast-1.compute.amazonaws.com ec2-54-232-227-85.sa-east-1.compute.amazonaws.com mailgw.astellas.com j34440.servers.jiffybox.net du-220-98.sv-en.ru newhost.rapidvps.net server.geek-spot.com PSA.MINAS.netsi.com.br 190-82-89-156.static.tie.cl ip-net-196-43-98-2.africaonline.co.zw netgenius.co.uk static.vdc.vn dsp-fax.dsp-c.co.rs IP.net124-238.psi.net.pa 80-48-126-12.smsiarkowiec.pl 190-94-201-245.ifxnw.com.ve 102.200.23.177.fhpinternet.com.br dial-78-141-120-184.orange.sk static.11.85.40.188.clients.your-server.de hosted-by.securefastserver.com m125.magenta.fastwebserver.de hsreina.shadosoft-tm.com edge.tumblespeed.net ckb1.rutil.net Nu pare nimic neobisnuit insa am fost surprins sa vad multe servere cumparate: securefastserver.com, fastwebserver.de, your-server.de, cateva de compute.amazonaws.com, dedicated.hosteurope.de... Oare au fost toate prinse pe "./scanu" nostru romanesc, sau cineva a investit in asa ceva? Hm, oricum, oricine ar fi in spatele atacurilor nu e o persoana tocmai inteligenta. S-au folosit peste 570 de IP-uri unice, cu asa ceva era oarecum usor sa pici un server, insa nici nu era nevoie sa le dau DROP pentru ca atacul nu facea nici macar load pe server. Aceasta e lista cu IP-urile: 101.109.251.210 101.255.71.18 103.11.159.195 103.16.68.4 103.16.79.195 103.246.1.186 103.246.1.49 106.3.102.215 108.61.36.88 108.61.89.152 109.101.9.48 109.122.48.165 109.185.116.199 109.194.65.175 109.207.61.14 109.227.124.27 109.228.132.146 109.236.220.98 109.69.72.109 116.10.143.18 116.226.47.78 116.228.55.184 116.231.193.132 116.236.216.116 116.66.197.228 1.179.128.2 1.179.144.98 1.179.147.2 119.110.67.200 119.110.75.246 119.187.148.81 119.2.3.222 119.235.50.202 119.2.49.227 119.252.160.99 119.254.90.18 119.6.73.138 119.9.33.171 119.93.7.211 119.97.146.148 121.11.167.246 121.12.167.197 12.199.141.164 123.242.172.4 123.30.75.115 123.63.33.217 130.255.88.65 133.242.141.160 133.242.144.168 136.0.16.210 137.116.122.218 137.135.104.254 137.135.81.169 137.175.29.34 139.0.16.202 141.85.252.136 14.192.159.205 142.0.128.24 142.0.138.34 144.76.63.53 150.140.141.195 150.217.103.160 151.232.41.149 157.7.137.101 162.211.224.30 163.125.156.85 163.142.73.113 1.63.18.22 163.5.69.4 166.111.132.167 170.224.168.197 172.162.165.70 173.208.252.196 173.252.252.218 173.45.83.235 174.142.184.205 175.111.90.35 175.136.192.5 175.139.213.206 175.140.114.207 175.25.243.22 175.25.243.26 176.108.108.111 176.192.15.229 176.194.189.56 176.56.12.48 177.107.97.245 177.129.214.44 177.192.184.45 177.207.243.165 177.21.253.18 177.22.121.34 177.23.200.102 177.43.210.162 177.69.195.4 177.69.215.197 177.73.3.44 178.135.61.179 178.149.45.225 178.208.255.123 178.212.124.111 178.217.9.18 178.248.43.155 179.222.17.43 181.112.217.211 181.114.225.50 181.14.202.100 181.225.59.134 184.107.243.2 184.154.85.245 184.82.214.35 185.8.107.4 185.8.2.18 186.0.202.164 186.101.41.40 186.101.78.110 186.103.130.90 186.103.143.211 186.194.47.46 186.209.106.20 186.215.255.210 186.24.34.178 186.249.79.246 186.3.6.113 186.3.71.155 186.47.122.60 186.65.96.118 186.88.107.73 186.88.55.166 186.89.109.233 186.89.64.6 186.91.196.62 186.92.114.13 186.92.134.50 186.92.5.192 186.93.127.50 186.93.155.113 186.93.209.208 186.93.248.237 186.94.184.195 186.95.122.150 186.95.238.103 186.95.42.166 186.95.79.192 187.102.127.97 187.111.15.221 187.11.123.14 187.120.208.211 187.120.27.22 187.120.34.82 187.12.189.221 187.125.147.178 187.157.32.65 187.41.65.244 187.45.103.200 187.51.57.213 187.52.2.162 187.62.217.81 188.128.99.94 188.129.214.244 188.136.134.231 188.190.164.10 188.40.85.11 188.95.32.186 189.106.23.196 189.114.75.21 189.125.133.50 189.1.8.206 189.203.225.194 189.254.236.185 189.2.80.2 189.2.90.228 189.3.25.146 189.41.177.68 189.44.113.186 189.78.155.168 189.85.22.98 190.0.16.58 190.0.17.202 190.0.33.18 190.0.45.98 190.0.60.238 190.111.122.74 190.121.135.178 190.121.20.61 190.14.255.234 190.146.132.205 190.151.122.38 190.152.80.2 190.153.33.253 190.162.205.240 190.167.196.218 190.181.243.84 190.189.93.245 190.199.108.140 190.199.220.156 190.199.43.52 190.200.176.155 190.202.250.233 190.203.151.104 190.203.215.12 190.203.76.31 190.204.168.238 190.204.246.62 190.204.2.83 190.204.98.120 190.207.188.251 190.207.215.99 190.24.10.122 190.253.60.30 190.37.101.243 190.38.189.52 190.39.22.51 190.39.91.75 190.72.205.104 190.72.32.134 190.74.187.146 190.74.237.37 190.77.220.213 190.77.3.110 190.77.46.194 190.78.241.4 190.78.251.148 190.79.156.43 190.82.89.156 190.85.53.43 190.94.201.245 190.94.206.213 190.94.210.150 190.94.249.130 190.95.225.163 190.96.64.234 192.187.116.226 192.64.11.124 193.110.216.144 193.165.216.52 194.141.252.102 194.19.245.45 194.48.60.26 195.128.157.240 195.135.251.171 195.140.190.146 195.191.13.2 195.222.36.86 195.225.144.38 195.24.210.130 195.24.220.134 195.245.118.5 196.216.74.10 196.219.24.34 196.43.98.2 197.136.42.5 197.161.39.66 197.210.252.44 197.211.32.170 197.220.193.49 197.255.213.146 198.102.28.100 198.2.196.162 198.2.198.33 198.23.128.49 198.24.181.95 198.27.83.105 198.49.70.103 198.50.241.160 198.50.245.105 198.50.96.107 198.52.247.103 198.56.208.37 198.56.238.54 199.15.233.142 199.201.121.139 199.250.198.238 199.255.28.102 200.123.130.129 200.148.94.78 200.192.255.146 200.195.141.178 200.199.139.50 200.222.4.90 200.252.14.166 200.46.124.238 200.52.172.66 200.53.103.250 200.54.92.187 200.60.11.25 200.69.218.221 200.7.33.250 200.84.106.156 200.84.135.195 200.84.15.123 200.84.61.11 200.88.158.250 200.93.56.28 201.12.116.18 201.140.102.173 201.208.103.26 201.208.97.145 201.209.96.176 201.210.202.206 201.211.0.51 201.211.115.254 201.211.129.193 201.211.3.136 201.218.17.202 201.234.133.57 201.234.74.5 201.242.58.89 201.243.159.113 201.248.113.4 201.249.9.139 201.33.29.86 201.49.209.146 201.62.48.153 201.62.48.202 201.64.254.228 203.112.195.238 203.153.214.22 203.161.24.74 203.172.161.211 203.19.4.250 203.24.76.186 203.86.16.230 204.93.54.15 205.202.253.55 206.251.61.230 206.251.61.236 206.251.61.252 207.238.97.13 208.73.22.156 208.83.61.90 208.97.65.4 211.138.129.251 211.140.207.100 211.142.236.132 211.157.114.133 211.167.64.112 212.126.122.160 212.138.92.10 212.165.128.105 212.200.23.18 212.249.11.115 212.50.224.55 212.7.192.139 212.8.206.170 212.91.169.132 213.141.236.133 213.164.18.147 213.181.73.145 213.197.129.70 213.203.182.116 213.211.36.100 213.233.92.78 216.152.144.7 216.244.65.146 216.244.80.50 216.250.7.197 217.12.113.67 217.169.209.2 217.169.214.144 217.169.215.175 217.219.190.209 217.23.192.43 217.24.251.46 217.66.20.245 2.181.177.7 2.183.155.2 2.184.6.10 219.133.127.49 219.133.133.209 219.135.191.141 219.136.231.6 219.137.229.146 219.149.45.42 219.159.105.180 219.159.198.77 219.159.198.8 219.159.198.81 219.159.199.6 219.239.227.81 219.72.225.251 219.83.100.195 220.113.1.73 220.132.19.136 220.247.174.174 24.172.34.114 31.135.196.229 31.14.231.168 31.170.179.35 31.3.231.231 31.47.37.42 31.6.71.198 31.7.144.66 37.200.98.218 37.229.97.21 41.129.244.75 41.130.195.106 41.164.23.162 41.202.77.195 41.203.95.234 41.206.30.178 41.215.245.77 41.215.33.66 41.215.77.250 41.222.196.37 41.230.30.24 41.41.138.226 41.63.163.17 41.73.234.243 41.75.111.162 41.78.26.154 41.79.218.113 41.89.130.6 42.120.18.118 42.61.213.99 46.102.74.14 46.181.135.215 46.18.35.226 46.21.242.130 46.214.137.8 46.248.38.205 46.28.70.153 46.28.70.87 46.60.48.179 5.102.156.25 5.10.85.34 5.10.85.35 5.10.85.36 5.10.85.37 5.135.182.105 5.152.209.105 5.187.32.18 5.35.245.191 54.216.232.179 54.228.190.153 54.232.227.85 54.242.80.90 54.247.119.128 54.251.204.189 59.151.37.8 59.172.208.186 5.9.21.206 59.46.67.108 5.98.86.141 62.162.6.11 62.201.207.14 62.228.76.254 62.240.30.193 63.141.233.148 64.120.160.179 64.181.43.79 64.251.14.41 64.71.156.216 64.79.89.66 66.102.141.186 66.35.68.145 66.35.68.146 67.55.2.15 68.191.191.90 68.71.76.242 69.50.64.153 72.14.175.226 74.118.91.238 74.208.123.225 74.221.209.228 74.252.102.240 74.62.137.190 74.84.137.244 74.95.209.30 75.147.16.244 77.123.76.157 77.52.183.254 77.65.19.35 78.130.201.110 78.141.120.184 78.182.202.223 78.29.9.104 78.47.149.64 79.106.109.206 79.110.119.126 79.110.127.230 79.111.12.199 79.127.120.66 79.174.69.46 79.175.187.2 80.241.44.98 80.251.50.234 80.48.126.12 80.78.232.26 80.82.51.38 80.84.117.233 80.87.82.194 80.98.13.171 81.17.28.169 82.114.95.238 82.160.137.162 82.207.68.142 83.146.70.246 83.235.177.207 84.124.12.2 84.124.159.15 84.129.234.210 84.22.32.222 84.241.37.199 84.40.111.206 84.42.3.3 85.113.38.227 85.114.135.125 85.135.52.30 85.142.225.178 85.234.22.126 85.9.74.111 86.105.82.89 86.120.212.195 87.120.152.173 87.236.210.45 87.236.211.71 87.255.68.8 87.56.228.180 88.150.181.130 88.150.189.101 88.212.48.64 88.255.147.83 88.85.108.16 89.110.41.165 89.165.161.133 89.179.102.126 89.179.244.102 89.190.195.170 89.222.181.225 89.37.196.65 89.77.33.126 90.151.59.151 91.121.8.47 91.214.84.110 91.221.246.62 91.227.23.138 91.230.54.60 91.232.85.10 91.233.188.154 91.237.249.61 91.239.15.115 91.241.21.10 91.250.113.166 91.75.86.97 91.98.155.120 91.98.156.148 92.39.54.161 92.82.190.40 92.84.232.209 92.84.44.59 93.113.82.254 93.190.18.146 93.43.1.66 94.100.0.179 94.142.27.4 94.154.24.1 94.189.135.89 94.198.38.246 94.228.204.10 95.141.236.253 95.154.199.100 95.154.199.200 95.159.105.2 95.181.33.22 95.24.122.21 95.28.54.201 95.65.58.61 95.82.92.39 98.190.245.179 Daca v-ati logat dupa ora 00:00, e posibil sa nu mai aveti acces. Imi dati un PM cu adresa voastra IP si se rezolva. As avea o rugaminte pentru cei cu bruteforcerele de ssh: incercati cateva IP-uri din lista si vedeti daca au IP-uri clasice: qwerty sau mai stiu ce parola de dictionar. E posibil sa fie gasite astfel. Have fun.
  14. Am postat eu codul intreg si aici. Descriere: TDL este unul dintre cele mai cunoscute si mai puternice rootkit-uri scrise vreodata. -------- Hengelo, January 19, 2010. Occasionally a new virus appears that is clever enough to completely deceive anti virus programs. TDL3, a variant of the TDSS rootkit (also known as Alureon) is such a sophisticated virus that is causing sleepless nights for anti virus researchers. The first variant, TDL1, appeared in the summer of 2008 and is still capable to prevent detection by many anti virus programs. In the summer we saw the 2nd variant TDL2. "The TDL3 is one of the most sophisticated viruses I have seen", according to CEO Mark Loman. "The rootkit is piggybacking on a standard driver to avoid detection by anti virus programs." --------- Mai multe informatii:TDL3 rootkit still large issue for anti virus programs - SurfRight
  15. [h=1]Practical Malware Analysis[/h][h=3]The Hands-On Guide to Dissecting Malicious Software[/h] [h=4]Book Description[/h] Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. B R I E F C O N T E N T S About the Authors .........................................................................................................xix Foreword by Richard Bejtlich ..........................................................................................xxi Acknowledgments ........................................................................................................xxv Introduction ............................................................................................................... xxvii Chapter 0: Malware Analysis Primer .................................................................................1 PART 1: BASIC ANALYSIS Chapter 1: Basic Static Techniques....................................................................................9 Chapter 2: Malware Analysis in Virtual Machines.............................................................29 Chapter 3: Basic Dynamic Analysis .................................................................................39 PART 2: ADVANCED STATIC ANALYSIS Chapter 4: A Crash Course in x86 Disassembly ...............................................................65 Chapter 5: IDA Pro .......................................................................................................87 Chapter 6: Recognizing C Code Constructs in Assembly..................................................109 Chapter 7: Analyzing Malicious Windows Programs.......................................................135 PART 3: ADVANCED DYNAMIC ANALYSIS Chapter 8: Debugging.................................................................................................167 www.it-ebooks.info vi Brief Contents Chapter 9: OllyDbg ....................................................................................................179 Chapter 10: Kernel Debugging with WinDbg.................................................................205 PART 4: MALWARE FUNCTIONALITY Chapter 11: Malware Behavior ....................................................................................231 Chapter 12: Covert Malware Launching ........................................................................253 Chapter 13: Data Encoding .........................................................................................269 Chapter 14: Malware-Focused Network Signatures.........................................................297 PART 5: ANTI-REVERSE-ENGINEERING Chapter 15: Anti-Disassembly.......................................................................................327 Chapter 16: Anti-Debugging ........................................................................................351 Chapter 17: Anti-Virtual Machine Techniques .................................................................369 Chapter 18: Packers and Unpacking .............................................................................383 PART 6: SPECIAL TOPICS Chapter 19: Shellcode Analysis ....................................................................................407 Chapter 20: C++ Analysis ...........................................................................................427 Chapter 21: 64-Bit Malware.........................................................................................441 Appendix A: Important Windows Functions ....................................................................453 Appendix B: Tools for Malware Analysis........................................................................465 Appendix C: Solutions to Labs ......................................................................................477 Index .........................................................................................................................733 [TABLE=width: 100%] [TR] [TD=colspan: 2][h=4]Book Details[/h][/TD] [/TR] [TR] [TD=width: 150]Publisher:[/TD] [TD]No Starch Press[/TD] [/TR] [TR] [TD]By:[/TD] [TD]Michael Sikorski, Andrew Honig[/TD] [/TR] [TR] [TD]ISBN:[/TD] [TD]978-1-59327-290-6[/TD] [/TR] [TR] [TD]Year:[/TD] [TD]2012[/TD] [/TR] [TR] [TD]Pages:[/TD] [TD]800[/TD] [/TR] [TR] [TD]Language:[/TD] [TD]English[/TD] [/TR] [TR] [TD]File size:[/TD] [TD]10.6 MB[/TD] [/TR] [TR] [TD]File format: [/TD] [TD]PDF[/TD] [/TR] [TR] [TD=colspan: 2][h=4]eBook[/h][/TD] [/TR] [TR] [TD]Download:[/TD] [TD] Practical Malware Analysis [/TD] [/TR] [/TABLE] [TABLE=width: 100%] [TR] [TD=colspan: 2][h=4]Paper Book[/h][/TD] [/TR] [TR] [TD]Buy: [/TD] [TD]Practical Malware Analysis[/TD] [/TR] [TR] [TD=colspan: 2][h=4]Online Book[/h][/TD] [/TR] [TR] [TD]Read:[/TD] [TD]Practical Malware Analysis[/TD] [/TR] [TR] [TD=colspan: 2][/TD] [/TR] [/TABLE] Mirror: http://www.speedyshare.com/9a5q7/practical-malware-analysis.pdf http://www.girlshare.ro/32812315.8 http://fisierulmeu.ro/520LCPTF5B05/practical-malware-analysis-pdf.html Sursa: Practical Malware Analysis - Free Download eBook - pdf
  16. Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies Rodrigo Rubira Branco, Gabriel Negreira Barbosa, Pedro Drimel Neto {rbranco,gbarbosa,pdrimel} *NOSPAM* qualys.com Qualys – Vulnerability & Malware Research Labs (VMRL) Version 1.0 1 UPX UPXV200V290MarkusOberhumerLaszloMolnarJohnR eiser Anti-VM (SLDT) Anti-VM (IN) Push Pop Math Instruction Counting PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) UPXv20MarkusLaszloReiser Anti-VM (SLDT) Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register UPX290LZMAMarkusOberhumerLaszloMolnarJohnR eiser Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register UPX20030XMarkusOberhumerLaszloMolnarJohnReis er Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) UPX293300LZMAMarkusOberhumerLaszloMolnarJoh nReiser Anti-VM (IN) Instruction Counting PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) UPXProtectorv10x2 Nothing 2 Armadillo Armadillov171 Instruction Counting Instruction Substitution (push – ret) Armadillov1xxv2xx Nothing 3 PECompact Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 Software Breakpoint Detection SS register 4 BobSoftMiniDelphiBoBBobSoft Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 SS register 5 ASPack ASPackv212AlexeySolodovnikov ASProtectV2XDLLAlexeySolodo Anti-VM (IN) PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register ASPackv10803AlexeySolodovnikov Anti-VM (IN) PEB's BeingDebugged (Stealth IsDebuggerPresent) ASPackv21AlexeySolodovnikov PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register 6 ProtectSharewareV11eCompservCMS Anti-VM (SLDT) Anti-VM (IN) Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) Instruction Substitution (push – ret) 7 ASProtect13321RegisteredAlexeySolodovni kov ASProtectv12 Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 Software Breakpoint Detection SS register 8 WiseInstallerStub Nothing 9 MaskPEV20yzkzero Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register Table 1 – Packers Anti-Reverse Engineering Abstract Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware; Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt attempts of disassembly, debugging or analyse in a virtualized environment. This talk catalogs the common evasion techniques malware authors employ, applying over 50 different static detections, combined with a few dynamic ones for completeness. We validate our catalog by running these detections against a database of 4 million samples (the system is constantly running and the numbers will be updated for the presentation), enabling us to present an analysis on the real state of evasion techniques in use by malware today. The resulting data will help security companies and researchers around the world to focus their attention on making their tools and processes more efficient to rapidly avoid the malware authors' countermeasures. This first of its kind, comprehensive catalog of countermeasures was compiled by the paper's authors by researching each of the known techniques employed by malware, and in the process new detections were proposed and developed. The underlying malware sample database has an open architecture that allows researchers not only to see the results of the analysis, but also to develop and plug-in new analysis capabilities. The system will be made available in beta at Black Hat, with the purpose of serving as a basis for innovative community research. Download: http://media.blackhat.com/bh-us-12/Briefings/Branco/BH_US_12_Branco_Scientific_Academic_Slides.pdf Tutorialul este in scopuri educative
  17. RMAS (Run-Time Malware Analysis System) A Framework for Malware Analysis and Malware Detection Sommario Introduction ....................................................................................................................................................... 3 Architecture ....................................................................................................................................................... 3 Static Analysis .................................................................................................................................................... 4 Static Analysis Conclusion ............................................................................................................................ 5 Dynamic Analysis ............................................................................................................................................... 5 Dynamic Malware Detection Module ........................................................................................................... 9 Dynamic Analysis Conclusion .................................................................................................................... 10 Case Study ....................................................................................................................................................... 11 Scenario 1 .................................................................................................................................................... 11 Scenario 2 .................................................................................................................................................... 11 Scenario 3 .................................................................................................................................................... 11 Future Work..................................................................................................................................................... 12 Conclusion ....................................................................................................................................................... 12 Bibliography ..................................................................................................................................................... 13 Introduction The malware is a threat for our systems because it can hit and retrieve our confidential information by using different attacking vectors. The security of modern computer systems depends on the ability by the users to keep software, OSes and antivirus products up-to-date. Since new viruses or new viral strains are released every day, the antivirus vendors have to update their software and their signatures and then distribute them. Conventional anti-malware programs rely on “static signature” to detect malware, but malware writers improve their codes to make them undetectable and stay one step ahead of static-signature-based detection. The Dynamic Malware Detection Systems are not new concepts, but my project is based on the development and the implementation of a system, called RMAS (Run-Time Malware Analysis System) in order to allow analysts to make dynamic analysis of new malware, to understand the malware behavior and produce a graphical dangerousness level of the analyzed program, by using just one modular tool. RMAS has been developed also because sometimes there are malware samples that the company has to analyze within the organization perimeter for privacy or policy reasons, to prevent leakage of confidential data. For example, malware samples could be gathered from sources such as honeypots of a specific network or from investigations and lots of these software cannot be analyzed from external analysis software, this is the main reason why I developed RMAS. The system has also been developed in order to realize an automated analysis thus limiting human intervention. Download: http://www.kaspersky.com/images/sponchioni,_roberto_-_rmas_a_framework_for_malware_analysis_and_malware_detection-10-98486.pdf
  18. [sample] Facebook Photo_024.JPG-www.facebook.com.exe (Trojan-Dropper.Win32.Dapato.da) L-am gasit prin laptop-ul unui prieten. Nu stiu nimic despre el, e unul dintre clasicii virusi de pe Facebook. Acest fisier este MALWARE. NU IL EXECUTATI! Download: http://www.speedyshare.com/jFv5E/Photo-024.JPG-www.facebook.com.rar http://www.girlshare.ro/32812258.6 http://fisierulmeu.ro/52394QAULDGO/Photo-024-JPG-www-facebook-com-rar.html Parola arhiva: rst Probabil face spam. Ce face pe langa spam? Ramane de vazut.
  19. Nu, nu are rost asa. Daca ai timp, citeste-le si fa un tutorial pornind de la ele, scris si explicat de tine, nu doar tradus.
  20. Da, speakerii nu au voie sa bea in noaptea de dinaintea prezentarii ca iar stam sa ii cautam sa vina la prezentare Nu dam nume!
  21. Malware Analysis Tutorials: a Reverse Engineering Approach Author: Dr. Xiang Fu Roadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an independent topic and can be completed separately (each one will have its own lab configuration instructions). Malware Analysis Tutorial 1- A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform) Malware Analysis Tutorial 2- Introduction to Ring3 Debugging Malware Analysis Tutorial 3- Int 2D Anti-Debugging . Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) . Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment . Malware Analysis Tutorial 7: Exploring Kernel Data Structure . Malware Analysis Tutorial 8: PE Header and Export Table . Malware Analysis Tutorial 9: Encoded Export Table . Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools . Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints . Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File . Malware Analysis Tutorial 13: Tracing DLL Entry Point . Malware Analysis Tutorial 14: Retrieve Self-Decoding Key . Malware Analysis Tutorial 15: Injecting Thread into a Running Process . Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack . Malware Analysis Tutorial 17: Infection of System Modules (Part I: Randomly Pick a Driver). Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) . Malware Analysis Tutorial 19: Anatomy of Infected Driver Malware Analysis Tutorial 20: Kernel Debugging - Intercepting Driver Loading . Malware Analysis Tutorial 21: Hijacking Disk Driver Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver Malware Tutorial Analysis 23: Tracing Kernel Data Using Data Breakpoints Malware Analysis Tutorial 24: Tracing Malicious TDI Network Behaviors of Max++ Malware Analysis Tutorial 25: Deferred Procedure Call (DPC) and TCP Connection Malware Analysis Tutorial 26: Rootkit Configuration Malware Analysis Tutorial 27: Stealthy Loading of Malicious Driver Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC) Malware Analysis Tutorial 30: Self-Overwriting COM Loading for Remote Loading DLL Malware Analysis Tutorial 31: Exposing Hidden Control Flow Malware Analysis Tutorial 32: Exploration of Botnet Client Malware Analysis Tutorial 33: Evaluation of Automated Malware Analysis System I (Anubis) Malware Analysis Tutorial 34: Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools Sursa: Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering Approach
  22. Gigantii internetului, Facebook, Twitter si Google au picat testul de confidentialitate a datelor, derulat de o companie specializata in securitatea online. Acest lucru a iesit la iveala dupa ce High-Tech Bridge, specializata in securitatea online, a initiat un test prin care sa puna la incercare politicile de confidentialitate a 50 dintre cele mai mari companii de pe internet, potrivit Daily Mail, citat de stirileprotv.ro Astfel, un mesaj privat continand o adresa web a fost trimis folosindu-se sistemele celor 50 de companii. Expertii High-Tech Bridge au asteptat apoi sa vada cine va pica in cursa si va accesa adresa web. La finalul celor zece zile de asteptare, sase din cele 50 de companii au accesat link-ul, amplasat intr-un mesaj privat. Printre cele sase se numara si cei trei giganti, Facebook, Twitter si Google. "Am descoperit ca au accesat link-ul care ar fi trebuit sa fie cunoscut doar de cel care a trimis mesajul si cel care l-a primit. Daca link-urile sunt accesate, nu putem fi siguri ca ce scriem in mesajele private nu este citit de cineva", a declarat seful High-Tech Bridge, Ilia Kolochenko. Reprezentantii Facebook si Twitter au refuzat sa comenteze rezultatele acestui test, in timp ce reprezentantii Google au afirmat ca accesarea link-ului nu reprezinta o problema. Sursa: Facebook, Twitter si Google au picat testul de confidentialitate. Cum te spioneaza cei trei giganti - www.yoda.ro
  23. L-am gasit pe laptop-ul unui prieten. Avea numele "qktier.exe" si "qktier.scr" si infecta stick-urile USB: creaza multe scurtaturi pe acolo si se copiaza cu multe nume. Arhiva contine 2 fisiere: 1. qktier.exe - Trojan.Win32.Agent.xsde 2. Video.exe - Email-Worm.Win32.Brontok.dk (ATENTIE! Are icon de folder dar e executabil!) Mi s-a parut interesant faptul ca atunci cand deschid cmd, autoruns sau autoruns cu un alt nume, da reboot la laptop. Sper sa am putin timp sa ma uit peste el, sunt curios cum "isi da seama" ca am deschis, probabil dupa classname-ul ferestrei, dar vreau sa fiu sigur. Atentie! Aceste fisier sunt MALWARE. NU LE EXECUTATI! Download: http://www.speedyshare.com/DKSkQ/RST-malware.rar http://www.girlshare.ro/32811826.3 http://fisierulmeu.ro/52CYWJ9X40D2/RST-malware-rar.html Parola arhivei: rst Incercati sa nu va infectati cu el, va poate da batai de cap.
  24. 1. How to Create a FUD Backdoor - Depinde ce presupune acel tutorial, daca e vorba despre "descarci crypterul x si apesi pe un buton", adica pentru script-kiddies, nu e permis. Daca e vorba despre o metoda de a obfusca sectiune .text, sau de a crypta sectiunile executabilului si despre cum se poate scrie stub-ul de decryptare, e bine-venit. 2. Infecting your Teachers and School Heads - Daca e vorba de "intra aici, descarca si executa asta pe calculatorul profesorului", nu are ce cauta aici. Daca e vorba despre scanarea retelei, gasirea PC-ului profesorului, obtinerea accesului printr-un exploit din Metasploit si mentinerea accesului prin diverse metode, e permis. Am dat doar cateva exemple. Nu vreau sa vad aici tutoriale de rahat, vreau sa fie doar lucruri de calitate si vreau ca incepatorii sa evite aceasta categorie. Am modificat primul post, am specificat detalii la intrebarea ta.
  25. Aceasta categorie este dedicata in exclusivitate analizei malware (termen generic pentru trojan, worm sau orice altceva)! Aici veti gasi: 1. Tutoriale despre analiza malware 2. Exemple de analiza malware 3. Tool-uri necesare pentru analiza malware 4. Cod sursa de malware, pentru a putea fi analizat 5. SAMPLE-uri de MALWARE! Cu alte cuvinte, VIRUSI (pe intelesul tuturor)! NU RULATI executabilele pe care le gasiti aici! Regula importanta: 1. La orice sample postat aici, se va specifica explicit faptul ca este MALWARE si se va explica faptul ca NU TREBUIE EXECUTAT! Categoria se adreseaza persoanelor care detin cel putin cunostinte de baza despre: - ce este un sandbox si ce face - ce e o masina virtuala si cum se foloseste - tool-uri utile: autoruns, Process Monitor, Process Explorer, Wireshark... - pericolele datorate infectarii cu malware Se pot posta programe care doriti sa fie analizate! Daca ati intalnit niste fisiere "suspecte" si vrei ca cineva sa arunce o privire pe ele, puteti posta aici, oferind cateva detalii despre cum ati intrat in posesia acelui fisier. ATENTIE! Nimeni nu o sa va garanteze faptul ca un fisier este infectat/malware sau nu! Cine are timp poate oferi cateva informatii despre fisier si poate SUGERA daca este malitios sau nu. Analiza completa a unui program este foarte complicata si dureaza foarte mult timp, astfel nu puteti stii cu certitudine ca un fisier este sigur sau nu. Fisierele pe care le vreti analizate le uploadati undeva intr-o arhiva cu parola. Pentru simplitate, folosti parola: "rst"! Sunt permise tutorialele despre "tehnici malware" cat timp totul este in scopuri educative (obligatoriu de specificat in post). Exista o conferinta internationala pe tema dezvoltarii malware, Malcon, personal nu vad de ce am opri lumea sa invete cum functioneaza cu adevarat un astfel de program.
×
×
  • Create New...