Nytro

SELinux FOR RED HAT DEVELOPERS HOW TO USE SELinux POLICIES TO ENHANCE DATACENTER SECURITY This paper discusses how application developers can use SELinux to strengthen datacenter security. While system administrators can take many steps to secure systems, developers can contribute by providing appropriate SELinux policies as part of the RPM (RPM Package Manager) containing their application installation. Download: http://www.redhat.com/rhecm/rest-rhecm/jcr/repository/collaboration/jcr:system/jcr:versionStorage/e906c3960a0526014bf0b4474cffa022/1/jcr:frozenNode/rh:pdfFile.pdf

Aia e bere pentru barbati ba

[h=1]MiTM - SSL Strip and Ettercap in BackTrack5[/h] his video demonstrates the use of a man in the middle attack using BackTrack 5 and SSLStrip to hijack https:// traffic. Information contained is for educational purposes only

Da, versiunea pentru n00bi

[h=1]Hacking WPA 2 Key - Evil Twin Method (No Bruteforce)[/h] In an ealier post, we've seen how to crack WPA-2 network keys using a dictionary. While that technique works, it could take an awful long time, especially when brute forcing. On this technique, named 'Evil Twin', we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim. Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point - which looks exactly like his. When the victim connects, he is redirected to a service page asking for the WPA-2 key in order to access the internet. As soon as we get the key, you can either allow the victim to use the network (maybe improvise some password sniffing?) or just bring it down manually. For this example I created a service page, started apache and mysql to store the keys typed in a database. Song: BGNS - Sasas ARTICLE & FILES: http://technicdynamic.com/2011/12/hac... Check out my recommended wireless adapters!: http://www.technicdynamic.com/store/#... ---------- This video was produced in experimental laboratories under controlled circumstances; You can use these techniques only where you are authorized to do so legally. The author and/or contributors will not take responsibility for the viewer's actions.

[h=1]Hacktivity 2012 - Vivek Ramachandran - Cracking WPA/WPA2 Personal and Enterprise for Fun and Profit[/h] https://www.hacktivity.com/ In this talk, we will explore the bleeding edge techniques used to compromise and break into WPA/WPA2 networks - both Personal and Enterprise! We will cover attacks on PSK, Hole 196, WPS, WPA/WPA2 Enterprise. You will learn how to create honeypot and MITM attacks setups for PSK, PEAP, EAP-TTLS etc. and to leverage the cloud to crack WPA handshakes and break MS-CHAPv2 which is the inner authentication protocol for most PEAP and EAP-TTLS networks. You will walk away with all the knowledge you need to secure into most Enterprise Wi-Fi networks!

[h=1]How to crack a WPA encypted wifi Network with Backtrack 5[/h] Please donate any amount of money to my paypal which is kivi12k@aol.com This is a tutorial on how to crack a WPA encrypted password. This information should only be used for education purposes. Steps: 1)airmon-ng 2)airmon-ng start wlan0 3)airodump-ng mon0 4)airodump-ng -c (channel) -w (file name) --bssid (bssid) mon0 5)aireplay-ng -0 5 -a (bssid) mon0 6)aircrack-ng (filename)*.cap -w (dictionary location) If you need any help feel free to PM me or shoot me an instant message, a donation would also be appreciated. You can instant message me at: AIM - kivi12k@aol.com WINDOWS MESSENGER - kivi12k@hotmail.com YAHOO MESSENGER - kivi12k@ymail.com

[h=1]PacSec 2011 Eric Filiol - Dynamic Cryptographic Backdoors to take over the TOR network[/h] secwest - World Emerging Security Technology. Video from PacSec, November 2011, Tokyo, Eric Filiol outlines potential threats to the TOR anonymity network from compromised cryptographic functions. (Reminder: the CanSecWest 2012 Call for Papers closes next week. See CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada)

[h=1]DEFCON 2012 - Hacking Smart Meters[/h]DEFCON 2012 - Hacking Smart Meters - Part 1 of 5: DEFCON 2012 - Hacking Smart Meters - Part 2 of 5: DEFCON 2012 - Hacking Smart Meters - Part 3 of 5: DEFCON 2012 - Hacking Smart Meters - Part 4 of 5: DEFCON 2012 - Hacking Smart Meters - Part 5 of 5: "Looking Into the Eye of the Meter - When you look at a Smart Meter, it practically winks at you. Their Optical Port calls to you. It calls to criminals as well. But how do criminals interact with it? We will show you how they look into the eye of the meter. More specifically, this presentation will show how criminals gather information from meters to do their dirty work. From quick memory acquisition techniques to more complex hardware bus sniffing, the techniques outlined in this presentation will show how authentication credentials are acquired. Finally, a method for interacting with a meter's IR port will be introduced to show that vendor specific software is not necessary to poke a meter in the eye."

[h=1]DEFCON 19: Hacking Google Chrome OS (w speaker)[/h] Speakers: Kyle 'Kos' Osborn Application Security Specialist, WhiteHat Security | Matt Johanson Application Security Specialist, WhiteHat Security Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company is getting ready to market them to businesses as well as consumers. What's different about Chrome OS and Chromebooks, other than the entire user-experience taking place exclusively in a Web browser (Google Chrome), is everything takes place in the cloud. Email, document writing, calendaring, social networking - everything. From a security perspective this means that all website and Web browser attack techniques, such as like Cross-Site Scripting, Cross-Site Request, and Clickjacking, have the potential of circumventing Chrome OS's security protections and exposing all the users data. Two members of the WhiteHat Security's Threat Research Center, Matt Johansen and Kyle Osborn, have spent months hacking away on Google's Cr-48 prototype laptops. They discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by: • Exposing of all user email, contacts, and saved documents. • Conduct high speed scans their intranet work and revealing active host IP addresses. • Spoofing messaging in their Google Voice account. • Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains. While Chrome OS and Chromebooks has some impressive and unique security features, they are not all encompassing. Google was informed of the findings, some vulnerabilities were addressed, bounties generously awarded, but many of the underlying weaknesses yet remain -- including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot. With the cloud and web-based operating systems poised to make an impact on our computing future, Matt and Kyle ready to share all their never-before-seen research through a series of on-stage demonstrations. For more information visit: DEF CON

[h=1]Shmoocon 2013: Wipe The Drive!!! - Techniques For Malware Persistence[/h] For more information and to download the video visit: ShmooCon 2013 - February 15-17 - ShmooCon 2013 Playlist Shmoocon 2013: Shmoocon 2013 - YouTube Speakers: Mark Baggett | Jake Williams Let's face it: sooner or later you will be owned. As a security professional, you (should) know that the best plan is to format the system drive, reinstall the operating system, and start over. But management has another plan. They know that rebuilding infrastructure from scratch involves costly downtime. The temptation to remove the obvious malware and declare the system clean is strong. In session, we'll demonstrate eight less than obvious techniques that can be used to install secondary persistence techniques on a compromised Windows system. The point of the session is not to address specific techniques that can be used as secondary persistence mechanisms for malicious actors. The idea is to conclusively demonstrate that techniques of this type exist that hide deep in the registry and other system settings. We will show that these techniques hide even from memory forensics, the holy grail of "clean system" confirmation. Not that we consider it a substitute for formatting and re-installing the operating system, but we will be releasing a script that checks for the use of these specific techniques.

[h=3] [/h][h=1]Mohamad Yaich [/h][h=1]Buffer Overflow Primer Part 1 (Smashing the Stack)[/h] [h=1]Buffer-Overflow-Primer-Part-2-(Writing-Exit-Shellcode)[/h] [h=1]Buffer-Overflow-Primer-Part-3-(Executing-Shellcode)[/h] [h=1]Buffer Overflow Primer Part 4 (Disassembling Execve)[/h] [h=1]Buffer-Overflow-Primer-Part-5-(Shellcode-for-Execve)[/h] [h=1]Buffer-Overflow-Primer-Part-6-(Exploiting-a-Program)[/h] [h=1]Buffer-Overflow-Primer-Part-7-(Exploiting-a-Program-Demo)[/h] [h=1]Buffer-Overflow-Primer-Part-8-(Return-to-Libc-Demo)[/h] Sursa: https://www.youtube.com/user/TunisiaViP/videos?sort=p&view=0&shelf_index=1

Andrew Whitaker [h=1]SEH Exploits Part 1[/h] [h=1]SEH Exploits Part 2 of 2[/h] SEH Exploit using Python, Ollydbg, SafeSEH Plug-in, and Metasploit.

[h=1]Cracking WPA2[/h] Andrew Whitaker Cracking WPA2 using Airmon-ng

Am mai gasit asta: Image Host | Free web hosting for images with direct linking allowed. Use IMG Host to share pictures with friends or to post images on message boards, your MySpace profile or eBay auction. - Simplu. Daca mai aveti alternative, postati aici, sa avem de unde alege.

Test: Cautam un site unde sa pot uploada imagini si sa am si eu link direct, nu ca jegul de tinypic care imi cere si CAPTCHA si care nu imi da link direct. Am gasit asta: http://www.pixentral.com Pentru link direct, click dreapta, copy image location. Simplu si eficient. Muie tinypic. PS: Limitari: - maxim 2 MB - maxim 30 de zile

La multi ani ba, ziceai ca dai de baut

Jumping Out of IE’s Sandbox With One Click by Dennis Fisher Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release earlier this month that fit that bill, MS13-059, Cumulative Security Update for Internet Explorer. But hidden inside the big fix was a patch for a vulnerability that enabled a one-click escape of the IE sandbox. The vulnerability was discovered by researcher Fermin J. Serna, a former Microsoft security engineer, and it takes advantage of the way that IE handles some command line options in certain conditions. Serna found that the ElevationPolicy in IE will treat the Microsoft Diagnostic Tool (msdt.exe) as a medium-integrity process if the user requests it to do so. In IE, Protected Mode is the sandbox that is designed to prevent attackers from being able to use one bug in a low-level process to compromise the machine. “Funny thing is that CreateProcess() has a hook inside the LowIL IE process and if you try to CreateProcess(“msdt.exe”) it will get brokered to the IE Medium IL one and applied the Elevation policy there. Some sanitization happens to most of the parameters for security reasons (do not create a Medium IL process where the process token is too unrestricted),” Serna wrote in a blog post explaining the bug. “The vulnerability here is that msdt.exe (that due to its elevation policy will run as medium IL outside of any sandbox) has some interesting command line options. Concretely this one: /path .diagpkg file | .diagcfg file —- Specifies the full path to a diagnostic package. If you specify a directory, the directory must contain a diagnostic package. You cannot use the /path parameter in conjunction with the /id, /dci, or /cab parameter.” Serna said that using the vulnerability, he could cause the msdt.exe process to display some strings that he controls to the user. If the user clicks the continue button on the dialog box, his code will run and he’s escaped the sandbox in the browser. He said that executing the attack would be trivial under the right conditions. “Assuming you have code execution at the sandboxed process though some other bug (let’s say the common use after free problem all browsers suffer) then it is not easy but trivial. This sandbox escape vulnerability is not a memory corruption that can fail but a logical one that does not fail. The only requirement is the attacked user has to click a “continue” button on a dialog with attacker controlled messages. This is the reason for a one click versus a full 0 click where the user does not see anything,” Serna said via email. Sursa: Jumping Out of IE's Sandbox With One Click | Threatpost

How to Crack WEP Key With Backtrack 5 [wifi hacking] As announced before we would be writing related to wifi attacks and security, This post is the second part of our series on wifi attacks and Security, In the first part we discussed about various terminologies related to wifi attacks and security and discussed couple of attacks. This post will also show you how one can easily crack WEP keys in no time. Security Issues With WEP WEP (Wired Equivalent Privacy) was proved full of flaws back in 2001, WEP protocol itself has some weakness which allows the attackers to crack them in no time. The biggest flaw probably in a WEP key is that it supports only 40bit encryption which means that there are 16million possibilities only. For more information on WEP flaws, kindly read the WEP flaws section here. Requirements :- Here is what you would require to crack a WEP key: 1. Backtrack or any other Linux distro with aircrack-ng installed 2. A Wifi adapter capable of injecting packets , For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack You can find compatible wifi card lists here. Procedure :- First Login to your Backtrack / Linux and plug in your Wifi adapter Open a new Console and type in the following commands : ifconfig wlan0 up where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type in " iwconfig ". Putting your WiFi Adapter on Monitor Mode To begin, you’ll need to first put your wireless adapter into monitor mode , Monitor mode is the mode whereby your card can listen to every packet in the air , You can put your card into monitor mode by typing in the following commands airmon-ng start (your interface) Example :- airmon-ng start wlan0 Now a new interface mon0 will be created , You can see the new interface is in monitor mode by entering "iwconfig mon0" as shown Finding a suitable Target After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command airodump-ng mon0 Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type. Now look out for a wep protected network In my case i’ll take “linksys “ as my target for rest of the tutorial Attacking The Target Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands airodump-ng mon0 --bssid -c (channel ) -w (file name to save ) As my target is broadcasted in channel 6 and has a bssid "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "RHAWEP" airodump-ng mon0 --bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP Using Aireplay to Speed up the cracking Now you’ll have to capture at least 20,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets . In an active attack you'll have do a Fake authentication (connect) with the AP ,then you'll have to generate and inject packets. This can be done very easily by entering the following commands aireplay-ng - 1 3 -a (bssid of the target ) (interface) In our case we enter the following commands aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0 After doing a fake authentication ,now its time to generate and inject Arp packets . To this you'll have to open a new Konsole simultaneously and type in the following commands aireplay-ng 3 -b (bssid of target) -h ( Mac address of mon0) (interface) In our case we enter aireplay-ng 3 -b 98:fc:11:c9:14:22 -h 00:c0:ca:50:f8:32 mon0 If this step was successful you'll see Lot of data packets in the airodump capture as shown Wait till it reaches 20000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the packets less the time to crack .Once you’ve captured enough number of packets, close all the process's by clicking the into mark which is there on the terminal Cracking WEP key using Aircrack Now its time crack the WEP key from the captured data, Enter the following commands in a new konsole to crack the WEP key aircrack-ng (name of the file ) In our case we enter aircrack-ng RHAWEP-0.1-cap With in a few minutes Aircrak will crack the WEP key as shown Once the crack is successful you will be left with the KEY! Remove the colons from the output and you’ll have your WEP Key. Hope You Enjoyed this tutorial ,For further Doubts and clarifications please pass your comments Sursa: Learn everything about window,hacking,buy e-gift vouchers

Poison Ivy RAT Spotted in Three New Attacks by Michael Mimoso The Poison Ivy remote access Trojan may be old, but it’s not losing favor with nation states that continue to make it the center piece of targeted attacks. Three groups of hackers, reportedly all with ties to China and possibly related in terms of their funding and training, are currently managing campaigns using the RAT to steal data from organizations and monitor individuals’ activities. Researchers at FireEye said the three campaigns target different industries yet share some of the same builder tools, employ passwords written in the same semantic pattern, and use phishing emails in their campaigns that are written in English using a Chinese language keyboard. So much for the notion of targeted, persistent attacks requiring zero-day malware. “There is a noticeable infrastructure built around using this tool; it’s clear they’ve trained a number of people to use and operate it,” said Darien Kindlund, manager of threat intelligence at FireEye. “It’s effective and there’s no need to change their tactics, which is why they’re still using it.” Kindlund said, however, that enterprise security managers and operations teams can become complacent when it comes to Poison Ivy, dismissing it as a crimeware tool and missing its potential to still infect many machines as it moves laterally looking for more vulnerable machines or data it targets. “What’s easy for these threat actors is they’re using easy-to-use tools that are point-and-click and it becomes easy to blend in with crimeware groups, easy to blend into the noise and discount their presence when a defender identifies a Poison Ivy infection,” Kindlund said. “They might remediate a single infected machine rather than think it’s one of 50 compromises and a large-scale infection. That gives the adversary more time to change tactics and move laterally to other systems, making it harder to detect.” Another reason Poison Ivy still finds favor with attackers is that, unlike Gh0stRAT or Dark Comet, it’s difficult to detect when Poison Ivy beacons out to its command and control infrastructure in order to receive more instructions. “Compared to Gh0stRAT, which uses zlib compression to obfuscate communication out, if a network operator sees that traffic beaconing out, it’s easy to decode that traffic to figure out what walked out door,” Kindlund said. “Poison Ivy uses Camellia encryption, which makes it more difficult to figure out what walked out the door.” The three attacks currently are fundamentally familiar. The first, named admin@338 for the password used by the attacker, targets international financial firms that specialize in the analysis of global or country-specific economic policies. It uses malicious email attachments to infect endpoints with Poison Ivy, which then downloads additional malware to steal intelligence in order to monetize insider information to make a market play or for geo-political reasons, Kindlund said. The second attack, named th3bug for its password, spiked last year, FireEye said. It focuses on higher education and international health care and high tech firms in order to steal intellectual property or new research that has yet to be published by a university team. Most of these are watering hole attacks where a regional website frequented by the targets is compromised and exploit code is injected onto the victim’s machine that redirects them to Poison Ivy. The third attack, dubbed menuPass, has been the most active of the three and dates back to 2009, spiking last year. It targets the defense industry and international government agencies trying to steal military intelligence. Spear phishing campaigns include attachments infected with Poison Ivy that are meant to look like a purchase order or price quote that would be fairly specific to the victim, Kindlund said. “They’ve done their homework and looked at the trust relationships of the target—who does this defense contractor do business with—and spoof an email from that partner and send an email through that channel,” Kindlund said. “These three groups have ties back to China; they all use a separate command and control infrastructure, but all three have a backend presence in that country.” Meanwhile, the company is releasing a free tool based on the open source ChopShop kit developed by MITRE Corp. The module is Poison Ivy specific, similar to other modules built for Gh0stRAT and will allow a security or network operations person to decode Poison Ivy traffic. *Poison Ivy image via uwdigitalcollections‘ Flickr photostream, Creative Commons Sursa: Poison Ivy RAT Spotted in Three New China Attacks | Threatpost Old schooleri

Frauda

http://suport.romtelecom.ro/app/answers/detail/a_id/90/~/cum-pot-apela-1930---v%E3%A2nz%E4%83ri-%E5%9Fi-rela%E5%B3ii-cu-clien%E5%B3ii-din-str%E4%83in%E4%83tate%3F http://www.romtelecom.ro/termeni-legali/termeni-si-conditii-myaccount http://economie.hotnews.ro/stiri-telecom-7174542-cum-ajung-abonatii-romtelecom-clienti-fara-voie-societatii-asigurari-astra.htm

Inside the Mind of a Famous Hacker When he was just 15 years old, Michael “MafiaBoy” Calce managed to shut down several major websites including CNN, Dell, Amazon, Yahoo!, eBay, and E-Trade with a series of denial of service attacks. Now, more than a decade later, he talks about how the hacker culture has changed and what users can do to protect themselves. How He Toppled the Web Giants In 2000, Calce targeted CNN.com after another hacker claimed the site would be impossible to bring down because of its “advanced networks” and “huge traffic numbers.” He managed to slow down CNN’s site for nearly two hours . Denial of service attacks involve bombarding a site or application with so many requests that the server is unable to keep up. Calce modified a denial of service attack written by another hacker and trained approximately 200 university networks under his control to a specific target. The attack against Yahoo! was by accident, Calce said. He had put in the IP addresses into the script, and then gone to school, forgetting the script was still running. He came home to find his computer had crashed, and didn’t realize what had happened until he heard the news reports later. Calce’s activities were “illegal, reckless and, in many ways, simply stupid,” he said, adding that he really had not understood the consequences of his actions. “It’s So Easy It’s Scary” More than a decade later, it’s easier to launch attacks now than it was then, Calce said. A lot of the companies are completely unaware that they are at risk, and that needs to change. Back when he was actively targeting sites, you had to work and build your own arsenal of tools before launching an attack. Now there are hacker desktops and ready-to-go tools that anyone can download, install, and go. “If you’re interested and you want to be a hacker, you can be a hacker in 30 minutes,” Calce said. Different Mentality, Motivations Calce and his fellow hackers were driven by curiosity and desire to understand how things worked. That is where the term “hacker” originated, after all. A hacker refers to anybody interested in manipulating technology to do something other than its original purpose. “That’s not necessarily a bad thing,” Calce said. “Everyone at that point in time was running tests and seeing what they could do and what they could infiltrate,” Calce said. The current generation is motivated by money, or desire to destroy. “It’s much more about monetary gain, whereas we were pushing the status quo,” Calce said. And even when there doesn’t seem to be an obvious financial motive, that doesn’t mean it isn’t there. Hacktivist groups such as “Anonymous” and “Lulzsec” are a “different breed,” Calce said. While they have political motivations, some of them do have malicious goals. They are not pure white-hat, or pure black-hat, but more grey-hat hackers Calce said. There will be more hacktivism since people have figured out how to use technology to fight back and draw more attention to their cause. “I don’t condone what they’re doing, but I understand their point,” Calce said. Safe Security Online With attack motivations shifting to monetary gain, the attack focus has also shifted, and individual users are just as likely to be targeted as large companies. Users need to use strong passwords to protect their accounts. They need to be long and complex. Password managers help keep track of strong passwords, Calce said. They should also think about installing personal firewall software on their computers to block malicious traffic. A firewall can also warn you when an application is trying to access the Internet. If you are not using Bluetooth, it should be turned off so that other devices cannot connect to your computer. And finally, users should beware of open wireless networks because it is incredibly easy to eavesdrop on what you are doing, and people don’t realize this, Calce said. Hacking will never go away, and users can take some steps to protect themselves, but ultimately, organizations need to invest in security to protect their end users, Calce said. Sursa: Inside the Mind of a Famous Hacker | ZoneAlarm Security Blog