Nytro

GNUnet P2P Framework 0.9.5 Authored by Christian Grothoff | Site ovmj.org GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing. Changes: This release adds support for non-anonymous data transfers over multiple hops (if both publisher and replicator are using an anonymity level of zero). It fixes various bugs and includes cosmetic improvements in the gnunet-setup and gnunet-fs-gtk user interfaces. Download: http://packetstormsecurity.org/files/download/119046/gnunet-0.9.5.tar.gz Sursa: GNUnet P2P Framework 0.9.5 ? Packet Storm

Entropy Broker RNG 2.1 Authored by Folkert van Heusden | Site vanheusden.com Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website. Changes: This release adds a Web interface for viewing usage statistics, per-user bandwidth limits, and many small fixes. Download: http://packetstormsecurity.org/files/download/119047/eb-2.1.tgz Sursa: Entropy Broker RNG 2.1 ? Packet Storm

Bluefog 0.0.2 Authored by Tom Nardi | Site digifail.com Bluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously. Changes: This release is in the very early stages of development and there are some areas of the software which need attention and improvement. There is currently very little in the way of error checking. Download: http://packetstormsecurity.org/files/download/119045/bluefog-0.0.2.tar.gz Sursa: Bluefog 0.0.2 ? Packet Storm

Exista secimg.php pentru imagini, atat in posturi cat si in semnatura. Iar anonimizarea link-urilor (referrer)... Nu ai specificat DE CE ar fi necesara.

The Diviner - Digital Clairvoyance Breakthrough - Gaining Access To The Source Code And Server Side Structure Of Any Application Description: PDF : - https://hacktivity.com/en/downloads/archives/187/ Shay Chen is the CTO of Hacktics, an advanced security center of Ernst & Young. He is also a prominent blogger and researcher, and is responsible many security publications, including new application level attacks, various security tools comparison initiatives and two of the biggest researches performed in the field of automated security scanners (including the latest comparison of 60 web application scanners). In his current position in Hacktics, Shay is in charge of research, training, optimization, quality assurance and the constant improvement of Hacktics security services. He has over ten years in information technology and security, including a strong background in software development. Shay is an experienced speaker, and regularly instructs a wide variety of security related courses. Before moving into the information security field, he was involved in various software development projects in ERP, mobile & enterprise environments. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: The Diviner - Digital Clairvoyance Breakthrough - Gaining Access To The Source Code And Server Side Structure Of Any Application

[h=1]Using RtlCreateUserThread[/h]Author: zwclose7 This is the example usage of RtlCreateUserThread This program will create a remote thread that call ExitProcess within target process, cause the target process to exit Source code: #include <iostream> #include <Windows.h> using namespace std; typedef struct _CLIENT_ID { PVOID UniqueProcess; PVOID UniqueThread; } CLIENT_ID, *PCLIENT_ID; typedef long (*_RtlCreateUserThread)(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN,ULONG, PULONG,PULONG, PVOID,PVOID, PHANDLE,PCLIENT_ID); _RtlCreateUserThread RtlCreateUserThread; int main(){ HANDLE hThd; CLIENT_ID cid; DWORD pid; HMODULE ntdll=LoadLibrary("ntdll.dll"); HMODULE k32=LoadLibrary("kernel32.dll"); RtlCreateUserThread=(_RtlCreateUserThread)GetProcAddress(ntdll,"RtlCreateUserThread"); cin >>pid; HANDLE hProc=OpenProcess(PROCESS_ALL_ACCESS,false,pid); RtlCreateUserThread(hProc,NULL,false,0,0,0,(PVOID)GetProcAddress(k32,"ExitProcess"),0,&hThd,&cid); WaitForSingleObject(hThd,INFINITE); CloseHandle(hThd); CloseHandle(hProc); FreeLibrary(k32); FreeLibrary(ntdll); return 0; } http://www.rohitab.com/discuss/index.php?app=core&module=attach&section=attach&attach_id=3746 Sursa: Using RtlCreateUserThread - rohitab.com - Forums

In-Memory Fuzzing in JAVA SWISS ETHICAL HACKING ©2012 High-Tech Bridge SA – www.htbridge.com In-Memory Fuzzing in JAVA 2012.12.17 Xavier ROUSSEL I. What is Fuzzing? Introduction Fuzzing process Targets Inputs vectors Data generation Target monitoring Advantages and drawbacks II. In Memory Fuzzing Why use in-memory Fuzzing? Principle Data injection example Building in-memory Fuzzer Creating loop in memory Advantages and drawbacks III. DbgHelp4J Presentation Key features Example Implementing in-memory Fuzzer IV. Real case study EasyFTP 1.7.0.11 I. What is fuzzing? Introduction - OWASP definition : “Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.“ - Alternative to code review mainly used in white box testing. - Due to automated tests, fuzzing allows us to assess a software against a huge set of test cases in a few time. - Especially useful to test common applications implementations like FTP server or HTTP server. Download: www.exploit-db.com/download_pdf/23570

[h=1]Exploiting CVE-2010-3333[/h]Arun December 20, 2012 CVE 2010-3333 tells us two important things: that this is a stack-based buffer overflow, and that it has something to do with the RTF parser. What it doesn’t tell us is what on Earth we’re looking for. After all, Microsoft’s RTF spec is quite long, and there are too many things for us to fuss about to easily find out what the vulnerability is all about. Fortunately, by going over the relevant Metasploit module, or reading some analysis, we can conclude that the vulnerability lies in the parsing algorithm for the pFragments data array. You might ask yourself what this post will contribute, given that there’s already a Metasploit module and an analysis out there. Well, the analysis deals with Word 2003, which is really not relevant nowadays (or at least I would hope so), and the Metasploit module uses SEH overwrite to run the payload, which does not work on Word 2010 naturally. We aim to show you how to exploit this vulnerability on Word 2010 running on Windows 7, meaning we’ll have to deal with DEP and ASLR at the very least. First thing’s first – how do we even trigger the vulnerability? This is what the RTF spec has to say about the pFragments property: Property: pFragments Meaning: Fragments are optional, additional parts to the shape. They allow the shape to contain multiple paths and parts. This property lists the fragments of the shape. Type of value: Array Default: NULL What’s an “array” you ask? Here’s what the spec has to say about it: “Arrays are formatted as a sequence of numbers separated by semicolons. The first number tells the size of each element in the array in bytes. The number of bytes per element may be 2, 4, or 8. When the size of the element is 8, each element is represented as a group of two numbers. The second number tells the number of elements in the array.” An RTF file is really a text file containing formatting instructions (alongside the actual text) that get interpreted by the RTF parser. Naturally, it is bloated. The RTF spec states that, in order to use the pFragments property, we should at least have the following text in our RTF file: [TABLE] [TR] [TD=class: gutter]1 [/TD] [TD=class: code]{\rtf1{\shp{\sp{\snpFragments}{\sv<s>;;}}}} [/TD] [/TR] [/TABLE] What comes after “\sv” is an array, comprising the data for the pFragments property. According to the spec, <S> represents the size of each array element, and should be 2, 4 or 8, but it appears that any number can be used. It’s even better if the number is not 2, 4 or 8, as fewer checks are performed in the code. The <N> part tells us the number of elements in the array, but we’ll soon see that other numbers are actually used to calculate the size of the array. <DATA> is the contents of the array, written as a string of hexadecimal digits, where each two characters (digits) represent one byte, and the format of multi-byte values is little-endian. Fun fact: only lowercase letters can be used to represent the hex digits – uppercase letters will be treated as zeros. Just so you’d be able to keep records, wwlib.dll is at 0x6F870000 and mso.dll is at 0x6D2F0000. The version of both DLLs is 14.0.4734.1000. Let’s have a go at it. Load the following RTF file into an unpatched Word 2010: [TABLE] [TR] [TD=class: gutter]1 [/TD] [TD=class: code]{\rtf1{\shp{\sp{\snpFragments}{\sv 2;4;41414141414141414141414141414141}}}} [/TD] [/TR] [/TABLE] Here’s the result: Run that through the debugger and see where we crashed: We see that the crash is in mso.dll, when trying to read a value in memory through a corrupted pointer. Say we don’t follow the spec and use 1 instead of 2 as <S>: [TABLE] [TR] [TD=class: gutter]1 [/TD] [TD=class: code]{\rtf1{\shp{\sp{\snpFragments}{\sv 1;4;41414141414141414141414141414141}}}} [/TD] [/TR] [/TABLE] Now we get an access violation executing address 0. Now that’s interesting. Let’s take a look at the stack (the blue line represents the current value of ESP): Nice. We can see our ‘A’s on the stack, alongside many zeros, 4 of them comprising the return address (hence the exception). So yeah, we’ll stick to using 1 as <S>. Observe that the number of consecutive ‘A’s we see on the stack doesn’t correspond exactly to the number of ‘A’s in our data. Let’s try a different, larger sequence of formatted data, so we can see what goes where. This is a mixture of a simple “ABC…” and Metasploit’s pattern_create.rb’s output: [TABLE] [TR] [TD=class: gutter]1 [/TD] [TD=class: code]{\rtf1{\shp{\sp{\snpFragments}{\sv 1;4;4142434445464748494a4b4c4d4e4f5041613041613141613241613341613441613541613641613741613841613941623041623141623241623341623441623541623641623741623841623941633041}}}} [/TD] [/TR] [/TABLE] Let’s look at the crash this time: Click to Enlarge We get another access violation on a memory read. That’s not as good as the null pointer execution exception we had before. We also see that our string is on the stack, without the first 6 letters, ‘A’ to ‘F’. Various parts of our string are also on the stack, in DWORD quantities. We need to dig deeper into this. You can put a breakpoint on Read File just before opening the file and start there. Start right before the exception and try to climb back up, or just be creative. Let’s observe some notable pieces of code. Call the function in wwlib.dll that lexically parses the RTF file. This will result in calling various other functions to analyze the parsed text: 6FEE7615 E8 9AE1FAFF CALL wwlib.6FE957B4 Decoding <DATA> ends here: 6FEE950F 8B5D F0 MOV EBX,DWORD PTR SS:[EBP-10] Create a stream on the decoded data: 6FEE9522 FF15 F415676F CALL DWORD PTR DS:[<&ole32.CreateStreamOnHGlobal>; ole32.CreateStreamOnHGlobal Read the first 6 bytes of the decoded data as 3 words. Then check if word #1 is bigger than word #2 (it’s not, in our case): The following function call makes an additional check on the data (0x7ffffff / word #3 < word #2? No, in our case), and then computes the value of word #2 * word #3 and returns it: 6D2FA8A6 E8 4C000000 CALL mso.6D2FA8F7 The value of word #2 * word #3 is used as the size for a new memory allocation made by this function call: 6D2FA8A6 E8 4C000000 CALL mso.6D2FA8F7 Our decoded data (excluding the first 6 bytes) is then copied to that new memory allocation. Ok, so we now know why 6 of our bytes are gone, and what they should be (in general) in order to pass the checks. Where’s the buffer overflow? Why it’s right here: The function gets a 4-byte local variable as one of its parameters, and copies our entire data to that variable, thereby causing a stack-based buffer overflow. Note that the function we’re in right now is not protected by stack cookies (though there are some stack cookies spread around in other functions). Note the call at 0x6DCE3269 – if it returns 0, we go straight to the function’s epilogue, which is ended by “ret 0×14?. Check out the stack before running the function that smashes it: And after running the function: Ok, so now we need to find a way to quickly get out of our function, so we can use our overwritten return address. We need the function at 0x6DCE30CB to return 0. Let’s look at it: We get that if a certain value controlled by us is 0, the function will return 0 as well, which is exactly what we want. All we need to do is find that value in our RTF file, and replace it with “00000000.” Don’t forget to reverse the byte order when searching for the value. Here’s our POC RTF file: [TABLE] [TR] [TD=class: gutter]1 [/TD] [TD=class: code]{\rtf1{\shp{\sp{\snpFragments}{\sv 1;4;0100020000014142434445464748494a41613041613141613241434343433441613541613641613741613841613900000000623141623241623341623441623541623641623741623841623941633041}}}} [/TD] [/TR] [/TABLE] Notice it uses some minimal values for the first 3 words in: it has “00000000? for the check, and “43434343? to serve as the return address. Note that since this is a “ret 0×14? opcode, the stack pointer will be located right after our zeros when the function returns. Let’s test it: Unsurprisingly, we get an exception due to DEP. All of Word 2010 is ASLRed, which is really a shame for us, but there’s a DLL that gets loaded after Word 2010 is loaded, and that DLL does not support ASLR. The DLL is msgr3en.dll, and we can use it for our ROP payload. Some will have you believe that since the DLL is loaded only after Word has already finished loading itself, you can only exploit Word by selecting “Open” from the “File” menu (since by then Word has finished loading the DLL), and not by double-clicking the RTF file. If you create a large enough RTF file, the time it takes Word to load all the pages will be sufficiently long for the DLL to load as well, and so the exploit can use it to bypass DEP. Of course, you need to put your exploit code on the last page. I’ll let you finish the POC code by yourself. You can simply ask mona.py to generate the ROP chain for you, and get the shellcode from Metasploit. Place them one after the other immediately after the zeros (assuming you use the chain for VirtualProtect/call esp), and put a ROP-NOP as the return address, instead of 0×43434343. Sursa: InfoSec Institute Resources – Exploiting CVE-2010-3333

[h=1]Cyberterrorism Defined (as distinct from “Cybercrime”)[/h]Dimitar Kostadinov December 21, 2012 Introduction Technology is developing at an extremely vigorous pace over the last couple of decades. There are many unknown terms that come along with this rapid change. Often, the common people are not familiar with these new strange words ensuing from technological advancements and its interaction with the other branches of life. The purpose of this article is to help the reader understand the notion of cyberterrorism. Many controversial questions are set forth: “What is cyberterrorism?” “What is its objective?” “Are there any cases of cyberterrorism in real life?” “What is the difference between cyberterrorism and cybercrime?” Although there is much to be said on that increasingly popular subject, this contribution reveals some of the answers behind these tricky queries. Cyberterrorism The Definition So far, the international community has not decided on an exact definition of “terrorism” that can be applied universally. However, the United States Department of State prescribes the following definition of terrorism: “…premeditated, politically motivated violence perpetrated against non-combatant targets by sub-national groups or clandestine agents.” (Title 22 of the U.S. Code, Section 2656 f(d)) “Cyberterrorism” was coined by Barry Collin in the 1980?s. The fact that terrorism caused via kinetic force has not been unified yet in the international doctrine undoubtedly impeded determining a proper definition for its subcategory, , cyberterrorism. In a way, defining cyberterrorism is even more difficult because of the abstractness that is naturally implicated in understanding how certain events occur in cyberspace. According to NATO (2008), cyberterrorism is “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction to generate fear or intimidate a society into an ideological goal.” Another definition of cyberterrorism is provided by the US National Infrastructure Protection Centre, a part of the Department for Homeland Security: “a criminal act perpetrated through computers resulting in violence, death and/or destruction, and creating terror for the purpose of coercing a government to change its policies.” (Wilson, 2003) Some scholars or politicians avoid labelling acts as cyberterrorism, insisting on the assertion that these acts are mere hacking or so-called hacktivism. In their view, cyber attacks cannot bring about the same amount of death, destruction, or fear as with more traditional forms of terrorism. The word “hacking” become known in the beginning of the 1970?s when Altair 8800, the first personal computer, was created. The purchaser had to not only assemble the machinery himself, but also had to install the software as well (Shinder, 2002). Let’s examine the derivative term “hacktivism.” This is a word which combines two actions – hacking and activism. In short, hacktivism stands for low-level computer network attacks or digital activity which cause in most cases only temporary nuisance. Like cyberterrorists, hacktivists pursue political goals, but their activity does not correspond quantitatively or qualitatively with the possible outcome of cyberterrorist acts (Stanley, 2010). The term “cyberterrorism” encompasses two other terms – cyberspace and terrorism. The word “cyber” designates what type of terrorism is being referred to. The prefix “cyber” originates from the ancient Greece and means “skilled in steering or governing.” Many scholars claim that this term might not match well, since the Internet (the cyberspace) is not digitally, electronically, or otherwise controlled. Nevertheless, the term is deemed to be more accurate than terms like “virtual space/world/universe/reality,” which have different existential context and therefore are not semantically appropriate. William Gibson first came up with the term “cyberspace” in his novel “Neuromancer” which was published in 1984. Nowadays, this term is widely known as the environment which the Internet creates – all the communication activities and interconnection of human beings through computer devices innate to this medium. One scholar defines cyberterrorism as the “convergence of terrorism and cyberspace.” Basically, the means and their application is the same as regular computer network attacks with the significant difference that in the case of cyberterrorism, the leading motive is to coerce the government or its citizens to comply with some political or social demands. Moreover, the act should result in violence or fear in order to be qualified as cyberterrorism. Minor attacks that disrupt services of no great importance are not cyberterrorist acts, yet they may prove a very expensive nuisance, in terms of economics (Stohl, 2007). Objectives Without any doubt, the emergence of the Internet and its wide-range spectrum of opportunities have influenced considerably the terrorists’ methods and behaviour. In his speech before the RSA Cyber Security Conference, the FBA Director Robert Mueller warned that despite the fact that terrorism still poses the number one threat, cyberterrorism may displace the conventional one from its prime position. One can identify three main objectives of cyberterrorism: Organizational This organizational objective of cyberterrorism includes functions like recruiting, instigation training, fundraising, communication, planning, spying, etc. Following the intelligence reports, terrorist groups nowadays recourse to the Internet on a daily-basis. Their knowledge and skills in regard to computer technology is steadily growing and this build-up of knowledge and skills would eventually provide the necessary expertise for finding and exploiting vulnerabilities in the online security systems of governments or critical infrastructure institutions (Wilson, 2005). Although those researching the terrorist use of the Internet often describe them as radical factions seeking some sort of virtual jihad, the actors committing cyberterrorism do not have to be religiously motivated. Furthermore, the organizational function of cyberterrorism enables the wrongdoers to pursue their objective either through the means of traditional warfare or technology (Brickey, 2012). Undermining Self-explanatory, the goal which terrorists seek to achieve here is to hinder the normal functioning of computer systems, services, or websites. The methods used are defacing, denying, and exposing. Since the Western countries are highly dependent on online structures supporting vital services, these methods are of proven merit. However, disruptive activities usually do not entail grave consequences, except perhaps in cases of an unpredictable knock-on effect (Brickey, 2012). Destructive Because this purpose is directed towards achieving the same or similar results as classical terrorism, it is labelled pure cyberterrorism. Through the use of computer technology and the Internet, the terrorists seek to inflict destruction or damage on tangible property or assets, and even death or injury to individuals. There are no cases of pure cyberterrorism up to date, but perhaps its occurrence is only a matter of time, given the fact that the states’ critical infrastructure have significant security flaws (Brickey, 2012). History and Instances The first cyber attack by a terrorist was recorded in 1998 when the Black Tigers guerillas jammed Sri Lankan embassy email inboxes with hundreds of emails for a couple of weeks, generated by special software. In the course of the Kosovo war in 1998, NATO computers were subjected to denial-of-service attacks and email bombs. Web defacement against US government websites was conducted by Chinese activists as retaliation for the accidental bombing of the Chinese embassy in Belgrade by NATO forces. As a whole, cyberterrorism wasn’t really popular until the end of the millennium. At this particular moment, the big hysteria around the Millennium bug started to kindle peoples’ imagination. There were many apocalyptic scenarios which apparently did not transpire. Nevertheless, the fear of what might happen, either intentionally or by accident, if computers or technology were to go wrong, remained. Then the 9/11 terrorist attacks happened, leading inevitably to a new wave of anxiety with relation to all possible terrorist threats. In 2007, Estonia’s government and economy was struck by distributed denial-of-service attacks allegedly conducted by a Russian group. Nonetheless, neither NATO investigators nor European Commission experts could not link the cyber attack to the Russian government. Following a more recent series of events, in 2008, the Stuxnet worm sabotaged an Iranian nuclear plant. The Iranian government cast the blame on the joint efforts of USA and Israel. The latest cyber attacks on Saudi Aramco, RasGas, and US banks are considered as a strike back from the Iranian side. Cybercrime An increasing number of criminals are attracted by cybercrimes, because these types of crimes are convenient, anonymous, quick, diverse, and relatively low-risk. In the past, cybercrimes were committed by individuals or groups without decent organization, whilst nowadays organized crime structures and highly-trained professionals are deeply involved in this lucrative criminal activity. According to Interpol intelligence, just in the years 2007 and 2008, the damage from cybercrimes worldwide in numbers was evaluated at approximately 8 billion USD. In addition, the negative impact that corporate espionage brought on the intellectual property business worldwide was estimated at 1 trillion USD (Interpol, 2012). Cybercrimes encompass the following range of illegal activities: - attacks against computer data or network - internet theft - internet fraud - interference of online financial services - distribution of sexual content concerning children - distribution of malicious software, Botnets - email scam and phishing/pharming - copyright or intellectual property infringement The diagram below (GAO, 2007) briefly outlines the differences between traditional criminal techniques and cybercrime: Click to see the report from the United States Government Accountability Office Noticing the difference between cyberterrorism and cybercrime Depending on the context, cyberterrorism may overlap considerably with cybercrime or ordinary terrorism. When we talk about cybercrime and cyberterrorism, one of the underlying issues is the correct differentiation between the meaning of these terms. Often both terms are used interchangeably, a fact which brings confusion to people unfamiliar with details on that matter. If one observes a particular case and its context, this confusion may be further exacerbated by the application of other similar terms like Cyberwarfare. Brett Pladna (2008: 5), Information Security Specialist, also admits that it is often not an easy task to make a distinction between computer network attacks performed by terrorists and cyber-crimes done by hackers. This is so because the attacker, whoever that is, always tries to exploit weak spots in the system regardless of the essence of the real motives. Nevertheless, there are certain trends that can help in making a clear difference between both acts. For instance, in most of the cases of terrorist computer network attacks, the terrorists’ actions have been focused on website defacement and email bombing. For cyberterrorism cases to be regarded in a way similar to classical terrorism, the acts of the former needs more or less to bear the character and magnitude of the latter, meaning death/injury to human beings or physical destruction or damage to property, and to be inflicted through the means of the Internet. The term cyberterrorism usually comprises acts that resemble to a certain extent those which are characteristic of terroristic attacks via conventional means. As to the term cybercrime, it generally includes an illicit activity on the Internet as a whole. In order to overcome the disambiguation issue, scholars, institutions at international and domestic level, and legislation bodies should adopt a more appropriate course, in terms of law and politics. Once cybercrime and cyberterrorism terms are determinable, we would have a clear view on how to deal with such malignant acts. The only way to avoid that psychological condition is to strip both terms of the vagueness and ambiguity surrounding them. Conclusion Despite the fact that many observers deem that terrorist organizations like Al Qaeda do not rely on cyber attacks to achieve their ends, there is enough evidence material indicating the opposite. As it may seem probable from the late events connected to cyber attacks across the globe, there is an impending cyber threat. Without doubt, the terrorists desire to explore every option to cause great damage to their targets. Apparently, cyberspace provides a new battleground which every self-respecting opportunist would be willing to exploit either for criminal activities or cyber attacks at a minor or large scale. People tend to be frightened of what is unknown, of that which is veiled under obscurity. Knowledge and enlightenment is always a power which can disperse the cloud that prevents one to see clearly the truth. By finding a way that even the common people would be able to understand clearlythe essence of terms like “cyberspace,” “cybercrime,” and “cyberterrorim,” we can ensure that there will be less digital loopholes that the terrorists could take advantage of. Reference List Barry Collin, “The Future of CyberTerrorism,” Proceedings of the 11th Annual International Symposium on Criminal Justice Issues, The University of Illinois at Chicago, 1996. Retrieved also on 12/12/2012 from The Future of CyberTerrorism Brickey, J. (2012). Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace. Combating Terrorism Center at West Point. Retreived on 12/12/2012 from Defining Cyberterrorism: Capturing a Broad Range of Activities in Cyberspace | Combating Terrorism Center at West Point Interpol, (2012). Cybercrime. Retreived on 12/12/2012 from Cybercrime / Cybercrime / Crime areas / Internet / Home - INTERPOL [h=3]NATO, (2008). Cyber defence concept MC0571. Brussels, Belgium.[/h] Pladna, B. (2008). Cyber terrorism and information security. Retrieved on 12/12/2012 from http://www.infosecwriters.com/text_resources/pdf/BPladna_Cyber_Terrorism.pdf [h=3]Shinder, D. L.(2002). Scene of the Cybercrime: Computer Forensics Handbook. Syngress, Rockland (MA), USA.[/h] Stanley, N. (2010). The truth behind cybercrime, cyberwarfare, cyberterrorism and hacktivism. Retrieved on 12/12/2012 from Cybercrime, Cyberwars, Cyberterrorism and Hacktivism - Part 1 | Bloor Stohl, M. (2007). Cyber terrorism: A clear and present danger, the sum of all fears, breaking point or patriot games? Journal of Crime, Law and Social Change,46(4). U.S. Department of State, Office of the Coordinator for Counterterrorism, Country Reports on Terrorism, April 30, 2007. United States Government Accountability Office (GAO), (2007). CYBERCRIME Public and Private Entities Face Challenges in Addressing Cyber Threats. Report to Congressional Requesters. Retrieved on 12/12/2012 from http://www.gao.gov/new.items/d07705.pdf Wikia (2012). IT Law Wiki – Cybercrime. Accessed on 12/12/2012 Cybercrime - The IT Law Wiki [h=3]Wilson, C. (2003). Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress. CRS Web.[/h] Wilson, C. (2005). Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress. CRS Report for Congress.Retreived on 12/12/2012 from Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Sursa: InfoSec Institute Resources – Cyberterrorism Defined (as distinct from “Cybercrime”)

ShowOff-ul e una dintre cele mai importante parti ale RST-ului. Nu e ceva rau, dimpotriva, nu exista o alta metoda mai buna de a invata "securitate web" decat aceasta. Nu poti spune ca stii sa previi/repari o vulnerabilitate web daca nu stii cum se exploateaza. In plus exista firme mari care ofera sume substantiale de bani celor care gasesc probleme de securitate in site-urile proprii: Google, Facebook, Paypal si chiar incurajez lumea sa cauta vulnerabilitati in acele site-uri. Sigur, ar fi de preferat evitarea site-urilor guvernamentale si mai ales ale institutiilor financiare...

Fixed. Thanks.

Verificati daca puteti sa va schimbati avatarul/profile picture/signature picture.

E vina mea, am facut ceva modificari

Nullcon Delhi 2012: Another Security Lab - By Joerg Simon Description: This talk introduces and demonstrates the latest development state of the Fedora Security Lab and how it implements and aids the "Open Source Security Testing Methodology Manual" by creating the OSSTMM Lab as a tool set for teaching security. It introduces how - based on real scientific work - the OSSTMM Methodology helps to go a proper security testpath and how the metric works in order to ascertain and quantify security and trust not only for Computer and Network Security. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Nullcon Delhi 2012: Another Security Lab - By Joerg Simon

Da, asta cred si eu, si e cel mai bine asa.

Imi place si CentOS (server).

Brute-Force Attack On Ssh, Mysql, Vnc Using Metasploit-Framework Description: In this video I will show you how to perform a brute - force attack on services like SSH , MySQL, and VNC. Why Metasploit – I think Metasploit will work on target very well you can set brute-force speed ,threats level and many more things you can set. Modules Are used : - SSH Login Check Scanner | Metasploit Exploit Database (DB) This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. MySQL Login Utility | Metasploit Exploit Database (DB) This module simply queries the MySQL instance for a specific user/pass (default is root with blank). VNC Authentication Scanner | Metasploit Exploit Database (DB) This module will test a VNC server on a range of machines and report successful logins. Currently it supports RFB protocol version 3.3, 3.7, and 3.8 using the VNC challenge response authentication method. Source : - Penetration Testing Software | Metasploit Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Brute-Force Attack On Ssh, Mysql, Vnc Using Metasploit-Framework

Metasploit Wmap Web Vulnerability Scanner Description: In this video i will show you how to use WMAP Plugging in Metasploit-Framework. WMAP is an automation for an auxiliary, I mean this Plugging will fire automatically web supported auxiliary and in the last if on target vulnerability is available so it will store in our database. In this video I’m targeting one website and we found some files and some links maybe sometime we will get some sensitive information depend on the website. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Metasploit Wmap Web Vulnerability Scanner

Digipass Instrumentation For Fun And Profit Description: PDF : - https://hacktivity.com/en/downloads/archives/223/ He currently works as a Security Consultant at KPMG Romania where he is involved in penetration testing projects against web applications, mobile applications and network infrastructures. Adrian Furtuna has a PhD in Computer Science obtained at the Military Technical Academy of Bucharest, Romania. During his PhD program he has extensively studied various attack techniques utilized in Red Teaming engagements and he has designed a few scenarios for cyber defense exercises. He currently works as a Security Consultant at KPMG Romania where he is involved in penetration testing projects against web applications, mobile applications and network infrastructures. Adrian is also a lecturer at several master programs from Bucharest universities, teaching practical aspects of systems security testing and he is the founder of pentest-tools.com, a place where penetration testers can find a collection of ethical hacking tools that can be used online in their engagements. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Digipass Instrumentation For Fun And Profit

Android Programming for Beginners: Part 1 Thursday, 20 December 2012 11:06 Juliet Kemp With Android phones and tablets making their way into more and more pockets and bags, dipping a toe into Android coding is becoming more popular too. And it's a great platform to code for -- the API is largely well-documented and easy to use, and it's just fun to write something that you can run on your own phone. You don't even need a phone at first, because you can write and test code in an emulator on your Linux PC. In the first of this two-part intro to Android coding, get a basic timer app up and running and start learning about the Android API. This tutorial assumes some basic familiarity with Java, XML, and programming concepts, but even if you're shaky on those, feel free to follow along! Dev environment and getting started A note on versions: the most recent version of Android is 4.2 (Jelly Bean), but as you can see from this Wikipedia chart, there aren't many people using it yet. You're better off coding for one or both of 4.0 (Ice Cream Sandwich) or 2.3 (Gingerbread), especially as Android is entirely forwards-compatible (so your 2.3 code will run on 4.2) but not always backwards-compatible. The code here should work on either 4.0 or 2.3. The quickest way to get your dev environment set up is to download the Android Bundle. You'll also need JDK 6 (not just JRE); note that Android is not compatible with gcj. If you already have Eclipse, or wish to use another IDE, you can set it up for Android as described here. Now, create a project called Countdown either using Eclipse, or from the command line. I set the BuildSDK to 4.0.3, and minimum SDK to 2.2, and (in Eclipse) used the BlankActivity template. My First Android Project: Layout For our very first program, we're going to do is to show a timer that counts down from 10 seconds when you click a button. Before writing the code, let's create the interface -- what the user will see when they start the app. Open up res/layout/activity_countdown.xmlto create an XML layout, using either the Eclipse graphical editor, or a text/XML editor, to enter this: <RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" > <TextView android:id="@+id/time_display_box" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_alignParentTop="true" android:layout_centerHorizontal="true" android:layout_marginTop="60dp" android:text="@string/_00_30" android:textAppearance="?android:attr/textAppearanceLarge"/> <Button android:id="@+id/startbutton" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_below="@+id/time_display_box" android:layout_centerHorizontal="true" android:layout_marginTop="41dp" android:text="@string/start" /> </RelativeLayout> This illustrates the standard way of referring to Android resources. It's best practice to use string references rather than hard-coding strings. My First Android Project: Code Next, open up the CountdownActivity.java file in your editor, ready to write some code. You should already have an onCreate() method stub generated. onCreate() is always called when the Activity is first created, so you'll often do setup and app logic startup here. (Eclipse may also have created an onCreateOptionsMenu()method stub, which we'll ignore for now.) Enter this code: public class CountdownActivity extends Activity { private static final int MILLIS_PER_SECOND = 1000; private static final int SECONDS_TO_COUNTDOWN = 30; private TextView countdownDisplay; private CountDownTimer timer; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_countdown); countdownDisplay = (TextView) findViewById(R.id.time_display_box); Button startButton = (Button) findViewById(R.id.startbutton); startButton.setOnClickListener(new View.OnClickListener() { public void onClick(View view) { try { showTimer(SECONDS_TO_COUNTDOWN * MILLIS_PER_SECOND); } catch (NumberFormatException e) { // method ignores invalid (non-integer) input and waits // for something it can use } } }); } } You'll notice the thing that makes this a surprisingly easy first project: the Android API includes a CountDownTimer that you can use. We set up this, and the countdown display, as private member variables. In onCreate() we use the built-in setContentView method to grab our XML layout The R.foo.barsyntax is a standard way to refer to Android XML resources in your code, so you'll see it a lot. findViewById is another method you'll use a lot; here, it grabs the display and the Start button from the XML layout. For the Button to work when clicked, it needs an OnClickListener. This is an interface, so must be subclassed. We could create a whole new MyButton class to do this, but this is overkill for a single button. Instead, we do it inline, creating a new OnClickListener and its onClick() method. Ours simply calls showTimer() on the number of milliseconds we want to use (currently hard-coded). So what does showTimer()do? private void showTimer(int countdownMillis) { if(timer != null) { timer.cancel(); } timer = new CountDownTimer(countdownMillis, MILLIS_PER_SECOND) { @Override public void onTick(long millisUntilFinished) { countdownDisplay.setText("counting down: " + millisUntilFinished / MILLIS_PER_SECOND); } @Override public void onFinish() { countdownDisplay.setText("KABOOM!"); } }.start(); } The CountDownTimer class does most of the work for us, which is nice. Just in case there's already a running timer, we start off by cancelling it if it exists. Then we create a new timer, setting the number of milliseconds to count down (from the showTimer() parameter) and the milliseconds per count interval. This interval is how often the onTick()callback is fired. CountDownTimer is another abstract class, and the __onTick()__ and __onFinish()__ methods must be implemented when it is subclassed. We override onTick() to decrease the countdown display by a second on every tick; and override onFinish() to set a display message once the countdown finishes. Finally, start() sets the timer going. If you select 'Run' in Eclipse, you can choose to run this as an Android app, and an emulator will automatically be generated and run for you. Check out the Android docs if you need more information on setting up an emulator, or on running an app from the command line. Congratulations, you've written your first Android app! In the second part of this series, we'll have a closer look at the structure of an Android app, and make some improvements to the timer to input a countdown time, a Stop button, and menu options. We'll also look at running it on a physical phone rather than the software emulator. For more information in the mean time, you can check out the Android Development Training section of The Linux Foundation's Linux training website. Sursa: Android Programming for Beginners: Part 1 | Linux.com

Brute Force Attack With Burp In many occasions as a penetration testers we will have to face a web application where it will contain a login form which we will have to test it for weak credentials.Burp Suite is probably the best tool to be used when assessing web applications.Burp’s main use is to be a proxy interceptor,however provides a lot of other functions to penetration testers and it can also be used to attack a login form.In this article we will examine how we can use Burp in order to perform a brute force attack on a web application. Let’s say that we have the following login form: Login Form We will try to submit a username and a password and we will use the Burp Suite in order to capture the HTTP request. Capturing the HTTP Request Then we will send the request to the Intruder (Action—>Send to Intruder) and we will clear the positions on the request that we will not need to insert payloads which are the $low$ and session cookie.So we will leave the following positions: Remaining Positions As an attack type we will choose the cluster bomb because this type of attack it can take each word of the username list and it can run it against each word of the password list in order to discover the correct credentials. Now it is time to set the payloads on the three positions.So we will load our wordlists that contains usernames and passwords in the payload options of Burp and for the 3rd position we will just put as an option $Login$.In the next three images you can see this configuration. Payload Set 1 – Usernames Payload Set 2 – Passwords Payload Set 3 – Login Everything now is ready and we can start the attack on the Intruder.The Intruder will start sending HTTP requests to the form based on our payloads and it will try all the possible combinations. Cluster Bomb – Intruder After the inspection of the responses we will notices that Burp has successfully logged in under the credentials smithy/password. Discovery of valid credentials We can now go back to the application and to try to get access to the admin area with this username and password. Access in the admin area Conclusion As we saw in this post Burp is also capable to perform brute force attacks against web applications.Login forms can be found almost in every web application and the intruder tool can help the penetration tester to automate his tests.The discovery of valid administrator credentials can make the difference in black-box penetration tests. Sursa: https://pentestlab.wordpress.com/2012/12/21/brute-force-attack-with-burp/

Eu tot nu inteleg. Ce legaturi sa faca? Singurele legaturi se pot face username - IP (probabil foarte putine oricum). Restul sunt informatii PUBLICE. Daca cineva e speriat ca a facut ceva chiar ii recomand sa isi faca un alt cont si sa aiba grija ca nimeni sa nu isi dea seama de vechea sa identitate. Care ar fi rostul unui inceput de la 0? DE CE? Nimeni nu vine cu o explicatie logica, parca ati fi femei...

Study Of Malware Obfuscation Techniques Description: PRESENTATION ABSTRACT: Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt attempts of disassembly, debugging or analyse in a virtualized environment. This talk catalogs the common evasion techniques malware authors employ, applying over 50 different static detections, combined with a few dynamic ones for completeness. We validate our catalog by running these detections against a database of 4 million samples (the system is constantly running and the numbers will be updated for the presentation), enabling us to present an analysis on the real state of evasion techniques in use by malware today. The resulting data will help security companies and researchers around the world to focus their attention on making their tools and processes more efficient to rapidly avoid the malware authors' countermeasures. This first of its kind, comprehensive catalog of countermeasures was compiled by the paper's authors by researching each of the known techniques employed by malware, and in the process new detections were proposed and developed. The underlying malware sample database has an open architecture that allows researchers not only to see the results of the analysis, but also to develop and plug-in new analysis capabilities. The system will be made available in beta at Black Hat, with the purpose of serving as a basis for innovative community research. ABOUT RODRIGO RUBIRA BRANCO Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previously, as the Chief Security Research at Check Point he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest security research conference in Latin America. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Study Of Malware Obfuscation Techniques

Element 1337 In The Periodic Table: Pwnium Description: PRESENTATION ABSTRACT: Starting with the earliest Chromium Security Reward Program, we'll look at the evolution from $500 in 2010 to $60000 in 2012. Along the way, we'll look at the events and motivations that directed the growth of the program, as well as celebrate some of the more interesting and quirky bugs and individuals involved. Most excitingly, we'll end with results and updates from the previous day's exciting Pwnium 2 competition! There will be lots of time for audience questions. ABOUT CHRIS EVANS Chris is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. He releases vulnerabilities at http://scary.beasts.org/. His work includes vulnerabilities in the Firefox and Safari browsers; the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at Security. At Google, Chris has led or been involved with the security of projects such as Google App Engine, Google Spreadsheets, Picasa Web and Google Finance. He now leads security for Google Chrome. He has presented at various conferences. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Element 1337 In The Periodic Table: Pwnium