Nytro

// keccak.c // 19-Nov-11 Markku-Juhani O. Saarinen <mjos@iki.fi> // A baseline Keccak (3rd round) implementation. #include "keccak.h" const uint64_t keccakf_rndc[24] = { 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 }; const int keccakf_rotc[24] = { 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 }; const int keccakf_piln[24] = { 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 }; // update the state with given number of rounds void keccakf(uint64_t st[25], int rounds) { int i, j, round; uint64_t t, bc[5]; for (round = 0; round < rounds; round++) { // Theta for (i = 0; i < 5; i++) bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20]; for (i = 0; i < 5; i++) { t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1); for (j = 0; j < 25; j += 5) st[j + i] ^= t; } // Rho Pi t = st[1]; for (i = 0; i < 24; i++) { j = keccakf_piln[i]; bc[0] = st[j]; st[j] = ROTL64(t, keccakf_rotc[i]); t = bc[0]; } // Chi for (j = 0; j < 25; j += 5) { for (i = 0; i < 5; i++) bc[i] = st[j + i]; for (i = 0; i < 5; i++) st[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5]; } // Iota st[0] ^= keccakf_rndc[round]; } } // compute a keccak hash (md) of given byte length from "in" int keccak(const uint8_t *in, int inlen, uint8_t *md, int mdlen) { uint64_t st[25]; uint8_t temp[144]; int i, rsiz, rsizw; rsiz = 200 - 2 * mdlen; rsizw = rsiz / 8; memset(st, 0, sizeof(st)); for ( ; inlen >= rsiz; inlen -= rsiz, in += rsiz) { for (i = 0; i < rsizw; i++) st[i] ^= ((uint64_t *) in)[i]; keccakf(st, KECCAK_ROUNDS); } // last block and padding memcpy(temp, in, inlen); temp[inlen++] = 1; memset(temp + inlen, 0, rsiz - inlen); temp[rsiz - 1] |= 0x80; for (i = 0; i < rsizw; i++) st[i] ^= ((uint64_t *) temp)[i]; keccakf(st, KECCAK_ROUNDS); memcpy(md, st, mdlen); return 0; } Via: [h=3]27 February 2012 — Readable C code for Keccak[/h] Markku-Juhani O. Saarinen posted an implementation of Keccak in C aimed at readability and clarity, as an alternative to our specifications summary. We appreciate Markku's support.

E de preferat hartia igienica, e mai moale si nu te doare curul.

Da, daca e facut de tine, felicitari. Hmm, nu cred ca am mai vazut asa ceva in AutoIT. Iar ideea de a folosi AutoIT pentru indetectabilitate e foarte buna.

Muie.

Mi-am scris singur numele de cateva zeci de ori pe aici. Nu am de ce/cine sa ma ascund.

[h=1]Remote buffer overflow tutorial[/h] by Amit Malik 2 years ago exploit: exploit-db.com/exploits/10973 paper: scribd.com/doc/24863209/Remote-Buffer-overflow-exploits or exploit-db.com/papers/11042.pdf or packetstormsecurity.org/filedesc/RemoteExploits2.pdf.html Enjoy... DZZ

Vii*

Are dreptate si omul. Aveti incredere in el? Cumparati. Nu aveti? Taceti in pula mea, nu mai comentati aiurea. Cu urmatoarea ocazie, ban in serie, pentru toate posturile fara rost. Muie.

Defcon 20 - Owned In 60 Seconds: From Network Guest To Windows Domain Admin Description: Their systems were fully patched, their security team watching, and the amateur pentesters just delivered their "compliant" report. They thought their Windows domain was secure. They thought wrong. Zack Fasel (played by none other than Angelina Jolie) brings a New Tool along with New methods to obtain Windows Integrated Authentication network requests and perform NTLM relaying both internally and externally. The Goal? Start off as a nobody and get domain admin (or sensitive data/access) in 60 seconds or less on a fully patched and typically secured windows environment. The Grand Finale? Zack demonstrates the ability to *externally* gain access to a Windows domain user's exchange account simply by sending them an email along with tips on how to prevent yourself from these attacks. In just one click of a link, one view of an email, or one wrong web request, this new toolset steals the identity of targeted users and leverages their access. Call your domain admins, hide your road warriors, and warn your internal users. Zack will change the way you think about Windows Active Directory Security and trust relationships driving you to further harden your systems and help you sleep at night. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Defcon 20 - Owned In 60 Seconds: From Network Guest To Windows Domain Admin

How To Defend Against The Owasp Top Ten Web Security Threats Description: In this video Ken Sipe talking about OWASP Top Ten, for making your Web Application Secure. Ken Sipe : - Ken Sipe is a Technology Director with Perficient, Inc. (PRFT) in St. Louis, MO, USA, where he leads multiple teams in the development of enterprise solutions on both the Java and .Net platforms. Ken was the founder of CodeMentor, where he was the Chief Architect and Mentor, leading clients in the execution of RUP and Agile methodologies in the delivery of software solutions. Ken is passionate about technology and regular speaks on topics of architecture and software development. He is a core speaker with NFJS and won the Rock Star award in 2009 at JavaOne, JavaZone and The Strange Loop. When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the log4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern that seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API toolkit from OWASP. This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues that can be solved through standardizing on the open source Enterprise Security API. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: How to Defend Against the OWASP Top Ten Web Security Threats on Vimeo Sursa: How To Defend Against The Owasp Top Ten Web Security Threats

Ipv4 -To- Ipv6 Service Providers Challenges Description: A discussion of IPv6 and the world of ISP's, the myriad challenges the Service Provider industry faces to make an effective transition to the next iteration of the Internet Protocol. Jeremy is currently a Network Engineer, with a focus on DOCSIS cable plant environments. Experience implementing DOCSIS 3 functionality on CMTS's for various customers in various regions. He has over 7 years of Engineering experience and obtained many Cisco Certifications CCNA - CCNP and is currently working on his CCIE. Brian Is a Principal DOCSIS Engineer and has over 16 years of Network engineering under his belt. Has has worked with most of the major Cable ISP's world wide and has assisted in deploying DOCSIS 3.0 solutions in hundreds of North American markets. Both Jeremy and Brian are US Military veterans and work at IBBS (www.IBBS.com) supporting hundreds of Cable ISP's supporting over a 1.4 million broadband CPE devices. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Ipv4 -To- Ipv6 Service Providers Challenges

Exploiting Stack Overflows in the Linux Kernel In this post, I’ll introduce an exploitation technique for kernel stack overflows in the Linux kernel. Keep in mind this does not refer to buffer overflows on the kernel stack (whose exploitability is well understood), but rather the improper expansion of the kernel stack causing it to overlap with critical structures which may be subsequently corrupted. This is a vulnerability class in the Linux kernel that I do not believe have been exploited publicly in the past, but is relevant due to a recent vulnerability in the Econet packet family ©2010 Job Oberheide (jon.oberheide.org) Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/15634.pdf

Polonica era amuzanta la inceput. Acum nu mai e. Haide Polonica, poti mai mult, incearca! Vreau sa vad daca mai esti in stare de ceva.

Ba, NU ii mai dati ban. Vreau sa am cu cine purta o discutie de cacat.

Mai trist e ca doar tu razi la glumele tale. Inainte ne faceai sa radem, acum esti plictisitoare...

Pai fa si tu ceva, ca ne cam plictisim. Canta-te ceva. Pune pe youtube, sa mai radem si noi

Ai devenit plictisitoare fa

Si... Cum a ajuns acolo?

Cel mai bun iPhone: Telefon mobil Samsung I9300 GALAXY S3, 32GB, Blue I9300 Galaxy S3 32GB Blue - eMAG.ro

MD5 Message Digest Algorithm Overview [TABLE] [TR] [TD]© 2011 by Dr. Herong Yang. All rights reserved. This section describes the MD5 algorithm - a 5-step process of padding of '1000...', appending message length, dividing as 512-bit blocks, initializing 4 buffers, and 4-round of hashing each block MD5 algorithm is well described in RFC 1321 - The MD5 Message-Digest Algorithm, see http://www.ietf.org/rfc/rfc1321.txt. Below is a quick overview of the algorithm. [/TD] [TD][/TD] [/TR] [/TABLE] MD5 algorithm consists of 5 steps: Step 1. Appending Padding Bits. The original message is "padded" (extended) so that its length (in bits) is congruent to 448, modulo 512. The padding rules are: The original message is always padded with one bit "1" first. Then zero or more bits "0" are padded to bring the length of the message up to 64 bits fewer than a multiple of 512. Step 2. Appending Length. 64 bits are appended to the end of the padded message to indicate the length of the original message in bytes. The rules of appending length are: The length of the original message in bytes is converted to its binary format of 64 bits. If overflow happens, only the low-order 64 bits are used. Break the 64-bit length into 2 words (32 bits each). The low-order word is appended first and followed by the high-order word. Step 3. Initializing MD Buffer. MD5 algorithm requires a 128-bit buffer with a specific initial value. The rules of initializing buffer are: The buffer is divided into 4 words (32 bits each), named as A, B, C, and D. Word A is initialized to: 0x67452301. Word B is initialized to: 0xEFCDAB89. Word C is initialized to: 0x98BADCFE. Word D is initialized to: 0x10325476. Step 4. Processing Message in 512-bit Blocks. This is the main step of MD 5 algorithm, which loops through the padded and appended message in blocks of 512 bits each. For each input block, 4 rounds of operations are performed with 16 operations in each round. This step can be described in the following pseudo code slightly modified from the RFC 1321's version: Input and predefined functions: A, B, C, D: initialized buffer words F(X,Y,Z) = (X AND Y ) OR (NOT X AND Z) G(X,Y,Z) = (X AND Z ) OR (Y AND NOT Z) H(X,Y,Z) = X XOR Y XOR Z I(X,Y,Z) = Y XOR (X OR NOT Z) T[1, 2, ..., 64]: Array of special constants (32-bit integers) as: T[i] = int(abs(sin(i)) * 2**32) M[1, 2, ..., N]: Blocks of the padded and appended message R1(a,b,c,d,X,s,i): Round 1 operation defined as: a = b + ((a + F(b,c,d) + X + T[i]) <<< s) R2(a,b,c,d,X,s,i): Round 1 operation defined as: a = b + ((a + G(b,c,d) + X + T[i]) <<< s) R3(a,b,c,d,X,s,i): Round 1 operation defined as: a = b + ((a + H(b,c,d) + X + T[i]) <<< s) R4(a,b,c,d,X,s,i): Round 1 operation defined as: a = b + ((a + I(b,c,d) + X + T[i]) <<< s) Algorithm: For k = 1 to N do the following AA = A BB = B CC = C DD = D (X[0], X[1], ..., X[15]) = M[k] /* Divide M[k] into 16 words */ /* Round 1. Do 16 operations. */ R1(A,B,C,D,X[ 0], 7, 1) R1(D,A,B,C,X[ 1],12, 2) R1(C,D,A,B,X[ 2],17, 3) R1(B,C,D,A,X[ 3],22, 4) R1(A,B,C,D,X[ 4], 7, 5) R1(D,A,B,C,X[ 5],12, 6) R1(C,D,A,B,X[ 6],17, 7) R1(B,C,D,A,X[ 7],22, 8) R1(A,B,C,D,X[ 8], 7, 9) R1(D,A,B,C,X[ 9],12,10) R1(C,D,A,B,X[10],17,11) R1(B,C,D,A,X[11],22,12) R1(A,B,C,D,X[12], 7,13) R1(D,A,B,C,X[13],12,14) R1(C,D,A,B,X[14],17,15) R1(B,C,D,A,X[15],22,16) /* Round 2. Do 16 operations. */ R2(A,B,C,D,X[ 1], 5,17) R2(D,A,B,C,X[ 6], 9,18) R2(C,D,A,B,X[11],14,19) R2(B,C,D,A,X[ 0],20,20) R2(A,B,C,D,X[ 5], 5,21) R2(D,A,B,C,X[10], 9,22) R2(C,D,A,B,X[15],14,23) R2(B,C,D,A,X[ 4],20,24) R2(A,B,C,D,X[ 9], 5,25) R2(D,A,B,C,X[14], 9,26) R2(C,D,A,B,X[ 3],14,27) R2(B,C,D,A,X[ 8],20,28) R2(A,B,C,D,X[13], 5,29) R2(D,A,B,C,X[ 2], 9,30) R2(C,D,A,B,X[ 7],14,31) R2(B,C,D,A,X[12],20,32) /* Round 3. Do 16 operations. */ R3(A,B,C,D,X[ 5], 4,33) R3(D,A,B,C,X[ 8],11,34) R3(C,D,A,B,X[11],16,35) R3(B,C,D,A,X[14],23,36) R3(A,B,C,D,X[ 1], 4,37) R3(D,A,B,C,X[ 4],11,38) R3(C,D,A,B,X[ 7],16,39) R3(B,C,D,A,X[10],23,40) R3(A,B,C,D,X[13], 4,41) R3(D,A,B,C,X[ 0],11,42) R3(C,D,A,B,X[ 3],16,43) R3(B,C,D,A,X[ 6],23,44) R3(A,B,C,D,X[ 9], 4,45) R3(D,A,B,C,X[12],11,46) R3(C,D,A,B,X[15],16,47) R3(B,C,D,A,X[ 2],23,48) /* Round 4. Do 16 operations. */ R4(A,B,C,D,X[ 0], 6,49) R4(D,A,B,C,X[ 7],10,50) R4(C,D,A,B,X[14],15,51) R4(B,C,D,A,X[ 5],21,52) R4(A,B,C,D,X[12], 6,53) R4(D,A,B,C,X[ 3],10,54) R4(C,D,A,B,X[10],15,55) R4(B,C,D,A,X[ 1],21,56) R4(A,B,C,D,X[ 8], 6,57) R4(D,A,B,C,X[15],10,58) R4(C,D,A,B,X[ 6],15,59) R4(B,C,D,A,X[13],21,60) R4(A,B,C,D,X[ 4], 6,61) R4(D,A,B,C,X[11],10,62) R4(C,D,A,B,X[ 2],15,63) R4(B,C,D,A,X[ 9],21,64) A = A + AA B = B + BB C = C + CC D = D + DD End of for loop Output: A, B, C, D: Message digest Step 5. Output. The contents in buffer words A, B, C, D are returned in sequence with low-order byte first. Din aceeasi serie: ?MD5 Mesasge Digest Algorithm What Is MD5 Message Digest Algorithm? ?MD5 Message Digest Algorithm Overview Using MD5 Message Digest in Java Using MD5 Message Digest in PHP Using MD5 Message Digest in Perl Sursa: MD5 Message Digest Algorithm Overview Simplu si la obiect.

[h=1]OpenSSL, RSA, AES, and C++[/h] In my seemingly endless side project to implement RSA and AES encryption to my Alsa Server project, I wrote a while ago about doing simple RSA encryption with OpenSSL. Now, I’m here to say that I was doing it all wrong. In my first post about RSA encryption and OpenSSL my code was using the low level RSA functions when I should have been using the high level EVP (envelope) functions, which are much nicer to work with once you get the hang of them. Being that this code is eventually going to be merged in my Alsa server project, I went ahead and also implemented AES encryption/decryption and put everything in an easy to use C++ class. I assume that readers are familiar with encryption and OpenSSL terminology (things like IV, key lengths, public vs private keys, etc.). If not, look it up since there are much better explanations out there so why reinvent the wheel by explaining them here? Moving on. First up, since all the code presented is in various functions from a class (full listing is at the end), let’s look at the class members, and constructors first to understand where some of these variables are coming from. Below are all the class members. I know, not exactly intuitive, but bear with me. Header: #include <openssl/evp.h> #include <openssl/pem.h> #include <openssl/aes.h> #include <openssl/err.h> #include <stdio.h> #include <string> #include <string.h> #define DEBUG #ifdef DEBUG #define DEFAULT_RSA_KEYLEN 1024 #define DEFAULT_AES_KEYLEN 128 #define AES_ROUNDS 3 #else #define DEFAULT_RSA_KEYLEN 2048 #define DEFAULT_AES_KEYLEN 256 #define AES_ROUNDS 6 #endif #define PSUEDO_CLIENT #define SALT "alsa_channel_control" #define AES_KEY_PASS "alsa_channel_control" #define SUCCESS 0 #define FAILURE -1 #define KEY_SERVER_PRI 0 #define KEY_SERVER_PUB 1 #define KEY_CLIENT_PUB 2 class ServerCrypto { public: ServerCrypto(); ServerCrypto(unsigned char *clientPubKey, size_t clientPubKeyLen); ServerCrypto(unsigned char *clientPubKey, size_t clientPubKeyLen, size_t rsaKeyLen, size_t aesKeyLen); ~ServerCrypto(); int rsaEncrypt(std::string msg, unsigned char **encMsg); int rsaEncrypt(const char *msg, size_t msgLen, unsigned char **encMsg); int aesEncrypt(std::string msg, unsigned char **encMsg); int aesEncrypt(const char *msg, size_t msgLen, unsigned char **encMsg); std::string rsaDecrypt(unsigned char *encMsg, size_t encMsgLen); int rsaDecrypt(unsigned char *encMsg, size_t encMsgLen, char **decMsg); std::string aesDecrypt(unsigned char *encMsg, size_t encMsgLen); int aesDecrypt(unsigned char *encMsg, size_t encMsgLen, char **decMsg); int writeKeyToFile(FILE *fd, int key); int setClientPubKey(unsigned char* pubKey, size_t pubKeyLen); unsigned char* getServerPubKey(); unsigned char* getServerPriKey(); unsigned char* getServerAESKey(); private: EVP_PKEY *serverKeypair; EVP_PKEY *clientPubKey; EVP_CIPHER_CTX *rsaEncryptCtx; EVP_CIPHER_CTX *aesEncryptCtx; EVP_CIPHER_CTX *rsaDecryptCtx; EVP_CIPHER_CTX *aesDecryptCtx; unsigned char *rsaSymKey; int rsaSymKeyLen; unsigned char *rsaIV; unsigned char *aesKey; unsigned char *aesIV; size_t encryptLen; int init(size_t rsaKeyLen, size_t aesKeyLen); int genTestClientKey(int keyLen); }; Articol complet: http://shanetully.com/2012/06/openssl-rsa-aes-and-c-oh-my/

Nu arata rau deloc.

Not bad

Mda, "banal": "Our bootloader"... Shit just got more serious.

Defeating PatchGuard Bypassing Kernel Security Patch Protection in Microsoft Windows By Deepak Gupta, McAfee Labs, and Xiaoning Li, Intel Labs Table of Contents Summary 3 Introduction 3 Kernel Patching 4 PatchGuard 5 Initialization and operations 5 Initialization 6 Operations 6 Attacks and countermeasures 7 Exception handler hooking 7 Hooking KeBugCheckEx 8 Debug register attack with general detect bit on 8 Translation cache attack 11 Patching the kernel timer DPC dispatcher 11 A generic attack 12 A New Level of Security 18 Summary The kernel forms the core of any operating system. In conjunction with device drivers, the kernel abstracts interfaces for processes, memory management, file system, networking, and other services used by application developers. The kernel and other device drivers run at ring 0, the highest privilege, and form the bottom of the stack. Attacking the kernel and drivers puts an attacker in an advantageous position and helps hide footprints (rootkit activity). This stealth is required because most antimalware scanners update very frequently. If malware leaves behind footprints, then it can be traced, contained, and easily caught. Thus kernel-level malware with rootkit abilities are a very high-risk category. To protect the 64-bit Windows kernel, Microsoft created Kernel Patch Protection, commonly called PatchGuard. We haven’t seen many attacks on the 64-bit kernel barring some incidents of TDL4/Alureon and Xpaj. (These are actually “bootkit” attacks against the hard drive’s master boot record that can be prevented or cleaned later.) We know of no attack in the wild that targets PatchGuard and then patches the kernel image or critical kernel data structures. However, independent research, including our own, has proved that it is possible to defeat PatchGuard. These “white hat” attacks were published with proof of concept code and are purely for educational purposes. However, just as we have seen with earlier versions of Windows, malware developers will eventually find a way to crack the operating system’s defenses. Unlike 32-bit x86 processors, 64-bit processors from Intel come with virtualization extensions that can be used to set memory and CPU-register protections at the hardware level. DeepSAFE technology is one such offering from the collaborative efforts of Intel and McAfee; it will be instrumental in staying one step ahead of malware authors. Download: http://www.mcafee.com/us/resources/reports/rp-defeating-patchguard.pdf