Nytro

S-a actualizat si pagina cu noi posturi: https://www.facebook.com/rstforum Face cineva un cover photo pentru pagina? Arata urat fara. Ceva simplu si elegant.

Ala pare link-ul de la un mp3...

[h=3]OWASP Security Shepherd 1.2 Released[/h] Security Shepherd is a computer based training application for web application security vulnerabilities. This project strives to hurde the lost sheep of the technological world back to the safe and sound ways of secure practises. Security Shepherd can be deployed as a CTF (Capture the Flag) game or as an open floor educational server. Easy configuration to suit every use Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. This is accomplished through lesson and challenge techniques. A lesson provides a user with a lot of help in completing that module, where a challenge puts what the user learned in the lesson to use. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The bi-product of this challenge game is the acquired skill to harden a players own environment from OWASP top ten security risks The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. Security Shepherds vulnerabilities are not simulated, and are instead delievered through hardened real security vulnerabilities that can not be abused to compromise the application or it's environment. Many of these levels include insufficient protections to these vulnerabilities, such as black list filteres and poor security configuration. Security Shepherd includes everything you need to complete all of it's levels including the OWASP Zed Attack Proxy Project and portable browsers already configured for proxy use. The Security Shepherd project covers the following web application security topics; SQL Injection Cross Site Scripting Broken Authetication and Session Management Cross Site Rrequest Forgery Insecure Direct Object Reference Insecure Cryptographic Storage Failure to Restrict URL Access Unvalidated Redirects and Forwards Insufficient Transport Layer Security Download OWASP Security Shepherd 1.2 Sursa: OWASP Security Shepherd 1.2 Released - Penetration Testing and Security Tools

[h=3]lafuzz - Local File Incursion exploiter[/h] LaFuzz is a exploiter/fuzzer which is specify on Local File Incursion (LFI), but not just to exploit known vulnerabilities; LaFuzz takes a step forward onto exploiting unknown/0-day which is surrounding directory traversal's vectors. How to use: ./lafuzz.py python2.7 lafuzz.py python lafuzz.py Download lafuzz 1.5 Sursa: lafuzz - Local File Incursion exploiter - Penetration Testing and Security Tools

[h=3]Hideman - Free VPN service with mutliple server locations[/h] Virtual Private Network services are handy when you want to surf internet privately. VPN helps us to protect our surfing habits cached by website. Your internet service provider also not able to know what you are doing on internet. VPN helps you to surf anonymously. Connections to VPNs are encrypted which means that your data is safe from snooping users in the same network. This means you do not have to fear that someone in a hotel, Internet cafe or airport can steal personal information and data from you. Hideman provides its customers with VPN and Wi-Fi protection services. VPN is short for “Virtual Private Network,” which basically allows for an encrypted pathway between servers and hardware. As a result, all computers and web presences using a VPN are completely anonymous, ensuring unsurpassed privacy. Hideman offers this service through their special software which can be downloaded for free. In order to utilize the service, the user runs the software and manually establishes a unique IP address and country of origin. Hideman’s software is completely free to download. On top of that, its users will also be able to use it for four hours a week, providing a nearly “unlimited” free trial. Download For Windows Download for Android Sursa: Hideman - Free VPN service with mutliple server locations - Penetration Testing and Security Tools

[h=3]Safe3 sql injector - Powerful penetration testing tool for SQL Injection[/h] Safe3SI is one of the most powerful and easy usage penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a AI detection engine. Features Full support for http, https website. Full support for Basic, Digest, NTLM http authentications. Full support for GET, Post, Cookie sql injection. Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems. Full support for four SQL injection techniques: blind, error-based, UNION query and force guess. Powerful AI engine to automatic recognite injection type, database type, sql injection best way. Support to enumerate databases, tables, columns and data. Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server. Support to ip domain query,web path guess,md5 crack etc. Support for sql injection scan. Download Safe3 sql injector Sursa: Safe3 sql injector - Powerful penetration testing tool for SQL Injection - Penetration Testing and Security Tools

[h=3]DiskCryptor - Encrypt your partitions[/h] Encrypting your documents protects them from prying eyes if your computer becomes lost or stolen. However, you shouldn’t stop at just encrypting your sensitive documents. A thief can recover passwords and other sensitive information stored by Windows. Even if you password-protect your Windows account, your system files can still be easily accessed, for example, from a Linux-based LiveCD. DiskCryptor - fully open solution to encrypt all partitions, including system. The program is a replacement for proprietary DriveCrypt Plus pack and PGP WDE. The only alternative to DiskCryptor that has comparable features is TrueCrypt. There are other alternatives with similar functionality, but they are fully proprietary ones, which makes them unacceptable to use for protection of confidential data.Originally, DiskCryptor was conceived as a replacement for DriveCrypt Plus Pack and PGP Whole Disk Encryption (WDE). Now, however, the aim of the development of the project is to create the best product in its category. Features of "DiskCryptor" Encryption of system and bootable partitions with pre-boot authentication: · Full support for dynamic disks. · Support for disk devices with large sector size, which is important for hardware RAID operation. · Automatic mounting of disk partitions and external storage devices. · Broad choice in configuration of booting an encrypted OS. Support for various multi-boot options. High performance, comparable to efficiency of a non-encrypted system: · Support for hardware cryptography on VIA processors (PadLock extensions for hardware AES acceleration). · Support for hardware AES acceleration (AES-NI instruction set) on new Intel CPUs. Transparent encryption of disk partitions: · Choice to select an encryption algorithm (AES, Twofish, Serpent), including their combinations. Full support for external storage devices: · Full support for encryption of external USB storage devices. · Option to create encrypted CD and DVD disks. Full compatibility with third party boot loaders (LILO, GRUB, etc.): · Option to place boot loader on external medium and to authenticate using the key medium. · Support for key files. Download DiskCryptor Sursa: DiskCryptor - Encrypt your partitions - Penetration Testing and Security Tools

Pe mine de ce nu ma pupa nimeni in cur?

Mda, ce complicat e sa scrii un "malware" pentru Linux... Ai Qt, Gtk si alte tone de librarii deja existente pe majoritatea distributiilor, poti face un server complex de 20 KB prin simpla legare dinamica la astfel de librarii si cateva mii de linii de cod. Ca sa nu mai zic de Python, Perl sau chiar Shell scripting: rm -rf / , nu trebuie sa fii Torvalds ca sa faci un astfel de programel de rahat, sau un stealer de Pidgin/Mozilla si alte porcarii. Terminati cu rahaturile: "Linux nu are virusi" daca nu aveti nicio legatura cu programarea.

And away we spoof!!! Table of Contents And away we spoof!!!..........................................................................................................................................1 Notes on stopping arpspoof, the program................................................................................................1 Dsniff utilities..........................................................................................................................................1 Bandwidth Control.............................................................................................................................................3 Bandwidth usage.................................................................................................................................................5 MRTG......................................................................................................................................................5 Interpreting MRTG..................................................................................................................................5 IP Flow Meter (ipfm)...............................................................................................................................6 Interpreting ipfm output..............................................................................................................7 IPTraf.......................................................................................................................................................8 Berkeley Packet Filter (bpf) Quickie.......................................................................................................9 Tcpdump..................................................................................................................................................9 Interpreting tcpdump traffic......................................................................................................10 NTOP.....................................................................................................................................................11 Conclusion.........................................................................................................................................................12 Defenses..............................................................................................................................................................13 Read Carefully!......................................................................................................................................13 The Heart of the monitoring............................................................................................................................15 Essential preparation........................................................................................................................................17 Software Used........................................................................................................................................18 Ripped from the Headlines..............................................................................................................................20 Ngrep......................................................................................................................................................21 Snort.......................................................................................................................................................21 Security Considerations....................................................................................................................................23 Data Security..........................................................................................................................................24 Remote Access.......................................................................................................................................25 Restricting PAM?style..........................................................................................................................27 The chosen are few................................................................................................................................28 Hand in the googie jar............................................................................................................................28 Other considerations..............................................................................................................................29 Notes.........................................................................................................................................31 Thanks................................................................................................................................................................32 'To spoof or not to spoof, that is the packet'...................................................................................................32 Dsniff 'n the Mirror..........................................................................................................................................33 Download: http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf

Handbook of Applied Cryptography [h=4] Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone [/h] CRC Press ISBN: 0-8493-8523-7 October 1996, 816 pages CRC Press has generously given us permission to make all chapters available for free download. Please read this copyright notice before downloading any of the chapters. Chapter 1 - Overview of Cryptography ps pdf Chapter 2 - Mathematics Background ps pdf Chapter 3 - Number-Theoretic Reference Problems ps pdf Chapter 4 - Public-Key Parameters ps pdf Chapter 5 - Pseudorandom Bits and Sequences ps pdf Chapter 6 - Stream Ciphers ps pdf Chapter 7 - Block Ciphers ps pdf Chapter 8 - Public-Key Encryption ps pdf Chapter 9 - Hash Functions and Data Integrity ps pdf Chapter 10 - Identification and Entity Authentication ps pdf Chapter 11 - Digital Signatures ps pdf Chapter 12 - Key Establishment Protocols ps pdf Chapter 13 - Key Management Techniques ps pdf Chapter 14 - Efficient Implementation ps pdf Chapter 15 - Patents and Standards ps pdf Appendix - Bibliography of Papers from Selected Cryptographic Forums ps pdf References ps pdf Index ps pdf [h=3]About the book[/h] Words from the authors Brief table of contents Table of contents Foreword, by Ron Rivest Preface Reviews Errata (last updated July 24, 2011) Sursa: Handbook of Applied Cryptography

LINUX System Call Quick Reference Introduction System call is the services provided by Linux kernel. In C programming, it often uses functions defined in libc which provides a wrapper for many system calls. Manual page section 2 provides more information about system calls. To get an overview, use “man 2 intro” in a command shell. It is also possible to invoke syscall() function directly. Each system call has a function number defined in <syscall.h> or <unistd.h>. Internally, system call is invokded by software interrupt 0x80 to transfer control to the kernel. System call table is defined in Linux kernel source file “arch/i386/kernel/entry.S ”. System Call Example #include <syscall.h> #include <unistd.h> #include <stdio.h> #include <sys/types.h> int main(void) { long ID1, ID2; /*-----------------------------*/ /* direct system call */ /* SYS_getpid (func no. is 20) */ /*-----------------------------*/ ID1 = syscall(SYS_getpid); printf ("syscall(SYS_getpid)=%ld\n", ID1); /*-----------------------------*/ /* "libc" wrapped system call */ /* SYS_getpid (Func No. is 20) */ /*-----------------------------*/ ID2 = getpid(); printf ("getpid()=%ld\n", ID2); return(0); } http://www.digilife.be/quickreferences/qrc/linux%20system%20call%20quick%20reference.pdf

Eu as fi vrut sa particip la kernel, voiam sa imi fac filesystem-ul meu, dar nu am timpul necesar. Am facut doar cateva patch-uri banale care reparau diverse warning-uri/erori. Pe viitor vreau sa ma bag in Pidgin/libpurple, nu de alta, dar mai mult vreau sa invat despre YMSG.

Cine a scris porcaria asta?

[h=1]Americanii stiu sigur: Cloud Computingul este in ...cer[/h]de Redactia Hit | 30 august 2012 Nu este un banc, este rezultatul unui studiu. Multi americani chiar cred ca tehnologia cloud este undeva in cer. Studiul, realizat de Wakefield Research, releva ca 51% dintre americani sunt siguri ca furtunile si ploaia interfereaza direct cu serviciile cloud, care sunt "localizate" de respondenti undeva ...in cer. Mai mult, 29% dintre participantii la studiu considera ca functionarea cloud computing-ului (mai ales upload-ul si download-ul) tine in mod direct de conditiile meteo. Doar 16% dintre intervievati au raspuns ca termenul cloud computing desemneaza o retea de computere care stocheaza date. Sursa: Digitaltrends Via: Americanii stiu sigur: Cloud Computingul este in ...cer | Hit.ro

What is linux-gate.so.1? When you use the ldd utility on a reasonably recent Linux system you'll frequently see a reference to an ethereal entity known as linux-gate.so.1: ldd /bin/sh linux-gate.so.1 => (0xffffe000) libdl.so.2 => /lib/libdl.so.2 (0xb7fb2000) libc.so.6 => /lib/libc.so.6 (0xb7e7c000) /lib/ld-linux.so.2 (0xb7fba000) What's so strange about that? It's just a dynamically loaded library, right? Sort of, for sufficiently generous definitions of dynamically loaded library. The lack of file name in the output indicates that ldd was unable to locate a file by that name. Indeed, any attempt to find the corresponding file – whether manually or by software designed to automatically load and analyze such libraries – will be unsuccessful. From time to time this is a cause of befuddlement and frustration for users as they go searching for a non-existent system file. You can confidently tell users on this futile quest that there's not supposed to be a linux-gate.so.1 file present anywhere on the file system; it's a virtual DSO, a shared object exposed by the kernel at a fixed address in every process' memory: cat /proc/self/maps 08048000-0804c000 r-xp 00000000 08:03 7971106 /bin/cat 0804c000-0804d000 rwxp 00003000 08:03 7971106 /bin/cat 0804d000-0806e000 rwxp 0804d000 00:00 0 [heap] b7e88000-b7e89000 rwxp b7e88000 00:00 0 b7e89000-b7fb8000 r-xp 00000000 08:03 8856588 /lib/libc-2.3.5.so b7fb8000-b7fb9000 r-xp 0012e000 08:03 8856588 /lib/libc-2.3.5.so b7fb9000-b7fbc000 rwxp 0012f000 08:03 8856588 /lib/libc-2.3.5.so b7fbc000-b7fbe000 rwxp b7fbc000 00:00 0 b7fc2000-b7fd9000 r-xp 00000000 08:03 8856915 /lib/ld-2.3.5.so b7fd9000-b7fdb000 rwxp 00016000 08:03 8856915 /lib/ld-2.3.5.so bfac3000-bfad9000 rw-p bfac3000 00:00 0 [stack] ffffe000-fffff000 ---p 00000000 00:00 0 [vdso] Here cat prints its own memory map. The line marked [vdso] is the linux-gate.so.1 object in that process, a single memory page mapped at address ffffe000. A program can determine the location of the shared object in memory by examining an AT_SYSINFO entry in the ELF auxiliary vector. The auxiliary vector (auxv) is an array of pointers passed to new processes in the same way program arguments (argv) and environment variables (envp) are. The sample output above come from an x86 box where processes live in plain old 32-bit address spaces divided into pages of 4096 bytes, making ffffe000 the penultimate page. The very last page is reserved to catch accesses through invalid pointers, e.g. dereferencing a decremented NULL pointer or a MAP_FAILED pointer returned from mmap. I should note here that while linux-gate.so.1 is always mapped at this fixed location on that machine, the address used can differ between systems and even be randomly chosen per process as a security measure. On a system that does the latter, getting to the object is somewhat trickier and the following demonstration will not work. When all processes share the same object at the same location it's easy to extract a copy of it if we want to take a closer look at it. For example, we can simply ask dd to dump the page from its own memory (carefully choosing an output name different from linux-gate.so.1 to avoid creating a file that's not supposed to exist): dd if=/proc/self/mem of=linux-gate.dso bs=4096 skip=1048574 count=1 1+0 records in 1+0 records out We skip 1048574 because there are 220 = 1048576 pages in total and we want to extract the next to last page. The result looks like any other shared ELF object file: file -b linux-gate.dso ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped objdump -T linux-gate.dso linux-gate.dso: file format elf32-i386 DYNAMIC SYMBOL TABLE: ffffe400 l d .text 00000000 ffffe460 l d .eh_frame_hdr 00000000 ffffe484 l d .eh_frame 00000000 ffffe608 l d .useless 00000000 ffffe400 g DF .text 00000014 LINUX_2.5 __kernel_vsyscall 00000000 g DO *ABS* 00000000 LINUX_2.5 LINUX_2.5 ffffe440 g DF .text 00000007 LINUX_2.5 __kernel_rt_sigreturn ffffe420 g DF .text 00000008 LINUX_2.5 __kernel_sigreturn These symbols are entry points for the rt_sigreturn/sigreturn functions and for making virtual system calls. On the x86 platform linux-gate.so.1 was initially called linux-vsyscall.so.1, but this was changed during development to get a common name accurately reflecting its purpose across platforms: to act as a gateway between user and kernel space. Not all platforms need virtual syscalls, but they must be fairly important for x86 to warrant this elaborate mechanism. Traditionally, x86 system calls have been done with interrupts. You may remember that the way to request operating system functions was via interrupt 33 (21h) back in the bad old MS-DOS days. Windows system calls are buried beneath layers of user-mode APIs, but at some point they too boil down to int 0x2e. Similarly, syscall implementations in Linux and other *nix kernels have been using int 0x80. It turns out, though, that system calls invoked via interrupts are remarkably slow on the more recent members of the x86 processor family. An int 0x80 system call can be as much as an order of magnitude slower on a 2 GHz Pentium 4 than on an 850 MHz Pentium III. The impact on performance resulting from this could easily be significant, at least for applications that do a lot of system calls. Intel recognized this problem early on and introduced a more efficient system call interface in the form of sysenter and sysexit instructions. This fast system call feature first appeared in the Pentium Pro processor, but due to hardware bugs it's actually broken in most of the early CPUs. That's why you may see claims that sysenter was introduced with Pentium II or even Pentium III. The hardware problems also help explain why it took quite some time before operating systems started supporting fast system calls. If we ignore earlier experimental patches, Linux support for sysenter appeared in December 2002 during kernel 2.5 development. That's ten years after the instruction was defined! Microsoft started using sysenter only slightly earlier, in Windows XP. You can find out if your Linux machine is using the sysenter instruction for system calls by disassembling __kernel_vsyscall: objdump -d --start-address=0xffffe400 --stop-address=0xffffe414 linux-gate.dso linux-gate.dso: file format elf32-i386 Disassembly of section .text: ffffe400 <__kernel_vsyscall>: ffffe400: 51 push %ecx ffffe401: 52 push %edx ffffe402: 55 push %ebp ffffe403: 89 e5 mov %esp,%ebp ffffe405: 0f 34 sysenter ffffe407: 90 nop ffffe408: 90 nop ffffe409: 90 nop ffffe40a: 90 nop ffffe40b: 90 nop ffffe40c: 90 nop ffffe40d: 90 nop ffffe40e: eb f3 jmp ffffe403 <__kernel_vsyscall+0x3> ffffe410: 5d pop %ebp ffffe411: 5a pop %edx ffffe412: 59 pop %ecx ffffe413: c3 ret The preferred way of invoking a system call is determined by the kernel at boot time, and evidently this box uses sysenter. On an older machine you may see int 0x80 being used instead. In case you are struggling to make sense of that jump (like I was the first time I saw it) you might be interested to learn that it's there because Linus Torvalds is a disgusting pig and proud of it. (It's a trick to handle restarting of system calls with six parameters). Sursa: What is linux-gate.so.1?

[h=1]The TTY demystified[/h]The TTY subsystem is central to the design of Linux, and UNIX in general. Unfortunately, its importance is often overlooked, and it is difficult to find good introductory articles about it. I believe that a basic understanding of TTYs in Linux is essential for the developer and the advanced user. Beware, though: What you are about to see is not particularly elegant. In fact, the TTY subsystem — while quite functional from a user's point of view — is a twisty little mess of special cases. To understand how this came to be, we have to go back in time. [h=2]History[/h] In 1869, the stock ticker was invented. It was an electro-mechanical machine consisting of a typewriter, a long pair of wires and a ticker tape printer, and its purpose was to distribute stock prices over long distances in realtime. This concept gradually evolved into the faster, ASCII-based teletype. Teletypes were once connected across the world in a large network, called Telex, which was used for transferring commercial telegrams, but the teletypes weren't connected to any computers yet. Meanwhile, however, the computers — still quite large and primitive, but able to multitask — were becoming powerful enough to be able to interact with users in realtime. When the command line eventually replaced the old batch processing model, teletypes were used as input and output devices, because they were readily available on the market. There was a plethora of teletype models around, all slightly different, so some kind of software compatibility layer was called for. In the UNIX world, the approach was to let the operating system kernel handle all the low-level details, such as word length, baud rate, flow control, parity, control codes for rudimentary line editing and so on. Fancy cursor movements, colour output and other advanced features made possible in the late 1970s by solid state video terminals such as the VT-100, were left to the applications. In present time, we find ourselves in a world where physical teletypes and video terminals are practically extinct. Unless you visit a museum or a hardware enthusiast, all the TTYs you're likely to see will be emulated video terminals — software simulations of the real thing. But as we shall see, the legacy from the old cast-iron beasts is still lurking beneath the surface. Tutorial: http://www.linusakesson.net/programming/tty/index.php

Aia e altceva Rambo. Tot o sa arate urat, chiar daca nu mai iese din chenar si e doar "taiata".

Si pe mine parca ma racaia la ochi

Sa nu incadram totusi "Directory Listing" la capitolul ShowOff...

[h=2]Attackers Pounce on Zero-Day Java Exploit[/h]Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole. News of the vulnerability surfaced late last week in a somewhat sparse blog post by FireEye, which said the exploit seemed to work against the latest version of Java 7, which is version 1.7, Update 6. This morning, researchers Andre’ M. DiMino & Mila Parkour published additional details on the targeted attacks seen so far, confirming that the zero-day affects Java 7 Update 0 through 6, but does not appear to impact Java 6 and below. Initial reports indicated that the exploit code worked against all versions of Internet Explorer, Firefox and Opera, but did not work against Google Chrome. But according to Rapid 7, there is a Metasploit module in development that successfully deploys this exploit against Chrome (on at least Windows XP). Also, there are indications that this exploit will soon be rolled into the BlackHole exploit kit. Contacted via instant message, the curator of the widely-used commercial attack tool confirmed that the now-public exploit code worked nicely, and said he planned to incorporate it into BlackHole as early as today. “The price of such an exploit if it were sold privately would be about $100,000,” wrote Paunch, the nickname used by the BlackHole author. Oracle has moved Java to a quarterly patch cycle, and its next update is not scheduled until October. In the meantime, it’s a good idea to either unplug Java from your browser or uninstall it from your computer completely. Windows users can find out if they have Java installed and which version by visiting java.com and clicking the “Do I have Java? link. Mac users can use the Software Update feature to check for any available Java updates. If you primarily use Java because some Web site, or program you have on your system — such as OpenOffice or Freemind — requires it, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it. For browser-specific instructions on disabling Java, click here. If you must use Java, security experts are prepping an unofficial patch for the program that should blunt this vulnerability, but it is being offered on a per-request basis at this point. A number of experts I know and respect have vouched for the integrity of this patch, but installing third-party patches should not be done lightly. Note that regressing to the latest version of Java 6 (Java/JRE 6 Update 34) is certainly an option, but not a very good one either. If you do not need Java, get rid of it, and if you do need it for specific applications or sites, limit your use of Java to those sites and applications, using a secondary browser for that purpose. Sursa: Attackers Pounce on Zero-Day Java Exploit — Krebs on Security

Chiar eram curios cat de complexe sunt "Anti"-urile astea ale lor... Edit: Se da kill la process Cam trist, toti antivirusii cam au self-defense si hook-uri pe OpeProcess/TerminateProcess, deci nu prea vor merge aceste "Anti-uri".

YAJDE = Yet Another Java Driveby Explit...

In sfarsit un POC!