Nytro

Si eu le-as spune ce am de spus, dar eu nu sunt om de media. Adica parerea lor o asculta ZECI/SUTE DE MII de oameni, OAMENI RATATI = INFLUENTABILI. Si plecand de la asta ajungeti voi sa credeti toate rahaturile ce vi le baga pe gat mass-media. Sunteti fanii un astfel de oameni? Sunteti pierduti, influentati, indoctrinati. GANDITI SINGURI SCLAVILOR.

Muie barcelona!

Muie ambilor.

Categoriile si topicurile sunt copiate de pe RST, cel putin o parte. Ban, trash.

Am mai facut (mici) modificari la template: - user profile - show forum leaders - members list - homepage - activity In fine, arata putin mai "clean". Nu va asteptati la prea mult, sunt bug fix-uri, modificari foarte mici, prostii care aratau urat scoase... Ideea e sa postati aici daca sunt probleme, daca se vede ceva urat... Thanks.

Gauss: Abnormal Distribution Introduction Executive Summary Infection stats Architecture Wmiqry32/Wmihlp32.dll aka ShellHW Dskapi.ocx Smdk.ocx McDmn.ocx Lanhlp32.ocx Devwiz.ocx Winshell.ocx Windig.ocx Gauss C&C Information Timeline Files list Conclusion You can download PDF version of this article here. Link: http://www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution

Da, asa da. Ceva asemanator ar trebui sa faca si antivirusii vietii, iar asta ar salva milioane de oameni de stealere sau programe infectate. Probabil nu ar proteja impotriva tuturor PELoadere-lor, dar ar putea face o treaba excelenta.

[h=1]Algorithm problems for dummies[/h]Link: http://petr-mitrichev.blogspot.ro/ Cine-i autorul? El: In the Olympics of Algorithms, a Russian Keeps Winning Gold - Technology Review

http://cugiralba.wordpress.com/2012/08/06/pe-cine-intereseaza-am-luat-aur-la-olimpiada-internationala-de-mate/

Da, e si asta o idee...

"4. Apoi conexiunea este ip to ip" -Naspa.

Buna treaba, sa speram ca sefii tai nu sunt membri RST

Concentreaza-te pe partea de comunicatie "secure" apoi contacteaza-ma.

Trebuiau sa isi bata joc de ratatu asta...

[h=2]Blogul lui Mircea Badea a fost spart de hackeri justi?iari[/h]Ce-ati facut ma? 6 august 2012, 12:54 | Autor: Cristian Predoi Blogul lui Mircea a intrat ast?zi pe mâna hackerilor, care au publicat un articol în care o acuz? pe Laura Codru?a Kovesi c?-l protejeaz? pe Emanoil Savin, primarul ora?ului Bu?teni. Autorii demersului i-au cerut, la final, scuze lui Badea pentru deranj. „În timp ce autorit??ile române sesizate fiind, refuz? s? se implice în cercetarea f?r?delegilor, motivând ca fiind o chestiune personal? a peti?ionarului ?i ignorând aspectul ilicit al faptelor de corup?ie crim? organizat?, sp?lare de bani, ?antaj, deturnare de fonduri, atribuire selectiv? a contractelor cu statul firmelor de „buzunar” ?i multe alte infrac?iuni foarte grave.., Parlamentul României a devenit cel mai luxos penitenciar, cu cei mai boga?i de?inu?i liberi. Procurorul General C. Covesi nu face decât s? confunde justi?ia cu sportul, aruncând suli?a în trinubne în loc s?-l arunce la ?inta, inclusiv în ograda justi?iei unde zeci de „dalma?ieni” p?streaz? dosarele penale ale marilor corup?i, de peste 10 ani“, au scris hackerii justi?iari pe blogul lui Mircea Badea. Postarea cuprinde, totodat?, cinci clipuri de pe YouTube, care în acuz? pe Emanoil Savin, „Regele Mafiei Prahovene“. La final, cel care i-a spart blogul lui Badea, îi cere scuze pentru deranj. „PS:Nu va suparati domnule’ Mircea Badea. Sper ca imi ve-ti acorda atentie! Imi cer scuze daca v-am creat neplaceri!“, scrie la finalul post?rii. Dup? ce a aflat c? pe blogul s?u se afl? o postare care nu-i apar?ine, realizatorul TV a dat alarma pe Twitter. „ATEN?IE !!!!!! Blogul meu a fost spart. Nu mai pot intra pe el. Ultimul articol cel referitor la Kovesi nu-mi apar?ine. Încerc s? iau m?suri“, a scris Badea pe Twitter. Totodat?, n-a acceptat scuzele celor care i-au spart blogul. „V?d c? ?stora care sparg bloguri le place pârnaia. Au uitat cand au intrat masca?ii peste ?la al lui Ciutacu. Pârnaie vor, sa le dam. Îi rezolv repede. To?i analfabe?ii au senza?ia c? sunt mari hackeri. Vai de curva de mama lor“, a mai scris Badea pe Twitter. Sursa: Blogul lui Mircea Badea a fost spart de hackeri justi?iari

Posteaza un screenshot demonstrativ, nu stiu, ceva acolo. Iar voi, restul, abtineti-va de la comentarii idioate si inutile.

Ma refeream la prostia de a "crypoui" parolele... Puneti parola in plain text.

gfhfghfgh

Terminati ba cu cacaturile astea de parole.

Owasp - Old Webshells, New Tricks With Ryan Kazanciyan, Mandiant Description: The Presentation Web shells _ malicious scripts that provide an attacker with the ability to upload files, execute commands, conduct reconnaissance, and perform other command-and-control activities on a compromised web server _ are nothing new. They've been in the wild ever since the first web server and application exploits reared their ugly heads over a decade ago. Modern application security and server hardening processes have rendered them all but obsolete tools for desperate script-kiddies, right? Wrong. In this presentation we will discuss how web-based backdoors continue to be leveraged by sophisticated, targeted attackers and the challenges that they pose to forensic analysts conducting large-scale investigations. In particular, we will focus on the usage of web shells as a post-exploitation mechanism for maintaining persistence in an environment _ a backup method of remote access _ rather than a tool utilized in the initial entry vector. We will focus on the forensic artifacts that usage of such malware leaves behind on the host and on the network, and discuss techniques for rapidly identifying unknown web-based malware across servers. The Speakers Ryan Kazanciyan Ryan Kazanciyan is a Principal Consultant with Mandiant and has ten years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has spent the past four years leading investigation and remediation efforts for highly-targeted attacks affecting organizations in the defense, technology, utilities, government, and financial services sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He also has an extensive background managing and executing large penetration testing and application security assessments. Mr. Kazanciyan has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the federal government, and corporate security groups. He has taught courses on incident response, forensic analysis, penetration testing, and web application security. He has also presented at industry and security conferences including Black Hat, DoD CyberCrime, ShmooCon, Infragard, and ISACA. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Old Webshells, New Tricks with Ryan Kazanciyan, Mandiant on Vimeo Sursa: Owasp - Old Webshells, New Tricks With Ryan Kazanciyan, Mandiant

Owasp - Pentesting Smart Grid Web Apps With Justin Searle, Utilisec Description: The Presentation Web applications have not only conquered most user interfaces in traditional IT markets, they are also quickly replacing most user interfaces in critical control systems such as SCADA, Smart Meters, Distribution Management, and other Smart Grid master servers. And if the servers weren't enough, now they are starting to appear in the embedded devices deployed in the field. This talk will discuss all the places where web applications and web services are being used in today's modern electrical grid. We will also discuss the challenges that penetration testers new to critical control systems will face and how they can successfully overcome those challenges. The Speakers Justin Searle Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and currently plays key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences, and is currently an instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top security conferences such as Black Hat, DEFCON, OWASP, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT). Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Pentesting Smart Grid Web Apps with Justin Searle, Utilisec on Vimeo Sursa: Owasp - Pentesting Smart Grid Web Apps With Justin Searle, Utilisec

[h=1]HTML5 WebSockets Identified As Security Risk[/h] [h=3]WebSockets offer the promise of improved TCP connections, but do they also invite new forms of attack on your applications and infrastructure? [/h] By Sean Michael Kerner | July 31, 2012 In the modern world of web development, there are a set of new and emerging specifications sometimes grouped under the moniker HTML5. One of those specifications is the WebSocket API, which enables two-way communications. WebSockets offer the promise of faster communications than traditional TCP -- but according to a pair of security researchers, there is a hidden risk. Speaking at the Black Hat conference last week, Qualys engineers Sergey Shekyan and Vaagn Toukharian detailed how WebSockets could be exploited for malicious gain. Support for WebSockets is currently available in the latest Chrome, Firefox, Safari, and IE 10 web browsers. According to the two researchers, WebSockets are already in use by websites and embedded applications around the world today, and often without proper security. "We think that user capacity may be an issue with WebSockets if it's not implemented in the right way," Toukharian told eSecurity Planet. "WebSockets can be used for lots of things, but they shouldn't be used for all items on a web page." He stressed that WebSockets don't make sense to use in applications that don't need bi-directional communications or a fast response time. Different browsers also support WebSockets in unique ways. In particular, Shekyan noted that there are some important things that are not implemented in WebKit, which is the underlying engine that powers Chrome and Safari. Shekyan explained that the current WebSockets specification states that there should only be one WebSocket in a connecting state at a time. According to Shekyan, WebKit does not implement that specification. "So if a server is not accepting connections fast enough, then you shouldn't try and open a new connection before the previous one was accepted," Shekyan said. "That would prevent DoS (Denial of Service) attacks." According to Shekyan, an attacker could theoretically open an unlimited number of WebSocket connections from a single machine with WebKit to a third party server. Firefox also doesn't quite follow the WebSocket specification and it can allow up to 200 connections. Toukharian added that from a security perspective, WebSockets don't make applications more secure -- but they do provide a new attack vector for hackers. Traditional web attacks like Cross Site Scripting (XSS) and Man in the Middle (MitM) attacks can find a new home in WebSocket traffic. "Basically, if an attacker has access to content that initiates a WebSockets connection, then that connection could be compromised," Shekyan said. The other key issue is that since WebSocket technology is still relatively new, Shekyan argued that most firewall and IPS network security devices are not aware of them. As such, WebSocket traffic is not inspected or secured by the same mechanisms as other web traffic. "If someone can deliver malicious content over WebSockets, the rest of the protection is useless," Shekyan said. "Vendors should really start at looking at handling the WebSockets protocol." The challenge is one of usage. Toukharian added that if there was more use of WebSockets, than it's likely vendors would take more notice. Shekyan noted that he talked with one of the firewall vendors about the risk of not supporting WebSockets. The surprising response that he got back is that WebSockets are not currently a major attack vector and as such it doesn't matter. "Malware delivery via WebSockets becomes easier since IDS and Firewall technology can't see what is being delivered," Toukharian said. "It's just a matter of unmasking the data and looking at the traffic, it's not very hard. "Our hope is that Firewall and IPS vendors pick it up as soon as possible," Toukharian added. Sursa: HTML5 WebSockets Identified As Security Risk - eSecurity Planet

[h=2]Update volatility v2.1 – An advanced memory forensics framework[/h] The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. What’s new in 2.0 Highlights of this release include: Restructured and depolluted namespace Usage and Development Documentation New Configuration Subsystem New Caching Subsystem New Pluggable address spaces with automated election New Address Spaces (i.e. EWF, Firewire) Updated Object Model and Profile Subsystems (VolatilityMagic) Support for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 Updated Scanning Framework Volshell integration Over 40 new plugins! Volatility supports investigations of the following x86 bit memory images: * Microsoft Windows XP Service Pack 2 and 3 * Microsoft Windows 2003 Server Service Pack 0, 1 and 2 * Microsoft Vista Service Pack 0, 1 and 2 * Microsoft 2008 Server Service Pack 1 and 2 (there is no SP 0) * Microsoft Windows 7 Service Pack 0 and 1 Volatility currently provides the following extraction capabilities for memory samples: - Image date and time - Running processes - Open network sockets - Open network connections - DLLs loaded for each process - Open files for each process - Open registry keys for each process - OS kernel modules - Mapping physical offsets to virtual addresses - Virtual Address Descriptor information - Addressable memory for each process - Memory maps for each process - Extract executable samples - Scanning examples: processes, threads, sockets, connections, modules Download Right Here | Read more in here Our Post Before : Volatility v2.0 An advanced memory forensics framework release

Introduction To Reverse Engineering Software Creator: Matt Briggs License: Creative Commons: Attribution, Share-Alike (http://creativecommons.org/licenses/by-sa/3.0/) Lab Requirements: Windows system with IDA Pro (Free 5.0 is acceptable). Microsoft Visual Studio 2008 redistributable package. Class Textbook: Reversing: Secrets of Reverse Engineering by Eldad Eilam. Recommended Class Duration: 2 days Creator Available to Teach In-Person Classes: Yes Author Comments: Throughout the history of invention curious minds have sought to understand the inner workings of their gadgets. Whether investigating a broken watch, or improving an engine, these people have broken down their goods into their elemental parts to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software. In this course we will explore what drives people to reverse engineer software and the methodology and tools used to do it. Topics include, but are not limited to: •Uses for RE •The tricks and pitfalls of analyzing compiled code •Identifying calling conventions •How to navigate x86 assembly using IDA Pro •Identifying Control Flows •Identifying the Win32 API •Using a debugger to aid RE •Dynamic Analysis tools and techniques for RE During the course students will complete many hands on exercises. This class will serve as a prerequisite for a later class on malware analysis. Before taking this class you should take Introduction to Intel x86 or have equivalent knowledge. Class Materials All Material (TiddlyWiki (html+javascript) & analyzed binaries (PE)) To bypass exe filters, e.g. so this can be sent through email, this is an encrypted zip with a password of “reclass2011”. All of the .exe files have been renamed to .ex_. On Mac OS X 10.6 and below, you will have to open the zip file from Terminal in order to get the password prompt. Full quality downloadable QuickTime, h.264, and Ogg videos at Archive.org: Day 1 Part 1 (57:36, 706 MB) Day 1 Part 2 (1:17:18, 1 GB) Day 1 Part 3 (29:49, 453 MB) Day 1 Part 4 (38:36, 530 MB) Day 1 Part 5 (36:06, 500 MB) Day 2 Part 1 (49:29) Day 2 Part 2 (54:58) Day 2 Part 3 (40:09) Day 2 Part 4 (1:10:10) Day 2 Part 5 (58:51) (8:33:02 total, sans lab time) The videos are useful for students, but also more useful for potential instructors who would like to teach this material. By watching the video, you will better understand the intent of some slides which do not stand on their own. You are recommended to watch the largest size video so that the most possible text is visible without having to follow along in the slides. Revision History: 07-08-2012 - Day 2 videos uploaded to YouTube, & both days uploaded to Archive.org 07-01-2012 - Day 1 videos uploaded to YouTube 01-27-2012 - Created some 'missing' content, fixed a few flaws, and added a write-up for the last task 06-16-2011 - Initial class content upload If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes. Sursa: IntroductionToReverseEngineering

Portspoof - service signature obfuscator (more pain for port scanners) From: Piotr Duszynski <piotr () duszynski eu> Date: Sun, 05 Aug 2012 09:49:15 +0200 Hi, Short description of the soft and the concept: The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. The general goal of the program is to make the port scanning process very slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task. More info at: Portspoof - About Note: This is an idea that I had for a long time in mind and finally I found some time to implement it. It is still an early release and some part of the code isn't perfect, but I'll be working on that :] Cheers, Piotrek The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. It is meant to be a lightweight, fast, portable and secure addition to the any firewall system or security infrastructure. The general goal of the program is to make the port scanning software (Nmap/Unicornscan/etc) process slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task. Here is an example nmap scan result against system running portspoof: - default scan took about 800s (instead of 20s) - CPU usage was at 0,5% - memory usage was at 0,5% - one legitimate service is running on port in range of 1-65535 - all the rest is fake - portspoof will bind only to one port Check portspoof in action (Live demo - will sometimes hang due to dev. process ): nmap -sV 54.247.124.68 Portspoof is still an early work in progress and although stable and working it will require a lot of additional work (preferably along with a good beverage . Sursa: Full Disclosure: Portspoof - service signature obfuscator (more pain for port scanners)