Nytro

[h=1]Malware Attack Targets U.S. Government Agencies [/h] Sykipot, malware believed to originate in China, has been used to target smart cards in the Pentagon and other government agencies. According to security researcher AlienVault, a new variant of Sykipot is targeting the cards government employees use to access secure networks and servers. “The attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine (the attackers here took advantage of a zero-day exploit in Adobe),” according to AlienVault. Check out the video above to learn more. Sursa si video: Malware Attack Targets U.S. Government Agencies

SE Android Released January 6th, 2012 by James Morris The NSA have announced the initial public release of the Security Enhanced Android (SE Android) project. Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux. SE Android is currently available as source code. Instructions on building and installing the project may be found at the project web page. Sursa: SELinux News

[h=1]Python for Android launched[/h]9 January 2012, 17:55 A new project aims to make it easy to distribute Python applications for Android. The newly launched Python for Android project is a tool which takes a Python application and, after ensuring the Android SDK/NDK is installed, creates a Python distribution containing the runtime and the set of modules needed to run the application, packaged as an Android APK file. It was created by the developers of the Kivy cross-platform open source rapid application development library to support their framework. To that end, the packaged applications currently only have one "bootstrap" which decompresses the files, creates an OpenGL ES 2.0 surface for drawing and sets up to handle audio and touch events. Although built for the Kivy project, the developers welcome anyone prepared to create a new lighter bootstrap mechanism. Python has been executable on Android through the Android Scripting project, but that doesn't create simple-to-install, self-contained binary files. More details about the package are available, along with the source code, on the project's github repository. Currently the code has only been tested running on Ubuntu 11.10 and only supports including a small range of Python modules (peg, pil,png, sdl, sqlite3, pygame, kivy, android, libxml2, libxslt, lxml, ffmpeg, openssl). The Python for Android code is licensed under the LGPLv2. (djwm) Sursa: Python for Android launched - The H Open Source: News and Features

Self-extracting archive (SFX) as Creative Virus Handler Yesterday I Found and interesting article about "Self-extracting archive (SFX)" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not all people know how to do it. It is therefore exactly the same as a .ZIP or .RAR archive. The only difference is that, when you execute it, will automatically extract the files. However, if you add some parameters, you can execute them after extraction or execute a shell command before extraction. So this feature can be used as good virus handler. Let's See how? DarkCoderSc shared his experience with us using a Video Demonstration as shown Below. Start up the WinRAR application; click ‘Browse for folder’ under the ‘File’ menu and browse to the location of the file. With the file highlighted, clicking on the ‘Add’ button will kickoff the archiving process and selecting the ‘Create SFX archive’ option will give the file its self-extracting feature. Under the ‘Advanced’ tab and clicking on the ‘SFX options’ button, where we can now configure our ‘Advanced SFX options’. In the first input field you can add a file name that already exist on the current drive or one of the extracted files to execute after the extraction. In the second input field you can add a file name that already exist in the current drive to execute before the extraction. PART 1: Run Basic Windows Shell Commands using SFX: Example 1: %SYSTEMDRIVE%\windows\system32\cmd.exe /k shutdown -s -f -t 3600 In the first input enter this command if we generate the SFX package and run it after the extraction we see a DOS window and a windows notification saying our computer will shutdown in 1 hour. Example 2: %SYSTEMDRIVE%\windows\notepad.exe c:\atextfile.txt You can do this with any other present application on the system such as opening a notepad file. Example 3: %SYSTEMDRIVE%\Program Files\Internet Explorer?\iexplore.exe - Unremote Security Opening a webpage using Internet Explorer PART 2: Run Advance Tricky Commands using SFX Using only a little .dll in the SFX package attacker can download and execute an application on victim's system that can or cannot be a virus and For this we just required "Rundll32 Microsoft application" and "FASM (Flat Assembler?) Compiler". Now Create a new folder and a new file called ourdll.asm when its done open this file in FASM and paste this code in the file. Edit the path to Files in sample Code for personal Usage. Now in the menu bar click on “Run” >> “Compile”. Our dll is ready now, Let's create our SFX file downloader . You need to follow the next steps: - Right click on the dll and click on “Add to archive” << WinRAR explorer option - Choose SFX package in the options list - Go to Advanced Settings tab - Click on SFX Settings button - In extract to input add this line - "%APPDATA%\dcsc\ourdll.dll" - In the first input parameter enter this line %SYSTEMDRIVE%\windows\system32\rundll32.exe %APPDATA%\dcsc\ourdll.dll, dcscdownload Now we can generate our archive, if we have correctly setup the SFX, then it will download and execute the chosen file after the full extractions. PART 3: SFX as System Killer The SFX manager includes two other dangerous functions (Run as administrator and Delete files after extraction). The option Run as administrator will ask to run it as admin, so the SFX will have all the rights on the system and, after extraction, the delete files will be usefull to do harmful things in the system. To Get the Steps of this Method, You should Read the Original Article Written By Unremote.org. Sursa: Self-extracting archive (SFX) as Creative Virus Handler | The Hacker News (THN)

ClubHACK Magazine Issue 24 Authored by clubhack | Site chmag.in Posted Jan 14, 2012 ClubHACK Magazine Issue 24 - Topics covered include One Link Facebook, SQLMAP, Social Networking and its Application Security, and more. Download: http://packetstormsecurity.org/files/download/108666/clubhack-magazine-jan2012.pdf Sursa: ClubHACK Magazine Issue 24 ? Packet Storm

Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses* By Eric Chien and Péter Ször Symantec Security Response INSIDE - Types of Vulnerability - Current and Previous Threats - Current Security - Combating Blended Threats in the Future Note: This paper was originally published in Virus Bulletin, 2002 Old stuff... Download: http://www.symantec.com/avcenter/reference/blended.attacks.pdf

Reverse Engineering the RSA Malware Attack by J. Oquendo 4 months ago Reverse Engineering the RSA Malware Attack

URL redirection Vulnerability in Google Posted by Mohit Kumar On 1/14/2012 10:54:00 AM An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by "Ucha Gobejishvili ( longrifle0x )". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group: http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability : The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. This will expose the user to extensive risk and the user's interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data. The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site. Sursa: URL redirection Vulnerability in Google & Facebook | The Hacker News (THN)

[h=2]US military access cards cracked by Chinese hackers[/h] Access to buildings and intranets harvested by super-spy Trojan By John Leyden Posted in Security, 13th January 2012 16:35 GMT A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers. Smart cards are a standard means of granting active duty military staff, selected reserve personnel, civilian employees and eligible contractors access to intranets at US Army, Navy and the Air Force facilities. They can be used to get into buildings or, when used in conjunction with a static password, to access networks. Chinese hackers have adapted the Sykipot Trojan to lift card credentials from compromised systems in order to access classified military networks, according to researchers at security tools firm AlienVault. An adapted version of the Trojan targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what's been described as a 'smart card proxy' attack. The Sykipot Trojan was first created three years ago and featured in a number of industrial espionage-style attacks. Researchers at AlienVault captured an adapted version of the malware - specifically designed to circumvent authentication technology supplied by ActivIdentity - in a honeypot around two weeks ago. Subsequent analysis suggests that hackers added a smart card module to existing malware around March 2011. [h=3]The development of super-spy software[/h] AlienVault reckons the new strain of Sykipot Trojan was developed by the same Chinese authors that created earlier versions of the malware, first seen around three years ago. Previous builds of the Trojan were promoted by spammed messages that posed as information about the next-generation of US Air Force drones. In reality the message pointed at drive-by-download sites that featured the Sykipot Trojan as a payload and took advantage of various IE and Adobe Reader security flaws, as explained in more detail here. The malware featured in targeted attacks against aerospace technology firms, among others, that were ultimately designed to extract commercially sensitive information from compromised systems. The latest run of attacks also features spear phishing emails that attempt to trick marks into clicking on a link that deposits the Sykipot malware onto their machines. This time around the malware uses a key-logger to steal PINs associated with smart cards. Once attackers have authentication codes and associated PINs they gain the same level of trusted access to sensitive networks as the user whose credentials they have stolen. The cyber-criminals behind the attack are using a version of Sykipot first baked in March 2011 that has featured in dozens of attacks since, according to AlienVault. Jaime Blasco, AlienVault’s lab manager, told El Reg that Chinese messages in embedded code, the use of command and control servers in China as well as the use of exclusive use of the software in China all provide evidence that Chinese hackers are ultimately behind the attack. Blasco added that the use of dynamic tokens that offer two-factor authentication would thwart this particular line of attack. AlienVault supplies security event logging technology and does not compete with ActivIdentity. Blasco said it had not supplied either ActivIdentity nor the DoD with malware samples or notification of its research, which was first publicised via an article in the New York Times on Thursday. ActivIdentity's smart cards are standard issue at the DoD and a number of other US government agencies. Other users include Monsanto, BNP Paribas and Air France, the NYT adds. In response to AlienVault's research, ActivIdentity said in a statement: "We are aware of the recent reports that purportedly identified a new attack method that could hijack smart card-based certificates. "We take these reports very seriously and are working diligently to investigate the potential threat. At this time, we are confident that the purported threat poses no immediate risk to our customers." ® Sursa: US military access cards cracked by Chinese hackers • The Register

[h=3]DEFT Linux 7 Computer Forensic Live Cd - Released[/h] DEFT (Digital Evidence & Forensic Toolkit) is a customised distribution of the Lubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics. New features: - Based on Lubuntu 11.10 - Installable Distro - Linux kernel 3.0.0-12, USB 3 ready - Libewf 20100226 - Afflib 3.6.14 - TSK 3.2.3 - Autopsy 2.24 - Digital Forensic Framework 1.2 - PTK Forensic 1.0.5 DEFT edition - Maltego CE - KeepNote 0.7.6 - Xplico 0.7.1 - Scalpel 2 - Hunchbackeed Foremost 0.6 - Findwild 1.3 - Bulk Extractor 1.1 - Emule Forensic 1.0 - Guymager 0.6.3-1 - Dhash 2 - Cyclone wizard acquire tool - SQLite Database Browser 2.0b1 - BitPim 1.0.7 - Bbwhatsapp database converter - Creepy 0.1.9 - Hydra 7.1 - Log2timeline 0.60 - Wine 1.3.28 Download: http://www.mirrordeft.net by d3v1l at 20:43 Sursa: Security-Shell: DEFT Linux 7 Computer Forensic Live Cd - Released

[h=4]Ms11-100: .Net Framework Authentication Bypass[/h] Description: Demonstration of an authentication bypass vulnerability in the Microsoft .NET Framework fixed by MS11-100. http://www.sec-consult.com/files/20111230-0_asp.net_authentication_bypass_v1.0.txt Microsoft Security Bulletin MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) ASP.Net Forms Authentication Bypass Sursa: Ms11-100: .Net Framework Authentication Bypass

Using Free Windows XP Mode as a VMware Virtual Machine It’s becoming hard to obtain a licensed copy of Windows XP. Yet, many IT professionals, including malware analysts, like having Windows XP in their virtualized labs. After all, Windows XP is still running on numerous personal and business systems. Fortunately, you can download a virtualized instance of Windows XP from Microsoft for free if you are running Windows 7 Professional, Enterprise, or Ultimate on your base system. Microsoft calls this virtualized instance of Windows XP “Windows XP Mode,” and distributes it in the Windows Virtual PC format. If you prefer to use VMware Workstation or VMware Player instead of Virtual PC, follow instructions below. Download Windows XP Mode from Microsoft. You’ll need to go through the Windows validation wizard to confirm you’re running a licensed copy of the appropriate version of Windows 7. You’ll have the option of downloading and installing Windows Virtual PC software, but you don’t need it if you’ll be using VMware. Install the downloaded Windows XP Mode executable. The installation wizard will give you a chance to specify where the files installed, placing them in “C:\Program Files\Windows XP Mode” by default. This folder will contain, among other files, the 1GB+ file “Windows XP Mode base.vhd” representing the hard drive of the Windows XP virtual machine. Launch VMware Workstation or Player. Go to the File > Import Windows XP Mode VM menu. VMware will launch the wizard that will automatically create the Windows XP VMware virtual machine using the Windows XP Mode files you installed in the previous step. Using VMware Workstation or Player, power on the Windows XP Mode virtual machine that VMware created. Go through the Windows XP setup wizard the same way you would do it for a regular Windows XP system. At this point, you should have a VMware virtual machine running Windows XP. It will be connected to the network using the VMWare “NAT” mode, so if your base system has Internet access, so would the virtual machine. Hand-picked related items: Using VMware for Malware Analysis VMware Network Isolation for a Malware Analysis Lab 5 Steps to Building a Malware Analysis Toolkit Using Free Tools — Lenny Zeltser Sursa: Using Free Windows XP Mode as a VMware Virtual Machine

Nu se va face asa ceva.

[h=1]FreeBSD 9.0-RELEASE Announcement[/h] The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 9.0-RELEASE. This is the first release from the stable/9 branch, which improves on stable/8 and adds many new features. Some of the highlights: A new installer, bsdinstall(8) has been added and is the installer used by the ISO images provided as part of this release The Fast Filesystem now supports softupdates journaling ZFS updated to version 28 Updated ATA/SATA drivers support AHCI, moved into updated CAM framework Highly Available Storage (HAST) framework Kernel support for Capsicum Capability Mode, an experimental set of features for sandboxing support User-level DTrace The TCP/IP stack now supports pluggable congestion control framework and five congestion control algorithm implementations available NFS subsystem updated, new implementation supports NFSv4 in addition to NFSv3 and NFSv2 High Performance SSH (HPN-SSH) Flattened device tree (FDT), simplifying FreeBSD configuration for embedded platforms The powerpc architecture now supports Sony Playstation 3 The LLVM compiler infrastructure and clang have been imported Gnome version 2.32.1, KDE version 4.7.3 For a complete list of new features and known problems, please see the online release notes and errata list available at: FreeBSD 9.0-RELEASE Release Notes FreeBSD 9.0-RELEASE Errata For more information about FreeBSD release engineering activities please see: Release Engineering Information [h=2]Dedication[/h] The FreeBSD Project dedicates the FreeBSD 9.0-RELEASE to the memory of Dennis M. Ritchie, one of the founding fathers of the UNIX[tm] operating system. It is on the foundation laid by the work of visionaries like Dennis that software like the FreeBSD operating system came to be. The fact that his work of so many years ago continues to influence new design decisions to this very day speaks for the brilliant engineer that he was. May he rest in peace. [h=2]BitTorrent[/h] 9.0-RELEASE ISOs are available via BitTorrent. A collection of torrent files to download the images is available at: http://torrents.freebsd.org:8080/ [h=2]FTP[/h] At the time of this announcement the following FTP sites have FreeBSD 9.0-RELEASE available. ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp5.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp7.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp8.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.au.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.cn.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.cz.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.dk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.fr.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.ru.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.tw.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.uk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp2.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp10.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ ftp://ftp.za.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.0/ However before trying these sites please check your regional mirror(s) first by going to: ftp://ftp.<yourdomain>.FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: FTP Sites For instructions on installing FreeBSD or updating an existing machine to 9.0-RELEASE please see: http://www.FreeBSD.org/releases/9.0R/installation.html

Buffer Overflows: Anatomy of an Exploit A Look at How Systems are Exploited, and Why These Exploits Exist Joshua Hulse n3v3rm0r3.nevermore at gmail.com January 10, 2012 This paper will look at how buffer overflows occur on the stack. It will outline how the stack should be visualised when software engineers code in languages that requires manual memory management(assembly, c, c++, etc) and the importance of the ‘null terminating character’ in possible vulnerabilities. Before considering the exploitation of systems and the methods that should be employed to remove them, some time will be spent explaining the stack in the x86 architecture, the flat memory model employed by modern operating systems how payloads are written and delivered to exploited programs. Download: http://www.exploit-db.com/download_pdf/18346

Par sa mearga acum. Sa vedem ce putem face cu celelalte imagini, semnaturi sau postate.

De azi s-a pus si SSL (HTTPS) pe RST. Cred ca era necesar. Un anunt bun pentru cei mai paranoici dintre noi. Multumiri tex.

:">

dfsdfds :->

:-X

adwasd dsfsf

Si ce vrei sa demonstrezi cu asta periculosule? Ai iesit si tu din grota si ai pus mana pe un calculator si s-au umflat muschii pe tine. Pacat, nu ar trebui sa va cumpere parintii calculator, nu intelegeti la ce se foloseste.

Amuzantule. Nici nu ma stresez sa iti dau ban, nu meriti nici atat. Culca-te.

Cacat.

Citeste: Portable Executable - Wikipedia, the free encyclopedia Peering Inside the PE: A Tour of the Win32 Portable Executable File Format Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format, Part 2 Microsoft PE and COFF Specification Iczelion's Win32 Assembly Homepage http://www.drpaulcarter.com/pcasm/pcasm-book-pdf.zip OllyDbg Tutorials / Downloads - Tuts 4 You TiGa's Video Tutorial Site Lenas Reversing for Newbies / Downloads - Tuts 4 You Citeste cam in ordinea in care le-am postat. DUPA CE CITESTI revii cu intrebari, dar garantez ca nu o sa mai ai intrebari.