Nytro

Ca tot veni vorba, nu iti apare IP-ul celui cu care vorbesti pe messenger, iti apare IP-ul unui serer Yahoo! pentru ca toate datele trec prin serverele lor.

Am jucat acum cativa ani. Si mai jucam anul trecut cam cateva ore pe luna Counter-Strike. In rest nu m-am mai jucat, iar filmele porno imi ocupa tot timpul si nu mai am timp de programare din pacate.

Nu jucam. Ni se par porcarii. Nu suntem toti niste hoti.

Astea sunt tutoriale?

Ai buton de Edit, il folosesti. Stim, e problema cu forumul, sper sa se rezolve in curand...

Nu vad nimic, decat un link. Mutat la gunoi.

PDF Analysis using PDFStreamDumper Posted on November 19, 2011 by darryl PDFStreamDumper is a PDF analyzer developed by Sandsprite's David Zimmer. He has added quite a bit of useful functions to make this an all-in-one, go-to tool as you’ll soon see. Here’s a spear-phish email that contains a malicious PDF file attachment: This PDF file is quite unusual. When you view it in Notepad, you normally can see readable strings and the magic bytes at the beginning. In this case, the PDF file has been altered: Using a hex editor, we can see the familiar attributes that make up a PDF file: When you open the PDF file using Adobe Acrobat Reader < 9.4, it notices that the PDF file is damaged and then repairs it. When it does so, the program crashes since it's just been compromised by the exploit and the shellcode executes. Let's open the PDF file using PDFStreamDumper and click on "Exploits_Scan" from the menu bar: In "Stream 25", we can see the Javascript exploit: Down at the bottom of the stream, we can see a bunch of hex characters. This looks like shellcode to me. We can either save the decompressed stream to a text file by right-clicking on the object to the left. Or, we can select the hex code and press control-c on our keyboard. Let's do the latter and now click on "Load" from the main menu then click on "Shellcode File". This brings up a new window. The main section is blank so we paste the hex code. We need to tell the program that this is hex so we select the characters then click on "Add % to HexString" under the "Manual_Escapes" menu. Since this is presumed to be shellcode, we can use the options under the "Shellcode_Analysis" menu. I tried to dump the shellcode using the top three options but it didn’t work. Let’s see if this is XOR-encrypted so select the hex characters then choose "Xor_Bruteforcer": Bingo! It is encrypted using the XOR key of "0xF0". You can see the dropbox.com download and execute link: Checking that executable against VirusTotal shows that it’s likely a banking Trojan. I’ve just scratched the surface of what this great tool can do. Be sure you check out PDFStreamDumper and his other tools for malware analysis! Sursa: http://www.kahusecurity.com/2011/pdf-analysis-using-pdfstreamdumper/

The Difference Between a Vulnerability Assessment and a Penetration Test There are many views on what constitutes a Vulnerability Assessment versus a Penetration Test. The main distinction, however, seems to be that some believe a thorough Penetration Test involves identifying as many vulnerabilities as possible, while others feel that Penetration Tests are goal-oriented and are mostly unconcerned with what other vulnerabilities may exist. I am in the latter group, and what follows is my argument for why you should be too. Background The impetus for this post came out of a conversation with Johannes Ullrich--the highly distinguished, Ph.D, CTO of SANS. He stated to me (read his argument here) that if a Penetration Tester simply accomplishes a given goal and doesn't continue on finding other vulnerabilities, he's done a poor job--which is where I disagree. Language is important, and we have two terms for a reason. We already have an aptly-named security test for compiling a list of vulnerabilities (a Vulnerability Assessment) and to say that Penetration Tests should always include a Vulnerability Assessment is to confuse the matter completely. The sole purpose of discovering vulnerabilities during a Penetration Test is to find a method of achieving the goal given by the client--nothing more. The Question of Exploitation One thing that always comes up in this debate is the topic of exploitation. Many are tempted to say, "If you exploit a vulnerability, it's a pentest." So in their minds it's a simple matter of, "If there's exploitation, it's a pentest."This is a confusion of the concepts. Exploitation can be imagined as a sliding bar between none and full that can be overlain upon both vulnerability assessments and penetration tests. Although most serious penetration tests lean heavily towards showing rather than telling (i.e. heavy on the exploitation side), it's also the case that deleting all data from a database to prove that it can be done is often not desirable. A penetration testing team may be able to simply take pictures standing next to the open safe, or to show they have full control of an AD domain, etc. without actually taking the destructive action that a criminal could. And vulnerability assessments can slide along this scale as well. There's no reason you can't simply have a vulnerability assessment where you're instructed to exploit all the vulnerabilities you find. Sure, it would a long time, but exploitation doesn't, by definition, move you out of the realm of vulnerability assessment. The belief that pentesting is always heavy on the exploitation, and that vulnerability assessments always lack it is a fallacy. The key attributes of a VA vs. PT are list-orientation vs. goal-orientation, and the question of exploitation is not part of that calculation. Proposed Definitions Vulnerability Assessments are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them. The more issues identified the better, so naturally a white box approach should be embraced when possible. The deliverable for the assessment is, most importantly, a prioritized list of discovered vulnerabilities (and often how to remediate). Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system. The deliverable for a penetration test is a report of how security was breached in order to reach the agreed-upon goal (and often how to remediate). The Physical Analog A good analog for this is a Tiger Team working for the government, like Richard Marcinko used to run with SEAL Team 6. Think about what his missions were: to gain control of a nuclear submarine and bring it out into the bay. So imagine that he were to be debriefed after a successful mission where he broke in through the east fence, and someone were to ask him about the security of the western side of the building. The answer would be simple: We didn't even go to the west side. We saw an opening on the east-facing fence and we went after our target. If the person doing the debrief were to respond with, "You didn't check the other fences? What kind of security test is it where you didn't even check all the fences?", the answer would be simple. Listen, man, I could have come in a million ways. I could have burrowed under the fences altogether, parachuted in, got in the back of a truck coming in--whatever. You told me to steal your sub, and that's what I did. If you want a list of all the different ways your security sucks, hire an auditor--not SEAL Team 6. Summary Vulnerability Assessment Customer Maturity Level: Low to Medium. Usually requested by customers who already know they have issues, and need help getting started. Goal: Attain a prioritized list of vulnerabilities in the environment so that remediation can occur. Focus: Breadth over depth. Penetration Test Customer Maturity Level: High. The client believes their defenses to be strong, and wants to test that assertion. Goal: Determine whether a mature security posture can withstand an intrusion attempt from an advanced attacker with a specific goal. Focus: Depth over breadth. Sursa: The Difference Between a Vulnerability Assessment and a Penetration Test

Web Application Security Testing Resources Stiu ca nu e tocmai un tutorial, dar contine informatii utile. Table of Contents Web Application Security Testing Methodologies Web Application Hacker's Handbook Testing Checklist Web Application Hacker's Handbook Chapter 20 Methodology The OWASP Testing Checklist Suites and Frameworks Standalone Scanning Tools Vulnerable Test Websites Utilities Browser Extensions Additional Resources Web Application Security Testing Methodologies Security assessments in general, and certainly web security assessments, are nearly as much art as science, so everyone has their own favorite method. Below are a few of the main methodologies that are out there. Web Application Hacker's Handbook Testing Checklist Web Application Hacker's Handbook Chapter 20 Methodology The OWASP Testing Checklist Web Application Hacker's Handbook Checklist (Content Moved) [ **Reproduced with permission from authors; copyright Dafydd Stuttard and Marcus Pinto ] Recon and Analysis Map visible content Discover hidden and default content Test for debug parameters Identify the technologies used Map the attack surface Test Handling of Access Authentication Test password quality rules Test for username enumeration Test resilience to password guessing Test any account recovery function Test any "remember me" function Test any impersonation function Test username uniqueness Check for unsafe distribution of credentials Test for fail-open conditions Test any multi-stage mechanisms Session Handling Test tokens for meaning Test tokens for predictability Check for insecure transmission of tokens Check for disclosure of tokens in logs Check mapping of tokens to sessions Check session termination Check for session fixation Check for cross-site request forgery Test for fail-open conditions Check cookie scope Access Controls Understand the access control requirements Test effectiveness of controls, using multiple accounts if possible Test for insecure access control methods (request parameters, Referer header, etc) Test the Handling of Input Fuzz all request parameters Test for SQL injection Identify all reflected data Test for reflected XSS Test for HTTP header injection Test for arbitrary redirection Test for stored attacks Test for OS command injection Test for path traversal Test for script injection Test for file inclusion Test for SMTP injection Test for native software flaws (buffer overflow, integer bugs, format strings) Test for SOAP injection Test for LDAP injection Test for XPath injection Test Application Logic Identify the logic attack surface Test transmission of data by the client Test for reliance on client-side input validation Test any thick-client components (Java, ActiveX, Flash) Test multi-stage processes for logic flaws Test handling of incomplete input Test trust boundaries Test transaction logic Assess Application Hosting Test segregation in shared infrastructures Test segregation between ASP-hosted applications Test for web server vulnerabilities Default credentials Default content Proxy functionality Virtual hosting mis-configuration Bugs in web server software Miscellaneous Tests Check for DOM-based attacks Check for frame injection Check for local privacy vulnerabilities Persistent cookies Caching Sensitive data in URL parameters Forms with autocomplete enabled Follow up any information leakage Check for weak SSL ciphers Web Application Hacker's Handbook Testing Methodology [From Chapter 20 of the WAHH] [ **Reproduced with permission from authors; copyright Dafydd Stuttard and Marcus Pinto ] Notice that this methodology is quite different from the checklist provided above. Also keep in mind that the book itself provides additional detailed steps in each of the sections listed. This is meant to help one compare methodology approaches, not to provide the actual content. Map the Application's Content Explore Visible Content Consult Public Resources Discover Hidden Content Discover Default Content Enumerate Identifier-Specified Functions Test for Debug Parameters Analyze the Application Identify Functionality Identify Data Entry Points Identify the Technologies Used Map the Attack Surface Test Client-side Controls Test Transmission of Data via the Client Test Client-side Control Over User Input Test Thick-client Components Test the Authentication Mechanism Understand the Mechanism Test Password Quality Test for Username Enumeration Test Resilience to Password Guessing Test Any Account Recovery Function Test Any Remember Me Function Test Any Impersonation Function Test Username Uniqueness Test Predictability of Auto-Generated Credentials Check for Unsafe Transmission of Credentials Test for Logic Flaws Exploit Any Vulnerabilities to Gain Unauthorized Access Test the Session Management Mechanism Understand the Mechanism Test Tokens for Meaning Test Tokens for Predictability Check for Insecure Transmission of Tokens Check for Disclosure of Tokens in Logs Check Mapping of Tokens to Sessions Test Session Termination Check for Session Fixation Check for XSRF Check Cookie Scope Test Access Controls Understand the Access Control Requirements Testing with Multiple Accounts Testing with Limited Access Test for Insecure Access Control Methods Test for Input-Based Vulnerabilities Fuzz All Request Parameters Test for SQL Injection Test for XSS and Other Response Injection Test for OS Command Injection Test for Path Traversal Test for Script Injection Test for File Inclusion Test for Function-Specific Input Vulnerabilities Test for SMTP Injection Test for Native Software Vulnerabilities Test for SOAP Injection Test for LDAP Injection Test for XPath Injection Test for Script Injection Test for File Inclusion Test for Logic Flaws Identify the Key Attack Surface Test Multistage Processes Test Handling of Incomplete Input Test Trust Boundaries Test Transaction Logic Test for Shared Hosting Vulnerabilities Test Segregation in Shared Infrastructures Test Segregation between ASP-Hosted Applications Test for Web Server Vulnerabilities Test for Default Credentials Test for Default Content Test for Dangerous HTTP Methods Test for Proxy Functionality Test for Virtual Hosting Misconfiguration Test for Web Server Software Bugs Miscellaneous Checks Check for DOM-based Attacks Check for Frame Injection Check for Local Privacy Vulnerabilities Follow Up Any Information Leakage Check for Weak SSL Ciphers The OWASP Testing Methodology Checklist (https://www.owasp.org/index.php/Testing_Checklist) Information Gathering Spiders, Robots, and Crawlers Search Engine Discovery/Reconnaissance Identify application entry points Testing for Web Application Fingerprint Application Discovery Analysis of Error Codes Configuration Management Testing SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity) DB Listener Testing Infrastructure Configuration Management Testing Application Configuration Management Testing Testing for File Extensions Handling Old, backup and unreferenced files Infrastructure and Application Admin Interfaces Testing for HTTP Methods and XST Authentication Testing Credentials transport over an encrypted channel Testing for user enumeration Testing for Guessable (Dictionary) User Account Brute Force Testing Testing for bypassing authentication schema Testing for vulnerable remember password and pwd reset Testing for Logout and Browser Cache Management Testing for CAPTCHA Testing Multiple Factors Authentication Testing for Race Conditions Session Management Testing for Session Management Schema Testing for Cookies attributes Testing for Session Fixation Testing for Exposed Session Variables Testing for CSRF Authorization Testing Testing for Business Logic Business Logic Testing Testing for Business Logic Data Validation Testing Testing for Reflected Cross Site Scripting Testing for Stored Cross Site Scripting Testing for DOM based Cross Site Scripting Testing for Cross Site Flashing SQL Injection LDAP Injection ORM Injection XML Injection SSI Injection XPath Injection IMAP/SMTP Injection Code Injection OS Commanding Buffer overflow Incubated vulnerability Testing for HTTP Splitting/Smuggling Denial of Service Testing Testing for SQL Wildcard Attacks Locking Customer Accounts Testing for DoS Buffer Overflows User Specified Object Allocation User Input as a Loop Counter Writing User Provided Data to Disk Failure to Release Resources Storing too Much Data in Session Web Services Testing WS Information Gathering Testing WSDL XML Structural Testing XML content-level Testing HTTP GET parameters/REST Testing Naughty SOAP attachments Replay Testing Web Services Testing WS Information Gathering Testing WSDL XML Structural Testing XML content-level Testing HTTP GET parameters/REST Testing Naughty SOAP attachments Replay Testing Web Services Testing AJAX Vulnerabilities AJAX Testing ----------------------------------------- Suites / Frameworks Burp Suite The premier tool for performing manual web application vulnerability assessments and penetration tests. The pro version includes a scanner, and the Intruder tool makes the offering stand out amongst its peers. HP WebInspect An enterprise-focused tool suite that includes a scanner, proxy, and assorted other tools. WebScarabNG The latest version of this famous suite from OWASP. Includes a web services module that allows you to parse WSDLs and interact with their associated functions. IBM AppScan IBM's enterprise-focused suite. Acunetix Acunetix's enterprise-focused suite. NTOSpider NTObjectives's enterprise-focused suite. W3af w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Websecurify Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Samurai Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Skipfish A fully automated, active web application security reconnaissance tool written by Michal Zalewski of Google. RAFT (Response Analysis and Further Testing Tool) RAFT is a testing tool for the identification of vulnerabilities in web applications. RAFT is a suite of tools that utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various client side storage. Zed Attack Proxy (ZAP) The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Standalone Web Assessment Tools Nikto Nikto is an command line Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. Wikto Wikto is Nikto for Windows - but with a couple of fancy extra features including Fuzzy logic error code checking, a back-end miner, Google assisted directory mining and real time HTTP request/response monitoring. Wikto is coded in C# and requires the .NET framework. Web Assessment Utilities Yehg.net Charset Encoder / String Encrypter A online, feature-rich tool for changing the encoding of input. Browser Extensions Websecurify Chrome Extension The Chrome Extension version of the Websecurify tool. Performs a scan and tells you the results summary, but there's no authentication or detailed view of findings. It's more of a quick-touch option before you run a real tool. XSS Me The Firefox Extension. SQL Inject Me The Firefox Extension. Vulnerable Test Websites These sites are purposely vulnerable for the purpose of testing web app security scanners. They are designed for this purpose, but I'd check to make sure it's ok before scanning them (just to be sure). Internet-accessible Google Gruyere This one is from Google and you can do it both online and as a local install. zero.webappsecurity.com (HP) I happen to know this one is o.k. to scan. demo.testfire.net (IBM) test.acunetix.com (Acunetix) testphp.vulnweb.com (Acunetix) testasp.acunetix.com (Acunetix) testaspnet.acunetix.com (Acunetix) Cenzic's Crack Me Bank Hacker Test This one is not like the others; it's not a full website you'd scan, but rather more like a puzzle where you proceed through various levels. Hax.tor Another challenge, similar to Hacker Test. Download and Configure Broken Web Apps Project (OWASP) This is the one you want first; it has over a dozen broken web apps to play with. Web Security Dojo (Maven) Similar to OWASP's Broken Web Apps project, i.e. multiple broken web apps in one place. Webgoat (OWASP) This is the grand pubah of the testing sites because it includes training with it. Note that it's on the Broken Web Apps image listed above. Damn Vulnerable Web App BadStore Hackme Bank (McAfee) Hackme Casino (McAfee) Hackme Books (McAfee) Hackme Shipping (McAfee) Hackme Travel (McAfee) Moth (Bonsai) SecuriBench (Stanford) Vicnum (ipsaplus) Google Gruyere This one is from Google and you can do it both online and as a local install. Additional Resources Hack This Site Community Hellbound Hackers Sursa: WebAppSec Testing Resources | danielmiessler.com

New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and m From: "MustLive" <mustlive () websecurity com ua> Date: Sun, 20 Nov 2011 23:40:48 +0200 Hello list! I want to warn you about new Cross-Site Scripting vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites. Earlier I wrote about XSS vulnerability in WP-Cumulus, which I've disclosed in 2009 (Security Advisory: Vulnerabilities in WP-Cumulus for WordPress - security vulnerabilities database), and many other plugins (and widgets and themes) for different engines, which are using tagcloud.swf made by author of WP-Cumulus. About millions of flash files tagcloud.swf which are vulnerable to XSS attacks I mentioned in my article XSS vulnerabilities in 34 millions flash files ([WEB SECURITY] XSS vulnerabilities in 34 millions flash files). ------------------------- Affected products: ------------------------- Vulnerable are all versions of WP-Cumulus. At that Roy Tanck's patch (version of flash-file for WP-Cumulus 1.23) will work for this vulnerability too, so in fixed versions of flash-file the XSS will not work, only HTML Injection. Also must be vulnerable Joomulus for Joomla, JVClouds3D for Joomla, Blogumus, 3D Cloud for Joomla, Tagcloud for DLE, t3m_cumulus_tagcloud for TYPO3, Cumulus for BlogEngine.NET, tagcloud for Kasseler CMS, 3D user cloud for Joomla, Flash Tag Cloud for Blogsa and other ASP.NET engines, b-cumulus, Cumulus for Drupal, sfWpCumulusPlugin for symfony, Flash Tag Cloud For MT 4, MT-Cumulus for Movable Type, Tumulus for Typepad, WP-Cumulus for RapidWeaver, HB-Cumulus for Habari, Cumulus for DasBlog, EZcumulus and eZ Flash Tag Cloud for eZ Publish, Simple Tags for Expression Engine (version 1.6.3 and new versions, where support of this swf-file was added), Freetag for Serendipity (of this flash-file was added in version 2.103), Tag cloud for Social Web CMS, Animated tag cloud for PHP-Fusion, 3D Advanced Tags Clouds for Magento, Cumulus for Sweetcron and other web applications with this flash-file. And also themes for engines, particularly for Drupal (http://websecurity.com.ua/5407/), which are using this flash-file (I've wrote earlier about five vulnerable themes for Drupal). As I mentioned bellow, vulnerable are only web applications with new versions of this flash-file (and a lot of web applications and sites are using exactly new versions of it). But when web developers or admins of sites, which are using old versions of swf-file (unaffected) will decided to update it (just "to update" or to fix first XSS vulnerability, which can be done by updating to fixed version from Roy Tanck), then they will become vulnerable to this hole. ---------- Details: ---------- If previous vulnerability in tagcloud.swf concerned parameter mode, then new vulnerability concerns parameter xmlpath. XSS (WASC-08): http://site/tagcloud.swf?xmlpath=xss.xml http://site/tagcloud.swf?xmlpath=http://site/xss.xml File xss.xml: <tags> <a href="javascript:alert(document.cookie)" style="font-size:+40pt">Click me</a> <a href="http://websecurity.com.ua"; style="font-size:+40pt">Click me</a> </tags> Code will execute after click. It's strictly social XSS (Strictly social XSS - Websecurity -). Also it's possible to conduct (like in WP-Cumulus) HTML Injection attack. The attack will work only in new versions of flash-file, where support of parameter xmlpath was added. In old versions (not affected) in context menu is mentioned "WP-Cumulus by Roy Tanck", and in new versions (affected) mentioned "WP-Cumulus by Roy Tanck and Luke Morton". The attack will work only when xml-file is placed at the same site (the path can be relative or absolute). Extension of the file can be arbitrary. ------------ Timeline: ------------ 2011.11.09 - found vulnerability. 2011.11.17 - disclosed at my site. 2011.11.19 - informed developer of WP-Cumulus. All developers of forks of WP-Cumulus and developers of web applications, which are using this flash-file, can read about this issue at my site and in security mailing lists. In any case, the correct fix for first XSS hole (in links handling algorithm) also fixes the second XSS hole, so after I've informed all above-mentioned developers during 2009-2011, if they fixed first hole, then they fixed the second one. I mentioned about this vulnerability at my site: http://websecurity.com.ua/5505/ Best wishes & regards, MustLive Administrator of Websecurity web site Websecurity - Sursa: Full Disclosure: New XSS vulnerability in WP-Cumulus for WordPress and multiple web applications and millions web sites

Enumerating and Breaking VoIP Introduction Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most of the organizations which have implemented VoIP are either unaware or ignore the security issues with VoIP and its implementation. Like every other network, a VoIP network is also susceptible to abuse. In this article, I would discuss about various enumeration techniques followed by demonstration of few VoIP attacks. I deliberately will not go to protocol level details as this article is aimed at Penetration Testers who want to get a taste of the basics first, though it is strongly encouraged to understand the protocols used in VoIP networks. Possible attacks against VoIP Denial of Service (DoS) attacks Registration Manipulation and Hijacking Authentication attacks Caller ID spoofing Man-in-the-middle attacks VLAN Hopping Passive and Active Eavesdropping Spamming over Internet Telephony (SPIT) VoIP phishing (Vishing) Download: http://www.exploit-db.com/download_pdf/18136

Social Engineering - The Human Factor Name: Dinesh Shetty Profile: Information Security Consultant Email ID: dinesh.shetty @ live.com Social Engineering Cyber security is an increasingly serious issue for the complete world with intruders attacking large corporate organizations with the motive of getting access to restricted content. CSI Computer Crime and Security Survey report for the year 2010-2011 stated that almost half of the respondents had experienced a security incident, with 45.6% of them reporting that they had been subject of at least one targeted attack. Merely trying to prevent infiltration on a technical level and ignoring the physical-social level, cent percent security can never be achieved. Couple of examples can be the scenes from Hackers which shows Dumpster diving in the target company's trash in order to obtain financial data from printouts and the scene from War Games where Matthew Broderick's character studied his target before attempting to crack the password of the military computer system. 'Social Engineering' is a threat that is overlooked in most of the organizations but can easily be exploited as it takes advantage of human psychology rather than the technical barricades that surrounds the complete system. Below is a classic example of this: A person receives an e-mail on his official mailbox saying that his computer has been infected with a virus. The message provides a link and suggests that he downloads and installs the tool from the link to eliminate the virus from his computer. The person in a state of confusion clicks on the link to remove the virus from his computer but unwittingly giving a hacker an easy entrance into his corporate network. To ensure complete security of an organization from all kinds of internal and external factors, the security consultant must have complete knowledge of the Social Engineering cycle, the techniques that can be used by an attacker and the counter-measures to reduce the likelihood of success of the attack. In this paper we are going to take you through the various phases so as to understand what is Social Engineering, Social Engineering Lifecycle, the various Techniques used in Social Engineering attack with detailed examples and then finally conclude with the counter-measures to protect against each of the Social Engineering attack techniques. Download: http://www.exploit-db.com/download_pdf/18135

Uhuuu, poate fi foarte util. Felicitari.

A fost totul foarte organizat. Am stat asezati in sensul intereselor comune astfel inca discutiile sa fie cursive si sa ne atraga. Nu va lasati inselati de aparente, in halbe se afla RedBull si sticlele sunt de suc, nu era moral sa consumam bauturi alcoolica. De asemenea am discutat cu cei de la bar si am ascultat doar muzica clasica si opera. Totul a mers conform planului. Am inceput sa discutam despre probleme de securitate pe partea de Web, de la partea de client-side la server-side. Apoi am luat in considerare limbajele de scripting pentru Web punand accentul pe punctele forte ale fiecarui sistem. Nu am uitat desigur partea de administrare de server si am adus in discutie avantaje si dezavantaje pentru diverse sisteme de operare, web servere si sisteme de gestiuni a bazelor de date. Ulterior am trecut la partea de Desktop la discutii mai complicate despre Race Condition-uri si am ajuns la idei complexe de a descoperi si exploata Local root privilege escalation exploit-uri pe ultima versiune de kernel. Desigur, am avut laptop-uri si ideile erau testate si dezbatute la rece. Toata lumea a avut laptop si a fost ca un laborator in care am invatat unii de la ceilalti. La ora 21:00, cand se apropia ora noastra de culcare am decis ca trebuie sa plecam sa nu avem probleme cu parintii. A fost un mediu placut, pur tehnic in care am legat prietenii. Am dreptate? @Cei care au fost

Sa vedem ce-o sa iasa

Heap overflow exploit and understanding Khalil Ezhani Senator.of.Pirates @ gmail.com http://www.facebook.com/SenatorofPirates Not all buffers are allocated on the stack. Often an application doesn't know how big to make certain buffers until it is running. The heap is used by applications to dynamically allocate buffers of varying sizes. These buffers are susceptible to overflows if user-supplied data isn't checked, leading to a compromise through an attacker overwriting other values on the heap. Where the details of stack overflow exploitation rely on the specifics of hardware architecture, heap overflows are reliant on the way certain operating systems and libraries manage heap memory. Here I restrict the discussion of heap overflows to a specific environment: a Linux system running on an Intel x86 platform, using the default GNU libc heap implementation (based on Doug Lea's dlmalloc). While this situation is specific, the techniques I discuss apply to other systems, including Solaris and Windows. Heap overflows can result in compromises of both sensitive data (overwriting filenames and other variables on the heap) and logical program flow (through heap control structure and function pointer modification). I discuss the threat of compromising logical program flow here, along with a conceptual explanation and diagrams. Download: http://www.exploit-db.com/download_pdf/18133

Reverse Engineering 101 ( Using Ida To Break Password Protections ) Description: This video is the second in the Reverse Engineering 101 series. I would encourage you to view the first video on finding hidden passwords in binaries using a hex editor. In this video we will use the IDA Pro tool to dissect a binary file and see how to crack a basic password protection.Please download an evaluation copy of IDA here. Also, please download binary of the program to be disassembled in this reverse engineering exercise from here. We will use the code from the previous video in this example. Lets look at the program: ------------Code Starts ------------------ #include <stdio.h> #include <stdlib.h> #include <string.h> #define password "FindMeIfYouCan" int main(int argc, char *argv[]) { char pass[100]; printf("Please enter your password\n\n"); scanf("%s", pass); if ( strcmp(pass, password) == 0 ) { printf("Congrats!! Correct Pass\n\n"); } else { printf("Wrong Pass\n\n"); } system("PAUSE"); return 0; } -------------------------------- Code Ends --------------------- The user entered password is stored in the variable "pass", while the program password is held in "password". The entire protection mechanism in the above program depends on the "srtcmp" function(). If the passwords match, strcmp() returns a "0". The the "If" statement does a comparison to check if "0" was returned. If True, then the user is allowed access, else the user is denied access. well how do we reverse engineer this program? well what if somehow we could have "0" placed in the output of the strcmp() operation, so that the If statement yields a "True"? In order to understand how we can accomplish this we need to dive into the assembly language equivalent of the code above. You can watch how its done in the video below. If you are noob to Assembly and would me to create an "Assembly Language Primer to begin Reverse Engineering", please raise a request using the "Feedback" button to the left of the page. Video: http://www.securitytube.net/video/128

Nu mai spuneti ca desenele de azi sunt violente, si in trecut erau: - Goku se bate toata ziua cu toate specimenele - Pokemonii simpatici se lupta intre ei pana mor - Fetitele Powerpuff se lupta cu toti monstrii pentru a salva Townsville Ce-i drept, nu erau prea violente: - Ce-i cu Andy - Viata cu Louie - Copii de la 402 Dar erau desene violente si in trecut.

Am ales si un nume. Problema e ca nu prea aveam de ales, oricum nu cred ca e foarte important. Pagina: http://www.facebook.com/rstforum

Kernel Hacking & Anti-forensics: Evading Memory Analysis RODRIGO RUBIRA BRANCO (BSDAEMON) FILIPE ALCARDE BALESTRA This article is intended to explain, why a forensic analysis in a live system may not be recommended and why the image of that system can trigger an advanced anti-forensic-capable rootkit. Since, most of the operating systems have the same approach in this regard, most examples covered here in Linux can be applied to similar situations in other operating systems too. An overview of the kernel internals and the structure and working of x86 architecture will also be given, along with the differences between other architectures. Introduction A lot of tools [5] have been developed to analyze a live system in order to detect an intrusion (like installed rootkits [7]). This article tries to explain some presentations [8] that showed problems in this existent model, explaining the risks of this act and when can it be accepted. Dowbload: http://www.kernelhacking.com/rodrigo/docs/AntiForense.pdf

Taking the mystery out of 64-bit Windows If you’re shopping for a new computer, chances are you already have enough to consider without wondering whether you should buy a computer with a 32-bit or 64-bit version of Windows 7. There’s no need to fret. For most people, there’s little reason to think about this choice when you’re making your next computer purchase. That’s good, since many people don’t understand the difference between a PC running a 32-bit or 64-bit version of Windows, and the version they choose won’t make a big difference in most cases. Some power users prefer a 64-bit version of Windows. There’s no mystery there. A computer with a 64-bit version of Windows can use more memory—4 GB (gigabytes) or more—than a PC with a 32-bit version of Windows, which is limited to about 3.5 GB or less. (Even if a PC comes with 4 GB or more of memory installed, a 32-bit version of Windows can only use about 3.5 GB of that memory.) With more memory, you can keep more files and programs open at once without slowing down your computer. But having more than 3.5 GB available usually won’t matter unless you really keep a lot of things open at once (more on that later). You can check System in Control Panel to see if your PC is running a 32-bit or 64-bit version of Windows. Real world differences versus spec sheet differences Because prices have fallen so much in recent years, many new computers now come with 4 GB of memory—even budget models. A lot of manufacturers have started installing a 64-bit version of Windows on their PCs by default to make sure buyers are able to use all of the memory they paid for. Some are even shipping all of their new computers with a 64-bit version of Windows, and doing so even though it’s difficult to tell the difference between a PC using 4 GB and 3.5 GB of memory. In actual everyday use, most people probably wouldn’t notice a difference between a computer using 3 GB of memory and one using 6 GB. So who might notice the difference? Well, if you’ve ever known anyone who keeps a couple dozen e-mail messages, a dozen programs, and a half dozen other items all open at the same time—while playing videos—then you get the idea. Having more than 4 GB of memory available can make your computer more responsive if you like to keep everything running at once and rarely close anything. Serious PC game players might also be interested in a PC running a 64-bit version of Windows. Games are some of the most hardware-intensive programs you can run on any computer, with their rich graphics, sound, and interaction capabilities. The 64-bit version of Windows 7 Ultimate, Enterprise, and Professional editions can all use up to 192 GB of memory (far more than even a power user would typically need), making them ideal for specialized computing tasks that require enormous amounts of memory, such as rendering 3D graphics. Most of the performance gain in computers running a 64-bit version of Windows comes from this added memory, combined with a powerful 64-bit processor able to use that extra memory. But for most people who just keep a few programs running at a time, 4 GB or more of memory offers no tangible benefit over a computer with 2 GB of memory and a 32-bit version of Windows. Note Server computers—such as computers used to run websites or large corporate networks—can especially benefit from more memory. But they have their own powerful operating system—Windows Server—which also comes in a 64-bit version and can use even more memory than Windows 7. 32-bit versus 64-bit processors So what do you need to run a 64-bit version of Windows? That’s no mystery either. You need a computer with a 64-bit processor (also called an x64 processor, or CPU). It’s not obvious from the names of most processors if they are 64-bit or 32-bit. If you want to know, you can check with the manufacturer or with the store selling the computer. If you’re buying a new computer with Windows 7, it will most likely come with a 64-bit processor, although perhaps not a 64-bit version of Windows 7. This is where it gets a little confusing. Computers with a 64-bit processor can run either a 32-bit or 64-bit version of Windows just fine. So it doesn’t matter too much which version of Windows you install on most PCs with a 64-bit processor—unless you want to be able to use more than 3.5 GB of memory. To find out if your current PC is capable of running a 64-bit version of Windows, download and install the Windows 7 Upgrade Advisor from the Windows 7 Upgrade Advisor webpage. This program will analyze your computer, create a report telling you if your PC can run Windows 7, and list any known compatibility issues, including whether you can run the 64-bit version of Windows 7. For more information, see 32-bit and 64-bit Windows: frequently asked questions. Get a 64-bit version of Windows with a new computer There’s no mystery when it comes to upgrading to a 64-bit version of Windows. You can’t upgrade from a 32-bit version of Windows to a 64-bit version. To install a 64-bit version of Windows on a computer already running a 32-bit version, you have to do a clean installation, which formats your hard drive and erases all of your files and programs. That’s why most people who get a 64-bit version of Windows do so when they buy a new computer. (If you do plan to install a 64-bit version of Windows on a computer running a 32-bit version, be sure to back up all your files and other information first. You'll also have to manually reinstall your programs.) What about cost? Are 64-bit processors more expensive than 32-bit processors? Not typically these days, although they used to be, and you can certainly find some computers with a 64-bit processor that are more expensive. The most common reason for this is the extra memory. If a computer with a 64-bit processor comes with more memory, it might cost a little more than a computer with a 32-bit processor that has less memory. Windows doesn't add a cost factor, since the 32-bit and 64-bit versions of Windows both cost the same. How to tell if you're running a 32-bit or 64-bit version of Windows What if you’re not shopping for a new PC and want to know if your computer is running a 64-bit or 32-bit version of Windows? Since both versions look identical, you need to know where to look. The easiest way to tell is to check System in Control Panel. To do so, click the Start button Picture of the Start button, click Control Panel, type System in the search box, and then click System. Under System, next to System type, you can see if your PC is running a 32-bit or 64-bit operating system. 32-bit versus 64-bit drivers and programs If you’re running a 64-bit version of Windows, your computer needs a 64-bit driver for every piece of hardware installed on your PC or connected to it. For example, if you're trying to install a printer that only has a 32-bit driver available, it won't install in a 64-bit version of Windows. But the good news is there are tens of thousands of devices available today with 64-bit drivers, which Windows can automatically find and install for you. For hardware makers to earn a "Compatible with Windows 7" logo, their hardware must have drivers for both 32-bit and 64-bit versions of Windows. If you see this logo, you don’t have to wonder if the hardware is going to work with the 64-bit version of Windows. Unlike drivers, most programs designed for a computer running a 32-bit version of Windows will run fine on a computer running a 64-bit version of Windows. (Notable exceptions are antivirus programs.) However, most programs designed specifically for a 64-bit version of Windows will often run faster, especially if they involve intensive tasks such as editing high-definition video or operating a large database. You can check the availability of 64-bit drivers and programs online at the new Windows 7 Compatibility Center. This can be useful if you’re considering buying a new printer, for example, and want to be sure a 64-bit driver is available before you buy it—or if you want to find out if there are 64-bit versions of your favorite programs. The Windows Vista Compatibility Center also lists the availability of 64-bit drivers for thousands of hardware products, and tells you whether there are 64-bit versions available for thousands of programs. There are other considerations when installing hardware and programs in a 64-bit version of Windows. For more information, see Understanding hardware and software for 64-bit versions of Windows. Mystery solved Now that we’ve solved the mystery of 64-bit Windows, you can see that 64-bit computing never really was much of a mystery in the first place. Nor does it have to be a dilemma for most computer users. Whether you already have a PC with 64-bit processor or are thinking of buying one, the key is choosing the right version of Windows for the way you work or play. In most cases, it won’t matter if that’s a 32-bit or 64-bit version. Sursa: http://windows.microsoft.com/en-US/windows7/taking-the-mystery-out-of-64-bit-windows

PHP Vulnerability Hunter 1.1.4.6 Authored by AutoSec Tools | Site autosectools.com PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities. Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory. Download: http://packetstormsecurity.org/files/download/107074/phpvh1.1.4.6.zip

World's stealthiest rootkit pushes DNS hijacking trojan DNS Changer dropped by TDSS By Dan Goodin Posted in Malware, 14th November 2011 21:49 GMT One of the world's most advanced pieces of malware is being used to spread DNS Changer, a trojan at the heart of a massive click fraud scheme that has already hijacked 4 million PCs, security researchers said. Just a few days after federal prosecutors in the US shuttered the international conspiracy, researchers from Dell SecureWorks said they discovered DNS Changer is being spread by TDSS. The rootkit, as previously reported, is among the hardest to detect and remove and is often used as a means to install keyloggers, tools for attacking websites, and other malware. Once installed, DNS Changer is able to alter the DNS, or domain name system, settings that computers and routers use to find the IP numbers that correspond to domain names such as theregister.co.uk and google.com. By replacing legitimate DNS servers with servers under the control of the attackers, they are able to send victims to fraudulent websites instead of the destinations the victims intended to visit. Last week, seven people from Estonia and Russia were criminally charged in a scam that for more than five years used DNS Charger to generate more than $14 million in profit. They racked up the windfall by redirecting victims to imposter websites that paid advertising fees to the attackers each time they were clicked on. The scheme preyed on users of computers running Microsoft Windows and Apple OS X operating systems. DNS Changer is also able to change DNS configuration settings in certain routers, particularly when they use default usernames and passwords. The ability of TDSS to evade antivirus protection and other security software is well documented. The rootkit, which is also known as TDL4 and Aleureon, is among the world's most advanced, with the ability to infect 64-bit versions of Windows, infect a computer's master boot record, and communicate over the Kad peer-to-peer network. It's newest payload means that victims now have an easy way to tell if they are infected. "The real danger of a DNS Changer infection is that it is an indicator that your system is infected with a larger malware cocktail with malware such as Rogue AV, Zeus Banking Trojan, Spam Bot, etc." an emailed report from Dell SecureWorks stated. "Controlling DNS literally gives an attacker complete access to a system." End users who want to know if their systems are infected should check the DNS server settings of their operating system and routers. Compromised systems will show server IP addresses within the following ranges: 85.255.112.0 through 85.255.127.255 67.210.0.0 through 67.210.15.255 93.188.160.0 through 93.188.167.255 77.67.83.0 through 77.67.83.255 213.109.64.0 through 213.109.79.255 64.28.176.0 through 64.28.191.255 To check DNS settings on Windows open a command prompt and type "ipconfig /all" and then check the DNS Server field. On a Mac, choose System Preferences and then select Network. Then click on the Advanced button of the active connection. Users may also want to check the DNS servers used by their router. FBI officials said 4 million PCs were infected by the DNS Changer used in the operation that was shut down last week. The Dell SecureWorks report said researchers aren't sure if that number is accurate. Researchers monitoring the command and control servers used in the attack are seeing about 600,000 unique IP addresses connect per day. Sursa: World's stealthiest rootkit pushes DNS hijacking trojan ? The Register

Introduction to Linux Kernel 2.6 How to write a Rootkit Maurice Leclaire TumFUG Linux / Unix get-together January 19, 2011 Why hacking the kernel? I Understanding the Linux kernel I Fixing bugs I Adding special features I Writing drivers for special hardware I Writing rootkits Download: http://info.fs.tum.de/images/2/21/2011-01-19-kernel-hacking.pdf

Jason Warner Interview About Ubuntu 12.04 Desktop Marius Nestor - Softpedia During the Ubuntu Development Summit for Ubuntu 12.04 LTS, Jason Warner, Ubuntu Desktop Manager at Canonical, gave an interview to Amber Graner, an Ubuntu contributor involved in the community since February 2009. In the interview, Jason Warner talks about the desktop interface in the upcoming Ubuntu 12.04 LTS (Precise Pangolin) and what users should expect from it. Jason Warner says that users will find a more tweaked and bug free Unity interface in Ubuntu 12.04 LTS, as well as an overall quality and very stable release. In the 5 minutes interview, Jason Warner was also asked about his team, user feedback and contributons, and the next Long Term Support release, Ubuntu 14.04 LTS. You can watch the entire, 5 minutes and 13 seconds long, interview with Jason Warner, Ubuntu Desktop Manager at Canonical, right here on this page, at the top. Enjoy! Video: http://www.youtube.com/watch?v=o1SgMKZ7T9Q&feature=player_embedded#! Sursa: Jason Warner Interview About Ubuntu 12.04 Desktop - Softpedia