Nytro

Oare sunt singurul pentru care toate astea sunt miste mizerii inutile? Cu extrem de mici exceptii ar putea fi foarte putin utile. In rest, nu vad nicio valoare in asa ceva si nu inteleg de ce se agita lumea cand vine vorba de asta. PS: Am intrebat de curiozitate o persoana cu experienta referitoare la utilitatea acestor "chestii", persoana care cumva le "promova" si nu m-a convins absolut deloc ca ar avea vreun avantaj. PS: Stiu ca toata lumea zice ca astfel poti face bypass la AV sau EDR. Daca exista vreun AV sau EDR atat de retardat incat sa folosesti certutil sa descarci un binar detectabil si sa il executi iar el sa nu se prinda doar pentru ca este rulat de catre certutil, porcariile alea nu sunt AV sau EDR, trebuie dezinstalate instant si trimis mail cu injuraturi autohtone catre gunoierii care le-au facut.

Da, Dragos are dreptate, alegeti domeniul in care veti lucra gandindu-va la viitor. Eu cand am inceput sa lucrez pe security mi s-a spus: "este prea nisat, nu o sa gasesti usor de munca etc.". Dar in sinea mea ma gandeam ca domeniul este mult mai dezvoltat in alte tari si ca o sa se dezvolte si la noi. In prezent lucrez la o firma in care am incredere referitor la viitor. Decizia de a lucra aici a fost luata in buna parte gandindu-ma la ce face firma si ce succes poate avea. Si are. Da, multe companii trec pe Cloud pentru ca desi e mai scump ii scuteste de multe probleme: angajati, management, probleme care pot sa apara etc. Si Identity Management e ceva de viitor, ma gandesc doar la faptul ca firmele nu or sa stea sa isi implementeze singure aceste servicii, mai ales ca sunt critice si trebuie sa aiba grija extrem de serios de partea de securitate. Mai simplu, dau bani unei firme care deja face asta si cu siguranta o face mai bine decat o pot face ei. Si mai rapid, adica pe loc, doar trebuie semnat un contract.

Daca nu ai 2-3 ani experienta nu cred ca o sa iti dea vreo firma banii aia (la 0-1 an experienta ma refer). Salariu net. In Romania. Depinde si ce inseamna "Junior" ca sunt perceptii diferite. Unele companii vad in Junior pe cineva cu pana la un an experienta, altii asa: - 0-3 ani - Junior - 3-6 ani - Middle level - 6-10 ani - Senior - 10+ - Arhitect (sau altceva) Eu sunt de acord cu aceasta organizare, dar consider ca la salariu trebuie sa fie diferente intre cineva cu 1 an sau 3 ani experienta de exemplu. Dar de la firma la firma difera multe lucruri. Eu la primul meu job pe security am fost din start Senior, ca sa fiu incadrat in grila de salarizare. Bine, acum sa fim seriosi, la valoarea si farmecul meu nici nu se putea altfel (N.B. Stiam deja multe lucruri de security si eram in stare sa fac un pentest OK din prima zi). Si ca tot veni vorba, a fost foarte importanta echipa. In acel moment aveam doar un coleg dar de la care am invatat extrem de multe (mersi Adi! ). Cat despre in afara, am avut o oferta de la o firma din UK. Era net salariul 2500 lire + 500 lire bonus (in functie de anumite criterii). Si aveam ceva experienta. Dar sediul era in zona 8 adica "la tara", la periferia Londrei. Si acolo, un apartament cu 2 camere era cam 1200 de lire pe luna, asta daca nu voiai sa stai cu niste refugiati in ghetouri. Acolo, la marginea orasului. Ulterior am inteles ca e foarte important daca esti britanic sau daca esti imigrant, ca se tine cont de asta la salariu. E de gandit cand decizi daca sa mergi la un job sau nu, peste tot exista avantaje si dezavantaje. Eu luam o foaie si un fix si faceam tabele de comparatie cu avantaje si dezavantaje, atat pe termen scurt cat si pe termen lung (inclusiv salariul, locatia biroului, colegii, proiectele). Ca alt exemplu, la un moment dat am avut 2 oferte: pe security sau pe C++, acelasi salariu. Dar am decis security gandindu-ma la ce imi place sa fac (desi sediul era si este la mama dracu )

Ca tot s-a vorbit de Java, da, si eu stiu ca e bine platit. Dar desigur, la "foarte senior", arhitect sau mai stiu eu ce. Cam mult 7K totusi pentru Romania (net banuiesc). Insa e ceva ce se cauta si se plateste bine si mai pe la inceput, cerere mare.

Salut, daca vrei sa lucrezi pe viitor in domeniul security, cauta-ti de la inceput un job pe latura asta. In prezent apar din ce in ce mai multe job-uri si in acest domeniu in Romania. Incearca sa gasesti ceva platit, chiar daca pe salariu nu foarte mare. Pana la urma nu faci voluntariat la companii care fac milioane de dolari.

Cand m-am angajat eu pe 1600 RON am cautat ceva si stiam bine mai multe limbaje de programare cu proiecte in portofoliu. Si mai stiam si lucruri de security, pe langa ceva networking, Linux si altele (mi-a placut sa invat citind carti, inca imi place asta). Am aplicat la vreo 80 de firme si am fost la vreo 10-15 interviuri. Nu a fost deloc usor, cum ma asteptam si ma asteptam si la mai mult din punct de vedere financiar din cauza unor povesti auzite, dar realitatea m-a lovit. Insa am prins intr-un loc foarte OK pe ceea ce imi placea (pe langa security) la acel moment: C/C++ (nu existau job-uri pe security atunci, sau nu stiam eu de ele). Ce vreau eu sa fac zicandu-va aceste lucruri e sa va aduc cu picioarele pe pamant. Ca va duceti la interviuri, cereti 2000 de EUR si rad aia de voi. Chiar daca ati invatat ceva prin facultate, nu e atat de util in practica cum v-ati astepta. Security nu se face in facultate, deci un maxim 10-15% utilitate in faptul ca aveti o diploma. Daca mergeti pe programare nu veti stii decat limbajul si maxim ati avea 2-3 proiectele care nu se compara cu proiectele Enterprise cu tone de framework-uri si module care se leaga intre ele. Altfel spus, pentru angajatori, fara experienta, valoarea nu este extrem de mare si de aceea nici nu pot da salarii foarte mari din prima. Veti creste treptat, mai rapid la inceput si mai greu ulterior, dar aveti nevoie de rabdare. Legat de salariu, ganditi-va asa: daca ati fi angajatori si ar veni o persoana ca voi la interviu ce salariu i-ati da? Cred ca mai important decat salariul de inceput sunt alte lucruri: sa te asiguri ca ai colegi OK si ca poti invata de la ei. Sa te asiguri ca e interesant ce face firma ca sa nu lucrezi cu scarba. Sa te asiguri ca proiectele sunt frumoase si ca lucrand la ele vei invata multe lucruri. Si sa va ganditi foarte bine cand alegeti domeniul: ai ales Java? Probabil o sa mergi pe Java toata viata (desi nu e tocmai obligatoriu, va fi destul de greu sa faceti pe viitor o schimbare, mai ales din punct de vedere financiar).

Salut si felicitari! In primul rand invata ceea ce ai nevoie la internship. O sa te ajute acolo si probabil te pot ajuta mult colegii. Apoi, sfatul meu general e sa inveti cate putin din fiecare: Windows, Linux, Programare, Networking (inclusiv protocoale, in special HTTP), putina criptografie, mobile si SQL nu strica desigur. Abia ulterior poti invata despre atacuri, vulerabilitati si mai stiu eu ce cand ai deja bazele si intelegi cum functioneaza lucrurile.

Nu cred ca mai este atat de relevant cati ani de studiu are cineva ca nu se invata mare lucru in facultate. Ca salariu minim nu va luati de pe mizeriile pe care le auziti la TV ca 2000 de EUR sau mai stiu eu ce. Eu am inceput cu 1600 RON si aveam destule chestii pe CV. Un 2000-2500 RON as zice ca e ok pentru inceput in RO, avantajul fiind ca in primii ani poate creste repede. Poti prinde si mai bine dar e posibil sa nu ai mariri prea dese sau prea mari. Si e posibil ca din cauza cererii unui salariu mai mare sa nu ajungi sa lucrezi undeva unde sa iti placa.

Sunt lucruri diferite, pfSense (firewall) si OpenWRT (router OS). De OPNsense nici nu am auzit, sincer.

Pare interesanta inventia: https://www.powercanister.com/ro/# Insa nu cred ca este aplicabila in mining. Nu cred ca produce prea multa energie. De fapt in general, orice sursa de energie ar fi, nu cred ca merita. Doar daca nu cumva iti faci un imens platou pentru energie solara.

Romanian Cyber Security Challenge (ROCSC) is an yearly CTF event organised in Romania to reward local best talents in cyber security, available for juniors (16-20 yo) & seniors (21-25 yo). At this stage can participate: For prizes: the 31 contestants who won the qualification phase For fun: anyone interested to sharpen their cyber skills. The best competitors of the national competition will have the opportunity to join other young cyber talents from 20 countries (EU Member States and EFTA countries) to represent Team Europe at the International Cyber Security Challenge in 2021. They have to prove their abilities in web and mobile security, crypto puzzles, reverse engineering, forensics and escape room. Format: Jeopardy Play format: Individual Genres: Crypto, Pwning, Reversing, Web, Miscellaneous … Language: English Access: Available for everybody, prizes only for the finalists of ECSC 2020 RO Qualification Phase. Difficulty: Medium - Hard Website: CyberSecurityChallenge.ro The event is organised by SRI, CERT-RO, ANSSI with the support of Orange Romania, Bit Sentinel, CertSIGN, Cisco. The challenges are provided by Bit Sentinel and CertSIGN. Sursa: https://rocsc20.cyberedu.ro/

Da, tot ce face util e ce a postat gigiRoman. In rest e o porcarie. Foloseste wmiexec si smbclient sa trimita screenshot? Mai bine luati acea bucata de cod si o folositi in orice alt mod.

Super, era nevoie de asa ceva. Toate mizeriile astea care vin cu acces la Internet sunt scrise cu picioarele.

Eu cunosc personal din ce in ce mai multe cazuri si nu e de joaca... Cred ca ar fi necesara o carantina de 2-3 saptamani sa se linisteasca apele. Sincer.

Salut, foarte pe scurt, nu se poate. Iti dai seama cum ar fi daca s-ar putea?

Call for papers e deschis. Daca e cineva interesat sa prezinte, astept un PM si putem discuta, va putem ajuta. Mi-ar placea sa prezinte, cel putin la prima editie, persoane de pe forum. Nu trebuie sa fie ceva rocket science, trebuie doar sa fie ceva tehnic, interesant si mai ales util pentru ceilalti. Detalii pentru a aplica: https://rstcon.com/cfp/ - toti urmam acest proces, inclusiv eu care voi tine prezentarea de introducere la conferinta.

CONCURS NAȚIONAL DE INFOSEC ÎȚI PLACE SECURITATEA CIBERNETICĂ? Dezvoltă-ți aptitudinile și cunoștințele de securitate cibernetică INSCRIE-TE! COMPETIȚIE NAȚIONALĂ DE ETHICAL HACKING PENTRU TINERI UNbreakable România este o inițiativă națională ce include organizarea de concursuri și activități practice de securitate cibernetică cu scopul de a încuraja tineri să aleagă o carieră în acest domeniu. Într-un mediu din ce în ce mai digitalizat, avem nevoie de tineri talentați în securitate cibernetică să facă față cu brio provocărilor venite din partea atacatorilor. CITEȘTE MAI MULT FIECARE ETAPĂ, ALTE PROVOCĂRI ALEGE SĂ FII LIDER Fiecare etapă de concurs va pune la încercare atât aptitudinile tehnice ofensive cât și defensive prin numeroase exerciții practice inspirate din viața reală. Scenariile vor conține vulnerabilități și incidente de securitate întâmpinate de companii cunoscute la nivel global. FIECARE ETAPĂ, ALTE PROVOCĂRI ALEGE SĂ FACI DIFERENȚA Nivelul de pregătire cât și motivația fiecărui participant va face clasamentul atractiv pentru lideri. Vor fi momente în care gândirea creativă și perseverența va aduce în top adversari de temut dar și alți participanți de care poate nu ai știut până în acel moment. Sursa: https://unbreakable.ro/

Vom publica detalii pe masura ce apar atat aici pe forum cat si pe site-ul conferintei: https://rstcon.com Evenimentul e mai mult ca reminder.

Am facut si event pe Facebook: https://www.facebook.com/events/326165868478475/

Partea mai complicata nu e cea in care se scrie un programel care face asta, ci aflarea unei metode simple de schimbare. Daca e vorba de outlook.com de exemplu, trebuie vazut cum se poate face login (sa nu fie vorba de un captcha acolo) cum se pastreaza sesiunea si ce request e necesar pentru schimbarea pozei. Daca se stiu aceste lucruri se poate face in 2 linii de bash cu curl si grep.

Stiu ca foloseam un tool (cred ca Secure CRT) pentru conectare pe portul serial si acces la shell astfel de dispozitive embedded, insa nu stiu cum s-ar putea face asta prin USB. Pentru portul serial vad ca exista si tool-uri pentru forwarding: http://www.serial-port-redirector.com/ dar la fel, nu stiu care e faza cu USB. Inteleg, nu prea mai gasesti nimic cu port serial direct. Da chiar, acel convertor USB nu expune portul acela ca fiind tot serial? Ma gandesc ca poate are un driver care emuleaza portul serial.

Lucram la CTF! Intre timp, asteptam propunerile de prezentari.

In general multe probleme apar de la concatenari de stringuri care ulterior sunt folosite in diverse actiuni, gen SQL query sau trimis intr-un request HTTP. E posibil sa se discute despre asta la RST Con

Security capabilities in Azure Kubernetes Service on Azure Stack HCI Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) is an on-premises implementation of the popular Azure Kubernetes Service (AKS) orchestrator, which automates running containerized applications at scale. AKS on Azure Stack HCI enables developers and admins to deploy and manage Linux and Windows containerized apps on Azure Stack HCI. With AKS-HCI, enterprises can take advantage of consistent AKS experience across cloud and on-premises environments, extend to Azure with hybrid capabilities, run apps with confidence through built-in security, and use familiar tools to modernize Windows apps. For a more detailed overview of AKS-HCI capabilities, refer to this blog. One of the core strengths of AKS-HCI is using security-first approach. At Microsoft, we believe that leading with strong security posture is table stakes for an enterprise-grade offering. Our security roadmap is comprehensive, starting with a mindset of placing strong protection guardrails and bolstering that with industry-hardened threat detection, and remediation and recovery. The protection-related hardening is built into AKS-HCI. To bring threat detection and remediation, and we integrate with security management systems such as Azure Security Center. Figure 1. Securing AKS-HCI Deployment In this blog, we will describe the security capabilities in AKS-HCI. These security features are not available in the current public preview version, but these and more will be released in the lead-up to general availability. Secure image baseline and container protection Microsoft provides a secure baseline for Windows and Linux container host images and services the updates of those images to maintain consistency and standards. Figure 2. AKS-HCI implemented with hypervisor isolation AKS-HCI is designed such that every layer is secure. The container host is deployed as a virtual machine. Each tenant cluster runs on its dedicated set of container hosts and uses the same strong Hyper-V-based isolation used in Azure which provides the strong kernel isolation among the container hosts. In addition, AKS-HCI has multiple layers of protection built in. The first cluster to be bootstrapped is the management cluster, which is then used to bootstrap other tenant clusters. The container pods are run within Hyper-V virtual machines, enforcing strong isolation guarantees wherein the impact of a compromised container or pod is contained within the Hyper-V VM itself. Identity and access management (IAM) AKS-HCI integrates with Active Directory (AD), providing strong identity and facilitating seamless single sign-on (SSO) to manage the AKS-HCI environment and deploy the container workloads. Additionally, there is provision for Windows containerized application workloads to be bootstrapped with group Managed Service Account (gMSA) identity. gMSA is an AD-managed service account for which the passwords are automatically rotated. Secure communication and secrets Management Communication between the control plane components is protected by Transport Layer Security (TLS). AKS-HCI comes with zero-touch, out-of-the-box provisioning, and management of certificates for the infrastructure and Kubernetes built-in components. Additionally, the Kubernetes secrets are encrypted at rest using strong Advanced Encryption Standard (AES), with the ability to rotate the key encryption keys (KEK). Integration with Azure security assets AKS-HCI is integrated into the Microsoft security ecosystem, which allows extending Azure security constructs such as Azure Container Registry and Azure policies. In the future, integration with Azure assets like Azure Security Center will provide customers the ability to monitor for threats and offer pre- and post-runtime security assessments for both the infrastructure fabric and the Kubernetes cluster. This helps in monitoring for threats and keeping a strong security posture. Join us in this journey Security is a journey, not a destination. These are just some of the security features that we are working on and making generally available (GA) soon. AKS-HCI is going to be continually updated like a service. We will add more security features and continue to further harden the platform. Join us in this journey: we would love to hear feedback, experience, and insights on security. Be part of discussions in our Github repository. rahulverma Microsoft Sursa: https://techcommunity.microsoft.com/t5/azure-stack-blog/security-capabilities-in-azure-kubernetes-service-on-azure-stack/ba-p/1705759

Code Review 101 How to perform source code review to find vulnerabilities in web applications. Reviewing code is probably the best way to find vulnerabilities in a web application. It’s a lot faster than black-box testing, and it helps you learn how to program safely in the future by observing the mistakes of others. If you are interested in open-source software, auditing code is also a great way to get involved in the open-source community and help secure the tools you love. Here are a few tricks I’ve learned along the way to audit source code more effectively. Let me know if you have any additional tips for conducting source code reviews. How to look for bugsPermalink There are several ways to go about hunting for vulnerabilities in source code. Depending on how thorough you want to be, here are some approaches that you could take. The “I’ll take what I can get”Permalink The “I’ll take what I can get” approach works great if you don’t need extensive test coverage. This could be because you have very limited time to audit the application, or because you’re a bug bounty hunter who wants to maximize your bugs to time ROI. These techniques are fast and often leads to the discovery of some of the most severe vulnerabilities. Use Grep You can grep for specific functions, strings, keywords and coding patterns that are known to be dangerous. Examples include input() in Python and eval() in PHP. This is the quickest approach and can often lead to critical findings. Focus on the search for dangerous functions used on user-controlled data, as well as hardcoded credentials. 2. Recent fixes and patches You can also take a look at the most recent code fixes and security patches. Recent code change has not stood the test of time and is more likely to have bugs. Look at the protection mechanisms implemented and see if you can bypass them. Search for the program’s dependencies and see if any of them are outdated. The “Bug Spray”Permalink If you have more time, you can complement the above techniques with a more extensive source code review. However, instead of reading the entire code base line-by-line, here are a few strategies that you can take to maximize your efficiency. Important functions first When reading source code, focus on important functions such as authentication, password reset, state-changing actions and sensitive info reads. (What is the most important would depend on the application.) Then, review how these components interact with other functionality. Finally, audit other less sensitive parts of the application. 2. Follow user input Another approach is to follow the code that processes user input. User input such as HTTP request parameters, HTTP headers, HTTP request paths, database entries, file reads, and file uploads provide the entry points for attackers to exploit the application’s vulnerabilities. This can help find common vulnerabilities such as stored-XSS, SQL injections, shell uploads, and XXEs. Focusing on areas of code that deals with user input will provide a good starting point for reviewing where potential dangers might arise. Then, review how the user input gets processed, stored or transferred. Finally, see whether other parts of the application uses the previously processed user input. You might find that the same user input interacts differently with other components of the application. What to look forPermalink Now that we know how to look for bugs in source code, what exactly are we looking for? While a source code review can, potentially reveal most vulnerabilities hiding in an application, some are easier to find than others. In addition to looking for all common vulnerabilities that might be exploited by an attacker, you should also focus on bugs that are critical but hard to discover via other methods (like pen-testing or bug bounties). Hardcoded secrets and credentials: Hardcoded secrets such as API keys, encryption keys and database passwords can be easily discovered during a source code review. You can grep for keywords such as “key”, “secret”, “password”, “encrypt” or regex search for hex or base64 strings (depending on the key format in use). Use of dangerous functions and outdated dependencies: Unchecked use of dangerous functions and outdated dependencies are a huge source of bugs. Grep for specific functions for the language you are using and search through the dependency versions list to see if they are outdated. Developer comments, hidden debug functionalities, configuration files, and the .git directory: These are things that developers often forget about and they leave the application in a dangerous state. Developer comments can point out obvious programming mistakes, hidden debug functionalities often lead to privilege escalation, config files allow attackers to gather more information about your infrastructure and finally, an exposed .git directory allows attackers to reconstruct your source code. Hidden paths, deprecated endpoints, and endpoints in development: These are endpoints that users might not encounter when using the application normally. But if they work and they are discovered by an attacker, it can lead to vulnerabilities such as authentication bypass and sensitive information leak, depending on the exposed endpoint. Weak cryptography or hashing algorithms: This is an issue that is hard to find during a black-box test, but easy to spot when reviewing source code. Look for issues such as weak encryption keys, breakable encryption algorithms, and weak hashing algorithms. Grep for terms like ECB, MD4, and MD5. Missing security checks on user input and regex strength: Reviewing source code is a great way to find out what kind of security checks are missing. Read through the application’s documentation and test all the edge cases that you can think of. A great resource for what kind of edge cases that you should consider is PayloadsAllTheThings. Missing cookie flags: Look out for missing cookie flags such as httpOnly and secure. Unexpected behavior, conditionals, unnecessarily complex and verbose functions: Additionally, pay special attention to the application’s unexpected behavior, conditionals, and complex functions. These locations are where obscure bugs are often discovered. Sursa: https://vickieli.dev/hacking/code-review-101/