Jump to content

Nytro

Administrators
  • Posts

    18772
  • Joined

  • Last visited

  • Days Won

    729

Everything posted by Nytro

  1. Salut, toti cei mai batrani stim de Sub7 si stiam ca e facut de un roman, insa nu stiam ca e cineva zis "MobMan". Doar de curiozitate, de ce ai vrea sa dai de el?
  2. Hi, there are multiple tools for this, the most common one is this: https://github.com/FortyNorthSecurity/EyeWitness But I also found https://github.com/gen2brain/url2img and I know for sure there are other tools as well but I cannot remember their names.
  3. Daca sunt Windows, nu sunt si legate la un AD si nu e un WSUS pe acolo? Daca nu, e foarte posibil sa aiba ceva lucruri in comun, gen portul RDP deschis sau 137/445. Ar fi mai rapid decat o scanare de nmap cu -O. Ce poti face dupa, necesita cumva acces la toate acele masini, un cont de Administrator. Poti folosi psexec de exemplu (https://docs.microsoft.com/en-us/sysinternals/downloads/psexec) ca sa rulezi comanda de cmd de update, gen wuauclt.exe /updatenow
  4. Se mai fac si in Romania, stiu ca una dintre firme care investeste in asa ceva este Orange. https://www.orange.ro/newsroom/media-detaliu/primele-startup-uri-selectate-in-orange-fab-romania-programul-de-accelerare-al-grupului-orange-1013 Unul dintre exemple este Pentest-Tools, iar altul Dekeneas: https://www.orange.ro/newsroom/comunicat/inovatii-1/primele-startup-uri-selectate-in-orange-fab-romania-programul-de-accelerare-al-grupului-orange-1013 Dar sunt sigur ca daca cineva vine cu o idee buna, o implementare frumoasa si un plan de business care pe termen lung pare sa aduca profit, se vor gasi investitori.
  5. Eu am facut criptografie cu Atanasiu, poate fi util: - https://www.scribd.com/document/367468804/Atanasiu-Criptografie-Vol-1 - https://www.scribd.com/document/367470090/Atanasiu-Criptografie-Vol-2
  6. La 2 secunde dupa ce m-am uitat am vazut asta: Encryption can be done in three ways: Symmetric Asymmetric Hash Autorul "Serious Cryptography": https://aumasson.jp/talks.html
  7. Serious Cryptography
  8. Vad ca are mai multe versiuni de driver: V1, V2, V3: https://www.tp-link.com/us/support/download/archer-t4u/#Driver Vezi ca poate nu e versiunea ok: https://www.tp-link.com/ro/support/faq/46/
  9. Da, frumos bug si frumoasa exploatare.
  10. Nytro

    CV english template

    Asta e echivalentul a "hai sa ne dam parte in parte" in security @Vasile. warn pentru ca a inceput offtopic-ul. Cine se mai abate de la subiect, ban.
  11. Nu stiu daca ajuta: https://support.apple.com/en-us/HT201487
  12. Nytro

    CV english template

    Minte, @Zatarra merge la interviuri cu palaria rosie pe cap (RedHat https://www.google.com/search?q=redhat&source=lnms&tbm=isch) si e acceptat direct.
  13. Nytro

    CV english template

    CV-ul meu e facut random, de mine, nu de pe vreun template anume. De fapt chiar nu arata prea bine ca design, e urat. Nu il pot posta, dar majoritatea lucrurilor sunt publice. De fapt cam tot... Cel mai important lucru e experienta, am fiecare job la care am lucrat cu cateva detalii despre ce faceam acolo. Am o parte de skills in care pun tot felul de lucruri: web security, reverse engineering, limbaje de programare in care am lucrat si mai stiu eu ce, dar pun si lucruri gen certificari, prezentari la conferinte, blog-ul, Twitter sau Github. Pana acum am avut noroc, pe unde am fost ma stia lumea din prezentat pe la conferinte sau chiar Twitter.
  14. "Sistemul este la Administrația Străzilor, deja avem montate camere în câteva intersecții din Capitală. Sistemul are trei rețele neuronale, prima depistează tipul autovehiculului, a doua numărul de pe plăcuțele de înmatriculare, si în baza de date, prin OCR-izare, se scrie fiecare număr de înmatriculare depistat pe camere. Acest sistem transmite unui centralizator dacă are vinieta plătită, dacă are normă de poluare sub normele impuse și decide mai departe emiterea proceselor de sancțiune, trimiterea lor și urmărirea plății. Putem avea și contestații, noi avem și filmulețele cu probele. Nu avem abateri", a explicat acesta. Articol complet: http://mobile.hotnews.ro/stire/23582705 Cred ca va dati seama la ce ma refer
  15. Nytro

    Tema RST

    Da, asta e tema de o folosim pe forum. Poate la un update sau poate modificand ceva setari ajunsese temporar albastra.
  16. Nytro

    Tema RST

    Tema e verde de cand am dat drumul la forum, nu stiu, poate in timpul unui update sa se fi intamplat ceva.
  17. Nytro

    Tema RST

    Unde sa fie schimbata tema? Aici pe forum? Nu am mai facut modificari de ani de zile, poate dupa vreun update, nu am idee.
  18. Sugestia mea e sa ai grija cu un astfel de site, parca acum 2-3 ani ceva persoane au fost arestate (in Romania) din cauza unor site-uri cu acelasi profil.
  19. Salut, la McAfee in Romania (nu stiam ca au birouri aici)? Ce faci acolo, cum e?
  20. Nytro

    Fun stuff

    @aelius la doctor https://9gag.com/gag/aN0vL5r
  21. Salut, sunt multe firme la care poti apela pentru cursuri de programare. Nu stiu cum sunt, dar nu necesita mare lucru: 2-3 programatori cu cativa ani de experienta e de ajuns ca sa invete incepatorii bazele programarii. Problema, ca si la ce ai zis tu mai sus e simpla: dureaza un cacat de an! Sa fim seriosi, daca esti dedicat si stai minim cateva ore pe zi sa inveti si sa exersezi poti invata orice limbaj de programare la un nivel OK (totusi de incepator) dar sa te descruci sa faci un program cap-coada. La urma urmei, intr-o luna poti invata sa faci bombe nucleare. Sugestia mea e sa iei 1-2 carti pe domeniul pe care ti-l doresti si sa citesti tutoriale sau sa vezi video despre limbaj. Fie ca e Java, JavaScript, PHP, C++ sau orice altceva, nu e atat de greu cum pare, doar nu inveti araba, inveti un limbaj cu ceva cuvinte cheie si o anumita sintaxa. Daca nu stii ce vrei exact, cere aici pareri sa cauta singur. Daca vrei ceva ce se "cauta" sunt o gramada de statistici cu cele mai cautate limbaje de programare, dar sugestia mea e sa vezi foarte rapid cum sunt fiecare si sa alegi ce ti-ar placea mai mult.
  22. Nu stiu daca exista ceva doar pe networking. Cel mai probabil aceasta e o ramura din altele, gen Windows sau Linux (sysadmin). Probabil exista si job-uri mai dedicate, poate legate de switch-uri si root-ere Cisco de exemplu unde sunt carti intregi de documentatie, dar nu stiu cat se cauta.
  23. Eu zic ca merita si ajuta mult pe partea de "defence". E foarte utila in pozitii de SOC sau asemanatoare. Cred ca ar fi o adaugare buna la cunostiintele de networking/servere pe care le ai deja. CISSP incearca sa acopere cat mai mult si doar la suprafata, e utila pentru pozitii de management dar nu e chiar asa "hands-on".
  24. How a nuclear plant got hacked Plugging nuclear plants into the internet makes them vulnerable targets for nation-state attack. By J.M. Porup Senior Writer, CSO | DEC 9, 2019 3:00 AM PST Thinkstock If you think attacking civilian infrastructure is a war crime, you'd be right, but spies from countries around the world are fighting a silent, dirty war to pre-position themselves on civilian infrastructure — like energy-producing civilian nuclear plants — to be able to commit sabotage during a moment of geopolitical tension. What follows is an explanation of how India's Kudankulam Nuclear Power Plant (KNPP) got hacked — and how it could have been easily avoided. [ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] The KNPP hack The news came to light, as it so often does these days, on Twitter. Pukhraj Singh (@RungRage), a "noted cyber intelligence specialist" who was "instrumental in setting up of the cyber-warfare operations centre of the National Technical Research Organisation (NTRO)," according to The New Indian Express, tweeted: "So, it's public now. Domain controller-level access Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit," noting in a quote tweet that he was aware of the attack as early as September 7, 2019, calling it a "causus belli" (an attack sufficiently grave to provoke a war). [ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial! ] In a later tweet, Singh clarified that he did not discover the malware himself. A third party "contacted me & I notified National Cyber Security Coordinator on Sep 4 (date is crucial). The 3rd party then shared the IoCs with the NCSC's office over the proceeding days. Kaspersky reported it later, called it DTrack." At first the Nuclear Power Plant Corporation of India (NPCI) denied it. In a press release they decried "false information" on social media and insisted the KNPP nuclear power plant is "stand alone and not connected to outside cyber network and internet" and that "any cyber attack on the Nuclear Power Plant Control System is not possible." Then they backtracked. On October 30, the NPCI confirmed that malware was in fact discovered on their systems, and that CERT-India first noticed the attack on September 4, 2019. In their statement, they claimed the infected PC was connected to the administrative network, which they say is "isolated from the critical internal network." "Investigation also confirms that the plant systems are not affected," their statement concludes. A targeted attack Contrary to some initial reporting, the malware appears to have been targeted specifically at the KNPP facility, according to researchers at CyberBit. Reverse-engineering of the malware sample revealed hard-coded administrator credentials for KNPP's networks (username: /user:KKNPP\\administrator password: su.controller5kk) as well as RFC 1918 IP addresses (172.22.22.156, 10.2.114.1, 172.22.22.5, 10.2.4.1, 10.38.1.35), which are by definition not internet-routable. That means it is highly likely the attacker previously broke into KNPP networks, scanned for NAT'ed devices, stole admin credentials, and then incorporated those details into this new malware, a second-stage payload designed for deeper and more thorough reconnaissance of KNPP's networks. "This was a very targeted attack on just this plant," Hod Gavriel, a malware analyst at CyberBit, tells CSO. "Probably this was the second stage of an attack." The malware discovered, however, did not include Stuxnet-like functionality to destroy any of KNPP's systems. "This phase was only for collection of information, it wasn't sabotageware," Gavriel says. Was North Korea responsible? Numerous security researchers downloaded and analyzed the malware from VirusTotal, and many noted the code similarities with malware previously attributed to North Korea's Lazarus group. A Kaspersky analyst noted similarities dating back to 2013, writing "The vast amount of Dtrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development." However, given that North Korea has little geopolitical interest in India, the possibility of a false flag operating using stolen North Korean code to muddle attribution seems quite likely. Analysis of the malware The malware hid inside of modified copies of legitimate programs, such as 7Zip or VNC. This technique often successfully escapes notice by antivirus scanners. Adequate checking of program signatures would have mitigated this attack vector; the modified program hash would have differed from the software vendor's signed hash. The fact that this attack was successful strongly suggests that KNPP was not checking software signatures of file hashes. Passively detecting this kind of attack is very difficult, Gavriel notes. "Effective detection of this type of highly targeted malware is likely to generate false-positives that requires skilled analysts." Targeted critical infrastructure security teams need to engage in constant network monitoring for suspicious activity to hunt threats and root them out before they can do any damage. Sursa: https://www.csoonline.com/article/3488816/how-a-nuclear-plant-got-hacked.html
×
×
  • Create New...