Nytro
-
Posts
18578 -
Joined
-
Last visited
-
Days Won
642
Posts posted by Nytro
-
-
Tot legat de Uber
-
Exemplul Uber:
-
1
-
-
GTA 6 source code and videos leaked after Rockstar Games hack
- September 18, 2022
Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game's Slack server and Confluence wiki.
The videos and source code were first leaked on GTAForums yesterday, where a threat actor named ‘teapotuberhacker’ shared a link to a RAR archive containing 90 stolen videos.
The videos appear to be created by developers debugging various features in the game, such as camera angles, NPC tracking, and locations in Vice City. In addition, some of the videos contain voiced conversations between the protagonist and other NPCs.
RAR archive containing the 90 leaked GTA 6 videos
The hacker claims to have stolen "GTA 5 and 6 source code and assets, GTA 6 testing build," but is trying to extort Rockstar Games to prevent further data from being released.
However, the threat actor says they are accepting offers over $10,000 for the GTA V source code and assets but are not selling the GTA 6 source code at this time.
Selling GTA V source code on Telegram
Source: BleepingComputerAfter forum members showed disbelief that the hack was real, the threat actor claimed he was behind the recent cyberattack on Uber and leaked screenshots of source code from both Grand Theft Auto V and Grand Theft Auto 6 as further proof.
Rockstar games have not released a statement or responded to our email about the attack at this time. However, Bloomberg's Jason Schreier confirmed the leak was valid after speaking to sources at Rockstar.
The leaked videos have since made it onto YouTube and Twitter, with Rockstar Games issuing DMCA infringement notices and takedown requests to get the videos offline.
Leaked GTA 6 video taken down on YouTube
Source: BleepingComputer"This video is no longer available due to a copyright claim by Take 2 Interactive," reads a copyright claim by Take 2 Interactive, the owner of Rockstar Games. These takedown demands lend further validity to the fact that the leaked GTA 6 videos are real.
However, Rockstar Game's efforts come too late, as the threat actor and others had already started leaking the stolen GTA 6 videos and portions of the source code on Telegram.
For example, the threat actor leaked a GTA 6 source code file today that is 9,500 lines long and appears to be related to executing scripts for various in-game actions.
Claims to be behind Uber attack
The hacker hasn’t shared details on how they gained access to the GTA 6 videos and source code other than claiming to have stolen them from Rockstar’s Slack and Confluence servers.
The threat actor also claims to be the same hacker, named 'TeaPots,' behind the recent Uber cyberattack, but BleepingComputer could not confirm whether these claims are valid.
However, during the cyberattack on Uber, the threat actor also gained access to the company's Slack server and other internal services after performing a social engineering attack on an employee.
While there are not enough details about the Rockstar Games hack, the types of servers accessed and the very public announcements are similar to the Uber hacker’s tactics.
-
4
-
Se refera la faptul ca se gaseste access token-ul? Pfff, ce porcarie, e necesar, by design. Si daca crypteaza cu DPAPI cum fac browserele e acelasi lucru, ca se pot decrypta rapid, nu exista solutie pentru asa ceva. Firma lu peste isi face reclama cu mizerii dinastea, ca LOLBIN-urile sau alte porcarii inutile. Parerea mea.
-
Facui update si la IPBoard si la tema dar se pare ca problemele persista, nu am idee de ce si nici nu am timp sa investighez
-
1
-
-
Salut, se pot sterge toate posturile de catre acel user, nu stiu daca "la gramada", dar cel putin pe rand ar trebui sa mearga.
-
1
-
-
Noroc si bine ai revenit, desi nu mai suntem foarte activi suntem inca aici la datorie.
-
-
35,000 code repos not hacked—but clones flood GitHub to serve malware
By Ax Sharma- August 3, 2022
Thousands of GitHub repositories were forked (copied) with their clones altered to include malware, a software engineer discovered today.
While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.
GitHub has purged most of the malicious repositories after receiving the engineer's report.
35,000 GitHub projects not hijacked
Today, software developer Stephen Lacy left everyone baffled when he claimed having discovered a "widespread malware attack" on GitHub affecting some 35,000 software repositories.
Contrary to what the original tweet seems to suggest, however, "35,000 projects" on GitHub have not been affected or compromised in any manner.
Rather, the thousands of backdoored projects are copies (forks or clones) of legitimate projects purportedly made by threat actors to push malware.
Official projects like crypto, golang, python, js, bash, docker, k8s, remain unaffected. But, that is not to say, the finding is unimportant, as explained in the following sections.
Software engineer Stephen Lacy first publicized the finding (Twitter)
While reviewing an open source project Lacy had "found off a google search," the engineer noticed the following URL in the code that he shared on Twitter:
hxxp://ovz1.j19544519.pr46m.vps.myjino[.]ruBleepingComputer, like many, observed that when searching GitHub for this URL, there were 35,000+ search results showing files containing the malicious URL. Therefore, the figure represents the number of suspicious files rather than infected repositories:
GitHub search results for malicious URL reveal over 35,000 files (BleepingComputer)
We further discovered, out of the 35,788 code results, more than 13,000 search results were from a single repository called 'redhat-operator-ecosystem.'
This repository, seen by BleepingComputer this morning, appears to have now been removed from GitHub, and shows a 404 (Not Found) error.
The engineer has since issued corrections and clarifications [1, 2] to his original tweet.
Malicious clones equip attackers with remote access
Developer James Tucker pointed out that cloned repositories containing the malicious URL not only exfiltrated a user's environment variables but additionally contained a one-line backdoor.
Cloned repositories altered with malware contain backdoor (BleepingComputer)
Exfiltration of environment variables by itself can provide threat actors with vital secrets such as your API keys, tokens, Amazon AWS credentials, and crypto keys, where applicable.
But, the single-line instruction (line 241 above) further allows remote attackers to execute arbitrary code on systems of all those who install and run these malicious clones.
Unclear timeline
As far as the timeline of this activity goes, we observed deviating results.
The vast majority of forked repositories were altered with the malicious code sometime within the last month—with results ranging from six to thirteen days to twenty days ago. However, we did observe some repositories with malicious commits dated as far back as 2015.
Malicious commit made 13 days ago in one of the clones (BleepingComputer)
The most recent commits containing the malicious URL made to GitHub today are mostly from defenders, including threat intel analyst Florian Roth who has provided Sigma rules for detecting the malicious code in your environment.
Ironically, some GitHub users began erroneously reporting Sigma's GitHub repo, maintained by Roth, as malicious on seeing the presence of malicious strings (for use by defenders) inside Sigma rules.
GitHub has removed the malicious clones from its platform as of a few hours ago, BleepingComputer can observe.
As a best practice, remember to consume software from the official project repos and watch out for potential typosquats or repository forks/clones that may appear identical to the original project but hide malware.
This can become more difficult to spot as cloned repositories may continue to retain code commits with usernames and email addresses of the original authors, giving off a misleading impression that even newer commits were made by the original project authors. Open source code commits signed with GPG keys of authentic project authors are one way of verifying the authenticity of code.
-
3
-
Cine de pe aici vine la locatie?
-
Surely you’ve been expecting our email about the DefCamp conference, right? We are happy to officially announce that we’re back with DefCamp - the offline edition, this fall, as we've become accustomed to over the last 10 years.
Registrations are NOW OPEN, which means you can book your early bird ticket right now!
Ready, steady, gooooo pack your bags and cyber knowledge for #DefCamp12!
WHEN: 10th-11th November, 2022
WHERE: Bucharest, Romania
Call for papers: https://def.camp/call-for-papers/
Call for contsts: https://def.camp/call-for-contests/
Become a volunteer: https://def.camp/become-a-volunteer/
Website: https://def.camp/
-
3
-
1
-
2
-
-
Salut, la noi din cate stiu nu e legal si probabil nici in alte tari. O solutie ar fi sa ii dai in judecata dar costa timp, bani si nu merita. Daca erai in SUA merita, acolo se poate da in judecata pentru orice si se pot scoate salarii pe ani de zile din ele.
Cea mai simpla idee ar fi sa discuti cu manager-ul sau cu cineva mai sus de acolo, sa mentionezi ca tu nu esti de acord si ca nu vrei sa se intample asta. Daca nu se poate, sugestia mea sincera e sa pleci de acolo ca nu merita sa lucrezi pentru astfel de specimene.
Cat despre monitorizare nu e nevoie de cine stie ce solutii, monitorizarea ecranului e o mizerie, exista insa solutii de interceptare trafic (root CA pe PC-uri), se verifica DNS-urile, DLP si multe altele printre care Microsoft Defender (cu care cineva poate lua shell la tine). Dar in principiu nu se stie ce faci decat daca faci lucruri suspecte.
Putin pe langa subiect, se pare ca si oamenii de acolo sunt putin cam "sclavi" si nu iti recomand sa lucrezi cu persoane care si-ar vinde familia pentru o firma (si un salariu) de cacat.
Extra: Daca iti cauti altceva, cauta pana nu se afunda SUA si ulterior alte state in recesiune. In mare ar fi de preferat companii mari care au sanse mici sa crape in conditii economice dificile, dar si acestea pot da oameni afara si pe principiul LIFO, bobocii sunt primii care dispar.
-
1
-
-
Un bot mi-a laudat articolul, tot o lauda este, me happy si nu sterg spamu ❤️
-
4
-
-
Pff, cere IP si port si nu le pune in codul generat
-
2
-
-
Mai aveți la dispoziție exact două săptămâni pentru a vă înscrie la Campionatul Național de Securitate Cibernetică - #RoCSC22
-
Insider threat e cam ignorat in general, "noroc" cu astfel de exemple.
-
1
-
-
In 2022 va avea loc a treia ediție a Romanian Cyber Security Challenge - RoCSC, un eveniment anual de tip CTF ce urmărește să descopere tinere talente în domeniul securității cibernetice. La competiție pot participa tineri dornici să își demonstreze abilitățile, ce se pot înscrie online până în ziua concursului. Participanții se vor întrece pe 3 categorii de concurs: Juniori (16-20 de ani), Seniori (21-25 de ani) și Open (disponibil indiferent de vârstă). Participarea este gratuită. Tinerii vor trebui să-și demonstreze abilitățile în domenii precum mobile & web security, crypto, reverse engineering și forensics. Primii clasați la RoCSC22 vor avea oportunitatea de a reprezenta România la Campionatul European de Securitate Cibernetică - ECSC22.Calendarul ROCSC22:
Etapa de calificare: 22.07 ora 16:00 - 23.07 ora 22:00
Finala ROCSC22: 06.08
Bootcamp pentru selectia echipei pentru competitia ECSC22: 17.08 - 21.08Premii:
Categoria Juniori:
Locul I: 2000 euro
Locul II: 1000 euro
Locul III: 500 euro
Locurile 4-10: premii speciale
Categoria Seniori:
Locul I: 2000 euro
Locul II: 1000 euro
Locul III: 500 euro
Locurile 4-10: premii speciale
Pentru a fi eligibili pentru premii, jucătorii trebuie să trimită prezentarea soluțiilor la contact@cyberedu.ro. Jucătorii care participă la categoria Open vor primi doar puncte pe platforma CyberEDU și nu sunt eligibili pentru premii. Competiția este organizată de Centrul Național Cyberint din cadrul Serviciului Român de Informații, Directoratul National de Securitate Cibernetica și Asociația Națională pentru Securitatea Sistemelor Informatice - ANSSI, alături de partenerii Orange România, Bit Sentinel, CertSIGN, Cisco, UIPath, KPMG, Clico, PaloAlto Networks.Programul ROCSC 2022
- Inscrierile se fac pana la data de 22 Iulie 2022:
- Etapa de calificare: 22.07 ora 16:00 - 23.07 ora 22:00
- Finala ROCSC22: 06.08
- Bootcamp pentru selectia echipei pentru competitia ECSC22: 17.08 - 21.08
Pentru înscriere, apăsați aici.-
1
-
1
-
1
-
1
-
-
Da, e XOR cu cheia de acolo de jos. Il poti pune aici:
Doar ca mai e ulterior obfuscat.
-
1
-
-
Conteaza cum e prelucrat acel payload, cel mai probabil e modificat (criptat, encodat, xorat orice) insa pentru a face ceva util trebuie reconstruit. Mai exact, trebuie sa vezi ce face binarul/exploitul cu acest payload inainte de a-l folosi.
Shellcode nu pare sa fie.
-
Noroc, asta e partea de inceput? Nu pare sa fie ceva comun.
-
Dap
Se poate inregistra de x ori, dar e rapid sa scapi de cineva asa.
-
Si la noi intra mereu boti si posteaza porcarii, click pe profi, Flag as Spammer, problem solved.
-
19 minutes ago, 0xStrait said:
Cum sa nu poți proteja niște site-uri la un atac DDoS banal de 3000-5000 de boți?
Adevarat, intr-o zi erau 3000+ in alta 11.000+. Cred ca RST a avut "atacuri mult mai grele" si cu iptables -j DROP s-au rezolvat instant.
Sa vorbeasca cu cei care se ocupa de hosting-ul emag si alte servicii de Black Friday
-
1
-
1
-
1
-
4
-
Modificari forum
in Anunturi importante
Posted
E ceva crapat in JavaScript dar nu am idee ce. Pe template-ul default cred ca merge totul OK.