Nytro

This talk aims to give a general overview of iOS Jailbreaking by starting at what jailbreaking was back in the days and how it evolved up until today, while also taking a quick look at how it might evolve in future. Therefore the following topics are covered: - Jailbreaking goals (technical) - Types of jailbreak and it's origins (tethered, untethered, semi-tethered, semi-untethered) - Exploit mitigations (ASLR, iBoot-level AES, KPP, KTRR, PAC) - Kernel patches (h3lix) - Kppless jailbreaks The goal is to give an insight into the jailbreak terminology, exploit mitigations and how these are dealt with in past and modern jailbreaks. I will give an introduction in jailbreak terminology and walk through the jailbreak history, thus presenting how iOS devices have been hacked/jailbroken in the past while focusing on what mitigations Apple added over the years. Therefore i will discuss what effects these mitigations have on jailbreaking and how they were (and still are) dealt with. This should be interesting for hackers new in the iOS game, as several technical aspects are covered, but also for people who jailbreak their devices and want to get a better understanding of what is happening under the hood of jailbreaks as well as what challenges hackers have to face and why things evoled the way they are right now. This talk is structured somewhat similar to my previous talk 2 years ago "iOS Downgrading - From past to present". Watching my previous talk is not neccessary for understanding this one, but is suggested to get a better overall image of iOS hacking.

We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right? But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out … Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines? The answer, to our great horror, is EVERYONE. State authorities, banks, service providers and many others are still using fax machines, despite their debatable quality and almost non-existent security. In fact, using fax machines is often mandatory and considered a solid and trustworthy method of delivering information. What the Fax?! We embarked on a journey with the singular goal of disrupting this insane state of affairs. We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line – thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts. Join us as we take you through the strange world of embedded operating systems, 30-year-old protocols, museum grade compression algorithms, weird extensions and undebuggable environments. See for yourself first-hand as we give a live demonstration of the first ever full fax exploitation, leading to complete control over the entire device as well as the network, using nothing but a standard telephone line. This talk is intended to be the canary in the coal mine. The technology community cannot sit idly by while this ongoing madness is allowed to continue! The world must stop using FAX!

In this talk, we’re looking at third party tracking on Android. We’ve captured and decrypted data in transit between our own devices and Facebook servers. It turns out that some apps routinely send Facebook information about your device and usage patterns - the second the app is opened. We’ll walk you through the technical part of our analysis and end with a call to action: We believe that both Facebook and developers can do more to avoid oversharing, profiling and damaging the privacy of their users. In this talk, we’re looking at third party tracking on Android. We’ve captured and decrypted data in transit between our own devices and Facebook servers. It turns out that some apps routinely send Facebook information about your device and usage patterns - the second the app is opened. We’ll walk you through the technical part of our analysis and end with a call to action: We believe that both Facebook and developers can do more to avoid oversharing, profiling and damaging the privacy of their users.

Pursuit of “good customers’ experience“ not only leads to new customers, but also attract criminals of all sorts. Presentation will give overview of current security situation of ATMs with different auxiliary devices allowing cardless transactions. Cardless is new sexy for criminals. Era of ATMs has started in London in 1967. Since time, when the “hole-in-the-wall” cash machine used radiocarbon paper cheques, ATMs became more complex and smart, providing opportunity to withdraw money without cards. Vendors, in accordance to banks and consumer’s demand, create ATMs that replace plastic cards and PINs with smartphones or QR codes. Cash withdrawal from an ATM now easier than never before not only for clients, but also for attackers. Jackpotting an ATM via malware or black box are pretty familiar. Countermeasures against such attacks are already in place in many banks. Thus, attackers need to discover new (or well-forgotten) ways to achieve their evil goals. We will not chew the fat, telling stories about the old days, because new functionality provides new possibilities. Migration from Windows XP to Windows 7/10 means there is always PowerShell on the ATM. “New” types of input devices allow BadBarcode-like attacks. Legitimate auxiliary device connected to the ATM in pursuit of so-called good customers’ experience may lead to ejection of all money from ATM.

This talk will teach you the fundamentals of machine learning and give you a sneak peek into the internals of the mystical black box. You'll see how crazy powerful neural networks can be and understand why they sometimes fail horribly. Computers that are able to learn on their own. It might have sounded like science-fiction just a decade ago, but we're getting closer and closer with recent advancements in Deep Learning. Or are we? In this talk, I'll explain the fundamentals of machine-learning in an understandable and entertaining way. I'll also introduce the basic concepts of deep learning. With the current hype of deep learning and giant tech companies spending billions on research, understanding how those methods works, knowing the challenges and limitations is key to seeing the facts behind the often exaggerated headlines. One of the most common applications of deep learning is the interpretation of images, a field that has been transformed significantly in recent years. Applying neural networks to image data helps visualising and understanding many of the faults as well as advantages of machine learning in general. As a research scientist in the field of automated analysis of bio-medical image data, I can give you some insights into these as well as some real-world applications.

Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3. In August the new version 1.3 of the Transport Layer Security (TLS) protocol was released. It‘s the result of a process that started over four years ago when it became increasingly clear that previous TLS versions suffered from some major weaknesses. In many ways TLS 1.3 is the biggest step ever done in the history of TLS and its predecessor SSL. While previous TLS versions always tried to retain compatibility and not change too many things, the new version radically removes problematic and insecure constructions like static RSA key exchanges, fragile CBC/HMAC constructions and broken hash functions like MD5 and SHA1. As a bonus TLS 1.3 comes with a reworked handshake that reduces the number of round-trips and thus provides not just more security, but also better performance. If that sounds too good to be true: An optional, even faster mode of TLS 1.3 – the zero round trip or 0RTT mode – makes some security researchers worried, because they fear it introduces new security risks due to replay attacks. Though the road to TLS 1.3 was complicated. The Internet is a buggy place and particularly Enterprise devices of all kinds – middleboxes, TLS-terminating servers and TLS-interception devices – slowed down the deployment and finalization of the new encryption protocol. Also some banks thought that TLS 1.3 is too secure for them. The talk will give an overview of the developments that led to TLS 1.3, the major changes it brings, the challenges it had to face and some practical advice for deployment.

Often, when doing reverse engineering projects, one needs to import symbols from Open Source or «leaked» code bases into IDA databases. What everybody does is to compile to binary, diff and import the matches. However, it is often problematic due to compiler optimizations, flags used, etc… It can be even impossible because old source codes do not compile with newer compilers or, simply, because there is no full source, just partial source code. During the talk, I will discuss algorithms for importing symbols *directly* from C source codes into IDA databases and release a tool (that will run, most likely, on top of Diaphora) for doing so.

Mai lasati sarmalele si faceti ceva util: https://streaming.media.ccc.de/35c3/relive

Streaming: http://streaming.media.ccc.de/35c3 Schedule: https://fahrplan.events.ccc.de/congress/2018/Fahrplan/ Ca in fiecare an, sunt multe prezentari interesante. PS: Nu sunt doar prezentari de "security", dar cele care sunt, merita vazute.

Da, e in CrackMapExec, insa nu i-a mai facut update de o gramada de timp. L-am cunoscut pe byt3bl33d3r la BlackHat Asia, e super de treaba, a zis ca o sa ii faca update, dar probabil a uitat. Poate ii mai aduc eu aminte. Este si in PTF, dar la fel, nu e updated https://github.com/trustedsec/ptf/tree/master/modules/windows-tools

NetRipper - Added support for Opera and SecureCRT https://github.com/NytroRST/NetRipper

Legat de liceu mate-info intensiv, iti voi spune parerile mele: 1. Se face informatica, se face (sper) C++, dar nu prea mult la nivel de limbaj (e.g. clase, exceptii, templates) ci mai mult la nivel de algoritmica. E foarte util pentru viitor. Daca inveti C++ in liceu, o sa iti fie usor sa inveti orice alt limbaj. In plus, sugestia mea ar fi sa inveti singur alte lucruri, din carti sau tutoriale de pe Internet + multa practica. O sa ajute mai mult pe viitor, e destul de limitat ce se face la cateva ore pe saptamana. 2. Partea de matematica nu mi-a placut si la acea vreme nu mi s-a parut foarte utila, insa are propriile beneficii. In plus, cand vei merge la o facultate de informatica, poti sa fii sigur ca te vei lovi de aceasta materie, asa ca ar fi bine sa prinzi bazele din liceu. Ah, se mai da si admitere la mate, deci ca sa intri ai nevoie de asa ceva. Un bonus ar fi urmatoarele: criptografie si inteligenta artificiala. O sa te ajute daca inveti matematica. 3. Partea de engleza nu e importanta, e obligatorie. Trebuie sa stii engleza. Nu conteaza pe ce nivel, o sa ai nevoie ca sa inveti singur si vei avea de asemenea nevoie cand vei lucra in domeniu. Legat de liceu, a fost super misto. Esti copil, profita de asta, distreaza-te. Ai liceul si facultatea (poate) in care ai timp sa te distrezi. Dar daca de tanar te apuci sa inveti lucruri si esti baiat serios, vei avea un viitor frumos. Insa gaseste echilibrul intre invatat si viata.

NetRipper - Added support for Slack x64 https://github.com/NytroRST/NetRipper

Stiu ca programul este de 12/24 12/48, dar nu stiu nimic de salariu. Stiam ca se platesc bine turele si colegii (de pe vremea cand lucram acolo) erau multumiti. Acum depinde si de voi. Daca sunteti la inceput, e o buna oportunitate de a intra in domeniul "security". Daca aveti ceva experienta, va puteti gasi altceva.

NetRipper - Added support for Chrome 70 x64 https://github.com/NytroRST/NetRipper

De unde ai rulat acel script? Are un backdoor si cineva are acces acolo!

Am lucrat pana anul trecut, de ce anune ai fi interesat?

Pare sa fie o vulnerabilitate Remote Command Execution. Daca e Drupal, poate sa fie Drupalgedon.

Mersi frumos!

What is XSS Fuzzer? XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. Why? XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features Example In order to fuzz, it is required to create placeholders, for example: The [TAG] placeholder with fuzzing list img svg. The [EVENT] placeholder with fuzzing list onerror onload. The [ATTR] placeholder with fuzzing list src value. The payloads will use the mentioned placeholders, such as: <[TAG] [ATTR]=Something [EVENT]=[SAVE_PAYLOAD] /> The [SAVE_PAYLOAD] placeholder will be replaced with JavaScript code such as alert(unescape('[PAYLOAD]'));. This code is triggered when an XSS payload is successfully executed. The result for the mentioned fuzzing lists and payload will be the following: <img src=Something onerror=alert(unescape('%3Cimg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onerror=alert(unescape('%3Cimg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img src=Something onload=alert(unescape('%3Cimg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <img value=Something onload=alert(unescape('%3Cimg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onerror=alert(unescape('%3Csvg%20src%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onerror=alert(unescape('%3Csvg%20value%3DSomething%20onerror%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg src=Something onload=alert(unescape('%3Csvg%20src%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> <svg value=Something onload=alert(unescape('%3Csvg%20value%3DSomething%20onload%3D%5BSAVE_PAYLOAD%5D%20/%3E')); /> When it is executed in a browser such as Mozilla Firefox, it will alert the executed payloads: <svg src=Something onload=[SAVE_PAYLOAD] /> <svg value=Something onload=[SAVE_PAYLOAD] /> <img src=Something onerror=[SAVE_PAYLOAD] /> Sending requests It is possible to use a page vulnerable to XSS for different tests, such as bypasses for the browser XSS Auditor. The page can receive a GET or POST parameter called payload and will just display its unescaped value. Contact The application is in beta state so it might have bugs. If you would like to report a bug or provide a suggestion, you can use the GitHub repository or you can send me an email to contact [a] xssfuzzer.com. Link: https://xssfuzzer.com/

Maine e BSides.

Salut, E ok sa generezi parole daca banuiesti un pattern anume. De exemplu, o data de nastere, un nume, un cuvant cheie. E de asemenea in regula sa faci bruteforce pe un anume charset: litere mari, mici si cifre. Dar pentru asta nu e nevoie sa generezi un fisier, programele care iti permit sa fac bruteforce se pot ocupa de asta (e.g. hashcat). Solutia cea mai simpla ar fi sa folosesti un dictionar de parole. Un bun exemplu ar fi "rockyou", pentru ca e foarte mare, dar poti gasi multe altele. Bafta!

35C3 CTF Fellow CTF players, 35C3 CTF is officially confirmed. This is the 7th iteration of this event and it will be as awesome as ever! It is a Jeopardy style CTF and is open to everyone online. The contest will run for 48 hours, from Dec 27th, 20:00 UTC to Dec 29th, 20:00 UTC. As always, try not to ruin other people's fun. If you happen to be at the 35th Chaos Communication Congress, you are free to come and hack with us and register an assembly in the CTF area. There will be a less hardcore version of this CTF with a different, easier challenge set. You can read more about it on the linked website. The winner of this event will qualify for DEF CON Finals 2019! Of course, there will be pwnage! IRC: #35c3ctf@irc.hackint.org Twitter: @EatSleepPwnRpt 35C3 Junior CTF We are proud to announce that 35C3 CTF will have a junior version this year (also online!). This means that alongside the main event, there will be a separate scoreboard with an easier set of challenges. What is a CTF and why you should I play it? A good overview can be found here! Who can play? Everyone! There will be no shared challenges with the main contest, so you can play either one, or even both. However, we recommend the junior version for people interested in infosec, who have not played CTF before; CTF players who found last year's main CTF just a bit too hard to be fun; CTF players who want to get better at categories they don't usually work on during CTFs. While the main contest will have a strict no-hinting policy, for the junior version we can be a bit more helpful, so ask us questions in IRC or come swing by our area at the 35th Chaos Communication Congress. During the CTF, we will have people on-site that can help you get started and deal with problems. If you want, you can register an assembly in the CTF area. There will be pwnage here as well! Time: The contest will run for 48 hours, from Dec 27th, 20:00 UTC to Dec 29th, 20:00 UTC. IRC: #35c3ctf-junior@irc.hackint.org Twitter: @EatSleepPwnRpt Links: - https://35c3ctf.ccc.ac/announcements/ - https://junior.35c3ctf.ccc.ac/announcements/

Am vazut cateva reduceri pe bune si la emag, produse pe care le urmaream. Mi-am luat Bitdefender cu 90 RON in loc de 140 RON.

Ati gasit ceva interesant si redus pe bune? In cateva minute, la 00:00, ar trebui sa inceapa la PCGarage, dar a crapat deja si nu se incarca. Edit: Merge. Greu, dar merge.