Jump to content

pr00f

Active Members
  • Content count

    1180
  • Joined

  • Last visited

  • Days Won

    8

pr00f last won the day on October 14

pr00f had the most liked content!

Community Reputation

278 Excellent

About pr00f

  • Rank
    Registered user

Profile Information

  • Gender
  1. Protonmail

    Folosesc eu ProtonMail Plus pentru custom domain. Este rapid, simplu, are de toate, aplicatia pe telefon e super, si recent au introdus si plugin pentru Thunderbird. Sunt ok.
  2. Weather via the command line.

    Step aside python \o/. Meanwhile, curl wttr.in/Tokyo
  3. DefCamp 2017

    O sa fie ceva de baut/mancat in cadrul ballroom-ului (inafara de restaurant, banuiesc), sau trebuie sa dam fuga prin alte parti? Avem voie cu bautura/mancare, pe langa restul de "echipament"? "strice"
  4. ZyXEL PK5001Z Modem - Backdoor Account

    https://www.shodan.io/search?query=PK5001Z+port%3A23 ¯\_(ツ)_/¯
  5. DefCamp 2017

    Scapati de sumo pls.
  6. LEARN TO TAME OPENBSD QUICKLY. http://www.openbsdjumpstart.org/#/
  7. https://imgur.com/a/hjZa3 Luate dintr-un avion Ryanair. Daca nu-s ok, sterg.
  8. As I am now an adult, I sometimes need to look at taxes. The longstanding tradition of adults dictates that I must look at my taxes and say to my fellow adults “wow, I wish I had that money which is spent on single payer universal healthcare, infrastructure and education so I could spend it on video games, hardware I never use and thousands of tiny 3D printed statues of myself.”. Regardless, I didn’t expect my micro-sojourn into responsibility to result in a somewhat bad security issue followed by the ability to arbitrarily modify people’s tax details after making them click a link, followed by a 2 month journey to getting confirmed fixes. Welcome to my 3 step guide to hacking the uk tax system, I guess. The UK tax system login process is neat, and well thought out. One goes through an interstitial login web form which requests an identification number, a password, and a code texted to your cellular mobile device. On the technical side of things, this is achieved by the common redirect forwarding pattern in which the page that required login hands off to the login page with a note in parameter form saying where to send the user back to when the login process is successfully completed and you’re ready to dive into taxes and such. Source: https://medium.com/@Zemnmez/how-to-hack-the-uk-tax-system-i-guess-3e84b70f8b
  9. gophirc A simple IRC bot framework written from scratch, in Go. Description Event based IRC framework. Warning The API might break anytime. Framework managed events Manages server PING requests (not CTCP PING) Registers on first NOTICE * Identifies on RPL_WELCOME (event 001) Joins the received invites & sends a greeting to the channel Logs if the bot gets kicked from a channel Features Capability to connect to multiple servers Multiple per event callbacks State & general logging Graceful exit handled either by a SIGINT (Ctrl-C) Parses a user from an IRC formatted nick!user@host to a User{} Config implements a basic checking on values Already implemented basic commands - JOIN, PART, PRIVMSG, NOTICE, KICK, INVITE, MODE, CTCP commands Many (?) more More: https://github.com/vlad-s/gophirc Bonus, IRC bot using gophirc - gophircbot: https://github.com/vlad-s/gophircbot
  10. Old ezines collection

    Lista mai mare pe http://web.textfiles.com/ezines/, probabil sa fie si mirrors. Iar aici altele cached https://web.archive.org/web/20120426235852/http://www.gonullyourself.org:80/ezines/
  11. hcpxread is an interactive tool made to view, parse, and export .hccapx files. You can learn more about the HCCAPX format from the official docs. Long story short, Features Interactive menu Reads and outputs AP data Shows summary of the loaded access points Usage $ go get github.com/vlad-s/hcpxread $ hcpxread _ _ | |__ ___ _ ____ ___ __ ___ __ _ __| | | '_ \ / __| '_ \ \/ / '__/ _ \/ _` |/ _` | | | | | (__| |_) > <| | | __/ (_| | (_| | |_| |_|\___| .__/_/\_\_| \___|\__,_|\__,_| |_| Usage of hcpxread: -capture file The HCCAPX file to read -debug Show additional, debugging info Note: debugging will disable clearing the screen after an action. Example $ hcpxread -capture wpa.hccapx INFO[0000] Opened file for reading name=wpa.hccapx size="6.5 KB" INFO[0000] Searching for HCPX headers... INFO[0000] Finished searching for headers indexes=17 INFO[0000] Summary: 17 networks, 0 WPA/17 WPA2, 16 unique APs 1. [WPA2] XXX B0:48:7A:BF:07:A4 2. [WPA2] XXXXX 08:10:77:5B:AC:ED ... 17. [WPA2] XXXXXXXXXX 64:70:02:9E:4D:1A 99. Export 0. Exit network > 1 Key Version |ESSID |ESSID length |BSSID |Client MAC WPA2 |XXX |3 |B0:48:7A:BF:07:A4 |88:9F:FA:89:10:2E Handshake messages |EAPOL Source |AP message |STA message |Replay counter match M1 + M2 |M2 |M1 |M2 |true ... Asciicast https://asciinema.org/a/H4pUedh9z9sLHH5iZuWouxeZU Github https://github.com/vlad-s/hcpxread
  12. IT Security Catalog

    https://www.it-sec-catalog.info/ Available from https://it-sec-catalog.info/ and https://www.gitbook.com/book/arthurgerkis/it-sec-catalog. About this project This is a catalog of links to articles on computer security — software and hardware analysis and vulnerability exploitation, shellcode development and security mitigations, including computer security research, and malware stuff. Slides are not included (there is other project for that). Advisories without much details are also not included. All articles are only in English. Project is running since 2010. Author and contributors Author of this project: Arthur (ax330d) Gerkis, contributors: Nitay Artenstein, Joe (j0echip) Chip. Thanks to everyone who helped with the project.
  13. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST's Digital Identity Guidelines which were recently released. Of particular interest to me was the section advising organisations to block subscribers from using passwords that have previously appeared in a data breach. Here's the full excerpt from the authentication & lifecycle management doc (CSP is "Credential Service Provider"): NIST isn't mincing words here, in fact they're quite clearly saying that you shouldn't be allowing people to use a password that's been breached before, among other types of passwords they shouldn't be using. The reasons for this should be obvious but just in case you're not fully aware of the risks, have a read of my recent post on password reuse, credential stuffing and another billion records in Have I been pwned (HIBP). As I read NIST's guidance, I realised I was in a unique position to help do something about the problem they're trying to address due to the volume of data I've obtained in running HIBP. https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/ https://haveibeenpwned.com/Passwords
  14. https://www.humblebundle.com/books/cybersecurity-wiley Social Engineering: The Art of Human Hacking The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation Threat Modeling: Designing for Security Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition Cryptography Engineering: Design Principles and Practical Applications The Art of Deception: Controlling the Human Element of Security The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code Unauthorised Access: Physical Penetration Testing For IT Security Teams Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition CEH v9: Certified Ethical Hacker Version 9 Study Guide Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition // Removed - Am scos link-ul celalalt Ce scrie acolo: "Support charity". Preturile sunt foarte mici, oricine isi poate permite. // Nytro
  15. pana sa compilezi aircrack care-i ditamai chestia, ca sa faci DOAR deauth (posibil sa poti compila direct ala de deauth, nu stiu), e mai usor sa lasi python-ul sa-ti interpreteze codul de mai sus. plus ca daca scrii cacaturi de genul, inveti 1) cum sa scrii cacatul pe care vrei sa-l implementezi in limbajul x, 2) cum functioneaza cacatul pe care-l scrii (in anumite cazuri) si 3) si cum sa implementezi cat mai bine cacatul y. my 2c.
×