Jump to content

u0m3

Active Members
  • Content Count

    542
  • Joined

  • Last visited

  • Days Won

    25

u0m3 last won the day on November 28 2020

u0m3 had the most liked content!

Community Reputation

425 Excellent

About u0m3

  • Rank
    Registered user
  • Birthday 12/14/1987

Profile Information

  • Gender
    Male
  • Location
    : 224.0.0.1
  • Interests
    Learning

Converted

  • Location
    /bin/sh

Recent Profile Visitors

6291 profile views
  1. The Encryptor Challenge-ul începe cu 2 fișiere: un executabil TheEncryptor.exe și un fișier binar encrypted.bin. Am început prin a rula executabilul, dintr-o consolă PowerShell, pentru a observa ce output generează. PS D:\tmp\ctf_rstcon_2020\reversing\the_encryptor> .\TheEncryptor.exe Enter a filename as an argument! PS D:\tmp\ctf_rstcon_2020\reversing\the_encryptor> .\TheEncryptor.exe .\dummy.txt TheEncryptor will begin encripting the file to "encrypted.bin"... Key generated: 2020-11-27-05 The source plaintext file, .\dummy.txt, is open. The destination file,
  2. Mesajul de pe retea - IV Challenge-ul începe cu un fișier text, ce conține o listă de prăjituri/dulciuri/deserturi. Sincer, aici am avut foarte mult noroc, deoarece după ceva vreme de holbat la conținutul fișierului, mi-am adus aminte că am citit undeva, în urmă cu mai bine de un an, despre un proiect de stenografie ce permitea exfiltrarea datelor sub forma unui tabel cu scoruri de meciuri dintre echipe... sau așa îmi aminteam eu. După o scurtă sesiune de „Google”, am găsit repozitory-ul proiectului: https://github.com/TryCatchHCF/Cloakify/. Fiindu-mi prea lene să îl in
  3. Mesajul de pe retea - III Challenge-ul începe cu un fișier zip. Acesta conține un singur fișier .txt, dar este protejat cu o parola din nefericire. Prima tentativă a fost un atac hashcat asupra parolei, dar acesta s-a dovedit ineficient. Ca atare sa ne îndreptăm atenția spre structura și fi conținutul fișierului zip (https://en.wikipedia.org/wiki/ZIP_(file_format)#Central_directory_file_header ca referință a formatului unui fișier zip). În descrierea challenge-ului suntem informați că nu vom descoperi flag-ul, ci vom descoperi o serie de bytes, a căror sumă
  4. Abstract: Browsers are complicated enough to have attack surface beyond memory safety issues. This talk will look into injection flaws in the user interface of Mozilla Firefox, which is implemented in JS, HTML, and an XML-dialect called XUL. With an Cross-Site Scripting (XSS) in the user interface attackers can execute arbitrary code in the context of the main browser application process. This allows for cross-platform exploits of high reliability. The talk discusses past vulnerabilities and will also suggest mitigations that benefit Single Page Applications and other platforms that may suffer
  5. Link: https://github.com/EdOverflow/can-i-take-over-xyz Este un repository pe GitHub ce contine discutii/lista cu CDN-uri sau alte servicii de web hosting, susceptibile la sub-domain take-over.
  6. Synopsis: Blog series about Alex Matrosov and Alexandre Gazet joint Black Hat research "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" presented last week in Vegas. Link: https://medium.com/@matrosov/breaking-through-another-side-bypassing-firmware-security-boundaries-85807d3fe604 Via:
  7. Series Overview This series is intended for readers who are interested in reverse engineering, but have only opened a debugger a handful of times. If you have trouble with certain concepts of reverse engineering, tooling, disassembly or debugging then you’ve come to the right place. Starting from the ground up we’ll work our way to advanced topics that aid in automating the reversal process such as heuristic analysis using a disassembly engine, and return oriented programming. If you’re new it’s recommended you start from the first article and work your way through the series, as it’s mea
  8. Description: Link: https://github.com/dowjones/hammer
  9. Oamenii acestia nu au "gandit in afara cutiei", ci "in afara sistemului solar"...
  10. Synopsis: A simple misconfiguration can lead to Stored XSS. Link: https://medium.com/@nahoragg/chaining-cache-poisoning-to-stored-xss-b910076bda4f
  11. Synopsis: In external and red team engagements, we often come across different forms of IP based blocking. This prevents things like password brute forcing, password spraying, API rate limiting, and other forms of IP blocking like web application firewalls (WAFs). IP blocking has always been a simple and common way of blocking potentially malicious traffic to a website. The general method of IP based blocking is to monitor for a certain type of request or behavior, and when it is found, disable access for the IP that the request or behavior came from. In this post, we walk thr
  12. Ce propune domnul @kadytgv este deja pus in aplicare de anumiti indivizi (nu stiu cu ce grad de succes). Website: https://www.tracelabs.org/ Promo:
  13. Ca sa va distrati putin si sa va gadilati paranoia https://iknowwhatyoudownload.com/en/peer/ (nu functioneaza decat cu IPv4). Parerea mea (total neavizata si lipsita de orice urma de importanta), daca vrei neaparat sa nu ai probleme, inchiriezi un server intr-un datancenter ce este intr-o tara cu legislatie mai laxa din acest punct de vedere (ideal ar fi si sediul acelei firme sa fie tot intr-o astfel de tara), si tii acolo clientul de torrents. Iar de acolo le iei prin ssh (scp/sftp). Daca ceea ce am prezentat mai sus suna prea complicat, o alta sugestie ar fi sa:
  14. Synopsis: Following the wrong link could allow remote attackers to control your WiFi router, Google Home, Roku, Sonos speakers, home thermostats and more. Link: https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325 Stiu ca e destul de "fumat" subiectul, dar mi s-a parut interesant articolul.
×
×
  • Create New...