Search the Community

Ma bag si eu ca "musca in lapte" pe aici cu o intrebare (sau mai multe)prosteasca. Bun,deci de ceva timp ma tot gandesc la o afacere (zic afacere dar defapt ma gandesc la orice din care pot scoate ceva profit) dar ideea aia "stralucita" din care sa devin milionar peste noapte nu prea imi vine (defapt nu prea exista asa ceva) Asa ca am apelat la voi, oricine are vreo ideie sau stie vreo modalitate de a face ceva "malai"(fara siteuri gen PPC sau alte dastea) sa posteze aici!

Salut, am nevoie de un cont chaturbate cu peste 20 tokens, platesc paypal. P.S: am facut aici topicul deoarece la market nu pot posta ca n-am 50 posturi.

Exploit Kits: Past, Present and Future March 16, 2015 View research paper: The Evolution of Exploit Kits Exploit kits are a fast-growing online threat that cybercriminals seem to have favored in the last few years to execute Web-based attacks to distribute malware. Exploit kits are old tools released by Russian programmers dating back to 2006. As seen in the diagram below, exploit kits have continuously grown in numbers from 2006 to 2013. The market seemingly changed and took a significant dip however in 2014. The rise of exploit kits in underground markets push exploit kit developers to improve the stealth and efficiency of their products and services. Currently, there are 70 different exploit kits found in the wild, taking advantage of more than a hundred vulnerabilities. What is an Exploit Kit? Exploit kits are programs or more often scripts that exploit vulnerabilities in programs or applications. The most prevalent exploits are browser exploits that enable the download of malicious files. Exploits introduce code to victims’ computers that then downloads and executes a malicious file. Several kits have since been developed and sold or rented out like commercial products in underground markets. The easiest hack toolkit made available in the crimeware market on record was seen sometime in 2006. A typical exploit kit usually provides a management console, several vulnerabilities targeted to different applications, and several add-on functions that make it easier for a cybercriminal to launch an attack. The Timeline Record of Exploit Kits The following research paper discusses the following: Exploit Kit Attack Scenario – there are four stages that illustrate how a typical attack scenario happens. Detailed below, the stages include contact, redirect, exploit, and finally, infect. Overview of 2014 Exploit Kit Activity – this section discusses the exploit kit trends traced back from 2006 to 2014, including its threat distribution. Exploit Kits are presently one of the most popular types of Web attack toolkits thriving in the cybercriminal underground market, and we predict that exploit kits will be more prevalent in 2015. Internet Explorer, Adobe Flash, and Adobe Reader are the most common software targeted by cybercriminals. Exploit kits pose serious security risks to all computer users ranging from private users to corporate networks. As such, it is critical to know and understand how exploit kits work, where they came from, what are the current trends, and how to defend against them. NO-MERCY Regards Source : Exploit Kits: Past, Present and Future - Security News - Trend Micro USA

Introduction Black markets deployed on anonymizing networks such as Tor and I2P offer all kinds of illegal products, including drugs and weapons. They represent a pillar of the criminal ecosystem, as these black markets are the privileged places to acquire illegal goods and services by preserving the anonymity of both sellers and buyers and making it difficult to track payment transactions operated through virtual currencies like Bitcoin. The majority of people ignore that one of the most attractive goods in the underground market are zero-day exploits, malicious codes that could be used by hackers to exploit unknown vulnerabilities in any kind of software. The availability of zero-day exploits is a key element for a successful attack. The majority of state-sponsored attacks that go undetected for years rely on the exploitation of an unknown flaw in popular products on the market and SCADA systems. Zero-day exploits: A precious commodity Security experts have debated on several occasions the importance of the zero-day exploitation to design dangerous software that could target any kind of application. Zero-day exploits are among the most important components of any cyber weapons, and for this reason they are always present in the cyber arsenals of governments. Zero-day exploits could be used by threat actors for sabotage or for cyber espionage purposes, or they could be used to hit a specific category of software (i.e. mobile OSs for surveillance, SCADA application within a critical infrastructure). In some cases, security experts have discovered large scale operations infecting thousands of machines by exploiting zero-day vulnerabilities in common applications (e.g. Java platform, Adobe software). A few days ago, for example, security experts at FireEye detected a new highly targeted attack run by the APT28 hacking crew exploiting two zero-day flaws to compromise an “international government entity.” In this case, the APT28 took advantage of zero-day vulnerabilities in Adobe Flash software (CVE-2015-3043) and a Windows operating system (CVE-2015-1701). Zero-day exploits are commodities in the underground economy. Governments are the primary buyers in the growing zero-day market. Governments aren’t the only buyers however, exploit kits including zero-day are also acquired by non-government actors. In 2013 it was estimated that the market was able to provide 85 exploits per day, a concerning number for the security industry, and the situation today could be worse. It has been estimated that every year, zero-day hunters develop a combined 100 exploits, resulting in 85 privately known exploits, and this estimation does not include the data related to independent groups of hackers, whose activities are little known. Zero-day hunters are independent hackers or security firms that analyze every kind of software searching for a vulnerability. Then this knowledge is offered in black marketplaces to the highest bidder, no matter if it is a private company that will use it against a competitor or a government that wants to use it to target the critical infrastructure of an adversary. A study conducted by the experts at NSS Labs in 2013 titled “The Known Unknowns” reported that every day during a period of observation lasting three years, high-paying buyers had access to at least 60 vulnerabilities targeting common software produced by Adobe, Apple, Microsoft and Oracle. “NSS Labs has analyzed ten years of data from two major vulnerability purchase programs, and the results reveal that on any given day over the past three years, privileged groups have had access to at least 58 vulnerabilities targeting Microsoft, Apple, Oracle, or Adobe. Further, it has been found that these vulnerabilities remain private for an average of 151 days. These numbers are considered a minimum estimate of the ‘known unknowns’, as it is unlikely that cyber criminals, brokers, or government agencies will ever share data about their operations. Specialized companies are offering zero-day vulnerabilities for subscription fees that are well within the budget of. A determined attacker (for example, 25 zero-days per year for USD $2.5 million); this has broken the monopoly that nation states historically have held regarding ownership of the latest cyber weapon technology. Jointly, half a dozen boutique exploit providers have the capacity to offer more than 100 exploits per year.” On the black market, a zero-day exploit for a Windows OS sells for up to $250,000 according to BusinessWeek, a good incentive for hackers to focus their efforts in the discovery of this category of vulnerabilities. The price could increase in a significant way if the bugs affect critical systems and the buyer is a government that intends to use it for Information Warfare. What is very concerning is that in many cases, the professionals who discover a zero-day, in order to maximize gains, offer their knowledge to hostile governments who use it also to persecute dissidents or to attack adversary states. The zero-day market follows its own rules, the commodities are highly perishable, the transactions are instantaneous, and the agreement between buyers and sellers is critical. “According to a recent article in The New York Times, firms such as VUPEN (France), ReVuln (Malta), Netragard, Endgame Systems, and Exodus Intelligence (US) advertise that they sell knowledge of security vulnerabilities for cyber espionage. The average price lies between USD $40,000 and USD $160,000. Although some firms restrict their clientele, either based on country of origin or on decisions to sell to specific governments only, the ability to bypass this restriction through proxies seems entirely possible for determinedcyber criminals. Based on service brochures and public reports, these providers can deliver at least 100 exclusive exploits per year,” states the report. In particular, the US contractor Endgame Systems reportedly offers customers 25 exploits a year for $2.5 million. The uncontrolled and unregulated market of zero-day exploits pose a real threat for any industry. For this reason, security experts and government agencies constantly monitor its evolution. The zero-day market in the Deep Web: “TheRealDeal” marketplace Zero-day exploits have been available in several underground Deep Web marketplaces for a long time, and it is not difficult to find malicious codes and exploit kits in different black markets or hacking forums. Recently a new black market dubbed TheRealDeal has appeared in the Deep Web. The platform was designed to provide both sellers and buyers a privileged environment for the commercialization of precious goods. Figure – TheRealDeal Marketplace TheRealDeal (http://trdealmgn4uvm42g.onion) service appeared last month and it is focused on the commercialization of zero-day exploits. The singular marketplace is hosted on the popular Tor network to protect the anonymity of the actors involved in the sale of the precious commodity. The market offers zero-day exploits related to still unknown flaws and one-day exploits that have been already published, but are modified to be undetectable by defensive software. Figure – One-day private exploits The operators also offer one-day private exploits with known CVEs, but for which the code was never released. They also anticipated that a seller specialized in exploits for the GSM platform will soon offer a listing for some very interesting hardware. Who is behind TheRealDeal? The ‘deepdotweb’ website published an interview with one of the administrators of the black market who explained that the project is operated by four cyber experts with significant experience dealing in the “clearnet when it comes to zero-day exploit code, databases and so on.” The administrator explained that the greatest risk in commercializing zero-day exploits is that in the majority of cases, the code does not work or simply the sellers are scammers. Another factor that convicted the administrators to launch the TheRealDeal zero-day marketplace is the consideration that the places where it is possible to find the precious goods are not always easy to reach. There are some IRC servers that are not easy to find or that request an invitation. Differently, TheRealDeal wants to be an ‘open-market’ focused on zero-days. The four experts decided to launch the hidden service to create a marketplace where people can trade zero-day exploits without becoming a victim of fraud and while staying in total anonymity. “We started off by using BitWasp, fully aware of its history and flaws, but since we have years of hands-on experience in the security industry and not much in web-design we decided it would be a good platform since we can make our own security assessments and patches while the whole multi-sig seems to work perfect. We also wanted to avoid involving other people in the project for obvious reasons and that was another reason why not to hire a web designer etc… although we might hire one off the darknet soon, just to improve the UI a little,” said one of the administrators. Below is the list of products available on the TheRealDeal marketplace: 0-Day exploits (4) FUD Exploits (4) 1Day Private Exploits (1) Information (5) Money (36) Source Code (4) Spam (3) Accounts (7) Cards Other Tools (3) RATs (1) Hardware (2) Drugs Misc (6) Pharmacy (12) Cannabis (5) LSD (1) Shrooms (2) MDMA (6) Speed (5) Services (8) Weapons Hot (1) Cold (6) CNC Analyzing the product listing of TheRealDeal Market, it is possible to note the availability of zero-day exploits, which are source codes that could be used by hackers in cyber attacks, and of course any kind of hacking tool. The list is still short because the market is still in an embryonic stage, but the policy of its directors is clear. “Welcome…We originally opened this market in order to be a ‘code market’ — where rare information and code can be obtained,” a message from the website’s anonymous administrator reads. “Completely avoid the scam/scum and enjoy the real code, real information and real products.” Among the products there is a new method of hacking Apple iCloud accounts and exploit kits that could be used to compromise WordPress-based websites and both mobile and desktop OSs (i.e. Android and Windows). The price tag for the iCloud hack is $17,000, and as explained by the seller, it is possible to compromise any account. The buyer could pay in Bitcoin to make their identification difficult. “Any account can be accessed with a malicious request from a proxy account,” reads the description of the hack available on TheRealDeal marketplace. “Please arrange a demonstration using my service listing to hack an account of your choice.” Figure – Zero-day exploits The listing also includes an Internet Explorer attack that is offered for $8,000 in Bitcoin, as reported by Wired in a blog post: “Others include a technique to hack WordPress’ multisite configuration, an exploit against Android’s Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin … Found 2 months ago by fuzzing,” the seller writes, referring to an automated method of testing a program against random samples of junk data to see when it crashes. “0day but might be exposed, can’t really tell without risking a lot of money,” the seller adds. “Willing to show a demo via the usual ways, message me but don’t waste my time!” The list of products has been recently updated. It also includes an exploit for the MS15-034 Microsoft IIS Remote Code Execution vulnerability, a flaw that is being actively exploited in the wild against Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2. TheRealDeal market also offers other products very common in the criminal ecosystem, including drugs, weapons, and Remote Access Trojan (RAT). The operators also created a specific “services” category with the intent to attract high-profile black hats offering their hacking services (i.e. Email account takeover, DDoS services, data theft, hacking campaign). The Information category was created for sellers that offer any kind of information, documents, databases, secret keys, and similar products. TheRealDeal doesn’t implement a real escrow model; instead it adopts a multi-signature model to make any financial transaction effective. Basically, the buyer, the seller and the administrators control the amount of Bitcoin to transfer together, and any transaction needs the signature of two out of the three parties before funds are transferred. The administrators decided to implement multisig transactions because their marketplace is very young and without reputation. This means that people has no incentive to deposit a sum of money for something that they are not able to verify. It is curious to note that the marketplace also offers drugs due to high demand, but according to the administrators they might consider removing them in the future. There is also a “services” category – anything can go there, but we are hoping for some high quality blackhats to come forward and offer their services, anything from obtaining access to an email and getting a certain document and up to long term campaigns. The hardware category is for toys like fake cellular base stations and other physical ‘hacking’ tools. The information category is for any kind of information, documents, databases, secret keys, etc. In the following table are the principal product categories offered in the market and their prices. 0-Day exploits Apple id / iCloud remote exploit USD 17025,52 Internet Explorer <= 11 USD 7840,70 Android WebView 0day RCE USD 8176,73 WordPress MU RCE USD 1008,09 Category: FUD Exploits FUD .js download and execute USD 291,23 Adobe Flash < 16.0.0.296 (CVE-2015-0313) USD 560,05 Adobe Flash < 16.0.0.287 (CVE-2015-0311) USD 560,05 Category: 1Day Private Exploits MS15-034 Microsoft IIS Remote USD 42313,18 Category: Hardware A5/1 Encryption Rainbow Tables USD 67,21 Category: Source Code Banking malware source code USD 2,11 Alina POS malware full source code USD 0,92 Exploit Kits Source Code USD 1,82 “Start your own maket” code and server USD 7959,43 I’ll keep you updated on the evolution of the TheRealDeal marketplace in the next weeks. References http://securityaffairs.co/wordpress/36098/cyber-crime/therealdeal-black-marketplace-exploits.html http://www.wired.com/2015/04/therealdeal-zero-day-exploits/ http://securityaffairs.co/wordpress/14561/malware/zero-day-market-governments-main-buyers.html https://www.nsslabs.com/reports/known-unknowns-0 http://www.deepdotweb.com/2015/04/08/therealdeal-dark-net-market-for-code-0days-exploits/ Source

Thomas Ji?ikovský, an alleged Owner of one of the most popular Darknet website ‘Sheep Marketplace,’ has been arrested after laundering around $40 Million, making it one of the biggest exit scams in Darknet history. After the arrest of Silk Road owner 'Ross Ulbricht' in 2013 -- Sheep Marketplace became the next famous anonymous underground marketplace among Black Market customers for selling illicit products, especially drugs. But only after few weeks, Sheep Marketplace was suddenly disappeared and was taken offline by its owner, who had been suspected of stealing $40 million worth of Bitcoins at the time when Bitcoin market value was at the peak. Shortly after this Bitcoin Scam, a Darknet commentator ‘Gwern Branwen’ doxed the owner, and the suspect was identified -- Thomas Ji?ikovský as the owner of the black market website. Unfortunately, Ji?ikovský forgot to hide his identity and residential address from the Internet, which was exposed by his Facebook page. However, immediately after his identity exposure, Ji?ikovský denied his involvement in the Darknet Sheep Marketplace. While Investigating for stolen money from online market, Czech police noticed a suspicious young programmer who attempted to buy a luxury home worth 8.7 Million Czech Koruna ($345,000 USD) in Lusatia, a region in the Czech Republic, under his grandfather’s name. Additional investigation revealed that in January last year, a new bank account of 26-years old Eva Bartošová received a huge payment of almost 900,000 Crowns from a foreign Bitcoin Money Exchange company. However, the young woman was unable to justify the source of the money. According to Czech media, ‘Eva Bartošová’ is ‘Thomas Ji?ikovský’ wife, who helped him to transfer the stolen money to her freshly created bank account. Czech’s Economic Police wing investigated into Ji?ikovský's money and found that the house had been purchased entirely using Bitcoin. Two weeks back, another largest Deep Web drugs marketplace ‘Evolution’ disappeared suddenly with rumors circulating that its owners may have scammed its massive user base and stole $12 Million in Bitcoin Source

vand steam cs go, market open, cont clean, n-a fost folosit pt bullshituri etc. 6 eur vdf. // sa mute cineva topicul la market please, nu mai am posturi pe contul asta. Mersi

How can post in RST Market? I do not see ant Post New thread option when i visit RST Market.

An all new anonymous online underground black market website, DarkLeaks, has been introduced on the Internet where Whistleblowers, blackmailers, hackers and any individual can trade/sell sensitive and valuable data/secrets anonymously in exchange for Bitcoin payments. DarkLeaks is a decentralized underground blackmarket which is built on top of the Bitcoin Blockchain technology and is available on the Internet to download as a free software package together with its source code published openly on code-sharing site Github. TRADE INFORMATION ANONYMOUSLY DarkLeaks underground black market website is masterminded by the members of crypto-anarchist collective System. "There is no identity, no central operator and no interaction between leaker and buyers," the developers' statement says. Blockchain technology is developed for secure Bitcoin payments, where users can make transactions directly without need of any intermediary. Blockchain encrypts the files which are released when payment is claimed by the leaker. NO LIMITS TO TRADE CONTENTS The developers of DarkLeaks underground black market website said that it is the best tool to trade any kind of secret, illegal or confidential, but valuable data, including media, information, video, data and documents. The list of contents that can be shared is as follows: Hollywood movies Trade secrets Government secrets Proprietary source code Industrial designs like medicine or defence Zero day exploits Stolen databases Proof of tax evasion Military intelligence Celebrity sex pictures Corruption HOW DOES DARKLEAKS WORK ? The files on sale are encrypted by DarkLeaks black market website, broken into smaller pieces, and then added to Bitcoin's block chain. However, the service allows the buyer to verify small preview piece of the file before payment is claimed. After buyer purchase the rest of the file when satisfied with the contents, the seller claims their Bitcoins. A decryption key is provided to the buyer in order to unlocks the encrypted document for the buyer. "The mechanism involved makes the environment free from intervention." DON'T BE AFRAID, JOIN HANDS WITH US The concept is different, but isn't new, as many existing portals, such as the infamous WikiLeaks, used for sharing secret information by whistleblowers and others, but has never been an opportunity to exchange those information for profit. However, DarkLeaks is taking things to the next level, making the information sharing portal a direct purchase transaction. The developers say that Darkleaks will help "stop corruption and challenge power", and at the same time encourage users by saying, "Don't be afraid. Come join the revolution and reclaim your freedom. The gloves are off. The revolt has begun." source

se poate, oare, daca exista un android developer printre useri de pe RST sa creeze un program pentru android si sa-l urce pe market, astfel toata lumea ar fi mai la curent cu stirile si discutiile de aici, un fel de RSS-FEED, poate si un chat, in ziua de azi majoritatea dintre noi ai un smartphone si cred ca ar fi util pentru toata lumea. mersi

Doresc o editare de un articol pe un site. Nu am ce face cu sqli-ul, xss-ul. Platesc direct editarea articolului. Platesc bine, pe primul care poate face asta. Detalii in mesaje personale.