This topic is now closed to further replies.
Revin si eu cu cateva intrebari legate de wi-fi pen. Deci am parcurs urmatorii pasi:
Am luat o Alfa pe care am conectat-o la Kali linux dupa care am scanat cateva retele wi-fi si am obtinut cateva handshake-uri pentru respectivele retele dupa care am exportat acele handshake-uri si le-am copiat pe windows 10 unde am Aircrack (toate bune si frumoase pana aici). Am importat in Aircrack fisierul ce contine acel handshacke am selectat encriptia si key size 64, o lansez dar programul imi spune ca am doar 150 iv's si sa incerc cu minim 5000 iv's. Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Momentan am ales sa incerc cracking-ul acelui handshacke cu un wordlist destul de mare (2GB) dar cuvintele sunt in engleza deci sunt sceptic ca va functiona, daca gasesc un wordlist in romana voi incerca si cu el.
Aceeasi placa de retea + CommView for WiFi apoi scanat reteaua targhetata (Doar 5 minute pentru ca trial and yeah), capturat un log (cateva pachete etc) , convertit fisierul ca sa poata fi rulat de aircrack si primesc acelasi mesaj ca in Metoda cu Linux.
Ai mai ramas intrebarile de mai sus, Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Pot scana cu altceva retelele pentru a obtine un log mai mare si mai multe pachete in speranta ca o sa prin 5k iv's din acelea (daca da cum sau cu ce soft) ?
Astept raspuns de la cei care au mai multe cunostinte despre asa ceva
Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS.
Link: Please login or register to see this link.
salut ... ce linux pot folosi pentru mine , un incepator in linux sunt nehorarat in a decide ce linux sa aleg ori ubuntu ori manjaro ori linux mint ori cateodata debian9 sau kali linux... elementary os arata bine si zorin os, si arch linux imi place dar nu stiu ce sa aleg deoarece sunt multe desktop enviroement pentru linux kde,gnome,xfce,etc...
Decameron is helping an innovative and vibrant healthcare technology company, with headquarter in UK, to complete their team with 2 C++ Developers. They have developed revolutionary software to detect vital signs to medical grade accuracy, human activity through a standard digital camera, completely contact free.
The software is currently being deployed to monitor safety and health in police, mental health and hospital settings but we see it being deployed in a wide range of settings including nursing & elderly care, community & home care and in vehicles.
We are looking for 2 C++ developers to join the team developing and delivering a unique software to extract health information from video. You will be responsible for developing features and creating tests for the core software and systems and services running, running across networks of Linux devices and servers. If you love crafting quality code to bring products to life, learning cool new stuff, and enjoy working in an energetic, and outgoing team, then we want to hear from you.
The C++ Developer MUST HAVE:
● Exceptional C++, including the modern language standards, the STL and other software libraries (e.g. Boost etc.)
● Experience developing in a Linux environment
● Exposure to scripting (e.g. Python, bash, Ruby)
It is also HIGHLY DESIRABLE that C++ Engineer has:
● Experience of multi-threaded, high performance code
● Worked with algorithms, numerical methods or image processing
To be a great member of the team, you must be brave, inquisitive, determined, supportive, a good listener, team-oriented, self-starting, highly responsible and high energy.
● Salary negotiable depending on experience
● Relocation support for UK, Oxford
● 25 days of annual leave with the ability to purchase more
● A flexible working environment
● Opportunities to develop your role in the direction you want as the company grows
● Working in a well-funded company with a spirit and working environment that is envied by all who see it.
All those interested are welcome to send their CV at Please login or register to see this link. .
Let's discuss in more details. Thank you.
Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox.
Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was Please login or register to see this link. by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast.
A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one.
This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.
Ropemaker abuses Cascading Style Sheets (CSS) and Hypertext Markup Language (HTML) that are fundamental parts of the way information is presented on the Internet. Since CSS is stored remotely, researchers say an attacker can change the content of an email through remotely initiated changes made to the desired 'style' of the email that is then retrieved remotely and presented to the user, without the recipient, even tech savvy users, knowing about it.
According to the researchers, the Ropemaker attack could be leveraged depending upon the creativity of the threat actors.
For instance, attackers could replace a URL that originally directed the user to a legitimate website by a malicious one that sends the user to a compromised site designed to infect users with malware or steal sensitive info, such as their credentials and banking details.
While some systems are designed to detect the URL switch preventing users from opening up the malicious link, other users could be left at a security risk.
Another attack scenario, called "Matrix Exploit" by the Mimecast, is more sophisticated than the "Switch Exploit", and therefore much harder to detect and defend against.
In a Matrix Exploit attack, attackers would write a matrix of text in an email and then use the remote CSS to selectively control what is displayed, allowing the attacker to display whatever they want—including adding malicious URLs into the body of the email.
This attack is harder to defend against because the initial email received by the user does not display any URL, most software systems will not flag the message as malicious. Although the security firm has not detected the Ropemaker attack in the wild, it believes that this doesn't mean for sure the attack is "not being used somewhere outside the view of Mimecast."
According to the security firm, Ropemaker could be used by hackers to bypass most common security systems and trick even the tech savvy users into interacting with a malicious URL.
To protect themselves from such attacks, users are recommended to rely on web-based email clients like Gmail, iCloud and Outlook, which aren't affected by Ropemaker-style CSS exploits, according to Mimecast.
However, email clients like the desktop and mobile version of Apple Mail, Microsoft Outlook, and Mozilla Thunderbird are all vulnerable to the Ropemaker attack.
Via Please login or register to see this link.