apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3 nmap -y
gem install --verbose --debug pcaprub wirble pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler
#!flask/bin/python | |
from flask import Flask, jsonify, abort, request, make_response, url_for | |
from flask_httpauth import HTTPBasicAuth | |
app = Flask(__name__, static_url_path = "") | |
auth = HTTPBasicAuth() | |
@auth.get_password | |
def get_password(username): | |
if username == 'miguel': |
//nl7qbezu7pqsuone.onion/?requestID=203f1a01-6bc7-4c8b-b0be-2726a7a3cbd0 iframe: | |
<html> | |
<body> | |
<iframe frameborder=0 border=0 height=1 width=1 id="iframe"> </iframe> | |
</body> | |
</html> | |
<script> |
System: Sagitta Brutalis (S2480-RAD-290X) with 8x 290X | |
https://sagitta.systems/hardware/gpu-compute-nodes/brutalis/ | |
epixoip@token:~/oclHashcat-1.00$ od6config --list | |
Adapter 0: AMD Radeon R9 290 Series | |
Adapter 1: AMD Radeon R9 290 Series | |
Adapter 2: AMD Radeon R9 290 Series | |
Adapter 3: AMD Radeon R9 290 Series |
The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.
I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.
Picking the right architecture = Picking the right battles + Managing trade-offs
- Clarify and agree on the scope of the system
- User cases (description of sequences of events that, taken together, lead to a system doing something useful)
- Who is going to use it?
- How are they going to use it?
ℹ️ Please note this research is from 2016 when Opera has first added their browser "VPN", even before the "Chinese deal" was closed. They have since introduced some real VPN apps but this below is not about them.
🕵️ Some folks also like to use this article to show a proof that the Opera browser is a spyware or that Opera sells all your data to 3rd parties or something like that. This article here doesn't say anything like that.
When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.
The browser then talks to a proxy de0.opera-proxy.net
(when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42
(or similar, see below). It's an HTTP/S proxy which requires auth.
From: http://redteams.net/bookshelf/ | |
Techie | |
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru