tag:blogger.com,1999:blog-82763909794127853982024-03-13T11:59:13.532-05:00☣ c1b3rh4ck's...! /dev/nullAdventures of a JackAllTrades. administradorhttp://www.blogger.com/profile/00823631353813348807noreply@blogger.comBlogger90125tag:blogger.com,1999:blog-8276390979412785398.post-22172360393566260592016-04-03T23:30:00.000-05:002016-04-03T23:30:04.131-05:00Windows Firewall React!<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-HHNwtS0KnYQ/VwE3a9GRbYI/AAAAAAAAAmE/D63ogIHl6fA7XHvpATfaSRxU2xjamJn8w/s1600/windows.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="https://4.bp.blogspot.com/-HHNwtS0KnYQ/VwE3a9GRbYI/AAAAAAAAAmE/D63ogIHl6fA7XHvpATfaSRxU2xjamJn8w/s400/windows.gif" width="400" /></a></div>
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-53254731024007516082016-01-30T01:30:00.000-05:002016-01-30T01:30:11.764-05:00Problem Restarting Apache2: SolutionsIf you're using apache 2 as webserver maybe sometimes you'll have to deal with common problems like vhost, syntax errors, bad configurations. Sometimes is when you edit a file inside /etc/apache2/sites-enabled/file.conf and maybe your edition just didn't accomplish with the syntax so here is how can you check :<br />
<br />
1. Make sure that your Apache2 service is up and running.<br />
<pre class="brush:bash">user@~$sudo service apache2 status
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Active: active (running) since Fri 2016-01-29 14:05:16 EST; 14s ago
Docs: man:systemd-sysv-generator(8)
Process: 31573 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 17063 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 30948 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
...
</pre>
<br />
If this isn't the output, read carefully the error.<br />
2. Check your <b>systemctl status</b>, this will give you a lot of information.<br />
<pre class="brush:bash">user@~$sudo systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2016-01-29 13:48:57 EST; 18s ago
Docs: man:systemd-sysv-generator(8)
Process: 31573 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 17063 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 30467 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
</pre>
3. Run the <b>apache config test</b>. It is always a good idea to run <b>configtest</b> everytime you make changes to the apache2 config file so that you won't accidentally stop apache2 service <br />
<pre class="brush:bash">user@~$ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
</pre>
4. Restart the apache service<br />
<pre class="brush:bash">user@~$ sudo service apache2 stop && sudo service apache2 start
</pre>
<br />
References:<br />
<br />
[1]<a href="http://www.techrepublic.com/article/troubleshoot-apache-problems-with-these-tips/">http://www.techrepublic.com/article/troubleshoot-apache-problems-with-these-tips/</a><br />
[2]<a href="https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-common-site-issues-on-a-linux-server">https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-common-site-issues-on-a-linux-server</a><br />
[3]<a href="https://www.linode.com/docs/troubleshooting/troubleshooting-common-apache-issues">https://www.linode.com/docs/troubleshooting/troubleshooting-common-apache-issues</a>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-86584231631955573122016-01-29T01:30:00.000-05:002016-01-29T01:30:15.575-05:00Video Writeup EFF-CTF 2016For a while I've been trying to understand a little bit about reversing and low level stuff, sometimes it becomes a little difficult but if you want you can, so this post it is to highlight a youtube channel that I've been checking in this vacations it the Liveoverflow's great videos that solves a few reversing challenges. As you know the most recent security conference was the Usenix enigma as it's commonly in this kind of Cons there was a Capture The Flag , The EFF was runing a hacking contest at Enigma! The challenges included web hacking, binary analysis, cryptography challenges, and
more.<br />
<img alt="" height="166" src="https://www.eff.org/files/2015/11/19/enigma_logo_700x253.png" width="460" /><br />
<br />
So <a href="https://twitter.com/LiveOverflow" rel="nofollow">LiveOverflow</a> solve this after a few hours and he posted this on his <a href="https://www.reddit.com/r/LiveOverflow/" rel="nofollow">youtube channel</a>, so here it is .<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/LlSI6ErrbDI/0.jpg" frameborder="0" height="320" src="https://www.youtube.com/embed/LlSI6ErrbDI?feature=player_embedded" width="374"></iframe></div>
<br />administradorhttp://www.blogger.com/profile/00823631353813348807noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-3275186080202410942016-01-28T16:15:00.001-05:002016-01-29T14:28:52.038-05:00NSA’s top hacking boss explains how to protect your network from his attack squads<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-IXZkSaECa9M/Vqp-4nhnPQI/AAAAAAAAABg/Dst_EGDCRsA/s1600/wallhaven-23251.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="http://1.bp.blogspot.com/-IXZkSaECa9M/Vqp-4nhnPQI/AAAAAAAAABg/Dst_EGDCRsA/s640/wallhaven-23251.jpg" width="500" /></a></div>
<br />
True words have not been spoken at the <a href="https://www.usenix.org/conference/enigma2016">Usenix enigma conference</a> it seems that the Nsa's top hacking boss is explaining how they exploit your networks and he is giving free advices... I doubt it, I've seen a lot of systems over the time and
wherever I've been, security invariably sucks even in the places where
they really know it does suck. So, it's not a non sequitir to state that
they'd probably be more secure with someone else handling the data at
rest part of the equation or data in transit within the cloud provider. <br />
<br />
<div class="body">
Data in transit and data at rest still on premises will remain key
determiners of exactly how the overall security posture rates up or
rates down. A proper provider will help the business to lock down the in
transit data as well. Then only the on premises setup will be the only
part that sucks.Security is a process and the number of people that actually can read
and apply proper processes <i>is vanishingly small</i> if it's possible, to
advance your systems security and understand it just do it, and the first step is to encrypt everything, and trying to mitigate adding more layers of security.<br />
<br />
I respect all people working in US goverment but as you know
according to the recent statistics of some resources [Check spiegel.de]
say that USA is the largest invading privacy , because they don't
respect the American rights over national security , also we know that
MI6 and other intel agencies are reading alien code searching for
explotaible bugs.
This is a game where the number one player is USA , and that talk given by Roy Joice is strange because he is part of that exploiters team.</div>
administradorhttp://www.blogger.com/profile/00823631353813348807noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-86594565565971901742016-01-21T01:34:00.000-05:002016-01-28T16:21:25.567-05:00What is Practice?<ul class="list" style="box-sizing: border-box;">
<li style="background-attachment: initial; background-clip: initial; background-image: url("/images/icon-bullet.png"); background-origin: initial; background-position: 0px 4px; background-repeat: no-repeat; background-size: initial; box-sizing: border-box; list-style: none; margin-bottom: 5px; padding: 0px 0px 0px 19px;"><div class="separator" style="clear: both; color: black; font-family: Verdana, Geneva, Tahoma, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 24px; text-align: center;">
<a href="https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcQXaOmqYc2FuKkd4QTaGO5bdDMx6g7jB_d3AlxHronsoU77r-lFFw" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcQXaOmqYc2FuKkd4QTaGO5bdDMx6g7jB_d3AlxHronsoU77r-lFFw" /></a></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Practice is <b>a habit.</b><br />Practice is <b>a routine.</b><br />Practice does <b>not need to remember.</b><br />Practice comes <b>by practicing.</b><br />Practice needs<b> dedication and commitment</b>.</span></li>
<li style="background-attachment: initial; background-clip: initial; background-image: url("/images/icon-bullet.png"); background-origin: initial; background-position: 0px 4px; background-repeat: no-repeat; background-size: initial; box-sizing: border-box; list-style: none; margin-bottom: 5px; padding: 0px 0px 0px 19px;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span></li>
<li style="background-attachment: initial; background-clip: initial; background-image: url("/images/icon-bullet.png"); background-origin: initial; background-position: 0px 4px; background-repeat: no-repeat; background-size: initial; box-sizing: border-box; list-style: none; margin-bottom: 5px; padding: 0px 0px 0px 19px;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">To become a <b>successful</b> devops-pentester you need lot of practice, dedication and commitment </span></li>
</ul>
administradorhttp://www.blogger.com/profile/00823631353813348807noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-60334500516659711912016-01-16T00:39:00.001-05:002016-01-16T00:44:05.986-05:00The Traveling Salesman Problem <span class="ou-inline-caption-wrap" style="width: 600px;"><span class="ou-inline-image-wrap " style="height: 388px;">This week when I was reading about Brute Force password attacks in a Ukranian Course that I'm taking I just see how a cool implementation done by Dr Michel Wermelinger's seems pretty cool and easy explanation about how you can achieve all the nodes, just click on the image below to interact.</span></span><br />
<span class="ou-inline-caption-wrap" style="width: 600px;"><span class="ou-inline-image-wrap " style="height: 388px;"><a class="injectorLightbox cboxElement" href="http://www2.open.ac.uk/openlearn/heuro/index.html"><span style="color: black;"><br /></span>
<img alt="Images taken from the online game, The Jewels of Heuro" src="http://www.open.edu/openlearn/sites/www.open.edu.openlearn/files/ole_images/heuro-launch.jpg" /></a><br />
<span class="img_permissions">Taken from<br /><span class="img_permissions_text">The Open University under Creative Commons BY-NC-SA 4.0 license</span></span></span><br />
</span>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-5358057816732860692015-12-30T13:30:00.002-05:002015-12-30T13:31:44.324-05:00The Origin of the Cyber-War:China<div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-2ZkysPPuYPA/VoQhP6xElZI/AAAAAAAAAlI/q_Xrp3M1k8g/s1600/xxx.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="182" src="http://4.bp.blogspot.com/-2ZkysPPuYPA/VoQhP6xElZI/AAAAAAAAAlI/q_Xrp3M1k8g/s320/xxx.jpg" width="320" /></a></div><br />
<div style="text-align: right;"></div><span style="text-align: justify;">If you've ever heard about cyberwar, and the big players of this like China, Russia, USA, among others, I found an interesting article checking my timeline of twitter in which a </span><a href="http://www.chinawatcher.info/" rel="nofollow" style="text-align: justify;" target="_blank">Chinese blog</a><span style="text-align: justify;"> tells how China has been in this field, remember that source is written by someone that we don't know, so you're the final analist.</span><br />
<div style="text-align: justify;">The Article consists of three parts:</div><div style="text-align: justify;"><a href="http://www.chinawatcher.info/#!China’s-Silent-War/cu6k/55eb08440cf23d0feffc139f" rel="nofollow" target="_blank">Part 1: The Political and Doctrinal Origins of China’s Cyber-Attacks</a></div><div style="text-align: justify;"><a href="http://www.chinawatcher.info/#!Chinas-Silent-War-pt-2/cu6k/55eb08a00cf23d0feffc13cb" rel="nofollow" target="_blank">Part 2: Perpetrators and Focal Points of the Cyber-War</a></div><div style="text-align: justify;"><a href="http://www.chinawatcher.info/#!Chinas-Silent-War-pt-3/cu6k/55eb08d80cf20cc524a0f0e9" rel="nofollow" target="_blank">Part 3: Seeing Past the Shadows and Formulating a Response</a></div><div style="text-align: justify;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-G021zCdr1sM/VoQhQE8FqOI/AAAAAAAAAlU/cF0JJuLEtg8/s1600/xx.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://4.bp.blogspot.com/-G021zCdr1sM/VoQhQE8FqOI/AAAAAAAAAlU/cF0JJuLEtg8/s320/xx.jpg" width="320" /></a></div><div>Hope you enjoy the reading, and happy new year to every reader of the blog. </div><div><i>c1b3r.</i></div>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-74658562760732643212015-12-05T14:00:00.000-05:002015-12-30T13:41:23.486-05:00Open Science for my Article of Communications Techniques Class at UTP<div style="text-align: justify;">
Maybe one of the most important thing in the world is how we talk to each other, it seems that sometimes there are communications barriers and develop and improve an effective communication toolset(skills in the end) can't be done inside a class, you need to put in practice some tips, tricks given in the classroom outside of it, because your body is always communicating.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
So this blog post is not going to be about computer security or relate it, it's my invitation to you to read and article written by me and my fellow Sebastian Zapata this was and assignment in the communication techniques class meet the following requirements :</div>
<ol>
<li style="text-align: justify;">Read and use the arguments of the textbook 'Redacción Técnica '</li>
<li style="text-align: justify;">Write an article based on the image below, and release the article under Open Science movement [1]</li>
<li style="text-align: justify;">Use the American Psychological Association rules.</li>
</ol>
<div style="text-align: center;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><img src="http://lh6.ggpht.com/-BmXN6FV8lok/UImxb1RplmI/AAAAAAAAOCA/JK6EmhDmuZ4/metodo%252520cientifico%25255B5%25255D.gif?imgmax=800" style="margin-left: auto; margin-right: auto;" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: 12.8px;">Fig.2 </span>scientific method, Spanish Version.</td></tr>
</tbody></table>
<div style="text-align: left;">
So here is a short summary of our work done :</div>
<div style="text-align: left;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://1.bp.blogspot.com/-5Ev6ObykbPc/VmHFlf8wEvI/AAAAAAAAAks/qN2gVnoNXj4/s1600/seguido.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="191" src="http://1.bp.blogspot.com/-5Ev6ObykbPc/VmHFlf8wEvI/AAAAAAAAAks/qN2gVnoNXj4/s400/seguido.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fig.2 Work done, Ascendent order</td></tr>
</tbody></table>
<div style="text-align: left;">
<div style="text-align: justify;">
You will find this article in tex and pdf format in the next link :</div>
</div>
<div style="text-align: left;">
<div style="text-align: justify;">
<b><a href="https://goo.gl/9EZdTk">Articulo de Técnicas Comunicación</a> </b>[Full Text in Spanish]</div>
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
See you next</div>
<div style="text-align: left;">
[1]<a href="https://www.blogger.com/%C2%A0https://en.wikipedia.org/wiki/Open_science"> https://en.wikipedia.org/wiki/Open_science</a>: <i>Open science is the movement to make scientific research, data and dissemination accessible to all levels of an inquiring society, amateur or professional. </i><span style="text-align: center;"><i>It encompasses practices such as publishing open research, campaigning for open access, encouraging scientists to practice open notebook science, and generally making it easier to publish and communicate scientific knowledge</i></span><br />
<span style="text-align: center;"><i><br /></i></span>
<div style="text-align: left;">
UPDATE:</div>
<div style="text-align: left;">
Due to this research , I've had problems with some professors and teachers they claim that I'm evil and a destroyer for reveal potential risks to the public, meanwhile I don't think about this as a problem because it exist inside the campus and that's happening in other national campus around Colombia, This shows how bad prepared are the professionals who manages network of the university, without generalizing of course.</div>
<br />
I stopped working with the professor of electrical technology for this.</div>
</div>
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-33565934685151654562015-11-30T00:25:00.000-05:002015-11-30T00:37:35.982-05:00Programming ContestProgramming Contest are not very different to Capture the Flag, as you know a CTF is a special kind of information security competitions where categories can be Web, Forensics, Crypto, Binary, or something else, The main Idea is solve challenges, meanwhile Programming Contest is the same but here I can notice clearly an academic approach which includes mathematics , physics, statistics, data structures, and other topics that maybe I don't know yet, This entrance is to express How I feel in my first Programming Contest sponsored by RPC (<a href="https://acm.javeriana.edu.co/maratones/">Red de Programación Competitiva</a>).<br />
<br />
As always I was late at the event, starting at 1 p.m of 28 day of November, Universidad Tecnológica de Pereira was the host of this competition, the idea of me participating in this contest was to know more about how it is,What kind of problems I need to face in the future, and the most important if it's funny because if you don't like this just quit out.<br />
<br />
My team was conformed by two more people Leiver a fellow class of the operations research and a new friend that certainly looked pretty smart Sebastian, both of them have a lot of experience in this kind of competitions, is obviously that a team is a conformation to speak also It was to generate synergy, new ideas, discuss problems, and share knowledge in how to solve this or that problem, but that did not happen here apparently I do not know many issues, nor have methods in mind I just could think myself in the problems and maybe share my thoughts, because that was the only thing that happened. To me this experiment was interesting because I'm confident with myself that I need to learn much more, and increase my expertise in Computer programming, of course there is a goal behind this,and it needs to be part of my personal toolkit as a hacker.<br />
<br />
Things that I learn :<br />
<br />
If you're going to use c++ you can use this trick,<br />
<pre class="brush:bash">#include <bits/stdc++.h></pre>
There is no need to include any other header files here and it's interesting because in stack overflow there is a question related to this :<br />
<div>
<blockquote class="tr_bq">
<a href="http://stackoverflow.com/questions/25311011/how-does-include-bits-stdc-h-work-in-c">How does #include <bits/stdc++.h> work in C++?</a>: </blockquote>
<blockquote class="tr_bq">
It is basically a header file that also includes every standard library and stl include file. The only purpose I can see for it would be for testing and education, please refer to <a href="https://gist.github.com/eduarc/6022859">https://gist.github.com/eduarc/6022859</a> to see an example, I don't exactly know if it's true that this increase the compilation time</blockquote>
trick that didn't make sense to me was use:<br />
<br />
<pre class="brush:bash">#define fast ios_base::sync_with_stdio(false);cin.tie(NULL)</pre>
<br />
And It simply optimize cin and cout by making its execution faster, using a kind of syncronization; Off course participants in this competition like in the Ctf's Wargames, need to practice, practice, and practice to get a decent standard math and programming level, here we need to know what type of problem is, and based on that we can use one or other method, something funny to me was when the competition runs out of time everybody was talking about a DP, P,Complexity,Graphs, that was blowing my mind...Something new in this short weekend.<br />
<br />
Stay tune !<br />
Reference:<br />
<a href="http://codeforces.com/">[1]Codeforces</a><br />
<a href="https://en.wikipedia.org/wiki/Competitive_programming">[2]Competitive Programming</a><br />
<a href="https://www.quora.com/What-are-the-practical-benefits-of-competitive-programming">[3]Key Advantage of Competitive Programming</a><br />
<a href="https://www.usenix.org/system/files/conference/3gse14/3gse14-chapman.pdf">[4]PicoCTF: A Game-Based Computer Security Competitionfor High School Students</a><br />
<a href="http://scholarworks.rit.edu/cgi/viewcontent.cgi?article=1304&context=other">[1]Developing Small Team-based Cyber SecurityExercises </a></div>
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-17296407246871945332015-11-28T09:41:00.001-05:002015-11-28T09:42:29.195-05:00Linux Kernel, Security or Myth?<br />
<img height="299" src="https://getlogdog.com/wp-content/uploads/2014/08/INTRO-624x468.jpg" width="400" /><br />
Recently I was reading an interesting interview who Craig Timberg made to Torvalds. Clearly the principal argument in the <a href="http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/">interview</a> is the increase of known vulnerabilities in the linux Kernel and obviously the mindset of the lead developer of Linux, who is arguing that security is another concern more. <br />
<br />
<blockquote class="tr_bq"><i>Even more broadly, the battle over Linux security is a fight over the future of the online world. At a time when leading computer scientists are debating whether the Internet is so broken that it needs to be replaced, the network is expanding faster than ever, layering flaw upon flaw in an ever-expanding web of insecurity. Perhaps the best hope for fixing this, some experts argue, lies in changing the operating system that — more than any other — controls these machines.</i></blockquote><br />
<br />
Kernel Security is pretty important right now and if you don't believe in that check the statistics in android's phone usage, also you can take a quick Look at a few recent kernel security holes that has<a href="https://lwn.net/Articles/660866/"> been discovered</a> Buffer Overflows, initialization failures and the list goes on. The point is that been Torvalds the king of geeks he is obviously going to be the king of the bad guys if they don't review properly commits and new patches, security is above usability or I think so, that's why Security of Linux even as it became a bigger is more important, but seriously Torvalds just said that People in security is just too paranoid.I remember when long time ago Linux in its early days was widely considered a safer choice than Windows or other commercial operating systems, but now it has been disappear slowly. I have to say that not all problems did not involve the kernel itself, but they're there, and it's becoming a popular target for hackers building “botnets,” and the companies that sell them surveillance tools like <a href="https://www.finfisher.com/FinFisher/index.html">Finfisher</a>.<br />
<br />
Could be The Kernel Security taking as a relevant topic ?<br />
<br />
<div>References:<br />
[1] <a href="http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/">http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/</a><br />
[2] <a href="https://lwn.net/Articles/661086/">https://lwn.net/Articles/661086/</a><br />
[3] <a href="https://lwn.net/Articles/662627/">https://lwn.net/Articles/662627/</a><br />
[4] <a href="http://bits-please.blogspot.com.co/2015/08/android-linux-kernel-privilege.html">http://bits-please.blogspot.com.co/2015/08/android-linux-kernel-privilege.html</a><br />
[5] <a href="https://lwn.net/Articles/662219/%C2%A0">https://lwn.net/Articles/662219/</a></div>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-32320457490822720032015-05-18T23:41:00.000-05:002015-05-18T23:41:00.328-05:00Before you learn to code, think about what you want to code...Checking Quora I found an answer pointing out to this nice article [1], so I would like to keep this in mind.<br />
<blockquote 0.159999996423721px="" 22px="" 30px="" 33px="" cambria="" class="tr_bq" font-family:="" font-size:="" freight-text-pro="" georgia="" imes="" letter-spacing:="" line-height:="" margin-bottom:="" new="" roman="" serif="" times="">
<span 0.159999996423721px="" 22px="" 33px="" cambria="" font-family:="" font-size:="" freight-text-pro="" georgia="" imes="" letter-spacing:="" line-height:="" new="" roman="" serif="" times="">Knowing how to code is mostly about building things, and the path is a lot clearer when you have a sense of the end goal. If your goal is “learn to code,” without a clear idea of the kinds of programs you will write and how they will make your life better, you will probably find it a frustrating exercise.</span><span style="background-color: white; color: rgba(0, 0, 0, 0.952941); font-family: freight-text-pro, Georgia, Cambria, 'Times New Roman', Times, serif; font-size: 22px; letter-spacing: 0.159999996423721px; line-height: 33px;"><br />
</span>I’m a little ashamed to admit that part of my motivation for studying computer science was that I wanted to prove I was smart, and I wanted to be able to get Smart Person jobs. I also liked thinking about math and theory (<a class="markup--anchor markup--p-anchor" data-href="http://www.amazon.ca/Godel-Escher-Bach-Eternal-Golden/dp/0465026567" href="http://www.amazon.ca/Godel-Escher-Bach-Eternal-Golden/dp/0465026567" rel="nofollow" style="background-color: transparent; background-image: linear-gradient(rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0.6) 50%); background-position: 0px 23px; background-repeat: repeat-x; background-size: 2px 2px; text-decoration: none;">this book</a> blew my mind at an impressionable age) and the program was a good fit. It wasn’t enough to sustain me for long, though, until I found ways to connect technology to the things I really loved, like music and literature.<br />
So, what do you want to code? Websites? Games? iPhone apps? A startup that makes you rich? Interactive art? Do you want to be able to impress your boss or automate a tedious task so you can spend more time looking at otter pictures? Perhaps you simply want to be more employable, add a buzzword to your resume, or fulfill the requirements of your educational program. All of these are worthy goals. Make sure you know which one is yours, and study accordingly.</blockquote>
<br />
Cecilly Carver <br />
[1] https://medium.com/@cecilycarver/things-i-wish-someone-had-told-me-when-i-was-learning-how-to-code-565fc9dcb329<br />
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-81038590420623144872015-05-04T19:52:00.002-05:002015-05-05T09:21:41.055-05:00Filters with the IPV4 Address Space Assignment to .CO<div style="text-align: justify;">
It has been a long time since I wrote my last blog post, Just a little busy with the job and my university but this last weekend I was having a rest time, meanwhile I's reading about Ipv6 addressing tips for ISP's [1] I was wondering why I didn't play with the Lacnic assignments in the past, sometimes you just learn how internet in general works and you can go more deeper than it is.The Ipv4 assignments could be used to scan and check for new vulnerabities[2][3] inside a specific area or territory of the world.</div>
<br />
<div style="text-align: justify;">
Trying to get more information about Colombian's ip assignments we know that internet is a big number of connections between different AS, ASs are generally Internet service providers but can also be large companies, universities, and other such organizations who act as independent entities on the Internet. These AS's are responsible for <i><b>assigning individual IP addresses</b></i> and routing traffic from individual machines out to and in from the wider Internet, So we want to get more information about the Ipv4 assignments and the best way to get this is going to the primary source for IP address data and it's the regional Internet registries which allocate and distribute IP addresses through organizations located in their respective service regions, This regions are:</div>
<br />
<ol>
<li>African Network Information Centre (AfriNIC)</li>
<li>American Registry for Internet Numbers(ARIN)</li>
<li>Asia-Pacific Network Information Centre (APNIC)</li>
<li>Latin American and Caribbean Internet Address Registry (LACNIC)</li>
<li>RIPE Network Coordination Centre (RIPE NCC)</li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://upload.wikimedia.org/wikipedia/commons/thumb/9/95/Regional_Internet_Registries_world_map.svg/800px-Regional_Internet_Registries_world_map.svg.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="" border="0" src="http://upload.wikimedia.org/wikipedia/commons/thumb/9/95/Regional_Internet_Registries_world_map.svg/800px-Regional_Internet_Registries_world_map.svg.png" height="281" title="Internet Registries" width="600" /></a></div>
<br />
According to wikipedia the main aims are to :<br />
<blockquote class="tr_bq">
<ul>
<li style="text-align: justify;"><i>Protect the unallocated IP number resource pool,</i></li>
</ul>
<ul>
<li style="text-align: justify;"><i>Promote and protect the bottom-up policy development process of the Internet, and</i></li>
</ul>
<ul>
<li style="text-align: justify;"><i>Act as a focal point for Internet community input into the RIf system.</i></li>
</ul>
</blockquote>
<span style="text-align: justify;">Every Regional Internet registry has it's own ftp service sharing information related to the assignments [5] and also a mirror of the other RI'r.</span><br />
<div style="text-align: justify;">
As it's shown in the picture you can see all the content inside the /pub (public folder)</div>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://3.bp.blogspot.com/-TtmFgJrIfDA/VUVrHnEdskI/AAAAAAAAAjI/bOAD7WrQrVI/s1600/url.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="640" src="http://3.bp.blogspot.com/-TtmFgJrIfDA/VUVrHnEdskI/AAAAAAAAAjI/bOAD7WrQrVI/s1600/url.png" width="498" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Checking all the directory structure, assignments are in /pub/stats/region</td></tr>
</tbody></table>
<div style="text-align: justify;">
In my case I'm interest in all the IP addressing assignments by Lacnic and specifically my country Colombia.<br />
<br /></div>
Just get <b><i>delegated-lacnic-extended-latest</i></b> and <i><b>delegated-lacnic-extended-latest.md5</b></i> files wich are that contains all the information That we need to play with, also notice the update history and the date in the ftp.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="http://2.bp.blogspot.com/-iglgMv4pX48/VUVw0Gnn1JI/AAAAAAAAAjY/oXObuavc694/s1600/get.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="234" src="http://2.bp.blogspot.com/-iglgMv4pX48/VUVw0Gnn1JI/AAAAAAAAAjY/oXObuavc694/s1600/get.png" width="620" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Getting files to play with</td></tr>
</tbody></table>
So these files contains all the Latinamerican assignments including the next countries:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-VJascv6q4TA/VUV0_yEMZ-I/AAAAAAAAAjk/lTFhqnyNmUs/s1600/co.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://2.bp.blogspot.com/-VJascv6q4TA/VUV0_yEMZ-I/AAAAAAAAAjk/lTFhqnyNmUs/s1600/co.png" width="163" /></a></div>
You can get this result running a simple filter and cat I like the bash way so here it is :<br />
<pre class="brush:bash">cat delegated-lacnic-extended-latest|cut -d '|' -f 2|sort |uniq >country
cat country </pre>
<strong><i>Grepping by Country:</i></strong><br />
<strong><i><br />
</i></strong> Now to get the information in what we're interests we need to filter our file by country and IPv4 the file itself has a 8 column format as is explained above:<br />
<br />
Column 1:Regional Internet registry (Lacnic in this case) <br />
Column 2:Country Code (CO)<br />
Column 3:Ip Class,Type Resource (ASN,IPV4,IPV6)<br />
Column 4:Network Begin<br />
Column 5:Ip Address Quantity<br />
Column 6:Assignment Date.<br />
Column 7:Organization Type<br />
Column 8: unknow for me.<br />
<blockquote class="tr_bq">
cat delegated-lacnic-extended-latest | grep -i "CO|IPV4"</blockquote>
and after that we get something like this :<br />
<pre class="brush:python">lacnic|CO|ipv4|66.231.64.0|4096|19870101|allocated|75710
lacnic|CO|ipv4|131.0.136.0|1024|20140711|allocated|220116
lacnic|CO|ipv4|131.0.168.0|1024|20140714|allocated|218493
lacnic|CO|ipv4|131.108.168.0|1024|20140902|allocated|30093
</pre>
We can get 375 entries but how many ipv4 addresses are assigned to CO in total?<br />
off course this could be done filtering the 5 column and the IP to ASN Mapping Project<br />
<br />
Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our IP to ASN Mapping Project.dding line per line in order to get the total number.<br />
<center>
$$ \sum _{ i=0 }^{ 375 }{eachlinei }$$ </center>
<pre class="brush:bash">cat Colombia.txt |cut -d '|' -f5 |awk '{s+=$1} END {printf "%.0f", s}'
</pre>
<b><span style="color: lime;">17.263.593</span> in IPv4 assignments to Colombian Country until the last update of file.</b><br />
<b><br />
</b> In this amount of IPv4 Addresses we will be pretty interest in entities that don't waste time and money searching for you generally this type of entities are non-goverment such as universities, public schools but always without goverment asociation.Offcourse we can use a service to query for some basic AS information directly and for this I'm going to use the Team Cymru's nslookup.<br />
<br />
<blockquote class="tr_bq" style="background-color: white; box-sizing: border-box; color: #333333; font-family: Raleway, sans-serif; font-size: 14px; line-height: 22px; margin-bottom: 12px; padding-left: 5px;">
<i><a href="http://www.team-cymru.org/IP-ASN-mapping.html" style="background: transparent; box-sizing: border-box; color: #008752; text-decoration: none;">The IP to ASN Mapping Project</a></i><span style="background-color: transparent;"> </span></blockquote>
<blockquote class="tr_bq" style="background-color: white; box-sizing: border-box; color: #333333; font-family: Raleway, sans-serif; font-size: 14px; line-height: 22px; margin-bottom: 12px; padding-left: 5px;">
<i><a href="http://www.team-cymru.org/IP-ASN-mapping.html" style="background: transparent; box-sizing: border-box; color: #008752; text-decoration: none;"></a>Team Cymru provides a number of query interfaces that allow for the mapping of IP addresses to BGP prefixes and Autonomous System Numbers (ASNs), based on BGP feeds from our 50+ BGP peers, and updated every 4 hours. This data is available through traditional WHOIS (TCP 43), DNS (UDP 53), HTTP (TCP 80), and HTTPS (TCP 443). For more information on the data available, and how to query, check out our <a href="http://www.team-cymru.org/IP-ASN-mapping.html" style="background: transparent; box-sizing: border-box; color: #008752; text-decoration: none;">IP to ASN Mapping Project</a>.</i></blockquote>
Follow the steps given in the official website, using netcat is a better way to get this information, you can filter out the ips addresses using the next :<br />
<br />
<pre class="brush:bash">grep -i 'ipv4\|ipv6' Colombia.txt|cut -d '|' -f4 >ipsColombia.txt</pre>
Maybe the previous won't work because you need to map an IPv6 address or prefix to a corresponding BGP Origin ASN.if you just want the ipv4 version :<br />
<pre class="brush:bash">grep -i 'ipv4' Colombia.txt|cut -d '|' -f4 >ipsColombia.txt
</pre>
<br />
<b> </b><br />
then add the begin and end word to the file.<br />
<pre class="brush:bash">netcat whois.cymru.com 43 < ipsColombia.txt | sort -n > asninfo.txt #ipv4, and ipv6
</pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-d2kT-7UbwdI/VUjO48B8MCI/AAAAAAAAAkE/pIDBwkqBEPo/s1600/asinfo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="301" src="http://1.bp.blogspot.com/-d2kT-7UbwdI/VUjO48B8MCI/AAAAAAAAAkE/pIDBwkqBEPo/s400/asinfo.png" width="400" /></a></div>
<i><br /></i>
<i>I hope that this information could be useful , cheers</i><br />
<i>c1b3rh4ck.</i><br />
<br />
References<br />
[1] <a href="http://portalipv6.lacnic.net/en/ipv6-addressing-tips-for-isps/">http://portalipv6.lacnic.net/en/ipv6-addressing-tips-for-isps/</a><br />
[2] <a href="http://www.sinfocol.org/2015/03/freak-on-colombian-domain-names-and-heartbleed-one-year-later/">http://www.sinfocol.org/2015/03/freak-on-colombian-domain-names-and-heartbleed-one-year-later/</a><br />
[3] <a href="http://www.mcafee.com/us/resources/reviews/esg-vulnerability-manager.pdf">http://www.mcafee.com/us/resources/reviews/esg-vulnerability-manager.pdf</a><br />
[4] <a href="http://cyber.law.harvard.edu/netmaps/methods.php">http://cyber.law.harvard.edu/netmaps/methods.php</a><br />
[5] ftp://ftp.lacnic.net/pub/stats<br />
[6] http://www.team-cymru.org/IP-ASN-mapping.htmlc1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-28146443896023584912015-01-24T16:13:00.001-05:002015-01-24T16:13:39.739-05:00What Happends When...Checking the github feed I just found this nice link that you should read if you want to be more concious when you press the enter button:<br />
<br />
Enjoy it:<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: 'Helvetica Neue', Helvetica, 'Segoe UI', Arial, freesans, sans-serif; font-size: 16px; line-height: 25.6000003814697px;">This repository is an attempt to answer the age old interview question "What happens when you type google.com into your browser's address box and press enter?"</span></blockquote>
<br />
<a href="https://github.com/alex/what-happens-when">https://github.com/alex/what-happens-when </a>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-41007712499730461272015-01-02T01:00:00.000-05:002015-01-02T21:33:41.370-05:00Notes about Cyber Attacks<div>
In this post I'd like to share with you some interesting notes that I've been collecting for a while, about cyberattacks and other cyber'<b>put your word here lol</b>' that we hear everyday in the news and maybe knowing that all the journalist and press in general are always doing mistakes in the usage of the words.</div>
<div>
<br /></div>
<div>
According to the book "<i>Inside Cyber Warfare" </i>This is an increasing field that has been taken as part of the patrimony of all nations.</div>
<div>
<br /></div>
<div>
<blockquote class="tr_bq">
<i>There is a growing awareness of the vulnerability of a nation’s critical infrastructure to<br />network attack. Transportation, banking, telecommunications, and energy are among<br />the most vulnerable systems and may be subject to the following modes of attack:<br />• Insider threats<br />• Anonymous access to protected networks via the Internet and Supervisory Control<br />and Data Acquisition (SCADA)<br />• Counterfeit hardware<br />• Employee abuse of security guidelines leading to malware propagation inside the<br />firewall</i></blockquote>
</div>
<div>
So what would it happend if your country is under one cyber attack? What Would you do ?, here is something that you could do assuming that everything is connected (knowing that this is happening right now with the Internet of Things concept ).<br />
<br />
Keep this things :<br />
<br />
<div class="MsoNormal">
</div>
<ol>
<li>A battery-powered radio capable of receiving NOAA alerts
and two-way radios (walkie-talkies)</li>
<li>solar-powered or hand-cranked radio as well</li>
<li>Cash reserve should be kept within reach</li>
<li>Social Security cards and other essential documents should
also be held in a secure container,since access to a computer won’t be
guaranteed</li>
<li>Prepare a central point to speak with your family members
take out power lines and cell phone towers</li>
</ol>
<o:p></o:p><br />
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
Online
safety tips</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US"> • Limit the amount of personal information you
post on social media sites, chat sites, forums and online games.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">• Know and
use privacy settings provided on sites like Facebook and Twitter.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">• Be
suspicious of unknown links or requests sent through email or text messages.
Don’t click on unknown links or answer strange questions sent to your mobile
device, regardless of who the sender appears to be.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">• In your
email, turn off the option to automatically download attachments. Save and scan
any attachments before opening them.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span lang="EN-US">• Verify
the authenticity of requests from companies or individuals by contacting them
directly, especially if you are being asked to provide personal information.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
<span lang="EN-US">• Pay close
attention to website URLs. Malicious websites sometimes use a variation in
common spelling (petfun.com instead of petfun.net, for example) to deceive
unsuspecting computer users.</span></div>
<div class="MsoNormal">
<span lang="EN-US"><br /></span></div>
<div class="MsoNormal">
Links :</div>
<div class="MsoNormal">
<br /></div>
The History of Cyber Attacks Timeline: </div>
<div>
<a href="http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm">http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm</a><br />
<br />
Wikipedia's definition :<br />
<a href="https://en.wikipedia.org/wiki/Cyber-attack">https://en.wikipedia.org/wiki/Cyber-attack </a><br />
<br />
Norse's Map of Real time cyberattacks:<br />
<a href="http://map.ipviking.com/%C2%A0">http://map.ipviking.com/</a></div>
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-43345582522107438252014-12-21T19:59:00.002-05:002015-01-01T20:47:14.988-05:00Sony 'made a mistake'???<br />
<div style="text-align: justify;">
The FBI filled in some blanks Friday by noting that "technical analysis of the data-deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed," including "similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks." The FBI also found Internet addresses linked to North Korea in the malware involved in the attack</div>
<div style="text-align: justify;">
<iframe frameborder="no" height="332" marginheight="0" marginwidth="0" noresize="" scrolling="no" src="http://launch.newsinc.com/?type=VideoPlayer/Single&widgetId=1&trackingGroup=69016&siteSection=latimes_hom_non_sec&videoId=28276284" width="590"></iframe><br /></div>
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-80133595827534795622014-11-24T23:04:00.001-05:002014-11-24T23:04:45.206-05:00Phrase of Monday<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-f9Vzc596KhY/VHP_dMVMdmI/AAAAAAAAAh8/naeZh8aY_G8/s1600/x.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-f9Vzc596KhY/VHP_dMVMdmI/AAAAAAAAAh8/naeZh8aY_G8/s1600/x.png" height="231" width="600" /></a></div><br />
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-70486083953296333172014-09-26T00:42:00.000-05:002014-09-26T00:42:26.379-05:00#Shellshock Images of the Week<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
During these days we're hearing about #Shellshock bug, and I's just wondering if the Sysadmin of US DoD network is going to invite everybody to the big party with all these attacks,botnets, forkbombs,etc :P stay alert ,During all these two days one of the major flaws has been exploited and that's the obviously! , Who does not like free shells :3, there're right now tons of people creating new PoC's now imagine how money could you get :P Do you imagine how the defense should be.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
I've been collecting a couple of fun pics regarding to this topic , enjoy it .</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" src="https://pbs.twimg.com/media/ByZbFApIEAA2OJV.jpg" /></div>
<div style="text-align: center;">
Fig.1 I can't reproduce #shellshock on this system either! Plz help.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="277" src="https://pbs.twimg.com/media/ByWkTRxIcAATg4M.jpg" width="400" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Fig.2 Jailbreaked iOS 7.1.2 #shellshock test result.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="226" src="https://pbs.twimg.com/media/ByWUeobCIAARuNU.png" width="400" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Fig.3 For a laugh: *Facepalm* Oh GoDaddy... #Shellshock #CVE20146271 #bashbug #bashbleed #bashpocalypse #infosec</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="400" src="https://pbs.twimg.com/media/ByVoTIvIQAAiJj1.jpg" width="319" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Fig.4 #infosec #shellshock #bashbleed #bashpocalypse</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="224" src="https://pbs.twimg.com/media/ByYhoEeIYAAQTGO.jpg" width="400" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Fig.5 Lol In your servers, stealing your secretz #bashbug #shellshock</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" src="https://pbs.twimg.com/media/ByZUxyHCAAAKF_4.jpg" /></div>
<div style="text-align: center;">
Fig.6 How many people already talking about #shellshock? About 40K tweets by 46K users since yesterday. #bash #bashbug</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="386" src="https://pbs.twimg.com/media/ByU31KoCYAAjmP-.png" width="400" /></div>
<div style="text-align: center;">
Fig.7 Since 90's ?</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="224" src="https://pbs.twimg.com/media/ByaaBQ2IAAAMCFt.jpg" width="400" /></div>
<div style="text-align: center;">
Fig.8 In the Wake of Shellshock, Mac Users Are Left Waiting for a Patch via @mashable http://avgclick.me/1n46EUP</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img alt="Embedded image permalink" height="269" src="https://pbs.twimg.com/media/ByYxydRIgAE7Cdz.png" width="400" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
#Shellshock: All you need to know about the #BashBug vulnerability http://symc.ly/1u21HMX</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<img height="346" src="https://pbs.twimg.com/media/ByXyF5DCQAAgUhU.png:large" width="400" /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-22678976972500095972014-09-01T23:59:00.000-05:002014-09-04T07:47:38.012-05:00Pwnables.kr <div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-FYG6H5mNHE8/VAVDPoqdx6I/AAAAAAAAAhE/F_HL-V1nV00/s1600/for.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-FYG6H5mNHE8/VAVDPoqdx6I/AAAAAAAAAhE/F_HL-V1nV00/s1600/for.png" height="484" width="500" /></a></div><br />
Well this post is to share with you an amazing site saw in #pwning channel ,I say that because in this site we can practice all the important aspects (Reversing, Programming, System Knowledge and Exploitation)it has a special thing where you need to know about Gnu/Linux Operative System and it is intended for students,professionals and enthusiast of Information Security.<br />
<div><br />
</div><div>The site is divided in four categories as it is explained below :<br />
<br />
</div><div><table><tbody>
<tr><td><ol><li><span style="font-family: Times, Times New Roman, serif;"><b>Toddler's Bottle</b>: Tasks for beginners. Basic tasks for pwning. Somewhat educative. </span></li>
<li><span style="font-family: Times, Times New Roman, serif;"><b>Rookiss</b>: These tasks suffers from typical rookie mistakes regarding computer security.</span></li>
<li><span style="font-family: Times, Times New Roman, serif;"><b>Grotesque</b>: These tasks are somewhat difficult to exploit, you need to buckle down and focus to solve these tasks.</span></li>
<li><span style="font-family: Times, Times New Roman, serif;"><b>Hackers's Secret</b>: Advanced system knowledge is required for pwning these tasks. Being smart isn't enough.</span></li>
</ol></td></tr>
</tbody></table><div><span style="font-family: Times, Times New Roman, serif;"><br />
</span></div><div></div>The learning process is part of you , here you'll need to do the proper homework , it can overcome the limitations imposed by the concept of tacit, also the fun thing is the key to pass some of the challenges.<br />
<br />
Play Just for fun not for profit.<br />
<br />
<br />
<br />
</div></div>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-79795742929681454642014-08-26T13:06:00.000-05:002014-08-26T13:06:13.770-05:00<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: black; font-size: 14px; font-weight: bold; text-align: start;"><i><span style="font-family: Georgia, Times New Roman, serif;">When companies publish their internal security strategy, to show how secure they are</span></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Hd3C45INyGw/U_zMNdGmh9I/AAAAAAAAAgg/9Opb_IkSPlc/s1600/Infosec.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-Hd3C45INyGw/U_zMNdGmh9I/AAAAAAAAAgg/9Opb_IkSPlc/s1600/Infosec.gif" /></a></div>
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-62398546352132952312014-04-20T09:54:00.000-05:002014-04-20T09:54:53.942-05:00April 22nd is Earth dayThis year I'm working with a near partner in my university as you maybe know in april 22 is Earth day an special day for our planet.We're going to plant new trees if you want to join please leave me a message using the contact box or reachme in twitter.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Jz-LWlbkJbU/U1PeA8iqYXI/AAAAAAAAAeA/OACjCpToSAo/s1600/10246803_795274257160254_5335567980200412433_n.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-Jz-LWlbkJbU/U1PeA8iqYXI/AAAAAAAAAeA/OACjCpToSAo/s1600/10246803_795274257160254_5335567980200412433_n.jpg" height="400" width="400" /></a></div>
<br />
Plant trees plant life Pick a tree that you know can survive in your climate. If you're unsure about what that might be, ask an employee at your local garden shop, or inside the garden department of a big-box store.<br />
<br />
Learn more about the environment. Earth Day is a good time to make a commitment to learning more about the environment and how you can help to protect it. Borrow some library books and read up on an issue such as pollution, endangered species, water shortages, recycling, and climate change. Or, learn about a region you've never considered before, like the Arctic, the deserts, or the rain forests. Think about the issues that concern you the most and if you haven't done so already, join a local group that undertakes activities to help protect the environment in your area.<br />
<br />
Where:<br />
Universidad Tecnologica de Pereira<br />
When :<br />
April 22 , at 9 a.m Electrical Building.c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-48709240755270547662014-04-06T12:16:00.001-05:002014-04-06T12:16:01.908-05:00 Weekly Security Reactions<b>When I submit a bug report, but someone else already got the bounty.</b><br />
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/nBC9Efs.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://i.imgur.com/nBC9Efs.gif" height="160" width="320" /></a></div>
<b><br /></b>
<br />
<b>It seems like a local situation :3</b>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-13947331961075127832014-04-04T23:15:00.000-05:002014-04-04T23:15:00.175-05:00 The Fall of Hacker GroupsAs we know during decades there were legendary hacking groups , This article posted by strauss in phrack magazine in april 4 is really nice and you must read here <a href="http://phrack.org/papers/fall_of_groups.html">http://phrack.org/papers/fall_of_groups.html</a>.<br />
<br />
<blockquote class="tr_bq">
Hacking is, in its very essence, an underground movement. Those who take part on it have always been the ones who (ab)used technology in ways beyond the knowledge of the larger userbase. It is tightly linked to intense efforts in unveiling previously unknown information as well as in sharing these discoveries. These premises hold true for as long as we know hackers: since computers had barely no users up until the informatic massification of today. The nature of the hacker interests intrinsically poses difficulties: <b><i>growing knowledge on anything is hard. It requires heavy research, experimentation, and can turn into an endless journey if objectives are not carefully set. Just like in any field of scientific studies, it calls for a good amount of colaboration, an attitude which, luckily for hackers, was greatly enabled by the advent of computer networks and, most notably, the Internet.</i></b> Computer networks increasingly made it possible to transmit<b><i> unlimited and uncensored information across their geographical extent with little effort</i></b>, with little costs, and in virtually no time. From the communication development standpoint, one would expect that the events that followed the 80s to our days would lead to a geometric progression in the number of hacker communities. In effect, hacking has arguably grown.<b> Hacker communities, definitely not</b>.</blockquote>
<br />
Just take a moment , and think on this wise words of wisdom.<br />
<br />c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com2tag:blogger.com,1999:blog-8276390979412785398.post-40558445397089023412014-03-01T09:44:00.000-05:002014-03-01T09:44:42.347-05:00Weekly Security Reactions <div class="separator" style="clear: both; text-align: center;">
NSA trying to control the Internet</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/ubdpwt6.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://i.imgur.com/ubdpwt6.gif" height="272" width="400" /></a></div>
<br />
<br />
<div style="text-align: center;">
Only person on CTF team to not get a shell</div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.imgur.com/PW920zi.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://i.imgur.com/PW920zi.gif" height="281" width="320" /></a></div>
<div style="text-align: center;">
<br /></div>
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-91336646962375420112014-02-17T19:03:00.000-05:002014-02-17T19:03:00.073-05:00Olympic CTF 2014 - Binathlon (400)Checking the Dragon Sector blog I've found this nice video :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/XWozhb1ZOyM?feature=player_embedded' frameborder='0'></iframe></div>
<br />
<a href="http://blog.dragonsector.pl/">http://blog.dragonsector.pl/</a>c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0tag:blogger.com,1999:blog-8276390979412785398.post-84352849665405185152014-02-15T17:46:00.000-05:002014-02-15T17:56:22.572-05:00Analisis de Circuitos Teoria y Practica <div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img405.imageshack.us/img405/3156/analisisdecircuitosteor.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://img405.imageshack.us/img405/3156/analisisdecircuitosteor.jpg" height="400" width="310" /></a></div>
<div>
<br /></div>
<div>
Hace algún tiempo estuve buscando este libro en pdf pero por desgracia no lo encontré.</div>
<div>
La primera vez que vi este libro fue en la biblioteca de la universidad cuando recién comenzaba a crear mis primeros proyectos de electrónica, hoy lo encuentro así que lo dejare aquí para mi y por si alguien que lea este blog lo quiere aquí esta.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Link de Descarga:</div>
<div>
<br /></div>
<div>
<a href="https://mega.co.nz/#!R5kwWbxI!269ikcaGAb-l7Esd6nrCFft3uK5RQ-6MHCWxfNycKvE">https://mega.co.nz/#!R5kwWbxI!269ikcaGAb-l7Esd6nrCFft3uK5RQ-6MHCWxfNycKvE</a><br />
<br />
<a href="https://drive.google.com/file/d/0B9KYv-mwSafXbVFaZGVUM0dUUjA">https://drive.google.com/file/d/0B9KYv-mwSafXbVFaZGVUM0dUUjA</a></div>
<div>
<br /></div>
c1b3rh4ckhttp://www.blogger.com/profile/12321189113494230645noreply@blogger.com0