quinta-feira, 27 de agosto de 2020

How To Start | How To Become An Ethical Hacker

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!
This Post is for the people that:

  • Have No Experience With Cybersecurity (Ethical Hacking)
  • Have Limited Experience.
  • Those That Just Can't Get A Break


OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.
I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

 I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.
Let's get this party started.
  •  What is hacking?
Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.
Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

 There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.
  •  Skills required to become ethical hacker.
  1. Curosity anf exploration
  2. Operating System
  3. Fundamentals of Networking
*Note this sites





Related links


C++ Std::Condition_Variable Null Pointer Derreference


This story is about a bug generated by g++ and clang compilers (at least)
The condition_variables is a feature on the standard library of c++ (libstdc++), when its compiled statically a weird asm code is generated.


Any example on the link below will crash if its compiled statically:
 https://en.cppreference.com/w/cpp/thread/condition_variable



In this case the condition_variable.wait() crashed, but this happens with other methods, a simple way to trigger it:




If this program is compiled dynamically the crash doesn't occur:

Looking the dissasembly there is a surprise created by the compiler:


Compilers:
    g++  9.2.1+20200130-2
    clang++ v9

Both compilers are generating the "call 0x00"

If we check this call in a dynamic compiled:




The implementation of condition_variable in github:
https://github.com/gcc-mirror/gcc/blob/b7c9bd36eaacac42631b882dc67a6f0db94de21c/libstdc%2B%2B-v3/include/std/condition_variable


The compilers can't copile well this code in static,  and same happens on  other condition_variable methods.
I would say the _lock is being assembled improperly in static, is not exacly a null pointer derreference but the effects are the same, executing code at address 0x00 which on linux is a crash on most of cases.

Continue reading

Domain Authority 50 for your website - Guaranteed Service

We`ll get your website to have Domain Authority 50 or we`ll refund you every
cent

for only 150 usd, you`ll have DA50 for your website, guaranteed

Order it today:
http://www.str8-creative.co/product/moz-da-seo-plan/

thanks
Alex Peters

Pyre-Check - Performant Type-Checking For Python


Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.
Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications. Please refer to our documentation to get started with our security analysis.

Requirements
To get started, you need Python 3.6 or later and watchman working on your system. On MacOS you can get everything with homebrew:
$ brew install python3 watchman
On Ubuntu, Mint, or Debian; use apt-get:
$ sudo apt-get install python3 python3-pip watchman
We tested Pyre on Ubuntu 16.04 LTS, CentOS 7, as well as OSX 10.11 and later.

Setting up a Project
We start by creating an empty project directory and setting up a virtual environment:
$ mkdir my_project && cd my_project
$ python3 -m venv ~/.venvs/venv
$ source ~/.venvs/venv/bin/activate
(venv) $ pip install pyre-check
Next, we teach Pyre about our new project:
(venv) $ pyre init
This command will set up a configuration for Pyre (.pyre_configuration) as well as watchman (.watchmanconfig) in your project's directory. Accept the defaults for now – you can change them later if necessary.

Running Pyre
We are now ready to run Pyre:
(venv) $ echo "i: int = 'string'" > test.py
(venv) $ pyre
Æ› Found 1 type error!
test.py:1:0 Incompatible variable type [9]: i is declared to have type `int` but is used as type `str`.
This first invocation will start a daemon listening for filesystem changes – type checking your project incrementally as you make edits to the code. You will notice that subsequent invocations of pyre will be faster than the first one.
For more detailed documentation, see https://pyre-check.org.




via KitPloit
Related news