Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
"A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term."
What the heck? Are we just going to ban the colors white and black in every context? Its clearly not talking about race, its talking about morals... Which people like this "google security researcher" obviously know nothing about...
This is all so stupid... luckily the community disagrees with the stance but then again, afaik, we all also disagreed with removing master/slave and it still happened so make of that what you will...
https://zdnet.com/article/...34 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
When I was younger (about six) I wanted to hack into NASA and release all their files on aliens and UFO's to the world so they would know the truth 🌎👽5
-
When kids watch tutorials on youtube and think they wanna become black hat hackers and tell everyone that thay are black hat hackers 😂😂
Source : reddit
6 -
This rant has been one that I've been wanting to rant about for a while now. Me being drunk as fuck right now (mind, stay awake!) doesn't really help, but meh.
At least Wanblows was able to install its "features" properly... Except it wasn't, being the featureful ShitOS it is.
I want to rant about privacy. Not about "nothing to hide, nothing to fear". That's been ranted about plenty by the MIcroshaft-loving folks as well as the privacy-aware opposition. Rather, I'd like to rant about the privacy-concious.
I am a privacy-concious-person, with his current status quo being that he doesn't yet know a privacy-concious solution to every data-intrusive "common solution" out there. So I tend to value privacy next to De Lijn while sharing location data to Google with Google Maps. Point is, I do not know privacy-concious solutions to everything out there yet. So I use the convenient over the privacy-aware.
(after review while drunk I was unable to make sense of this)
In the privacy-aware circles I tend to see that it seems to be black and white. You share your data with Google, yet you oppose data collection by local institutes? WRONG!!! YOU MUST BE A TINFOIL HAT!!!
No, seriously I don't want to share my data with Google. Just that they're the only realtime navigation platform with decent UI out there that I know of right now.
Privacy isn't all black and white here. I block any intrusion that I'm able to, anything else I abide to, while awaiting a good alternative that does respect my privacy which I would gladly use instead. That does not imply that "I have nothing to hide". I do, and I have a lot to hide.
So that makes up the black and white nature of privacy, which is a fallacy. Another one is the whole idea of "I have nothing to hide" to begin with.
If you have nothing to hide, would you be comfortable with sharing your location data (IP address, habits, common trends, etc) with me? To share your information with me, to have your contacts share your info with me, without your consent? Of course you wouldn't. But that's what's happening right now.2 -
The hat you wear matters a lot, you don't apply for a job as a Penetration tester with a black hat on.
1 -
Vendor we('re forced to) work with, as we share a client. This is in their stylesheet. Fuck SEO best practices, amirite?! 😒
5 -
Oh my God. Did any of you catch Sundar from Google being grilled by Congress yesterday?
It is so embarrassing watching congressman who think they know technology ask questions did somebody who actually is technically proficient. you would think they would have hired somebody at least to educate them first before looking like an ass on TV.
It look like I asked my janitor to interview our next developer.
So funny though over his left shoulder there's a guy that looks like Sir topham hatt from Monopoly. Hahahahahahh not kidding black top hat and big white mustache.1 -
Right, that's fucking it. Enough. I'm all for learning new technologies, frameworks, and development protocols, but my time on this earth is limited and at the end of the day if I'm having to spend DAYS AND FUCKING DAYS just scouring through obscure forum posts because the documentation is shit and just hitting ONE FUCKING PROBLEM AFTER ANOTHER then there comes a point at which the time investment simply isn't worth it. I HATE throwing in the towel because some FUCKING CUNT code problem has got the better of me, but fucking sense must prevail here.
Laravel fucking Mix. Do any any of you use this shit on Windows? Because I take my fucking hat off to you. I'm done with it.
Oh, so your server uses 'public_html' instead of 'public' does it? Well, of course you can just set
mix.setPublicPath('public_html'); then can't you?
No, you can't. Why? Because fuck you, that's why. Not only do you have to hard-code your fucking public directory into each specified path, additionally you have to set
mix.setPublicPath('./');
Why? Because fuck you, that's why. It took me the best part of two days to discover that little nugget of information, buried at the bottom of some obscure corner of the internet in a random github issue thread. Fuck off.
Onto next problem. Another 5 hours invested to extract some patchy solution that I'm not at all happy with.
Rinse, repeat.
Make it work with BrowserSync by wrapping your assets like so:
<link rel="stylesheet" href="{{ mix('/build/css/main.css') }}">
Oh oh oh but "The Mix manifest does not exist"... despite a fresh install of Laravel 5.6 and all relevant node modules installed... follow some other random Github thread with a back and forth of time-consuming suggestions for avenues of experimentation, with no clear solution.
Er no, fuck off. I'm going back to Grunt and maybe I'll try Webpack/Mix in another year or two when there's actually some clear answers, but as it stands this a wild goose chase into a fucking black-hole and I've got better things to do with my precious time. Go die.5 -
Fuck the feelings of powerlessness and helplessness. when a friend comes crying for you for help with their hacked account and you keep asking them about what they did to protect it in the first place and they reply with nothing, no recovery email, no recover phone, no secondary verification, NOTHING. and you can do nothing but stand there and watch them cry while you can literally do nothing because there literally nothing you can do to retrieve their stolen accounts. FUCK BLACK HAT HACKERS.3
-
DevRant colors :
White - Gray - Black
White hat hacker , gray hat hacker and black hat hackers
Just something random ..5 -
I’M COMIC SANS, ASSHOLE
Listen up. I know the shit you’ve been saying behind my back. You think I’m stupid. You think I’m immature. You think I’m a malformed, pathetic excuse for a font. Well think again, nerdhole, because I’m Comic Sans, and I’m the best thing to happen to typography since Johannes fucking Gutenberg.
You don’t like that your coworker used me on that note about stealing her yogurt from the break room fridge? You don’t like that I’m all over your sister-in-law’s blog? You don’t like that I’m on the sign for that new Thai place? You think I’m pedestrian and tacky? Guess the fuck what, Picasso. We don’t all have seventy-three weights of stick-up-my-ass Helvetica sitting on our seventeen-inch MacBook Pros. Sorry the entire world can’t all be done in stark Eurotrash Swiss type. Sorry some people like to have fun. Sorry I’m standing in the way of your minimalist Bauhaus-esque fascist snoozefest. Maybe sometime you should take off your black turtleneck, stop compulsively adjusting your Tumblr theme, and lighten the fuck up for once.
People love me. Why? Because I’m fun. I’m the life of the party. I bring levity to any situation. Need to soften the blow of a harsh message about restroom etiquette? SLAM. There I am. Need to spice up the directions to your graduation party? WHAM. There again. Need to convey your fun-loving, approachable nature on your business’ website? SMACK. Like daffodils in motherfucking spring.
When people need to kick back, have fun, and party, I will be there, unlike your pathetic fonts. While Gotham is at the science fair, I’m banging the prom queen behind the woodshop. While Avenir is practicing the clarinet, I’m shredding “Reign In Blood” on my double-necked Stratocaster. While Univers is refilling his allergy prescriptions, I’m racing my tricked-out, nitrous-laden Honda Civic against Tokyo gangsters who’ll kill me if I don’t cross the finish line first. I am a sans serif Superman and my only kryptonite is pretentious buzzkills like you.
It doesn’t even matter what you think. You know why, jagoff? Cause I’m famous. I am on every major operating system since Microsoft fucking Bob. I’m in your signs. I’m in your browsers. I’m in your instant messengers. I’m not just a font. I am a force of motherfucking nature and I will not rest until every uptight armchair typographer cock-hat like you is surrounded by my lovable, comic-book inspired, sans-serif badassery.
Enough of this bullshit. I’m gonna go get hammered with Papyrus.
by Mike Lacher, https://mcsweeneys.net/articles/...3 -
I first wanted to be a black hat hacker so I opened cmd.exe and run help to see which commands I could use to make batch programs and then I taught myself the rest of batch. Afterwards, I drifted to DHTML (HTML+CSS+JS) where I made some basic snippets while teaching myself JS3
-
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
//Met an old friend
So I heard you're a programmer now. I need some help from you.
*write something on paper
HACK this fb account unless you are a big fat phony.5 -
You know you won't get much sleep tonight when you close the defcon talk you started when going to the toilet to continue the black hat talk on your PC.
-
I wonder if crypto exchanges are so damn vulnerable or just so transparent.
I mean, it is impossible to scroll tech articles for more than a few seconds before stumbling on a report of yet another crypto exchange being nicked a couple hundred mil USD.
- It could be that their security severely sucks (wouldn't blame them for it, most businesses do suck at securing shit).
- It could be that the entire black hat community is putting it's might on stealing money that is so fucking easy to launder.
- It could be that is damn nigh impossible to cover up a crypto hack since the evidence of coins drifting away is forever on display in the public ledger, and in that case crypto companies are not hacked more often than regular companies, they are just much more often publically shamed for it.
- It could be a mix of all the above, but my intuition is that one factor is more relevant.
Which would be the most relevant factor? One of the above or yet another attack vector to the stupidest value conduit ever?5
Top Tags
Weekly Rant
View