Shellsec

Lidt flere godter. Disse er en tand mere spændende:
https://steemit.com/shadowbrokers/@thesh...ranslation
https://github.com/x0rz/EQGRP_Lost_in_Translation

Man kan bryde ind på alle windows maskiner på omkring 120 sekunder.
Da de lavede disse exploits var windows 10 ikke kommet ud endnu men selv den er sårbar.
Lækkert!

(15-04-2017, 13:21)zubmit Skrev: [ -> ]Man kan bryde ind på alle windows maskiner på omkring 120 sekunder.

Kilde? Det lyder ikke sandt

(15-04-2017, 14:07)Ash Skrev: [ -> ]Kilde? Det lyder ikke sandt

Her er det Windows 2008 R2 SPA x64 der bliver udnyttet.
https://twitter.com/hackerfantastic/stat...7746315264

Jeg var lidt for hurtigpå win10 da jeg ikke kan finde aktuelt bevis. Det var på en subreddit /r/netsec/ hvor jeg læste at nogen havde haft succes.
Så det beklager jeg. Var for hurtig på aftrækkeren der  :)

Edit: her er den tråden fra reddit:
https://www.reddit.com/r/netsec/comments...anslation/

(15-04-2017, 23:07)zubmit Skrev: [ -> ]Her er det Windows 2008 R2 SPA x64 der bliver udnyttet.
https://twitter.com/hackerfantastic/stat...7746315264

Jeg var lidt for hurtigpå win10 da jeg ikke kan finde aktuelt bevis. Det var på en subreddit /r/netsec/ hvor jeg læste at nogen havde haft succes.
Så det beklager jeg. Var for hurtig på aftrækkeren der  :)

Wooow et 9 år gammelt OS med sikkerhedshuller... lol.

Windows 7, Vista osv. er vel også med på listen over sikre systemer? Jeg tvivler på, at alle styresystemer med seneste updates fra Windows Update kan rammes af dette exploit.

EDIT: Sjovt. https://blogs.technet.microsoft.com/msrc...ting-risk/ - Alle er patched

Der er dog stadig, potentielt, lidt at høste.



https://twitter.com/Balgan

Citer:How many computers are affected on the Internet? @Balgan has identified 1,951,075 Windows 2008 hosts online impacted by ETERNALBLUE...

https://twitter.com/hackerfantastic/stat...7426331649

Som i sikkert har læst i diverse nyheder, bliver dette læk lige nu anvendt i stor stil.

(13-05-2017, 00:12)MalcolmXI Skrev: [ -> ]Som i sikkert har læst i diverse nyheder, bliver dette læk lige nu anvendt i stor stil.

Hehe ja det skulle ske på et eller andet tidspunkt, bare utroligt at der ikke er flere der har fået opdateret, lad os håbe de har styr på deres backups. hvilket de fleste nok ikke har

Citer:But theequationgroup didn't buy back lost warez. The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn't buy lost warez. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn't buy lost warez. TheShadowBrokers was very very sad! Story is now sounding like silly children's' book. TheShadowBrokers is writing to audience reading level, thepeoples is having average reading level of 8th grade.

Citer:In April, 90 days from theequationgroup show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? "75% of U.S. cyber arsenal" TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS. This is theshadowbrokers way of telling theequationgroup "all your bases are belong to us". TheShadowBrokers is not being interested in stealing grandmothers' retirement money. This is always being about theshadowbrokers vs theequationgroup.

https://www.version2.dk/artikel/the-shad...ts-1076760
https://steemit.com/shadowbrokers/@thesh...ry-edition

Citer:Welcome to TheShadowBrokers Monthly Dump Service – June 2017

Q: How do I subscribe and get the next theshadowbrokers’ dump (June 2017)?

#1 - Between 06/01/2017 and 06/30/2017 send 100 ZEC (Zcash) to this z_address:

zcaWeZ9j4DdBfZXQgHpBkyauHBtYKF7LnZvaYc4p86G7jGnVUq14KSxsnGmUp7Kh1Pgivcew1qZ64iEeG6vobt8wV2siJiq

#2 – Include a “delivery email address” in the “encrypted memo field” when sending Zcash payment

#3 – If #1 and #2 then a confirmation email will be sent to the “delivery email address” provided

#4 – Between 07/01/2017 and 07/17/2017 a “mass email” will be send to the “delivery email address” of all “confirmed subscribers” (#1, #2, #3)

#5 – The “mass email” will contain a link and a password for the June 2017 dump

Q: What is ZEC or Zcash?

Be looking it up. Zcash is making claiming bitcoin + privacy. TheShadowBrokers is not making endorsements of Zcash. Theoretically only party seeing payment info is theshadowbrokers and theshadowbrokers only seeing amount and encrypted memo field, no sending address.

Q: Is Zcash safe and reliable?

Fuck no! If you caring about loosing $20k+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments. Playing “the game” is involving risks. Zcash is having connections to USG (DARPA, DOD, John Hopkins) and Israel. Why USG is “sponsoring” privacy version of bitcoin? Who the fuck is knowing? In defense, TOR is originally being by similar parties. TheShadowBrokers not fully trusting TOR either. Maybe USG is needing to be sending money outside from banking systems? If USG is hacking and watching banking systems (SWIFT) then adversaries is also hacking and watching banking systems. Maybe is for sending money to deep cover foreign assets? Maybe is being trojan horse with cryptographic flaw or weakness only NSA can exploit? Maybe is not being for money? Maybe is being for Zk-SNARKs research? Maybe fuck it, lets be finding out. This month theshadowbrokers using Zcash. If being not good, then maybe theshadowbrokers doing different for July?

Q: What is going to be in the next dump?

TheShadowBrokers is not deciding yet. Something of value to someone. See theshadowbrokers’ previous posts. The time for “I’ll show you mine if you show me yours first” is being over. Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers’ first. This is being wrong question. Question to be asking “Can my organization afford not to be first to get access to theshadowbrokers dumps?”

Act quickly is good chance Zcash price increasing over time

https://steemit.com/shadowbrokers/@thesh...-june-2017