Sunday 31 May 2020

[WardFive] Mayor Bowser is ordering a citywide curfew for the District of Columbia

Mayor Muriel Bowser #StayHomeDC LiteVerified account @MayorBowser 3m3 minutes ago

 

Mayor Bowser is ordering a citywide curfew for the District of Columbia from 11:00 p.m. on Sunday, May 31, until 6:00 a.m. on Monday, June 1. She has also activated the DC National Guard to support the Metropolitan Police Department.

 

Robert Vinson Brannum

Advisory Neighborhood Commissioner

President Emeritus, DC Federation of Civic Associations, Inc.

 

Read More :- "[WardFive] Mayor Bowser is ordering a citywide curfew for the District of Columbia"
Posted by at 0 comments

Friday 29 May 2020

[WardFive] Census Bureau to Resume Some 2020 Census Field Operations in Washington, DC

Census Bureau to Resume Some 2020 Census Field Operations in Additional Locations

Take The Census

https://my2020census.gov/   https://dccensus2020.dc.gov/

May 29, 2020

Release Number CB20-CN.56

MAY 29, 2020 — The U.S. Census Bureau, in coordination with federal, state and local health officials, will begin a phased restart of some 2020 Census field operations in seven additional states and the District of Columbia the week of June 1. With these additions, field activities have restarted in at least one office in every state and 98.2% of the nation’s update leave workload will have resumed. As of May 27, half of the update leave workload was completed.

The locations that will begin a phased restart of operations are:

  • Delaware
  • Washington, D.C.
  • Hawaii
  • Illinois
  • New Hampshire
  • New Jersey
  • Ohio
  • South Carolina

Additional area census offices in the following states will begin a phased restart of operations:

  • California
  • Maryland
  • Michigan
  • New York
  • Texas
  • Virginia

Updates on the operations resuming by location are available at 2020census.gov. The Census Bureau will update this webpage weekly as 2020 Census operations resume across the United States.

For more information, visit the 2020 Census COVID-19 operational adjustments page.

###

Robert Vinson Brannum

Advisory Neighborhood Commissioner

President Emeritus, DC Federation of Civic Association, Inc.

 

 

Read More :- "[WardFive] Census Bureau to Resume Some 2020 Census Field Operations in Washington, DC"
Posted by at 0 comments

Re: cheat_training_group Cheat: Sat May 30 Workout Lock 5 | Sign up for Week 4

Bring your boof boats and a gopro if you have one! Been doing a lot of video review lately and it's been really effective! 

"There are those that live to boof and there's those that boof to live" -Tom McEwan 
Tomorrow we find out which one you identify with. 

On Fri, May 29, 2020 at 12:50 PM Calleva's River School <callevaliquidadventures@gmail.com> wrote:
Hi Cheat Trainers,

It was great to see some of you on the river on Wednesday! While spending some serious time paddling forward toward the eddy at Wet Bottom, I was thinking a lot about stroke efficiency. When paddling forward it is good to think about isolating each movement so that the power you get from your stroke is directly going into moving the boat forward. Be aware of any expended energy- like your boat pitching (moving up and down) or yawing (moving side to side). It is good to be intentional about how the hull is hitting the water, keeping it quiet until you want to use edge, or your feet and pelvis to move it forward.

This segues into the boofing motion.....

For this Saturday, Cheat Regular is going to meet at Lock 5/6 to do a boof clinic with Steve-O before heading down Little Falls. You can bring a short boat! We will have to walk back up the towpath from Little Falls. For parking, remember you have a few options and we should spread it out so it doesn't get too tight. You can park in Brookmont, either near the crosswalk to Lock 6 or near the foot bridge to Lock 5. You can also park at Lock 5 or Lock 6. Please be on the water near the Lock 6 put in at your scheduled time.

Please use this new google doc to sign up for next week- one weeknight session and one weekend. https://docs.google.com/spreadsheets/d/1Fj5YeFSSxbTvDzx5JeZauhjwktmMomM0qNBBWEXqSak/edit?usp=sharing
I really appreciate your flexibility with schedules.

I would love to have any feedback about how the new format for Cheat Training is going and any thoughts you have about taking a trip to the Cheat- especially whether you would be able to run your own shuttle.

Looking forward to seeing you tomorrow! Ashley

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/9a9e0f43-c1c0-4f01-ad1f-cf85cbe97b26%40googlegroups.com.
--
Steve-O
Director of Calleva's River School
(240) 678-8768

Calleva.org

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/CAFxmn%3DXoZks_xg5JQuumK5_va_Ofy6wgYP0wZWUc5cQnZ6ZKZg%40mail.gmail.com.
Read More :- "Re: cheat_training_group Cheat: Sat May 30 Workout Lock 5 | Sign up for Week 4"
Posted by at 0 comments

cheat_training_group Cheat: Sat May 30 Workout Lock 5 | Sign up for Week 4

Hi Cheat Trainers,

It was great to see some of you on the river on Wednesday! While spending some serious time paddling forward toward the eddy at Wet Bottom, I was thinking a lot about stroke efficiency. When paddling forward it is good to think about isolating each movement so that the power you get from your stroke is directly going into moving the boat forward. Be aware of any expended energy- like your boat pitching (moving up and down) or yawing (moving side to side). It is good to be intentional about how the hull is hitting the water, keeping it quiet until you want to use edge, or your feet and pelvis to move it forward.

This segues into the boofing motion.....

For this Saturday, Cheat Regular is going to meet at Lock 5/6 to do a boof clinic with Steve-O before heading down Little Falls. You can bring a short boat! We will have to walk back up the towpath from Little Falls. For parking, remember you have a few options and we should spread it out so it doesn't get too tight. You can park in Brookmont, either near the crosswalk to Lock 6 or near the foot bridge to Lock 5. You can also park at Lock 5 or Lock 6. Please be on the water near the Lock 6 put in at your scheduled time.

Please use this new google doc to sign up for next week- one weeknight session and one weekend. https://docs.google.com/spreadsheets/d/1Fj5YeFSSxbTvDzx5JeZauhjwktmMomM0qNBBWEXqSak/edit?usp=sharing
I really appreciate your flexibility with schedules.

I would love to have any feedback about how the new format for Cheat Training is going and any thoughts you have about taking a trip to the Cheat- especially whether you would be able to run your own shuttle.

Looking forward to seeing you tomorrow! Ashley

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/9a9e0f43-c1c0-4f01-ad1f-cf85cbe97b26%40googlegroups.com.
Read More :- "cheat_training_group Cheat: Sat May 30 Workout Lock 5 | Sign up for Week 4"
Posted by at 0 comments

Wednesday 27 May 2020

[WardFive] Over 100,000 Lives Lost - A Personal Message

Over 100,000 Lives Lost – A Personal Message

In the war against the coronavirus / COVID-19, America has reached an ominous milestone.

 

Over 100,000 lives in America, including 445 lives in the District of Columbia have been lost to this invisible enemy https://coronavirus.jhu.edu/map.html. The families and friends of those who have died, along with those 1,694,599 afflicted and all who have survived this deadly disease can be comforted by the words of the song “You Know My Name” https://www.youtube.com/watch?v=JEwrKFiNquc .

 

GOD knows each of your loved one’s name.

 

HE walked with each one by one.

 

HE talked with each ear to ear.

 

HE consoled each, breast to breast and heart to heart.

 

Each is one of HIS own.

 

Through it all and one by one, by HIS power HE comforted them, and HE counselled them.  We all can be amazed HE was their friend.  Throughout their lives they walked in HIS victory and lived in HIS power. 

 

Although their loved ones may not have been able to talk to them and touch them in their final hours … GOD whispered HIS loved them and held their hands.  HIS power was in each one of them, to the end.

 

May their memories bless us all.

 

Robert Vinson Brannum

Advisory Neighborhood Commissioner

President Emeritus, DC Federation of Civic Associations, Inc.

 

 

Read More :- "[WardFive] Over 100,000 Lives Lost - A Personal Message"
Posted by at 0 comments

[WardFive] COMPLETE THE US 2020 CENSUS NOW

COMPLETE THE US 2020 CENSUS NOW

It is not too late to self-respond.

https://my2020census.gov/   https://dccensus2020.dc.gov/

Robert Vinson Brannum

Advisory Neighborhood Commissioner

President Emeritus, DC Federation of Civic Associations, Inc.

 

Read More :- "[WardFive] COMPLETE THE US 2020 CENSUS NOW"
Posted by at 0 comments

Tuesday 26 May 2020

Re: cheat_training_group Cheat Training re-Starts tomorrow!

Ashley,
Please confirm that you received message regarding my wanting to cancel for this year and reapply for next year.
Thanks
Fern

On Tue, May 26, 2020, 5:17 PM Calleva's River School <callevaliquidadventures@gmail.com> wrote:
Hi Cheat Trainers!

We are restarting our attainment sessions tomorrow night. Luckily, the river level still thinks it is April.

Reminder, please sign up for one "Cheat Weeknight" and one "Cheat Saturday" for Week 1 by tonight at midnight! That way we can combine and consolidate groups if needed and schedule the right number of instructors.


Carderock is still closed so we will be taking long boats out to Anglers for both groups tomorrow.

Looking forward to seeing you! Remember to keep your distance and wash your hands ;) Ashley

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/53142eea-9282-4318-9eba-a5a5b6f323d3%40googlegroups.com.

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/CAPHapdUrRMF0hA-GLGUzjtcQH32k5nV4neTWH8OdVnLxsHePgg%40mail.gmail.com.
Read More :- "Re: cheat_training_group Cheat Training re-Starts tomorrow!"
Posted by at 0 comments

cheat_training_group Cheat Training re-Starts tomorrow!

Hi Cheat Trainers!

We are restarting our attainment sessions tomorrow night. Luckily, the river level still thinks it is April.

Reminder, please sign up for one "Cheat Weeknight" and one "Cheat Saturday" for Week 1 by tonight at midnight! That way we can combine and consolidate groups if needed and schedule the right number of instructors.

https://docs.google.com/spreadsheets/d/1oSj4jQ3FF9knLtX1j4Nqqrl84siJXex3767GIhDkQ4k/edit?usp=sharing

Carderock is still closed so we will be taking long boats out to Anglers for both groups tomorrow.

Looking forward to seeing you! Remember to keep your distance and wash your hands ;) Ashley

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/53142eea-9282-4318-9eba-a5a5b6f323d3%40googlegroups.com.
Read More :- "cheat_training_group Cheat Training re-Starts tomorrow!"
Posted by at 0 comments

cheat_training_group Boat type?

For the modified Cheat Training that we are about to restart, what kind of boat should we bring? Are we still using long boats, or are we using regular river runners or play boats?

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/a891b9ae-d87b-4706-9e9d-235aa3d3644f%40googlegroups.com.
Read More :- "cheat_training_group Boat type?"
Posted by at 0 comments

Friday 22 May 2020

cheat_training_group River School Update from Steve-O

Hey Paddlers,

I hope everyone has been being safe and still able to get on the river. I have been able to paddle after surgery which has been awesome. I even was feeling well enough to paddle Great Falls for my birthday! IThe River School is back up and able to offer small classes and so I wanted to remind everyone about Private Lessons. I have been teaching a few and they have been really great, not just for me to be able to teach again but for the student as well. I have been able to focus the classes to the specific needs of the individual paddler and teach techniques to help them achieve goals they have set out. I also been doing a little bit of ongoing coaching to get help folks achieve longer term goals they may have set out. In these lessons I have been using my GoPro to video what I am explaining, my demonstration, and then their attempt at the skill. I then send those videos to you so that you can reference back to what we talked about, see how you are paddling, and see how I do the skill in POV.  It has been a really successful format for the students I have been doing it with. I don't edit the videos, so they can be a little long, but you are able to fast forward to the important parts. Reach out if you are interested in getting some personal coaching and instruction.

I know that a lot of people are dropping out of Cheat, because of schedule conflicts or the pandemic. Totally understandable. If you are looking to use this credit to another class you are welcome to by emailing Ashley. We have put Fall Training up on the schedule and plan to run Yough Training starting June 30.

But alson, if you want to put that money towards gear like that Rockstar you have been wanting or the new Liquidlogic Alpha which everyone has been talking about or new PFD or Drytop you can do that as well. Just letting everyone know they have options. We also are putting in an order with Sweet Protection & Werner soon. Check out our retail store and email me directly if you need anything additionally. https://callevaoutdoorgear.square.site/

Also Pyranha is raising their prices June 1. A new boat will not cost you $1432 rather than $1339. If you order by June 1 you will still receive the lower price, but after that it goes up and the Ozone has been looking really good out on the Potomac.

Thanks for reading! I hope to see everyone out there soon! Steve-O

--
laks@calleva.org
calleva.org/liquid-adventures-kayak
---
You received this message because you are subscribed to the Google Groups "Cheat Training" group.
To unsubscribe from this group and stop receiving emails from it, send an email to upper_yough_training_group+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/upper_yough_training_group/df469e04-1d6b-44ea-9b7a-ef2d911bee97%40googlegroups.com.
Read More :- "cheat_training_group River School Update from Steve-O"
Posted by at 0 comments

Top 15 Best Operating System Professional Hackers Use

Top 10 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

Top 15 Best Operating System Professional Hackers Use

A hacker is someone who seeks and exploits the weaknesses of a computer system or network computing. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge, enjoyment or to assess these weaknesses to help in removing them.
The listed operating systems are based on the Linux kernel so it is all free operating systems.

1. Kali Linux

Kali Linux maintained and funded by Offensive Security Ltd. and it is first on our list. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through rewriting BackTrack, its previous forensics Linux distribution based on Ubuntu. Kali Linux has a specific project for the withdrawal of compatibility and portability of Android-specific devices, called Kali Linux NetHunter. It is the first open test platform penetration Source for Nexus Android devices, created as a joint effort between the member of the Kali "BinkyBear" Security and offensive community. It supports Wireless 802.11 frame injection, one-click configurations MANA Evil access point, keyboard HID (Teensy as attacks), as well as attacks MITM USB Mala.

2. Back Box

Back Box is an evaluation penetration testing Linux distribution and Ubuntu-based security aimed at providing an analysis of computer network systems and toolkit. Desktop environment back box includes a complete set of tools needed for ethical hacking and security testing.

3. Parrot Security OS

Parrot Security OS is a GNU / Linux distribution based on Debian. Fue built in order to perform penetration tests (safety information), vulnerability assessment and mitigation, Computer Forensics and Anonymous Surfing. Ha been developed by the team of Frozen box.
Parrot is based on the stable branch (Jessie) of Debian, a Linux 4.1 kernel hardened customized with a branch grsecurity patched available. The desktop environment is MATE fork of Gnome 2, and the default display manager is LightDM. The project is certified to run on machines with 265MB of RAM minimum follow and it is suitable for both 32-bit (i386) and 64-bit (amd64), with a special edition that works on 32-bit machines of age (486). Moreover, the project is available for Armel and armhf architectures. It even offers an edition (both 32 bit and 64 bit) developed for servers only for pen testing cloud.

4. Live Hacking OS

Live Hacking OS is a Linux distribution packed with tools and utilities for ethical hacking, penetration testing, and countermeasure verification. It includes embedded GUI GNOME user. There is a second variation available which has only the command line and requires much fewer hardware requirements.

5. DEFT Linux

DEFT stands for Digital Evidence and Forensic Toolkit and it is a distribution of Linux open source software built around the DART (Toolkit for Advanced Response Digital) and is based on the Ubuntu operating system. It has been designed from scratch to offer some of the best computer forensics open source and incident response tools that can be used by individuals, IT auditors, investigators, military, and police.

6. Samurai Web Testing Framework

The Samurai Web Testing Framework is a live Linux environment which has been pre-configured to function as a web pen-testing environment. The CD contains the best of open source and free tools that focus on testing and websites that attack. In the development of this environment, it is based on our selection of tools that we use in our practice of security. Hence, it includes the tools that were used in the four steps of a pen-test web.

7. Network Security Toolkit

The Network Security Toolkit (NST) is a Live CD based on Linux that provides a set of security tools computing and open source network to carry out routine security tasks and diagnostic networks and tracing. The distribution can be used as an analysis of network security, validation and monitoring tool for servers hosting virtual machines. NST has management capabilities similar to Fedora packages and maintains its own repository of additional packages.

8. Bugtraq

Bugtraq is a mailing list dedicated to safety issues in computers. On-topic issues new discussions about vulnerabilities, security-related notices providers, operating methods, and how to fix them. This is a mailing list of large volume, and almost all new vulnerabilities are there. Bugtraq computer freaks and experienced developers are discussed, is available in Debian, Ubuntu and openSUSE 32 and 64-bit architectures.

9. NodeZero

NodeZero is an open source system based on the operating core derived from the most popular Linux distribution in the world, Ubuntu, and designed to be used for penetration testing operations. The distribution can be downloaded as an ISO image live DVD, which will also take place on computers that support both 32-bit (x86) and 64-bit (x86_64) instruction set. Besides the fact that it allows you to start the live system, start menu contains several advanced features such as the ability to perform a diagnostic test of system memory, boot from local disk options, start the installer directly and to start in safe graphics mode, text mode or in debug mode.
Default graphical desktop environment NodeZero is powered by GNOME, which uses the classic GNOME interface. It has a design of two panels and uses the default software repositories of Ubuntu.

10. Pentoo

Pentoo is a Live CD and Live USB OS designed for penetration testing and security assessment. It is based on Gentoo Linux, Pentoo is offered both as 32-bit and 64-bit live cd which is installable. Pentoo is also available as a superposition of an existing Gentoo installation. It has conductors packet injection patched wifi, GPGPU cracking software, and plenty of tools for penetration testing and security assessment. The kernel includes Pentoo grsecurity and PAX hardening and additional patches with the binary compiled from a string of hardened with the latest nightly versions of some tools that are available.

#11 Live Hacking OS

Well, this Linux distro actually comes with some useful hacking tools which are often used in penetration testing or ethical hacking purpose. Live Hacking OS consists of the GNOME inbuilt. The operating system is really easy to operate and it can work on less RAM.

#12 Knoppix STD

This is another best Linux distro which focuses on tools for computer security. Knoppix STD brings some advanced tools for Password cracking, Firewalls, Network Utilities, Honeypots, Wireless Networking and more. This is one of the most used operating systems for Hackers.

#13 Cyborg Hawk

Cyborg Hawk is a new operating system which is based on Ubuntu Linux. Well, lots of hackers talk about Cyborg hawk and its one of the most powerful and cutting-edge penetration testing distribution that has ever been created. The operating system houses more than 700 tools for different purposes.

#14 Blackbuntu

Well, this is another operating system which is based on Linux and it was specially developed for penetration testing. Well, the operating system is very famous amongst hackers and it offers an awesome platform to learn Information security.

#15 Weakerth4n

Well, this is another best operating system which is used by professional hackers. WeakerTh4n actually comes with lots of hacking tools and it's actually a modern operating system for WiFi Hacking. Some of the wireless tools include SQL Hacking, Password Cracking, WiFi attacks, Cisco exploitation and more.

Continue reading


Read More :- "Top 15 Best Operating System Professional Hackers Use"
Posted by at 0 comments

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Related links

Read More :- "How Do I Get Started With Bug Bounty ?"
Posted by at 0 comments

$$$ Bug Bounty $$$

What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.

Read more


Read More :- "$$$ Bug Bounty $$$"
Posted by at 0 comments

Thursday 21 May 2020

[WardFive] IN REMEMBRANCE - 2020 MEMORIAL DAY / COVID-19

Read More :- "[WardFive] IN REMEMBRANCE - 2020 MEMORIAL DAY / COVID-19"
Posted by at 0 comments

WHO IS ETHICAL HACKER

Who is hacker?
A hacker is a Creative person and a creative Programmer,who have knowledge about Networking,Operating system,hacking & a best creative social engineer who control anyone's mind he is also a knowledgeable person.
Hacker are the problem solver and tool builder.

                                OR

A hacker is an individual who uses computer, networking and other skills to overcome a technical problem but it often refers to a person who uses his or her abilities to gain unauthorized access to system or networks in  order to commit crimes. 


Related links

Read More :- "WHO IS ETHICAL HACKER"
Posted by at 0 comments

Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)


A Password Spraying tool for Active Directory Credentials by Jacob Wilkin(Greenwolf)

Getting Started
These instructions will show you the requirements for and how to use Spray.

Prerequisites
All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curl(owa & lync) and rpcclient(smb) are installed using apt-get or brew.
rpcclient
curl

Using Spray
This script will password spray a target over a period of time It requires password policy as input so accounts are not locked out
Accompanying this script are a series of hand crafted password files for multiple languages. These have been crafted from the most common active directory passwords in various languages and all fit in the complex (1 Upper, 1 lower, 1 digit) catagory.

SMB
To password spray a SMB Portal, a userlist, password list, attempts per lockout period, lockout period length and the domain must be provided
Useage: spray.sh -smb <targetIP> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes> <DOMAIN>
Example: spray.sh -smb 192.168.0.1 users.txt passwords.txt 1 35 SPIDERLABS
Optionally Skip Username%Username Spray: spray.sh -smb 192.168.0.1 users.txt passwords.txt 1 35 SPIDERLABS skipuu

OWA
To password spray an OWA portal, a file must be created of the POST request with the Username: sprayuser@domain.com, and Password: spraypassword
Useage: spray.sh -owa <targetIP> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes> <RequestsFile>
Example: spray.sh -owa 192.168.0.1 users.txt passwords.txt 1 35 post-request.txt

Lync
To password spray a lync service, a lync autodiscover url or a url that returns the www-authenticate header must be provided along with a list of email addresses
Useage: spray.sh -lync <targetIP> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes>
Example: spray.sh -lync https://lyncdiscover.spiderlabs.com/ users.txt passwords.txt 1 35
Example: spray.sh -lync https://lyncweb.spiderlabs.com/Autodiscover/AutodiscoverService.svc/root/oauth/user users.txt passwords.txt 1 35

CISCO Web VPN
To password spray a CISCO Web VPN service, a target portal or server hosting a portal must be provided
Useage: spray.sh -cisco <targetURL> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes>
Example: spray.sh -ciso 192.168.0.1 usernames.txt passwords.txt 1 35

Password List Update
It is also possible to update the supplied 2016/2017 password list to the current year
Useage: spray.sh -passupdate <passwordList>
Example: spray.sh -passupdate passwords.txt
An optional company name can also be provided to add to the list
Useage: spray.sh -passupdate <passwordList> <CompanyName>
Example: spray.sh -passupdate passwords.txt Spiderlabs

Username generation
A username list can also be generated from a list of common names
Useage: spray.sh -genusers <firstnames> <lastnames> "<<fi><li><fn><ln>>"
Example: spray.sh -genusers english-first-1000.txt english-last-1000.txt "<fi><ln>"
Example: spray.sh -genusers english-first-1000.txt english-last-1000.txt "<fn>.<ln>"

Authors

License
Spray Created by Jacob Wilkin Copyright (C) 2017 Trustwave Holdings, Inc.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Acknowledgments




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Read more
  1. Hacking Wifi
  2. Hacking Background
  3. Cosas De Hackers
  4. Hacking Etico Pdf
  5. Funnel Hacking Live
  6. Hacking Life
  7. Libro De Hacking
  8. Curso Seguridad Informatica
Read More :- "Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)"
Posted by at 0 comments

One Reason Why InfoSec Sucked In The Past 20 Years - The "Security Tips" Myth

From time to time, I get disappointed how much effort and money is put into securing computers, networks, mobile phones, ... and yet in 2016 here we are, where not much has changed on the defensive side. There are many things I personally blame for this situation, and one of them is the security tips.

The goal of these security tips is that if the average user follows these easy to remember rules, their computer will be safe. Unfortunately, by the time people integrate these rules into their daily life, these rules either become outdated, or these rules were so oversimplified that it was never true in the first place. Some of these security tips might sound ridiculous to people in InfoSec nowadays, but this is exactly what people still remember because we told them so for years.

PDF is safe to open

This is an oldie. I think this started at the time of macro viruses. Still, people think opening a PDF from an untrusted source is safer than opening a Word file. For details why this is not true, check: https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/Adobe-Acrobat-Reader.html
On an unrelated note, people still believe PDF is integrity protected because the content cannot be changed (compared to a Word document).
Image stolen from Kaspersky

Java is secure

One of the best ones. Oracle started marketing Java as a safe language, where buffer overflows, format strings and pointer-based vulnerabilities are gone. Unfortunately, they forgot to tell the world that instead of "unsafe programs developed by others" they installed their unsafe program on 3 billion devices. 

Stay away from rogue websites and you will be safe

This is a very common belief I hear from average people. "I only visit some trusted news sites and social media, I never visit those shady sites." I have some bad news. At the time of malvertising and infected websites, you don't have to visit those shady sites anymore to get infected.

Don't use open WiFi

I have a very long explanation of why this makes no sense, see here. Actually, the whole recommendation makes no sense as people will connect to public WiFis, no matter what we (InfoSec) recommend.

The password policy nightmare

Actually, this topic has been covered by myself in two blog posts, see here and here. Long story short: use a password manager and 2-factor authentication wherever possible. Let the password manager choose the password for you. And last but not least, corporate password policy sux.

Sites with a padlock are safe

We tell people for years that the communication with HTTPS sites are safe, and you can be sure it is HTTPS by finding a randomly changing padlock icon somewhere next to the URL. What people hear is that sites with padlocks are safe. Whatever that means. The same goes for WiFi - a network with a padlock is safe.

Use Linux, it is free from malware

For years people told to Windows users that only if they would use Linux they won't have so much malware. Thanks to Android, now everyone in the world can enjoy malware on his/her Linux machine.

OSX is free from malware

It is true that there is significantly less malware on OSX than on Windows, but this is an "economical" question rather than a "security" one. The more people use OSX, the better target it will become. Some people even believe they are safe from phishing because they are using a Mac!

Updated AV + firewall makes me 100% safe

There is no such thing as 100% safe, and unfortunately, nowadays most malware is written for PROFIT, which means it can bypass these basic protections for days (or weeks, months, years). The more proactive protection is built into the product, the better!

How to backup data

Although this is one of the most important security tips which is not followed by people, my problem here is not the backup data advise, but how we as a community failed to provide easy to use ways to do that. Now that crypto-ransomware is a real threat to every Windows (and some OSX) users, even those people who have backups on their NAS can find their backups lost. The only hope is that at least OSX has Time Machine which is not targeted yet, and the only backup solution which really works.
The worst part is that we even created NAS devices which can be infected via worms ...

Disconnect your computer from the Internet when not used

There is no need to comment on this. Whoever recommends things like that, clearly has a problem.

Use (free) VPN to protect your anonimity

First of all. There is no such thing as free service. If it is free, you are the service. On another hand, a non-free VPN can introduce new vulnerablities, and they won't protect your anonymity. It replaces one ISP with another (your VPN provider). Even TOR cannot guarantee anonymity by itself, and VPNs are much worse.

The corporate "security tips" myth

"Luckily" these toxic security tips have infected the enterprise environment as well, not just the home users.

Use robots.txt to hide secret information on public websites

It is 2016 and somehow web developers still believe in this nonsense. And this is why this is usually the first to check on a website for penetration testers or attackers.

My password policy is safer than ever

As previously discussed, passwords are bad. Very bad. And they will stick with us for decades ...

Use WAF, IDS, IPS, Nextgen APT detection hibber-gibber and you will be safe

Companies should invest more in people and less into magic blinking devices.

Instead of shipping computers with bloatware, ship computers with exploit protection software
Teach people how to use a password safe
Teach people how to use 2FA
Teach people how to use common-sense

Conclusion

Computer security is complex, hard and the risks change every year. Is this our fault? Probably. But these kinds of security tips won't help us save the world. 

Related articles
  1. Diferencia Entre Hacker Y Cracker
  2. Hacking Windows: Ataques A Sistemas Y Redes Microsoft
  3. Hacking Definition
  4. Como Aprender A Ser Hacker
  5. Hacking Etico
  6. Aprender Hacking Etico
Read More :- "One Reason Why InfoSec Sucked In The Past 20 Years - The "Security Tips" Myth"
Posted by at 0 comments
Subscribe to: Posts (Atom)