DEEP WEB – La rete oltre Google: Personaggi, storie e luoghi dell’internet profonda (Italian Edition)
April 29, 2016 4:30
“DEEP WEB – La rete oltre Google” scatta quattro fotografie di quello che è su internet, ma vive al di sotto della superficie in cui la maggior parte delle persone naviga. È un percorso emozionante e contraddittorio che ci mette di fronte a quello che viene normalmente rimosso nella rete controllata ed edulcorata dei social network, dei blog, dei siti web commerciali. Droga e furti telematici convivono assieme a libertà di pensiero, attivismo informatico, idee.
Carola Frediani ci connette con questo mondo nascosto, parlandoci dei suoi personaggi e delle sue storie. Ci racconta di Silk Road, una mecca della droga on-line, del suo smantellamento da parte dell’Fbi e delle verità grigie che si nascondono dietro alla cattura dei suoi gestori, tra omicidi e foto di ragazzi per bene. Ci parla di Anonymous, delle manifestazioni e delle azioni di attivismo politico operate solo nel mondo della rete, ma non per questo virtuali, anzi. E ancora di cybercriminalità, di clonazione di carte di credito, di accesso alle webcam dei notebook di chi viaggia su internet senza conoscere i meccanismi che stanno dietro a questo mondo che identifica ormai la nostra contemporaneità. È il mondo di Tor, di Cipolla, del Datagate, dei Bitcoin. In una parola: è un mondo in cui riversiamo quotidianamente i nostri dati e da cui li scarichiamo. Questo ebook parla della libertà che ci è concessa, della sicurezza che questi dati hanno e di altri modi possibili di vivere una rete diversa, non omologata, pericolosa e alternativa.
Turbulência econômica freia gastos com TI no Brasil, atesta FVG
April 29, 2016 2:43
A turbulência econômica que se arrasta sobre o mercado brasileiro começa a cobrar seu preço. Um estudo Escola de Administração de Empresas da Fundação Getulio Vargas (FGV/EAESP) atestou a sensação de que as empresas brasileiras, apesar de manterem os investimentos em TI, estão fazendo isso de forma bem mais comedida do que em anos anteriores.
“No ano passado, o crescimento médio foi de 3,01%, contra 4,48% em 2014 e 5,97% em 2013. O estudo aponta ainda que esses gastos e investimentos [em 2015] tiveram como foco a redução de custos e o aumento da produtividade”, estampa o relatório enviado pela instituição.
O Estudo sobre o Efeito da Crise Econômica nos Gastos e Investimentos em Tecnologia de Informação foi coordenado pelo professor Alberto Luiz Albertin e analisou como as empresas direcionam recursos para projetos de TI.
O levantamento considerou a situação atual e tendências do mercado; suas próprias características, estratégias e situações; perfil e demandas dos indivíduos internos e externos; e disponibilidade, assimilação e tendências da própria tecnologia.
“A crise econômica influencia estes direcionadores, em especial o mercado e a própria organização, incluindo neles os indivíduos como colaboradores e como clientes. Esta influência se dá no nível de gasto e investimento realizado, e no benefício esperado pelo uso de Tecnologia de Informação”, ponderou Albertin.
O levantamento destacou quatro pontos específicos a partir dos resultados coletados.
1. As empresas aumentaram seus gastos e investimento em TI em 2015, porém num nível bem inferior ao período anterior. O crescimento médio foi de 3,01%, contra 4,48% em 2014 e 5,97% em 2013. O índice de 2015 foi um pouco menor do que em 2009, quando tivemos outra crise econômica.
2. No último ano, as companhias direcionaram os projetos de tecnologia principalmente em redução de custo e aumento de produtividade.
3. A evolução da crise econômica em 2016 deve afetar o nível de gastos e investimentos em TI. No cenário de continuidade ou agravamento da crise, o crescimento do nível de gastos e investimentos vai diminuir ainda mais. Se houver algum nível de recuperação, o crescimento deve ser similar ao de 2015.
4. Um avanço da crise econômica em 2016 vai afetar o benefício buscado com uso da computação. No cenário de continuidade ou agravamento da crise, o foco vai se intensificar em redução de custo e aumento da produtividade. Se houver algum nível de recuperação, os benefícios de qualidade e inovação passam a ser buscados com o uso de TI.
Fonte
Plants Vs. Zombies: Garden Warfare 2 is free for 10 hours
April 29, 2016 2:04
The opportunity to side with either plants or zombies in a fight to the death seems like one few would pass up. Usually you’d need to pay in order to partake in such a battle, but not at the moment: EA is offering a generous 10 hour demo of Plants Vs. Zombies: Garden Warfare 2, which is longer than some people spend with the game after they’ve paid for it.
The trial is available through Origin, and you don’t need to be subscribed to EA Origin Access in order to take advantage of it. All progress made during the trial will carry over if you choose to purchase the game after the 10 hours expires.
The only catch is that the offer expires on May 10, so if you want to shoot at zombies or plants, best do so before that date.
Source link
Programando Aplicativos De Banco De Dados Em Linux
April 29, 2016 0:28
Compre agora!
R$ 157,28
Este guia detalhado e que envolve aplicações práticas escrito por especialistas nas comunidades de bancos de dados e de código-fonte aberto oferece todas as ferramentas técnicas e as informações de que você precisará para começar a se tornar um especialista em banco de dados. Apresentando os fundamentos sobre o desenvolvimento de bancos de dados no mundo real o livro inicia incluindo a coleta dos requisitos o projeto da interface do usuário e do banco de dados e o projeto orientado a objetos.
Governo desiste de pedir mais compromisso de Telcos por Internet ilimitada
April 28, 2016 22:42
O Ministério das Comunicações voltou atrás e desistiu de pedir que as operadoras de telefonia assinem um compromisso para oferecer pacotes de banda larga fixa ilimitada, segundo informações da Folha de S.Paulo. O motivo seria o fato de a Anatel ter determinado proibir por tempo indeterminado a oferta de limite de dados em Internet fixa.
Em nota enviada à Folha, o governo afirma o seguinte: “O Ministério das Comunicações vai continuar acompanhando a evolução do assunto, sem considerar necessária a formulação, neste momento, de termos de compromisso com as operadoras.”
Anunciada na semana passada, a agora cancelada medida do governo foi justamente um dos motivos que fez a Anatel proibir por tempo indeterminado que as operadoras bloqueiem ou limitem o acesso à Internet após o usuário atingir a franquia de dados.
Vale notar que o termo de compromisso do governo não impediria as operadoras de oferecer planos com franquia de dados, mas determinaria que elas também oferecessem uma opção “sem limites”.
Fonte
Canal Sem Dúvidas!
April 28, 2016 22:11Várias vídeo-aulas compartilhadas. Se você tem dúvidas de como usar o Telegram, este é o canal certo.
GameTrailers.com: Debut Trailer
April 28, 2016 22:03
Please note that any reproduction of this video without the express written consent of GameTrailers is expressly forbidden.
Source link
Awesome Penetration Testing
April 28, 2016 21:51github.com/enaqx/awesome-pentest
A collection of awesome penetration testing resources.
- Online Resources
-
Tools
- Penetration Testing Distributions
- Basic Penetration Testing Tools
- Vulnerability Scanners
- Network Tools
- Wireless Network Tools
- SSL Analysis Tools
- Web exploitation
- Hex Editors
- Crackers
- Windows Utils
- Linux Utils
- DDoS Tools
- Social Engineering Tools
- OSInt Tools
- Anonymity Tools
- Reverse Engineering Tools
- CTF Tools
- Books
- Vulnerability Databases
- Security Courses
- Information Security Conferences
- Information Security Magazines
- Awesome Lists
- Contribution
- License
Online Resources
Penetration Testing Resources
- Metasploit Unleashed – Free Offensive Security metasploit course
- PTES – Penetration Testing Execution Standard
- OWASP – Open Web Application Security Project
Exploit development
- Shellcode Tutorial – Tutorial on how to write shellcode
- Shellcode Examples – Shellcodes database
- Exploit Writing Tutorials – Tutorials on how to develop exploits
- GDB-peda – Python Exploit Development Assistance for GDB
- shellsploit – New Generation Exploit Development Kit
Social Engineering Resources
- Social Engineering Framework – An information resource for social engineers
Lock Picking Resources
- Schuyler Towne channel – Lockpicking videos and security talks
- /r/lockpicking – Resources for learning lockpicking, equipment recommendations.
Tools
Penetration Testing Distributions
- Kali – A Linux distribution designed for digital forensics and penetration testing
- BlackArch – Arch Linux-based distribution for penetration testers and security researchers
- NST – Network Security Toolkit distribution
- Pentoo – security-focused livecd based on Gentoo
- BackBox – Ubuntu-based distribution for penetration tests and security assessments
Basic Penetration Testing Tools
- Metasploit Framework – World’s most used penetration testing software
- Burp Suite – An integrated platform for performing security testing of web applications
- ExploitPack – Graphical tool for penetration testing with a bunch of exploits
- BeeF – The Browser Exploitation Framework Project
- faraday – Collaborative Penetration Test and Vulnerability Management Platform
- evilgrade – The update explotation framework
- commix – Automated All-in-One OS Command Injection and Exploitation Tool
Vulnerability Scanners
- Netsparker – Web Application Security Scanner
- Nexpose – Vulnerability Management & Risk Management Software
- Nessus – Vulnerability, configuration, and compliance assessment
- Nikto – Web application vulnerability scanner
- OpenVAS – Open Source vulnerability scanner and manager
- OWASP Zed Attack Proxy – Penetration testing tool for web applications
- Secapps – Integrated web application security testing environment
- w3af – Web application attack and audit framework
- Wapiti – Web application vulnerability scanner
- WebReaver – Web application vulnerability scanner for Mac OS X
- DVCS Ripper – Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
- arachni – Web Application Security Scanner Framework
Network Tools
- nmap – Free Security Scanner For Network Exploration & Security Audits
- pig – A Linux packet crafting tool
- tcpdump/libpcap – A common packet analyzer that runs under the command line
- Wireshark – A network protocol analyzer for Unix and Windows
- Network Tools – Different network tools: ping, lookup, whois, etc
- netsniff-ng – A Swiss army knife for for network sniffing
- Intercepter-NG – a multifunctional network toolkit
- SPARTA – Network Infrastructure Penetration Testing Tool
- DNSDumpster – Online DNS recond and search service
- Mass Scan – TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
- Zarp – Zarp is a network attack tool centered around the exploitation of local networks
- mitmproxy – An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
- mallory – HTTP/HTTPS proxy over SSH
- DET – DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
- pwnat – punches holes in firewalls and NATs
- dsniff – a collection of tools for network auditing and pentesting
- tgcd – a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
Wireless Network Tools
- Aircrack-ng – a set of tools for auditing wireless network
- Kismet – Wireless network detector, sniffer, and IDS
- Reaver – Brute force attack against Wifi Protected Setup
- Wifite – Automated wireless attack tool
- wifiphisher – Automated phishing attacks against Wi-Fi networks
SSL Analysis Tools
- SSLyze – SSL configuration scanner
- sslstrip – a demonstration of the HTTPS stripping attacks
- sslstrip2 – SSLStrip version to defeat HSTS
Web exploitation
- WPScan – Black box WordPress vulnerability scanner
- SQLmap – Automatic SQL injection and database takeover tool
- weevely3 – Weaponized web shell
- Wappalyzer – Wappalyzer uncovers the technologies used on websites
- cms-explorer – CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
- joomscan – Joomla CMS scanner
- WhatWeb – Website Fingerprinter
- BlindElephant – Web Application Fingerprinter
Hex Editors
- HexEdit.js – Browser-based hex editing
- Hexinator (commercial) – World’s finest Hex Editor
Crackers
- John the Ripper – Fast password cracker
- Online MD5 cracker – Online MD5 hash Cracker
- Hashcat – The more fast hash cracker
Windows Utils
- Sysinternals Suite – The Sysinternals Troubleshooting Utilities
- Windows Credentials Editor – security tool to list logon sessions and add, change, list and delete associated credentials
- mimikatz – Credentials extraction tool for Windows OS
- PowerSpoit – A PowerShell Post-Exploitation Framework
- Windows Exploit Suggester – Detects potential missing patches on the target
- Responder – A LLMNR, NBT-NS and MDNS poisoner
- Empire – Empire is a pure PowerShell post-exploitation agent
Linux Utils
- Linux Exploit Suggester – Linux Exploit Suggester; based on operating system release number.
DDoS Tools
- LOIC – An open source network stress tool for Windows
- JS LOIC – JavaScript in-browser version of LOIC
- T50 – The more fast network stress tool
Social Engineering Tools
- SET – The Social-Engineer Toolkit from TrustedSec
OSInt Tools
- Maltego – Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester – E-mail, subdomain and people names harvester
- creepy – A geolocation OSINT tool
- metagoofil – Metadata harvester
- Google Hacking Database – a database of Google dorks; can be used for recon
- Shodan – Shodan is the world’s first search engine for Internet-connected devices
- recon-ng – A full-featured Web Reconnaissance framework written in Python
Anonymity Tools
- Tor – The free software for enabling onion routing online anonymity
- I2P – The Invisible Internet Project
- Nipe – Script to redirect all traffic from the machine to the Tor network.
Reverse Engineering Tools
- IDA Pro – A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
- IDA Free – The freeware version of IDA v5.0
- WDK/WinDbg – Windows Driver Kit and WinDbg
- OllyDbg – An x86 debugger that emphasizes binary code analysis
- Radare2 – Opensource, crossplatform reverse engineering framework.
- x64_dbg – An open-source x64/x32 debugger for windows.
- Pyew – A Python tool for static malware analysis.
- Bokken – GUI for Pyew Radare2.
- Immunity Debugger – A powerful new way to write exploits and analyze malware
- Evan’s Debugger – OllyDbg-like debugger for Linux
- Medusa disassembler – An open source interactive disassembler
- plasma – Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
CTF Tools
- Pwntools – CTF framework for use in CTFs
Books
Penetration Testing Books
- The Art of Exploitation by Jon Erickson, 2008
- Metasploit: The Penetration Tester’s Guide by David Kennedy et al., 2011
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
- Rtfm: Red Team Field Manual by Ben Clark, 2014
- The Hacker Playbook by Peter Kim, 2014
- The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
- Professional Penetration Testing by Thomas Wilhelm, 2013
- Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
- Violent Python by TJ O’Connor, 2012
- Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
- Penetration Testing: Procedures & Methodologies by EC-Council, 2010
- Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
- Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
- Bug Hunter’s Diary by Tobias Klein, 2011
Hackers Handbook Series
- The Database Hacker’s Handbook, David Litchfield et al., 2005
- The Shellcoders Handbook by Chris Anley et al., 2007
- The Mac Hacker’s Handbook by Charlie Miller & Dino Dai Zovi, 2009
- The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
- iOS Hackers Handbook by Charlie Miller et al., 2012
- Android Hackers Handbook by Joshua J. Drake et al., 2014
- The Browser Hackers Handbook by Wade Alcorn et al., 2014
- The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
- Car Hacker’s Handbook by Craig Smith, 2016
Network Analysis Books
- Nmap Network Scanning by Gordon Fyodor Lyon, 2009
- Practical Packet Analysis by Chris Sanders, 2011
- Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
- Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012
Reverse Engineering Books
- Reverse Engineering for Beginners by Dennis Yurichev
- Hacking the Xbox by Andrew Huang, 2003
- The IDA Pro Book by Chris Eagle, 2011
- Practical Reverse Engineering by Bruce Dang et al., 2014
- Gray Hat Hacking The Ethical Hacker’s Handbook by Daniel Regalado et al., 2015
Malware Analysis Books
- Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
- The Art of Memory Forensics by Michael Hale Ligh et al., 2014
- Malware Analyst’s Cookbook and DVD by Michael Hale Ligh et al., 2010
Windows Books
Social Engineering Books
- The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
- The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
- Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
- No Tech Hacking by Johnny Long & Jack Wiles, 2008
- Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
- Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
Lock Picking Books
- Practical Lock Picking by Deviant Ollam, 2012
- Keys to the Kingdom by Deviant Ollam, 2012
- CIA Lock Picking Field Operative Training Manual
- Lock Picking: Detail Overkill by Solomon
- Eddie the Wire books
Vulnerability Databases
- NVD – US National Vulnerability Database
- CERT – US Computer Emergency Readiness Team
- OSVDB – Open Sourced Vulnerability Database
- Bugtraq – Symantec SecurityFocus
- Exploit-DB – Offensive Security Exploit Database
- Fulldisclosure – Full Disclosure Mailing List
- MS Bulletin – Microsoft Security Bulletin
- MS Advisory – Microsoft Security Advisories
- Inj3ct0r – Inj3ct0r Exploit Database
- Packet Storm – Packet Storm Global Security Resource
- SecuriTeam – Securiteam Vulnerability Information
- CXSecurity – CSSecurity Bugtraq List
- Vulnerability Laboratory – Vulnerability Research Laboratory
- ZDI – Zero Day Initiative
Security Courses
- Offensive Security Training – Training from BackTrack/Kali developers
- SANS Security Training – Computer Security Training & Certification
- Open Security Training – Training material for computer security classes
- CTF Field Guide – everything you need to win your next CTF competition
- Cybrary – online IT and Cyber Security training platform
Information Security Conferences
- DEF CON – An annual hacker convention in Las Vegas
- Black Hat – An annual security conference in Las Vegas
- BSides – A framework for organising and holding security conferences
- CCC – An annual meeting of the international hacker scene in Germany
- DerbyCon – An annual hacker conference based in Louisville
- PhreakNIC – A technology conference held annually in middle Tennessee
- ShmooCon – An annual US east coast hacker convention
- CarolinaCon – An infosec conference, held annually in North Carolina
- HOPE – A conference series sponsored by the hacker magazine 2600
- SummerCon – One of the oldest hacker conventions, held during Summer
- Hack.lu – An annual conference held in Luxembourg
- HITB – Deep-knowledge security conference held in Malaysia and The Netherlands
- Troopers – Annual international IT Security event with workshops held in Heidelberg, Germany
- Hack3rCon – An annual US hacker conference
- ThotCon – An annual US hacker conference held in Chicago
- LayerOne – An annual US security conference held every spring in Los Angeles
- DeepSec – Security Conference in Vienna, Austria
- SkyDogCon – A technology conference in Nashville
- SECUINSIDE – Security Conference in Seoul
- DefCamp – Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
- AppSecUSA – An annual conference organised by OWASP
- BruCON – An annual security conference in Belgium
- Infosecurity Europe – Europe’s number one information security event, held in London, UK
- Nullcon – An annual conference in Delhi and Goa, India
- RSA Conference USA – An annual security conference in San Francisco, California, USA
- Swiss Cyber Storm – An annual security conference in Lucerne, Switzerland
- Virus Bulletin Conference – An annual conference going to be held in Denver, USA for 2016
- Ekoparty – Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
- 44Con – Annual Security Conference held in London
Information Security Magazines
- 2600: The Hacker Quarterly – An American publication about technology and computer “underground”
- Phrack Magazine – By far the longest running hacker zine
Awesome Lists
- Kali Linux Tools – List of tools present in Kali Linux
- SecTools – Top 125 Network Security Tools
- C/C++ Programming – One of the main language for open source security tools
- .NET Programming – A software framework for Microsoft Windows platform development
- Shell Scripting – Command-line frameworks, toolkits, guides and gizmos
- Ruby Programming by @dreikanter – The de-facto language for writing exploits
- Ruby Programming by @markets – The de-facto language for writing exploits
- Ruby Programming by @Sdogruyol – The de-facto language for writing exploits
- JavaScript Programming – In-browser development and scripting
- Node.js Programming by @sindresorhus – JavaScript in command-line
- Node.js Programming by @vndmtrx – JavaScript in command-line
- Python tools for penetration testers – Lots of pentesting tools are written in Python
- Python Programming by @svaksha – General Python programming
- Python Programming by @vinta – General Python programming
- Android Security – A collection of android security related resources
- Awesome Awesomness – The List of the Lists
- AppSec – Resources for learning about application security
- CTFs – Capture The Flag frameworks, libraries, etc
- Hacking – Tutorials, tools, and resources
- Honeypots – Honeypots, tools, components, and more
- Infosec – Information security resources for pentesting, forensics, and more
- Malware Analysis – Tools and resources for analysts
- PCAP Tools – Tools for processing network traffic
- Security – Software, libraries, documents, and other resources
- Awesome List – A curated list of awesome lists
- SecLists – Collection of multiple types of lists used during security assessments
- Security Talks – A curated list of security conferences
Photoshop Creative #139 2016
April 28, 2016 21:31Photoshop Creative is the perfect magazine for learning more about Adobe’s outstanding application. Each issue is packed with inspirational tutorials covering the whole scope of the software, from creative projects, to practical guides to using tools and techniques. Whatever you use Photoshop for, Photoshop Creative will help you become a better digital artist.
