All Activity
This stream auto-updates
- Yesterday
-
WALK3R joined the community
-
tdasjkd joined the community
-
xdd changed their profile photo
-
xdd joined the community
-
Alexey joined the community
-
Boneman joined the community
-
MK#@$%^ joined the community
- Last week
-
Quora Hacked - 100 Million User's Data Exposed
Etor Madiv replied to whoknows's topic in General Discussions and Off Topic
I really don't really remember, after the very first login using "log in with facebook" or "log in with google", if they force users to enter a password for their account, but if this is true then the account is affected. If they are not forcing users to enter after the very first OAuth login then account is likely affected but not in a serious way, since users can invalidate OAuth tokens through removal of the Facebooks Apps as well as for Google, but I also think that this operation is already done by Quora themselves. -
Octosec joined the community
-
itbaba joined the community
-
Quora Hacked - 100 Million User's Data Exposed
XenocodeRCE replied to whoknows's topic in General Discussions and Off Topic
What if we logged there using the "log in with facebook" or "log in with google" ? -
LittleReislin joined the community
-
yoni280 joined the community
-
Quora Hacked - 100 Million User's Data Exposed
whoknows posted a topic in General Discussions and Off Topic
https://www.bleepingcomputer.com/news/security/quora-hacked-100-million-users-data-exposed/ bonus - Czech Republic says its foreign ministry was hacked for more than a year - hxxps://www.theregister.co.uk/2018/12/03/czech_russia_hacking/ -
These days, I would say that without proper heuristics checking in place, the AV would be of very limited use. While I agree that pattern matching is still used, it is far less useful than it was several years ago. We also need to implement solutions to bypass malware techniques that would try to shut down the AV processes and lot more. I agree with the general ideas of the others in this thread that creating a new AV software is not something that a beginner should embark upon. If they are doing it for their own learning and understanding then it is fine but not as a commercial venture or to use it in production. A much better first step would be to dissect existing AV software and see how they function.
-
NOTHING IMPOSSIBLE "BUT" YOU NEED A STRONG TEAM WITH HUGE EFFORT AND EXPERIENCE AND LONG TIME TO SEE THE FIRST RESULTS.
-
@Peter Ferrie - are there any cuda based scanners ? i was considering doing cuda for pid, i got the loading pe into memory bit done, but then i hit a little hurdle trying to do everything in asm.. so delayed it for pid 7
-
This is a worthy idea and should be encouraged. To write a simple anti-virus program requires only some checksumming or pattern-matching. You can checksum an entire file and compare the sum to a list of known bad sums, and report if you find a match. However, this will detect only that single file and will miss all variants of it. You can use pattern-matching to look for sequences of bytes in the file, and report if you find a match. This will detect some variants of the file, if only other bytes are changed. This will get you started. As you add more sums and patterns, you'll see that the performance degrades quickly. At that point, you might begin to research different ways to perform multiple pattern-matching simultaneously, instead of one-at-a-time. Pattern-matching can be made faster if you parse the file format to locate specific areas of interest (like the entrypoint of the file, for example). There are also checksumming algorithms that are faster but weaker - there can be many common files that have the same sum - or slower but stronger (fewer files found easily with the same sum).
-
Depending of what your software is doing, you can protect it without the need of any obfuscation tool
-
nope, if it was out there i'd have seen it.. and then if i wanted it so much, like you claim it exists, but you dont post here, but will show me an example in a pm (example?).. whats then to stop me posting it.. you make no sense, and sorry, i stand by what i said.. you're full of it
-
You are too rude but if you want so much send me a pm and will send you an example.
-
Hi For 16-Bit files this source can help you(delphi/freePascal) : https://0x2a.wtf/files/pesp.zip For PE32/PE64 field "e_lfanew" point to Nt header offset so you can do something like this: gap = e_lfanew- Sizeof(Dos_header) BR, h4sh3m
-
In the PE file format, there is the DOS_HEADER and then right after that, there is a section called doscode which is by default 64 zero bytes. However, sometimes it is filled with an arbitrary number of bytes. Some PE files have a lot of bytes here, others don't. How can I calculate the number of bytes that doscode will be? There doesn't seem to be any field in the DOS header which specifies this. Thanks.
-
Sure, Thanks. Meanwhile if i need any help i will post here. thanks
-
then i'll just assume you are talking out your rear end and dont have a clue what you are talking about then.. which is what i assumed from the start.. you are full of it
-
I think it's the best idea, you can later share your findings with the rest of the community, I'm sure we can learn from this.
-
Its private info sorry.
-
What if i reverse engineer an existing antivirus and develop my own. Thanks for your comment.
-
did you read ANY of what atom0s or Kurapica said at all ? finishing your data structure and algo is POINTLESS as it will most likely change once you learn more c/c++, asm, drivers, and os stuff internals.. also bear in mind that there are already existing very good anti virus products out there already, so how on earth do you think you'll even be able to compete with those ? dont run before you can walk
-
i think i must finish algorithm and data structure first and then learn internal of windows.
-
like the nointegritychecks setting ? i'll try and be clearer.. how about, tell me a way to load an unsigned driver without having to use bcdedit or similar to alter system settings globally, that can lower the security of the system
-
You have a long way to go before you will even come close to writing any type of anti-virus that has any real usage/purpose. Simple understandings of C are not going to get you that far. You need to have a very good understanding of a low-level language such as C and C++ in general and ASM. Along with that, you need to take the time to really learn the inner workings of Windows and the much lower level aspects of the OS. Your AV is going to need to do kernel level things (drivers), hooks, etc. if you expect to handle any type of real detections and protections today. With how low-level things have gotten with things like rootkits and other forms of virus/malware, doing things in user-mode is never going to be enough. Based on your post, you are really far from any of this. Take the time to learn what you are doing otherwise you are going to produce garbage that no one will want to use.
-
Kernel driver can be installed on 64bit system without the need test mode to be activated or disabled driver signature enforcement. Workarounds are for normal 64bit system even with secureboot enabled.
-
yeh, and how many end users would you imagine would allow a protection to disable security on their machines in such a way ?...
-
Man, I love you, in a manly way of course ! What you mentioned that you have learned is not enough to do that, you need more experience before jumping to a complicated project like an AV.
-
Hello Everyone, I am almost finish learning Algorithm in C programming language. My Goal is and i wanna develop antivirus software. My Question is where should i start? I am looking for your valuable opinion. Thanks
