Mar/2/2021: (1) President "fires" GCoS by not disputing Pashinyan's claim in Court (2) Parliament grills Supreme Court chief over "political statement" (3) Pension law reforms (4) Business resumes in Artsakh (5) Constitutional reforms (6) POW & search (7) Court sets precedence (8) TUMO expands (9)..

Your 13-minute Tuesday report in 3245 words.

##business is slowly resuming in Artsakh

Artsakh IRS: we predicted ֏2.6B in tax revenues during January-February but collected ֏2.8 instead, an increase of 8.8%. From that sum, the ֏2.195B or 78% came from large businesses.

The vast majority of taxpayers had stopped making payments since the war, but the payments have gradually increased this year with taxpayers fulfilling their obligations in good faith.

https://armenpress.am/arm/news/1044917.html

##pension law reforms / elderly get extra / more convenience for disabled citizens / ստաժ

Labor Minister Mesrop: the draft bill will provide a supplement to citizens over the age of 90.

Parents who take care of disabled underage children will have that time added to their labor record as retirement ստաժ.

Disabled citizens or those over 90, who receive their pensions electronically, will no longer have to physically visit banks once a year. The proof of their presence in the country will be verified by the Ministry.

https://armenpress.am/arm/news/1044918.html

##politicians discuss snap elections / semi-presidential system

Pashinyan held a phone conversation with LHK leader Edmon Marukyan to discuss snap elections. They will meet tomorrow.

https://armenpress.am/arm/news/1044910.html

President Sarkissian met LHK leader Marukyan to discuss a possible switch to a semi-presidential state via Constitutional reforms, and the possibility of snap elections soon.

https://armenpress.am/arm/news/1044922.html

QP MP Alen: ever since Serj Sargsyan rigged the Constitutional referendum vote and passed the current Constitution, we've seen that it has flaws that can result in vacuum and crisis. One solution is a semi-presidential state.

In a semi-presidential state, the three branches keep tabs on each other, while the president serves as a guarantor for Constitutional order. The differences may be small, but depending on the country, the need may vary. Wars and other force majeure situations may be handled better under a semi-presidential state.

https://factor.am/343559.html

QP MP Alen: I don't rule out the possibility of meeting BHK chief Tsarukyan to discuss snap elections, either today or tomorrow.

https://armenpress.am/arm/news/1044895.html

##President won't sign Pashinyan's second petition to fire GCoS, but won't send it to Constitutional Court either / GCoS will be automatically fired

President earlier refused to sign. Pashinyan respond

... keep reading on reddit ➡

👍︎ 30
📰︎ r/armenia
💬︎
📅︎ Mar 02 2021
🚨︎ report
Useful tools which every Hacker should use!

Hello Everyone!

Today I have brought up a list of important tools which every Ethical Hacker should use while penetration testing or doing CTF Challenges

  1. Nmap - Nmap is a very important tool which every Ethical Hacker uses to scan network and discover open ports and the services which are used on the target server. After the hacker gets information about open ports and services running on the open port, He/She can easily exploit it.
  2. GoBuster/Dirb - GoBuster and Dirb can be used to find hidden directories on a Web Server. It is one of the most important tools which you should use while doing CTF Challenges
  3. Metasploit - Metasploit is one of the most used tools ever, Every Ethical Hacker in this world uses Metasploit because it contains tons of exploits, payloads and handlers
  4. HashCat - HashCat is an important tool while penetration testing, It can be used to crack password hashes after you gain a reverse shell to your target server and find the hashes
  5. SQLMap - SQLMap can be used to detect vulnerabilities like SQL Injections on the target Web Server.
  6. BurpSuite - BurpSuite can be useful when you are trying to attack the webserver. It can also detect Cross Site Scripting Attacks (XSS), CSRF, Server Side Request Forgery.

So, These are the most useful tools in my opinion while performing penetration testing or doing CTF Challenges.

If you know a useful tool which should be also included in the list, Drop it down in the comments

👍︎ 25
💬︎
📅︎ Oct 13 2020
🚨︎ report
Top sites to practice hacking skills (legally)

credit- icssindia.in

These Websites to exercise your hacking skills whether you are a hacker, cybersecurity, pen-tester, or still a noob.

These vulnerable websites are great for developing our minds, increasing our capacity to solve problems, new innovative ideas come to our minds. Also, you will face brainfuck a lot of difficulties. Never give up always try to give your best. Because if you want to be a professional hacker, then you must know about the hacker attitudes and …

>“real hackers never give up”

There are a lot of gaping holes in almost every security system. And to discover these is this is also a great opportunity to also discover the various tools that are needed for hacking. What the different options are etc. Use these websites to practice your hacking skills so you can be the best defense.

>“An attack is definitely the best form of defense

This applies to a lot of companies, they are hacking their own websites and even recruiting ethical hackers in an attempt to find vulnerabilities before the bad guys do as such ethical hacking is now a much sought after skill.

pwnable.kr

pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’.    please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.

pwnable.tw

Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.

HOW-TO

  • Try to find out the vulnerabilities that exist in the challenges, exploit the remote services to get flags.
  • The flag is usually at /home/xxx/flag, but sometimes you have to get a shell to read them.
  • Most of the challenges are running on Ubuntu 16.04/18.04 docker image.
  • You can share a write-up or exploit code in your profile, only players who also solved the same challenge are able to see them.

hack.me

Hack.me is a FREE, community-based project powered by eLearnSecurity. The community can build, host, and share vulnerable web application code for educational and research purposes.
It aims to be the largest collection of “runnable” vulner

... keep reading on reddit ➡

👍︎ 16
💬︎
👤︎ u/icssindia
📅︎ Sep 02 2020
🚨︎ report
Should I include CSRF protection on a login form?

Since I found Angel’s “Plain English” series of blog posts so helpful when I was first learning about different kinds of vulnerabilities on the web, I wanted to continue that series. I hope to expand into some of the nuances of more commonly known vulnerabilities, and touch on some of the less well known ones. Let’s get started with one special case that I often find questions about: CSRF on a login form.

To start, if you’re not familiar with the Cross Site Request Forgery (CSRF) attack, you should definitely give Angel’s blog post from a few years ago a read. In the typical way of thinking about a CSRF, an attacker is able to submit a form on behalf of a victim with data the attacker controls. In the classic example, you can imagine an online service that allows users to transfer money between each other, perhaps by first adding their credit card. In the absence of any protective measures against CSRF, the attacker can trick their victim into clicking a link that submits a form on their account, and transfers money into the attacker’s account.  However, what if our humble service is aware of this risk, and includes some form of CSRF protection on all of their authenticated forms? Our attacker will have to get a bit more clever, and though the aforementioned example might often be the most dangerous case, it is not necessarily the only one.

Strictly speaking, a CSRF attack is one where an attacker is able to submit any request on behalf of the victim. So, the attacker begins looking for other ways to trick our poor victim, and finds that the login form is totally unprotected. Hatching a devious plan, our attacker crafts an attack that would submit the login form in the victim’s own browser, thus logging them into the attacker’s account. So our victim -- now perhaps only slightly confused as to why their credit card info is missing -- adds all of their personal information necessary to send money to their friend, and logs out, thinking nothing more of it. Now our attacker, having full control over their own account, logs back in to find that they have everything they need to siphon funds from our poor victim.

https://preview.redd.it/wcszab0r0r221.jpg?width=718&format=pjpg&auto=webp&s=620bf5fe046bbc812207a17c2cc5da1e2e68d824

As you may have noticed, the impact of an exploit like this varies from si

... keep reading on reddit ➡

👍︎ 3
💬︎
📅︎ Dec 07 2018
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.