Your 13-minute Tuesday report in 3245 words.
##business is slowly resuming in Artsakh
Artsakh IRS: we predicted ֏2.6B in tax revenues during January-February but collected ֏2.8 instead, an increase of 8.8%. From that sum, the ֏2.195B or 78% came from large businesses.
The vast majority of taxpayers had stopped making payments since the war, but the payments have gradually increased this year with taxpayers fulfilling their obligations in good faith.
##pension law reforms / elderly get extra / more convenience for disabled citizens / ստաժ
Labor Minister Mesrop: the draft bill will provide a supplement to citizens over the age of 90.
Parents who take care of disabled underage children will have that time added to their labor record as retirement ստաժ.
Disabled citizens or those over 90, who receive their pensions electronically, will no longer have to physically visit banks once a year. The proof of their presence in the country will be verified by the Ministry.
##politicians discuss snap elections / semi-presidential system
Pashinyan held a phone conversation with LHK leader Edmon Marukyan to discuss snap elections. They will meet tomorrow.
President Sarkissian met LHK leader Marukyan to discuss a possible switch to a semi-presidential state via Constitutional reforms, and the possibility of snap elections soon.
QP MP Alen: ever since Serj Sargsyan rigged the Constitutional referendum vote and passed the current Constitution, we've seen that it has flaws that can result in vacuum and crisis. One solution is a semi-presidential state.
In a semi-presidential state, the three branches keep tabs on each other, while the president serves as a guarantor for Constitutional order. The differences may be small, but depending on the country, the need may vary. Wars and other force majeure situations may be handled better under a semi-presidential state.
QP MP Alen: I don't rule out the possibility of meeting BHK chief Tsarukyan to discuss snap elections, either today or tomorrow.
##President won't sign Pashinyan's second petition to fire GCoS, but won't send it to Constitutional Court either / GCoS will be automatically fired
President earlier refused to sign. Pashinyan respond... keep reading on reddit ➡
Today I have brought up a list of important tools which every Ethical Hacker should use while penetration testing or doing CTF Challenges
So, These are the most useful tools in my opinion while performing penetration testing or doing CTF Challenges.
If you know a useful tool which should be also included in the list, Drop it down in the comments
These Websites to exercise your hacking skills whether you are a hacker, cybersecurity, pen-tester, or still a noob.
These vulnerable websites are great for developing our minds, increasing our capacity to solve problems, new innovative ideas come to our minds. Also, you will face brainfuck a lot of difficulties. Never give up always try to give your best. Because if you want to be a professional hacker, then you must know about the hacker attitudes and …
>“real hackers never give up”
There are a lot of gaping holes in almost every security system. And to discover these is this is also a great opportunity to also discover the various tools that are needed for hacking. What the different options are etc. Use these websites to practice your hacking skills so you can be the best defense.
>“An attack is definitely the best form of defense”
This applies to a lot of companies, they are hacking their own websites and even recruiting ethical hackers in an attempt to find vulnerabilities before the bad guys do as such ethical hacking is now a much sought after skill.
pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.
Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
Hack.me is a FREE, community-based project powered by eLearnSecurity. The community can build, host, and share vulnerable web application code for educational and research purposes.
It aims to be the largest collection of “runnable” vulner
Since I found Angel’s “Plain English” series of blog posts so helpful when I was first learning about different kinds of vulnerabilities on the web, I wanted to continue that series. I hope to expand into some of the nuances of more commonly known vulnerabilities, and touch on some of the less well known ones. Let’s get started with one special case that I often find questions about: CSRF on a login form.
To start, if you’re not familiar with the Cross Site Request Forgery (CSRF) attack, you should definitely give Angel’s blog post from a few years ago a read. In the typical way of thinking about a CSRF, an attacker is able to submit a form on behalf of a victim with data the attacker controls. In the classic example, you can imagine an online service that allows users to transfer money between each other, perhaps by first adding their credit card. In the absence of any protective measures against CSRF, the attacker can trick their victim into clicking a link that submits a form on their account, and transfers money into the attacker’s account. However, what if our humble service is aware of this risk, and includes some form of CSRF protection on all of their authenticated forms? Our attacker will have to get a bit more clever, and though the aforementioned example might often be the most dangerous case, it is not necessarily the only one.
Strictly speaking, a CSRF attack is one where an attacker is able to submit any request on behalf of the victim. So, the attacker begins looking for other ways to trick our poor victim, and finds that the login form is totally unprotected. Hatching a devious plan, our attacker crafts an attack that would submit the login form in the victim’s own browser, thus logging them into the attacker’s account. So our victim -- now perhaps only slightly confused as to why their credit card info is missing -- adds all of their personal information necessary to send money to their friend, and logs out, thinking nothing more of it. Now our attacker, having full control over their own account, logs back in to find that they have everything they need to siphon funds from our poor victim.
As you may have noticed, the impact of an exploit like this varies from si... keep reading on reddit ➡