Golden Axe (Genesis/Mega Drive)

Developer:

Sega

|

Release Date:

1990 (1989 in Japan and Arcades)

|

Systems:

Lots

---

This week on Super Adventures, I'm playing the legendary arcade game Golden Axe! On the Mega Drive!

It might seem a bit strange that it's taken me like eight years to finally get around to Golden Axe as it's fairly well known. Maybe not Mario or Doom tier, but definitely Alex Kidd tier. Higher than Toki, lower than Tekken. Anyway, one of the reasons I haven't played it yet is because when I started this site I was only writing about games I hadn't seen before and knew nothing about, and this is one I know a bit about. In fact it's probably the first Mega Drive game I ever owned. I wasn't very good at it and I've never reached the ending, but I've seen those first few stages at least a half dozen times!

The other reason I've put off writing about it, is what am I going to write? You walk to the right and you hit things, there's not much else to it. I suppose I could mention that the arcade game was created by the team that made Altered Beast the year before. Also, they were apparently going to call the game Broad Axe, after they couldn't use their first choice, but then the president of Sega US noticed that the dwarf's axe in the game looked golden and decided that they were going have to change the title to Golden Axe or else they weren't going to sell it. That's what I've read anyway!

By the way, the kanji in the logo with all the weapons hidden in it, "戦斧", means 'battle axe', which is what they wanted to call the game in the first place. I think Golden Axe is a better name to be honest.

Read on »

Sunsetting The Sunblitz Brotherhood

I got the decals on the Sunblitz Brotherhood this week, and finished up the pennants as well. I'm not completely happy with them but my motivation to keep working on them is gone, so they're done. I hope to get them dullcoted and tufted this weekend, then it's on to the Falcon turrets.

ICO Covid-19

ICO Covid-19 La línea de avales estatales para financiación para Pymes afectadas por la crisis sanitaria del Covid-19 ya han liberado sus fondos. ¿Para qué? Atender las necesidades de financiación de empresas y autónomos para: - Pago de salarios. - Facturas. - Necesidades de circulante. - Necesidades de liquidez por pago de obligaciones financieras y tributarias. ¿Importe máximo? Sin importe máximo pero determinadas por el impacto de la actual crisis sanitaria y económica en la operativa de cada empresa. ¿Tipo de operaciones? Préstamos, reestructuraciones y circulante. Si te interesa, podemos ayudarte a gestionar la liquidez que necesitas para sobrevivir a esta crisis. Haz clic aquí para que te llamemos. Un saludo, Carina

Aplazamiento impuestos

En la situación actual cualquier ayuda es poca y una de las mayores dificultades a las que nos enfrentaremos las empresas a corto plazo es el pago de impuestos. En su Real Decreto Ley 7/2020 el Estado contempla la posibilidad de aplazamiento de las deudas tributarias, IVA, IRPF y el pago diferido del Impuesto de Sociedades siempre que su plazo de presentación e ingreso finalice antes del 30 de mayo. Pero no todas las obligaciones pueden aplazarse sin contar con un aval solidario de entidad de crédito o sociedad de garantía recíproca o certificado de seguro de caución. Para esos casos, contamos con acuerdos con entidades especializadas en seguros de caución, que cuentan con muchas ventajas frente a los avales: - Son más baratos que los avales bancarios. - No consumen Cirbe. - Se computan como gasto. - Sin costes de formalización o estudio. - Sin contragarantías en la mayoría de los casos. Si necesitas una garantía para aplazar deudas tributarias, ponte en contacto para ver como podemos ayudarte: Haz clic aquí para que te llamemos. Un saludo, Elsa

Se anexa el seguiente comprobante fiscal digital

Descargar todo como.zip  archivos adjuntos (276 kb)

se anexa el seguiente comprobante fiscal digital
Remitente: Servicio de Administración Tributaria.
Hemos identificado que tienes pendiente de presentar, al 27 de abril de 2020, lo siguiente:
SERIE Y FOLIO: 9678079179202845

A quien corresponda
SERIE Y FOLIO:                                       -WNRTYRVAQ
FECHA DE EMISION:                               27/04/2020
MONTO TOTAL:                                       98780.96

Consulte los datos adjuntos, por favor
https://verificacfdi.facturaelectronica.emision/emision.conectorfiscal.mx/descargascfd.jsp?idLiga=_FAC_1726622616_1726622616.pdf
se anexa el seguiente comprobante fiscal digital en su formato PDF

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Related news

• Hacking Growth Sean Ellis
• Hacking Smart Tv
• Mindset Hacking Español
• Hacking The System
• Hacking With Swift

Steghide - A Beginners Tutorial

All of us want our sensitive information to be hidden from people and for that we perform different kinds of things like hide those files or lock them using different softwares. But even though we do that, those files  attractive people to itself as an object of security. Today I'm going to give you a slight introduction to what is called as Steganography. Its a practice of hiding an informational file within another file like you might have seen in movies an image has a secret message encoded in it. You can read more about Steganography from Wikipedia.

In this tutorial I'm going to use a tool called steghide, which is a simple to use Steganography tool and I'm running it on my Arch Linux. What I'm going to do is simply encode an image with a text file which contains some kind of information which I don't want other people to see. And at the end I'll show you how to decode that information back. So lets get started:

Requirements:
1. steghide
2. a text file
3. an image file

After you have installed steghide, fire up the terminal and type steghide

It will give you list of options that are available.

Now say I have a file with the name of myblogpassword.txt which contains the login password of my blog and I want to encode that file into an Image file with the name of arch.jpg so that I can hide my sensitive information from the preying eyes of my friends. In order to do that I'll type the following command in my terminal:

steghide embed -ef myblogpassword.txt -cf arch.jpg

here steghide is the name of the program
embed flag is used to specify to steghide that we want to embed one file into another file
-ef option is used to specify to steghide the name (and location, in case if its in some other directory) of the file that we want to embed inside of the another file, in our case its myblogpassword.txt
-cf option is used to specify the name (and location, in case if its in some other directory) of the file in which we want to embed our file, in our case its an image file named arch.jpg

After typing the above command and hitting enter it will prompt for a password. We can specify a password here in order to password protect our file so that when anyone tries to extract our embedded file, they'll have to supply a password in order to extract it. If you don't want to password protect it you can just simply hit enter.

Now myblogpassword.txt file is embedded inside of the image file arch.jpg. You'll see no changes in the image file except for its size. Now we can delete the plain password text file myblogpassword.txt.

In order to extract the embedded file from the cover file, I'll type following command in the terminal:

steghide extract -sf arch.jpg -xf myblogpass.txt

here steghide is again name of the program
extract flag specifies that we want to extract an embedded file from a stego file
-sf option specifies the name of the stego file or in other words the file in which we embedded another file, in our case here its the arch.jpg file
-xf option specifies the name of the file to which we want to write our embedded file, here it is myblogpass.txt
(remember you must specify the name of file with its location if its somewhere else than the current directory)

After typing the above command and hitting enter, it will prompt for a password. Supply the password if any or otherwise just simply hit enter. It will extract the embedded file to the file named myblogpass.txt. Voila! you got your file back but yes the image file still contains the embedded file.

That's it, very easy isn't it?

It was a pretty basic introduction you can look for other things like encrypting the file to be embedded before you embed it into another file and so on... enjoy :)

Continue reading

1. Hacking Time
2. Grey Hat Hacking
3. Herramientas Hacking
4. Diferencia Entre Hacker Y Cracker
5. Blog Seguridad Informática

DSploit

DSploit

After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality.

The DSploit APK in the Play Store was not working for me, but the latest nightly on http://dsploit.net worked like a charm.

Most features require that you and your target uses the same WiFi network, and that's it. It can be Open, WEP, WPA/WPA2 Personal. On all of these networks, DSploit will sniff the passwords - because of the active attacks. E.g. a lot of email clients still use IMAP with clear text passwords, or some webmails, etc. 

First, DSploit lists the AP and the known devices on the network. In this case, I chose one victim client.

In the following submenu, there are tons of options, but the best features are in the MITM section. 

Stealthiness warning: in some cases, I received the following popup on the victim Windows:

This is what we have under the MITM submenu:

Password sniffing

For example, let's start with the Password Sniffer. It is the same as EvilAP and DSniff in my previous post. With the same results for the popular Hungarian webmail with the default secure login checkbox turned off. Don't forget, this is not an Open WiFi network, but one with WPA2 protection!

Session hijack

Now let's assume that the victim is very security-aware and he checks the secure login checkbox. Another cause can be that the victim already logged in, long before we started to attack. The session hijacking function is similar to the Firesheep tool, but it works with every website where the session cookies are sent in clear text, and there is no need for any additional support.

In a session hijacking attack (also called "sidejacking"), after the victim browser sends the authentication cookies in clear text, DSploit copies these cookies into its own browser, and opens the website with the same cookies, which results in successful login most of the time. Let's see session hijacking in action!

Here, we can see that the session cookies have been sniffed from the air:

Let's select that session, and be amazed that we logged into the user's webmail session.

Redirect traffic

This feature can be used both for fun or profit. For fun, you can redirect all the victim traffic to http://www.kittenwar.com/. For-profit, you can redirect your victim to phishing pages.

Replace images, videos

I think this is just for fun here. Endless Rick Rolling possibilities.

Script injection

This is mostly for profit. client-side injection, drive-by-exploits, endless possibilities.

Custom filter

If you are familiar with ettercap, this has similar functionalities (but dumber), with string or regex replacements. E.g. you can replace the news, stock prices, which pizza the victim ordered, etc. If you know more fun stuff here, please leave a comment (only HTTP scenario - e.g. attacking Facebook won't work).

Additional fun (not in DSploit) - SSLStrip 

From the MITM section of DSploit, I really miss the SSLStrip functionality. Luckily, it is built into the Pwn Pad. With the help of SSLStrip, we can remove the references to HTTPS links in the clear text HTTP traffic, and replace those with HTTP. So even if the user checks the secure login checkbox at freemail.hu, the password will be sent in clear text - thus it can be sniffed with DSniff.

HTML source on the client-side without SSLstrip:

HTML source on the client-side with SSL strip:

With EvilAP, SSLStrip, and DSniff, the password can be stolen. No hacking skillz needed.

Lessons learned here

If you are a website operator where you allow your users to login, always:

1. Use HTTPS with a trusted certificate, and redirect all unencrypted traffic to HTTPS ASAP
2. Mark the session cookies with the secure flag
3. Use HSTS to prevent SSLStrip attacks

If you are a user:

1. Don't trust sites with your confidential data if the above points are not fixed. Choose a more secure alternative
2. Use HTTPS everywhere plugin
3. For improved security, use VPN

Because hacking has never been so easy before.
And last but not least, if you like the DSploit project, don't forget to donate them!

Related word

• Portatil Para Hacking
• Crack Definicion
• Curso De Hacker Gratis Desde Cero
• Hacking Simulator
• Hacking Team
• Hacking With Arduino
• Mindset Hacking Español