IKATAN ALUMNI SMPN 233 JAKARTA BLOG

Salam semua para alumni SMPN 233 Jakarta, Apa kabar ?
Blog ini gue buat dengan tujuan biar kita bisa saling sharing dan juga bila ada informasi terbaru yang isinya kumpul - kumpul bisa dengan segera disampikan, Buat para alumni yang jauh mengerti tentang blog dan sebagainya, bisa bantu gue memperbaiki blog ini dan menjadikannya lebih indah.....Gue tunggu partisipasinya.

salam kehangatan

see zhiunk

22 Sep 2020

Oceanhorn For Mac Appstore - Out Now!

Oceanhorn looks great on Mac, especially with Ultra settings!

We are proud to announce that today we released a remastered version of Oceanhorn: Monster of Uncharted Seas for Mac Appstore, together with our buddies at FDG Entertainment! Just like in iOS version, the soundtrack is composed by Nobuo Uematsu and Kenji Ito. We did the port for OSX ourselves to make sure everything will be perfect when Mac gamers set on their journey in Arcadia!

Here's the link to the Appstore:
https://itunes.apple.com/fi/app/oceanhorn/id1044375067?mt=12

So if you're a Mac gamer and haven't yet played remastered version of Oceanhorn yet – now's your chance.

Happy adventures!

21 Sep 2020

Binding The Powers Of Nature: The Caster Gun

The world of Gaia is living an era of unprecedented technological marvel, led by Arcadia, home of Archimedes and his engineering revolution. However, there's a power hidden from regular folk and forgotten by many: magic.

One relic from the days when Knights and Mages were fighting united in the Direfolk War is the weapon our Hero wields: the Caster Gun, a rare device created by the best Arcadian Mages, able to transmute the raw elements of nature you'll find along the journey into combat spells.




Oceanhorn 2: Knights of the Lost Realm features four main spell types: Fire, Ice, Lightning and Heal, each useful for a specific purpose.

As you might guess, Fire will allow you to burn down wooden objects, destroy weak walls and inflict massive damages against vulnerable enemies. Ice can freeze enemies in place, or spawn floating ice rafts on the surface of the water. Lightning stuns enemies and is useful to power devices or solve electricity-based puzzles. Last but not least, when you're running low on HP, the Health spell will allow Hero to recover some much-needed hearts.

During the game, you'll also be able to increase the efficacy of this weapon thanks to the Power-Up Shards that you'll find as rewards from treasure chests scattered around the map. Once equipped, they will increase either Damage, Might (which influences duration and area of effect) or Charge (the cooldown) of the Caster Gun.


This is all for today, but remember: there are many other gadgets waiting for you in Oceanhorn 2: Knights of the Lost Realm – keep your eyes peeled for more!  


---

Want to get these updates a few days earlier? Sign up for the newsletter on the Oceanhorn website!

12 Sep 2020

Light Wood Floor - 5 Textures

 


Continue Reading »

Lift Off

I am betting on the U recovery, a downgrade from a V, hopes dashed by a uniquely American belief in personal freedom. A U is a V with a trough filled with the corpses of our callously discarded elders. A "U" assumes we will see sales back to normal quickly once a vaccine is in play, which is somewhat optimistic when many industries expect up to three years to recover. They expect something that looks more like a Nike swoosh. I do not want swoosh. If I thought we were swooshing, I might exit. No swoosh.

This willful rush towards oblivion cost my business $90,000. I didn't fully realize this until I applied for a grant this week. It will set me back five years financially, assuming things were back to normal, which they are not. We survived because I borrowed money from my home equity, called on investors for more cash, took a PPP loan/grant that is still questionable as to repayment, and only then dipped into a large EIDL loan to pay off creditors. Any victory lap you perceive me taking is in the context of this tremendous cost for others personal freedoms. 

My strategy forward is fairly simple. Since I'm loaded up with government loan money, I'm rapidly expanding inventory. Some of it will be good choices, some bad, but in the end, and before I make a single loan payment, I'll have it dialed in. I am going to attempt to broaden and deepen my offerings in hopes of drawing in more customers now, boost sales to something approaching normal as time goes by, and be prepared for my approaching U recovery. 

When that recovery comes, be it a U or even the dreaded swoosh, we will be stronger than before. Which is good, because I've got some hefty new loan payments. That's nothing new though, and in fact, they are lower than my recently paid off construction loans, for the game space I can't use, in the retail location rent out of proportion with what's happening.


4 Sep 2020

Download Just Dance 2019 For SWITCH

Download Just Dance 2019 For SWITCH

NSP | Update v1.0.1 | HACKED


Dance to your own beat with Just Dance® 2019, the ultimate dance game featuring 40 hot tracks from chart-topping hits to family favorites, including "Havana" by Camila Cabello, "Bang Bang Bang" by BIGBANG, "No Tears Left To Cry" by Ariana Grande, and many more! With a one-month trial of Just Dance Unlimited included, dance to more than 400 songs!
Your Just Dance experience is now personalized as the game learns your dancing habits and suggests content!
Experience eight exclusive choreographies created with the help of kids' development experts to encourage healthy movement.
Featuring seasonal and special-event content for an even more dynamic experience on a new curated homepage.
Platform
 
Nintendo Switch
Release Date
 
Oct 23, 2018
No. of Players
 
up to 6 players
Category
 
Music, Party, Training, Simulation
Publisher
 
Ubisoft
Developer
 
Ubisoft Paris / Ubisoft Pune / Ubisoft Shanghai




 DOWNLOAD LINKS

 DOWNLOAD NSP JUST DANCE: 

 
 
 
 Download-Part-4

 GAME SIZE: 7.4 GB
Password: After 10$ payment is done

31 Agu 2020

OpenVAS


"OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core is a server component with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications." read more...

Read more

30 Agu 2020

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
More information

Face Book