https://specopssoft.com/blog/are-rainbow-tables-still-relevant/
Some thoughts on Mandiant "deprecating" NTLM by posting a set of rainbow tables. Please stop coming to the Password Village and asking if we're using rainbow tables for the competition. Please. I beg you.
Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle.
Due to current events, one might wish to setup a node for a mesh communication network such as Meshtastic or Meshcore. I wrote a starter guide for setting up a Meshtastic node using a readily available LoRA device from Amazon, the Heltec v3. More Meshtastic content to come.
In light of… current events occuring south of Canada, I felt it was prudent to start doing more work on things like wireless mesh networking. As such, I wanted to work on getting my first Meshtastic (or meshcore, but we’ll do meshtastic for now) node setup to get some coverage for my neighbourhood.
Honestly, fuck that guy for posting that MongoBleed PoC on Christmas. I hope he finds new and exciting legos when he goes to the washroom at night.
It’s been a while! I got busy with a bunch of other work, so I haven’t been posting here lately. Going into the new year I hope to improve that, and try to do some streaming and video content as well. We’ll see how that goes; start the new year with a good cadence and make something happen.
Honestly, fuck that guy for posting that MongoBleed PoC on Christmas. I hope he finds new and exciting legos when he goes to the washroom at night.
It’s been a while! I got busy with a bunch of other work, so I haven’t been posting here lately. Going into the new year I hope to improve that, and try to do some streaming and video content as well. We’ll see how that goes; start the new year with a good cadence and make something happen.
I had a discussion yesterday with an acquaintance about some new infostealer leaks; I was talking about verifying whether the credentials are new or not; so I did some writing about why it's not unsafe to look up whether your password got leaked on the average service.
I had a discussion yesterday with an acquaintance about some new infostealer leaks; I was talking about verifying whether the credentials are new or not (which was a silly thing to do, I should have known they weren’t in HIBP — for different reasons though) and I went to check if some of the passwords were contained in the HIBP corpus. The acquiantance asked something to the effect of, “why would you put the password into a web form, isn’t that leaking it further?”. This naturally reveals a common misconception regarding how breached password lookups typically work; both in HIBP itself, and competing commercial breached corpuses.
A new variant of Breachforums appears to be bootstrapping and already has > 300 users:
Breachforums, the infamous darkweb hacking and stolen data marketplace recently had another setback when its remaining primary administrators were arrested in France, shutting down yet another iteration of the marketplace. This closes another chapter in a site that has caused immeasurable damage to consumer and enterprise systems alike, facilitating the sale and trade of initial access, credentials, and leaked data.
https://dak.lol/what-really-is-the-16b-password-leak/
Posting this one late today in order to get in lockstep with the misinformation surrounding the previously posted "16B Passwords Leak" that surfaced on BleepingComputer.
Both the original post, and the correction are largely incorrect, based on it being infostealer data.
Last week, a number of news outlets and organizations posted a story (which was then followed by ~ a retraction) of a darkweb password leak comprising 16B records. This immediately triggered a fervor around whether this was really a single leak, where it came from, who and how was exposed and so on – as always occurs around these things.
A short writeup about a funny Signal interaction I had last week with a security vendor.
That time I nearly got Hegsethed:
Following on the Microsoft and DoJ takedown of Lumma infrastructure, and this week’s news from Sophos discussing a single user hosting over 100 malware github repos, I wanted to spend some time looking into the specific vectors leveraged by some of these repositories. Recently, some of these attacks have included taking screenshots upon execution, which can give us a look into specifically what a user ran that triggered the RAT (Remote Access Trojan) and harvested data from their machine.
Following on the Microsoft and DoJ takedown of Lumma infrastructure, and this week’s news from Sophos discussing a single user hosting over 100 malware github repos, I wanted to spend some time looking into the specific vectors leveraged by some of these repositories. Recently, some of these attacks have included taking screenshots upon execution, which can give us a look into specifically what a user ran that triggered the RAT (Remote Access Trojan) and harvested data from their machine.
