#bruteforce — Public Fediverse posts

Korben: #Bruteforce de #cartes #bancaires

Un #chercheur en #sécurité a démontré qu'il est possible de reconstituer les chiffres manquants d'une carte bancaire par bruteforce en testant des numéros auprès de la banque, à raison d'environ 6 tentatives par seconde.

https://korben.info/carte-bancaire-brute-force.html

🐱‍💻 Oh no! Credit cards can be hacked by brute force? Who would have thought that a string of numbers could be cracked like a safe? 🤯 I guess we'll just sit back and pretend #PCI #DSS is the Fort Knox of digital security while hackers crack open our piggy banks. 🐽🔓
https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html #creditcardsecurity #digitalhacks #bruteForce #cybersecurity #HackerNews #ngated

🐱‍💻 Oh no! Credit cards can be hacked by brute force? Who would have thought that a string of numbers could be cracked like a safe? 🤯 I guess we'll just sit back and pretend #PCI #DSS is the Fort Knox of digital security while hackers crack open our piggy banks. 🐽🔓
https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html #creditcardsecurity #digitalhacks #bruteForce #cybersecurity #HackerNews #ngated

🐱‍💻 Oh no! Credit cards can be hacked by brute force? Who would have thought that a string of numbers could be cracked like a safe? 🤯 I guess we'll just sit back and pretend #PCI #DSS is the Fort Knox of digital security while hackers crack open our piggy banks. 🐽🔓
https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html #creditcardsecurity #digitalhacks #bruteForce #cybersecurity #HackerNews #ngated

🐱‍💻 Oh no! Credit cards can be hacked by brute force? Who would have thought that a string of numbers could be cracked like a safe? 🤯 I guess we'll just sit back and pretend #PCI #DSS is the Fort Knox of digital security while hackers crack open our piggy banks. 🐽🔓
https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html #creditcardsecurity #digitalhacks #bruteForce #cybersecurity #HackerNews #ngated

🐱‍💻 Oh no! Credit cards can be hacked by brute force? Who would have thought that a string of numbers could be cracked like a safe? 🤯 I guess we'll just sit back and pretend #PCI #DSS is the Fort Knox of digital security while hackers crack open our piggy banks. 🐽🔓
https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html #creditcardsecurity #digitalhacks #bruteForce #cybersecurity #HackerNews #ngated

Credit Cards Are Vulnerable to Brute Force Kind Attacks

https://metin.nextc.org/posts/Credit_Cards_Are_Vulnerable_To_Brute_Force_Kind_Attacks.html

#HackerNews #CreditCards #CyberSecurity #BruteForce #Attacks #Vulnerabilities

288,493 Requests – How I Spotted an XML-RPC Brute Force from a Weird Cache Ratio

https://marcindudek.dev/blog/xmlrpc-brute-force-cache-rate/

#HackerNews #XMLRPC #BruteForce #CacheRatio #Security #Analysis #Cybersecurity #TechInsights

Q1 2026 Malware Statistics Report for Windows Database Servers

During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.

Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault

Q1 2026 Malware Statistics Report for Windows Database Servers

During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.

Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault

Q1 2026 Malware Statistics Report for Windows Database Servers

During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.

Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault

Q1 2026 Malware Statistics Report for Windows Database Servers

During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.

Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault

Q1 2026 Malware Statistics Report for Windows Database Servers

During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices.

Pulse ID: 69de00aae91f11a6bf2fbe68
Pulse Link: https://otx.alienvault.com/pulse/69de00aae91f11a6bf2fbe68
Pulse Author: AlienVault
Created: 2026-04-14 08:54:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CandC #Cloud #CyberSecurity #ICS #InfoSec #MSSQL #Malware #MySQL #OTX #OpenThreatExchange #PowerShell #RCE #SQL #Turkish #Windows #bot #AlienVault

So I didn't write down the password to one of my new routers and for shits and giggles I'm trying to #bruteforce it on my network with #hydra
I've never used it before but it looks superb, the way it multi threads and does not overload the server.
I didn't want to factory default because I want the port data for diagnostic.

When trying to solve a difficult problem, do not under-estimate the power of brute force & ignorance.

#solve #solution #problem #BruteForce #Ignorance #BruteForceAndIgnorance

На «РусКрипто’2026» рассказали, как защитить пароли от взлома на ASIC и FPGA

С 24 по 27 марта в Подмосковье проходит ежегодная международная конференция «РусКрипто’2026», отражающая развитие криптографии и информационной безопасности. В этом году многие участники затрагивали вопросы цифрового суверенитета и построения доверенной цифровой среды. Особый интерес вызвал доклад сотрудников лаборатории криптографии компании «Криптонит» Анастасии Чичаевой и Степана Давыдова, посвящённый защите от взлома на специализированном «железе». В своём выступлении Анастасия Чичаева рассказала о современных подходах к построению и анализу так называемых memory-hard functions (MHF) — криптографических функций, требовательных к объёму памяти. Они становятся эффективным противодействием использованию специализированных вычислителей для перебора паролей и вырабатываемых из них ключей. К таким устройствам относят ASIC (специализированные интегральные схемы) и FPGA (программируемые логические интегральные схемы). Те и другие можно «заточить» на параллельное выполнение алгоритмов одного типа (например — хэширования) и достичь большей эффективности, чем , при использовании процессоров общего назначения. Следовательно, ASIC и FPGA существенно снижают затраты на проведение атак методом перебора. При этом у них ограниченный объём памяти (особенно у ASIC), и это свойство можно использовать в стратегии защиты. Memory-hard функции как раз устроены так, что для их вычисления требуется значительный объём памяти, поэтому их применение делает массовый перебор паролей на специализированных вычислителях экономически невыгодным, а это – универсальная стратегия защиты.

https://habr.com/ru/companies/kryptonite/articles/1015358/

#Memoryhard_functions #MHF #ASIC #FPGA #Scrypt #Argon2 #bruteforce #password

Quanto tempo serve a un Computer per indovinare la tua Password?

https://www.psicospace.it/quanto-tempo-serve-a-un-computer-per-indovinare-la-tua-password/

Der KI-Sturm: USA und "Brute Force" vs. Klein-Klein der EU – und was macht China? (Statista + Recherche-Analyse + Kommentar) #KI #AI #USA #BruteForce #Amazon #Alphabet #Microsoft #Meta #China #EU #SAP #Siemens #Huawei #ARPU #AGI #Industry #Investitionen

https://derwahlberliner.com/2026/02/04/der-ki-sturm-usa-und-brute-force-vs-klein-klein-der-eu-und-was-macht-china-statista-recherche-analyse-kommentar/

Der KI-Sturm: USA und "Brute Force" vs. Klein-Klein der EU – und was macht China? (Statista + Recherche-Analyse + Kommentar) #KI #AI #USA #BruteForce #Amazon #Alphabet #Microsoft #Meta #China #EU #SAP #Siemens #Huawei #ARPU #AGI #Industry #Investitionen

https://derwahlberliner.com/2026/02/04/der-ki-sturm-usa-und-brute-force-vs-klein-klein-der-eu-und-was-macht-china-statista-recherche-analyse-kommentar/

Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC

https://neodyme.io/en/blog/drone_hacking_part_1/

#HackerNews #DroneHacking #FirmwareDumping #ECC #BruteForce #Cybersecurity #TechBlog

Хотят многие, делают единицы: наш опыт автоматизации рутины пентеста

Привет, Хабр! Меня зовут Дмитрий Федосов, я руковожу отделом наступательной безопасности в Positive Technologies. В этой статье мы с ведущим специалистом нашего отдела Владиславом Дриевым расскажем про автоматизацию рутины в пентесте на основании нашего опыта построения результативной безопасности. Вообще, автоматизация рутины пентеста — довольно очевидная идея, но на пути от идеи до работающего средства множество препятствий: от неочевидных багов популярных инструментов до проблем с масштабированием и конкуренцией за сетевые ресурсы. В статье речь пойдёт о том, как автоматизация меняет сам подход к оценке защищенности инфраструктуры. Разберем, с каких атак начать исследователю, как избежать скрытых проблем с Masscan, Kerbrute, Impacket, и почему на рынке до сих пор так мало готовых решений.

https://habr.com/ru/companies/pt/articles/984606/

#автоматизация_рутины #пентест #тестирование_на_проникновение #pt_dephaze #masscan #bruteforce #impacket #векторы_атак #уязвимости_и_их_эксплуатация

Что еще могёт курсор

Началось все весьма прозаично, клиент позвонить к нам в техподдержку и спросил «а как бы мне поставить ваш софт но в другую схему БД». Собственно вопрос проще некуда — мы писали на спринге, а значит лезем в application.yml и ставим схему. Но, клиент не из тупых и уже это попробовал — не сработало. Начинаем разбираться что сломалось и кто виноват. Первым делом ДевОпс повторяет кульбиты клиента и выдает простой вердикт: «В 151 миграции лажа». Я открываю и: «батюшки родный, да это же лосенок явное указание схемы!»

https://habr.com/ru/articles/961056/

#flyway #spring #migrations #java #bruteforce

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

Hm. Over at the facesite I commented on a post about #bruteforce attacks on a commercial network product with a link to https://nxdomain.no/~peter/badness_enumerated_by_robots.html, and got a followup asking whether I have bruteforce protection "in front of" my ssh servers.

And this only hours after I scared the cat by LOL from seeing that the #pop3gropers are actively trying the local parts of my freshly random spamtraps (see https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html a bit down the page). #passwordgroping #cybercrime

SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations https://www.securityweek.com/sonicwall-prompts-password-resets-after-firewall-configurations-exposed-in-breach/ #NetworkSecurity #passwordreset #bruteforce #SonicWall #firewall #password

SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations https://www.securityweek.com/sonicwall-prompts-password-resets-after-firewall-configurations-exposed-in-breach/ #NetworkSecurity #passwordreset #bruteforce #SonicWall #firewall #password

A coordinated brute-force campaign has targeted Fortinet SSL VPNs, over 780 unique IPs launched credential attacks on August 3, followed by a change of target from FortiOS to FortiManager.

Read: https://hackread.com/brute-force-campaign-fortinet-ssl-vpn-coordinated-attack/

#Cybersecurity #Fortinet #BruteForce #CyberAttack #FortiOS #FortiManager

Jemand versucht gerade exzessiv, eine von mir frisch aufgesetzte WordPress-Webseite per Brute Force zu hacken.

Die Seite ist von Beginn an (seit einigen Tagen) mit einem Wartungsbild online.

Das besondere dabei ist: der oder die Angreifer verwenden bei jedem neuen Zugriff eine andere IP-Adressen.

Warum ich denke, dass es sich um einen gezielten Angriff eines Täters oder einer Gruppe von Tätern handelt? Weil es besondere andere Anzeichen genau dafür gibt.

#BruteForce #WordPress #Login #Attacke

Exhaustive enumeration of Rogue seeds progress:

I've created an S3 bucket full of bitmaps for each room "feature" (currently only position and size), one bit per seed. This will allow reverse lookups -- if we want to find seeds where room 0 has height 6 and width 17, we can AND the corresponding bitmaps and find which bits are set. This is about 231GiB large.

But, the slow part is actually uploading to S3. Running a complete enumeration locally takes less than 14 minutes (and this without any particular effort put into optimization or parallelization!) So building a query engine over this data may not be worth the investment if it only takes that little time to run an exhaustive search.

I'm still thinking of a visualization. There are 2529 possible room configurations so a nice 51x50 grid could plot the relative frequency of each, in each room position. But, this makes large rooms look more probable than they are. (Rogue picks a room size and then places it to fit second, so there are many configurations for small rooms and only one for the largest room.)

However, this is still Rogue(*) not real Rogue. A small variant in which monsters are placed _after_ room creation, not _during_.

#Rogue #ProceduralContentGeneration #BruteForce

---EDIT---
DONE! Thx a Lot Magic People!!!

---/EDIT---

Hey Fediverse please do your magic:

I need the password-cracking table from Hive, but i guess I'm to dumb to sign up, or my security settings prevent me from getting in contact with them.

Can anybody provide me with a high res version of the table?

https://www.hivesystems.com/blog/are-your-passwords-in-the-green

Thx a lot and please boost

#fedihelp #password #security #hacking #cracking #bruteforce

Brute Force Hash Cracker Using SHA-256 With Python

https://denizhalil.com/2025/05/09/brute-force-hash-cracker-python-sha256/

#bruteforce #cybersecurity #ethicalhacking #hashcracking #passwordsecurity #sha256 #pythonprojects

Brute Force Hash Cracker Using SHA-256 With Python

https://denizhalil.com/2025/05/09/brute-force-hash-cracker-python-sha256/

#bruteforce #cybersecurity #ethicalhacking #hashcracking #passwordsecurity #sha256 #pythonprojects

Brute Force Hash Cracker Using SHA-256 With Python

https://denizhalil.com/2025/05/09/brute-force-hash-cracker-python-sha256/

#bruteforce #cybersecurity #ethicalhacking #hashcracking #passwordsecurity #sha256 #pythonprojects

#Untersuchung zeigt:

So schnell #knackt aktuelle #Hardware #Passwörter

Wie schnell sich ein #Passwort per #BruteForce knacken lässt, hängt von mehreren Faktoren ab. Forscher haben mit aktuellen #Nvidia-GPUs den Test gemacht.

Ebenso wie 2024 haben die #Sicherheitsexperten von Hive Systems auch in diesem Jahr wieder untersucht, wie schnell sich #Passwörter unterschiedlicher Komplexität mit der Leistung aktueller Hardware per #Brute-Force-Angriff knacken lassen.

https://www.golem.de/news/untersuchung-zeigt-so-schnell-knackt-aktuelle-hardware-passwoerter-2505-195976.html

Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk? https://hackread.com/top-10-passwords-hackers-use-to-breach-rdp/ #PasswordSpraying #Cybersecurity #Vulnerability #CyberAttacks #CyberAttack #BruteForce #Microsoft #Security #Password #RDP

Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk? – Source:hackread.com https://ciso2ciso.com/top-10-passwords-hackers-use-to-breach-rdp-is-yours-at-risk-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #PasswordSpraying #cybersecurity #Vulnerability #CyberAttacks #CyberAttack #BruteForce #Microsoft #Hackread #Password #security #RDP

Nasilenie ataków brute force przeciw urządzeniom sieciowym – nawet 2,8 mln zaangażowanych adresów IP

The Shadowserver Foundation informuje o ataku brute force wymierzonym przeciwko urządzeniom sieciowym, w szczególności urządzeniom VPN firm Palo Alto, Ivanti, SonicWall. Według danych pochodzących z systemów honeypot, prezentowanych przez ich platformę monitoringową, nasilenie ataków trwa od końca stycznia. Liczba adresów IP zaangażowanych w atak sięga w szczycie nawet 2,8 mln w...

#WBiegu #Atak #Botnet #BruteForce #Honeypot #VPN

https://sekurak.pl/nasilenie-atakow-brute-force-przeciw-urzadzeniom-sieciowym-nawet-28-mln-zaangazowanych-adresow-ip/

@bsi -Warnung: Vermehrte #BruteForce-Angriffe auf #Citrix Netscaler Gateways | Security https://www.heise.de/news/BSI-Warnung-Vermehrte-Brute-Force-Angriffe-auf-Citrix-Netscaler-Gateways-10194910.html #CirtrixNetscaler #CredentialStuffing

hashCrack — это Python-инструмент для взлома паролей с помощью Hashcat, предлагающий удобный интерфейс и поддерживающий различные методы brute-force атак.

Он предназначен только для тестирования на проникновение в легальных условиях и совместим с Linux и Windows.

Среди ключевых особенностей — поддержка нескольких режимов, интерактивное меню и логирование результатов в директории сессий.

Кроме того предусмотрены команды для устранения ошибок и проверки функциональности, а также доступны рекомендации по словорям и правилам для повышения эффективности атак.

src: https://github.com/ente0/hashCrack

#blacktriangle #opensource #github #hashcat #python #crack #bruteforce #hack

https://0ut3r.space/2024/11/21/basic-access-authentication-bruteforce/ #bruteforce #ffuf #burp #0ut3rSpace

Detect Brute Force and Credential Access Activity Linked to Iranian Hackers: The FBI, CISA, and Partners Warn Defenders of Growing Attacks Against Critical Infrastructure Organizations – Source: socprime.com https://ciso2ciso.com/detect-brute-force-and-credential-access-activity-linked-to-iranian-hackers-the-fbi-cisa-and-partners-warn-defenders-of-growing-attacks-against-critical-infrastructure-organizations-source-socpr/ #rssfeedpostgeneratorecho #CyberSecurityNews #CredentialAccess #bruteforce

More data points - today's is

Oct 6 02:03:53 skapet sshd-session[76897]: Failed password for invalid user Can't open ikk from 2a02:4780:10:42bf::1 port 43964 ssh2

More likely than not a variant of spamto database gone awol like back in the day https://nxdomain.no/~peter/so_somebody_is_throwing_html_at_your_sshd.html (prettified, tracked https://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html) but still hilarious

#sshgropers #passwordgroping #bruteforce #shitheadery #botnets #sillybuggers #cybercrime

Another data point in the "you thought you had seen it all, but no siree" set -

Oct 4 13:34:04 skapet sshd-session[38440]: Failed password for invalid user Can't open ica from 2001:df7:3c00:800a::446:34dc port 54770 ssh2

(and from several other locations)

#sshgropers #passwordgroping #bruteforce #shitheadery #botnets #sillybuggers

О bruteforce и его реинкарнациях

Все мы хорошо знаем о том, что пароли можно подобрать или перехватить другими способами. В рамках данной статьи мы будем говорить именно о подборе паролей. Будем считать, что наш атакующий не имеет физического доступа к машине, с которой осуществляется аутентификация и следовательно, поставить троян или кейлоггер он не может. Также хакер не может контролировать каналы связи, весь трафик между клиентом и сервером зашифрован и у злоумышленника нет возможности реализовать Man in the Middle. Но зато, хакеру доступен интерфейс атакуемого приложения, где он может вводить свои учетные данные.

https://habr.com/ru/companies/otus/articles/846872/

#bruteforce #password_security #информационная_безопасность

Вход в заднюю дверь или пентест сетевых принтеров и МФУ

В данной статье мы с вами затронем анализ сетевых принтеров / МФУ в компании. Каждый из Вас наверное замечал, что данные устройства стоят почти в каждом кабинете и этаже (последнее более опасно, так как доступ к данным устройствам может получить любой человек: сотрудник компании, внешний гость или подрядная организация). Многие компании не выполняют необходимые мероприятия по предварительной донастройке данных устройств, а данные хосты могуть уязвимым звеном в периметре информационной системы.

https://habr.com/ru/articles/847196/

#пентест #принтеры #мфу #responder #msfconsole #ldap #smtp #handshake #bruteforce #wordlist

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

https://github.com/0xdea/tactical-exploitation

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.