Category: Information Security
The difficulty presented by HTB machines can be challenging, frustrating, and rewarding. I think the machine TraceBack provides a perfect balance of all 3 of those qualities into a very fun experience.
The challenge given by Remote will have you breaking into the Umbraco CMS system on multiple levels.
It felt good to spend a day roasting in the Sauna while sharpening the Windows attack skills.
Overall this was a great host for emulating what is commonly seen on real world windows networks in many companies today.
Overall a very straight forward challenge, and a great target to practice the entire attackers methodology.
Walkthru for JSON.htb This is a detailed walk-thru for JSON.htb written by dR1PPy JSON was a very fun machine for attacking vulnerable serialization services. This challenge has a very real world feel and was a great overall experience. Much thanks to Cyb3rb0b for putting this challenge together, also for the clever nameplay based on the…
The Logic behind Password Hashing
This is a mirror of a post originally found here: http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846 The Theory We need to hash passwords as a second line of defence. A server which can authenticate users necessarily contains, somewhere in its entrails, some data which can be used to validate a password. A very simple system would just store the passwords themselves, and…
Blind Zerg Rush for Security
While reviewing some old publications I came across this great article that was written just weeks after the 9/11 tragedy in NY. Based on recent events disclosed around the PRISM program and US Government actions against privacy in general the article seems to be very scary with it’s foreshadowing. Here is an excerpt taken from…
From $40k to Free – The Carberp source leak
Very interesting source code leak today for the Carberp malware family. This black market malware once being offered for $40k will surely be of interest to anyone who conducts malware & botnet analysis. The leak included a few other tools that helped make it so successful like the bootloader, MC obfuscate, along with various functions…
Why Your 8 Character Password Sucks
“Passwords must contain 8 characters and include upper case and numbers” This ‘rule’ is often used by many websites, corporate domains, and networking devices. But as is the case with many information security standards by the time it is adopted by the masses it is already weakened or outdated.