Archive | Cryptography

Advertisements


08 January 2014 | 1,280 views

Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Bitcoin and other cryptocurrencies are pretty much headline news every day now, especially with the inflated values (Bitcoin over $1000 recently). We haven’t mentioned them for a long time though, back in 2012 we wrote about Hackers breaking into a Bitcoin Exchange Site called Bitcoinica. There have been plenty of Bitcoin related hacks since then, […]

Continue Reading


23 December 2013 | 6,022 views

Researchers Crack 4096-bit RSA Encryption With a Microphone

So this is a pretty interesting acoustic based cryptanalysis side-channel attack which can crack 4096-bit RSA encryption. It’s been a while since we’ve seen anything hardware based, and RSA 4096 is pretty strong encryption, I wonder how they figured this one out. It makes sense though when you think about it, although I wouldn’t have […]

Continue Reading


28 November 2013 | 2,199 views

ike-scan – Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan can perform the following functions: Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan. Fingerprinting Determine which IKE implementation the hosts […]

Continue Reading


19 November 2013 | 7,274 views

HashTag – Password Hash Type Identification (Identify Hashes)

HashTag.py is a Python script written to parse and identify the password hash type used. HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes (use the command line switch -hc to output the hashcat modes). It is also able to identify a single hash, parse a […]

Continue Reading


16 November 2013 | 3,357 views

Linux Backdoor Fokirtor Injects Traffic Into SSH Protocol

Earlier this week we wrote about an Internet Explorer 0-day which used an in-memory drive by attack, which was pretty smart. Now another new type of malware (a backdoor in this case), this time targeting Linux known as Fokirtor. There is no real discussion of the exploit used to plant this backdoor (if it was […]

Continue Reading


16 October 2013 | 2,350 views

AxCrypt – Open Source Windows File Encryption Software

AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7. Double-click to automatically decrypt and open documents. Store strong keys on removable USB-devices. Features Password Protect […]

Continue Reading


05 September 2013 | 3,848 views

Just Crypt It – How To Send A File Securely Without Additional Software

I’m pretty sure everyone has to send files to someone else online at some point, I’ve found myself having to do it quite often. And there’s always a quandary when it comes to sending something that is somewhat confidential. How do you secure it in transit? We generally have a few options – 1) Passworded […]

Continue Reading


13 March 2013 | 3,466 views

SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers. Features SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility Performance testing: session resumption and TLS tickets support Security testing: […]

Continue Reading


06 December 2012 | 2,624 views

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. […]

Continue Reading


08 August 2012 | 4,082 views

chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.

chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack. The process is as follows: Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance). Use chapcrack to parse […]

Continue Reading


Advertisements