Collaborate Disseminate
I’ve used Gecko iPhone Toolkit to gain SSH access into my iPhone 3GS.
While there I’m having a look at the file /etc/master.passwd and I find this:
##
# User Database
#
# This file is the authoritative user database.
##
nobody:*:-2:-2::0:0… Continue reading What is the hashed password in the master.passwd file?
Top 10 Passwords hackers use to breach RDP revealed! Weak credentials cause successful cyberattacks- check if yours is on the list and secure your system now. Continue reading Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk?
I’m trying to think of a way to create the most hacker-proof login system that I can only get into.
Currently my login page only consists of a password box and a button to submit data. Its run on an https url I never disclose to the public… Continue reading Most hacker-proof login page
(found on reddit)
[translation: the website is programmed to reject the login if it is the correct password and if it is the first login attempt]
Assume that the scheme is to reject the first correct login attempt – because otherwise it d… Continue reading Is it viable to defend against brute force attacks by rejecting correct passwords?
I’m designing a service to store secrets without relying on traditional mail-password system.
I will describe this service to give a bit more context for my questions, at the end.
secret The payload we want to store (encrypted) for the us… Continue reading Deriving multiple hashes from a single password for different use cases
Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access. Continue reading Mercedes-Benz Head Unit security research report
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s e… Continue reading Faraway Russian hackers breached US organization via Wi-Fi
I was informed by an entity that their hospital information system relies on Active Directory (AD) for user authentication, with AD configured to detect brute-force login attempts. However, the administrator mentioned that the application … Continue reading Can brute-force login attacks bypass AD protections if an application’s internal brute-force defense is not enforced? [closed]
As part of my project, I am trying to brute force a security code for an app using "Forgot my password" option. I understand that I can brute force username and password using Hydra. However, it looks like I cannot use hydra for … Continue reading How to brute force security code or One Time Password
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few da… Continue reading Exploited: Cisco, SharePoint, Chrome vulnerabilities