Public DNS in Taiwan the latest victim to BGP hijack Security News & Discussion

---

• Public DNS in Taiwan the latest victim to BGP hijack
• Bypass default AppLocker rules - A post about a small discovery in AppLocker
• Passive DNS - a tutorial to setup your own Passive DNS using D4 Project
• My thoughts after my first (real) attempt at Hackthebox - Beginner Guides - 0x00sec
• Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS
• Analyzing a Coin Mining and Remote Access Hybrid Campaign
• Pgen – Command-line passphrase generator
• A new super light protocol resistant to Eclipse Attacks
• I made this tool to look for all the build logs of CI tools such as Travis-CI which can then be used to find sensitive information

Public DNS in Taiwan the latest victim to BGP hijack Posted: 31 May 2019 11:00 AM PDT submitted by /u/danyork [link] [comments]

Bypass default AppLocker rules - A post about a small discovery in AppLocker Posted: 31 May 2019 05:20 AM PDT submitted by /u/oddvarmoe [link] [comments]

Passive DNS - a tutorial to setup your own Passive DNS using D4 Project Posted: 31 May 2019 01:43 PM PDT submitted by /u/adulau [link] [comments]

My thoughts after my first (real) attempt at Hackthebox - Beginner Guides - 0x00sec Posted: 31 May 2019 01:03 AM PDT submitted by /u/Evil1337 [link] [comments]

Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS Posted: 31 May 2019 11:23 AM PDT submitted by /u/deft3 [link] [comments]

Analyzing a Coin Mining and Remote Access Hybrid Campaign Posted: 31 May 2019 11:15 AM PDT submitted by /u/kindredsec [link] [comments]

Pgen – Command-line passphrase generator Posted: 31 May 2019 09:57 AM PDT The EFF has made and published three lists of words to use that are easy to spell and generally easy to remember. I wrote a command-line tool in Rust for generating passphrase using these wordlists. I use it myself any time I need a password. My tool is fast, free of charge, open source and it can also tell you the entropy that will result for any given choice of number of words. For example let's say I want it to give me four words from the long wordlist, and I want to know how many bits of entropy this corresponds to. pgen -l -n 4 -e Current settings will create passphrases with 51.70 bits of entropy. 51.70 bits of entropy. What does that mean, you might ask. The Wikipedia article on password strength (https://en.wikipedia.org/wiki/Password_strength) explains it well: A password with an entropy of 42 bits calculated in this way would be as strong as a string of 42 bits chosen randomly, for example by a fair coin toss. Put another way, a password with an entropy of 42 bits would require 242 (4,398,046,511,104) attempts to exhaust all possibilities during a brute force search. Thus, by increasing the entropy of the password by one bit the number of guesses required doubles, making an attacker's task twice as difficult. On average, an attacker will have to try half the possible number of passwords before finding the correct one. Ok, so how good is 51.70 bits of entropy? Wikipedia, same article again: The minimum number of bits of entropy needed for a password depends on the threat model for the given application. [...] RFC 4086, "Randomness Requirements for Security", presents some example threat models and how to calculate the entropy desired for each one. Their answers vary between 29 bits of entropy needed if only online attacks are expected, and up to 96 bits of entropy needed for important cryptographic keys used in applications like encryption where the password or key needs to be secure for a long period of time and stretching isn't applicable. So let's say that you are satisfied with 51.70 bits of entropy in this case. What does a password like that look like? Let's generate one. pgen -l -n 4 plastic case refocus demise Pretty memorable right? :) Oh yeah, and about the claim that it's fast. Just how fast is it? Have a look. time pgen -l -n 4 browbeat hummus sandbox unfixable real 0m0.005s user 0m0.001s sys 0m0.006s That's 5 milliseconds. But hey, let's say we wanted to generate a bunch of passphrases at once. How much time does it take to generate 10.000 passphrases and dump them into a text file? time pgen -l -n 4 -k 10000 > 10k.txt real 0m0.132s user 0m0.073s sys 0m0.058s About zero point one seconds. Not that generating 10.000 passphrases is something that you are likely to do, but it just speaks to how fast this tool is ^^ Source and instructions on how to install it are on GitHub. https://github.com/ctsrc/Pgen submitted by /u/codetrotter [link] [comments]

A new super light protocol resistant to Eclipse Attacks Posted: 30 May 2019 07:38 PM PDT submitted by /u/yahsintw [link] [comments]

I made this tool to look for all the build logs of CI tools such as Travis-CI which can then be used to find sensitive information Posted: 31 May 2019 03:25 AM PDT submitted by /u/darshkpatel [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States