Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust (more on talk/). Inspired by great tools like maskprocessor, hashcat, Crunch and 🤗 HuggingFace's tokenizers. Cracken 🐙 is used for:
What? Why? Woot??At DeepSec2021 we presented a new method for analysing passwords as Hybrid-Masks exploiting common substrings in passwords by utilizing NLP tokenizers (more info on talk/). Our method splits a password into its subwords instead of just a characters mask. HelloWorld123! splitted into ['Hello', 'World', '123!'] as these three subwords are very common in other passwords. Hybrid Masks & Smartlists
https://github.com/shmuelamar/cracken At the link is Ben's best effort at some modern sane defaults for a secure SSH client. He's specifically using macOS but these should be able to be used on a Linux client as well. He settled on using ed25519/EdDSA keys as they are currently the most secure keys you can create, and they are not considered to have a compromised algorithm, like ECDSA. https://montour.me/hardening-your-client-ssh-config-file-43eb596425d4 We have been missing a good forwarding service since way back when Bigfoot.com sold out their domain name to a dance studio. This time the opportunity is presented by FireFox, so we tried a free account at relay.firefox.com. First thought is that you only seem to get ugly e-mail addresses like [email protected]. No customization. Just ugly. We tried the premium service and instead of limiting you to just 5, you have an unlimited number of ugly e-mal addresses (OK they do let you select other domain names). The next thing we didn't like was the 150k limit on the mail forwarding sizes. If you did need to use it for something more important would they just reject the mail? Would they send a notice? How would anyone ever know? We are not sure how this makes things any more secure, as spam and malware will have mozmail.com clocked early on, but, for what it does: limit spam, protect you by not revealing your real e-mail address, it's a start! This is an ATT&CK-like matrix focus on CI/CD Pipeline specific risk. MITRE ATT&CK® is a knowledge base of adversary tactics and techniques. This threat map is published in conjunction to the presentation “Attacking and Securing CI/CD Pipeline” at CODE BLUE 2021 Opentalks. The purpose of this matrix is to share knowledge on securing CI/CD environments with Cybersecurity community. This matrix was created by Mercari Security Team, and reviewed by Platform Team. https://github.com/rung/threat-matrix-cicd?mc_cid=ca5399112f Also see this slide presentation: https://speakerdeck.com/rung/cd-pipeline |
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |