arstechnica.com
Why passwords have never been weaker—and crackers have never been stronger | Ars Technica
http://arstechnica.com/security/2012/08/passwords-under-assault
The Rise of Specialized Databases. Sign up or login to join the discussions! Sign up to comment and more. Risk Assessment —. Why passwords have never been weaker and crackers have never been stronger. Thanks to real-world data, the keys to your digital kingdom are under assault. Aug 21, 2012 1:00 am UTC. Aurich Lawson / Thinkstock. The danger of weak password habits is becoming increasingly well-recognized," said Brooks, who at the time blogged about the warnings. The ancient art of password cracking has...
blog.korelogic.com
KoreBlog vuln_analysis_vmx86
https://blog.korelogic.com/blog/2014/11/18/vuln_analysis_vmx86
VMware: "It's not a vulnerability, mmkkkayyy". To date, VMWare has declined to mitigate this vulnerability despite the detailed evidence we have provided and our repeated attempts to convince them that there is an underlying design flaw here that needs to be addressed. Also note that this vulnerability, officially documented here. Has not been assigned a CVE identifier because MITRE declined to do so. By leveraging this vulnerability, an unprivileged user will be able to extract any memory that resides w...
blog.korelogic.com
KoreBlog giles-at-bh-and-issa
https://blog.korelogic.com/blog/2015/06/23/giles-at-bh-and-issa
Giles at Black Hat and in the ISSA Journal. The Giles production rule system compiler (which we described here. Has gotten some good press lately! An article describing Giles and its use has been published in the June 2015 issue of The ISSA Journal, which can be seen by subscribers here. And remember, Giles is open source, so be sure to check it out (both in the look-at-it sense and in the grab-a-copy-of-its-code sense) at https:/ git.korelogic.com/giles.git/. Comments are closed for this story.
blog.korelogic.com
KoreBlog javascript_deobfuscation
https://blog.korelogic.com/blog/2015/01/12/javascript_deobfuscation
Brain Bleeding JavaScript Obfuscation. JavaScript is often used to facilitate web-based attacks. To make analysis more difficult and hide from signature-based systems, attackers will often obfuscate their JavaScript. Fortunately, there are many ways to deobfuscate JavaScript, or at least determine what it is doing. Sometimes, however, you come across obfuscated JavaScript that just makes your brain bleed. Some have requested the actual JS used in this analysis, so here it is:. Unfortunately, there are ti...
blog.korelogic.com
KoreBlog what_did_ccleaner_wipe
https://blog.korelogic.com/blog/2015/05/18/what_did_ccleaner_wipe
What Did CCleaner Wipe? The use of CCleaner is encountered at times during forensic investigations of computer systems. It has been labeled an "anti-forensics" tool as it has a secure deletion mode where it can overwrite data, filenames, and free space. That is, until now. CCleaner will actually tell you what files it wiped. You just have to work for it. Of CCleaner as follows:. CCleaner is our system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows...
git.korelogic.com
KoreLogic OpenSource Git Repositories
https://git.korelogic.com/giles.git
Giles-project@korelogic.com [ PGP key. The terms and conditions under which this software is released are set forth in README.LICENSE. Giles is a compiler that creates production systems (or "engines" in Giles parlance). The current stable release. Is version 3.0.2, available here: giles-3.0.2.tar.gz. All releases are PGP-signed using the above project key. The latest development code. Can be pulled from a public read-only Git repository here:. Git clone https:/ git.korelogic.com/giles.git.
grutztopia.jingojango.net
Superimposing Nothing Nowhere: The contest is over
http://grutztopia.jingojango.net/2011/08/contest-is-over.html
The internet is littered with wastes of space. This one is no different except that it is my waste of space. Tuesday, August 09, 2011. The contest is over. Korelogic's Crack Me If You Can. Contest at Defcon is officially over. Team Not Appearing At Defcon. Scored decently given it was just me, two machines and not a lot of focused time. The top teams scores fully show that given enough resources and dedication today's password hashes can and will be broken. Congrats to the top four teams: Hashcat. In a r...