Events

3 reasons to visit “SYN City” – aka Las Vegas

Summer, sand and sun may let you think about vacation at a beach, but not IT-Security interested people. Every year gatherings happen in Las Vegas attracting amateurs and professionals from around the globe – BlackHat and Defcon. But also the local BSides conference, BSidesLV, takes place before – which teamed-up with Passwordscon this year.

logo8
logo

Seven streams of presentations with a wide spectrum of topics were offered at Tuscany. At Passwordscon talks were given on securing passwords and attacking. Among these topics as “Target specific automated dictionary generation” which covered ways to automatically create dictionaries used for attacks against password hashes from one specified source. Rick Redman, from KoreLogic, gave a defense talk “Password Topology Histogram Wear-Leveling, a.k.a. PathWell”. As attacks are getting easier because of better Hardware, not using stronger hash-types and defenses as password policies may lead to predictable passwords a new approach on defending passwords on enterprise level was presented. This is based on targeting the topology of passwords by limiting the use of password topologies and ban common password topologies.

DSC_0001

Password topology means how the password is created. For example the topology of “Passw0rd” is uppercase (u) + 4x lowercase (l) + digit (d) + 2x lowercase (l) (simple: ulllldll). By using Levenshtein distance algorithm the change of topologies may be measured on a password change, to enforce new topologies rather than just updating any character in a password, to make cracking more difficult. [Link]

DSC08559

Dimitri Fousekis also focused on passwords in enterprise underlining the importance of “associate the password with data ownership” in order to avoid users disrespecting the importance of a good password.

3 reasons to visit “SYN City” – aka Las Vegas

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox