Events

Hot Topic in Icy Country

These days Passwords^12 is taking place in Oslo – a conference only dedicated to passwords and pin codes. With temperatures around -15 degrees (celsius) outside, in the conference rooms of the University in Oslo, Department of Informatics, talks by well known security expert are given.

Every day you use passwords. While logging on to your computer, smartphone or tablet, accessing your emails or your social network site and also for online banking and online shopping. Recent database breaches of user logins show that there is a high demand for more security in this area. During these days talks and discussions only care about this.

Norbert Schmitz started with a presentation about his master thesis on sentences and word-combinations used for password guessing. He developed algorithms for pattern learning and creating dictionaries. Followed by Joan Daemen, co-inventor of Rijndael (AES crypto algorithm) and KECCAK (winner of the SHA-3 hash algorithm competition), with an insight on this recent algorithm.

Markus Duermuth presented research on the use of Markov models used in password guessing (pre work, with different approach by Arvind Narayanan and Vitaly Shmatikov “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff”). Bitweasil presented recent changes on his cryptohaze architecture. Most important is the new modular design which is easier to extend and an additional network layer for distributed processing. Sebastian Raveau gave a talk on hunting for passwords and his troubles while compiling wordlists out of Wikipedia. Besides different languages and filtering trash, mostly Wikipedia’s XML-scheme and changing syntax makes his work hard. He will soon release his new compiled wordlist to the public. The last session was a presentation by Prof. Audun Jsang about password policies in different countries.

The end of the official part doesn’t mean an end at all. Lightning talks are following and discussions are going on. One very impressive lightning talk was the presentation by Jeremi M Gosney about HPC (High performance computing), distributing workload to several GPUs in several systems.

More interesting talks will also be given next days. (please have a look at the Agenda for more)

Hot Topic in Icy Country

Your email address will not be published. Required fields are marked *

 

Reports

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox