TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Retroactive password policy

April 25th, 2017 by admin in Life, Uncategorized

Sorry your old password isn’t strong enough to change.

source:@PWTooStrong

DPAPIck

October 15th, 2014 by admin in Password Info, Uncategorized

DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.

list of recoverable secrets are :

  • EFS certificates
  • MSN Messenger credentials
  • Internet Explorer form passwords
  • Outlook passwords
  • Google Talk credentials
  • Google Chrome form passwords
  • Wireless network keys (WEP key and WPA-PMK)
  • Skype credentials

Src: dpapick.com

Chainbreaker

September 21st, 2014 by admin in Uncategorized

Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key, user password and SystemKey. More detailed information on this ::here::

src: http://forensic.n0fate.com/?page_id=1180

Bypass iPhone lockscreen with Siri

September 21st, 2014 by admin in Uncategorized

Jose Rodriguez was playing around with an iPhone with iOS 8, and quickly discovered what he saw as a bug: Apple’s voice-activated assistant Siri acting like the worst bouncer ever. In iOS 8, he could activate Siri from the homescreen and she would let him circumvent the lockscreen to post to a person’s Facebook page or look at their notes and call history. No passcode necessary. He posted a demonstration on YouTube.

Kon-Boot 2.4 is out

January 26th, 2014 by admin in Uncategorized

Kon-Boot has updated to version 2.4, which ads the capability to bypass Windows 8/8.1 online account authorization. Definitely worth the price for the time and effort it saves.

Chaos Computer Club breaks Apple TouchID

September 22nd, 2013 by admin in Uncategorized

Using a technique he outlined over 10 years ago, starbug from CCC has broken the biometric lock on the new iPhone.
Source: ccc.de

Reversing – WebEx One-Click Password Storage

July 12th, 2013 by admin in Uncategorized

Cisco’s WebEx is a hugely popular platform for scheduling meetings. You can conduct video and voice calls, screen sharing, and chat through the system. WebEx also provides a One-Click Client that offers standalone meeting scheduling and outlook integration so that users can avoid the Web Portal. This is how to reverse the password

SRC: blog.opensecurityresearch.com

How Your Browser Passwords are Stored

June 23rd, 2013 by admin in Uncategorized

Awesome write on how the major web browsers store your password and how you can recover them on
raidersec’s blog

WarParty

October 7th, 2011 by admin in Uncategorized

One of my friends is trying to raise money for his own D&D type board game on kickstarter so im trying to give a little plug 🙂
http://www.kickstarter.com/projects/1408460255/warparty?ref=live

OS X Lion bugs allow changing local user passwords and viewing shadow files

September 20th, 2011 by admin in Apple, cracking, News, Privilege Escalation, Uncategorized

http://www.flickr.com/photos/rubendomfer/5974823525/

The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple’s part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.

Originally reported by Defence in Depth blogger Patrick Dunstan, the root of the newly discovered problem in Mac OS X 10.7 is tied to the user-specific shadow files used in modern OS X platforms. These files are essentially hash databases and contain, among other things, the user’s encrypted passwords. Ideally, they should be accessible only via high-privilege accounts.

According to Dunstan, Apple dropped the ball in terms of how Lion handles privilege. “Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Dunstan wrote. “This is accomplished by extracting the data straight from Directory Services.” Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path — for example, $ dscl localhost -read /Search/Users/bob (where “bob” is the username). This causes Lion OS X to spew out the contents of Bob’s shadow hash file, including data that can be used to crack Bob’s password with a simple script, such as a Python script written by Dunstan.

Source: Info World

Next Article »