Show more

Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here:

Tinker boosted
The current default password policy is 10 chars for user accounts, 15 chars for admins, 200 max. (PBKDF2) A good policy for general adoption imo
@kaniini @shibayashi @rugk

Well. That's taken care of. Now for the next part.

Just cracked an 18 character password.

It was a two word combo that was in one of my dictionary files as a single entry followed by 9 numbers. The first letter was capitalized.

Gotta love dictionary + rule attacks.

Don't have enough money for a GPU Hashcracker?
Spin one up in AWS*!

Guess every 8 character (Upper, Lower, Number, Symbol) password** in 3 hours, 10 minutes!

Not bad for $25 an hour.
* p3.16xlarge 8x Tesla V100 GPU Instance
** NTLM (Windows) Hash

I sit, cross-legged, in the midst of a mighty gale. The salted shards of water & sand buffet against my teeth & open mouth, my laughter lost to the wind.

All I see is turmoil; all I hear is roar; all I feel is chaos.

I sing the praises of Eris, my goddess, for this joy of life.

~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

Tinker boosted

@tinker Yeah, I've aliased "ip -br -color a" to "ipa", and it's one of my reflex commands.

Tinker boosted

I’ve finally started using ‘ip’ more than ‘ifconfig’.

At first, I bemoaned how busy the output for ‘ip a’ was, especially in comparison to the relative neatness of “ifconfig -a”.

But I’ve found I use “ip -br a” all the time now. A quick, brief, “where am I?”

Don’t worry about 0days when you still haven’t patched your 0l’days.

Tinker boosted

Today's tarot draw is The Magician from
Themes for this card include: Capability, competence, preparation, power.

"The Magician suggests that you may have a new goal, and that your skills are appropriately matched to take it on. Success follows your skill and optimism in this new endeavor. Channel your focus, talent, and creativity into this project."
#tarot #cyberpunk #illustration #mastoArt

Tinker boosted

With defiance & rage, she screamed, reaching toward the cathode ray tube.Her grip beared down, causing her knuckles to go white, her fingers to bleed red.

She brought her head up, bent to apex, then slammed her forehead into the thick glass, her forehead shattering against it.

Her consciousness ebbed, then flowed, deep into that ancient ion cannon.Her crystalized neurons synthing seamlessly into the binary data of the logical system.

And in that moment, she could see.

Tinker boosted
Tinker boosted

Love, love is a verb
Love is a doing word
Fearless on my breath
Gentle impulsion
Shakes me, makes me lighter
Fearless on my breath

Teardrop on the fire
Fearless on my breath

Tinker boosted

Tired of pentesting. Tired of infosec.

Not really burnt out. Not like last time (1.5 years ago). That was heavy burnout.

This is just heavy... I don’t know. Boredom? Lack of purpose and drive?

There are so many things I want to do, but they don’t earn me money, so I can only do them on the side. One day when I’m rich... or maybe when the kids move out and I’m at a point where the only risked is my own life and well being.

You ever get anxious... just generally?

I can’t put my finger on it. Just anxious about ten different specific things. All the things that I’m focusing on right now.

Wish my heart rate would go down and my chest would stop hurting.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.