Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Guy Bruneau

Threat Level: green

Date	Author	Title
PASSWORD CRACKING METRICS
2012-07-16	Jim Clausing	An analysis of the Yahoo! passwords
2010-11-26	Mark Hofman	Using password cracking as metric/indicator for the organisation's security posture
PASSWORD
2023-02-18/a>	Guy Bruneau	Spear Phishing Handlers for Username/Password
2022-08-13/a>	Guy Bruneau	Phishing HTML Attachment as Voicemail Audio Transcription
2022-05-17/a>	Xavier Mertens	Use Your Browser Internal Password Vault... or Not?
2022-03-10/a>	Xavier Mertens	Credentials Leaks on VirusTotal
2022-02-13/a>	Guy Bruneau	DHL Spear Phishing to Capture Username/Password
2021-11-15/a>	Rob VandenBrink	Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-05-14/a>	Xavier Mertens	"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-24/a>	Guy Bruneau	Base64 Hashes Used in Web Scanning
2021-01-06/a>	Johannes Ullrich	Scans for Zyxel Backdoors are Commencing.
2020-07-26/a>	Didier Stevens	Cracking Maldoc VBA Project Passwords
2020-07-13/a>	Didier Stevens	VBA Project Passwords
2020-06-10/a>	Brad Duncan	Job application-themed malspam pushes ZLoader
2020-04-06/a>	Didier Stevens	Password Protected Malicious Excel Files
2019-11-01/a>	Didier Stevens	Tip: Password Managers and 2FA
2018-12-17/a>	Didier Stevens	Password Protected ZIP with Maldoc
2018-08-22/a>	Deborah Hale	Email/password Frustration
2018-07-12/a>	Johannes Ullrich	New Extortion Tricks: Now Including Your Password!
2017-11-28/a>	Xavier Mertens	Apple High Sierra Uses a Passwordless Root Account
2017-05-17/a>	Richard Porter	Wait What? We don?t have to change passwords every 90 days?
2017-04-26/a>	Johannes Ullrich	If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-10/a>	Didier Stevens	Password History: Insights Shared by a Reader
2017-02-07/a>	Johannes Ullrich	My Password is [taco] Using Emojis for Stronger Passwords
2016-12-07/a>	Xavier Mertens	The Passwords You Should Never Use
2016-09-15/a>	Xavier Mertens	In Need of a OTP Manager Soon?
2016-07-21/a>	Didier Stevens	Practice ntds.dit File
2016-06-20/a>	Xavier Mertens	Using Your Password Manager to Monitor Data Leaks
2015-06-26/a>	Daniel Wesemann	Cisco default credentials - again!
2014-09-19/a>	Guy Bruneau	Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>	Richard Porter	OCLHashCat 1.30 Released
2014-08-06/a>	Johannes Ullrich	All Passwords have been lost: What's next?
2014-05-22/a>	Rob VandenBrink	Another Site Breached - Time to Change your Passwords! (If you can that is)
2013-11-22/a>	Rick Wanner	Tales of Password Reuse
2013-07-21/a>	Guy Bruneau	Ubuntu Forums Security Breach
2013-06-11/a>	Swa Frantzen	Store passwords the right way in your application
2013-05-14/a>	Jim Clausing	So what passwords are those ssh scanners trying?
2013-03-18/a>	Kevin Shortt	Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>	Russ McRee	Interesting reads for Friday 18 JAN 2013
2013-01-04/a>	Daniel Wesemann	Blue for Reset?
2012-11-15/a>	Jim Clausing	Another month another password disclosure breach
2012-07-16/a>	Jim Clausing	An analysis of the Yahoo! passwords
2012-06-06/a>	Jim Clausing	Potential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>	Johannes Ullrich	nmap 6 released
2012-01-03/a>	Rick Wanner	Analysis of the Stratfor Password List
2011-10-10/a>	Tom Liston	What's In A Name?
2011-08-10/a>	Johannes Ullrich	Theoretical and Practical Password Entropy
2011-06-28/a>	Johannes Ullrich	Hashing Passwords
2011-05-30/a>	Johannes Ullrich	Allied Telesis Passwords Leaked
2010-12-28/a>	John Bambenek	Mozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>	Manuel Humberto Santander Pelaez	HP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>	Deborah Hale	Gawker Media Breach of Security
2010-11-26/a>	Mark Hofman	Using password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>	Mark Hofman	FTP Brute Password guessing attacks
2010-02-25/a>	Chris Carboni	Pass The Hash
2010-02-02/a>	Johannes Ullrich	Twitter Mass Password Reset due to Phishing
2009-12-04/a>	Daniel Wesemann	The economics of security advice (MSFT research paper)
2009-11-02/a>	Daniel Wesemann	Password rules: Change them every 25 years
2009-10-23/a>	Johannes Ullrich	Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2008-09-22/a>	Jim Clausing	Lessons learned from the Palin (and other) account hijacks
CRACKING
2020-07-26/a>	Didier Stevens	Cracking Maldoc VBA Project Passwords
2016-07-21/a>	Didier Stevens	Practice ntds.dit File
2013-09-05/a>	Rob VandenBrink	Building Your Own GPU Enabled Private Cloud
2012-07-16/a>	Jim Clausing	An analysis of the Yahoo! passwords
2010-11-26/a>	Mark Hofman	Using password cracking as metric/indicator for the organisation's security posture
METRICS
2015-12-04/a>	Tom Webb	Automating Phishing Analysis using BRO
2015-08-29/a>	Tom Webb	Automating Metrics using RTIR REST API
2012-07-16/a>	Jim Clausing	An analysis of the Yahoo! passwords
2010-11-26/a>	Mark Hofman	Using password cracking as metric/indicator for the organisation's security posture

PASSWORD CRACKING METRICS

PASSWORD

CRACKING

METRICS