GoCrack: managed password cracking tool by FireEye

FireEye released GoCrack, a tool designed to password cracking tasks across multiple servers. GoCrack is open source and provides an easy-to-use, web-based real-time UI to create, view, and manage password cracking tasks.   The tool was developed by FireEye’s Innovation and Custom Engineering (ICE) team, a small, highly trained, team of engineers that incubate and deliver…

How to recover files encrypted by BadRabbit ransomware?

Researchers at Kaspersky Lab has discovered that some victims may be able to recover their files without paying any ransom.   The discovery was made by that analyzed the encryption functionality implemented by the ransomware: the Bad Rabbit leverages the open source library DiskCryptor in order to encrypt the user files, but uses the same screen…

BadRabbit ransomware: suggested readings

Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey   A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded list of usernames and passwords. However, unlike NotPetya, it doesn’t use EternalBlue. Below some suggested…

Key reinstallation attacks: my suggested readings

Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used to secure WiFi connections: now the standard has been compromised and this flaws impacting almost…

Some thoughts about NTFS Filesystem

Some information raised during preparation of GCFA exam The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995 with Windows NT as a replacement for the FAT file system. Versions Microsoft has released five versions of NTFS: v1.0: Released with Windows NT 3.1 in 1993. v1.0 is incompatible with…