Die häufigsten Passwörter bei Angriffen auf RDP-Ports
#BruteForce #CredentialStuffing #Cybersecurity #ITSicherheit #MultiFaktorAuthentifizierung @Outpost24 #PasswortPolicy #Passwortfilter #Passwortrichtlinie #RemoteDesktopProtokoll @Specops
https://netzpalaver.de/2025/04/25/die-haeufigsten-passwoerter-bei-angriffen-auf-rdp-ports/
Identity-Management-Day 2025 – Wie Security und Compliance gleichzeitig abdecken?
#BruteForce #Compliance #digitaleIdentität #IdentityManagement #IdentityManagementDay #ITSicherheit @Nomios #PrivilegedAccessManagement
Gerade mal wieder eine Stunde Zeit damit verbracht, abuse Meldungen an verschiedene Hoster zu senden. Eskalieren nur unsere WAF Meldungen oder ist gerade wieder viel los?! 
#bruteforce #WordPress #hosting
Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk? https://hackread.com/top-10-passwords-hackers-use-to-breach-rdp/ #PasswordSpraying #Cybersecurity #Vulnerability #CyberAttacks #CyberAttack #BruteForce #Microsoft #Security #Password #RDP
Top 10 Passwords Hackers Use to Breach RDP – Is Yours at Risk? – Source:hackread.com https://ciso2ciso.com/top-10-passwords-hackers-use-to-breach-rdp-is-yours-at-risk-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #PasswordSpraying #cybersecurity #Vulnerability #CyberAttacks #CyberAttack #BruteForce #Microsoft #Hackread #Password #security #RDP
‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge https://www.wired.com/story/inside-cisa-under-trump/ #Security/CyberattacksandHacks #Security/NationalSecurity #Security/SecurityNews #Politics/Policy #BruteForce #Security
Millions of VPNs and networking devices are under attack, with hackers using 2.8 million IPs to brute-force passwords on Palo Alto, Ivanti, SonicWall, and other devices. Attackers leverage compromised MikroTik, Huawei, Cisco, Boa, and ZTE routers. Most attacks originate from Brazil, Turkey, Russia, and Argentina. Weak passwords remain the primary risk. #CyberSecurity #VPN #BruteForce
Massive #BruteForce attack uses 2.8 million IPs to target #VPN devices
Großflächige #BruteForce-Angriffe auf #M365 – vorsichtshalber Log-ins checken | Security https://www.heise.de/news/Grossflaechige-Brute-Force-Angriffe-auf-M365-vorsichtshalber-Log-ins-checken-10252167.html
@cirosec So I guess there's some more practical option besides #BruteForce using #CUDA...
Es gibt keinen Schutz! Warum kein Smartphone wirklich sicher ist
#Datenschutz #Smartphones #AfterFirstUnlock #amnestyinternational #BruteForce #Cellebrite #CellebritePremium #MTE https://sc.tarnkappe.info/4f649c
@bsi -Warnung: Vermehrte #BruteForce-Angriffe auf #Citrix Netscaler Gateways | Security https://www.heise.de/news/BSI-Warnung-Vermehrte-Brute-Force-Angriffe-auf-Citrix-Netscaler-Gateways-10194910.html #CirtrixNetscaler #CredentialStuffing
Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.
https://github.com/0xdea/tactical-exploitation
"The Other Way to Pen-Test" -- @hdm & @Valsmith
I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.
Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.
Whenever I see the a "How to protect your #SSH server against #bruteforce attacks" post or article centered on some #Linux woodo, I always think to post about how easy it is to deal with those on #OpenBSD and #FreeBSD with #PF add #statetracking options: As in https://home.nuug.no/~peter/pf/en/bruteforce.html, supplemented with https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html, alternatively the PF tutorial https://nxdomain.no/~peter/pf_fullday.pdf and of course The Book of PF, https://nostarch.com/pf3
The #sshgropers are really throwing everything at the wall these days:
Aug 18 14:36:54 skapet sshd-session[71375]: Failed password for invalid user GNU/Linux from 4.247.176.60 port 39582 ssh2
#ssh #passwordgropers #passwordguessing #bruteforce #passwords #cybercrime
Also see https://nxdomain.no/~peter/hailmary_lessons_learned.html (prettier, G-tracked: https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html) and badness_enumerated_by_robots.html (prettified, G-tracked https://bsdly.blogspot.com/2018/08/badness-enumerated-by-robots.html)
Hive Systems has published their 2024 password table.
The table illustrates the maximum time required to brute force a password based on various lengths and complexities.
Brute force: https://en.wikipedia.org/wiki/Brute-force_attack
Website: https://www.hivesystems.com/password-table
Blog: https://www.hivesystems.com/blog/are-your-passwords-in-the-green
Mal ne Überlegung zu nem guten Passwort.
1. Die Sicherheit gibt maßgeblich die Webseite / Anwendung vor, indem sie die Kriterien bestimmt.
WIe lange und welche Zeichen sind im Passwort erlaubt.
2. Passwörter werden überwiegend durch probieren geknackt.
Dafür werden zuerst bekannte Passwörter probiert. Dann Inhalte von Lexika, Namenslisten und/oder ähnliches.
3. danach werden alle Kombinationen ausprobiert -> #bruteforce
Hive Systems: Trotz Bcrypt-Verschlüsselung keine Passort-Sicherheit
#Datenschutz #ITSicherheit #Studie #AlexNette #Bcrypt #BlowfishVerschlüsselung #BruteForce #CoreyNeskey #haveibeenpwned #HiveSystems #NVIDIAGeForceRTX4090GPUs #Passwort https://sc.tarnkappe.info/f1ed00
