#cybersecurity

I generally recommend RSA

but sure, AES could work

@orchid notch Oh...Thanks for info

RSA and AES can be used for lots of different things

If you're really doing a real world application use a hybrid encrypted with RSA as asymmetrical and AES as symmetrical patt

Oh and if you use RSA don't make it yourself

Even if you do it exactly as described in the paper for RSA there are still several things to consider such as the padding the distance of the primes to each other etc

@upbeat palm what are you even planning to do

@orchid notch Nah.. I'm just a newbie in encryption/decryption, cryptography

So I try to gain knowledge from everywhere

Kinda, knowledge hunter

Aha

You guys seems to be experienced....so I think I can learn from you and everyone here

RSA is an "asymmetric" encryption algorithm, based on public/private keypairs

AES is a "symmetric" encryption algorithm, based on a shared key

SHA is a "hash" algorithm, a one-way function that deterministically generates a number based on some input

RSA and AES are used commonly used together in network communications

RSA is used to establish a secure connection between two parties. One established, an AES secret key is generated, and AES is used for the rest of the session. The reason for this is RSA requires almost an order of magnitude more computational power to encrypt/decrypt than AES does, so while you could technically use RSA for the whole session, it would be very resource heavy and slow.

SHA comes into play with Certificates (See: X.509), which are used during the initial session creation to verify the identity of a server. This is what prevents someone from man in the middling the connection and pretending to be Google or your bank.

All of this is wrapped up in the Transport Layer Security (TLS) protocol, the successor of SSL

TL;DR: Encryption is complicated, use TLS

@upbeat palm ^

@marble dawn What do you mean by recommending RSA?

that he would answer RSA on the question "which encryption" i guess

But what does that even mean

that the general answer on which encryption is the best one would be RSA in his opinion? idk

But it depends on what you're doing with it

RSA is absolutely shit for, say, downloading a ISO image

itll just take its time

a lot of time but

¯_(ツ)_/¯

And it's not stronger than AES

In fact, depending on the bitlengths, AES could be stronger

i wonder how the term "strong" is defined in modern cryptography

Computational power required to decrypt a message or determine the secret key

How resilient an algorithm is to cryptanalysis

If an algorithm is "strong", the progress on "breaking" the algorithm will be slow and iterative

Like SHA1, which only recently got weak enough that it was computationally feasible to break

so apparently according to some book about Biclique attacks the number of steps for AES 128 are 2^126.1 for 192 2^189.7 and for 256 2^254.4

Those ring a bell

good good

Those are the sorts of attacks that start to chip away at the "strength"

question now is how many steps does RSA need

Death of the sun vs. heat death of the universe

It's faster, sure, but the difference doesn't have any impact on practicality

Depends on the implementation

Just did this a few months ago and I already forget lol

so

and apparently the best classical algorithm for integer factorization has the complexity

for 2048 bit that is 3.6...... *10^23

and for 4096 that is 2.9 * 10^31

which is by far less than the AES complexity

@safe bear apparently even the weakest AES keys are better than 4096 RSA keys

Not surprising

AES is brilliant and probably the most bulletproof symmetric algorithm to date

tbh AES doesnt look that brilliant once you went through all the steps

its mostly just basic maths with matrices

but its still so good

@safe bear Wow,that's a awesome explanation of both RSA and AES encryption

Very basic explanation, but glad I could help

AES is brilliant in it's simplicity

Can be optimized while still being cryptographically strong

RSA and AES could be replaced by any other asymmetrical/symmetrical algorithm in that

couldnt it?

Yes

Like DES

its "just" a general explanation not related to the single algorithms at all

If you're idiotic or interfacing with truly ancient systems

@safe bear You are a?I mean a student or a engineer or something?

Yes

answers yes to an or question

>>> bool(student or engineer or something)
True

I'm a researcher/engineer

then say true and not yes

fkin pseudo computer

If this was another language, Yes is True

Like Objective-C apparently

oh god

There's a scripting language that uses Yes/No, but I can't remember what it is..

https://stackoverflow.com/questions/690903/why-does-objective-c-use-yes-and-no-instead-of-1-and-0

its a macro

Yeah

Still

technically it still uses true and false during compilation

@safe bear That's awesome👌

tbh

#define YES             (BOOL)1
#define NO              (BOOL)0

this is just cruel

macros inside macros

lol

i mean come on this causes a type cast to a signed char every time you use YES

so apparently at around 37000 bits RSA keys get better than the biggest AES keys

how long would a 37000 bit RSA key take to generate and anctually be used in a tls handshake

RSA is okay for a lot of applications, and other asymmetric cryptography methods exist for cases requiring critical security

(like ECDSA for instance)

If one would follow the way recommended in the RSA paper one would need
ln(10^n)/2
Attempts to randomly find a prime with n digits

Apparently the average amount of digits in a 18500 bit number is 5569 That means we would need around 6411 attempts to randomly pick one prime so 12822 primality checks. If we would pick the AKS test we have a complexity of ln(n)^12 although wolframalpha doesnt say what excactly n is. If n is supposed to be the decimal length of the number then the number of calculation steps we would have to perform to pick both primes would be 2172938145096235 if its binary we would need 1.04 * 10^16 steps.

@mortal perch

gonna be a while then? 😄

i think so

using it would be interesting again because of the huge size of d

damn you really wanted to say that didnt you 😝

(in fact i was planning to calculate that complexity too but couldnt find clear sizes for d)

damn cant find your d? must be annoying :P
escda scales much better than RSA, 521bit ecdsa is equal to 15860 bits rsa i think

i can find my d i just couldnt find general ranges for the size of d for a given e and n

and that number is correct

my 15860 was correct? that was a lucky one

although interestingly enough 512 bit escda keys are a littler easier to crack than 2048 bit rsa keys with shors algorithm

so

hmm

how big does ecdsa have to be to be stronger than aes?

12 hours for a 512 bit key ecsda with shor

over a 512 bit prime field or integer field?

thats what microsoft says

the lines are equal in security when attacked with classical methods

that cant be crack time tho, or ecdsa is practically insecure

thats quantum computer crack time

oh

yeah sounds right then XD

ecdsa is practically insecure against shors algorithm

yeah it requires many fewer gates in quantum

but with conventional computers ecdsa is stronger for now

at realistic key sizes

😳

All this talk

AES 256 ftw

jason you do realize this talk was created because we wanted to know how strong a rsa key would have to be to be better than aes

also

brute force is not the best methode to break aes

biclique ftw

Yeah, ECDSA is a good alternative

(how comes whenever i tab into this known error is writing)

It's much more efficient than RSA, with a 256-bit ECDSA key being roughly equivalent to a 4096-bit RSA key IIRC

this table says equaivalent to 3072 https://cdn.discordapp.com/attachments/366674035876167691/481833052985622528/unknown.png

However, it's not in widespread use yet due to a) being newer and it takes time for vendors to implement it and b) there are still questions on how resilient the algorithm is, especially since elliptic curve space is far less well understood than [insert space RSA is in I forgot it..log-something?].

Qubits?

its a microsoft paper about attacking ecliptic curves with shors algorithm

in the page beyond they say that the table is made so the lines are equally hard to crack with classical methods

so 521 ecliptic = 15360 rsa and so on

Yes, computationally, as it's currently understood

In a more general sense though, the ECDSA doesn't have as much "trust" right now

yeah and with shors algorithm 521 ecc is a bit weaker than 2048 rsa

When did this come out?

look at the table

or do you mean the paper

the paper is uhhhhhh

https://eprint.iacr.org/2017/598.pdf

its here

appparently somewhere in 2017

table is on the end of page 20 if you want it

Ah ok, cool

Ahhh right, forgot what shor's was

It's for quantum

yes

its the thing everyone fears

Yeah, now I remembered the other issue with ECDSA 😅

Well, you pointed it out, and I was too fuzzy to remember properly lol

luckily we already have theories about what to do after the quantum computers can crack those

namely RFC 8391: https://tools.ietf.org/html/rfc8391

Interesting

Looks legit

On a tangential note, have you seen troll and/or just wacky RFCs?

uh

no

i mean

those april fools sure

like the teapot thing and stuff

but i got the link to this RFC from a guy i know who actually works at one of the companies who helped with this so

i hope its gud?

https://tools.ietf.org/html/draft-omar-ipv10-01

https://www.reddit.com/r/programming/comments/6ymmbl/internet_protocol_version_10_ipv10/

See: top comment

https://khaledroutingprotocol.blogspot.com/2017/03/khaled-routing-protocol-krp.html

is he actively trolling or just making jokes?

Neither

hes being honest?

Yup

@safe bear Sorry to ping you up but which scripting language you prefer bash or python for implementation of exploits?

Haven't done much exploit development beyond basic stuff, but Python

using bash for networking seems wrong

And most people I know that do that sort of thing also use Python

Python is more powerful

In this case

python is usually always more powerful than bash

question is if you need that power sometimes

Why would you not

If you're interacting with the system or other applications heavily, though, it's much better to use native scripts (Bash, PowerShell, etc.)

yeah exactly

like when youre just calling commands and stuff why would you use all that os.system or subprocess stuff

It gets complicated

And you completely lose the ability to use pipes on Bash or objects in PowerShell

Instead of you have to read the output, parse it into a format, then pass to the next tool

Actually I have a bash script for f5 payload and I'm converting it to python but it seems kinda hard... So I asked you guys as you guys are way more experienced than me
Thanks for info

@upbeat palm share the script pls

I'm still stucked😖

@velvet isle

Lol I'll check it out

Ayy

Yo

I don't understand a thing

bash script
setup.sh.docx
wtf?

Only chmod I recognize

Lol

also line breaks are fucked up, amongst other things

this is unreadable

You have to paste the full thing as plain text if you want anybody to look through it.

Byte

It's readable to me

It's commented too

How can I do that?
If I make it a .sh script it's​howing only special characters

you don't write it in Word

use a plain text or code editor

I know but sobs I don't have a PC

Lol

...

how are you using word then?

Actually a friend shared it with me

@velvet isle Don't lol bro, I'm having a hard time in making discord bot with python...😖

you'll have an even harder time if you continue to do it in a document editor like Word instead of a code/plain text editor

.sh.docx

wut

A .sh file will give a output like this

🤔

Word is not a suitable format or application for.. anything to do with code, really

no, that just looks like you renamed the docx file to sh

If you need a plaintext editor for android, I think the FX file manager has one

you have to save it as plain text format, like .txt

Oh...

although to be clear, you shouldn't really be developing on android anyway

that's just a recipe for disaster

lol

unless you have DeX, I guess

I know but still I have to keep my coding skills good so I have to

Did you break a laptop or something?

Enlightened on Android is nice

Root Browser also has a text editor, and doesnt require root

Nope...I didn't
My financial situation is not good enough to afford a laptop...for now

Could get yourself a raspberry pi maybe

assuming you already have a TV to plug it into

Hmm...Good idea I'll try to get one or I'll wait for a month or so to get a used laptop...At least it will help me

Just make sure you get one that comes with an SD card with an OS on it - eg raspbian

otherwise you'll need another computer to put the OS on it

Oh...A pre installed os

@marble dawn

        print("Thanks a lot")```
🙏

:P

I have an older rasppi sitting on top of my networking cabinet

really need to put that to work

Wow

I got 2 badges on a competitive programming website just by coding it from my phone
Almost a bot is ready​ to work
Learning routing and switching theoretically

Here's the code from earlier for those not brave enough to run a unknown docx file:

set-eu
# Explicitly set execution bit on files in plugin contents dir.
Default umask strips it
chmod 700 ${RD_PLUGIN_BASE}/*
# Every f5 serve r gets a dir for options
GTM_SERVER_DIR="${RD OPTION_PLUGIN_OPTIONS_DIR}/
${RD_OPTION_GTM_SERVER}"
mkdir -p ${GTM_SERVER_DIR}/pools
cp -r ${RD_PLUGIN_BASE}/sync-groups
"${RD_OPTION_PLUGIN_OPTIONS_DIR}/"
# Get Pools from virtual server
echo "Getting GTM Pools"
curl -k "https://${RD_OPTION_GTM_SERVER}/mgmt/tm/gtm/poo1?ver=
11.5.1&\$select=name, fullPath" --request GET --header
"Accept:application/json"--user "${RD_OPTION_F5_USER}:
${RD_SECUREOPTION_P5 PASSWORD}" | jq ['.items []  | .["value"]=
. fullPath | del (. fullPath) '] | sed -e 's,/,~,g' >
$ {GTM_SERVER_DIR}/pools.json
echo "Pools done"
# Get Pool Members
echo "Getting GTM Pool Members/Datacenters"
for pool in $(jq -r '. [].value | select (length>0)’
$ {GTM_SERVER_DIR}/pools.json)
do
curl -k "https://${RD_OPTION_GTM_SERVER}/mgmt/tm/gtm/pool/
$ {pool}/members?ver=11.5.1&\$select=name, fullPath" --request GET
--header "Accept:application/json" --user "${RD_OPTION_F5_USER}:
${RD_SECUREOPTION_F5_PASSWORD}" | ~/jq ['.items [] | .["value"] =
.fullPath | del(.fullPath) '] | sed -e 's,/,g’ >
${GTM_SERVER_DIR}/pools/$ {pool} .json
done
echo "Members done"

Oh, awesome, routing and switching!

So I recognize a few things in the script @upbeat palm

jq is a tool for working with data in JSON format: https://stedolan.github.io/jq/

curl will send a HTTP request and return the response

The first chunk, "Getting GTM Pools", will:

1. curl to make a HTTP request with a username and password for pool information, get the response as JSON, and pipe it into jq
2. jq takes response, extracts the values of interest, and pipes into sed
3. sed does something to the data, but I'm not sure what since I don't use sed much (some googling would get you an answer)
4. Finally gets written to a file (that's what '>' does) in the output directory as "pools.json"

The next chunk will read in that file, 'pools.json', and use it to retrieve information about each pool (I'm assuming the datacenters in the pool, based on the echos)

Similar sequence of events as first chunk (get data, parse json, parse sed, write to file), except it's in a loop, with the members of each pool getting written to it's own JSON file

how was this executed? did the user have to be dumb enough to enable macros when prompted?

It's not, it's bash, lol

He just had it on his phone

Ok I admit I read nothing you wrote

I thought this was some malware to download a payload

😄

It's honestly a pretty good script, I could probably have it working in Python in half a day of work or so

No, lol

Looks like it's just enumerating servers of some sort, probably related to F5 networks somehow

I've been watching too many malware vids recently, sorry

https://www.youtube.com/watch?v=auB7mkwfHrk

Also, while this conversation technical fits into #414737889352744971, meh

lol

Yeah

Have you heard of Empire?

No, I havent

@tall haven you really thought it was a payload?

i didnt even look at the code

i just read docx

and "not brave enough to run"

Can a payload be just a docx file

?

no

I said that its code to download a payload

not the payload itself

You could've run it in Google cloudshell

For free

like in the video I linked

This is Empire: http://www.powershellempire.com/

the docx has a vba macro that downloads the payload

payload is some exe

Lol

You can also embed executable code in image files and exploit the Nautilus file manager on Ubuntu

Use a VM then

Nifty Linux version of the old Windows drive icon exploit

Or use some free service online that gives you a shell

Insert a USB drive, exploit'd

this isnt the point, I was just thinking knowerror was discussing malicious code and I asked a question about it

i never planned on opening the file

Agh

idk which file it even is

What's nice about Empire, and PowerShell payloads in general, is they're fileless

powershell is cool but scary

There is no exe

No .ps1

You pull into a powershell object in memory

load the functions

you now have a whole exploitation framework

for your malware to run using

that's completely invisible to any sort of file-based detection

and leaves almost no forensic footprint

Other than "oh PowerShell ran"

Which is completely normal in most IT environments

how does it accomplish that

Ezpz

also why 2.0?

Everything is in the process's memory

2.0?

Oof

Bedtime for me

Bye

gn

later

never mind I guess

Oh, powershell 2.0

could have sworn I read ^

for portability

So you can drop it into an ancient win 7 environment and it'll still work

fair enough

iirc it is deprecated

idk what that means for future versions of windows

Probably means Empire will get various compatibility shims put in lol

so are there any cool examples with empire

Hmm

been a while since i looked at it

oh yeah it's implemented in python for osx and linux

Just so we're staying on topic

I've seen it referenced or used in a lot of places

And many red teamers I know or have talked to use it

or if they didn't use it, really wish they knew it

Some demos: http://www.powershellempire.com/?page_id=151

I don't think it's completely in-memory, but IIRC you can configure or use it that way

how is that first demo getting credentials in plain text 🤔

by typing creds obviously 😛

wow its so ez

anyone can be a hackerman

they ran mimikatz

The first 3 are hashes

Last two are passwords

ok I didnt know what mimikatz was

understand now

Mimikatz dumped the memory of the system process

Yeah

its been ~3 years since I used it last

by a wicked smart french dude

and super heavily used by pen testers

i can barely follow this stuff

im too noob

I need a man in a british accent narrating for me to understand

😛

They have a really interesting way of handling modules though...

https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/collection/linux/sniffer.py

You have info about the module

Options available

How it should be generated

Then a big docstring with the actual code of the module that will be run on the remote host

I'm actually really impressed

A lot of pentesting tools make use of python tho

Yes

https://www.androidcentral.com/epic-games-first-fortnite-installer-allowed-hackers-download-install-silently

N I C E T O K N O W

A malware downloader, more or less?

My favorite kind of downloader

I mean if epic would actually sell the full app from play store Google would get some of that money and probably wouldn't have done this research

idk, google is very good with vulnerability research regardless

they probably would have checked it anyway

If epic would've put the full app on play store there would've been nothing to research

This was just a look how good play store is compared to custom solutions demonstration by Google

When you reinvent the wheel you also tend to make the same mistakes.

^

https://www.bleepingcomputer.com/news/security/andromeda-botnet-operator-released-with-a-slap-on-the-wrist/

wow

can someone explain to me why getpass is preferable for login data stuff?

the getpass module or what do you mean? @proper owl

yeah, in all of the threads ive read about how to handle user data /password the top suggestion uses getpass to prompt for username / password

was wondering why its preferable

it doesnt show what you type

so

a guy recording your screen or watching physically couldnt even know the length of your password

oh is that what it means by echoless?

yup

gotcha, that makes sense then lol

Yes, it doesn't write to stdout

It also ensures it doesn't get saved by the terminal, readline, or anything else, and that the behavior is the same regardless of platform

https://github.com/python/cpython/blob/3.7/Lib/getpass.py

It's not terribly complicated

the nested try/except/pass at the bottom, with an import in it

Hi, to access to my database, i have to enter a password, but i don't want to write it in my code. It's possible to write it in a files secure by a password for example and to open it with python ?

Usually you would set a so called environment variable to your password and then access it via

import os
os.environ["MY_PASSWD"]

Wow, i think it gonna be hard for my level ^^

Thanks :)

New Windows 0day! https://www.kb.cert.org/vuls/id/906424

Analysis: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=dbf4a3bdb29b

eli5 0day

iz broken

pls fix

asap

👌

"0-day" is a term used to refer to vulnerabilities that have been revealed at "day 0" of the timeline of a vulnerability, almost always because someone discovered them being used in the wild (example: ETERNALBLUE).

Normally, the timeline is:

1. Researcher discovers a vulnerability
2. Researcher discloses to vendor
3. Vendor develops a fix
4. Vendor releases a fix, usually with an accompanying advisory to customers
5. Researchers responsibly disclose the vulnerability, usually in the form of a blog post and/or research publication
6. Vulnerability gets recorded in the Common Vulnerability and Exposures (CVE) database maintained by US-CERT and MITRE.

The last 3 are not always in that order and often happen in parallel or at the same time

0-days are bad because there is no fix available

Someone is actively using this to exploit systems

(why are you explaining all this?)

juan is still not jasonToday at 6:48 PM
eli5 0day

Because I'm tired and brain is still in full steam ahead mode

Also people often mis-characterize 0-days

Or don't understand the process of "responsible disclosure"

Here at pydis we aim to educate 👍

Also another thing to be aware of is the "Patch Tuesday" cycle

Microsoft releases patches on the first Tuesday of every month

The reason for this is so IT departments have a known release time so they can schedule testing and downtime appropriately

When 0-days come around, Microsoft pushes a "hotfix" outside of the schedule

Which causes IT departments the world over to sigh and put in overtime

Long story short they really suck, but they're also more rare nowadays

For those interested, this is a really good read on the 0-day to end all 0-days by the person at Microsoft who discovered it: https://blogs.technet.microsoft.com/johnla/2015/09/26/the-inside-story-behind-ms08-067/

that's a very nice blog post

Someone might have top explain a rainbow table to me

Ive had 2 lectures about it, and still not certain I understand iy

is it not just a list of precomputed hashes?

They are tables containing precomputed hashes of passwords. If the password hash you are attacking is not salted you can use them to crack the password without having to compute millions of hashes again

@silent pier

It contains a starting plain password, and a end hash right

Where the plainpass after hashing is converted to a new password and reapeated n times

It contains millions of passwords and their corresponding hashes

That's a dict from how I understood it

Yes

Dictionaries are often referred to as tables

While a rainbow table have chains of passwords linked between a plain text pass and an end hash

cough lua cough

And it only stores n length chain start and stop points

From what I understood a rainbow table is just a dictionary with password as key and the corresponding hash as value

That would be huuge though

Compared to storing chains

That is huge

Which is a lot smaller, but takes longer to compute

I mean sure you can store parts of hashes only

Ill get back in 20 min with my notes after this lecture

Rainbow tables...thats a whole topic in my book...of DBMS

Forgot I was gonna come back, lel.

Anywho. From how I understood it theres look up tables, and rainbow tables

Lookup has every pass to hash set (or well a large collection of them)

Which offers quick look up but at the cost of extreme sizes

While rainbow tables hash a password with a hashing algo (H), then converts the hack back to a new plaintext password with a new func (R)
And after doing this for say 1,000,000 iterations, it stores the first password and the last hash only

Then creates a new entry of another 1,000,000 processes with a nother start, end set

And here lookup is done by applying the same H and R functions to a hash or pass and if it ends up with any of the end point hashes its in that chain of 1,000,000 computations. Then it just has to fetch the pass that created that hash from that "small" collections

That's how I understood it at least. But do correct me if im wrong

That looks correct, and TIL. Basically it's a way to store extra data (hashed passwords, in this case) in such a way that it isn't actually stored, but can easily be re-calculated on demand.

Also provides a sort of lookup for password - hash

NdI vice versa

And

I mean you don't need to look up the hash for a password, you can just compute it

But yes

This is why we salt passwords

When calculating the shared Secret with the Diffie-Hellman key exchange, are you supposed to modulo the answer of B**a or A**b?

Wrote this to bruteforce a small numbered Diffe-hellman exchange, was just wondering if it's correct
https://paste.pythondiscord.com/nobiwosawi.py

check the algorithm, it's on wikipedia if you're desperate

lmao, love how the wiki article is almost a spitting image of my lectures blackboard illustration

Non the less, it seems correct to me and i ended up with the same Secret from both values.

Jus making sure it's not lucky of the draw

probably was rather the other way round

(lecture copied from wiki)

clear sign for quality academic research

What I ment

I haven't acquired the syllabus yet, so that might be the cause as well

https://latesthackingnews.com/2018/08/30/rig-exploit-kit-malware-is-hijacking-users-browser-sessions/

How does one properly obfuscate python code

Is compiling through cx_freeze viable?

@thorn obsidian By actually compiling it to a binary using Cython

Anything else (cx_freeze, pyinstaller, etc.) are just barriers to casual users, anyone with even a moderate amount of technical knowledge could read the code very quickly

Two other alternatives to Cython are py2exe (horribly out of date) or Nuitka (I don't have enough experience with it to know if it actually does a full native code compile)

If you don't want people reading your code, don't share it

thats the only foolproof method

https://www.youtube.com/watch?v=S9JGmA5_unY

This one blew my mind

the title does not make sense at all

there is no such thing like 256 bit security

there are hundreds of algorithms working with 256 bit

I would guess it's just about how fucking huge 2²⁵⁶ is and comparing it to some universe size number

if we want huge number we should look at asymmetrical encryption with its 4096 bit keys 👀

love me some impossible ssh keys

@lilac gulch which type of key there are 3

ROT(13 ** 4096)

that is not an ssh key juan

@orchid notch iirc, mine are rsa+dsa

hm

gimme a sec

p = 18078525472293940929870298672147003075905225928206578052131728234420070137263037893295503608568884032188648031241674879528546061407858367438218166393315078565621462177197823534981292623614289834232007148248535134748656844518667270202146209668185763201561888418979306897392335831761672482947459765611870723069051126003125489376321727435938915992337957191119175471644653531392821929970219540145599746428609262113213695330230501197701459421512917188893256384448460905166803177139904435186039512090245200838920819581259880117833646271202071390815483215250617967183364862210814287254581144853023545028339446917255134169651
q = 23887985907296532278181015353989237288186007331728958993773158768167638496027810036203874159648272218403935740280824627372586143444336579205496174252126465286356558854034884562732503747248312794718067374244401486453935732071239582759354879407116481596151345048431291666015546282724125428186993494761368129573590505500964577403240778235054349325161899457514475280486561552323002031991461358377434436251039302952137735821992748323682025072499494252782397423940304194456293986354546912574725816599312636833638214252656804220894451823189302010811912402380610856761663664011750015271449766707372020199735102451708871935533

happy?

apparently not

😦

!reddit weekly netsec

Here are this week's top r/netsec posts!

Just played around with ALPC, it's scary

LOL

she is pretty weird

Yeah a little

A cyber security researcher?

What she did was most certainly wrong

She dumped a significant 0-day Windows priv esc vul on github and tweeted it

Damn...

It'll be patched...soon otherwise........

Oh yes

Which causes a lot of pain for IT departments everywhere

+1,no doubt

That now have to test the patch ASAP and push it to all their machines

They have to do it as fast as they can

You're a security engineer? @safe bear

If they don't test and push it, it could cause stability issues which is even worse from an organizational standpoint

Is anyone here have any experience with CTFs?

@thorn obsidian 3Blue1Brown video interesting, tx

does anyone know rsa algorithm?

don't ask to ask

and yes, @orchid notch knows. all of it.

@north rover oh sorry

okay

so i have p=11, q=29, n=319, e=3

what is the value of d?

what is the encryption of m=100?

so i calculated

phi(n) = (p-1)(q-1) = 280

and then

d = e^(-1) % phi(n)

and i'm stuck

how do i calculate 1/3 % 280?

here's a solution but i don't understand it

https://github.com/gzc/CLRS/blob/master/C31-Number-Theoretic-Algorithms/31.7.md

I'm on mobile now so I can't explain exactly, I will when I come back to pc. But the e^-1 in this context does not mean 1/e it means multiplicative inverse of e in the group phi(n). The equation you actually have to solve is

e*d mod phi(n) = 1

That is usually done using the extended Euclidean algorithm

@granite dirge

alright on PC

so what people actually mean when they write e^-1 is not always (but often) 1/e. In fact e^-1 means that e*e^-1 = 1 and you are right if it wasnt for the modul phi(n), e^-1 would be 1/e but we have a modul here so we have to calculate what times e modulo phi(n) results in 1 to get a correct value for e^-1. That value is usually referred to as d so people write
e*d mod phi(n) = 1
And then they solve that using the extended euclidean algorithm. That is done by converting the above equation to
e*d+phi(n)*k = 1
But the extended euclidean algorithm cannot solve that yet. It is used to solve
a*b+c*d = gcd(a,b)
(for a known a and c it calculates b, d and gcd(a,b))
Luckily we said that e has to be coprime to phi(n) so 1 is in fact the gcd of e and phi(n) =>
e*d+phi(n)*k = 1 = gcd(e, phi(n))
And that equation is solvable using the extended euclidean algorithm. The extended euclidean algorithm works like:

def xgcd(b, a):
    x0, x1, y0, y1 = 1, 0, 0, 1
    while a != 0:
        q, b, a = b // a, a, b % a
        x0, x1 = x1, x0 - q * x1
        y0, y1 = y1, y0 - q * y1
    return  b, x0, y0

(taken from wikibooks because i am too lazy to write it down now)
for a given a and b it returns g, x and y so following stands true
a*x+b*y = g = gcd(a,b)

@orchid notch so i need to calculate xgcd(3, 319)?

or rather xgcd(1/3, 319)?

no no no

away with the 1/3

there is no 1/3

no 1/3 involved

xgcd(3,280)

xgcd of e and phi(n) as explained above

okay let me calculate and get back to you if something goes wrong

@orchid notch what am i doing wrong>

¯_(ツ)_/¯

you are not supposed to apply the extended euclidean algorithm by hand

Lol

actually the answer i got is correct

(1, 1, -93)

but then what?

how do i get d from these?

you already got d

did you read what i wrote above?

it solves

a*x+b*y = g = gcd(a,b)

so d=1?

wekk apparently

although that is extremly unlikely

yes

in this example its 187

i mean you can check if your values are correct

https://github.com/gzc/CLRS/blob/master/C31-Number-Theoretic-Algorithms/31.7.md

just check if the equation matches with the values you got

ill admit

the extended euclidean algorithm can act weird sometimes

it has done for me in the past

its implemented in your github repo too

https://github.com/gzc/CLRS/blob/master/C31-Number-Theoretic-Algorithms/extended_euclid.py

they use the recursive version though

so they do -93 mod 280 = 187 to get the 187...

¯_(ツ)_/¯

ill admit the extended euclidean algorithm has been the only part of RSA i didnt get after 5 weeks of reading stuff about it

sometimes it works

sometimes it just acts completely weird

oh wow

it's my 2nd day so i have a long time to go

😄

thanks anyways ¯_(ツ)_/¯

like the example calculation in my 8 pages about RSA for school

i put those numbers in 4 online calculators for it

all of them gave the same result but the result is just wrong

so i just picked new primes and it worked

for reasons

ahaha

@orchid notch 8 pages (-_-),can you show me?

I can but..... It's entirely German

You wouldn't understand a thing :P

every page would look like this @upbeat palm

Oh...

sorry

If you send this is PDF I'll translate it

its not fully corrected yet

i mean the content is right but form and stuff

i wanna get it done first

Okay but send me whenever it will be completed

also the whole thing is actually 16 pages because it also includes symmetric cryptography and AES

It will be appreciated

Seriously?

I always wanted something like that

ok apparenlty sending pages is blocked

eh

Upload it to G drive and I'll download it

Oh....man

no table of contents for you on discord

?

Oh.. Gotcha

these are all resources i used, except of the last one everything is in english

Thanks

(although im referring to the last one most in this so...)

I always want to learn​cryptography

Thanks thousand times

but still robin, i am referring to the last one in 90 percent of them time because the last one really gives a big foundation for understanding the other ones as these are mostly original papers assuming you are into that type of maths etc

I like maths especially differential calculus and integrals

Gonna check it

differntial calculus and integrals has nothing to do with this type of maths and wont really be helpful for understanding it either

I know..it requires abstract algebra for basic understanding of encryption algorithms

Which part should I consider then?

RSA is all about group theory and AES is based on so called Galois fields

You can explain RSA without the group theory if you want though (which is what I did)

@broken wind why are you even asking whether salsa is secure?

i was using it for encrypting stuff lol

i would obviously prefer to use something secure

well, it doesn't matter how well-known a crypto algorithm is, if it exists there will be people trying to find ways to bypass it

Exactly

not as many if it is less well known

but still more than you think

There is a rule in cryptography that if you can only name your algorithm secure if nobody knows it it is insecure

that makes sense

i mean, libsodium uses salsa so i would hope it's secure

uhm

lol

@fervent patio So you mean if a encryption algorithms is less know it's more secure?(just a quick question :P)

that's exactly the opposite of what i was saying :P

i was referring to this from a different channel

Oh...

So less known, more known doesn't matter

i wouldn't judge the security of an algorithm just by how well-known it is

at all

chances are, popular crypto algorithms are only popular because they work so well and, as far as anyone's aware, are perfectly secure (so far)

the lesser-known algorithms may already be deemed insecure, so less people use them

which would be one prime reason why they're lesser-known.

True...

How much experience do you have in cryptography?

fuck-all

i'm just using common sense here.

:D

Oh🙃

@fervent patio Thanks ;)

The more its known the more its flaws are exposed/fixed

https://mega.nz/blog_47

@silent pier +1

Ugh, I... should change my password or find a password manager

Was watching this for a security course, and saw so many passwords which could very well be some of mine https://youtu.be/7U-RbOKanYs

Are your passwords more prone to bruteforce or dictionary attack?

Probably dict

Its 12+ chars so not so much brute

Oh...probably make some passwords related but that will be kind of prone to social engineering thing,but that's another topic

It's probably because it's a composition of other possible passwords

Sophisticated dictionary attacks create passwords of other smaller ones..

Hmm...more passwords means more time so it'll​ take time and if the attacker tries to get password from website like Spotify they have to make a config file for cracking a password and now most website will enable captcha if you enter wrong password serveral time so it's kinda hard afaik

It's more in the area when password hashes are leaked :P

Then you're only limited to your own hardware

The example given in the video isn't really that great, as they were encoded in md5 ... which sites shouldnt use for passwords

So what kind of encryption they use in Database?

MD5 for storing users data is kinda outdated

SQLi injection is common these days and with the help of SQLi Dumper it's so easy to get a db only with mail and password,then hashcat is there for decryption...

something like AES and SHA512 (possibly SHA3) is currently considered "safe"

And proper sql query building should avoid injections

Encryption of that vast data will take time?

Like prepared statements

AES is pretty fast

Not too familiar with SHA512

Yup but most website don't considered that AES will be good

lots of people also like bcrypt for hashing

Oh...

also AES is bullshit for password storing

Why?

its an encryption not hashing

Fair enough

What are the better hash algos these days

I've only covered encryption so far

scrypt bcrypt and the high bit sha ones

What about SHA3?

some hashing algorithms based on salsa20 are supposed to be quite ok

Oh..

scrypt is good cause it's memory heavy right?

or was it processor ..

scrypt and bcrypt require more memory than ASICs have in their L chaches

May even be both with the right parameters thinking about it

that means you cant built effective asics for computing them

which also makes them good for cryptocurrencies

Yeah, we talked briefly about it because of cryptos

🤔 , great discussion btw

scrypt asics exist tho

and are widely used

Has anyone used or tried out WireGuard? I've been trying to give it a try lately but the resources are sadly lacking, although I find it to be super interesting.

No, haven't heard about it until now

What's so special about it?

Seems to tout itself as a faster OpenVPN and they obviously don't like IPSec

Looked at masscan in more detail today, the engineering behind it is super impressive

https://github.com/robertdavidgraham/masscan

10 million packets per section with a 10Gbps NIC

That's way too fast

@safe bear IPSec is shit in general, and last I looked at it pretty insecure by today's standards

wireguard is a full VPN implementation using modern algorithms with a very small amount of code

it's a very nice system

also the current gold standard for password hashing is Argon2

Bcrypt also works nicely

don't use SHA for passwords on a website, it's bad at preventing bruteforce attacks

also this is neat
https://www.youtube.com/watch?v=49KoUmiJuts

@thorn obsidian modern encryption algorithms to encrypt data packets?

yes

it also uses modern systems to authenticate servers and stuff

check it out here
https://www.wireguard.com/

So if a attacker sniffs the data packets on a network he have to decrypt it in order to sniff it?
What about Nord VPN?

Nord VPN is using OpenVPN, the results are the same (data is encrypted) but the software and the encryption end up being quite different

What about packet sniffing question?

yes

Oh... Thanks

OOOOOoooooooooooo the blackhat briefings are up

Thanks for sharing that @thorn obsidian

np

I'm thinking about making a Twtich Bot that verifies links. Basically just confirming validity of some whitelisting IPs. I'm not terribly versed in security, what should I be researching?

Sources of blacklist information

What do you mean by "verifying links" exactly?

Basically just trying to filter malicious intent

But to make it easier I might just have it only accept popular sites. Twitter, YouTube, Reddit.

You can just have it check against a blacklist database of some sort

Whitelisting is simpler but restricts what your users can share rather heavily

And you have to take care with CDNs (Content Delivery Networks) that sites use to deliver images, gifs, etc.

If someone pastes a link to a gif, it can often be a CDN domain and not the domain in your whitelist

Alright, sounds good. Thanks for the info

Why my favourite channel is so silent?🤔

Because I'm not active 😛

Also I'm perpetually afraid of being shutdown by going off-topic from Python

lol

Though I guess I am the police

🚓

And dev-ops and databases also regularly go off-topic

Because I havent had a lecture yet I need to repeat here for practice

@safe bear You should be active then because topics shared by you and Nix and Xair are awesome

Here's a really cool talk: https://youtu.be/_eSAF_qT_FY

That's some serious stuff

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf

Go to bed

🤔 @silent pier

I feel like there are like only 5 people regulary talking in here

thats because i just wrote a small web page for myself that shamelessly md5s the shit out of the password and stores it in a json

Top password managers - Go

notepad c:

if we're being serious here then you'd probably be better off writing your own and hosting it yourself

That would require me to first handle a master log in system that's "safe"

oh, i got a good one
writing all your passwords directly to the unpartitioned space on your hard drive

Which frankly, I don't trust myself yet in writing something that's protected, and not exploitable .. in general

yeah it would but it would also mean that it wont be compromised due to someone else screwing it up
so if you were really paranoid, port knocking + vpn + crazy cookie setup + heaps of encrypting and salting + fde with a key file on a usb
im sure you could go even crazier than that

i'm sure you could if you wanted to floppy, i believe in you!

Im lazy man

just having a password manager, that's locally hosted seems good enough to me

yeah, whatever works for you
we've each got our own way of doing it
in all honesty though i need to find a better place other than a text file :/

maybe ill just pgp it or something

do you code much floppy?
for pleasure or business?

Hobby, and some for uni

nice, i wish i wrote more python
only times i write any is when i need a bot for a new discord servers

@orchid notch and who are they?🤔

who is who

oh

the people who

talk

me, you, known error, xair and floppy

Yeah, I think we are only interested in security
BTW how's Cryptography Engineering book?

idk about that

Oh...Okay
No problem

https://youtu.be/VroEiMOJPm8

Writing your password into slack space directly is stupid

You can just read the space and see the passwords by simply scanning for ASCII characters

What you do is use a TrueCrypt (well, VeraCrypt RIP TC devs) Hidden Volume

Encrypted volume hidden in slack space

You make that encrypted with a password and a key file

And put the key file on a flash drive that can only be unlocked with a biometric

and a password

@safe bear and for us slightly more mortal, got a recommendation for a password manager? C:

KeePass and LastPass

They're what I use

Do they both support multi devices / phones

Yes

I use KeePass on my phone and windows machines

Also, how people log into accounts on random platforms?

as well as on fedora

I sync the DB either over email or over Dropbox

Then I sync the key file using email, USB key, or a different cloud service

Db holds encrypted passwords, and key is one you log in with a master password to use?

You need the key file and the master password

Yes

DB is encrypted with AES-256

So say I wanted to log in with an uni desktop

Would I need to download the software to do that

Yes

There's a portable version you can put on a USB key

Ah

Software usually save keys in C drive,right?

@safe bear Great setup dude

@silent pier when he talks about the DB, he means his password manager.

Random platforms (google/discord/website.com) should never store end-user passwords in their database by encrypting them, they should only be hashed.

and salted

Of course...

Kerckhoffs' principle: the security of the encryption scheme must depend only on the secrecy of the key Ke, and not on the secrecy of the algorithm.

Finally I got it.....

@dull cliff Thanks for clarifying that. Technically it is a file database (.kdbx), but someone could've easily interpreted that statement as an actual production database store passwords from a website/service/etc.

Hey, and there was just a new KeePass release 4 hours ago, dope.

https://keepass.info/news/n180910_2.40.html

Awesome...

@upbeat palm @tepid tundra @thorn obsidian @whoever else wanted to read this i cant remember i decided to cut out page 6 and 7 (the actual text became 8 pages because of picture etc) as they just include the things about RSA anybody could find out for example where it is used etc so it doesnt exactly make sense (for me) to translate that part too. Enjoy

maybe @safe bear too

also as I am not that good with english mathematics i am not exactly sure how good my translation of terms i didnt look up is

Thank you so much @orchid notch

It only focus on RSA,right?

yes

well it tells a bit about asymmetrical cryptography at the beginning

Yeah...but explained great
I'll finish it up and do some research as well

BTW you should check Cryptography Engineering book...It's awesome

I mean i could translate the AES part too but it just explains the process itself and nothing behind it or why its good how to improve tc

tc?

etc

Oh...
RSA is what I want for now
Thanks again

tl;dr

😦

thnx lol nix

so ive been wanting to keep my database and how i deal with my information really secure

but idk what else i can do with it

https://clippr.co/H1K1BtHuQ76621

^ hastebin is broken

but yea thats my code for how i deal with logins and signups

if age >= 12 it returns You Cannot Signup As a 12 year old?

also if you hash the pw with a salt, pretty sure u need to save the salt as well as the hash

and then when ur checking the pw, ur only checking the plaintext pw as far as i can see

you need to hash it with the salt you saved and then compare them

@tepid tundra it looks like bcrypt prepends the hash with the salt, as most password hashing libraries do.

oh, just saw that this was from a few hours ago, i helped him since then in one of the help channels

ah k

https://blog.powerdns.com/2018/09/10/spoofing-dns-with-fragments/

if anyone is interested in dns

https://pbs.twimg.com/media/DmjnPRuXgAE1Qn-.jpg

O_O

@covert nacelle what is this showing

Security code for a credit card is being sent to an analytics service?

@safe bear yep

It sends your keypresses to a third party

Keypresses?

Clarify

Data entered into the site?

Basically its a keylogger

Say you press 1

Say I change tabs

It logs you hit 1 and a bunch of related data(as seen in keyboard event) and sends it off

Luckily it only runs on that webpage

Unluckily that is also a payment portal

Ok so it's monitoring user events triggered in JS and sending them off

Yeah that's bad

So yes technically a Keylogger

I tend to associate the term with the more sinister version

According to some secops most payment portals have that

We don't know what's done with the data and it's a huge attack vector

Yup

Honestly I don't know enough about how browsers and JS works to really understand the vulnerability

I get it but missing some technical nuances

The threat is mainly credit card info

That's the risk yeah

And other PII

And i believe there's ways to intercept the analytics connection?

Just realized I used threat horribly incorrectly lol

It's signed https generally

So that the browser thinks its comnected to the right site but it's actually going to an attacker

But who knows how the data is being used

If it's signed https no

Certificates prevent that

The concern in my mind at least is that a third-party that has no business knowing that information is able to collect it

Ye

And there's no oversight on their security

Yeah...

This seems like it would be a gross violation of PCI regulations

But I don't know the specifics of them and they may very well not cover client side risk...

Par the norm for regulations unfortunately, imperfect coverage

Nobody's sued yet over it

The thing about pci

Is its the credit card companies that drive it

If you're not compliant

Your ability to process payments is stripped

Which is, well really bad for a business

Imagine Finn air not being able to accept credit cards

No suits or legal measures needed

Pure business

Well, that's how I understand PCI to work anyhow

@safe bear another big thing is we don't even know who else gets it

Any number of third party trackers can piggyback another third party

Right

And we can't figure out who's piggybacking

It's definitely concerning

Well it's all there

That's the beauty of client side

You can see everything if you look hard enough

Well, not if the third party trackers are based on the remote server

Your info is sent to the third party remote

And trackers on the third party remote copy it down too

What do you mean by 'on'

That's a real threat...

Basically

Imagine you have four servers

One is the payment portal

One is you

One is the third party on your client

Last one is a fourth party

The connections were established with a single third party though

The payment portal sends the first third party tracker to you

That tracker collects info and sends it to the third party server

Then the third party server, once it receives the info

Can disseminate it to the fourth party

Obviously

A comnection from your client to the fourth party is never made

And that's a huge attack vector

It's N-parties

Point is its up to the third party

What if a blackhat gets a tracker on the third party server

They could be selling it, they could be monitored by a criminal syndicate, they could have a insider making a few bucks on the side dumping to silk road RIP, who knows

Yeah

Shouldn't be happening

Ideally no analytics or third parties would be allowed on the payment portal

Yes

That's the issue here

At most an approved payment processing vendor should be allowed the info

And you should be able to audit that processor's security

That's PCI

Oh, you mean end users should?

End users not so much

But the company who owns the payment portal

(this is what I'm referring to btw: https://en.m.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard)

Should have a responsibility to ensure anybody they send the info to is secure and is a necessity for the functioning of the payment portal

Yeah

Darn key logging alpacas

If they don't have a requirement to do so though or their developers aren't aware of it and or they don't have the training or time to do so...

Then we get Finn air

Security is human error

Sadly there's only 1 or 2 airlines who dont do it

Sounds worthy of a blog post

Ironically Qatar air, a middle eastern airline, is actually very secure

Why is that ironic?

That section of the middle east always strikes me as idle rich

Rich being the operable term there

I was surprised that they took security seriously and were willing to pay for that security

Well paid developers = good software

As a very general rule

Maybe im just stereotyping but i always equated idle rich to being more concerned with gold vending machines than client and worker safety

They care about their money and image

Security relates to both of those

Bad security => loss of image

Also given saudi arabia hates qatar's guts

It may be due to cyberattacks too

I wouldn't know

Need to get to sleep now

Noight

Wish I could keep discussing, perhaps tomorrow

How did you get this? @covert nacelle

An online keylogger?

@upbeat palm a secops posted the picture elsewhere

It's a major threat but not until the company disclose which 3rd parties have access to Credit Cards

Reading through this about input sanitizing, how exactly can the use of those unicode characters with a visual or semantic similarity be a security risk?

In URLs for example

you can have apple.com in latin latters, and you can have apple.com written with non-latin unicode.

The link will optically look the same for the person to click, but the destination is different

Right,but I thought in a more "handle the input" manner?

always depends on the purpose of the input

Is it to filter out those links maybe from ever being displayed

if it has to be evaluated by a human and tricking that human into believing something means something else, that is a risk

I just found it odd under the topic of input sanitizing

But yeah, human error I can see being a risk

The biggest vulnerability is social engineering

Maybe who knows

^

Filtering things that seem to be something but are not the same would definitely fall under input sanitization.

Of course, depends on your use case

If it's Discord, you wouldn't want to filter that out of your chats

But in usernames? Maybe, maybe not.

In passwords? Maybe you'd want to warn the user.