Storing passwords database

Storing passwords securely is a recurring concern.
But what are the main methods, how do they work, and what are they worth against current password cracking techniques?
In this article we explain the main principles of secure storage (hash, salt, pepper, iteration) and highlight their importance for resisting password recovery methods. Finally, we will talk about a reliable hash function for secure storage.

Introduction to Public Key Certificate

A digital certificate is a data file that allow, on the one hand, the non-repudiation and the integrity of data, and on the other hand, to identify and to authenticate a person or an organization and also to encode communications.

A digital certificate includes several information, as:

  •  A public key
  •  Authentication information 
  •  A validity time
  •  An issuer that signs the certificate

This last point is crucial to verify the trustworthiness of a certificate. For this, when a certificate is received, a chain of trust is built to a certificate authority.

To explain the working of the chain of trust, let’s present some notions:

The Metasploit framework is an open source tool, allowing searching, analysing and exploiting vulnerabilities. It has many modules and tools that can be very useful during intrusion tests, whether on Web applications or on a company’s information system.
Although often used relatively basically, for example to launch a simple exploitation module on a target, this framework has options and tools that make it a key ally for a pentest. We will therefore see here how to use the Metasploit framework in an optimized way.

For the demonstration, we will attack a local network we are connected to.

In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simple theoretical framework, but various elements (either due to the vulnerability itself or due to security implementations) can make the task more complicated.

In this article, we will have a look at various methods to go further. On
the agenda:

  • Various methods for manually bypassing filters;
  • SSRFMap: a semi-automatic operating tool.

Introduction to Burp Suite - Proxy, Scanner, Intruder and Repeater

Burp, by information security professionals, is often said to be our best friend. Burp doesn’t ring a bell? It is a software dedicated to web security audits, used by a majority of information security professionals. First, we will present you the software Burp and four fundamental modules. For those already familiar with the tool, a second more technical article details some functionalities and extensions to gain efficiency.

Alternative to classic Bluetooth, Bluetooth Low Energy is chosen increasingly for the IoT. This technology, also known as the abbreviation BLE, is establishing itself for connected devices, as it is ideal to send small amounts of data between devices and to preserve the battery; which matches the IoT’s needs perfectly. Classic Bluetooth, on its side, is used to send large amounts of data between a device and a user (wireless headphones and speakers are using Bluetooth for example).

BLE and security

While these two Bluetooth protocols are used for different purposes and are not compatible, they are nevertheless to some extent similar, as they have common technologies (software and hardware), such as the one managing pairing. Thus, security manager has to keep in mind that security breaches that impact classic Bluetooth affect sometimes Bluetooth Low Energy too; however, the latter has its own features and therefore its specific flaws.

We are happy and proud to share with you that we are now officially a CREST accredited company for penetration testing.

Vaadata is accredited as CREST penetration testing company

This accreditation demonstrates our commitment to
offer high level of professional penetration testing services. It certifies
that Vaadata respects appropriate processes and procedures for conducting
penetration testing and for the protection of its client information.

USB devices are so convenient. Whenever we need to store small amounts of data, we use a USB stick. Everyone owns one and we generally trust it to be safe. USB keys are one of the main ways to do industrial espionage, but attacks against random civilians and companies are also common.
The 2018 Honeywell report on USB threat to industrial operators analyzed a sample of 50 locations. Energy, chemical manufacturing, pulp & paper, oil & gas and other industrial facilities were concerned by the study. Among the locations targeted, 44% blocked a suspicious file originating from USB ports and 15% of the threats detected and blocked were high-profile threats, like Stuxnet, Wannacry and Mirai.

USB Attacks

A 2016 experiment conducted on the University of Illinois Urbana-Champaign campus showed that from 297 USB sticks dropped around the university, students and staff members picked up 98% of them. By almost half of the USB drives picked up, someone plugged them in and clicked on a file.
A survey was then conducted on the persons who used the sticks. 68% of the respondents did not take any security measure when using the USB stick. 68% said they took the drive to give it back and 18% took it out of curiosity. This experiment shows how dangerous a simple USB device can be.