SlideShare ist ein Scribd-Unternehmen logo

Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017

Als PPTX, PDF herunterladen
OWASP Kyiv
OWASP Kyiv

Comprehensive analysis of a large portion of passwords specific to Ukrainian internet users.

Technologie
1 von 60
PASSWORDS COMPLEXITY BILL BURR 2003 NIST Special Publication 800-63B.
PASSWORDS COMPLEXITY BILL BURR NIST Special Publication 800-63B.
PASSWORDS COMPLEXITY BILL BURR NIST Special Publication 800-63B.
`
` P@ssw0rd
` P@ssw0rd P@ssw0rd1
PASSWORDS STORAGE • CLEAR-TEXT • ALGORITHM • HASH ALGORITHM • BCRYPT • SCRYPT • CRYPT ($2y$, $5$, $6$) • SALT • HASHING ON SERVER-SIDE
PASSWORDS STORAGE (SALT) • eat-less-salt-sodium.jpg
PASSWORDS STORAGE (SALT) • LENGTH • UNIQUE PER USER • RANDOM • SERVER-SIDE
PASSWORDS RECOVERY • SECURITY QUESTIONS • 3 QUESTIONS (2 PER REQUESTS) • NEW QUESTIONS • WRONG ANSWERS • EMAILS • LOGGING
PASSWORDS CRACKING • 190197 • 139766 • md5(md5($pass)) • >6 SYMBOLS • NO PASSWORD RULES • 20+
PASSWORDS CRACKING
HASHCAT • -a • -m • -m 2600 md5(md5())
DICTIONARY ATTACK
DICTIONARY ATTACK • hashcat -a 0 -m 2600 hashes.txt example.dict
ROCKYOU • /USR/SHARE/WORDLIST/ROCKYOU.TXT
ROCKYOU
0 48669 0 28668 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou ROCKYOU ALL UNIQUE
HASHCAT RULES • hashcat -a 0 -m 2600 hashes.txt example.dict –r rule
ROCKYOU +BEST64.RULE
0 48669 67258 0 28668 45350 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou rockyou + best64 ROCKYOU + BEST64.RULE ALL UNIQUE
NUMMER_DB.TOP • http://wordbook.xyz/do wnload/
0 48669 67258 107163 0 28668 45350 77745 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou rockyou + best64 nummer NUMMER_DB.TOP ALL UNIQUE
HASHCAT HYBRID ATTACK • hashcat -a 6 -m 2600 hashes.txt klichki.txt 19?d?d • hashcat -a 7 -m 2600 19?d?d hashes.txt klichki.txt
0 48669 67258 107163 109467 0 28668 45350 77745 79549 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou rockyou + best64 nummer klichki KLICHKI + 19?d?d ALL UNIQUE
HASHCAT MASK ATTACK • hashcat -a 3 -m 6 hashes.txt -1 ?l?u • ?1?1?d?d?d?d?1?1 • ?l = abcdefghijklmnopqrstuvwxyz • ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ • ?d = 0123456789 • ?s = «space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~ • ?a = ?l?u?d?s • ?b = 0x00 - 0xff
0 48669 67258 107163 109467 110239 0 28668 45350 77745 79549 80289 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou rockyou + best64 nummer klichki ?1?1?d?d?d?d?1?1 -1 ?l?u ?1?1?d?d?d?d?1?1 ALL UNIQUE
OWN DICTIONARY
BRUTEFORCE • hashcat -a 3 -m 6 hashes.txt ?l?l?l?l?l?l • Web-app password policy
0 48669 67258 107163 109467 110239 121210 0 28668 45350 77745 79549 80289 90678 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 BRUTEFORCE ALL UNIQUE
MAKE YOU OWN RULES • usage: ./morph.bin dictionary depth width pos_min pos_max- Dictionary = Wordlist used for frequency analysis. • - Depth = Determines what “top” chains that you want. • - Width = Max length of the chain.
MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 0 28668 45350 77745 79549 80289 90678 93340 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 OWN RULES ALL UNIQUE
TMESIS • tmesis.pl example.dict
MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 0 28668 45350 77745 79549 80289 90678 93340 93450 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 TMESIS ALL UNIQUE
HASHCAT COMBINATOR • hashcat -a 1 -m 2600 hashes.txt example.dict example.dict2
MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 125465 0 28668 45350 77745 79549 80289 90678 93340 93450 94808 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 COMBINATOR ALL UNIQUE
TOP RULES • TOP_250 • TOP_500 • TOP_1000 • TOP_3000 • TOP_5000
MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 125465 128973 0 28668 45350 77745 79549 80289 90678 93340 93450 94808 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 TOP RULES ALL UNIQUE
MARKOV CHAINS
TOP 15 /USR/SHARE/WORDLIST/ROCKYO U.TXT 1. 123456 (1) 2. 12345 (N) 3. 123456789 (3) 4. password (78) 5. iloveyou (112) 6. princess (955) 7. 1234567 (5) 8. rockyou (N) 9. 12345678 (7) 10.abc123 (230) 11.nicole (N) 12.daniel (N) 13.babygirl (N) 14.monkey (N) 15.lovely (N)
TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 3. 123456789 (3) 4. 5. 1234567 (7) 6. 7. 12345678 (9) 8. 9. 10. 11. 12. 13. 14. 15.
TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 111111 (21) 3. 123456789 (3) 4. qwerty (20) 5. 1234567 (7) 6. 7777777 (153) 7. 12345678 (9) 8. $city (N) 9. 123321 (196) 10.1234567890 (48) 11.123123 (40) 12.55555 (127) 13.? (272749) 14.000000 (23) 15.654321 (17)
TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 111111 (21) 3. 123456789 (3) 4. qwerty (20) 5. 1234567 (7) 6. 7777777 (153) 7. 12345678 (9) 8. $city (N) 9. 123321 (196) 10.1234567890 (48) 11.123123 (40) 12.55555 (127) 13.gfhjkm (272749) 14.000000 (23) 15.654321 (17)
TOP 16-59 UKRAINE.DIC 16. 777777 17. 159753 18. 666666 19. 121212 20. 1111111 21. 11111111 22. qazwsx 23. 1q2w3e4r 24. zxcvbnm 25. 987654321 26. 131313 27. 123qwe 28. 222222 29. 1qaz2wsx 30. 333333 31. 112233 32. 88888888 33. qwertyuiop 34. 888888 35. 1q2w3e 36. $app 37. 123654 38. 123123123 39. 1q2w3e4r5 t 40. $app_cyr 41. yfnfif 42. ghbdtn 43. qwe123 44. samsung 45. 789456 46. 999999 47. 12344321 48. qwerty123 49. zxcvbn 50. 1qazxsw2 51. 987654 52. marina 53. q1w2e3r4 54. natali 55. larisa 56. vfhbyf 57. 159357 58. galina 59. $city_keyb
TOP 60-100 UKRAINE.DIC 60. sergey 61. 11223344 62. nikita 63. nfnmzyf 64. 147258 65. qazwsxedc 66. 111222 67. 31415926 68. 987654321 69. svetlana 70. 101010 71. 1111111111 72. 1234554321 73. 12345qwert 74. 12341234 75. 232323 76. qweasdzxc 77. password 78. oplata 79. viktoria 80. 12qwaszx 81. 789456123 82. jgkfnf 83. 252525 84. 1qaz2wsx3ed c 85. 87654321 86. natasha 87. 7753191 88. oksana 89. hjvfirf 90. qwertyui 91. 999999999 92. 1234qwer 93. qazxsw 94. jrcfyf 95. 1234567w 96. veronika 97. vfrcbv 98. qwerty12345 99. master 100.valentina
TOP 100 UKRAINE.DIC TOP 100 = 8764 OF 190197 (4.6%) TOP 10 = 4984 OF 190197 (2.6%)
TOP 20 BASE WORDS 1. qwerty = 847 (0.55%) 2. $city = 700 (0.45%) 3. gfhjkm = 232 (0.15%) 4. olga = 225 (0.15%) 5. mama = 224 (0.14%) 6. alex = 221 (0.14%) 7. anna = 204 (0.13%) 8. lena = 201 (0.13%) 9. nata = 190 (0.12%) 10. $app = 175 (0.11%) 11. dima = 156 (0.1%) 12. qazwsx = 145 (0.09%) 13. sasha = 145 (0.09%) 14. irina = 144 (0.09%) 15. oleg = 137 (0.09%) 16. natali = 137 (0.09%) 17. vova = 136 (0.09%) 18. vika = 130 (0.08%) 19. sveta = 125 (0.08%) 20. marina = 125 (0.08%)
0 0 0 80 119 139 42630 21625 42665 17201 14135 6855 4865 2033 1214 576 378 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 PASSWORD LENGHT
LAST 4 DIGITS (Top 50) • 3456 = 2439 • 1111 = 1021 • 1987 = 615 • 1986 = 584 • 1984 = 582 • 1983 = 565 • 1985 = 562 • 1975 = 559 • 1980 = 550 • 1981 = 539 • 1976 = 536 • 6789 = 535 • 1979 = 524 • 1982 = 512 • 1978 = 502 • 1977 = 499 • 7777 = 491 • 2012 = 487 • 1974 = 481 • 1988 = 474 • 1989 = 460 • 2010 = 455 • 1972 = 444 • 4321 = 441 • 1973 = 421 • 1990 = 414 • 2009 = 408 • 1970 = 403 • 2008 = 403 • 1971 = 397 • 1991 = 385 • 2011 = 384 • 2015 = 377 • 2007 = 369 • 4567 = 355 • 1969 = 343 • 1234 = 340 • 1965 = 338 • 2006 = 336 • 2345 = 335 • 2013 = 332 • 2005 = 326 • 2014 = 326 • 1968 = 314 • 1964 = 313 • 1967 = 310 • 1966 = 305 • 1962 = 297 • 2000 = 293 • 1963 = 292
CHARACTER SETS 1. numeric: 54056 (34.88%) 2. loweralphanum: 52672 (33.99%) 3. loweralpha: 23671 (15.28%) 4. mixedalphanum: 9651 (6.23%) 5. mixedalpha: 3628 (2.34%) 6. upperalphanum: 2681 (1.73%) 7. loweralphaspecialnum: 1164 (0.75%) 8. loweralphaspecial: 1129 (0.73%) 9. mixedalphaspecialnum: 563 (0.36%) 10.specialnum: 507 (0.33%)
0 25000 45000 80000 82000 90000 95000 96000 98000 100000 101000 101500 103000 0 4000 29000 55000 57000 65000 70000 71000 73000 75000 76000 76200 76600 0 20000 40000 60000 80000 100000 120000 Chart Title Series 1 Series 2
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017

Empfohlen

Inecuaciones - matematicas
Inecuaciones - matematicasInecuaciones - matematicas
Inecuaciones - matematicasana yulissa cordoba perez
 
Vlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveVlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveOWASP Kyiv
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsOWASP Kyiv
 
Quick Wikipedia Mining using Elastic Map Reduce
Quick Wikipedia Mining using Elastic Map ReduceQuick Wikipedia Mining using Elastic Map Reduce
Quick Wikipedia Mining using Elastic Map Reduceohkura
 
Ruby Outside Rails 2 (southfest)
Ruby Outside Rails 2 (southfest)Ruby Outside Rails 2 (southfest)
Ruby Outside Rails 2 (southfest)Victor Petrenko
 
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance FuckupsNETFest
 
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke HiramaInsight Technology, Inc.
 
Scaling the #2ndhalf
Scaling the #2ndhalfScaling the #2ndhalf
Scaling the #2ndhalfSalo Shp
 

Empfohlen

Inecuaciones - matematicas
Inecuaciones - matematicasInecuaciones - matematicas
Inecuaciones - matematicasana yulissa cordoba perez
 
Vlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveVlad Styran - "Hidden" Features of the Tools We All Love
Vlad Styran - "Hidden" Features of the Tools We All LoveOWASP Kyiv
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsOWASP Kyiv
 
Quick Wikipedia Mining using Elastic Map Reduce
Quick Wikipedia Mining using Elastic Map ReduceQuick Wikipedia Mining using Elastic Map Reduce
Quick Wikipedia Mining using Elastic Map Reduceohkura
 
Ruby Outside Rails 2 (southfest)
Ruby Outside Rails 2 (southfest)Ruby Outside Rails 2 (southfest)
Ruby Outside Rails 2 (southfest)Victor Petrenko
 
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups.NET Fest 2019. Łukasz Pyrzyk. Daily Performance Fuckups
.NET Fest 2019. Łukasz Pyrzyk. Daily Performance FuckupsNETFest
 
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke Hirama
[D15] 最強にスケーラブルなカラムナーDBよ、Hadoopとのタッグでビッグデータの地平を目指せ!by Daisuke HiramaInsight Technology, Inc.
 
Scaling the #2ndhalf
Scaling the #2ndhalfScaling the #2ndhalf
Scaling the #2ndhalfSalo Shp
 
Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Viswanath J
 
Matlab teaching
Matlab teachingMatlab teaching
Matlab teachingHosseinGholizadeh7
 
Lecture18
Lecture18Lecture18
Lecture18Ankit Katiyar
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...JAX London
 
DB2 Workload Manager Histograms
DB2 Workload Manager HistogramsDB2 Workload Manager Histograms
DB2 Workload Manager HistogramsKeith McDonald
 
Catalogo codiacero
Catalogo codiaceroCatalogo codiacero
Catalogo codiaceroricardo jimenez
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Purple Vision
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Purple Vision
 
Scaling PostreSQL with Stado
Scaling PostreSQL with StadoScaling PostreSQL with Stado
Scaling PostreSQL with StadoJim Mlodgenski
 
Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2Kiran Vittalapur Thimmappaiah
 
CM_TX_Devices
CM_TX_DevicesCM_TX_Devices
CM_TX_DevicesJeremiah Cargill
 
Understanding Performance with DTrace
Understanding Performance with DTraceUnderstanding Performance with DTrace
Understanding Performance with DTraceahl0003
 
Compression Clip Shelving Industrial Shelves
Compression Clip Shelving Industrial ShelvesCompression Clip Shelving Industrial Shelves
Compression Clip Shelving Industrial ShelvesIndustrial Brochures - Southwest Solutions Group
 
RIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se ZoneRIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se Zonepawal
 
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheetKollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheetElectromate
 
Kollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheetKollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheetElectromate
 
Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1Venkata Vineel
 
Redis 101
Redis 101Redis 101
Redis 101Doğan Can
 
Quick Wins
Quick WinsQuick Wins
Quick WinsHighLoad2009
 
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...OWASP Kyiv
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиOWASP Kyiv
 

Weitere ähnliche Inhalte

Ähnlich wie Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017

Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Viswanath J
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013Amazon Web Services
 
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...JAX London
 
DB2 Workload Manager Histograms
DB2 Workload Manager HistogramsDB2 Workload Manager Histograms
DB2 Workload Manager HistogramsKeith McDonald
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Purple Vision
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Purple Vision
 
Scaling PostreSQL with Stado
Scaling PostreSQL with StadoScaling PostreSQL with Stado
Scaling PostreSQL with StadoJim Mlodgenski
 
Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2Kiran Vittalapur Thimmappaiah
 
Understanding Performance with DTrace
Understanding Performance with DTraceUnderstanding Performance with DTrace
Understanding Performance with DTraceahl0003
 
RIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se ZoneRIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se Zonepawal
 
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheetKollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheetElectromate
 
Kollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheetKollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheetElectromate
 
Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1Venkata Vineel
 

Ähnlich wie Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017 (20)

Getting started with Cassandra 2.1
Getting started with Cassandra 2.1Getting started with Cassandra 2.1
Getting started with Cassandra 2.1
 
Matlab teaching
Matlab teachingMatlab teaching
Matlab teaching
 
Lecture18
Lecture18Lecture18
Lecture18
 
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
DDoS Resiliency with Amazon Web Services (SEC305) | AWS re:Invent 2013
 
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
Java Core | Understanding the Disruptor: a Beginner's Guide to Hardcore Concu...
 
DB2 Workload Manager Histograms
DB2 Workload Manager HistogramsDB2 Workload Manager Histograms
DB2 Workload Manager Histograms
 
Catalogo codiacero
Catalogo codiaceroCatalogo codiacero
Catalogo codiacero
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12
 
Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12Saint Francis & Purple Vision NAHF Presentation 24/3/12
Saint Francis & Purple Vision NAHF Presentation 24/3/12
 
Scaling PostreSQL with Stado
Scaling PostreSQL with StadoScaling PostreSQL with Stado
Scaling PostreSQL with Stado
 
Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2Benchmarking aws instance_for_mysql_database_serverce2
Benchmarking aws instance_for_mysql_database_serverce2
 
CM_TX_Devices
CM_TX_DevicesCM_TX_Devices
CM_TX_Devices
 
Understanding Performance with DTrace
Understanding Performance with DTraceUnderstanding Performance with DTrace
Understanding Performance with DTrace
 
Compression Clip Shelving Industrial Shelves
Compression Clip Shelving Industrial ShelvesCompression Clip Shelving Industrial Shelves
Compression Clip Shelving Industrial Shelves
 
RIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se ZoneRIPE64 - DNS and DNSSEC in the .se Zone
RIPE64 - DNS and DNSSEC in the .se Zone
 
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheetKollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
Kollmorgen nema 34_n3_k3_stepper_systems_tb_specsheet
 
Kollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheetKollmorgen nema 34 specsheet
Kollmorgen nema 34 specsheet
 
Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1Generic Framework for Knowledge Classification-1
Generic Framework for Knowledge Classification-1
 
Redis 101
Redis 101Redis 101
Redis 101
 
Quick Wins
Quick WinsQuick Wins
Quick Wins
 

Mehr von OWASP Kyiv

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...OWASP Kyiv
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиOWASP Kyiv
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteOWASP Kyiv
 
Threat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonOWASP Kyiv
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...OWASP Kyiv
 
Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101OWASP Kyiv
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityOWASP Kyiv
 
Ivan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git PushIvan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git PushOWASP Kyiv
 
Dima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL PinningDima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL PinningOWASP Kyiv
 
Yevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth PhishingYevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth PhishingOWASP Kyiv
 
Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?OWASP Kyiv
 
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansVlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansOWASP Kyiv
 
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceRoman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceOWASP Kyiv
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSocketsOWASP Kyiv
 
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorViktor Zhora - Cyber and Geopolitics: Ukrainian factor
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorOWASP Kyiv
 
Volodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya InvestigationVolodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya InvestigationOWASP Kyiv
 
Ihor Bliumental - Collision CORS
Ihor Bliumental - Collision CORSIhor Bliumental - Collision CORS
Ihor Bliumental - Collision CORSOWASP Kyiv
 
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersLidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersOWASP Kyiv
 
Ihor Bliumental – Is There Life Outside OWASP Top-10
Ihor Bliumental – Is There Life Outside OWASP Top-10Ihor Bliumental – Is There Life Outside OWASP Top-10
Ihor Bliumental – Is There Life Outside OWASP Top-10OWASP Kyiv
 
Roman Rott – Ruby for Pentesters
Roman Rott – Ruby for PentestersRoman Rott – Ruby for Pentesters
Roman Rott – Ruby for PentestersOWASP Kyiv
 

Mehr von OWASP Kyiv (20)

Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
 
Software Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостямиSoftware Supply Chain Security та компоненти з відомими вразливостями
Software Supply Chain Security та компоненти з відомими вразливостями
 
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout SuiteCloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
 
Threat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat DragonThreat Modeling with OWASP Threat Dragon
Threat Modeling with OWASP Threat Dragon
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101Vlad Styran - Cyber Security Economics 101
Vlad Styran - Cyber Security Economics 101
 
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in SecurityPavlo Radchuk - OWASP SAMM: Understanding Agile in Security
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
 
Ivan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git PushIvan Vyshnevskyi - Not So Quiet Git Push
Ivan Vyshnevskyi - Not So Quiet Git Push
 
Dima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL PinningDima Kovalenko - Modern SSL Pinning
Dima Kovalenko - Modern SSL Pinning
 
Yevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth PhishingYevhen Teleshyk - OAuth Phishing
Yevhen Teleshyk - OAuth Phishing
 
Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?Vlada Kulish - Why So Serial?
Vlada Kulish - Why So Serial?
 
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 PlansVlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
 
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand ExperienceRoman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSockets
 
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
Viktor Zhora - Cyber and Geopolitics: Ukrainian factorViktor Zhora - Cyber and Geopolitics: Ukrainian factor
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
 
Volodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya InvestigationVolodymyr Ilibman - Close Look at Nyetya Investigation
Volodymyr Ilibman - Close Look at Nyetya Investigation
 
Ihor Bliumental - Collision CORS
Ihor Bliumental - Collision CORSIhor Bliumental - Collision CORS
Ihor Bliumental - Collision CORS
 
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web DevelopersLidiia 'Alice' Skalytska - Security Checklist for Web Developers
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
 
Ihor Bliumental – Is There Life Outside OWASP Top-10
Ihor Bliumental – Is There Life Outside OWASP Top-10Ihor Bliumental – Is There Life Outside OWASP Top-10
Ihor Bliumental – Is There Life Outside OWASP Top-10
 
Roman Rott – Ruby for Pentesters
Roman Rott – Ruby for PentestersRoman Rott – Ruby for Pentesters
Roman Rott – Ruby for Pentesters
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017

  • 1.
  • 2.
  • 3.
  • 4.
  • 5. PASSWORDS COMPLEXITY BILL BURR 2003 NIST Special Publication 800-63B.
  • 6. PASSWORDS COMPLEXITY BILL BURR NIST Special Publication 800-63B.
  • 7. PASSWORDS COMPLEXITY BILL BURR NIST Special Publication 800-63B.
  • 8. `
  • 11.
  • 12.
  • 13. PASSWORDS STORAGE • CLEAR-TEXT • ALGORITHM • HASH ALGORITHM • BCRYPT • SCRYPT • CRYPT ($2y$, $5$, $6$) • SALT • HASHING ON SERVER-SIDE
  • 15. PASSWORDS STORAGE (SALT) • LENGTH • UNIQUE PER USER • RANDOM • SERVER-SIDE
  • 16.
  • 17. PASSWORDS RECOVERY • SECURITY QUESTIONS • 3 QUESTIONS (2 PER REQUESTS) • NEW QUESTIONS • WRONG ANSWERS • EMAILS • LOGGING
  • 18. PASSWORDS CRACKING • 190197 • 139766 • md5(md5($pass)) • >6 SYMBOLS • NO PASSWORD RULES • 20+
  • 20. HASHCAT • -a • -m • -m 2600 md5(md5())
  • 22. DICTIONARY ATTACK • hashcat -a 0 -m 2600 hashes.txt example.dict
  • 26. HASHCAT RULES • hashcat -a 0 -m 2600 hashes.txt example.dict –r rule
  • 31. HASHCAT HYBRID ATTACK • hashcat -a 6 -m 2600 hashes.txt klichki.txt 19?d?d • hashcat -a 7 -m 2600 19?d?d hashes.txt klichki.txt
  • 33. HASHCAT MASK ATTACK • hashcat -a 3 -m 6 hashes.txt -1 ?l?u • ?1?1?d?d?d?d?1?1 • ?l = abcdefghijklmnopqrstuvwxyz • ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ • ?d = 0123456789 • ?s = «space»!"#$%&'()*+,-./:;<=>?@[]^_`{|}~ • ?a = ?l?u?d?s • ?b = 0x00 - 0xff
  • 34. 0 48669 67258 107163 109467 110239 0 28668 45350 77745 79549 80289 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 0 rockyou rockyou + best64 nummer klichki ?1?1?d?d?d?d?1?1 -1 ?l?u ?1?1?d?d?d?d?1?1 ALL UNIQUE
  • 36. BRUTEFORCE • hashcat -a 3 -m 6 hashes.txt ?l?l?l?l?l?l • Web-app password policy
  • 37. 0 48669 67258 107163 109467 110239 121210 0 28668 45350 77745 79549 80289 90678 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 BRUTEFORCE ALL UNIQUE
  • 38.
  • 39. MAKE YOU OWN RULES • usage: ./morph.bin dictionary depth width pos_min pos_max- Dictionary = Wordlist used for frequency analysis. • - Depth = Determines what “top” chains that you want. • - Width = Max length of the chain.
  • 40. MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 0 28668 45350 77745 79549 80289 90678 93340 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 OWN RULES ALL UNIQUE
  • 42. MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 0 28668 45350 77745 79549 80289 90678 93340 93450 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 TMESIS ALL UNIQUE
  • 43. HASHCAT COMBINATOR • hashcat -a 1 -m 2600 hashes.txt example.dict example.dict2
  • 44. MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 125465 0 28668 45350 77745 79549 80289 90678 93340 93450 94808 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 COMBINATOR ALL UNIQUE
  • 45. TOP RULES • TOP_250 • TOP_500 • TOP_1000 • TOP_3000 • TOP_5000
  • 46. MAKE YOUR OWN RULES • ./morph.bin dictionary depth width pos_min pos_max • Depth = Determines what “top” chains that you want. • Width = Max length of the chain. 0 48669 67258 107163 109467 110239 121210 123897 124011 125465 128973 0 28668 45350 77745 79549 80289 90678 93340 93450 94808 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 TOP RULES ALL UNIQUE
  • 48. TOP 15 /USR/SHARE/WORDLIST/ROCKYO U.TXT 1. 123456 (1) 2. 12345 (N) 3. 123456789 (3) 4. password (78) 5. iloveyou (112) 6. princess (955) 7. 1234567 (5) 8. rockyou (N) 9. 12345678 (7) 10.abc123 (230) 11.nicole (N) 12.daniel (N) 13.babygirl (N) 14.monkey (N) 15.lovely (N)
  • 49. TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 3. 123456789 (3) 4. 5. 1234567 (7) 6. 7. 12345678 (9) 8. 9. 10. 11. 12. 13. 14. 15.
  • 50. TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 111111 (21) 3. 123456789 (3) 4. qwerty (20) 5. 1234567 (7) 6. 7777777 (153) 7. 12345678 (9) 8. $city (N) 9. 123321 (196) 10.1234567890 (48) 11.123123 (40) 12.55555 (127) 13.? (272749) 14.000000 (23) 15.654321 (17)
  • 51. TOP 15 UKRAINE.DIC 1. 123456 (1) 2. 111111 (21) 3. 123456789 (3) 4. qwerty (20) 5. 1234567 (7) 6. 7777777 (153) 7. 12345678 (9) 8. $city (N) 9. 123321 (196) 10.1234567890 (48) 11.123123 (40) 12.55555 (127) 13.gfhjkm (272749) 14.000000 (23) 15.654321 (17)
  • 52. TOP 16-59 UKRAINE.DIC 16. 777777 17. 159753 18. 666666 19. 121212 20. 1111111 21. 11111111 22. qazwsx 23. 1q2w3e4r 24. zxcvbnm 25. 987654321 26. 131313 27. 123qwe 28. 222222 29. 1qaz2wsx 30. 333333 31. 112233 32. 88888888 33. qwertyuiop 34. 888888 35. 1q2w3e 36. $app 37. 123654 38. 123123123 39. 1q2w3e4r5 t 40. $app_cyr 41. yfnfif 42. ghbdtn 43. qwe123 44. samsung 45. 789456 46. 999999 47. 12344321 48. qwerty123 49. zxcvbn 50. 1qazxsw2 51. 987654 52. marina 53. q1w2e3r4 54. natali 55. larisa 56. vfhbyf 57. 159357 58. galina 59. $city_keyb
  • 53. TOP 60-100 UKRAINE.DIC 60. sergey 61. 11223344 62. nikita 63. nfnmzyf 64. 147258 65. qazwsxedc 66. 111222 67. 31415926 68. 987654321 69. svetlana 70. 101010 71. 1111111111 72. 1234554321 73. 12345qwert 74. 12341234 75. 232323 76. qweasdzxc 77. password 78. oplata 79. viktoria 80. 12qwaszx 81. 789456123 82. jgkfnf 83. 252525 84. 1qaz2wsx3ed c 85. 87654321 86. natasha 87. 7753191 88. oksana 89. hjvfirf 90. qwertyui 91. 999999999 92. 1234qwer 93. qazxsw 94. jrcfyf 95. 1234567w 96. veronika 97. vfrcbv 98. qwerty12345 99. master 100.valentina
  • 54. TOP 100 UKRAINE.DIC TOP 100 = 8764 OF 190197 (4.6%) TOP 10 = 4984 OF 190197 (2.6%)
  • 55. TOP 20 BASE WORDS 1. qwerty = 847 (0.55%) 2. $city = 700 (0.45%) 3. gfhjkm = 232 (0.15%) 4. olga = 225 (0.15%) 5. mama = 224 (0.14%) 6. alex = 221 (0.14%) 7. anna = 204 (0.13%) 8. lena = 201 (0.13%) 9. nata = 190 (0.12%) 10. $app = 175 (0.11%) 11. dima = 156 (0.1%) 12. qazwsx = 145 (0.09%) 13. sasha = 145 (0.09%) 14. irina = 144 (0.09%) 15. oleg = 137 (0.09%) 16. natali = 137 (0.09%) 17. vova = 136 (0.09%) 18. vika = 130 (0.08%) 19. sveta = 125 (0.08%) 20. marina = 125 (0.08%)
  • 56. 0 0 0 80 119 139 42630 21625 42665 17201 14135 6855 4865 2033 1214 576 378 0 5000 10000 15000 20000 25000 30000 35000 40000 45000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 PASSWORD LENGHT
  • 57. LAST 4 DIGITS (Top 50) • 3456 = 2439 • 1111 = 1021 • 1987 = 615 • 1986 = 584 • 1984 = 582 • 1983 = 565 • 1985 = 562 • 1975 = 559 • 1980 = 550 • 1981 = 539 • 1976 = 536 • 6789 = 535 • 1979 = 524 • 1982 = 512 • 1978 = 502 • 1977 = 499 • 7777 = 491 • 2012 = 487 • 1974 = 481 • 1988 = 474 • 1989 = 460 • 2010 = 455 • 1972 = 444 • 4321 = 441 • 1973 = 421 • 1990 = 414 • 2009 = 408 • 1970 = 403 • 2008 = 403 • 1971 = 397 • 1991 = 385 • 2011 = 384 • 2015 = 377 • 2007 = 369 • 4567 = 355 • 1969 = 343 • 1234 = 340 • 1965 = 338 • 2006 = 336 • 2345 = 335 • 2013 = 332 • 2005 = 326 • 2014 = 326 • 1968 = 314 • 1964 = 313 • 1967 = 310 • 1966 = 305 • 1962 = 297 • 2000 = 293 • 1963 = 292
  • 58. CHARACTER SETS 1. numeric: 54056 (34.88%) 2. loweralphanum: 52672 (33.99%) 3. loweralpha: 23671 (15.28%) 4. mixedalphanum: 9651 (6.23%) 5. mixedalpha: 3628 (2.34%) 6. upperalphanum: 2681 (1.73%) 7. loweralphaspecialnum: 1164 (0.75%) 8. loweralphaspecial: 1129 (0.73%) 9. mixedalphaspecialnum: 563 (0.36%) 10.specialnum: 507 (0.33%)
  • 59. 0 25000 45000 80000 82000 90000 95000 96000 98000 100000 101000 101500 103000 0 4000 29000 55000 57000 65000 70000 71000 73000 75000 76000 76200 76600 0 20000 40000 60000 80000 100000 120000 Chart Title Series 1 Series 2