Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time, NTLM passwords can be used to unlock DPAPI-protected data such as the user’s passwords stored in Web browsers, encrypted chats, EFS-protected files and folders, and a lot more. In this article we argue about prioritizing the recovery of NTLM hashes over any other types of encrypted data.
The majority of mobile devices today are encrypted throughout, making extractions difficult or even impossible for major platforms. Traditional attack vectors are becoming a thing of the past with encryption being moved into dedicated security chips, and encryption keys generated on first unlock based on the user’s screen lock passwords. Cloud forensics is a great alternative, often returning as much or even more data compared to what is stored on the device itself.
iMessage, Hangouts, Skype, Telegram, Signal, WhatsApp are familiar, while PalTalk, Pigin, Psi Jabber client, Gadu-Gadu, Gajim, Trillian, BigAnt or Brosix are relatively little known. The tools from the first group are not only more popular but infinitely more secure compared to the tools from the second group. In this publication we’ll review the authentication methods used by the various instant messengers, and attempt to extract a password to the user’s account.
Tor Browser is a well-known tool for browsing the Web while renaming anonymous, while Qihoo 360 Safe Browser is one of China’s most popular desktop Web browsers. According to some sources, it might be the second most-popular desktop Web browser in China. Like many other Chromium-based browsers, 360 Safe Browser offers the ability to save and securely store website passwords, but the implementation is unexpectedly different from most other browsers. An update to Elcomsoft Internet Password Breaker enables the extraction of Qihoo 360 Safe Browser and Tor Browser passwords. Does the “360 Safe” moniker stand the trial, and is Tor really anonymous? Read along to find out!
Breaking passwords becomes more difficult with every other update of popular software. Microsoft routinely bumps the number of hash iterations to make Office document protection coherent with current hardware. Apple uses excessive protection of iTunes backups since iOS 10.1, making brute force attacks a thing of the past. VeraCrypt and BitLocker were secure from the get go. However, everything is not lost if you consider human nature.
QQ Browser is one of China’s most popular Web browsers. With some 10% of the Chinese market and the numerous Chinese users abroad, QQ Browser is used by the millions. Like many of its competitors, QQ Browser offers the ability to store website passwords. The passwords are securely encrypted, and can be only accessed once the user signs into their Windows account. Learn what you need to do to extract passwords from Tencent QQ Browser.
Last week, Microsoft Edge has become the second most popular desktop Web browser based on NetMarketShare usage figures. The new, Chromium-powered Edge offers impressive levels of customization and performance, much better compatibility with Web sites. The new browser is available on multiple platforms including older versions of Windows. With Chromium-based Edge quickly gaining momentum, we felt the urge of researching its protected storage.
When it comes to mobile forensics, experts are analyzing the smartphone itself with possible access to cloud data. However, extending the search to the user’s desktop and laptop computers may (and possibly will) help accessing information stored both in the physical smartphone and in the cloud. In this article we’ll list all relevant artefacts that can shed light to smartphone data. The information applies to Apple iOS devices as well as smartphones running Google Android.
According to surveys, the average English-speaking consumer maintains around 27 online accounts. Memorizing 27 unique, cryptographically secure passwords is nearly impossible for a person one could reasonably call “average”. As a result, the average person tends to reuse passwords, which means that a single password (or its simple variations) can be used to protect multiple online accounts and services. The same passwords are very likely to be chosen to protect access to offline resources such as encrypted archives and documents. In fact, several independent researches published between 2012 and 2016 suggest that between 59 and 61 per cent of consumers reuse passwords.
What is a Web browser for you? It’s virtually a whole world, all together: web sites, blogging, photo and video sharing, social networks, instant messaging, shopping… did I forget anything? Oh yes, logins and passwords. 🙂 Set an account here, sign in there, register here and sing up there – everywhere you need logins and passwords to confirm your identity.