@0xSkeletonKey Cherry and Lemon.

@THunter_0x0 @muddletoes It is very common for attackers to search for private keys once the compromise a host and then use those credentials to move further. I discuss this threat here:

@THunter_0x0 I think that short-lived SSH certs are best. Followed by pub/private key. Passwords only as a last resort if that's all you can do, but they do put credentials at risk.

@solardiz @Chick3nman512 In principle I'd agree here, but in practice I'd rather Linux users use yescrypt if it is an option vs. others. I should update this list with some caveats.

@Chick3nman512 In principle I'd agree and should update my list. The main reason I ordered it this way is there are many variants of this hashing method so how to give guidance? I think I'd rather have people move to yescrypt if it is an option on Linux vs. others.

Once again I say that in my nightmares I wake up after an auto accident in the hospital. I turn my head and see my morphine drip has a Wifi Enabled sticker on it and I scream out into the void.

This router was way ahead of its time. Kept so much bad traffic from entering the perimeter of networks that used it.

@csoandy @rsnbrgr When the IDS evasion paper came out it was kind of a yawn for us because we just didn't think many of the attacks would even make it past the perimeter of customers with these.

@Dave_Maynor Too late. Many are already set to that.

@csoandy @rsnbrgr I love that there is still one around!

@stewart_sec This, plus machine to machine scripts, backups, etc. It's a big issue.

@szarka I haven't seen DES in ages!

If you find systems with obsolete Linux password hashes, chances are high other problems are lurking. It's like finding sawdust near your house foundation. You can't see the termites, but you know the house has trouble.

@0xSkeletonKey A classic. Pop the box, then wait for someone to login. Rinse and repeat.

@EricChennells Automated scripts can go around spraying passwords also.

@0xvaeed I understand. Hashes/binary search is fine for rapid triage. But I just don't think think it's a good long-term approach.

I suggest breaking down malware into the tactics they use and search for the tactics vs. specific malware signatures. Adding yara rules searching for binaries is never the correct answer. PS. I've never written a Yara rule in my entire career and don't intend to start.