Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code
-------------------------------------
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure.

In most cases, this individual would have been right on the mark. On the other hand, I'm not sure he expected to challenge someone who has close associates with discretionary time on some of the most powerful computers in the world.

6 Hours, 2 Servers, 64GB of Memory, and 32 Processors Later and.....
------------------------------------
It took just under six hours to decipher the password. Of course, my 'associates' were using a program of my choice on servers with 32 processors and 64GB of RAM a piece. It's nice to have friends with access like this. Especially in my line of work. Needless to say, my client was shocked when I called him the next day and gave him the password.

Let's Have Some Fun: A Challenge For You
----------------------------------------------
(In order for you to do this, you need to go to: http://www.defendingthenet.com/NewsLetters/ CrackTheCode-ThatsADirectChallenge.htm)

Shortly after this experience, I started thinking about writing an article about it. Then I thought to myself, why write just an article? Why not come up with a challenge for our readers?

Hidden in this article is information that will ultimately provide you with a phrase that has been encrypted. You will need to know a few pieces of general information such as, where to find the hash in this article, how to extract the hash from the article, what the password is that will reveal the hash, and what type of hash is being used! Still with me on this? You will need to do all this before you can start cracking the encrypted phrase.

First, you need to find the hashed phrase located in this article. I'll give you a hint; I recently wrote an article about hiding messages in files. This article can be found on the Defending The Net Newsletter Archive. It is also in the www.CastleCops.com archive. Oh, and once you find where the hash is you will need a password to extract it. This one I am going to give away. The password to extract the hash is 'letmein' (without the ' ' of course).

Then, you will need a tool that can easily handle deciphering of the hash once you extract it from this article. There are quite a few out there that will do the job, however, I highly recommend using pnva naq noyr i2.69, a publicly available security tool that no self respecting security engineer should be without. You will also need to know the type of hashing algorithm that was used. I decided to use zrffntr qvtrfg svir because it is relatively well-known. (Try saying that 13 times real fast!)

Conclusion
----------------
The first person to successfully unravel this riddle and e-mail me at riddle@paralogic.net with the deciphered phrase, along with a detailed description of how they accomplished the task, will receive a 512MB, USB2.0 Jump Drive. As soon as we receive this information we will post it on the main page of www.defendingthenet.com.

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net

In The News:


Aljazeera.com

Milo Yiannopoulos' security cost UC Berkeley $800,000 | Far Right ...
Aljazeera.com
US university grappling with budget cuts and layoffs spends sum on security for far-right speaker's 15-minute rally.

and more »

Gizmodo

Source: Deloitte Breach Affected All Company Email, Admin Accounts
Krebs on Security
In its statement about the incident, Deloitte said it responded by “implementing its comprehensive security protocol and initiating an intensive and thorough review which included mobilizing a team of cyber-security and confidentiality experts inside ...
One of the World's Biggest Accounting Firms Hacked After Basic Security GoofGizmodo
Industry reactions to the Deloitte cyber attackHelp Net Security

all 88 news articles »

ZDNet

Microsoft adds new Microsoft 365 versions, plus security and management features
ZDNet
Microsoft is adding new Microsoft 365 bundles, and adding more features to these integrated Windows, Office 365 and Enterprise Mobiity + Security management and security subscription offerings. Microsoft introduced Microsoft 365 at its Inspire ...
Microsoft looks to the cloud to expand its security offeringsTechCrunch
Ignite 2017: Improving Security via the Microsoft's Intelligent Security GraphWindows IT Pro

all 188 news articles »

Forbes

Security Concerns Again Hang Over Winter Olympics
Forbes
The PyeongChang 2018 Olympic medals during their unveiling at a ceremony in Seoul on Sept. 21. (Photo by JUNG YEON-JE/AFP/Getty Images). North Korea ramped up its vitriol on Monday, undoubtedly increasing concerns by athletes who are preparing ...
South Korean Olympic chief downplays security concernsUPI.com

all 48 news articles »

Bloomberg

SEC Says It Told US Security Officials of Hack Months Ago
Bloomberg
The U.S. Securities and Exchange Commission told government cybersecurity officials about a hack into its database of corporate filings soon after it happened last year, months before the agency's new chairman made the breach public. Since disclosing ...

and more »

Daily Signal

Trump's New Travel Ban Is Standard Security Policy
Daily Signal
President Donald Trump's latest travel executive order restricts travel from seven countries that are known state sponsors of terrorism or have failed to work effectively with the U.S. against emerging threats. (Photo: Jonathan Ernst/Reuters /Newscom) ...
President Trump's New Travel Executive Order Has Little National Security JustificationCato Institute (blog)
White House expands travel ban, restricting visitors from eight countriesWashington Post

all 835 news articles »

cleveland.com

Cleveland Browns security guard robbed at gunpoint near FirstEnergy Stadium
cleveland.com
Darnell Hurt, an employee at Contemporary Services Corporation, which provides security for the Browns, said he was walking to the stadium to catch a bus that would take him and other employees to Indianapolis where they would provide security for the ...


Macworld

Report: Security hole in macOS Keychain puts passwords at risk
Macworld
Apple released macOS High Sierra on Monday, so it should be a nice way to spotlight the Mac this week after last week's iOS 11 and iPhone 8 releases. But a report by a security researcher at Synack puts a bit of a damper on the High Sierra release.
macOS High Sierra Automatically Performs Security Check on EFI Firmware Each WeekMac Rumors
Ex-NSA hacker drops macOS High Sierra zero-day hours before launchZDNet
High Sierra validates Mac firmware weekly, alerts users to possible security issuesAppleInsider (press release) (blog)

all 106 news articles »

East Bay Times

Safeway adds security, OKs arresting trespassers at downtown Concord store
East Bay Times
15 letter to Mayor Laura Hoffmeister, the supermarket chain responded to the city's concerns about shoplifting, trespassing and security at the downtown grocery store. Safeway confirmed plans to paint the building's exterior, evaluate the parking lot ...

and more »

WKRN.com

Church shooting suspect worked for security company less than 12 hours before Antioch attack
WKRN.com
NASHVILLE, Tenn. (WKRN) – The man arrested for the deadly shooting at an Antioch church Sunday applied for a security guard license Friday before the attack, and worked as a security guard Saturday night . Emanuel Samson attended a class for ...
Antioch Church Gunman Attended Unarmed Security Training Class Before AttackNewsChannel5.com
Alleged Antioch church gunman tried to renew security license days before shootingWZTV

all 618 news articles »
Google News

Virus Prevention 101

Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

Technology and Techniques Used in Industrial Espionage

Industrial Espionage. These methodologies are being used on a daily... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

Adware and Spyware: The Problems and Their Solutions

The Threat10 years ago you could probably have run no... Read More

Reducing Fraudulent Transations ? 5 Simple Ways To Protect Yourself

The money being spent online is steadily growing. With billions... Read More

Remove Rogue Desktop Icons Created By Spyware

If you have used a Windows machine for a while,... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Detect Spyware Online

You can detect spyware online using free spyware cleaners and... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to... Read More

Internet Scams: Dont be a Victim

As the number of people using the Internet as an... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

How Spyware Blaster Can Protect Your Computer From Harm

By browsing a web page, you could infect your computer... Read More

Reporting Internet Scams

When it comes to reporting Internet scams most of us... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

Online Shopping: 10 Tips For Safe Online Shopping

Have you ever bought a product or service from the... Read More

The Move to a New Anti-Virus Model

This is the second in a series of articles highlighting... Read More

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living... Read More

Consumers: Shop Online and Get Information Safely

Do you really have to know how feeds work? Not... Read More