Cryptr – A Simple Shell Utility For Encrypting And Decrypting Files Using OpenSSL

A simple shell utility for encrypting and decrypting files using OpenSSL.Installationgit clone https://github.com/nodesocket/cryptr.gitln -s “$PWD"/cryptr/cryptr.bash /usr/local/bin/cryptrBash tab completionAdd tools/cryptr-bash-completion.bash to your tab completion file directory.API/Commandsencryptencrypt – Encryptes file with OpenSSL AES-256 cipher block chaining. Writes an encrypted file out (ciphertext) appending .aes extension.➜ cryptr encrypt ./secret-fileenter aes-256-cbc encryption password:Verifying – enter aes-256-cbc encryption password:➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:33 secret-file-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aesYou may optionally define the password to use when encrypting using the CRYPTR_PASSWORD environment variable. This enables non-interactive/batch operations.➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr encrypt ./secret-filedecryptdecrypt <file.aes> – Decrypt encrypted file using OpenSSL AES-256 cipher block chaining. Writes a decrypted file out (plaintext) removing .aes extension.➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aes➜ cryptr decrypt ./secret-file.aesenter aes-256-cbc decryption password:➜ ls -alh-rw-r–r– 1 user group 1.0G Oct 1 13:35 secret-file-rw-r–r– 1 user group 1.0G Oct 1 13:34 secret-file.aesYou may optionally define the password to use when decrypting using the CRYPTR_PASSWORD environment variable. This enables non-interactive/batch operations.➜ CRYPTR_PASSWORD=A1EO7S9SsQYcPChOr47n cryptr decrypt ./secret-file.aeshelphelp – Displays help➜ cryptr helpUsage: cryptr command <command-specific-options> encrypt <file> Encrypt file decrypt <file.aes> Decrypt encrypted file help Displays help version Displays the current versionversionversion – Displays the current version➜ cryptr versioncryptr 2.1.1defaultdefault – Displays the current version and help➜ cryptrcryptr 2.1.1Usage: cryptr command <command-specific-options> encrypt <file> Encrypt file decrypt <file.aes> Decrypt encrypted file help Displays help version Displays the current versionChangeloghttps://github.com/nodesocket/cryptr/blob/master/CHANGELOG.mdSupport, Bugs, And Feature RequestsCreate issues here in GitHub (https://github.com/nodesocket/cryptr/issues).VersioningFor transparency and insight into the release cycle, and for striving to maintain backward compatibility, cryptr will be maintained under the semantic versioning guidelines.Releases will be numbered with the follow format:<major>.<minor>.<patch>And constructed with the following guidelines:Breaking backward compatibility bumps the major (and resets the minor and patch)New additions without breaking backward compatibility bumps the minor (and resets the patch)Bug fixes and misc changes bumps the patchFor more information on semantic versioning, visit http://semver.org/.Download Cryptr

Link: http://feedproxy.google.com/~r/PentestTools/~3/NXXuaKDq9VY/cryptr-simple-shell-utility-for.html

PHP Backdoor Evaluates XOR Encrypted Requests

In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^)  can be used to encrypt a malware’s source code. This operator makes it more difficult to determine if encrypted code is malicious, or if it is trying to protect a legitimate developer’s code. However, that’s not the only way that XOR can be used to hide malicious data. This is what we will explore today.
Continue reading PHP Backdoor Evaluates XOR Encrypted Requests at Sucuri Blog.

Link: https://blog.sucuri.net/2019/05/php-backdoor-evaluates-xor-encrypted-requests.html

VSHG – Hardware resistance & enhanced security for GnuPG

VSHG aims to provide a memory / hardware resistant reinforcement to GnuPG’s standared s2k key-derivation-function + a simplified interface for symmetric encryption .About VSHGVSHG ( Very secure hash generator ) is a standalone Addon for GnuPG ( Gnu privacy guard ) . It is written as a shell script and is designed around the Unix/Linux filesystem and commands. VSHG uses the sha384 and the Argon2 hash function for the password and AES-256-CFB + CAST5-128-CFB in cascade for the final encryption.And also a standard sha384 iteration count of 800 iterations + 15 & 500 iterations for Argon2i + dIt uses True random 12 byte salts . So even if your passphrase is very weak , it will reinforce it so that you don’t have to worry about that anymore.VSHG uses the last hash of the Iteration as session key for Gnupg. It also provides an Autodetection function for each file so that you don’t have to remember either the salt or the iteration count.Optionally you can use a key-file as authentication method.Why is VSHG so secure ?VSHG uses a true random salt for each encrypted file, so your Passphrase will always have a minimum of 12 bytes in strength. You could even use the same password twice for different files. The thing that makes VSHG so secure are the iterations. 800 iterations mean the output of the string is hashed 800x with its output. The more iterations the more security there will be. Even if you have the correct passphrase, but not the correct amount of iterations it will not be able to decrypt.VSHG uses some of the most advanced forms of memory hard Key derivation functions which are Argon2i and Argon2d. The already iterated key will be passed through Argon2 a total of 515 times and therefore ensure the resistance against the biggest threats of Key derivation functions Namely: Graphical Processing Units, Field programmable gate arrays and Application specific integrated circuits ( GPU , FPEGA , ASIC ) .The actual encryption is performed with the highest level of security possible in Gnupg.-The string to key ( s2k ) hash algo ( which is the KDF of Gnupg ) was reinforced from sha1 to sha512.-The s2k mode was set to 3 which means that an 8-bit salt is applied and then iterated.-The s2k count was set to 65011712 which is the highest possible number of iterations.-The s2k algo was set to AES256 and CAST5 in cascade.The AES 256 encrypted file is securely deleted so that only the AES256(Cast5()) encrypted file is put out.Why should I use VSHG ?It is easier to use than GnuPG core.Can encrypt folders by turning them into Zip files.Someone that doesn´t have VSHG does not really have a chance of cracking the password.True random 12 byte saltchoosable Iteration count.choosable Salt.choosable Keyfile.True random Keyfile.Very good resistance to side channel attacks ( e.g: timing attacks ).Very resistant towards GPU based attacksCan guarantee security even with relatively weak passwords ( > 5 characters ) ( if you have enough Iterations )Autodetection of Salt + Iteration count for each file.Military standard AES-256 encryption + the gpg standard CAST5 encryption.Uses the gpg s2k mode 3 + sha512 with the maximum count of 65011712.Erases Original file securely.Download & InstallationDownload as tarballsudo wget https://github.com/RichardRMatthews/VSHG/archive/1.4.tar.gzOr clone the repositorygit clone https://github.com/RichardRMatthews/VSHG.gitCompile it yourselfsudo git clone https://github.com/neurobin/shc.gitcd shcsudo ./shc -f -r /etc/VSHG/executable/src/VSHG_1.4.shsudo gcc /etc/VSHG/executable/src/VSHG_1.4.sh.x.c -O /usr/bin/VSHGsudo VSHGRunsudo tar -xf VSHG-1.4.tar.gzsudo chmod +x VSHG_1.4.shsudo ./VSHG_1.4.shDownload VSHG

Link: http://feedproxy.google.com/~r/PentestTools/~3/6L_0uMuwloY/vshg-hardware-resistance-enhanced.html

No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network

Your Wi-Fi routers and access points all have strong WPA2 passwords, unique SSIDs, the latest firmware updates, and even MAC address filtering. Good job, networking and cybersecurity teams! However, is your network truly protected? TL;DR: NO! In this post, I’ll cover the most common social engineering Wi-Fi association techniques that target your employees and other […]
The post No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Company’s Wi-Fi Network appeared first on Blog.

Link: http://feedproxy.google.com/~r/Imperviews/~3/eVh7AYME6aw/