The Logjam Attack – ANOTHER Critical TLS Weakness

The Logjam Attack – ANOTHER Critical TLS Weakness. ... The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.

Apple’s Password Storing Keychain Cracked on iOS & OS X

If you want to view the passwords stored in iCloud Keychain

On your iPhone, iPad, or iPod touch with iOS 12 or later: Tap Settings > Passwords & Accounts > Website & App Passwords. Use Face ID or Touch ID when you're prompted. Tap a website to view your password.

For more Downloading tools click on the below link...

The Hacking Bureau.

ProtonMail DDoS Attack – Sustained & Sophisticated

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud and software defined data centers, has been appointed by ProtonMail to help it fight back on the cyber attacks it has endured from multiple, simultaneous attackers.

ProtonMail has been fighting a series of Advanced Persistent DoS (APDoS) attacks, which have exceeded 100Gbps, and numerous attack vectors, that have shut down their secure email service, their ISP and every other company in their data center. The first attacker, the Armada Collective is a new hacking group motivated by financial gain who demanded a ransom from the company. The second attack came from an unknown group. This second attack caused the bulk of the damage.

For More Downloading tools click on the below link...

The Hacking Bureau.

KeeFarce – Extract KeePass Passwords (2.x) From Database

KeeFarce – Extract KeePass Passwords (2. ... KeeFarce allows you to extract KeePass passwords (2. x) by using DLL injection to execute code and retrieve the database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%.

For More Downloading Tools click on the below link...

The Hacking Bureau.

ISIS Running 24-Hour Terrorist Crypto Help-desk

There have been multiple mentioned of ISIS using encryption and ‘encrypted messaging systems’ in the news reports since the Paris incident, it turns out they mostly mean Telegram. Which we’ve only mentioned once before, when they got pounded by an epic DDoS attack.

For more downloading tools click on the below link...

The Hacking Bureau.

Dell Backdoor Root Cert – What You Need To Know

So a few days ago the Internet exploded with chatter about a Dell backdoor root cert AKA a rogue root CA, almost exactly like what happened with Lenovo and Superfish.

It started with this Reddit thread – Dell ships laptops with rogue root CA, exactly like what happened with Lenovo and Superfish in the Technology sub and got a lot of traction from there.

For more downloading tools click on the below link...

The Hacking Bureau.

DROWN Attack on TLS – Everything You Need To Know.

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

For more downloading Tools click on the below link...

The Hacking Bureau.

Up1 – Client Side Encrypted Image Host

Up1: A Client-side Encrypted Image Host. Up1 is a simple host that client-side encrypts images, text, and other data, and stores them, with the server knowing nothing about the contents. It has the ability to view images, text with syntax highlighting, short videos, and arbitrary binaries as downloadables.

For more Downloading tools click on the below link...

The Hacking Bureau.

SHA-256 and SHA3-256 Are Safe For the Foreseeable Future

Hashing, it’s always a contentious issue – used to be md5, then sha-1, then bcrypt and now it looks like SHA-256 or SHA3-256 might the future with quantum science boffins predicting it’s not feasable to crack.

For more Downloading click on the below link...

The Hacking Bureau.

Signal Messaging App Formal Audit Results Are Good

I’ve recommended Signal Messaging App quite a few times and I do use it myself, I know there are some privacy concerns with the fact it requires Google App Store – but that’s the developers choice.

For more Downloading click on the below link...

The Hacking Bureau.

UK Encryption Backdoor Law Passed Via Investigatory Powers Act

The government already has the power to force technology firms to act as it wants over end-to-end encryption, but is avoiding using existing legislation as it would force it into a battle it would eventually lose, security experts have said.

The Investigatory Powers Act, made law in late 2016, allows the government to compel communications providers to remove “electronic protection applied … to any communications or data”.

For more Downloading tools click on the below link...

The Hacking Bureau.

Wycheproof – Test Crypto Libraries Against Known Attacks

Google has released a new set of tests it uses to probe cryptographic libraries for vulnerabilities to known attacks. The tests can be used against most kinds of crypto algorithms and the company already has found 40 new weaknesses in existing algorithms.

the tests are called Project Wycheproof, and Google’s engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app.

For More Downloading Tools Click On The Below Link...

The Hacking Bureau.

China To Outlaw All Unapproved Darknet VPN Services

It’s no secret that China exercises an immense amount of control over what its citizens can read or do online. Since 1997, the Chinese Internet has been behind a ‘great firewall’. Facebook, Twitter, even The New York Times – it’s all banned.

One way around this is with a VPN, which allows you to tunnel your Internet through another computer. These can be located in countries where there isn’t pervasive Internet censorship, like the United States, Sweden, or Canada.

China has repeatedly tried to crack down on these, but with limited success.  It’s proven to be a cat-and-mouse game. For each provider it blocks, another emerges. But now, it’s published legislation that could finally make most VPN providers illegal, according to the South China Morning Post.

For more downloading tools click on the below link...

The Hacking Bureau.

HashID – Identify Different Types of Hashes

HashID is a tool to help you identify different types of hashes used to encrypt data, especially passwords. It's written in Python 3 and supports the identification of over 220 unique hash types using regular expressions. ... There are other similar tools like hash-identifier, which is outdated and this claims to replace.

For more downloading tools click on the below link...

The Hacking Bureau.

ONIOFF – Onion URL Inspector

ONIOFF – Onion URL Inspector

ONIOFF is basically an Onion URL inspector, it's a simple tool – written in pure python – for inspecting Deep Web URLs (or onions). It takes specified onion links and returns their current status along with the site's title. It's compatible with Python 2.6 & 2.7.

For More Downloading tools click on the below link...

The Hacking Bureau.

HashPump – Exploit Hash Length Extension Attack

HashPump is a C++ based command line tool to exploit the Hash Length Extension Attack with various hash types supported, including MD4, MD5, SHA1, SHA256, and SHA512.

For more Downloading tools click on the below link...

The Hacking Bureau.

European Commission Pushing For Encryption Backdoors

Update The European Commission will in June push for access to data stored in the cloud by encrypted apps, according to EU Justice Commissioner Věra Jourová.

Speaking publicly, and claiming that she has been pushed by politicians across Europe, Jourová said that she will outline "three or four options" that range from voluntary agreements by business to strict legislation.

The EC's goal is to provide the police with a "swift and reliable" way to discover what users of encrypted apps have been communicating with others.

"At the moment, prosecutors, judges, also police and law enforcement authorities, are dependent on whether or not providers will voluntarily provide the access and the evidence. This is not the way we can facilitate and ensure the security of Europeans, being dependent on some voluntary action," Jourová said, according to EU policy site Euractiv.

For more downloading tools click on the below link...

The Hacking Bureau.

HashData – A Command-line Hash Identifying Tool

HashData – A Command-line Hash Identifying Tool. HashData is a Ruby-based command-line REPL Hash Identifying Tool with support for a lot of different (most popular) hash types.

For more Downloading tools click on the below link...

The HACKING Bureau.

Spectrology – Basic Audio Steganography Tool

Spectrology is a Python-based audio steganography tool that can convert images to audio files with a corresponding spectrogram encoding, this allows you to hide hidden messages via images inside audio files. Using this tool you can select range of frequencies to be used and all popular image codecs are supported.

For downloading more tools click on the below link...

The Hacking Bureau.