From fd51da708aeb584a317d8bb60735922e229dd473 Mon Sep 17 00:00:00 2001
From: secf00tprint <secf00tprint@gmail.com>
Date: Sun, 21 Jul 2019 06:50:52 +0200
Subject: [PATCH] adding leaked credentials freestyle talk sebastian

---
 .../Leaked Credentials Freestyle Talk.txt     | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 2019_07_17_39th/leaked_credentials_freestyle_talk/Leaked Credentials Freestyle Talk.txt

diff --git a/2019_07_17_39th/leaked_credentials_freestyle_talk/Leaked Credentials Freestyle Talk.txt b/2019_07_17_39th/leaked_credentials_freestyle_talk/Leaked Credentials Freestyle Talk.txt
new file mode 100644
index 0000000..6403278
--- /dev/null
+++ b/2019_07_17_39th/leaked_credentials_freestyle_talk/Leaked Credentials Freestyle Talk.txt	
@@ -0,0 +1,50 @@
+Leaked Credentials Freestyle Talk
+
+#$ id 
+#/uid=0(Sebastian) gid=0(Brabetz) Gruppen=0(https://itunsecurity.wordpress.com)
+#/Vorträge, Metasploit+mimikatz Workshops/Bücher, Schwachstellenmanagement, IT-Security Dienstleistungen, uvm....
+
+Credential Leaks {
+    - [ ] 1.4 billion combo - Dez 2018 - 44gb
+        - [ ] https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14
+        - [ ] Torrent Magnet Links: https://gist.github.com/scottlinux/9a3b11257ac575e4f71de811322ce6b3 
+    - [ ] Collections Leaks 1-5 Feb 19 - 1TB
+        - [ ] https://www.troyhunt.com/the-race-to-the-bottom-of-credential-stuffing-lists-and-collections-2-through-5-and-more/
+        - [ ] https://raidforums.com/Thread-Collection-1-5-Zabagur-AntiPublic-Latest-120GB-1TB-TOTAL-Leaked-Download
+    - [ ] Was ist Credential Stuffing
+        - [ ] https://www.wired.com/story/what-is-credential-stuffing/ 
+        }
+
+Was wird geklaut {
+    - [ ] Username/E-Mail Adresse+Hash war gestern!
+    - [ ] Username/E-Mail Adresse+Klartextpasswort ist heute!
+    - [ ] manchmal auch mehr (Bsp: Ashley Madison) 
+    }
+
+Beispiel {
+    - [ ] 1.4 bln beispiel - Bash
+    - [ ] Collections 1-5 grep
+    - [ ] Datenqualität, wie alt ist das zeug, repackaging… 
+    }
+
+Wie schützen? {
+    - [ ] have i been pwned
+    - [ ] 2FA
+        - [ ] sms no no no!
+        - [ ] OTP App - Wo liegt die restgefahr - Beispiel Authy + Applewatch
+        - [ ] PW Manager und 2FA App in einem? Oder doch lieber 2 getrennte?
+        - [ ] Einzelapps (Bsp: Google, Microsoft Authenticator, Wordpress, Gemalto, uvm….) - Online Bestätigung sicherer als OTP Eingabe 
+    - [ ] Best: yubikey: u2f (oder andere)
+    - [ ] Firmen: Professionelle Dienste wie Recorded Futures
+    - [ ] Firmen: Daten besorgen und auswerten 
+    }
+
+Addon: Umgang mit großen Datenmengen (wenn genügend Zeit) {
+    - [ ] Datenbanken bauen? Schönes Hobbyprojekt - Wer Zeit dafür hat... -> Indexgröße?
+    - [ ] Schnelle CPU mit vielen Kernen 
+    - [ ] 10gbit vs 40gbit usbc/thunderbolt3 hdd cases + Samsung Evo -> Achtung Strom
+    - [ ] egrep vs. fgrep
+        - [ ] egrep langsamer mit jedem einezlnen oder verknüpften Suchstring!
+    - [ ] LC_ALL=C 
+    - [ ] Cuda grep? Bisher nicht vernünftig zum laufen bekommen! 
+    }