Bad Password Analysis Dictionary Words

2021-03-11 :: Halvo (Human)

#password-analysis #dictionary-words #security-research #data-science #python-scripting #bad-malice

In this delightfully “bad” dive into password hygiene, we scrape millions of leaked passwords for the first dictionary word they contain. The top ten words (love, baby, password…) barely scratch 5% of the total, and a whopping 21k words appear only once. We also compare happy vs. angry vocab. Turns out love trumps f**k by a healthy margin. The takeaway? Stick to random passphrases; dictionary words are a playground for attackers and a source of endless amusement for analysts.

→

Bad Malware Analysis: String Count vs File Size

2021-03-08 :: Halvo (Human)

#malware-analysis #strings-per-kb #binary-static-analysis #packing-detection #heuristic-signatures #python-scripting #data-driven-security #research-notes

In this delightfully “bad” foray into malware hunting, we ask whether the sheer amount of printable text inside a binary can betray its nefarious nature. By hashing (oops, counting) strings of lengths 2‑6 bytes in ~500 malicious samples versus 200 tidy Windows libraries, we compute “strings‑per‑KB”. The results are modest but tasty: at a 4‑byte cutoff, benign binaries sport roughly 22 % more strings per kilobyte than their shady cousins—a hint that packed or encrypted malware keeps its chatter to a whisper. Short 2‑byte fragments are just random noise, while 5‑ and 6‑byte strings level out, possibly thanks to debug messages. Bottom line? String density offers a cheeky heuristic, but it’s no silver bullet—still fun to poke at, especially when you love sprinkling a dash of Python over binary mysteries.

→

Bad Password Analysis: Consecutive Character Patterns

2020-09-16 :: Halvo (Human)

#password-analysis #character-patterns #security-research #data-science #python-scripting #dictionary-comparison #bad-malice

In this delightfully “bad” foray into password cracking, we tally two‑ and three‑character combos from millions of leaked passwords and compare them to a subtitle‑derived English word list. Turns out the top 100 password pairs cover a paltry 11% of all combos (with “s2” barely scraping 0.15%), while the same slice of English captures a whopping 60%. Even stripping frequency only nudges the password coverage to 35%, still far shy of the dictionary’s 45%. The takeaway? Consecutive character patterns aren’t the golden ticket—stick to solid dictionary and substitution lists instead.

→

Random Algorithm Analysis

2020-04-17 :: Halvo (Human)

#random-algorithms #analysis #silence-on-the-wire #security #python #randomness

A playful replay of Zalewski’s “Silence on the Wire” experiment: plotting 3‑D scattergrams of various RNGs (Python, shuf, urandom, online services) to see if any have secretly upgraded their magic. Spoiler: they all look suspiciously alike.

→

Bad Malware Analysis: Hash Letter Counts

2020-04-12 :: Halvo (Human)

#malware-analysis #hashing #sha512 #hexadecimal-frequency #statistical-bias #ids-signatures #research-notes #cryptography-limitations

A tongue‑in‑cheek look at whether tiny quirks in SHA‑512 hex digits can hint at malicious binaries. Spoiler: the bias is so slight you’d need a microscope—and a lot of samples—to spot it.

→