Pillows I - 20 Textures

Continue Reading »

The Strategic Slump

Last night I began playing Fire Emblem Awakening again. It had been lost for two years after moving to Hawaii, but I recently found the small cache of games I'd brought with me to play on the trip stowed away in a small DS pouch sitting under my nose all this time. It was nearly a year ago I started playing Fire Emblem Fates that I wanted to go through Awakening again and do all the things I had neglected to do originally -- but I couldn't find it until now. Among the things I never did was play through on Classic-style (permanent deaths of units) and Lunatic difficulty. That's not even it's final form! There's a Lunatic + that unlocks if you clear it.

So I booted it up and found I had a Lunatic file on Chapter 15. I honestly don't even remember how many Chapters the game has because it's been so long since seen it, let alone played it. So I decided to start a new file. I spent a minimum of four hours trying to get through Chapter 1-4 last night. It was probably more than that including time spent reading some strategies and tips on how to play the random number generator just right. Then I discovered I don't have access to my old DLC content on this newer 3DS because I neglected to import the data from my old SD card and for some reason my Nintendo Network ID won't simply let me re-download it. That's bogus. This is bad news.

So like a fool, I decided that my current run wasn't good enough. That without the support of the DLC maps, I wouldn't be able to push much farther unless I made a few god-like characters over the first 5 chapters -- Fredrick and Robin, I'm looking at you. So I restarted with an updated player character [Robin] and went through that slog again this morning trying out some new strategies -- and generally it went a lot faster.

There is still this issue of getting to the last 2-3 enemies and watching as their 33% chance to hit and 6% chance of gaining a critical hit off of that 33% turn their expected 14 damage (to my 33 HP on Frederick) into 60 damage. Negating about 35 minutes of careful planning, because now I have to restart the entire map again. These situations are excruciatingly frustrating. I'm sitting here now because I'm asking myself -- am I having fun? I honestly can't tell.

The number of times you'll miss with 85% chance to hit and the enemy will land a hail Mary 4x damage critical combo on you with only a 5% chance are really the tip of the iceberg on how frustrating this experience has been thus far. I'm certainly irritated by the 10th reset due to crappy dice rolls that screw over a unit's survival or give my superstar characters a piss-poor level up gain. Then again when it all comes together, and Lady Luck smiles down on some clutch misses in my favor, it feels pretty damn good to push through the map and take down the boss. Is that moment of victory enough to keep me going? An hour or two of turmoil for an instant of triumph? I wish I knew.

What I do know is that I really want to play Fire Emblem Awakening one more time, and backing down from Lunatic at this time feels like giving up. Can I be the hero Ylisse needs right now if I back down from this challenge and take the easy road? I don't think my pride will allow it, but I'm not having much fun slogging my way through trial and error on these maps -- resetting every 15-25 minutes. How long will it even go on like this? Will I just give up and walk away from this great game, or can I suffer through this hardship and lead my troops to a new level of victory? I don't have any of the answers, friends.

- TOP

@TOPGamingBlog

Men of War Assault Squad 2 Cold War CODEX Free Download

Men of War Assault Squad 2 Cold War CODEX Free Download PC Game setup in single direct link for Windows. It is an amazing action, adventure and indie game.

Men of War Assault Squad 2 Cold War CODEX PC Game 2019 Overview

The legendary Men of War RTS series has finally reached the cold war era. Take command of either U.S. or Soviet forces, fulfill mission objectives and claim victory!
Control vast armies of regular and specialized units, including support vehicles, light and heavy tanks, artillery vehicles, combat helicopters and game-changing jet fighters. Take to the battlefields of destroyed cities, fortified border zones, rural farmlands, destroyed airbases and sleepy winter villages in the latest installment of this classic RTS series, in which strong leadership and good management are the keys to success.
For the first time in the series, dynamic campaign generation makes its debut. Men of War: Assault Squad 2 – Cold War gives players nearly endless experiences in both singleplayer and cooperative campaign modes!

Key features:

* Pick your side: The United States of America versus the Soviet Union.
* Dynamic campaign generator makes singleplayer and co-op extremely replayable, with randomized skirmishes and custom army compositions.
* Competitive online multiplayer modes.
* Assault Zones mode: Capture and hold flag points using all military means possible.
* Annihilation mode: Dominate the enemy or capture their base; valuable resources can also be secured on the battlefield.
* Command large armies or control single units with the series-defining Direct Control Mode.

Technical Specifications of This Release.

• Game Version :
• Interface Language: English
• Audio Language : English
• Uploader / Re packer Group: Codex
• Game File Name : Men_of_War_Assault_Squad_2_Cold_War_CODEX.iso
• Game Download Size : 8.0 GB
• MD5SUM : 00096d23ebdf7c31483456c317482663

System Requirements of Men of War Assault Squad 2 Cold War CODEX

Before you start Men of War Assault Squad 2 Cold War CODEX Free Download make sure your PC meets minimum system requirements.

Minimum:

* Requires a 64-bit processor and operating system
* OS: 64bit – Windows 7, 8, 10
* Memory: 8 GB RAM
* Graphics: DirectX 11 compatible
* DirectX: Version 11
* Storage: 15 GB available space
* Sound Card: DirectX 11 compatible
* Additional Notes: Requires a 64-bit processor and operating system

Recommended:

* Requires a 64-bit processor and operating system
* OS: 64bit – Windows 10
* Memory: 16 GB RAM
* Graphics: DirectX 12 compatible
* DirectX: Version 12
* Storage: 15 GB available space
* Sound Card: DirectX 12 compatible
* Additional Notes: Requires a 64-bit processor and operating system

Men of War Assault Squad 2 Cold War CODEX Free Download

Click on the below button to start Men of War Assault Squad 2 Cold War CODEX. It is full and complete game. Just download and start playing it. We have provided direct link full setup of the game.

aDownload Link:::Link

Size:7.96GB

Price:Free

Virus status: scanned by Avast security

Trees And Terrain

   I actually finished all of these in the last week of June, but scheduled this post to come up later for some reason. Anyway, one of the things I have been pushing out lately is a good bit of terrain. Mostly adding to existing stocks because I don't have enough trees and such.

A tray full of trees!

I use this cheap plastic tray to carry minis and spray them with clear coat. Then I can move them back into the air conditioned spaces in the house to keep the clear coat from getting all cloudy as happens in humid conditions. Like Houston is, eight days a week.

Bamboo stands. Need a lot more of these, not as tall mostly.

Primarily for 15mm jungles, Flames of War Pacific, etc.

Regular old deciduous trees. Just some cheap Chinese

model railroad trees and basing.

Same as above, but palm trees in the desert.

Again, need to do more for jungles too.

Flowering model railroad trees.

These are a bit different to my usual. Wire trunks.

I like them. Mostly I like a bit of variety.

Runestones from Fenris Games. Unlike the earlier ones painted for Frostgrave, these are two in

a temperate/verdant scheme and one in a desert.

A third Team Yankee minefield and emergence tunnels for the giant worms I shared a few days ago.

People Behind The Meeples - Episode 232: Steven Vesci

Welcome to People Behind the Meeples, a series of interviews with indie game designers.  Here you'll find out more than you ever wanted to know about the people who make the best games that you may or may not have heard of before.  If you'd like to be featured, head over to http://gjjgames.blogspot.com/p/game-designer-interview-questionnaire.html and fill out the questionnaire! You can find all the interviews here: People Behind the Meeples. Support me on Patreon!

---

Name:	Steven Vesci
Email:	vescis@gmail.com
Location:	Cleveland, OH
Day Job:	IT - software testing
Designing:	Two to five years.
Webpage:	Vesci Designs
BGG:	vescis
Facebook:	Steven Vesci
Twitter:	@vescis
YouTube:	Steven Vesci

Today's Interview is with:

Steven Vesci
Interviewed on: 3/7/2020

I first met Steven Vesci at Protospiel Chicago last year. Since then we've crossed paths quite a few times online. He's an active member of a bunch of game design Facebook groups and The Game Crafter community and we both entered games in The Game Crafter's Staff Roll and Write Design Contest (which is still in limbo waiting for the results due to the pandemic). Read on to learn more about Steven and his numerous game design projects!

Some Basics
Tell me a bit about yourself.

How long have you been designing tabletop games?
Two to five years.

Why did you start designing tabletop games?
I needed an outlet to devote energy to that was a little more productive than constant social media scrolling! Had always been into tabletop games and spreadsheets, so it seemed like a natural fit.

What game or games are you currently working on?
Petri - an card-driven area control game where players are Biology lab tech using CRISPR to cheat at their Fantasy Cell Culture League
Cthulhu Snacks - a blind bidding game where players are billionaires trying to attract weakened Lovecraftian Gods to their zoo by feeding them employees, but the Gods awaken if overfed
Spellbook - a puzzly solitaire legacy game that I'm currently trying to adapt to a 1-4 player coop legacy game

Have you designed any games that have been published?
Days to Harvest by Glass Shoe Games will hit Kickstarter as soon as in-person conventions start back up (was previously scheduled for July)

What is your day job?
IT - software testing

Your Gaming Tastes
My readers would like to know more about you as a gamer.

Where do you prefer to play games?
Play a lot on my gaming table at home, also enjoy a local meetup in a large community center space

Who do you normally game with?
Playtesting with Cleveland's Ultimate Team-Up group, regular playing with the Board Gamers of Greater Akron, and local cons at Ravenwood Castle

If you were to invite a few friends together for game night tonight, what games would you play?
Terraforming Mars, Scythe, or Spirit Island. Still hoping to trick someone into

And what snacks would you eat?
Chocolate Chip Cookies

Do you like to have music playing while you play games? If so, what kind?
Generally not

What's your favorite FLGS?
Critical Hit Games, especially for their annual flea market sale. Recently I did a playtest session at Rogue's Den which I'd like to visit more. Shoutout to local game cafe Tabletop for hosting too many playtest sessions

What is your current favorite game? Least favorite that you still enjoy? Worst game you ever played?
Scythe is probably #1 - I love the uniqueness of the map and the upgrade system. Terraforming Mars is high for its ambition, Spirit Island for its complexity. The worst game for me was something I believe was called 'the Logo Game' - which combined mass-market roll and move with crappy trivia about advertising.

What is your favorite game mechanic? How about your least favorite?
Engine Building has got to be the favorite, because there are so many flavors of it. Not sure I have a least favorite - I'm really bad at social deduction but I still enjoy it!

What's your favorite game that you just can't ever seem to get to the table?
Spirit Island! Seafall is conceptually a favorite, but haven't actually been able to play it yet

What styles of games do you play?
I like to play Board Games, Card Games, Video Games

Do you design different styles of games than what you play?
I like to design Board Games, Card Games

OK, here's a pretty polarizing game. Do you like and play Cards Against Humanity?
No

You as a Designer
OK, now the bit that sets you apart from the typical gamer. Let's find out about you as a game designer.

Have you ever entered or won a game design competition?
I've entered several Game Crafter competitions, and one ButtonShy. No wins yet!

Do you have a current favorite game designer or idol?
Rob Daviau - I am totally in love with Legacy games and Pandemic Legacy in particular. Also a huge fan of his efforts to rehabilitate old classics!

Where or when or how do you get your inspiration or come up with your best ideas?
I like to try to capture the essence of iconic scenes from books or movies - not specifically about the particular IP, but the thematic content. I have games based off the Council of Elrond, the shapeshifters duel in Sword in the Stone, and Spellbook has some Neverending Story reading a magic book vibes. I've also been inspired by iconic quotes, like "God does not play dice with the Universe" and cool technology like CRISPR.

How do you go about playtesting your games?
Ultimate Team-up hosts weekly meetups around the Cleveland/Akron area so there's lots of opportunity for great feedback. I will occasionally lean on family, and in real early stages I'll load things into Tabletop Simulator and mock a few turns myself. I try to have specific questions I want to answer from each session, though in early tests those questions are usually just 'is this fun?' and 'does this work?' Also love to attend Protospiels! I frequent PS Chicago, Cleveland, and starting to frequent Proto ATL. Hope to hit Indy, Michigan, Wisconsin, and Toronto someday!

Do you like to work alone or as part of a team? Co-designers, artists, etc.?
The Ultimate Team-up crew provides fantastic insights and suggestions, and a lot of our games contain a lot of ideas from team mates, though we don't tend to officially co-design.

What do you feel is your biggest challenge as a game designer?
The cold pitch. Haven't mastered the art of getting publishers excited about my games from a quick introductory pitch, and I'm not notable enough to get warm ones!

If you could design a game within any IP, what would it be?
Veronica Mars, Consulting Detective

What do you wish someone had told you a long time ago about designing games?
It took me too long to grasp the idea of Minimum Viable Prototype, and my early designs definitely tried too much too fast. Also needed to know not to start with your most ambitious ideas, I've had much more success with smaller swings and those efforts have helped shape bigger efforts.

What advice would you like to share about designing games?
Enter contests! Not necessarily to win, but to give yourself artificial constraints and a deadline. Game design is so open ended, and you can easily get lost in all of the options and never finish anything. It feels good to finish an entry, and the constraints will force you to try things and learn things you wouldn't naturally do.

Would you like to tell my readers what games you're working on and how far along they are?
Games that will soon be published are: Days to Harvest, by Glass Shoe Games, is a light drafting and push your luck game, where players select garden gnomes to add to a community garden. Placing lazy gnomes gives more points, but you'll be kicked out of the round if the garden fails and you've been the laziest!
Currently looking for a publisher I have: For the Greater Good is a Negotiation/Take That game where the players are ambassadors to a great council planning the defeat of an encroaching evil while plotting and scheming amongst themselves to have the most influence after the dust settles. Think of the 'Council of Elrond' scene from Lord of the Rings where everyone behaves like Boromir.

Spellbook is a Solitaire Legacy game where the player is a would-be magician huddled in a library basement, attempting to learn magic from a mysterious book. It's a grid manipulation and pattern matching puzzle with legacy mechanics giving the player more options as they learn spells, allowing them to match more complicated patterns

Petri is a low-medium weight area control game where the players are Biology lab technicians using CRISPR to cheat at their Fantasy Cell Culture League. Players play 'splice' cards to add, move, and remove cells from petri dishes trying to establish majorities, and playing multiple cards of a given type lead to splashy combination effects.

Mintilization is a civ-building game in a Mint Tin! Players use simultaneous hidden worker allocation to try and grab land, technology, and buildings before their opponents do, trying to grow the mightiest mint empire!

Dice with the Universe is a kid-friendly Roll and Draw where players get to draw their own personal Universe! Dice rolls determine which astronomical objects players can choose to draw, with different objects scoring in different ways.

Are you a member of any Facebook or other design groups? (Game Maker's Lab, Card and Board Game Developers Guild, etc.)
Board Game Design Lab, Card and Board Game Designer's Guild, UTU Creators' Space, Meeple Syrup Shop Talk, Protospiel

And the oddly personal, but harmless stuff…
OK, enough of the game stuff, let's find out what really makes you tick! These are the questions that I'm sure are on everyone's minds!

Star Trek or Star Wars? Coke or Pepsi? VHS or Betamax?
I like both Trek and Wars, but currently prefer The Expanse! Dr. Pepper. Streaming.

What hobbies do you have besides tabletop games?
Raising a tabletop gaming daughter (yay My Little Scythe!), and a little bit of video games when I should be designing.

What is something you learned in the last week?
My six year old trash talks other six year olds in Mario Kart

Favorite type of music? Books? Movies?
I listen to way more podcasts than music - favorites being NPR Politics, Wait Wait Don't Tell Me, 99% invisible, Board Game Design Lab, The Dice Tower. For books, I recommend the Expanse series and the Broken Earth Trilogy. I don't get to non-kids movies very often at all!

What was the last book you read?
Uncrowned by Wil Wight (The Cradle series)

Do you play any musical instruments?
I do not, but enjoying listening to my daughter starting piano lessons

Tell us something about yourself that you think might surprise people.
My shortest attempt at a game design lasted 5 minutes - I had an idea for a kids worker placement that I tried on a whim with my daughter that had her in tears on her first turn. Turns out when you tell a child they can't do something because the other player did it, they don't like that at all.

Tell us about something crazy that you once did.
If I've ever done something crazy, I've probably suppressed the memory

Biggest accident that turned out awesome?
My laptop was being repaired after a drop. Couldn't design my usual way using spreadsheets and Nandeck, so I sat down with dice and paper and ended up with a roll and write

Who is your idol?
N.K. Jemisin - she turned her writing side hustle into repeat award dominance of the field

What would you do if you had a time machine?
Answer a lot of theological questions definitively. I'm sure that would clear everything up and people would gladly accept the findings without complaint....

Are you an extrovert or introvert?
Exceedingly introverted!

If you could be any superhero, which one would you be?
Captain Planet would be super useful right now

Have any pets?
Currently one cat, but at Peak Pet had 6 cats and a dog

When the next asteroid hits Earth, causing the Yellowstone caldera to explode, California to fall into the ocean, the sea levels to rise, and the next ice age to set in, what current games or other pastimes do you think (or hope) will survive into the next era of human civilization? What do you hope is underneath that asteroid to be wiped out of the human consciousness forever?
I don't think any specific entertainment is vital enough to worry about in such circumstances, I think a whole new culture of entertainment would result. But there would be some interesting archaeological discussions around digging up meeples and cubes - it's too bad the rules documents wouldn't survive!

If you'd like to send a shout out to anyone, anyone at all, here's your chance (I can't guarantee they'll read this though):
Thanks so much to my wife Sara for the understanding around playtesting outings and conventions!

Just a Bit More
Thanks for answering all my crazy questions! Is there anything else you'd like to tell my readers?

Vote!

---

Thank you for reading this People Behind the Meeples indie game designer interview! You can find all the interviews here: People Behind the Meeples and if you'd like to be featured yourself, you can fill out the questionnaire here: http://gjjgames.blogspot.com/p/game-designer-interview-questionnaire.html

Did you like this interview?  Please show your support: Support me on Patreon! Or click the heart at Board Game Links , like GJJ Games on Facebook , or follow on Twitter .  And be sure to check out my games on  Tabletop Generation.

Reversing Some C++ Io Operations

In general decompilers are not friendly with c++ let's analyse a simple program to get familiar with it.
Let's implement a simple code that loads a file into a vector and then save the vector with following functions:

• err
• load
• save
• main

Lets identify the typical way in C++ to print to stdout with the operator "<<"

The basic_ostream is initialized writing the word "error" to the cout, and then the operator<< again to add the endl.

The Main function simply calls  "vec = load(filename)"  but the compiler modified it and passed the vector pointer as a parámeter. Then it bulds and prints "loaded  " << size << " users".
And finally saves the vector to /tmp/pwd and print "saved".
Most of the mess is basically the operator "<<" to concat and print values.
Also note that the vectors and strings are automatically deallocated when exit the function.

And here is the code:

Let's take a look to the load function, which iterates the ifs.getline() and push to the vector.
First of all there is a mess on the function definition, __return_storage_ptr is the vector.
the ifstream object ifs is initialized as a basic_ifstream and then operator! checks if it wasn't possible to open the file and in that case calls err()
We see the memset and a loop, getline read a cstr like line from the file, and then is converted to a string before pushing it to the vector. lVar1 is the stack canary value.

In this situations dont obfuscate with the vector pointer vec initialization at the begining, in this case the logic is quite clear.

The function save is a bit more tricky, but it's no more than a vector iteration and ofs writing.
Looping a simple "for (auto s : *vec)" in the decompiler is quite dense, but we can see clearly two write, the second write DAT_0010400b is a "\n"

As we see, save implememtation is quite straightforward.

Related links

• Tools For Hacker
• Pentest Tools Open Source
• How To Install Pentest Tools In Ubuntu
• Hak5 Tools
• Hack Tools For Games
• Hacking Tools Github
• Usb Pentest Tools
• Pentest Tools For Windows
• Computer Hacker
• Android Hack Tools Github
• Free Pentest Tools For Windows
• Hacking Tools For Mac
• Hacker Tools Apk
• Hack And Tools
• Hack Tools 2019
• Pentest Tools Online
• New Hack Tools
• Hackrf Tools
• Hacker Tools Software
• Pentest Tools For Windows
• Hacking Tools For Kali Linux
• Pentest Tools List
• Pentest Tools Port Scanner
• Game Hacking
• Hacking Tools 2019
• Best Hacking Tools 2020
• Hacker Tools 2020
• World No 1 Hacker Software
• Hackrf Tools
• Pentest Tools
• Hacker Tools Software
• Pentest Tools Url Fuzzer
• Hacker Tools For Windows
• Pentest Tools For Ubuntu
• Hacking Tools Software
• Hacking Tools Usb
• Hacking Tools For Beginners
• Hacking Tools Name
• Black Hat Hacker Tools
• Pentest Tools Github
• Hacker Tools Linux
• Pentest Tools For Windows
• How To Install Pentest Tools In Ubuntu
• Hacker Tools Github
• Beginner Hacker Tools
• Hacker Tools Apk Download
• Hacking Tools Github
• Hacker Tools 2019
• Hack Tool Apk
• Hackrf Tools
• Hacking Tools Hardware
• Hacker Tools Github
• Hacking App
• Hacker Tools 2019
• Usb Pentest Tools
• Hack Tools For Ubuntu
• Hak5 Tools
• How To Hack
• How To Install Pentest Tools In Ubuntu
• Hacking Tools Mac
• Pentest Tools Framework
• Hacker Tools
• Hacker Search Tools
• Hacking Tools Windows
• Hacking Tools Online
• Hacking Tools For Windows
• Ethical Hacker Tools
• Blackhat Hacker Tools
• Pentest Tools Windows
• Hack Tool Apk
• Hack Tools For Mac
• Hacker Tools Mac
• New Hack Tools
• Hack Tool Apk
• Underground Hacker Sites
• Hacker Tools 2020
• Pentest Tools Alternative
• Hacking Tools For Mac
• Nsa Hack Tools
• Nsa Hack Tools Download
• Pentest Tools Port Scanner
• Pentest Tools
• Hacker Tools For Ios
• Hack App
• Hacking Tools 2020
• Hack Tools Pc
• Pentest Recon Tools
• Hacking Tools For Pc
• Free Pentest Tools For Windows
• Hacking Tools For Pc
• Install Pentest Tools Ubuntu
• Hack Tools Online
• Hack Tools Mac
• Hacking Tools For Windows
• Best Pentesting Tools 2018
• Hacker Tools For Mac
• Pentest Tools Apk
• World No 1 Hacker Software
• Hacker Tools Apk Download
• Hacking Tools Pc
• Hacking Apps
• Pentest Tools Kali Linux
• Easy Hack Tools
• Hacker Tools Free
• Hacking Tools Name
• Hack Tools Download
• Hacker Tools For Windows
• Hacker Tools List
• Hacker Tools For Mac
• Pentest Tools Bluekeep
• Hack Tools
• Hacker Tools Apk
• Hacking Tools For Windows 7
• Best Hacking Tools 2020
• Hack Tools Download
• Hack Website Online Tool
• Pentest Tools For Ubuntu
• Tools 4 Hack
• Hack Tools For Games
• Hack Tools Pc
• Pentest Tools Url Fuzzer
• Pentest Tools Website
• Hacker Tools List
• Kik Hack Tools
• Physical Pentest Tools
• New Hacker Tools
• Hacking Tools 2020
• Hacker Tools Software
• How To Hack
• Hacking Tools
• Hacking Tools Online
• What Is Hacking Tools
• Hacking Tools And Software
• Ethical Hacker Tools
• Hacker Tools Apk
• Hacking Tools Download
• Hacking Tools 2020
• Hackers Toolbox
• What Is Hacking Tools

Change Passwords Regularly - A Myth And A Lie, Don'T Be Fooled, Part 1

TL;DR: different passwords have different protection requirements, and different attackers using various attacks can only be prevented through different prevention methods. Password security is not simple. For real advise, checking the second post (in progress).

Are you sick of password advices like "change your password regularly" or "if your password is password change it to pa$$w0rd"? This post is for you!

The news sites are full of password advises nowadays due to recent breaches. When I read/watch these advise (especially on CNN), I am usually pissed off for a lot of reasons. Some advises are terrible (a good collection is here), some are good but without solutions, and others are better, but they don't explain the reasons. Following is my analysis of the problem. It works for me. It might not work for you. Comments are welcome!

Password history

Passwords have been used since ancient times.

Because it is simple. When I started using the Internet, I believe I had three passwords. Windows login, webmail, and IRC. Now I have ~250 accounts/passwords to different things, like to my smartphone, to my cable company (this password can be used to change the channels on the TV), to my online secure cloud storage, to full disk encryption to start my computer, to my nude pictures, to my WiFi router, to my cloud server hosting provider, etc etc etc. My money is protected with passwords, my communication is protected with passwords/encryption, my work is protected with passwords. It is pretty damn important. But yet people tend to choose lame passwords. Pretty lame ones. Because they don't think it can be significant. But what is not essential today will be relevant tomorrow. The service you used to download music (iTunes) with the lame password will one day protect all your Apple devices, where attackers can download your backup files, erase all your devices, etc. The seven-character and one capital rule is not enough anymore. This advice is like PDF is safe to open, Java is secure. Old, outdated, untrue.

Now, after this lengthy prologue, we will deep dive into the analysis of the problem, by checking what we want to protect, against whom (who is the attacker), and only after that, we can analyze the solutions. Travel with me, I promise it will be fun! ;)

What to protect?

There are different services online, and various services need different ways to protect. You don't use the same lock on your Trabant as you do on your BMW.

Internet banking, online money

For me, this is the most vital service to protect. Luckily, most of the internet banking services use two-factor authentication (2FA), but unfortunately, not all of them offer transaction authorization/verification with complete transactions. 2FA is not effective against malware, it just complicates the attack. Transaction authorization/verification is better, but not perfect (see Zitmo). If the access is not protected with 2FA, better choose the best password you have (long, real random, sophisticated, but we will get to this later). If it is protected with 2FA, it is still no reason not to use the best password ;) This is what I call the "very high-level password" class.

Credit card data

This system is pretty fucked up bad. Something has to be secret (your credit card number), but in the meantime that is the only thing to identify your credit card. It is like your username is your password. Pretty bad idea, huh? The problem is even worse with a lot of different transaction types, especially when the hotel asks you to fax both sides of your CC to them. Unfortunately, you can't change the password on your credit card, as there is no such thing, but Verified by VISA or 3-D Secure with 2FA might increase the chances your credit card won't get hacked. And on a side note, I have removed the CVV numbers from my credit/debit cards. I only read it once from the card when I received it, I don't need it anymore to be printed there.
And sometimes, you are your own worst enemy. Don't do stupid things like this:

Work related passwords (e.g. Windows domain)

This is very important, but because the attack methods are a bit different, I created this as a different category. Details later.

Email, social sites (Gmail/Facebook/Twitter), cloud storage, online shopping

This is what I call the "high level password" class.

Still, pretty important passwords. Some people don't understand "why would attackers put any energy to get his Facebook account?" It is simple. For money. They can use your account to spread spam all over your Facebook wall. They can write messages to all of your connections and tell them you are in trouble and send money via Western Union or Bitcoin.

They can use your account in Facebook votes. Your e-mail, cloud storage is again very important. 20 years ago you also had letters you didn't want to print and put in front of the nearest store, neither want you to do that with your private photo album. On a side note, it is best to use a cloud storage where even the cloud provider admin can't access your data. But in this case, with no password recovery option, better think about "alternative" password recovery mechanisms.

Other important stuff with personal data (e.g. your name, home address)

The "medium level password" class. This is a personal preference to have this class or not, but in the long run, I believe it is not a waste of energy to protect these accounts. These sites include your favorite pizza delivery service, your local PC store, etc.

Not important stuff

This is the category other. I usually use one-time disposable e-mail to these services. Used for the registration, get what I want, drop the email account. Because I don't want to spread my e-mail address all over the internet, whenever one of these sites get hacked. But still, I prefer to use different, random passwords on these sites, although this is the "low level password" class.

Attackers and attack methods

After categorizing the different passwords to be protected, let's look at the different attackers and attack methods. They can/will/or actively doing it now:

Attacking the clear text password 

This is the most effective way of getting the password. Bad news is that if there is no other factor of protection, the victim is definitely not on the winning side. The different attack methods are:

• phishing sites/applications,

• social engineering,
• malware running on the computer (or in the browser), 
• shoulder surfing (check out for smartphones, hidden cameras), 
• sniffing clear-text passwords when the website is not protected with SSL,
• SSL MiTM,
• rogue website administrator/hacker logging clear text passwords,
• password reuse - if the attacker can get your password in any way, and you reuse it somewhere else, that is a problem,
• you told your password to someone and he/she will misuse it later,
• hardware keyloggers,
• etc.

The key thing here is that no matter how long your passwords are, no matter how complex it is, no matter how often do you change it (except when you do this every minute ... ), if it is stolen, you are screwed. 2FA might save you, or might not.

Attacking the encrypted password 

This is the usual "hack the webserver (via SQL injection), dump the passwords (with SQLMap), post hashes on pastebin, everybody starts the GPU farm to crack the hashes" scenario. This is basically the only scenario where the password policies makes sense. In this case the different level of passwords need different protection levels. In some cases, this attack turns out to be the same as the previous attack, when the passwords are not hashed, or are just encoded.

The current hash cracking speeds for hashes without any iterations (this is unfortunately very common) renders passwords like Q@tCB3nx (8 character, upper-lowercase, digit, special characters) useless, as those can be cracked in hours. Don't believe me? Let's do the math.

Let's say your password is truly random, and randomly choosen from the 26 upper, 26 lower, 10 digit, 33 special characters. (Once I tried special passwords with high ANSI characters inside. It is a terrible idea. Believe me.). There are 6 634 204 312 890 620 different, 8 character passwords from these characters. Assuming a 2 years-old password cracking rig, and MD5 hash cracking with 180 G/s speed, it takes a worst case 10 hours (average 5) to crack the password, including upgrading your bash to the latest, but still vulnerable bash version. Had the password been 10 characters long, it would take 10 years to crack with today hardware. But if the password is not truly random, it can be cracked a lot sooner.

A lot of common hashing algorithms don't use protections against offline brute-force attacks. This includes LM (old Windows hashes), NTLM (modern Windows hashes), MD-5, SHA1-2-512. These hashing algorithms were not developed for password hashing. They don't have salting, iterations, etc. out of the box. In the case of LM, the problem is even worse, as it converts the lowercase characters to uppercase ones, thus radically decreasing the key space. Out of the box, these hashes are made for fast calculation, thus support fast brute-force.

Another attack is when the protected thing is not an online service, but rather an encrypted file or crypto-currency wallet.

Attacking the authentication system online

This is what happened in the recent iCloud hack (besides phishing). Attackers were attacking the authentication system, by either brute-forcing the password, or bypassing the password security by answering the security question. Good passwords can not be brute-forced, as it takes ages. Good security answers have nothing to do with the question in first place. A good security answer is as hard to guess as the password itself. If password recovery requires manual phone calls, I know, it is a bit awkward to say that your first dog name was Xjg.2m`4cJw:V2= , but on the other hand, no one will guess that!

Attacking single sign on

This type of attack is a bit different, as I was not able to put the "pass the hash" attacks anywhere. Pass the hash attack is usually found in Windows domain environments, but others might be affected as well. The key thing is single sign on. If you can login to one system (e.g. your workstation), and access many different network resources (file share, printer, web proxy, e-mail, etc.) without providing any password, then something (a secret) has to be in the memory which can be used to to authenticate to the services. If an attacker can access this secret, he will be able to access all these services. The key thing is (again) it does not matter, how complex your passwords are, how long it is, how often do you change, as someone can easily misuse that secret.

 

Attacking 2FA

As already stated, 2 factor authentication raises the efforts from an attacker point of view, but does not provide 100% protection. 

• one time tokens (SecurID, Yubikey) can be relayed in a man-in-the-middle attack, 
• smartcard authentication can be relayed with the help of a malware to the attacker machine - or simply circumvented in the browser malware, 
• text based (SMS) messages can be stolen by malware on the smartphone or rerouted via SS7, 
• bio-metric protection is constantly bypassed,
• SSH keys are constantly stolen,
• but U2F keys are pretty good actually, even though BGP/DNS hijack or similar MiTM can still circumvent that protection,
• etc. 

Others

Beware that there are tons of other attack methods to access your online account (like XSS/CSRF), but all of these have to be handled on the webserver side. The best you can do is to choose a website where the Bug Bounty program is running 24/7. Otherwise, the website may be full of low hanging, easy-to-hack bugs.

Now that we have covered what we want to protect against what, in the next blog post, you will see how to do that. Stay tuned. I will also explain the title of this blog post.

Related articles

1. Pentest Tools Apk
2. Hacking Tools Software
3. Hack Tools For Mac
4. Pentest Tools
5. Hacker Tools Apk Download
6. Hacking Tools For Windows
7. Hacking Tools And Software
8. Hacking Tools 2020
9. Hacking Tools Free Download
10. Pentest Recon Tools
11. Hack Tools
12. Hack Tools Pc
13. Hacker Tools Online
14. Computer Hacker
15. Hack Apps
16. Pentest Tools Bluekeep
17. Pentest Tools Windows
18. What Is Hacking Tools
19. Hacker Tools 2019
20. Hacking Tools For Windows
21. Hacking Tools For Mac
22. Pentest Tools
23. Pentest Tools List
24. What Are Hacking Tools
25. Hacking Tools Hardware
26. Pentest Tools Linux
27. Nsa Hack Tools
28. Hacker Techniques Tools And Incident Handling
29. Blackhat Hacker Tools
30. Hack Tools Pc
31. Pentest Tools
32. Pentest Tools For Android
33. Pentest Tools For Android
34. Hacking Tools Mac
35. Beginner Hacker Tools
36. Pentest Tools Free
37. Nsa Hacker Tools
38. Hacking Tools And Software
39. Hack Tools Download
40. How To Make Hacking Tools
41. Hacker Tools Mac
42. How To Install Pentest Tools In Ubuntu
43. New Hacker Tools
44. Pentest Tools Android
45. Hacker Tools For Ios
46. Pentest Tools Nmap
47. Hackers Toolbox
48. Hacking Tools
49. Pentest Tools For Android
50. Hacker Tools Github
51. Pentest Tools Framework
52. Hacking Tools For Mac
53. Hacking Tools Windows 10
54. Pentest Tools For Windows
55. Pentest Tools Apk
56. Hacker Tools 2019
57. Wifi Hacker Tools For Windows
58. Hacking Tools Windows
59. Pentest Tools Linux
60. Hacker Tools
61. Hacking Tools Windows 10
62. Hacking Tools Windows
63. Pentest Tools Website Vulnerability
64. Hack Tools
65. Pentest Tools For Mac
66. Hacking Apps
67. Hack Website Online Tool
68. Top Pentest Tools
69. Physical Pentest Tools
70. Hacker Tools Free Download
71. Hacks And Tools
72. Hacking Tools For Windows
73. Hack Tools For Games
74. Hack Tools Pc
75. Pentest Tools Url Fuzzer
76. Hacker Tools Github
77. Pentest Reporting Tools
78. Github Hacking Tools
79. Hackers Toolbox
80. Beginner Hacker Tools
81. Nsa Hack Tools Download
82. Physical Pentest Tools
83. Hacking Tools Pc
84. Hacking Tools Free Download
85. Hacking Tools Windows
86. Pentest Tools Free
87. Pentest Tools Alternative
88. Hacking Tools For Mac
89. Best Pentesting Tools 2018
90. Android Hack Tools Github
91. Hacker Security Tools
92. Hack Tools
93. New Hack Tools
94. Hacking Tools For Windows
95. Pentest Tools Apk
96. Hacking Tools Pc
97. Game Hacking
98. Pentest Tools Tcp Port Scanner
99. Pentest Tools For Mac
100. Best Pentesting Tools 2018
101. Hack Tools For Games
102. Hack Tools For Games
103. Hack Tools Github
104. Pentest Tools Bluekeep
105. Hacking Tools Mac
106. Hack Rom Tools
107. Hacking Tools Windows
108. Black Hat Hacker Tools
109. What Is Hacking Tools
110. Hack Tools Download
111. Pentest Tools Tcp Port Scanner
112. Tools 4 Hack
113. Hack App
114. Hacking Tools Download
115. Hack Tools
116. Nsa Hack Tools
117. Hack Website Online Tool
118. Install Pentest Tools Ubuntu
119. New Hack Tools
120. Pentest Tools List
121. Hacker Tools Linux