Hydra is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access to a remote system. With Hydra people can launch an online dictionary attack to several protocols.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as “produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.”. OSINT under one name or another has been around for hundreds of years. With the advent of instant communications and rapid information transfer, a great deal of actionable and predictable intelligence can now be obtained from public unclassified sources.
Maltego, Shodan, Google, Social Media Spiders, and others are being used to collect information about people. All this information could be used to generate dictionaries and perform brute force attacks to already collected hashes. CeWL, Crunch and Mentalist are popular tools used to create custom wordlists.
To fully understand what a leak is, it’s useful to reflect on what data breaches are for comparison. To summarize, data breaches are intrusions into sensitive systems perpetuated by a unauthorized user. Data leaks, however, are incidents where this information is simply exposed as the result of a company’s internal processes or by a mistake.
Some leaks include usernames and (encrypted) passwords. With a bunch of time and good resources, any encrypted password could be cracked. Also, some leaks can be found at PasteBin.
It’s simple: Avoid reusing passwords, instead of words try using phrases or use passwords generators like this one.