How to Crack Office Passwords with a Dictionary
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]
Jordan Drysdale // Let’s start this post at Walmart. Yes, the visit may be attributable against the purchaser via security camera footage retrieved by warrant, so hand your wife/husband/confidant/whomever a […]
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]
Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]
David Fletcher // Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]
Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. […]
Joff Thyer // I was recently working on a Red Team for a customer that was very much up to date with their defenses. This customer had tight egress controls, […]
Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]