Search Results for: password

Author, David Fletcher, Finding, Informational bad passwords, password, password policy, weak password

Finding: Weak Password Policy

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

Read the entire post here

Author, External/Internal, How-To, Kent Ickler, Password Cracking AES, CeWL, decrypt, dictionary, encryption, Exce, Hashcat, John the Ripper, JTR, Kent Ickler, LinkedIn, microsoft office, Office, SHA, wordlist

How to Crack Office Passwords with a Dictionary

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption.  Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

Read the entire post here

Informational bad passwords, long passwords, password policy, passwords

An Open Letter about Big All-Powerful Company’s Password Policy

Kelsey Bellew // Dear Big All-Powerful Company, Your idea of a ‘strong password’ is flawed. When I first saw the following message, I laughed. I said out loud, “No, you […]

Read the entire post here

How-To, Password Cracking, Red Team, Red Team Tools Carrie Roberts, Hashcat, John the Ripper, MS Office, password, password protected MS Office document, Red Team, rockyou

How to Crack Passwords for Password Protected MS Office Documents

Carrie Roberts* // (Updated, 2/11/2019) Trying to figure out the password for a password protected MS Office document? This free solution might do the trick. It attempts to guess the password […]

Read the entire post here

Red Team, Red Team Tools Amazon, cloud, Cloud Cracking, GPU Acceleration, Kali 2017, Kali GPU, Kali Linux, Password cracking

How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)

Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got […]

Read the entire post here

Author, Kent Ickler, Red Team, Red Team Tools Build, Hash, Hashcat, Hashcat Benchmarks, Kent Ickler, Nvidia GTX 1070, password, Password Cracker, Password cracking, Summer2017, The Kraken

How to Build a Password Cracker with NVidia GTX 1080TI & GTX 1070

Kent Ickler // The Task Buy The Things: Total for new password cracking machine$5110 A Few Quick Lessons The CPU cooler doesn’t actually clear the case cover. This was OK […]

Read the entire post here

Blue Team, Blue Team Tools, Webcasts Domain Password Audit Tool, DPAT, webcast

WEBCAST: Demo of Domain Password Audit Tool

Check out Carrie’s demo of her DPAT, and if you missed her blog, check that out here.

Read the entire post here

Blue Team, Blue Team Tools, Red Team, Red Team Tools Domain Password Audit Tool, DPAT

Domain Password Audit Tool

Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]

Read the entire post here

Author, Blue Team, Kent Ickler Jordan Drysdale, long passwords, Password Security Objects, passwords, Windows 95/96, Windows Admin

How to Increase the Minimum Character Password Length (15+) Policies in Active Directory

Kent Ickler // As a start to a series on Windows Administration in the eyes of a security-conscious “Windows Guy” I invite you on configuring AD DS PSOs (Password Security […]

Read the entire post here