recentpopularlog in

whip_lash : passwords   15

Bypassing AD account lockout for a compromised account
Favorite tweet:

I’m not sure if someone found this before but I came across this while testing net use. #infosec #security https://t.co/cRwjURxkXI

— Mark (@_markmo_) April 10, 2019
Password  passwords  activedirectory  windows  bruteforce 
april 2019 by whip_lash
GitHub - lanjelot/patator: Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings.
bruteforce  pentest  patator  tool  passwords 
august 2018 by whip_lash
ustayready/CredKing: Password spraying using AWS Lambda for IP rotation
Easily launch a password spray using AWS Lambda across multiple regions, rotating IP addresses with each request.
recon  passwords  spraying 
august 2018 by whip_lash
Hiding Secrets in Terraform
Unfortunately, in order to set up most of these services you need usernames and passwords to be set - and since you can potentially change these passwords via Terraform then it stands to reason that Terraform is going to need be able to compare your old credentials with possible new ones.

To facilitate this it stores all settings, including usernames, passwords, port numbers and literally everything else in these tfstate files, in plain text.

This wasn’t something I’d have expected as the default behaviour. The documentation does suggest that you use a thing called Remote State (more on that later)
terraform  cloud  aws  passwords 
july 2018 by whip_lash
passwdqc for Windows (Active Directory) - password/passphrase policy enforcement
Full support for passphrases, extensive testing [1] [2] [3] on real-world passwords, being able to exactly match the policy you use on Unix (if applicable), bundled end-user programs (their use is optional), and simple site-wide licensing and pricing (not per-user, nor per-computer) differentiate this product from the competition.

The product, once installed, registers with the system a password filter DLL, which is where the policy is enforced. Also included are three programs: Configuration, Change Password, and Reset Password - please see the screenshots. The latter two programs may be used to easily duplicate the domain controller's password policy on end-user systems, so that the users are informed of the specific reason why their initial choice of new password did not meet policy and are offered randomly-generated passphrases.
activedirectory  passwords 
april 2018 by whip_lash
Dumping Clear-Text Credentials | Penetration Testing Lab
The article contains Windows locations where passwords might exist and techniques to retrieve them.
passwords  windows  security  pentest  postexploitation 
april 2018 by whip_lash
ahnick/encpass.sh: Lightweight solution for using encrypted passwords in shell scripts
encpass.sh provides a lightweight solution for using encrypted passwords in shell scripts using SSH and OpenSSL. It allows a user to encrypt a password at runtime and then use it, decrypted, within another script. This prevents shoulder surfing passwords and avoids storing the password in plain text, which could inadvertently be sent to or discovered by an individual at a later date.
encryption  github  cli  passwords 
february 2018 by whip_lash
Researchers Find Trove of 1.4 Billion Breached Credentials - Infosecurity Magazine
This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and Exploit.in, decrypted passwords of known breaches like LinkedIn as well as smaller breaches like Bitcoin and Pastebin sites

GET A COPY
passwords  hash  hacking 
december 2017 by whip_lash
Using Kon-Boot from a USB Flash Drive: Bypass those pesky Windows and Linux login passwords completely
Kon-boot is a cool tool you can download from http://www.piotrbania.com/all/kon-boot/ that boots from a CD or floppy and modifies memory to let you login without knowing a local account password in both Windows (even up to Windows 7) and Linux (not all distros).
security  usb  windows  tools  passwords 
february 2010 by whip_lash

Copy this bookmark:





to read