Search Results for: password

Blue Team, Blue Team Tools, Red Team, Red Team Tools Domain Password Audit Tool, DPAT

Domain Password Audit Tool

Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]

Read the entire post here

Author, Blue Team, Kent Ickler Jordan Drysdale, long passwords, Password Security Objects, passwords, Windows 95/96, Windows Admin

How to Increase the Minimum Character Password Length (15+) Policies in Active Directory

Kent Ickler // As a start to a series on Windows Administration in the eyes of a security-conscious “Windows Guy” I invite you on configuring AD DS PSOs (Password Security […]

Read the entire post here

External/Internal, Red Team 2 factor authentication, 2FA, fun fun fun, MFA, Microsoft, Microsoft Web App Portal, password spraying, passwords

Question:  What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?

Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]

Read the entire post here

General InfoSec Tips & Tricks, InfoSec 101 dashline, how to store passwords, keepass, last pass, password herding, password management, passwords

Herding Those Pesky Passwords

Rick Wisser & Gail Menius // Frequently we get asked about where to store passwords.  Should they be stored in a word/excel /txt file on your computer? Maybe, written down […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team domain credentials, domain creds, password spraying, passwords

Password Spraying Outlook Web Access – How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 2

Beau Bullock // This is part two of a series of posts (See part 1 here) where I am detailing multiple ways to gain access to domain user credentials without ever being […]

Read the entire post here

Author, Beau Bullock, External/Internal, Password Spray, Red Team domain creds, exploiting passwords, gaining access to domain credentials, passwords, reusing passwords

Exploiting Password Reuse on Personal Accounts: How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 1

Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. […]

Read the entire post here

External/Internal, Red Team encryption, mimikatz, passwords

Your Password Is… wait for it… NOT Always Encrypted

Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]

Read the entire post here

Author, Joff Thyer, Password Spray, Red Team Joff Thyer, password spraying, RPCCLINET

Password Spraying & Other Fun with RPCCLIENT

Joff Thyer //   Many of us in the penetration testing community ar​e used to scenarios whereby we land a targeted phishing campaign within a Windows enterprise environment and have […]

Read the entire post here

Guest Author, How-To, Informational, InfoSec 101 Infosec for Beginners, InfoSec Survival Guide, Leonardo Núñez, OSINT

OSINT: How to Find, Use, and Control Open-Source Intelligence

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).

Read the entire post here