Brute Force Wordlist
Some files for bruteforcing certain things.
https://github.com/random-robbie/bruteforce-lists
#wordlist #bruteforce
Some files for bruteforcing certain things.
https://github.com/random-robbie/bruteforce-lists
#wordlist #bruteforce
GitHub
GitHub - random-robbie/bruteforce-lists: Some files for bruteforcing certain things.
Some files for bruteforcing certain things. Contribute to random-robbie/bruteforce-lists development by creating an account on GitHub.
Undetected Azure AD Bruteforce Attack
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
In late June 2021, Secureworks Counter Threat Unit researchers discovered a flaw in the protocol used by the Azure Active Directory Seamless Single Sign-On feature. This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.
PoC:
https://github.com/treebuilder/aad-sso-enum-brute-spray
Research:
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
#sso #azure #ad #bruteforce #research
⚙️ Psudohash — Password List Generator For Orchestrating Brute Force Attacks
This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.
https://github.com/t3l3machus/psudohash
#wordlist #password #generator #bruteforce
This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.
https://github.com/t3l3machus/psudohash
#wordlist #password #generator #bruteforce
👍7🔥5
🔐 Crack.sh is dead, Long Live Shuck.sh
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
Recently, many of you might've noticed that Crack.sh is currently unavailable. While it's been an invaluable tool in our arsenal, the landscape is ever-changing, and we need to pivot. Meet Shuck.sh, an emerging service that offers similar capabilities, leveraging the extensive Have I Been Pwned (HIBP) database.
🚀 Key Features:
— Shuck It: Instantly shuck NetNTLMv1, PPTP VPN, and WPA-Enterprise MSCHAPv2 challenges against HIBP's NT-hash database.
— Tech Insight: Efficient binary search for DES-keys collisions from a subset of the HIBP database.
— Fast & Free: Got around 100 NetNTLMv1 challenges? Extract their corresponding NT-Hashes in roughly 10 seconds.
One significant advantage of Shuck.sh over other tools is its ability to be deployed locally. For those concerned about security and privacy, you can set up Shuck.sh on your own environment using its script from the GitHub repository.
🔗 Shuck.sh
🔗 GitHub Repository
🔗 Pwned Passwords Version 8 (Torrent)
#ntlmv1 #des #mschapv2 #bruteforce
🔥6👍3
🔑 I Know What Your Password Was Last Summer...
This is a blog post about password analysis and some research regarding frequently hacked NTLM passwords.
🔗 https://labs.lares.com/password-analysis/
#bruteforce #hashcat #ntlm
This is a blog post about password analysis and some research regarding frequently hacked NTLM passwords.
🔗 https://labs.lares.com/password-analysis/
#bruteforce #hashcat #ntlm
Lares Labs
I Know What Your Password Was Last Summer...
We have spent the last six months researching on the previous two years of prior cracked passwords and built some tools to understand password creation strategies better. Here are the results.
🔥8👍2