5 min read
Windows Account Passwords: Why and How to Break NTLM Credentials
Windows account passwords, or NTLM passwords, are among the easiest to recover due to their relatively low cryptographic strength. At the same time,
Tag : Ntlm
5 min read
3 min read
Breaking Windows Passwords: LM, NTLM, DCC and Windows Hello PIN Compared
Modern versions of Windows have many different types of accounts. Local Windows accounts, Microsoft accounts, and domain accounts feature different
Protocolos de autenticação do Active Directory e riscos de segurança
Para que as organizações mantenham a segurança e reduzam a exposição a ameaças, é fundamental entender as vulnerabilidades e os desafios dos
1 min read
SSO to domain resources from Azure AD Joined Devices – The MEGA Series
Welcome to this new blog series which will hopefully demystify SSO to domain resources from Azure AD Joined devices – and get you up and working
5 min read
Relaying NTLM authentication over RPC again…
A little bit over a year ago, I wrote an article on this blog about CVE-2020-1113 and how it enabled code execution on a remote machine through
1 min read
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
By Antonio Cocomazzi and Andrea Pierini Executive Summary Every Windows system is vulnerable to a particular NTLM relay attack that could allow
1 min read
ORA-12638 on Windows only from Oracle 19.10.0 onwards
You like unexpected changes and surprises, don’t you? And especially those which aren’t in the patch notes or the docs. I blogged about such
1 min read
RogueWinRM – Windows Local Privilege Escalation From Service Account To System
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System
3 min read
SharpMapExec – A Sharpen Version Of CrackMapExec
A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made
Aclpwn.Py – Active Directory ACL Exploitation With BloodHound
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending
2 min read
Bumble Leaves Swipes Unsecured for 100M Users, Capcom confirms data breach, Citrix SD-WAN Bugs Allow Remote Code Execution, and more
Round Up of Major Breaches and Scams Dating Site Bumble Leaves Swipes Unsecured for 100M Users An API bug exposed personal information of users like
NTLMRawUnHide – Parse Network Packet Capture Files
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool
2 min read
Lil-Pwny – Auditing Active Directory Passwords Using Multiprocessing In Python
A multiprocessing approach to auditing Active Directory passwords using Python. About Lil Pwny Lil Pwny is a Python application to perform an
1 min read
PwnedPasswordsChecker – Search If Your Password Has Been Leaked
PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been
4 min read
NetworkMiner 2.6 Released
We are happy to announce the release of NetworkMiner 2.6 today! The network forensic tool is now even better at extracting emails, password hashes,