passwords   14362

« earlier    

passwdqc for Windows (Active Directory) - password/passphrase policy enforcement
Full support for passphrases, extensive testing [1] [2] [3] on real-world passwords, being able to exactly match the policy you use on Unix (if applicable), bundled end-user programs (their use is optional), and simple site-wide licensing and pricing (not per-user, nor per-computer) differentiate this product from the competition.

The product, once installed, registers with the system a password filter DLL, which is where the policy is enforced. Also included are three programs: Configuration, Change Password, and Reset Password - please see the screenshots. The latter two programs may be used to easily duplicate the domain controller's password policy on end-user systems, so that the users are informed of the specific reason why their initial choice of new password did not meet policy and are offered randomly-generated passphrases.
activedirectory  passwords 
22 hours ago by whip_lash
Sure. It flies in the face of every piece of research carried out in the last 5 years, but we'll change
passwords  from twitter_favs
7 days ago by ciphpercoder
Passwords Part 2 - Passwords off the Wire using LLMNR - SANS Internet Storm Center
LLMNR – Link Layer Multicast Name Resolution. What’s that you say? - Name resolution tended to use WINS as much or more than DNS.  If you didn’t happen to have WINS or DNS set up, clients would send a local multicast request out on port UDP/5355 for name resolution.  And yes, that is still with us today.

While LLNMR is easily fixed with GPO, NetBIOS over tcp/ip is not and you either need individual touches to systems, script something up, or some other management tool like SCCM to change that setting. so you have to disable LLNMR and NetBIOS over tcp/ip to fully solve this problem.
llmnr  cybersecurity  passwords  sans  tools 
9 days ago by bwiese
Dumping Clear-Text Credentials | Penetration Testing Lab
The article contains Windows locations where passwords might exist and techniques to retrieve them.
passwords  windows  security  pentest  postexploitation 
14 days ago by whip_lash

« earlier    

related tags

#project-magic  10.13  1password  2018  2018b  2fa  accounts  activedirectory  and  android  apfs  api  apple  applecommunity  appleid  applepay  apps  apr  authentication  azuread  backup  banking  bestpractices  biometrics  biz&it  bka  breach  browser  bug  chrome  cisco  coding  configuration  configuring  console  cool  cracking  creativecommons  crypt  crypto  cryptography  cybersecurity  data  database  default  design  developers  devise  dice  digital  digital_legacy  discovery  docker  done  ecs  email  encryption  environment  evernote  extensions  faceid  facialrecognition  filevault  findmyiphone  fingerprint  firefox  forms  forums  game  gem  gems  generator  gmail  golang  google  google_photos  gov2.0  guide  hack  hacking  hardware  hash  hashcat  hashes  hosting  how-to  hunt  importexport  instapaper  internet  internetofthings  ios  ios10  iot  ipad_pro  iphone  iphonex  itunes  journal  js  key  krebs  leak  leaks  legal  lh  linux  list  llmnr  lukew  mac  macbook  macos  macosx  manage  manager  messaging  microsoft  mongo  nist  notes_app  ohforfuckssake  open-source  opensource  osx  outlook  passcodes  passwd  password  passwordmanager  pdf  pentest  photos_app  podcast  police  postexploitation  privacy  privileges  productivity  pwn  pwned  questions  raspberrypi  recovery  reference  resource  responder  rip  ruby  safety  salting  sans  scanning  secret  securety  security  securitytheater  seguridad  service  set  settings  setup  software  softwarelibre  ssm  ssn  support  swiss  tech  technews  technology  test  tester  tidbits  tips  tmobile  tools  troy  tweet  twitter  two-factor-authentication  twofactor  type:tool  unix  usability  usb  utilities  variable  w3c  weak  weather  web  webdev  webtool  whatsapp  windows  wordlists  music 

Copy this bookmark: