asteroza + password   271

Dynamically banned passwords in Azure AD | Microsoft Docs
Piss off red teams that password spray by setting up some tripwires. such as <season>2019
azure  AD  password  security  custom  complexity  ban  list  group  policy 
16 days ago by asteroza
hashcat v5.1.0
Huh, did not know about the forced US layout for the Keyboard maps
TrueCrypt  VeraCrypt  keyboard  map  US  password  complexity  dictionary  security  hacking 
december 2018 by asteroza
Emoji usage in your domain – Joe McCormack – Medium
Probably limited to 10/2016, but MS did backport emojis to 7 so...
windows  unicode  emoji  password  domain  user  AD  security  hacking  pentesting 
september 2018 by asteroza
ryanries/PassFiltEx: First commit
password filter for AD to add additional password restrictions on things like a custom password blacklist
windows  AD  active  directory  custom  bad  password  filter  blacklist  sysadmin  security  tips  tricks 
june 2018 by asteroza
PassProtect - Chrome Web Store
Uses haveibeenpwned database to see if your password sucks
chrome  browser  plugin  addon  extension  bad  exposed  password  check  test  security 
may 2018 by asteroza
fireeye/gocrack
containerized GPU accelerated password cracker for corporate usage, with some security to not just let anybody see the results
docker  container  GPU  accelerated  password  cracking  cracker  software  security  hacking  pentesting  sysadmin  tools  utilities  go 
march 2018 by asteroza
Release 2.1.1 20171220 · gentilkiwi/mimikatz
new mimikatz, there's a handy authentication package called mimilib to capture plaintext passwords at logon on windows 10 with credential guard
mimikatz  security  hacking  pentesting  windows  logon  password  capture  sniffing 
december 2017 by asteroza
Combination of many breaches : pwned
magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftra...
password  list  data  leak  breech  torrent  security  hacking  pentesting 
december 2017 by asteroza
cry/nbp: NIST Bad Passwords - JavaScript library for detecting common passwords.
password blacklist javascript library, though for additional blacklists, maybe use openwall dictionaries?
NIST  bad  password  blacklist  javascript  library  dictionary 
november 2017 by asteroza
USB Dongle Auth List
List of sites with support for USB dongle authentication which includes One Time Passwords (OTP) and Universal 2nd Factor (U2F).
website  support  OTP  FIDO  U2F  list  compatibility  reference  information  USB  dongle  yubikey  security  password  authentication  2FA 
november 2017 by asteroza
BlindHash-Restoring Trust in Passwords
Password hashing security as a service (more like salt as a service), using a 16TB salt and a new blind hashing technique. Functions like a Crypto Anchor.
security  service  password  blind  hash  encryption  cryptography  salt  CryptoAnchor 
november 2017 by asteroza
square/keywhiz: A system for distributing and managing secrets
interesting trick of allowing a FUSE mount of pseduo-files for accessing secrets to allow use with apps that can't handle this kind of secret management normally
security  vault  private  key  password  sharing  management  software  opensource 
september 2017 by asteroza
Telnet List 33138 lines - Pastebin.com
Interesting live internet telnet logon usernames/passwords. Not all of them public defaults?
telnet  username  password  list 
august 2017 by asteroza
Password API
Oh hey, password hash lookup service...
security  hacking  pentesting  password  hash  lookup  service 
july 2017 by asteroza
Hashes.org - Home
Hashes.org is a community recovering password from submitted hashes.
password  hash  reference  list  repository  hacking  cracking  security  pentesting 
june 2017 by asteroza
Special Publication 800-63 | NIST
64 character passwords without required specials, no forced rotation without evidence of compromise, no SMS 2FA, password paste OK
NIST  800-63  digital  identity  service  requirements  password  policy  guidance  information  reference  security 
june 2017 by asteroza
General Service List - Wikipedia
correct horse battery staple probably came from this
2000  list  password  XKCD  word  english  Delicious 
march 2017 by asteroza
lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in ...
This is that tool for sucking password hashes out of a windows machine by plugging in a USB Armory emulating a USB ethernet adapter.
responder  windows  attack  exploit  software  password  hash  retrieval  security  pentesting  hacking  Delicious 
december 2016 by asteroza
p3nt4/metasploit-modules: This module will change a local user's password direct...
Metasploit module for directly carving out and replacing password hashes to forcibly change a user password.
metasploit  module  security  pentesting  hacking  windows  user  password  change  registry  attack  hash  carve  Delicious 
december 2016 by asteroza
JPCERT/CC Blog: Verification of Windows New Security Features – LSA Protection M...
So the short story is the increased security from LSA Protection Mode or Credential Guard protects domain users mostly, if domain password caching is disabled. But local passwords are still vulnerable to Mimikatz, and password reuse is a thing...
Windows  domain  logon  password  hash  security  research  lateral  movement  pentesting  hacking  Delicious 
november 2016 by asteroza
« earlier      
per page:    204080120160

related tags

2.0  2FA  2K  2K3  64bit  97-2003  512MB  800-63  2008R2  academic  accelerated  acceleration  accelerator  access  accesspoint  accident  account  acoustic  active  AD  addon  address  ADFS  admin  administrator  AES  aggregator  ajax  alert  algorithm  alternative  analysis  android  antivirus  AP  API  app  applications  architecture  archive  Argon2  articles  ATA  ATI  attack  audio  audit  auditing  authenticated  authentication  authenticator  authorization  automated  automatic  autorun  azure  backup  bad  ban  based  bash  BashBunny  bioelectric  biometric  biometrics  BIOS  blackberry  blacklist  BLE  blind  block  blocking  blog  bloodhound  blueteam  bluetooth  bookmarklet  boot  bootdisk  bracelet  braille  breach  breaker  breaking  breech  broswer  browser  Bruce  brute  BSD  bug  bypass  Cain  canary  capacitive  captcha  captive  capture  car  card  carve  CCC  CD  cert  certificate  challenge  change  channel  cheatsheet  check  checking  checkter  chrome  citrix  CLI  client  clientside  ClipperZ  cloud  CloudCracker  collision  commands  common  compatibility  complexity  compliance  computer  concept  configuration  confirmation  contactless  container  continuity  control  controller  copy  corpus  correlation  crac  cracker  cracking  credential  credit  criteria  crowbarKC  crypto  CryptoAnchor  cryptography  cryptomneme  cryptomnemo  CSR  CUDA  custom  Cyber-Ark  DandyID  data  database  deadmans  death  deathswitch  decryption  default  defense  Delicious  Dell  demo  Depant  Derivation  design  details  detection  development  devices  DFIR  diceware  dictionary  digital  direct  directory  disabled  disabling  disaster  disk  display  distributed  distribution  DMA  docker  document  domain  dongle  download  draft  drive  driverless  DSinternals  dump  dumper  duress  e-ink  e-paper  editor  EKE  elasticsearch  Elcomsoft  ElcomSoft  Elecom  electroncis  electronics  ELK  email  embedded  emergency  emoji  emulation  emulator  EMV  encryption  enforcement  england  english  enterprise  entropy  entry  error  escalation  estate  ESXi  event  EWSA  exchange  exploit  exposed  extension  extensions  external  extraction  extractor  face  factor  FAIL  Fail2ban  failsafe  fake  feature  federated  FIDO  file  filetype:pdf  filevault  filter  firefox  firewall  firewire  firmware  flash  fluxer  force  forensic  forensics  form  free  freeware  FTP  Function  FUSE  generator  genpass  gmail  go  golden  google  government  GPG  GPGPU  GPU  graphical  group  guidance  guide  guideline  hack  hacking  hacks  hardware  has  hased  hash  hashcat  hashing  HCI  HDD  heartbeat  honeypot  honeytoken  hosting  hostproof  hotfix  howto  HSM  HTTP  human  humor  Hydra  ID  identity  IE  image  IMAP4  impersonation  implementation  inactive  index  industrial  information  infosec  infoviz  inmemory  input  integration  interface  interference  intrusion  investigation  iOS  IoT  iPhone  iPod  iptables  ISO  IT  J-PAKE  J2ME  japan  java  javascript  JohntheRipper  JTR  kali  KB  kb917556  KB923191  kb2617632  KeePass  kerberos  kernel  key  keyboard  keychain  keycode  Keywhiz  keyword  kibana  KON-BOOT  lab  language  LAPS  LassPass  LastPass  lateral  law  LCD  LDAP  LE  leak  leakage  length  library  lifehacks  linguistics  links  linux  list  live  liveCD  LiveCD  living  LM  local  lockbin  lockout  log  login  logon  long  lookup  lophtcrack  mac  MacKrack  MacLockPick  malicious  malware  managed  management  manager  managment  Mandylion  map  master  Mb2.r5oHf-0t  MD5  media  media:document  memory  metasploit  method  methodology  MI5  microSD  microsoft  mimikatz  MitM  mobile  modification  module  MongoDB  monitoring  mooltipass  mOTP  movement  mozilla  MSP  multiprotocol  network  networking  NFC  NirSoft  NIST  nmap  notification  NT  NTLM  NTLMN  number  Nvidia  object  ObPwd  office  offline  OHCI  on  one  onetime  online  open  OpenCL  openfirmware  OpenID  openID  opensource  OpenVPN  OpenYOLO  Opera  ophcrack  OS  OSX  OTP  owned  PAKE  PAM  paper  parallel  partition  party  pass  passfaces  PassPack  passphrase  Passware  password  passwords  passwordsafe  patent  pattern  PBKDF2  PC  PCI  PDF  PEM  penetration  pentest  pentesting  phishing  phone  photo  php  physical  picture  PIM  PIN  pixelated  plaintext  planning  platform  plugin  policy  POP3  popular  port  portable  portal  posture  powerpc  powershell  ppc  preboot  preparation  print  privacy  private  privilege  privileged  probability  problem  process  processing  profile  programming  programs  project  proof-of-concept  protected  protection  protocol  prototype  provider  proximity  PSHITT  pshtoolkit  psychology  pushpin  pwned  python  quality  QWERTY  RADIUS  rainbow  rainbowcrack  RAM  random  randomizer  randomness  raper  RAR  RARgpu  RC4  read  Reaver  recognition  recon  recongition  recovery  redteam  reference  registry  remote  removal  repository  requirements  research  reset  responder  REST  restart  retrieval  reuse  root  router  ruby  rules  safari  safe  salt  SAM  SCADA  scanner  scheduled  Schneier  scraper  screen  script  scrypt  SD  search  seccurity  SecLookOn  secret  secure  SecureSafe  security  seeder  selection  sense  sensitive  sensor  sensors  server  service  services  setup  SHA1  sharding  shared  sharing  shell  side  sidechannel  sign  single  smartcard  smartphone  SMS  SMTP  sniffer  sniffing  SniffPass  social  software  solution  SPEKE  split  splitting  SPN  spoofing  spray  spraying  spying  SRP  ssh  SSL  SSO  SSSS  stanford  statistical  statistics  step  storage  store  strength  strong  supergenpass  support  switch  switchblade  sxip  sxipper  Symbian  sync  sysadmin  system  table  Tableau  tables  tactile  tacton  task  team  technique  technology  telnet  test  testing  text  third  ticket  time  tips  token  toolkit  tools  torrent  TOTP  tricks  tripwire  trojan  truecrypt  tutorial  two  U2F  U3  UC-Key  UDRW  UEFI  UK  undercover  unicode  uninstall  unlock  US  USA  USB  user  username  users  utilities  utlities  UX  vault  VeraCrypt  verification  video  virtual  Vista  visual  visualization  VMware  VPN  wallet  weak  wearable  wearables  web  webapp  webdev  website  welcome  WEP  wifi  will  windows  windwos  winlockpwn  wireless  word  WPA  WPA-enterprise  WPA-PSK  WPA2  WPA2-enterprise  WPS  wrapper  wristband  write  xkcd  xp  yubikey 

Copy this bookmark:



description:


tags: