Passwords – How Did It All Start?
The first passwords began to be introduced in the 1960s, when computer systems began to develop, and managing access to them became more complicated. One example is the CTSS (Compatible Time-Sharing System), which was created at the Massachusetts Institute of Technology (MIT).
Revolution OS
Previou…
Read more →
Do You Have a Password Policy? That Doesn’t Mean Much.
Companies invest heavily in tools like SIEM, EDR, NDR, implement MFA, and conduct training. And rightly so.
But there’s one problem... Most still don’t know how strong (or rather weak) their passwords are.
The reason is simple. Nobody checks them, and security remains in a state of superposition, so…
Read more →
Proactive Security Approach - Data Breach Monitoring
Every day, an absurd amount of new data breaches appear online. On top of that, old breaches still circulate, often easily accessible – both for free and for a fee – and they can pose a real threat to your company.
Attacks using what are known as “creds” (from credentials), i.e., login:password pair…
Read more →
120 minutes that can save your company – a cybersecurity awareness training
No big budget needed to significantly improve security. All it takes is two hours. Two hours that won’t change the world, but could protect your company from severe consequences. And this is not theory. This is practice, evident in every incident that could have been avoided. And there are plenty of…
Read more →
PBKDF i bcrypt
One way to store passwords provided by users is through the use of hash functions. In this case, the input provided, for example, during user registration, is processed by the chosen hash function, and its output is saved in the database. Hash functions, because they are one-way, ensure that it is n…
Read more →
How to Bypass AMSI? My Experience with PowerShell Bypassing
Whether it's on HackTheBox, at work, or just for fun, sometimes you need to infect a Windows system with some C2 software or malware. In my case, I most often use CobaltStrike (link) or the equally effective Sliver (link). Since I've done this many times, I immediately thought, "I'll disable AMSI, u…
Read more →
Bcrypt Cocktail and Hash Extraction
Bcrypt Cocktail and Hash Extraction
TL;DR - Combining bcrypt with other unsalted hash functions (such as MD5 or SHA-1) can lead to serious consequences in the form of "extraction" of bcrypt. However, it is still better than just using a weak algorithm. In some cases, it is possible to find something…
Read more →
Sacrificial session
How many times you have run into the problem of replacing the current user Kerberos TGT?
Creating the sacrificial process is the way to prevent that from happening.
If the current user TGT will be replaced, the authentication to the domain resources will be done using the new TGT. To get back to th…
Read more →
Hash function
A hash function is an algorithm that transforms an input of arbitrary length into an output of fixed length.
An example of how this is achieved is through expansion – if we have a function operating on a block of data, we can call it multiple times, allowing us to compute the hash for a longer input…
Read more →
Introduction to Password Cracking #3 Rules
When you have used and try all your dictionaries and the passwords still does not give up... then you need to extend your attack ( assuming the dictionary is prima sort ). The ways that hashcat offers are several. There is the dictionary attack, which we discussed at the very beginning (POST#1). We…
Read more →
