Still the same thrill when #JohnTheRipper cracks a hash, even after all these years! 🎉

#JohnTheRipper Pen Testing: Review & Tutorial
https://www.esecurityplanet.com/products/john-the-ripper/

I just published an article on "Password Cracking —Understanding basics and tools used." Read it exclusively on @medium
https://earthtoyash.medium.com/password-cracking-understanding-basics-and-tools-used-6df4716dceee
#cybersecurity #infosec #password_cracking #johntheripper #hashcat

I just published an article on "Password Cracking —Understanding basics and tools used." Read it exclusively on @medium
https://link.medium.com/lDs2X8hYcwb
#cybersecurity #infosec #password_cracking #johntheripper #hashcat

@piebob @epixoip

The Export>Import is not bad, the big job is changing out all those passwords because right now all those passwords are in the hands of the crime syndicate and their heirs, successors and assigns.

Likely seeking the high value targets but maybe just running #hashcat #johntheripper type crackers - premium versions - looking for whatever breaks first. Next would be either a ransomware outbreak/pandemic, or, perhaps worse, a long term bore-from-within.

Think about it - they might by now already have penetrated & planted malware on accounts before the targets changed out their passwords. As one expert (which I am not) suggests, just retire all those old accounts. Probably not a bad idea.

Quite proud though.

We've been using NCSC's #threerandomwords at 20+ chars for all the AD passwords across the domain for a while now.

#JohnTheRipper has been at it most of the afternoon, and only two passwords have fallen, and one of them was greengreengreenyellowgreen.

Fair play, users, fair play.

Ringing in Black Friday by landing a domain controller in my OSCP lab. Pivoted through three machines to get here, but I've arrived! I'd like to thank my friends: mimikatz (an outdated version), autorecon, an unpatched web app with default creds, crackmapexec, certutil, reg save, john, kerberoasting, OneNote, vscode. The list of tools goes on and on. :---) #OSCP #mimikatz #autorecon #crackmapexec #JohnTheRipper #Kerberoasting #pentesting

Looks like time for an #introduction ...

I'm a senior #softwaredeveloper who have designed and/or implemented vulnerability scanners, WAF, IDS/IPS, Web Secure Gateway, single-sign-on reverse proxies for several security companies. I have more recently worked on product security for large #opensource project, and eventually turned into a depressed #CISO. For a few years I've worked on DNS steering optimization for the #CDN of large scale networks.

As a work hobby, I love re-exploring old or abandoned algorithms for modern security challenges, especially in the domain of large data processing, and often in the world of password cracking (I'm a #JohnTheRipper user since 1997 and had my first autograph signed by SolarDiz in 2001 😅).

As real hobbies, I'm a terrible but regular long distance runner, I 3d print and laser cut some shit I design and I bike on a Brompton.