Sometimes when conducting a Penetration Testing exercise or Red Team engagement, you might be interested in extracting password hashes or credentials of your target Windows user, without the use of Mimikatz to avoid detection. This is where you would resort to using an NTLM downgrade attack. In this article we shall discuss how you can be able to perform this...
Resources
Blog
Credential Abuse
Keep up to date with the latest offensive security news, knowledge, and resources.
Delve into the modern techniques and security controls surrounding password spraying. This series will explore the current techniques, tactics, and procedures (TTPs) for password spraying.
Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The thing is, it’s easier said than done as companies increasingly continue to transition to cloud services such as Microsoft Office 365 (O365) – all of which provide multi-factor authentication (MFA)
The key to our engagements often and unfortunately involve the discovery of credentials on internal network file shares. We’re going to show you how we find cleartext password storage problems and how to address them.
We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article Cody Thomas wrote for the SpectrOps blog.
Given how often we see this tactic used, we’re going to break down the basics. We want to help you understand how password spraying works, along with some effective steps you can take to prevent it from being used against your organization.
What is password spraying?
