Skip to content
Pipal is a tool that allows you to perform analysis on a list of words. As a blue-teamer, it would probably benefit you to know what kind of patterns your users are using for their passwords. Once you identify their patterns, you can train them on why this is bad and deter them from using predictable patterns.
If you followed along in Active Directory Password Audit in Kali, you can generate a list of passwords pretty easily:
While reading The Hacker Playbook 3, one of the first steps you’ll need to do is to install Powershell Empire. I ran into problems with dependencies between the current version in Git, and the version of Python included with Ubuntu 16.04. Rather than thrash about in dependency hell, I decided I’d opt to use Docker. Using Docker gives you quite a few advantages, some of which are:
Easy updates No dependency problems Run multiple instances off the same config There weren’t too many tutorials out there, so I decided to turn my notes into a blog post in hope that helps others.
Users go to great lengths to create crappy password patterns, but those patterns vary wildly from company to company. As an example in Tuscaloosa, I’m sure the words ‘bama’ and ‘tide’ are used in a huge percentage of passwords. When you’re conducting a password spray, it helps the red teamer a lot to know those terms in advance. As a blue teamer, we want to set up password filters that prevent the use of these key words.