Category: Password Cracking rss

Posts

Pipal is a tool that allows you to perform analysis on a list of words. As a blue-teamer, it would probably benefit you to know what kind of patterns your users are using for their passwords. Once you identify their patterns, you can train them on why this is bad and deter them from using predictable patterns. If you followed along in Active Directory Password Audit in Kali, you can generate a list of passwords pretty easily:
Users go to great lengths to create crappy password patterns, but those patterns vary wildly from company to company. As an example in Tuscaloosa, I’m sure the words ‘bama’ and ‘tide’ are used in a huge percentage of passwords. When you’re conducting a password spray, it helps the red teamer a lot to know those terms in advance. As a blue teamer, we want to set up password filters that prevent the use of these key words.