rbsec
rbsec
Does that port actually have a functional SSL service running that accepts connections? If so, can you share a pcap?
This seems like a very generic title that could probably cover a large chunk of the guide. Are there specific technologies or areas that you're thinking about here?
I think that this is implied by the information gathering section, but there's perhaps some scope to make it a bit more explicit in some of the sections, and maybe...
@solardiz I was actually halfway through writing a response when you posted, so that was good timing. Completely agree that the capital start/number end isn't a good way to make...
> Regarding Windows password policies, maybe you can get some of your client companies to deploy our passwdqc? It can be used to implement a similar policy, but without the...
I just tried out charsets based on the new `password.lst`. Results are summarised in the tables below. To recap, I've used three main charsets. * Rockyou = Default charsets included...
Right, so I've gone away and done some more (and slightly more rigorous) testing. Incremental mode was run for 50G candidate (~20 mins) with the following charsets: * Rockyou =...
> I just realized that our default --external=policy includes a check for the length being exactly 8, just as an example. Did you keep that check in your tests? If...
Using the Hashes.org passwords as a wordlist was pretty effective at cracking more of HIBP, and (on top of the existing pot) cracked between 96% and 99% depending on the...
> You probably misread my code. What it does is actually very similar to what yours does, just in a simpler way. The difference is yours rejects passwords with non-ASCII...