7MS #304: Integrating Pwned Passwords with Active Directory
7 Minute Security5 Apr 2018

7MS #304: Integrating Pwned Passwords with Active Directory

I've been super pumped about Troy Hunt's Pwned Passwords project ever since it came out - especially when I saw a tweet about using it in Active Directory so that enterprises could essentially stop people from picking previously pwned passwords! That led me to explore the following two solutions:

Pwned Passwords DLL

This blog entry has everything you need to get started with this GitHub project. If you've got some coding skillz you can probably give everything a quick read and have the DLL installed and running in no time. If you're like me and have little to zero Visual Studio experience, head to my BPATTY site page about Pwned Passwords where I've laid everything out step-by-step!

Bottom line is this is a FREE way to check AD passwords against Troy's list of 500M+ previously pwned passwords. Awesome dude!

SafePass.me

I gave this commercial solution a demo and it worked fine as well. It's about $700 USD and comes packaged in an .MSI file that you simply double-click to install, then reboot the domain controller(s). It looks to do the exact same thing as Pwned Passwords DLL but without having to build a DLL or install it manually.

Episoder(694)

7MS #22: Phishing with Black Squirrel (audio)

7MS #22: Phishing with Black Squirrel (audio)

In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.

27 Jul 20147min

7MS #21: OSCP – part 1 (audio)

7MS #21: OSCP – part 1 (audio)

In this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part, spoiler-free series about my experience with OSCP. With…

20 Jul 20147min

7MS #20: Moving from GoDaddy to DNSimple (audio)

7MS #20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s humorous/awesome article pushed me over the edge and convinced me to give DNSimple a…

15 Jul 20147min

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Jul 20147min

7MS #18: Wireless Security 101 (audio)

7MS #18: Wireless Security 101 (audio)

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will demonstrate how easy it is to crack WEP. Stronger encryption such as WPA/WPA2…

22 Jun 20147min

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…

14 Jun 20147min

7MS #16: PwnPad Initial Impressions – part 2! (audio)

7MS #16: PwnPad Initial Impressions – part 2! (audio)

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…

31 Mai 20147min

7MS #15: PwnPad Initial Impressions (audio)

7MS #15: PwnPad Initial Impressions (audio)

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad scripts/automates much of the “busy work” to capture WPA handshakes.

24 Mai 20146min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
popradet
forklart
stopp-verden
det-store-bildet
bt-dokumentar-2
fotballpodden-2
dine-penger-pengeradet
nokon-ma-ga
rss-penger-polser-og-politikk
rss-dannet-uten-piano
aftenbla-bla
frokostshowet-pa-p5
e24-podden
rss-ness
unitedno
rss-borsmorgen-okonominyhetene
rss-garne-damer