7MS #325: Integrating Pwned Passwords with Active Directory - Part 2
7 Minute Security30 Aug 2018

7MS #325: Integrating Pwned Passwords with Active Directory - Part 2

Today's episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt's Pwned Passwords into your Active Directory.

To get started with this in your environment, grab Troy's updated passwords list here, and then you can check out my BPATTY site for step-by-step implementation instructions.

The big "gotchas" I discuss in today's episode are:

  • If users update their password to something on the Pwned Passwords list, they'll see the generic "Your password didn't meet policy requirements" message. In other words, the message they'll see is no different than when they pick a password that doesn't meet the default domain policy. So be careful! I'd recommend training the users ahead of pulling the trigger on Pwned Passwords.

  • If you want to take, for example, just the top 100 words off of Troy's list and start your implementation off with a small list with:

Get-Content ".\pwnedpasswords.txt" | select -First 100
  • As it relates to "hard coding" a machine to point to a specific domain controller, this site has the technique I used. Is there a better way?

Episoder(696)

7MS #111: Hacking WPA Enterprise-Part 2

7MS #111: Hacking WPA Enterprise-Part 2

The thrilling (?) conclusion of my experience hacking WPA Enterprise.

20 Nov 20156min

7MS #110: Hacking WPA Enterprise-Part 1

7MS #110: Hacking WPA Enterprise-Part 1

This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2! https://warroom.securestate.com/index.php/evil-twin-attack-using-hostapd-wpe/

17 Nov 20158min

7MS #109: OFFTOPIC-It Follows and Backcountry

7MS #109: OFFTOPIC-It Follows and Backcountry

Movie reviews of It Follows and Backcountry.

13 Nov 20157min

7MS #108: I'm Going to PWAPT!-Part 2

7MS #108: I'm Going to PWAPT!-Part 2

Here's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!

11 Nov 201510min

7MS #107: I'm Going to PWAPT!

7MS #107: I'm Going to PWAPT!

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

3 Nov 20157min

7MS #106: A Day in the Life of an Information Security Analyst

7MS #106: A Day in the Life of an Information Security Analyst

A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!

30 Okt 201510min

7MS #105: OFFTOPIC-Big Bag of Random Sauce

7MS #105: OFFTOPIC-Big Bag of Random Sauce

Today's totally random episode covers: 1. How bad does this podcast's logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I'm taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode strategy.

28 Okt 20159min

7MS #104: LANTurtle First Impressions

7MS #104: LANTurtle First Impressions

Hey I just got a LANTurtle and....these are my first impressions!

22 Okt 20157min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
aftenpodden-usa
stopp-verden
popradet
fotballpodden-2
dine-penger-pengeradet
det-store-bildet
nokon-ma-ga
bt-dokumentar-2
frokostshowet-pa-p5
rss-dannet-uten-piano
aftenbla-bla
rss-ness
e24-podden
rss-penger-polser-og-politikk
rss-borsmorgen-okonominyhetene
rss-gukild-johaug
rss-garne-damer