7MS #325: Integrating Pwned Passwords with Active Directory - Part 2
7 Minute Security30 Aug 2018

7MS #325: Integrating Pwned Passwords with Active Directory - Part 2

Today's episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt's Pwned Passwords into your Active Directory.

To get started with this in your environment, grab Troy's updated passwords list here, and then you can check out my BPATTY site for step-by-step implementation instructions.

The big "gotchas" I discuss in today's episode are:

  • If users update their password to something on the Pwned Passwords list, they'll see the generic "Your password didn't meet policy requirements" message. In other words, the message they'll see is no different than when they pick a password that doesn't meet the default domain policy. So be careful! I'd recommend training the users ahead of pulling the trigger on Pwned Passwords.

  • If you want to take, for example, just the top 100 words off of Troy's list and start your implementation off with a small list with:

Get-Content ".\pwnedpasswords.txt" | select -First 100
  • As it relates to "hard coding" a machine to point to a specific domain controller, this site has the technique I used. Is there a better way?

Avsnitt(684)

7MS #107: I'm Going to PWAPT!

7MS #107: I'm Going to PWAPT!

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

3 Nov 20157min

7MS #106: A Day in the Life of an Information Security Analyst

7MS #106: A Day in the Life of an Information Security Analyst

A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!

30 Okt 201510min

7MS #105: OFFTOPIC-Big Bag of Random Sauce

7MS #105: OFFTOPIC-Big Bag of Random Sauce

Today's totally random episode covers: 1. How bad does this podcast's logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I'm taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode strategy.

28 Okt 20159min

7MS #104: LANTurtle First Impressions

7MS #104: LANTurtle First Impressions

Hey I just got a LANTurtle and....these are my first impressions!

22 Okt 20157min

7MS #103: OFFTOPIC-I Was in a Movie Once

7MS #103: OFFTOPIC-I Was in a Movie Once

This is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.

20 Okt 20157min

7MS #102: Recon-ng!

7MS #102: Recon-ng!

I'm a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here's the video I mentioned in the podcast - my first look at Recon-ng in action: https://www.youtube.com/watch?v=vkmNTNl6urw

15 Okt 20158min

7MS #101: OFFTOPIC-I Am Chris Farley

7MS #101: OFFTOPIC-I Am Chris Farley

The new(ish) Chris Farley documentary is fantastic - see it!

14 Okt 20157min

7MS #100: Assessment Curses Can Be Blessings

7MS #100: Assessment Curses Can Be Blessings

Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.

9 Okt 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-viva-fotboll
olyckan-inifran
aftonbladet-daily
rss-vad-fan-hande
rss-sanning-konsekvens
svenska-fall
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight