Extracting Domain Hashes: Mimikatz
We previously covered how to perform incredibly fast hashcracking with AWS. In this post we’ll take a step back, and look at one simple method to extract the hashes from a domain controller. To be clear, this is a post exploitation step and to perform these steps a domain administrator account will be needed.Read More...
Content Security Policy
In our post on Finding and Fixing Cross-site Scripting, we recommended the use of Content Security Policy (CSP) to mitigate the effects of this vulnerability. It does this by allowing you to set up an allow list of resource locations (such as scripts) for your web pages, and therefore inform the browser to block any scripts that do not come from an authorised source. The problem is, you have to set up an allow list of resource locations, or the resource will be blocked.Read More...
Breaking Enterprise Wireless
In our previous posts we discussed how WEP is completely broken, known weaknesses with WPA, and bruteforcing WPA using AWS. This time around it’s time to look at “Enterprise” Wireless security. These are networks protected with EAP – Extensible Authentication Protocol.Read More...
Hash Cracking with AWS
In a previous post, I showed the steps to capture a WPA handshake and crack it using Hashcat. On my tiny travel laptop I achieved 416H/s, which is…slow.
AWS offers “GPU Optimized” EC2 instances:
- g4dn.xlarge – $0.53 per hour
- g3s.xlarge – $0.75 per hour
- p3.16xlarge – $24.48 per hour (that’s ~$18,000 per month!)
Posts broken down by category
Articles concentrating on network and operating system level attacks.
Articles covering attacks against web applications and their associated APIS.
Articles concentrating on past data breaches, looking for lessons learned.
Articles covering breaking into wireless networks and how to keep them safe.