Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Leadership

It’s 2023 and people’s passwords are still really really…

If you work in marketing you are probably walking around telling everyone that we all live in a ZERO trust era, that PASSWORDS are DEAD! Ransomware is DEAD and AI is the FUTURE and we should be doing that NOW!

Meanwhile back on CYBER PLANET EARTH, most organisation do NOT have or need AI, they use passwords and well they passwords they use are shockingly bad! Howe do I know this? I do password audits and security testing, but I also look at breach data! (and we have other people publish password audit reports etc.)

Read more “It’s 2023 and people’s passwords are still really really bad!” →
Guides

SMB (Server Message Block) Protocol Basics

SMB in a CLI world

If you are new or like me forget the bazzilion command syntaxes in the world, the use of the man command will be super helpful as well as google foo! To help people on their way here are some example of basic SMB tools, these come with kali.

SMB Ports

SMB typically operated on TCP 445

Nmap Example

Read more “SMB (Server Message Block) Protocol Basics” →
Defense

Password Auditing with L0phtcrack 7 – A quick intro

If you know me that one of the first things, I recommend organisations do is conduct password audits against active directory on a regular basis. There are a ton of ways to do this and depending upon size of directory and budget you will likely want to do this with more than a CPU however the process remains the same. So, with the news that a new release of L0phtcrack (open source) is online let’s take a look at how we can deploy and start cracking those hashes! This isn’t an end to end guide to cracking with l0phtcrack – but it does show the install process and provide considerations for your cracking adventures. Remember, only do this where you have authorisation. Read more “Password Auditing with L0phtcrack 7 – A quick intro” →

Defense

Password Managers – The Good the Bad and the…

Good practise is not always good practise

For years you might have heard to have a complex password you change regularly (like every 30 days to keep you safe from the hax0rs) but well… let us not lie, it is bloody terrible advice.

Password cracking, brute force attacks, credential stuffing and well mad human things like writing passwords down on post it notes under keyboards are hugely prevalent still. The other day I managed to see a password used on a corporate system which was “Thursday49”. Yep, I know I know we all know that a weak easily guessable, easily crack able password is not a good idea yet honestly, humans like things that work and are simple vs remember their 6 favourite books in reverse order with a complex character and capital letter. Read more “Password Managers – The Good the Bad and the Ugly” →

Recent Posts

  • Why is security so hard?
  • Virtual Desktop Infrastructure (VDI) & Cyber Essentials
  • Technology in the Wild
  • CrackMapExec (CME) on Windows
  • Ransomware + Mega = Mega Cyber Pain

Recent Comments

No comments to show.

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Guides
  • Hacking
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited
Theme by Colorlib Powered by WordPress