Hacking
I haven’t had tea but I was thinking about the MAC i was remoting into and I suddenly thought.. I wonder how to crack the hashes from a MAC. Surely it’s just cat /etc/passwd and cat /etc/shadow and then unshadow and run hashcat right?
WRONG!
The hashes for local users are stored here:
Read more “Hash Cracking for Modern OS X (10.8+)”
Guides
Back in 2019 I started to make some materials to help people with some basic offensive security techniques. I made three eppisodes of training materials. Well I’ve decided to re-release these, they haven’t really been changed but I’ve updated a few graphics on episode 3 and removed a link to Cain and Abel because it’s no longer maintained. I will probably go through these at some point and re-factor them.
I’ve got more documents on active directory security, I’ve actually written hundreds of pages on the subject but the challenge I’ve had is there is just so much to write, so I’ve decided I’m going to chunk it up into small blogs on a specific technique or area.
Read more “Hacking 101”
Defense
I’ve worked with a lot of organisations over the years and seen lots of ways of doing certain things. Policy implementation is one of those! I’m in a fortunate position where I get to see different people’s policy documents, their systemic implementations and even interview staff to see how these work on the ground. So, I thought I’d write about password policies!
Humans like to be efficient and people also struggle to deal with the huge volume of identify management and authentication solutions they are presented with. Just think, how many passwords are required in everyday life?
The list goes on and on! Then let’s add in corporate IT services….
Anyone who’s worked in an office will have seen familiar sites of the following: