Collaborate Disseminate
There is a lot of online tools to bruteforce online server like hydra and offline with hashes like hashcat. Yet it seems very weird that there is not a single offline bruteforcing app for software. Like if a make a python app that requires… Continue reading bruteforce local software’s password
I am in the process of creating a Python pipeline intended for reading and processing sensitive medical personal data from password-protected Excel files. The pipeline utilizes the msoffcrypto library, specifically the OfficeFile.load_key … Continue reading Assessing the Implications of Using msoffcrypto for Open Sourcing a Medical Data Processing Pipeline
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Ta… Continue reading Attackers can steal NTLM password hashes via calendar invites
Are there any widely adopted guidelines/recommendations in regard to online password generators? Are they recommended over offline generators, for example? If so with what justification?
References would be appreciated.
NB: this is not abo… Continue reading Online password generator vs. offline counterparts? Are there widely adopted guidelines/recommendations?
After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone.
[Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to … Continue reading Canadian Citizen Gets Phone Back from Police
As the title says, I recently deleted an archive in 7z on windows 11, I went into the 7zip recycle bin and can see it but i cannot restore it.. Any time I right click and hit "Restore" nothing happens.. If I try to extract the ar… Continue reading Can someone help with deleted 7zip archive restore
I use a password manager and have a browser plugin installed for it to simplify entering passwords into websites. I recently encountered a website (enterprise SaaS solution I use at work), which actively blocks password managers from auto… Continue reading Why would website block password manager auto-fill?
The problem with security products and technologies is that they’re often too difficult to use, causing people to give up on them. This is why I’m so excited about passkeys, a new passwordless authentication technology for online accounts that is both … Continue reading Passwordless Password Manager Problems (Premium)
I’m working on a lab on PortSwigger.com titled Username enumeration via different responses. While using ffuf to solve the lab, the output keeps returning a 400 status code.
So far this is what I’ve tried. Here is the request payload file,… Continue reading FFUF command returns status code 400, regardless of mode option: clusterbomb, pitchfork, sniper
Is there any password wordlists specifically for Spanish words that are available in Kali linux or that you would recommend to download?