7MS #309: Password Cracking in the Cloud - Part 2


Manage episode 205428437 series 1288763
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)!

In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think:

  • Extracts the hashes safely
  • Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it)
  • Does the work pretty automagically

I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!

360 episodes available. A new episode about every 6 days averaging 33 mins duration .