SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today’s tale of pentest pwnage covers some of the following attacks/tools:

  • Teleseer for packet capture visualizations on steroids!
  • Copernic Desktop Search
  • Running Responder as Responder.py -I eth0 -A will analyze traffic but not poison it
  • I like to run mitm6 in one window with mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn and then in another window I do ntlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log – that way I always have a log of everything happening during the mitm6 attack
  • Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven’t tested it myself yet)

Written by: Brian Johnson

Share on socials: