Michael Kruger

@Defte_ @stratosberry @snovvcrash @al3x_n3ff @Disgame_ It would be faster to generate it on the gfx card. As if you were regenerating the table.

@stratosberry @snovvcrash @al3x_n3ff @Disgame_ @_cablethief You can. What I do is I use Have I Been Pwn NT database ^^But if you have got the rainbows, go for it ^^

NetExec has a new Module: Timeroast🔥 In AD environments, the DC hashes NTP responses with the computer account NT hash. That means that you can request and brute force all computer accounts in a domain from an UNAUTHENTICATED perspective! Implemented by @Disgame_ 1/3🧵

The fact that @AndresFreundTec didn't just write the whole xz thing off as "It's probably DNS" is honestly amazing.

Had a blast climbing Norwegian 🇳🇴mountains with some amazing people, @oleavr and @_cablethief !

My next book is *The Internet Con: How to Seize the Means of Computation.* It's a recipe to disenshittify the web and bring back the old good internet. The book is from @VersoBoooks, but the #audiobook is from me - because Amazon refuses to sell it: kickstarter.com/projects/docto… 1/

Every once in a while I'm reminded that dnsmasq, a lightweight DNS and DHCP server that's bundled into *almost every IOT thing and Linux distro*, is a hobby project maintained by one guy in the UK named Simon. Nobody pays him and he doesn't get near the thanks he deserves.

A morning @defcon run with @_cablethief and Jaco to The Mill (for those who remember Defcon at the Riv). Even met @elkentaro on the way.

A quick Docker hostapd-mana RADIUS service for capturing creds using an external device: github.com/sensepost/bera… Bonus: Certificates with Lego and CF DNS are so convenient go-acme.github.io/lego/usage/cli… Bonus Bonus: join us at BH for further WiFi shenanigans #unplugged-modern-wi-fi-hacking-30636" target="_blank" rel="nofollow noopener">blackhat.com/us-23/training…

Excited to teach wireless hacking and try to convince more people that using wpa_sycophant is easier than it seems (most of the time 😝).

The RID500 Admin account doesn't benefit from Protected User Group restrictions. This is a MS WONTFIX & means you can authenticate as Admin using RC4 KRB or perform any KRB delegation attack if you impersonate the RID500 Admin. The latest find by @Defte_ sensepost.com/blog/2023/prot…

Another 0xC0FFEE session tonight with two guest speakers: Jeandre Mitton talking about using Pre/Post Scripts with Postman for CAPTCHA bypass and @leonjza talking about the LightNeuron malicious mail transport agent he built for MITRE ATT&CK purple teaming. 1/2

Struggling to proxy your offensive tools (*cough, Windows, cough*)? See how @_cablethief uses WireGuard and tun2socks to make remote networks available via a network route (from any device or container), over SOCKS! sensepost.com/blog/2022/wire…

Yeah! @defcon wifi fixed this. Plus wpa_supplicant can do leaf cert validation these days too!

@singe XD

Earlier today I though I’d found a 4x speed up on ntcrack. It turns out I was creating and array then clearing it and my quick test case of cracking the first hash of a wordlist passing had me miss it. I thought I had gotten lucky. @_cablethief those fireworks set themselves off!

@singe Specifically PPTP and SSTP

Relaying wifi PEAP to VPN.

Finished showing off ppp_sycophant to @athackcon arsenal. Really enjoying the conference and Saudi! @ToolsWatch github.com/sensepost/ppp_…

The crew! @athackcon has been amazing. Saudi has been amazing. Training's pretty darn good. Conference has a great line up. Jason is one happy dude. Thanks @sensepost_train @orangecyberdef @sensepost @athackcon @SAFCSP

Good luck to all the trainers at @athackcon in #SaudiArabia! To the @sensepost crew - may it be a great kickstart to getting back to in person training. Smash it! #atHackcon #BlackHat #orangecyberdefense

Awesome! My two tools berate_ap and wpa_supplicant have made it into Kali :D! kali.org/blog/kali-linu… My writeup from 2019 for some context: sensepost.com/blog/2019/peap…

🎉We're super excited to publicly release assless-chaps, our super fast MSCHAPv2 cracking tool github.com/sensepost/assl… Our DEF CON @rfhackers Village talk with @_cablethief & me explaining it is out youtube.com/watch?v=lm7Cuk… Our new hashcat modes 27000/27100 have been merged too!

@markgamacheNerd @singe @rfhackers For both MSChap and NTLMv1 they crack exactly the same, so it should work for both I believe