> .ROLE
PENETRATION TESTER, CYBERSECURITY CONSULTANT
> .DETAILS
Passwords are hard. If you haven’t noticed yet, so much about how attackers are able to exploit security weaknesses starts with a bad password somewhere. They are also extremely hard to fix, as it’s their nature to change.
Most of the time, a bad password policy is due to politics within an organization or a misunderstanding of what makes a good policy. So, as one of the last parts of a Windows network security assessment, a password audit is performed. Nothing helps a high-up executive like an easy-to-understand, impactful graph. And passwords allow us to do just that.
perform a DCSync, this will allow us to dump the password hashes for all domain user accounts in the network, then attempt to crack them. Once cracked, perform your own analysis on the state of passwords in the network.
> .TECHNOLOGY
MIMIKATZ, WINDOWS SERVER, KALI LINUX, VMWARE