Analyzing Tokenizer Part 2: Omen + Tokenizer
“I have not failed. I've just found 10,000 ways that won't work”- Thomas EdisonIntroduction:This is a continuation of a deep dive into John the Ripper's new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to ... Read More
Analyzing JtR’s Tokenizer Attack (Round 1)
Introduction / Goals / Scope:This is a follow-up to my previous blog post looking at how to install/run the new John the Ripper Tokenizer attack [Link]. The focus of this post will be on performing a first pass analysis about how the Tokenizer attack actually performs.Before I dive into the ... Read More
Running JtR’s Tokenizer Attack
Disclaimer 1: This blog post is on a new and still under development toolset in John the Ripper. Results depict the state of the toolset as-is and may not reflect changes made as the toolset evolves.Disclaimer 2: I really need to run some actual tests and password cracking sessions using ... Read More
Extracting Secrets from Packet Captures (A CMIYC2024 Story)
"Interest is the most important thing in life; happiness is temporary, but interest is continuous."- Georgia O'KeeffeIntroduction:The focus of this blog entry will be on tools and scripts to analyze packet captures. This is the result of falling down a rabbit hole when writing the previous tutorial on the CMIYC 2024 ... Read More
CMIYC2024: Wifi Cracking Challenge
"It is never too late to be who you might have been."- George ElliotIntroduction:This is a continuation of my write-up about this year's Crack Me If You Can challenges. You can view my previous two write-ups using the following links. Each one covered a specific challenge of the CMIYC contest: ... Read More
CMIYC 2024: RAdmin3 Challenge
"Nothing is more permanent than a temporary solution."- Russian ProverbIntroduction:This is a continuation of my write-up about this year's Crack Me If You Can challenge. You can view the previous entry focusing on the StripHash challenge [here]. Like the last write-up, this one is going to focus on one specific ... Read More
CMIYC 2024: Striphash Challenge
"I can accept failure. Everyone fails at something. But I can't accept not trying." - Michael JordanIntroduction:First off, I really want to thank the team over at Korelogic for putting together a truly impressive contest. Korelogic always uses the CMIYC contest to push for change/improvements in password cracking tools and ... Read More
Tutorial for CMIYC2024: Registering a Team and Cracking Test Hashes
Whenever a thing is done for the first time, it releases a little demon.- Emily DickinsonGetting Ready For Crack Me If You Can 2024August is like New Years for me. With BSides Vegas, Defcon, and all the other hacker conferences, I find myself taking stock of the previous year, realizing all ... Read More
Jupyter Lab Framework Example: Revisiting CMIYC2022
Everything that happens once can never happen again. But everything that happens twice will surely happen a third time.-- Paulo CoelhoIntroducing the JupyterLab Password Cracking Framework: For the last couple of months, I've been (slowly) working on building out a new backend/framework to be able to manage password cracking sessions using ... Read More
Hashcat Tips and Tricks for Hacking Competitions: A CMIYC Writeup Part 3
I want to know1and understand1But I will not1-- Hashes cracked from the KoreLogic CMIYC 2023 competitionIn the previous two posts on the CMIYC competition [Part 1, Part 2], I had focused on how to integrate data science tools into your password cracking workflow and showed how to crack passwords on ... Read More
