-
Automated password generation
Secure password storage
Auto-fill passwords in web browsers
Two-factor authentication
Encryption with a master password
Import/Export of password data
Support for d…
-
Concerning 2.2.1: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x11-V2-Authentication.md#v22-general-authenticator-requirements
> Verify that anti-automation controls are effective at mitigatin…
-
**Template Details**
NTLM info disclosure: https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666
```yaml
id: ntlm-info-disclosure
info:
…
-
There are at least three types of risks we may want to protect against:
* Denial of Service: where the attacker exhaust server resources by exercising a slow-path
* Password "guessing": where the at…
-
**What's the issue?**
Overwritten test scenario, can be summarized and link to payload lists from other repos
**How do we solve it?**
Chop down the content to the required and needed information,…
-
Tools look great, would be awesome to see a year, month, and season extension set added!
-
## Description
Detect successful Brute Force attempts against Okta from a single IP with an EQL rule that uses data from the Okta filebeat module to detect when there are multiple failed authenti…
aarju updated
3 years ago
-
Do you envision in enhancing the following 2?:
"Points-based complexity policy definition" --> assigning points to number of banned words used in password (basically like the MSFT algorithm)
"Regu…
-
It seems I've managed to trick the system. I just happened to test with this password format and the change was accepted, so I thought it wasn't working, but having tested further it seems like using …
-
I am writing a step that will perform a password spray attack on computers that are found in the domain using the `GetComputers` step. The postproperties of the `GetComputers` step is the `host_g` va…