Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
mpgn Profile picture
mpgn
@mpgn_x64
Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Feb 20, 2023 7 tweets 3 min read
It's 2023, CrackMapExec can now dump DPAPI credentials as a core feature !🚀

This is possible thanks to the work of @_zblurx and his library dploot ! He also added a module to dump firefox passwords 🔥

Pushed on @porchetta_ind v5.4.5 Bruce Wayne 🪂

No excuse, DA everytime, 🔽 But wait, yet yet another dpapi dumping tool ?
Well @_zblurx has fully embraced the concept of CME and taken leverage of cmedb !

Everytime you found a valid credential, CME will add this cred in his own DB, CMEDB 🧙‍♂️

Now why this is important in the case of dpapi credentials ?🔽
Apr 6, 2020 5 tweets 3 min read
How to defeat Hashcat !? 🛡️ Well, I think I found a workaround😈

Use a password with the following format :

⚔️ '$HEX[xxxx]' ⚔️ (where xxxx are only hex characters)

Unless a specific flag is added to hashcat, the attacker will never be able to crack it ! #hashcat

1/5⬇️⬇️⬇️ Image As you can see on the screenshot, the🚩'--wordlist-autohex-disable' needs to be added to hashcat to crack this pwd👻

This issue is already known by the hashcat team as you can see on Github and called an "hexception" 😆

github.com/hashcat/hashca…

2/5⬇️⬇️⬇️ Image