In previous posts we looked at different authentication methods and evaluated their strengths and weaknesses, then looked at session hijacking and device-bound session credentials. Weβre now going to put that knowledge to practical use by auditing the MFA methods in use in a Microsoft environment.
Continue reading...In the last post I looked at all the different methods of multi factor authentication, and evaluated the strength of each type. Passkeys came out as a clear winner, as they mitigate both fake domains and users being tricked into giving out their one time…
Continue reading...It's 2026, and identity is the new perimeter. The Crowdstrike Global Threat Report 2025 focuses heavily on the identity and key methods used to compromise accounts. Sure, attackers and bots are still hammering away at public IP addresses, looking for that RDP server you forgot…
Continue reading...I'm currently locked in a battle with a senior member of our organisation who is annoyed that someone they contact regularly at another organisation gets quarantined by our email security. Do you want to know why? They are not sending from an IP address specified…
Continue reading...In the last post, we looked at cracking WPA2 passwords using an online dictionary attack, which is actually pretty straightforward. However, it is only as good as the wordlist used to crack the hash. There are a number of wordlists pre-installed on Kali, such as…
Continue reading...
