Blog

Memory hardness is the real defense against GPUs and ASICs. How argon2id, bcrypt, scrypt and PBKDF2 compare, how to tune them, and which one to actually pick.

How AS-REP roasting lets an unauthenticated attacker pull a crackable krb5asrep hash from accounts with preauth disabled, and how defenders catch it.

An HS256 token carries everything an attacker needs to verify a guessed secret offline. How weak HMAC keys fall to hashcat -m 16500, and how to forge tokens after.

Poison LLMNR and NBT-NS with Responder to capture a NetNTLMv2 challenge response, crack it with hashcat mode 5600, and know when to relay instead.

Extract DCC2 hashes from a domain-joined host with secretsdump, crack them with hashcat mode 2100, and understand why MS-Cache v2 is slow by design.

Two ways into a WPA2 network: capture the EAPOL handshake or pull a clientless PMKID. How to produce 22000 format and crack it with hashcat, plus why WPA3 resists.

How domain hashes get extracted from NTDS.dit with secretsdump, how to feed the NT hashes to hashcat, map them back to users, and detect a DCSync.

A practical comparison of hashcat and John the Ripper — GPU vs CPU strengths, autodetection, -m modes, jumbo formats, wordlists and rules — with example commands.

Why bcrypt drops cracking throughput from billions to thousands per second: the cost factor, its GPU-hostile key schedule, and the 72-byte truncation gotcha.