Blog

Hashcat won't autodetect anything. Here is how to pick the correct -m mode, disambiguate look-alike hashes, and read the errors that mean you chose wrong.

Found a mystery hash? Learn the signals that reveal its type — length, character set and prefixes like $2y$ or $6$ — and how to identify it privately in your browser.

MD5 is a fast unsalted digest that still litters real systems. Why cracking it is a preimage guessing game, not a collision, and what defenders should do.

How Kerberoasting actually works, why any domain user can do it, and the exact path from a krb5tgs ticket to a cracked service account password with hashcat.

Build hashcat masks with charsets, do the keyspace math, use custom charsets and increment, and know when -a 3 beats a wordlist and when it is hopeless.

NTLM is the MD4 of a UTF-16LE password: unsalted, fast, password-equivalent. How it differs from NetNTLMv2, where it lives, and why length is the only defence.

Why an NTLM hash is password-equivalent, how pass-the-hash works with Impacket, NetExec and Mimikatz, and the controls that actually stop lateral movement.

Salts kill rainbow tables and shared-hash leaks. They do not slow a single targeted crack. Why salted MD5 is still weak, and why you need a slow KDF too.

What the $6$ in /etc/shadow means, how sha512crypt rounds and salts work, why it is slower than raw SHA-512 but weaker than bcrypt, and how to crack it.