Search
Search the blog and hash guides.
Argon2 vs bcrypt vs scrypt: picking a password KDF in 2026
Memory hardness is the real defense against GPUs and ASICs. How argon2id, bcrypt, scrypt and PBKDF2 compare, how to tune them, and which one to actually pick.
AS-REP Roasting: cracking accounts that skipped Kerberos preauth
How AS-REP roasting lets an unauthenticated attacker pull a crackable krb5asrep hash from accounts with preauth disabled, and how defenders catch it.
Brute-forcing JWT HS256 secrets with hashcat
An HS256 token carries everything an attacker needs to verify a guessed secret offline. How weak HMAC keys fall to hashcat -m 16500, and how to forge tokens after.
Capturing NetNTLMv2 with Responder and cracking it offline
Poison LLMNR and NBT-NS with Responder to capture a NetNTLMv2 challenge response, crack it with hashcat mode 5600, and know when to relay instead.
Cracking cached domain credentials (DCC2 / MS-Cache v2)
Extract DCC2 hashes from a domain-joined host with secretsdump, crack them with hashcat mode 2100, and understand why MS-Cache v2 is slow by design.
Cracking WPA2: the PMKID attack and the 4-way handshake
Two ways into a WPA2 network: capture the EAPOL handshake or pull a clientless PMKID. How to produce 22000 format and crack it with hashcat, plus why WPA3 resists.
Dumping NTDS.dit and cracking every password in the domain
How domain hashes get extracted from NTDS.dit with secretsdump, how to feed the NT hashes to hashcat, map them back to users, and detect a DCSync.
Hashcat vs John the Ripper: which cracker should you use?
A practical comparison of hashcat and John the Ripper — GPU vs CPU strengths, autodetection, -m modes, jumbo formats, wordlists and rules — with example commands.
How bcrypt resists GPUs
Why bcrypt drops cracking throughput from billions to thousands per second: the cost factor, its GPU-hostile key schedule, and the 72-byte truncation gotcha.
Finding the right hashcat -m mode (and what to do when you get it wrong)
Hashcat won't autodetect anything. Here is how to pick the correct -m mode, disambiguate look-alike hashes, and read the errors that mean you chose wrong.
How to identify an unknown hash: a practical guide
Found a mystery hash? Learn the signals that reveal its type — length, character set and prefixes like $2y$ or $6$ — and how to identify it privately in your browser.
Is MD5 still worth cracking in 2026?
MD5 is a fast unsalted digest that still litters real systems. Why cracking it is a preimage guessing game, not a collision, and what defenders should do.
Kerberoasting: turning a service ticket into a domain password
How Kerberoasting actually works, why any domain user can do it, and the exact path from a krb5tgs ticket to a cracked service account password with hashcat.
Mask attacks and keyspace: brute force that actually finishes
Build hashcat masks with charsets, do the keyspace math, use custom charsets and increment, and know when -a 3 beats a wordlist and when it is hopeless.
What an NTLM hash actually is
NTLM is the MD4 of a UTF-16LE password: unsalted, fast, password-equivalent. How it differs from NetNTLMv2, where it lives, and why length is the only defence.
Pass-the-Hash: authenticating with an NTLM hash you never cracked
Why an NTLM hash is password-equivalent, how pass-the-hash works with Impacket, NetExec and Mimikatz, and the controls that actually stop lateral movement.
What salts actually do (and what they do not)
Salts kill rainbow tables and shared-hash leaks. They do not slow a single targeted crack. Why salted MD5 is still weak, and why you need a slow KDF too.
sha512crypt and /etc/shadow: how Linux stores your password
What the $6$ in /etc/shadow means, how sha512crypt rounds and salts work, why it is slower than raw SHA-512 but weaker than bcrypt, and how to crack it.
Tuning hashcat for real GPU throughput
Benchmarks lie if you read them wrong. Workload profiles, optimized kernels, thermal throttling, multi-GPU and segmenting big attacks, with honest cloud rental math.
Why fast hashes are dangerous for password storage
MD5 and SHA-1 fall to a GPU in seconds because they are fast and often unsalted. Learn why slow KDFs like bcrypt and Argon2 resist — and what defenders should do.
The wordlist and rules setup that actually cracks passwords
rockyou.txt is a starting line, not a strategy. How to combine curated wordlists, rules, masks and targeted lists, and when each one is a waste of GPU time.