Sitemap
All pages on the site.
Identifier
Blog
- Argon2 vs bcrypt vs scrypt: picking a password KDF in 2026
- AS-REP Roasting: cracking accounts that skipped Kerberos preauth
- Brute-forcing JWT HS256 secrets with hashcat
- Capturing NetNTLMv2 with Responder and cracking it offline
- Cracking cached domain credentials (DCC2 / MS-Cache v2)
- Cracking WPA2: the PMKID attack and the 4-way handshake
- Dumping NTDS.dit and cracking every password in the domain
- Hashcat vs John the Ripper: which cracker should you use?
- How bcrypt resists GPUs
- Finding the right hashcat -m mode (and what to do when you get it wrong)
- How to identify an unknown hash: a practical guide
- Is MD5 still worth cracking in 2026?
- Kerberoasting: turning a service ticket into a domain password
- Mask attacks and keyspace: brute force that actually finishes
- What an NTLM hash actually is
- Pass-the-Hash: authenticating with an NTLM hash you never cracked
- What salts actually do (and what they do not)
- sha512crypt and /etc/shadow: how Linux stores your password
- Tuning hashcat for real GPU throughput
- Why fast hashes are dangerous for password storage
- The wordlist and rules setup that actually cracks passwords