pentesting, pci, red team

Worst passwords of 2019

April 8th, 2020 by admin in Uncategorized

According to SplashData’s The Top 50 Worst Passwords of 2019, tons of people still use “123456” as a password. It ranked second place in 2011 and 2012 and has been number one every year right through 2019. Below is a side by side comparison of the top 25 passwords from 2018 and 2019.

worst passwords 2018 2019

Your xkcd passwords are pwned

December 6th, 2019 by admin in Uncategorized

Unix ninja has a great thorough article about password strengths and standards and why your password probably sucks. Check it out at:


May 27th, 2019 by admin in Uncategorized

Kon-Boot is a tool that allows accessing target computer without knowing the user’s password. Unlike other solutions Kon-Boot does not reset or modify user’s password and all changes are reverted back to previous state after system restart. It has been on the market since 2009 and the free version was downloaded more than 5,000,000 times.

Kon-Boot is currently the only solution worldwide we are aware of that can bypass Windows 10 online passwords! and works with both Microsoft Windows and Apple OSX macOS operating systems. Kon-Boot has been successfully used by military personnel, law enforcement, IT corporations and professionals, forensics experts, private customers.

The latest versions allow you to run PowerShell scripts on Win8/10 machines with UEFI, allowing to automate information gathering quickly for forensic teams. Along with the Sticky Keys escalation feature, which allows user to spawn a console window with system rights before the user is logged in by pressing shift key 5 times, allows for quick access to system resources without worrying about user level access.

Supported operating systems:

Microsoft Windows systems:
   Microsoft Windows XP (from SP2)
   Microsoft Windows Vista Home Basic 32Bit/64Bit
   Microsoft Windows Vista Home Premium 32Bit/64Bit
   Microsoft Windows Vista Business 32Bit/64Bit
   Microsoft Windows Vista Enterprise 32Bit/64Bi
   Microsoft Windows Server 2003 Standard 32Bit/64Bit
   Microsoft Windows Server 2003 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2003 Enterprise 32Bit/64Bit
   Microsoft Windows Server 2003 Web Edition 32Bit/64Bit
   Microsoft Windows Server 2008 Standard 32Bit/64Bit
   Microsoft Windows Server 2008 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2008 Enterprise 32Bit/64Bit
   Microsoft Windows 7 Home Premium 32Bit/64Bit
   Microsoft Windows 7 Professional 32Bit/64Bit
   Microsoft Windows 7 Ultimate 32Bit/64Bit
   Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit)
   Microsoft Windows 10 all versions (32Bit/64Bit)

Apple OSX / macOS systems:
   Apple OSX 10.7
   Apple OSX 10.8
   Apple OSX 10.9
   Apple OSX 10.10
   Apple OSX 10. 11
   Apple macOS Sierra (10.12)
   Apple macOS High Sierra (10.13)
   Apple macoS Mojave (10.14)




Retroactive password policy

April 25th, 2017 by admin in Life, Uncategorized

Sorry your old password isn’t strong enough to change.



October 15th, 2014 by admin in Password Info, Uncategorized

DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.

list of recoverable secrets are :

  • EFS certificates
  • MSN Messenger credentials
  • Internet Explorer form passwords
  • Outlook passwords
  • Google Talk credentials
  • Google Chrome form passwords
  • Wireless network keys (WEP key and WPA-PMK)
  • Skype credentials



September 21st, 2014 by admin in Uncategorized

Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key, user password and SystemKey. More detailed information on this ::here::


Bypass iPhone lockscreen with Siri

September 21st, 2014 by admin in Uncategorized

Jose Rodriguez was playing around with an iPhone with iOS 8, and quickly discovered what he saw as a bug: Apple’s voice-activated assistant Siri acting like the worst bouncer ever. In iOS 8, he could activate Siri from the homescreen and she would let him circumvent the lockscreen to post to a person’s Facebook page or look at their notes and call history. No passcode necessary. He posted a demonstration on YouTube.

Kon-Boot 2.4 is out

January 26th, 2014 by admin in Uncategorized

Kon-Boot has updated to version 2.4, which ads the capability to bypass Windows 8/8.1 online account authorization. Definitely worth the price for the time and effort it saves.

Chaos Computer Club breaks Apple TouchID

September 22nd, 2013 by admin in Uncategorized

Using a technique he outlined over 10 years ago, starbug from CCC has broken the biometric lock on the new iPhone.

Reversing – WebEx One-Click Password Storage

July 12th, 2013 by admin in Uncategorized

Cisco’s WebEx is a hugely popular platform for scheduling meetings. You can conduct video and voice calls, screen sharing, and chat through the system. WebEx also provides a One-Click Client that offers standalone meeting scheduling and outlook integration so that users can avoid the Web Portal. This is how to reverse the password


Next Article »