Reusable Security

  " Interest is the most important thing in life; happiness is temporary, but interest is continuous. " - Georgia O'Keeffe Introduction: The focus of this blog entry will be on tools and scripts to analyze packet captures. This  is the result of falling down a rabbit hole when writing the previous tutorial on the CMIYC 2024 WIFI cracking challenge: [ Link ]. In that writeup I realized I hadn't been keeping up on the state of automated tooling to help extract secrets and interesting data from packet captures. So I asked for tips and suggestions on what I could use. And you all responded! This is another reason why these blog posts are really beneficial to me. I learn so much writing them, so thank you! As a disclaimer, while I will be using the CMIYC2024 dataset to explore using some of these tools, these tools are not really suited for password cracking competitions. For short competitions, you are better off performing manual analysis of the data. As a spoiler, none

" It is never too late to be who you might have been. " - George Elliot Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenges. You can view my previous two write-ups using the following links. Each one covered a specific challenge of the CMIYC contest: [ Striphash ] and [ Radmin3 hashes ].  I'll admit, in my previous posts I was focusing on the plumbing of the challenges. Aka how to extract the hashes and get them in a format that you can run password cracking attacks against. But I danced around how to run successful cracking sessions against those hashes. There's a lot of reasons for that, but the biggest one is that I wasn't very successful during the contest itself. I needed time to step back, and start investigating all the challenges and hints that Korelogic gave out during the contest but I didn't have time to really dig into. Then with sleep and no pressing deadlines I could start to solve, understand,

"Nothing is more permanent than a temporary solution. " - Russian Proverb Introduction: This is a continuation of my write-up about this year's Crack Me If You Can challenge. You can view the previous entry focusing on the StripHash challenge [ here ]. Like the last write-up, this one is going to focus on one specific hash format (RAdmin3), details about that hash format, and how to load those hashes into a cracking session. I'm going to defer most of the actual cracking of these passwords to a later writeup though since running a successful cracking session relies on solving other challenges found throughout the contest. Important Links, Tools, and References for this Post: Synactiv's blog post: Cracking Radmin Server 3 Passwords Link:   https://www.synacktiv.com/en/publications/cracking-radmin-server-3-passwords Reason:  This is really an amazing blog post going into dumping Radmin password hashes, reverse engineering their hashing algorithm, and then cracking t