Shadow Copy replication with Microsoft Vssadmin.Local Security Authority Subsystem Service (LSASS) injection.Techniques for obtaining the hashes from a Windows Domain Controller boil down to: Various ways to grab the hashes exist, each carrying some risk as it’s an unsupported process. Dump the hashes from a DC first, and then compare the hashes to a list of breached passwords/hashes (we’re going to be using Troy Hunt’s Have I Been Pwned database). Two of the most prevalent attacks today: Password Spraying and Credential Stuffing. That is: check a user password against a corpus of breached data.Ī password audit is a very effective way of demonstrating this area of weakness. The current climate of data breaches is at the heart of one of its major changes. The New NIST Password Guidelines make sensible new recommendations.
