Finding Weak Passwords in AD

This page summarizes the projects mentioned and recommended in the original post on /r/Netwrix

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • SecLists

    SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

  • Now the attacker knows that in this environment, they have 9 guesses at each user’s password without triggering a lockout. They can also see that the minimum password length is 5 characters and password complexity is enabled; this information can be used to craft a custom dictionary of candidate passwords without wasting guesses on passwords that would have been rejected by the policy. (Alternatively, they can use one of multiple password lists created using password dumps from data breaches, which are also readily available on GitHub.)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • DSInternals

    Directory Services Internals (DSInternals) PowerShell Module and Framework

  • To find out, you can use the DSInternals command Test-PasswordQuality. It will extract the password hashes for all your user accounts and compare them against the password hashes for a dictionary of weak passwords.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • recovering corrupted ad database

    1 project | /r/activedirectory | 17 May 2023
  • Windows AD and Google Workspace Password Audit

    1 project | /r/cybersecurity | 26 Apr 2023
  • AD Migration Questions

    1 project | /r/activedirectory | 23 Mar 2023
  • Customer ransomwared, and in bad place. Active Directory the priority.

    1 project | /r/activedirectory | 22 Dec 2022
  • Manipulating User Passwords with Mimikatz

    2 projects | /r/Netwrix | 7 Dec 2022