Links from the talk:
- Eddy Harari's "opensshd - user enumeration" post to the Full Disclosure Mailing List: http://seclists.org/fulldisclosure/2016/Jul/51
- enumer8-ssh: https://github.com/eric-conrad/enumer8
- First names from the 1990 US Census: http://www2.census.gov/topics/genealogy/1990surnames/
- Last names from the 2000 US Census: http://www.census.gov/topics/population/genealogy/data/2000_surnames.html
- Account Enumeration via Timing Attacks https://littlemaninmyhead.wordpress.com/2015/07/26/account-enumeration-via-timing-attacks/
- Password Spraying Outlook Web Access – How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 2 http://www.blackhillsinfosec.com/?p=4694
- Question: What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?http://www.blackhillsinfosec.com/?p=5089
No comments:
Post a Comment