Information Security News Blog

BAADTokenBroker: Bypassing Entra ID Conditional Access

BAADTokenBroker BAADTokenBroker is a post-exploitation tool designed to leverage device-stored keys (Device key, Transport key etc..) to authenticate to Microsoft Entra ID. Use Import BAADTokenBroker in your target machine. PS C:\ > import-module .\BAADTokenBroker.ps1...

lsassy: Extract credentials from lsass remotely

lsassy Python library to remotely extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Different lsass dumping methods are implemented in lsassy, and some option are provided to...

BLAKE3: The BLAKE3 cryptographic hash function

BLAKE3 BLAKE3 is a cryptographic hash function that is: Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2. Secure, unlike MD5 and SHA-1. And secure against length extension, unlike SHA-2. Highly parallelizable across any number of...

Kraken: All-in-One Toolkit for BruteForce Attacks

Kraken Kraken is a powerful, Python-based tool designed to centralize and streamline various brute-forcing tasks. Kraken provides a suite of tools for cybersecurity professionals to efficiently perform brute-force attacks across a range of protocols and...