Compromising login credentials is the goal of many modern cyber-attacks. According to Verizon’s 2025 Data Breach Investigations Report, 88% of web application attacks over the past year involved the use of stolen credentials, demonstrating how vulnerable password-based systems remain without... Read More
Credential-based Attacks
Categories
Active Directory honeypot accounts: How to keep attackers sweet
Monitoring and detecting account compromise is one of the most challenging tasks for IT admins and SecOps professionals. Once a legitimate account has been compromised, it can be difficult to detect an attacker’s activities until it’s too late and... Read More
Kerberoasting attacks: How to keep your Active Directory safe
A domain administrator account is the holy grail of privileged accounts in a Microsoft Active Directory environment. If an attacker can get their hands on a Domain Administrator account in the domain, they’ll have access to basically everything. Kerberoasting... Read More
MFA prompt bombing: How it works and how to stop it
User credentials are golden prizes for attackers. Weak or breached credentials provide an easy target for attackers looking to log in to a network instead of breaking in. Most businesses have caught on to the fact that multi-factor authentication... Read More
[New Research] How hard is the MD5 hashing algorithm to crack?
The Specops research team is publishing new data on how long it takes attackers to brute force guess user passwords with the help of newer hardware. They’ve been specifically looking at passwords protected by the popular MD5 hashing algorithm.... Read More
Password mask attacks explained: What are they & how do they work?
Credential-based attacks remain one of the most effective techniques used by cybercriminals to breach enterprise networks. In 2024 alone, 88% of web application attacks involved the use of stolen credentials, according to Verizon’s 2025 Data Breach Investigations Report. Among... Read More
Microsoft adds phishing protection to Windows 11
With the recent release of Windows 11 version 22H2, Microsoft has introduced some new capabilities that are designed to protect users against phishing attacks. These phishing protection features are designed to prevent users from making some of the mistakes... Read More
[New Data] Attackers Are Using These Passwords to Attack the RDP Port Right Now
The Specops Breached Password Protection List Tops 3 Billion Unique Compromised Passwords from Live Attack Data and Leaked Lists Today, the Specops Software research team is sharing the results of our analysis on what passwords are being used to... Read More
Ransomware attacks continue to rage on government entities
Ransomware attacks are on the rise and target businesses across many industries and sectors. Government entities are also on the radar of ransomware gangs and have been the subject of many high-profile ransomware attacks. Governmental entities have been a... Read More
How to recover from a ransomware attack
It is arguably one of the most dreaded words for any organization today – ransomware. Ransomware can bring a bustling, thriving, profitable business to its knees in hours. The aftermath can lead to a ripple effect of lost revenue,... Read More