Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DiegoFretes
Participant

Does HarmonyEndpoint use any type of mitigation/protection for devices that use credential snagging?

Does Harmony Endpoint use any type of mitigation/protection for devices that use credential snagging?

 

. This technique is performed using devices such as Raspberry Zero.

More information about the device and the technique.

 

https://zone13.io/post/Raspberry-Pi-Zero-for-credential-snagging/

https://gist.github.com/milo2012/1c638b19b61c1338e21bad23705ff8fb

https://medium.com/codex/raspberry-pi-zero-password-thief-cb2bea8d6dc0

https://www.reddit.com/r/netsecstudents/comments/mz4qbz/using_a_raspberry_pi_zero_as_a_physical_pent...

 

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

If I'm understanding this correctly, this is capturing password hashes sent on the wire, correct?

0 Kudos
DiegoFretes
Participant

That's right

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As I recall there were some general mitigation advice available for similar i.e.

- Port protection solutions ( HEP has MEPP )

- WPAD settings hardening via GPO or similar

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events