TG1
Staff member
Kids do. Rookies do. Wannabe hackers do and it rarely works and is a waste of time. And don’t try sentence passwords also as that’s a waste and we’re able to develop targeted lists for that too.
I was sent a link someone wrote about using sentences as passwords. A lot of the shit there was basic info but this flat out is wrong. I’ll explain why.
If your being targeted, there’s several things we do. First, we gather every type of email we can find on the person. Then next step is creating a “profile”. Next we run the emails thru places like
haveibeenpwned.com
Go ahead and check your regular emails now.
What we look for is any database dumps where the targets email has occurred. Then we check those databases, decrypt the hashed password if need be and see what type of passwords you use. Is it one word with capital letters and numbers. Is it sentences. What type of words being used. Then we use a program created to give small lists of possible passwords. Some of these allow to us to input information on the target and go from there.
So if we attempt a brute force (which is rare as fuck cause most often too much hassle and much easier methods) this is what we do. Another program will run it slow and steady. Multiple (local area) IP addresses.
Now the problem with this is that most major services will block or lock up an account that has too many failed passwords.
Dictionary attacks and major brute force attacks stopped working nearly 7 years ago. Database leaks happen all the time. Eventually one will happen for a service you use. Given a sentence password is found then bingo. We now know what type of profile you have for passwords.
Use a password manager like bitwarden or keepass and always use a password generator. If we see these, its usually a lost cause for us to even attempt anything on it and just look to other avenues to access.
Now you want to take it a step further, purchase a bulk of email accounts from 3rd party Russian sites online.
These are cheap and you can get 100 protonmail accounts for $10. Use a different email for each service (changing the password supplied when you use it) and keep it in your bitwarden account under a tab for “disposable” emails. So every website has a clean, single use only password with a generated password from bitwarden.
I have 50 emails for my most important shit and 200 more for misc sites and stuff.
Then each account should have 2 factor authentication turned on as often as possible. It take a few seconds when you need it. It can save your ass.
If a service doesn’t offer 2 fa in today’s world, then they obviously don’t give a shit about security and you should avoid using them at all costs.
I was sent a link someone wrote about using sentences as passwords. A lot of the shit there was basic info but this flat out is wrong. I’ll explain why.
If your being targeted, there’s several things we do. First, we gather every type of email we can find on the person. Then next step is creating a “profile”. Next we run the emails thru places like
Have I Been Pwned: Check if your email address has been exposed in a data breach
Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.
haveibeenpwned.com
Go ahead and check your regular emails now.
What we look for is any database dumps where the targets email has occurred. Then we check those databases, decrypt the hashed password if need be and see what type of passwords you use. Is it one word with capital letters and numbers. Is it sentences. What type of words being used. Then we use a program created to give small lists of possible passwords. Some of these allow to us to input information on the target and go from there.
So if we attempt a brute force (which is rare as fuck cause most often too much hassle and much easier methods) this is what we do. Another program will run it slow and steady. Multiple (local area) IP addresses.
Now the problem with this is that most major services will block or lock up an account that has too many failed passwords.
Dictionary attacks and major brute force attacks stopped working nearly 7 years ago. Database leaks happen all the time. Eventually one will happen for a service you use. Given a sentence password is found then bingo. We now know what type of profile you have for passwords.
Use a password manager like bitwarden or keepass and always use a password generator. If we see these, its usually a lost cause for us to even attempt anything on it and just look to other avenues to access.
Now you want to take it a step further, purchase a bulk of email accounts from 3rd party Russian sites online.
Buy Gmail, Google Voice, Twitter Accounts with Guarantee. 10+ Years on Market
Get premium top-quality accounts with guarantee at TrueAccs.com. Reliable store with 10+ years experience, fast replacement and 24/7 support.
buyaccs.com
These are cheap and you can get 100 protonmail accounts for $10. Use a different email for each service (changing the password supplied when you use it) and keep it in your bitwarden account under a tab for “disposable” emails. So every website has a clean, single use only password with a generated password from bitwarden.
I have 50 emails for my most important shit and 200 more for misc sites and stuff.
Then each account should have 2 factor authentication turned on as often as possible. It take a few seconds when you need it. It can save your ass.
If a service doesn’t offer 2 fa in today’s world, then they obviously don’t give a shit about security and you should avoid using them at all costs.
Last edited:
