Stuffing

When credentials are found (through dumping or cracking for instance), attackers can try to use them to obtain access on other accounts. This attacks can be powerful against organizations that use shared or common passwords.

This technique can be combined with credential guessing when attackers try to operate transformations to the recovered passwords (i.e. numbers and special characters before or after, capital letters, l33tspeak, and so on). These new password lists can even be used in an additional cracking process.

The same tools used for guessing can be used for stuffing and guessing.

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

Stuffing

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

Stuffing ​

Stuffing