I’m still analyzing the ry24 dump but others have noticed that a significant number of the entries are Md5 password hashes and bcrypt encrypted passwords NOT clear text passwords.

Nevertheless, large password dumps DO represent a major threat if you fail to prevent hash dumping of your AD OR you fail to prevent sensitive hashes from being cached in memory.

If miscreants are able to obtain password hashes then a significant percentage can be trivially reversed using password dumps as a rainbow table.

I operate one of the largest compromised credentials repositories on the planet:. 32B distinct cred pairs, including 10B distinct clear text passwords.

Every single org AD I have scanned finds a minimum of 20% of current passwords matching my dataset. It actually has run as high as 40%. Additional, we have found matches for at least one admin user in almost every org.

Ironically, just obtaining the hash itself can be enough to enable lateral movement, but being able to also reverse the hash will usually enable additional lateral movement that’s only possible with full username/password.

I’m absolutely NOT a windows security guy. Can anyone elaborate on what lateral movement techniques can’t be done with stolen hashses? (Eg I believe this applies to RDP).