New blog post:
I demo cracking SQL Server 2025 login passwords offline.
hashcat is currently the only viable tool for auditing SQL Server 2025 login passwords.

The results show how #PBKDF2 slows down brute-force attacks both inside and outside of SQL Server compared to the pre-2025 hashing algorithm.

Full methodology, benchmarks, and code included.
https://vladdba.com/2026/04/16/cracking-sql-server-2025-login-passwords-offline-with-hashcat/
#sqlserver #sqldba #microsoftsqlserver #hashcat #cybersecurity #infosec #sql

My Spring gift to the #SQLServer and #InfoSec communities: support for cracking SQL Server 2025's PBKDF2 hashing algorithm with hashcat.
Blog post coming this week.

https://github.com/hashcat/hashcat/pull/4667

#Hashcat #DBA #CyberSecurity #MSSQL #SQL #SQLServer

Hey, fellow hash crackers! What components do you use on your hash cracking rig(s)? Do tell!

https://forum.hashpwn.net/post/11837

#hashcracking #pc #linux #server #rig #infosec #hashcat #mdxfind #jtr #hashpwn

Congrats to HashMob for winning Crack the Con 2026!

1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown

https://forum.hashpwn.net/post/11819

#crackthecon #ctc #cyphercon #hashcat #hashpwn

Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

Full Details: https://forum.hashpwn.net/post/11277

#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

Details:
https://forum.hashpwn.net/post/11119

GitHub repo:
https://github.com/Cynosureprime/hashpipe

#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

running malcom but the old malcolm - need to image and install latest - sort of dread going from debian to ubuntu but if i image i can revert easily. maybe they figured out updating, i don't want github only updates.

anyways it is a good one to offer vs say security onion - they use the same components mostly, suricata, zeek, elastic, maybe he has a live iso like last time.

i think the reason to go to ubuntu is better newer drivers, bigger dev base? as long as it works - that is my concern, avoid dependency hell and breakage.

it is good with managing all the containers and space for /datastore #sigs #hashes #dpi #netflow #ntop-ng #tcp-replay #binaries #hashcat

🔧 Malcolm Integration
bash

# Malcolm's zeekctl.cfg or local.zeek
redef SSL::root_certs += {
["PolarProxy Root CA"] = "/opt/polarproxy/certs/rootCA.pem"
};

# In Malcolm's docker-compose.yml, ensure port mapping:
# zeek:
# ports:
# - "57012:57012/tcp" # For PolarProxy PCAP feed

30 protocols but what about hashcat - how many protocols now?

Hashcat Protocol Support Count - As of hashcat v6.2.6 (latest stable), here are the current protocol/hash mode counts:
Total Protocols/Hash Modes: 423+

(This number grows with nearly every release) #hashcat,net #zeek

New version of hashgen released.

v1.2.2

- added mode: halfmd5 -m 5100
- added mode: morsedecode

https://forum.hashpwn.net/post/89

#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn