Passwords

Overview

Data breaches with usernames and passwords happen quite often and those databases usually make their way to the internet. We can leverage this by parsing those breaches for the domain name of the our target company and see if anyone was caught in one of these breaches.

Password reuse is a very common thing, so the chances that someone is still using the same breached password or a variation of it somewhere else are high.

Hunting Breached Credentials

Dehashed

Dehashed can be used to find credentials in data breach dumps. There is the ability to search by email, username, IP address, Phone number, Password , Full Name(if unique enough), etc.

This is useful because it allows us to relate other accounts that belong to the same person to each other. The more data points the better. Finding passwords for personal accounts is useful because passwords are constantly reused.

There is also the option to try and crack the hash or look the hash up on Hashes.com

Other Resources

These tools can help tie emails, passwords, accounts, usernames, IP addresses, etc together giving more information for the the report. Collect as much data as you can