Passwords That Humans Think Of: A blog on how to create a wordlist and some best practices


On a Red Team or Security Assignment, it is typical to require customized wordlists for Password Spraying on the login pages or Password Cracking after capturing certain hashes (NTLM or NTLMv2).

Set of mind:

  • For creating a wordlist first thing that you need to do is think from an employee’s perspective, most of us keep our personal account passwords separate from our official purpose passwords. And most people fall into a loop of using the mutated versions of the company’s name as our passwords.

Read more…