Hydra, John, Hashcat — online brute force to offline cracking
Credentials are the most-attacked control there is. Learn the full password-attack toolkit: online brute force with Hydra, offline hash cracking with John and Hashcat, wordlists and rule-based mangling, and credential attacks at scale (spraying, stuffing, pass-the-hash) — each paired with the defense that stops it.