This presentation will feature the release of a new open source tool which combines fingerprinting and brute forcing against some common web applications, including Citrix, HP, Juniper, and MobileIron, to add intelligence to password guessing. Better yet, this tool is modular, allowing the easy expansion of the tool to include not only other web applications, but also other services. We will look at different password guessing techniques, their shortcomings, and how myBFF can address these shortcomings. The best part is that the tool will do more than just tell you if a credential pair is valid! You don’t want to miss this!