Choose the appropriate attack type based on what you have: - Have hashes? → Offline cracking (Hashcat, John the Ripper) - Have network access to login pages? → Online attacks (brute force, dictionary, credential stuffing, password spraying) - Have NTLM hashes? → Pass-the-hash (no cracking needed)