A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Statistics Lie...Except About Passwords - Jeremy Druin AIDE 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Statistics Lie...Except About Passwords
Jeremy Druin
AIDE 2018


Its no secret that people tend to pick passwords based on a pattern, but it may be surprising how similar most passwords are. We can use statistical analysis to determine what patterns, are most popular and how many people pick common patterns. This helps penetration testers understand the best wordlists to try and the rest of us know what patterns to avoid. All the software used is open-source and will be linked in the presentation.

Jeremy Druin Certified Security Penetration Tester UPS GISF, GSEC, GCIH, GWAPT, GPEN, GMOB, GXPN, Sec+. Jeremy works as a security penetration tester, application security consultant, and defect remediation expert for UPS. Jeremy is also the owner of Ellipsis Information Security and teaches courses for SANS Institute. As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.

Recorded at AIDE 2018

Back to AIDE 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast