A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Your Password Policy Still Sucks! - Martin Bos (Circle City Con 2016 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Your Password Policy Still Sucks!
Martin Bos

Circle City Con 2016

I began talking about this topic back in 2008 when I started getting into GPU's and password cracking contests. Seven years and hundreds of pentests later I can still say with confidence that the number one way we breach orginizations is with passwords. Why have we not learned anything? Password cracking is still a fundamental foundation of security so everyone should know how to do it. Through this presentation attendees will learn about the attacks, tools, and techniques employed by today's password crackers (mostly hashcat because it RULES!!!!), as well as potential countermeasures that can help protect against these attacks. Anyone who has anything to do with password policy at a company should be interested in this talk. People always are, and always will be the weakest link in any network environment and password creation left up to the user can be detrimental to an organizations infrastructure.

Covered topics include:

Profiling password policies
Analyzing password lists
Establishing a better password policy
Password cracking tools, rule sets and other tricks to attack
How to conduct regular password audits

Back to Circle City Con 2016 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast