A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Cracking Corporate Passwords – Exploiting Password Policy Weaknesses - Minga / Rick Redman Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Cracking Corporate Passwords – Exploiting Password Policy Weaknesses - Minga / Rick Redman
Derbycon 2013

 Description: “Cracking corporate passwords is no different than cracking public MD5

leaks off of pastebin. Except, it totally is. Corporate passwords are

not in the same formats you are used to, they require capital letters,

numbers and/or special characters.



- How can we use this knowledge to our advantage?

- What sort of tricks are users doing when they think no one is looking?

- What other types of vulnerabilities is Password policy introducing?

- What patterns is password rotation policy creating?



You want raw data? Ive got raw data!

You want to see some stats? Ive got those too.

You want hints/tips/tricks? Yup. That too.



Lastly, Rick will tell about how KoreLogic implements/manages

large-scale cracking jobs on a diverse set of CPUs/GPUs located

nation-wide against corporate password lists.”

Bio: “Creator/plaintext-creator of DEFCON’s “”Crack Me If You Can”" – password cracking contest Professional Penetration Tester since 1999 Owner/Possesses of 0 (Zero) security certificates Graduate from Purdue’s COAST/CERIAS program Password researcher since 2009 “”Author”" of many published JTR/HastCat rulesets/wordlists Cracked over 2.038 million *unique* NTLMs from internal corporate networks”

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast