A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


changeme: A better tool for hunting default creds - Zach Grace Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

changeme: A better tool for hunting default creds
Zach Grace
Derbycon 2017

Default credentials haunt organizations. Whether they're used to gain access or escalate privileges, default credentials lurk in the corners most organizations. To combat this attack, organizations leverage commercial vulnerability scanners. However in my research, most commercial scanners fall short and can leave your organization vulnerable to attack while giving you a false sense of security. This presentation will cover my research into the efficacy of commercial vulnerability scanners to detect default passwords and present my open source tool, changeme (https://github.com/ztgrace/changeme), for improving the detection of default credentials. I'll be releasing version 1.0 of changeme at DerbyCon.

Zach has worked in offensive security for the last seven years focusing on securing financial institutions. He is active in the Milwaukee security community in which he helps organize @MilSec, is an OWASP Milwaukee chapter leader and is a member of the Wisconsin Collegiate Cyber Defense Challenge (CCDC) Red Team. He's also the creator of the open source security projects changeme and Sticky Keys Hunter.

@ztgrace

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast