With the explosion of GPU enabled processing power password cracking has long grown beyond the standard wordlist. New tools and techniques are being used in order to effectively and efficiently crack passwords that just a few years ago would have be unfathomable. Just recently we build what we believe to be the world?s first Terahashing(one trillion attempts per second) distributed password cracking rig which could crack any 8 character password in under 2 hours. People often ask us, what is the best way to crack this hash, and the truth is it really depends. Let us introduce some of the more modern and best ways to attack passwords by analyzing the language structures and character patterns of passwords, as well as developing custom rules and rule chains to maximize effort. Password cracking is one of those things that has been around for a long time, however people often do not associate a methodology behind it and consider it just a tool. Our presentation has a large amount of content to cover within a 50-minute window, therefore our demos are light and quick showing the different tools built for cracking locally, in the cloud, or in a distributed environment. We feel that by passing along the knowledge of the ins and outs of the tools will be more valuable than having people watch us crack passwords on the screen. The slide decks can be made available to participants and contains sample commands for them to try out each technique we present. Key Topics: Password Cracking as a Methodology Types of attacks (Wordlist/Rules/Masks/Hybrid/Passphrase/Linguistic) Common Pitfalls Utilizing Cloud Systems for Password Cracking Distributed Cracking Solutions The various levels of threat actors and resources (from newbs to state actors) Wordlists Vs Password Dumps

Back to GrrCON 2019 video list