Its no secret that people tend to pick passwords based on a pattern, but it may be surprising how similar most passwords are. We can use statistical analysis to determine what patterns, are most popular and how many people pick common patterns. This helps penetration testers understand the best wordlists to try and the rest of us know what patterns to avoid. All the software used is open-source and will be linked in the presentation.
Jeremy Druin Certified Security Penetration Tester UPS GISF, GSEC, GCIH, GWAPT, GPEN, GMOB, GXPN, Sec+. Jeremy works as a security penetration tester, application security consultant, and defect remediation expert for UPS. Jeremy is also the owner of Ellipsis Information Security and teaches courses for SANS Institute. As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.
Recorded at AIDE 2018
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek