Attackers have long exploited human weakness such as the lack of password complexity and vulnerability to phishing. As organizations improved defenses, attackers shifted to breaching websites to steal user databases. Their goal is to access your organization undetected. Common weaknesses in user database implementations will be explained and real world examples presented. To accent the problem, a well known database dump from 2014 containing passwords securely salted and hashed with multiple rounds will be used as a case study showing that password reuse and weak passwords are human behaviors that cannot be fixed.

Lucas Zaichkowsky is the Enterprise Defense Architect at Resolution1 Security, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining Resolution1 Security, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the worlds most sophisticated attack groups.

Back to BSides San Francisco 2015 video list