I began talking about this topic back in 2008 when I started getting into GPU's and password cracking contests. Seven years and hundreds of pentests later I can still say with confidence that the number one way we breach orginizations is with passwords. Why have we not learned anything? Password cracking is still a fundamental foundation of security so everyone should know how to do it. Through this presentation attendees will learn about the attacks, tools, and techniques employed by today's password crackers (mostly hashcat because it RULES!!!!), as well as potential countermeasures that can help protect against these attacks. Anyone who has anything to do with password policy at a company should be interested in this talk. People always are, and always will be the weakest link in any network environment and password creation left up to the user can be detrimental to an organizations infrastructure.

Covered topics include:

Profiling password policies
Analyzing password lists
Establishing a better password policy
Password cracking tools, rule sets and other tricks to attack
How to conduct regular password audits

Back to Circle City Con 2016 Videos list