First Talk

Practical Password Cracking; the last 50 million


Jamie R


A brief overview of common approaches to password hashing, with approaches to extracting and breaking for both red and blue teams including methods for assessing the efficacy of wordlists and rulesets and the strength of user’s passwords.

We take the Have I Been Pwned list of over 500 million NTLM hashes as an example dataset.

A python3 tool, ‘hashcrack’ is presented which will attempt to run a sensible set of hashcat jobs against the hash list, Word file, ZIP archive, NTDSUTIL export, etc that is given to it.

Second Talk

Agent X

Chat about opsec for journalists


An impromptu chat about how to the experience of managing security for people at risk from motivated attackers.

We’re always happy for more talks, so if you’ve implemented Meltdown on your smartwatch, want to walk us through the highlights of a CTF, or have some insight into upcoming privacy regulations, we’re interested!

Drop a message to with a title, synopsis and rough length, and don’t worry if you haven’t spoken before.