28 January 2020
Practical Password Cracking; the last 50 million
A brief overview of common approaches to password hashing, with approaches to extracting and breaking for both red and blue teams including methods for assessing the efficacy of wordlists and rulesets and the strength of user’s passwords.
We take the Have I Been Pwned list of over 500 million NTLM hashes as an example dataset.
A python3 tool, ‘hashcrack’ is presented which will attempt to run a sensible set of hashcat jobs against the hash list, Word file, ZIP archive, NTDSUTIL export, etc that is given to it.
We’re always happy for more talks, so if you’ve implemented Meltdown on your smartwatch, want to walk us through the highlights of a CTF, or have some insight into upcoming privacy regulations, we’re interested!
Drop a message to firstname.lastname@example.org with a title, synopsis and rough length, and don’t worry if you haven’t spoken before.