Description: Description: “Cracking corporate passwords is no different than cracking public MD5
leaks off of pastebin. Except, it totally is. Corporate passwords are
not in the same formats you are used to, they require capital letters,
numbers and/or special characters.
- How can we use this knowledge to our advantage?
- What sort of tricks are users doing when they think no one is looking?
- What other types of vulnerabilities is Password policy introducing?
- What patterns is password rotation policy creating?
You want raw data? Ive got raw data!
You want to see some stats? Ive got those too.
You want hints/tips/tricks? Yup. That too.
Lastly, Rick will tell about how KoreLogic implements/manages
large-scale cracking jobs on a diverse set of CPUs/GPUs located
nation-wide against corporate password lists.”
Bio: “Creator/plaintext-creator of DEFCON’s “”Crack Me If You Can”" – password cracking contest
Professional Penetration Tester since 1999
Owner/Possesses of 0 (Zero) security certificates
Graduate from Purdue’s COAST/CERIAS program
Password researcher since 2009
“”Author”" of many published JTR/HastCat rulesets/wordlists
Cracked over 2.038 million *unique* NTLMs from internal corporate networks”
For More Information please visit : - http://www.derbycon.com
http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Tags: securitytube , hacking , hackers , information security , convention , computer security , derbycon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.