Password Cracking 101 + 1 w/ Will Hunt and Owen Shearing
1 Session – 4 Hour Class
Instructors: Will Hunt and Owen Shearing
Includes: All students will receive a certificate of participation.
You’ve ransacked the domain and cracked some of the hashes, but some privileged account passwords still elude you. Or maybe you’ve compromised an application and found the password hashes in the database, but your dictionaries are failing you. Don’t worry, we’ve got you covered!
During this intensive one-day training, you’ll get hands-on experience of a huge variety of password cracking techniques, ranging from dictionaries and rules, brute force, masks and custom masks all the way through to hybrid, combinator/passphrase, PRINCE and fingerprint attacks that will help you succeed when your usual attacks hit dead ends. If those last elusive hashes still aren’t breaking, we’ll explain and deconstruct more advanced, non-deterministic attacks designed for infinite runtime that can help you when other attacks fail.
You’ll learn not only new cracking techniques but also how to decide the best attack technique based on the hashes you have, giving yourself the best possible chance of success during limited attack windows.
WHO SHOULD TAKE THIS COURSE
- Pentesters and Red Teamers
- Password cracking enthusiasts
WHAT STUDENTS WILL BE PROVIDED WITH
Attendees will be supplied with a Linux VM pre-installed with all required tools and wordlists.
TRAINERS & AUTHORS
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.
– Online attacks and considerations
– Dictionaries and rules
– Mask, customer character set and hybrid attacks
– Brute force use cases
– Combinator passphrase breaking and delimiters
– Password-protected files
– Candidate generation and target-specific wordlists
– Expander, Fingerprint, PRINCE and non-deterministic attack techniques
– Foreign character attacks