Stamp Out Hash Corruption! Crack All The Things!

DEF CON 20

Presented by: Jonathan Claudius, Ryan Reynolds
Date: Saturday July 28, 2012
Time: 11:00 - 11:50
Location: Track 5 / Penn & Teller

The precursor to cracking any password is getting the right hash. In this talk we are going to cover how we discovered that Cain and Able, Creddump, Metasploit and other hash extraction tools regularly yield corrupt hashes that cannot be cracked. We will take a deep dive into password extraction mechanics, the birth of a viral logic flaw that started it all and how to prevent corrupt hashes. At the conclusion of this talk we will release patches that prevent hash corruption in these tools that many security professionals use every day.

Ryan Reynolds

Ryan Reynolds has been with Crowe for five years and is the Manager responsible for Crowe's Penetration Testing services. Ryan has a wide range of knowledge and experience in system administration and networking to include security applications and controls. He is a technical lead for engagements including application, network and infrastructure penetration testing on both internal and external systems as well as social engineering & physical security assessments. Twitter: @reynoldsrb

Jonathan Claudius

Jonathan Claudius is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has ten years of experience in the IT industry with the last eight years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division where he focuses on vulnerability research, network exploitation and is the creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security Operations Center. Twitter: @claudijd


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats