All those leaked MD5s you've been cracking from Pastebin? In most cases, they are from sites that DO NOT enforce password complexity. But corporate networks DO! So, they should be harder to crack... right?
Cracking corporate passwords is no different than cracking public MD5 leaks off of pastebin. Except, it totally is. Corporate passwords are not in the same formats you are used to, they require capital letters, numbers, and/or special characters. How can we use this knowledge to our advantage? What sort of tricks are users doing when they think no one is looking? What other types of vulnerabilities is Password policy introducing? What patterns is password rotation policy creating?
You want raw data? I've got raw data! You want to see some stats? I've got those too. You want hints/tips/tricks? Yup. That too.
Rick Redman, aka Minga, is the creator of the annual Defcon "Crack Me If You Can" competition. He has been a professional penetration tester since 1999, and has been a password researcher since 2009. He has cracked over 2 million unique NTLM hashes to date. He is a graduate of Purdue University's COAST/CERIAS program. He also suffers from severe celebriphilia (watch out, ErrataRob!)