Cracking Corporate Passwords – Exploiting Password Policy Weaknesses

DerbyCon 3.0 - All In The Family

Presented by: Rick Redman (CrackMeIfYouCan)
Date: Sunday September 29, 2013
Time: 09:00 - 09:50
Location: Track 1
Track: Break Me

“Cracking corporate passwords is no different than cracking public MD5 leaks off of pastebin. Except, it totally is. Corporate passwords are not in the same formats you are used to, they require capital letters, numbers and/or special characters.

You want raw data? Ive got raw data! You want to see some stats? Ive got those too. You want hints/tips/tricks? Yup. That too.

Lastly, Rick will tell about how KoreLogic implements/manages large-scale cracking jobs on a diverse set of CPUs/GPUs located nation-wide against corporate password lists.”

Rick Redman

“Creator/plaintext-creator of DEFCON’s “”Crack Me If You Can”" – password cracking contest Professional Penetration Tester since 1999 Owner/Possesses of 0 (Zero) security certificates Graduate from Purdue’s COAST/CERIAS program Password researcher since 2009 “”Author”" of many published JTR/HastCat rulesets/wordlists Cracked over 2.038 million *unique* NTLMs from internal corporate networks”


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats