You did what with SHA1 again?

THOTCON 0x8

Presented by: VideoMan
Date: Friday May 05, 2017
Time: 12:00 - 12:20
Location: Track 2
Track: Turbo

In this talk, I will show off real-world examples of misuse & abuse, and improper data handling of sensitive passwords that has happened inside an application that contained 1.2M user credentials. When doing penetration testing, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done. I will talk about how our attack progressed, what controls were missed, and how we used 4xGraphic Processing Unit (GPU) video cards to recover 600 thousand user passwords in <24 hour period.

VideoMan

David M. N. Bryan has over 16+ years of experience & is part of IBM's X-Force Red. He also helps run Thotcon.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats