Talk - Password Profiling, Brute Forcing


Following on from Passwords 101, in this talk and demonstration Kim covers how attackers take targeted open-source intelligence (OSINT) and use it to formulate short password lists using both tools and manual techniques.

Dec 4, 2015 07:00 AM — 07:07 AM
Toastmasters (Boaters)
Speight’s Ale House, Function Room, 263 Bealey Avenue, Christchurch

Kim then takes the word-lists and analysis of failed and successful login attempts to a web application and educates a collection of brute-forcing tools what an unsuccessful and successful login looks like. Then run the brute-forcing tools until the credentials have been discovered. This demonstrates that common password strategies are no longer sufficient to stop full account compromise and worse.

This is followed up with some tips on how to make this process a lot harder for attackers. Content can be found in Kims Holistic Infosec for Web Developers book.

Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.