Talk - Password Profiling, Brute Forcing

Kim Carter
Risks Countermeasures Book Play Video

Abstract

Following on from Passwords 101, in this talk and demonstration Kim covers how attackers take targeted open-source intelligence (OSINT) and use it to formulate short password lists using both tools and manual techniques.

Date
Dec 4, 2015 07:00 AM — 07:07 AM
Event
Toastmasters (Boaters)
Location
Speight’s Ale House, Function Room, 263 Bealey Avenue, Christchurch

Kim then takes the word-lists and analysis of failed and successful login attempts to a web application and educates a collection of brute-forcing tools what an unsuccessful and successful login looks like. Then run the brute-forcing tools until the credentials have been discovered. This demonstrates that common password strategies are no longer sufficient to stop full account compromise and worse.

This is followed up with some tips on how to make this process a lot harder for attackers. Content can be found in Kims Holistic Infosec for Web Developers book.



talk hacking cracking application-security cybersecurity dev-ops dev-sec-ops holistic-info-sec-for-web-developers information-security infosec networking network-security owasp people-security physical-security sanitisation security security-weaknesses software-security sql-injection ssh vps vps-security web xss kdf md5
Kim Carter
Kim Carter
Technologist / Engineer, Information Security Professional

Technologist / Engineer, Information Security Professional, Entrepreneur and the founder of BinaryMist Ltd and PurpleTeam-Labs. Ex OWASP NZ Chapter Leader of eight years. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains.