John the Ripper sits in the next cubicle - cracking passwords in a Corporate environment.

Presented at CarolinaCon 12 (2016), March 5, 2016, 4 p.m. (Unknown duration)

This talk will examine issues to consider when building a process to check password strength using John the Ripper. Covering the items to consider before dumping the hashes and running John. Considerations include control over who will know both the user id and cracked passwords, methods to use when cracking passwords, and choosing when to stop and report. Once the passwords have been cracked, the challenges continue. Decisions around reporting are not trivial. Questions around who should receive the reports and what data needs to be delivered all have to be answered. This talk will cover the challenges faced and some solutions as well.

Presenters:

• Steve Passino
  I have spent the last 9 years in Information Security and prior to that 15 years as a unix/linux administrator. Husband, father and farmer my interests are a bit scattered.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 12 2016/John the Ripper sits in the next cubicle - Steve Passino.mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 12 2016/John the Ripper sits in the next cubicle - Steve Passino.srt (subtitles)
• https://www.youtube.com/watch?v=Pma1H36Rm-Y

Similar Presentations:

• 31C3 (2014) / UNHash - Methods for better password cracking
• ToorCamp 2018 / Cracking Hashes Workshop - Beginner: Using Hashcat and John to recover passwords.
• 30C3 (2013) / Robo Klein & John Ohrt (Universum Alltona)