How to Handle Getting Dumped: Compromised Passwords

Presented at BSidesLV 2023, Aug. 9, 2023, 11:30 a.m. (Unknown duration).

Your company has a strong password policy, awareness campaigns, and established a culture of good password hygiene. None of it seems to matter in that soul crushing moment when a malware operator dumps passwords that include one of your company's accounts. I'll step you through renewing hope after a password dump including where they come from, what to do with them, and what the best value and pitfalls can be.

Presenters:

• Susan Paskey
  Got bored as a firewall engineer so started a Def Con Group 919 and Cackalacky Con in RTP, NC, USA to share the joy of hacking with others. Eventually found a calling as a threat hunter, finding bizarre things in logs and investigating user access behavior. Believes that emotional security is a key part of information security and hacking.

Links:

• https://www.bsideslv.org/talks#UBYJSQ

Similar Presentations:

• BSidesLV 2017 / Sex, Secret and God: A Brief History of Bad Passwords
• HOPE 2020 Virtual Rescheduled / Password Superpowers: How to Crack Hashes and Stump Hackers
• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses