You did what with SHA1 again?

Presented at THOTCON 0x8 (2017), May 5, 2017, noon (25 minutes)

In this talk, I will show off real-world examples of misuse & abuse, and improper data handling of sensitive passwords that has happened inside an application that contained 1.2M user credentials. When doing penetration testing, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done. I will talk about how our attack progressed, what controls were missed, and how we used 4xGraphic Processing Unit (GPU) video cards to recover 600 thousand user passwords in <24 hour period.

Presenters:

  • David Bryan / VideoMan as VideoMan
    David M. N. Bryan has over 16+ years of experience & is part of IBM's X-Force Red. He also helps run Thotcon.

Similar Presentations: