SlideShare uma empresa Scribd logo
1 de 28
Baixar para ler offline
…or had
                                                                      no time to
                                                                       check it!




Password Secrets Revealed!
Everything you want to know but are afraid to ask…

                                           Paula Januszkiewicz
                          CQURE: IT Security Auditor, MVP, MCT
                                http://blogs.technet.com/plwit/
                                                                      paula@cqure.pl



       Premium conference on Microsoft’s Dev and ITPro technologies         @itcampro / #itcampro
IT Camp 2011
• Thanks for coming!
• ITCamp is made possible by our sponsors:




      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
MVP-Press Training Course

Planning, Deploying and Managing
Microsoft Forefront Threat Management
Gateway 2010

Available for online purchase:
http://www.mvp-press.com




Follow us on:
     http://facebook.com/MVPpress
     http://twitter.com/MVPpress


 3
            Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Agenda
                                                                     Summary
What are passwords for… nothing!                           (Things you should remember)




        1                                 2                            3


                                              Passwords – some examples



        Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
… would be beautiful, but it is not
    • Strong passwords or / and user awareness
Complexity   Letters                 Letters (Upper           Letters (All) &   Letters &
Characters
             (Lower)                 & Lower)                 Digits            Digits &
                                                                                Special
6            308,915,776             19,770,609,664           56,800,235,584    304,006,671,42
                                                                                4
8            208,827,064,57          53,459,728,531           218,340,105,58    2,044,140,858,
             6                       ,456                     4,896             654,976
10           141,167,095,65          144,555,105,94           839,299,365,86    13,744,803,133
             3,376                   9,057,024                8,340,224         ,596,058,624
12           95,428,956,661          390,877,006,48           3,226,266,762,    92,420,056,270
             ,682,176                6,250,192,896            397,899,821,05    ,299,898,187,7
                                                              6                 76

             Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Time to crack passwords

Complexity   Letters                  Letters (Upper           Letters (All)    Letters & Digits
Characters
             (Lower)                  & Lower)                 & Digits         & Special

6            154,4 seconds            164,7 hours

8            29 hours                 …                        …                …

10           816 days                 …                        …                …

12           51152123 years …                                  …                87918622783,7
                                                                                years


Avg. password cracking: 2 millions per second

             Premium conference on Microsoft’s Dev and ITPro technologies      @itcampro / #itcampro
3 cryptograpgy basis




Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Passwords in the Web: Null Byte Injection, Inside the SSL Tunnel

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Protected Storage
• Now: Read-Only
• DPAPI
  – Data Blob + Entropy
  – Master Key
  – User Password




      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
VNC

DEMO


      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Wireless (In) Security

DEMO


        Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Crack Basics: Windows
• Locally: Security Accounts Manager
• Domain: NTLS
• Direct reading? Why not?
  – SAMInside, Cain, ERD Commander, pwdump
    + LC5, john the ripper
• PSTORE



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
SAM (Tools), DefineDosDevice, System Privileges, SAPD,
Notification Package, GINA.DLL

DEMO


       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Rainbow Tables
• OphCrack
• RainbowCrack

• http://www.insidepro.com/tables.php
• http://www.freerainbowtables.com/en/tables/ntlm/
• https://www.objectif-
  securite.ch/en/products.php?hash=EE84987FE4DC6997
  ABD2655ED5D5C144&drgn=2



       Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Password Cracking Tools
• Linux
  – John the Ripper (http://www.openwall.com/john/)
• Windows
  – John the Ripper
  – SamInside / Passwords Pro (http://www.insidepro.com)
  – Cain (http://www.oxid.it/cain.html )
  – LC5 / pwdump
  – Top 10 Tools: http://sectools.org/crackers.html




          Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
What to expect?
Life without passwords…
Passwords in the Web
Protected Storage
VNC
Wireless (In) Security
Passwords in the Operating System
Rainbow tables
Cracking toolkit
Summary



      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Summary
• Have your own dictionary file

• Use well-designed password policies

• Train users – show them what may
  happen if their password is revealed

• Test your users’ passwords

      Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Q&A


  Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro
Don’t forget!
Get your free Azure pass!                            We want your feedback!

• 30+15 days, no CC req’d                        • Win a WP7 smartphone
   – http://bit.ly/ITCAMP11                             – Fill in your feedback forms
   – Promo code: ITCAMP11                               – Raffle: end of the day




        Premium conference on Microsoft’s Dev and ITPro technologies   @itcampro / #itcampro

Mais conteúdo relacionado

Semelhante a ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp
 
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2Enea Gabriel
 
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp
 
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp
 
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp
 
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp
 
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp
 
How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)ITCamp
 
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp
 
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp
 
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp
 
ITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp
 
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSMihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSITCamp
 
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp
 
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp
 
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu   it camp-ro 2012 - building metro style applications on window...Vunvulea radu   it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...Radu Vunvulea
 
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism  taraganaHow to prevent cyber terrorism  taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)ITCamp
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)ITCamp
 

Semelhante a ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed (20)

ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
 
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
 
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
 
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
 
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile apps
 
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
 
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
 
How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)
 
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
 
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
 
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
 
ITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - Kanban
 
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSMihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
 
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
 
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
 
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu   it camp-ro 2012 - building metro style applications on window...Vunvulea radu   it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
 
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to Azure
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism  taraganaHow to prevent cyber terrorism  taragana
How to prevent cyber terrorism taragana
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
 

Mais de ITCamp

ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp
 
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp
 
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp
 
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade -  Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade -  Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp
 
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea -  How 3rd Level support experience influenced m...ITCamp 2019 - Florin Flestea -  How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...ITCamp
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp
 
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp
 
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp
 
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp
 
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud StoryITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud StoryITCamp
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp
 
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...ITCamp
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp
 
ITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian QualityITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian QualityITCamp
 
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World ApplicationITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World ApplicationITCamp
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp
 

Mais de ITCamp (20)

ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
 
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing Skills
 
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
 
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade -  Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade -  Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
 
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea -  How 3rd Level support experience influenced m...ITCamp 2019 - Florin Flestea -  How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
 
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
 
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
 
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AI
 
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud StoryITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
 
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
 
ITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian QualityITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian Quality
 
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World ApplicationITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
 

Último

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 

Último (20)

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 

ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

  • 1. …or had no time to check it! Password Secrets Revealed! Everything you want to know but are afraid to ask… Paula Januszkiewicz CQURE: IT Security Auditor, MVP, MCT http://blogs.technet.com/plwit/ paula@cqure.pl Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 2. IT Camp 2011 • Thanks for coming! • ITCamp is made possible by our sponsors: Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 3. MVP-Press Training Course Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com Follow us on: http://facebook.com/MVPpress http://twitter.com/MVPpress 3 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 4. Agenda Summary What are passwords for… nothing! (Things you should remember) 1 2 3 Passwords – some examples Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 5. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 6. Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 7. … would be beautiful, but it is not • Strong passwords or / and user awareness Complexity Letters Letters (Upper Letters (All) & Letters & Characters (Lower) & Lower) Digits Digits & Special 6 308,915,776 19,770,609,664 56,800,235,584 304,006,671,42 4 8 208,827,064,57 53,459,728,531 218,340,105,58 2,044,140,858, 6 ,456 4,896 654,976 10 141,167,095,65 144,555,105,94 839,299,365,86 13,744,803,133 3,376 9,057,024 8,340,224 ,596,058,624 12 95,428,956,661 390,877,006,48 3,226,266,762, 92,420,056,270 ,682,176 6,250,192,896 397,899,821,05 ,299,898,187,7 6 76 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 8. Time to crack passwords Complexity Letters Letters (Upper Letters (All) Letters & Digits Characters (Lower) & Lower) & Digits & Special 6 154,4 seconds 164,7 hours 8 29 hours … … … 10 816 days … … … 12 51152123 years … … 87918622783,7 years Avg. password cracking: 2 millions per second Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 9. 3 cryptograpgy basis Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 10. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 11. Passwords in the Web: Null Byte Injection, Inside the SSL Tunnel DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 12. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 13. Protected Storage • Now: Read-Only • DPAPI – Data Blob + Entropy – Master Key – User Password Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 14. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 15. VNC DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 16. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 17. Wireless (In) Security DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 18. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 19. Crack Basics: Windows • Locally: Security Accounts Manager • Domain: NTLS • Direct reading? Why not? – SAMInside, Cain, ERD Commander, pwdump + LC5, john the ripper • PSTORE Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 20. SAM (Tools), DefineDosDevice, System Privileges, SAPD, Notification Package, GINA.DLL DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 21. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 22. Rainbow Tables • OphCrack • RainbowCrack • http://www.insidepro.com/tables.php • http://www.freerainbowtables.com/en/tables/ntlm/ • https://www.objectif- securite.ch/en/products.php?hash=EE84987FE4DC6997 ABD2655ED5D5C144&drgn=2 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 23. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 24. Password Cracking Tools • Linux – John the Ripper (http://www.openwall.com/john/) • Windows – John the Ripper – SamInside / Passwords Pro (http://www.insidepro.com) – Cain (http://www.oxid.it/cain.html ) – LC5 / pwdump – Top 10 Tools: http://sectools.org/crackers.html Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 25. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 26. Summary • Have your own dictionary file • Use well-designed password policies • Train users – show them what may happen if their password is revealed • Test your users’ passwords Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 27. Q&A Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 28. Don’t forget! Get your free Azure pass! We want your feedback! • 30+15 days, no CC req’d • Win a WP7 smartphone – http://bit.ly/ITCAMP11 – Fill in your feedback forms – Promo code: ITCAMP11 – Raffle: end of the day Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro