(ISC)2 Melbourne Chapter Meeting – 20 June 2017
Presentation: Wonderful World of p455w0rd cr4ck1n6
Password cracking is now more affordable than ever and can be approached using consumer hardware or cheap cloud services. Find out about the latest developments, how it’s all done, watch a live demo and learn about attack-resistant password storage methods. Presented by John Gerardos
20 June 2017 (Tuesday)
- 5:30 – 6:00 pm: Networking opportunity
- 6:00 – 6:02 pm: Welcome, plus (if needed) chapter business and updates
- 6:02 – 7:00 pm: Presentation and Q&A: Wonderful World of p455w0rd cr4ck1n6 presented by Mr John Gerardos
- 7:00 – 7:30 pm: Networking opportunity
NORMAN DISNEY & YOUNG 115 Batman Street, West Melbourne – a 700 meter walk from Southern Cross or Flagstaff train stations; 300 meter walk from the 30, 35, or 86 trams; or less than a 100 meter walk from the 216, 219, and 220 busses.
RSVP via EventBrite for Entry:
Please register via this Eventbrite site with your real full name and bring your ticket with you (paper or on your mobile), for two reasons. First, it is more likely that building security lets you into the event. Second, it is easier of us to record your Continuing Professional Education credits. If possible, please RSVP by noon Monday 19 June 2017.
Serious password cracking power is now much more affordable and within reach of adversaries. Complex password policies have been developed in attempt to ensure passwords are harder to crack, but do they really address the issue?
In this presentation, we will explore current techniques behind storing password hashes as well as how cracking these passwords may be possible on consumer hardware, or even a cheap cloud server with access to a GPU. We will discuss different attack methods and detail the budget an attacker would require to access the required hardware – often much cheaper than you think!
The presentation will include a live password cracking demo and a discussion on more attack resistant password storage methods.
What’s Cool About this Presentation?
Recently there have been many large attacks and database leaks where password hashes have become available online. These password databases did not survive very long before being cracked. This presentation is unique in that it discusses these issues, how the attacks are carried out, includes a live demo of an attack, as well as addressing how to better store passwords in the future.
John Gerardos is a security consultant with more than 10 years’ experience who loves to make stuff, break stuff and fix stuff. John can usually be found researching the latest security topics, tinkering with random objects or roaming around security conferences. As well as his day job, John actively participates within the information security community. He regularly attends security conferences, run several security training sessions and workshops and has led a University’s information security student group for 3 years.
John holds a Bachelor’s Degree in Computer Science and has commenced the Masters of Applied Science (Information Security and Assurance) at RMIT University. This is supplemented by Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) training, as well as IT Infrastructure Library (ITIL) certification.
Date(s) - 20/06/2017
5:30 pm - 7:30 pm
NORMAN DISNEY & YOUNG