SlideShare ist ein Scribd-Unternehmen logo

ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

ITCamp
ITCamp
TechnologieBusiness
1 von 28
Downloaden Sie, um offline zu lesen
…or had no time to check it! Password Secrets Revealed! Everything you want to know but are afraid to ask… Paula Januszkiewicz CQURE: IT Security Auditor, MVP, MCT http://blogs.technet.com/plwit/ paula@cqure.pl Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
IT Camp 2011 • Thanks for coming! • ITCamp is made possible by our sponsors: Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
MVP-Press Training Course Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com Follow us on: http://facebook.com/MVPpress http://twitter.com/MVPpress 3 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Agenda Summary What are passwords for… nothing! (Things you should remember) 1 2 3 Passwords – some examples Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
… would be beautiful, but it is not • Strong passwords or / and user awareness Complexity Letters Letters (Upper Letters (All) & Letters & Characters (Lower) & Lower) Digits Digits & Special 6 308,915,776 19,770,609,664 56,800,235,584 304,006,671,42 4 8 208,827,064,57 53,459,728,531 218,340,105,58 2,044,140,858, 6 ,456 4,896 654,976 10 141,167,095,65 144,555,105,94 839,299,365,86 13,744,803,133 3,376 9,057,024 8,340,224 ,596,058,624 12 95,428,956,661 390,877,006,48 3,226,266,762, 92,420,056,270 ,682,176 6,250,192,896 397,899,821,05 ,299,898,187,7 6 76 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Time to crack passwords Complexity Letters Letters (Upper Letters (All) Letters & Digits Characters (Lower) & Lower) & Digits & Special 6 154,4 seconds 164,7 hours 8 29 hours … … … 10 816 days … … … 12 51152123 years … … 87918622783,7 years Avg. password cracking: 2 millions per second Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
3 cryptograpgy basis Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Passwords in the Web: Null Byte Injection, Inside the SSL Tunnel DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Protected Storage • Now: Read-Only • DPAPI – Data Blob + Entropy – Master Key – User Password Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
VNC DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Wireless (In) Security DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Crack Basics: Windows • Locally: Security Accounts Manager • Domain: NTLS • Direct reading? Why not? – SAMInside, Cain, ERD Commander, pwdump + LC5, john the ripper • PSTORE Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
SAM (Tools), DefineDosDevice, System Privileges, SAPD, Notification Package, GINA.DLL DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Rainbow Tables • OphCrack • RainbowCrack • http://www.insidepro.com/tables.php • http://www.freerainbowtables.com/en/tables/ntlm/ • https://www.objectif- securite.ch/en/products.php?hash=EE84987FE4DC6997 ABD2655ED5D5C144&drgn=2 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Password Cracking Tools • Linux – John the Ripper (http://www.openwall.com/john/) • Windows – John the Ripper – SamInside / Passwords Pro (http://www.insidepro.com) – Cain (http://www.oxid.it/cain.html ) – LC5 / pwdump – Top 10 Tools: http://sectools.org/crackers.html Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Summary • Have your own dictionary file • Use well-designed password policies • Train users – show them what may happen if their password is revealed • Test your users’ passwords Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Q&A Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
Don’t forget! Get your free Azure pass! We want your feedback! • 30+15 days, no CC req’d • Win a WP7 smartphone – http://bit.ly/ITCAMP11 – Fill in your feedback forms – Promo code: ITCAMP11 – Raffle: end of the day Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro

Empfohlen

ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows AdministratorsITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp
 
ITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp 2011 - Mihai Nadas - Windows Azure interopITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp
 
Anne Andreae Portfolio Samples
Anne Andreae Portfolio SamplesAnne Andreae Portfolio Samples
Anne Andreae Portfolio Samples
anneandreae
 
Campingführer Teutoburger Wald
Campingführer Teutoburger WaldCampingführer Teutoburger Wald
Campingführer Teutoburger Wald
Tobias Valentien
 
Lovestore email marketing
Lovestore email marketingLovestore email marketing
Lovestore email marketing
SocialMediaPoint
 
Gerd Leonhard: Zukunft Der Kulturwirtschaft
Gerd Leonhard: Zukunft Der KulturwirtschaftGerd Leonhard: Zukunft Der Kulturwirtschaft
Gerd Leonhard: Zukunft Der Kulturwirtschaft
franktentler.com
 
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Archstones property solutions
 
Social media maro
Social media maroSocial media maro
Social media maro
AlejandraMaro
 

Empfohlen

ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows AdministratorsITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp 2011 - Paula Januszkiewicz - 10 deadly sins of Windows Administrators
ITCamp
 
ITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp 2011 - Mihai Nadas - Windows Azure interopITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp 2011 - Mihai Nadas - Windows Azure interop
ITCamp
 
Anne Andreae Portfolio Samples
Anne Andreae Portfolio SamplesAnne Andreae Portfolio Samples
Anne Andreae Portfolio Samples
anneandreae
 
Campingführer Teutoburger Wald
Campingführer Teutoburger WaldCampingführer Teutoburger Wald
Campingführer Teutoburger Wald
Tobias Valentien
 
Lovestore email marketing
Lovestore email marketingLovestore email marketing
Lovestore email marketing
SocialMediaPoint
 
Gerd Leonhard: Zukunft Der Kulturwirtschaft
Gerd Leonhard: Zukunft Der KulturwirtschaftGerd Leonhard: Zukunft Der Kulturwirtschaft
Gerd Leonhard: Zukunft Der Kulturwirtschaft
franktentler.com
 
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Arkade art arkade realty mira road_archstones property solutions_asps_bhavi...
Archstones property solutions
 
Social media maro
Social media maroSocial media maro
Social media maro
AlejandraMaro
 
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp
 
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Enea Gabriel
 
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp
 
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp
 
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp
 
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp
 
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp
 
How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)
ITCamp
 
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp
 
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp
 
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp
 
ITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - Kanban
ITCamp
 
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSMihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
ITCamp
 
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp
 
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp
 
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Radu Vunvulea
 
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
Gilles Sgro
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
ITCamp
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
ITCamp
 
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp
 

Weitere ähnliche Inhalte

Ähnlich wie ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp
 
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp
 
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp
 
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp
 
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp
 
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp
 
How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)
ITCamp
 
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp
 
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp
 
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp
 
ITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - Kanban
ITCamp
 
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSMihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
ITCamp
 
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp
 
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp
 
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
Gilles Sgro
 

Ähnlich wie ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed (20)

ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
 
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
Elements of DDD with ASP.NET MVC & Entity Framework Code First v2
 
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game developmentITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
ITCamp 2011 - Catalin Zima - Common pitfalls in Windows Phone 7 game development
 
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - KeynoteITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
ITCamp 2011 - Mihai Tataran, Tudor Damian - Keynote
 
ITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile appsITCamp 2011 - Melania Danciu - Mobile apps
ITCamp 2011 - Melania Danciu - Mobile apps
 
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
ITCamp 2011 - Raul Andrisan - What’s new in Silverlight 5
 
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance ToolsITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
ITCamp 2013 - Martin Kulov - Demystifying Visual Studio 2012 Performance Tools
 
How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)How # (sharp) is Your Katana (Ciprian Jichici)
How # (sharp) is Your Katana (Ciprian Jichici)
 
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name DenaliITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
ITCamp 2011 - Cristian Lefter - SQL Server code-name Denali
 
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
ITCamp 2013 - Tim Huckaby - Kinect for Windows - Designing Software for Gestu...
 
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to StrengthenITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
ITCamp 2012 - Paula Januszkiewicz - Stronghold to Strengthen
 
ITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - KanbanITCamp 2011 - Stephen Forte - Kanban
ITCamp 2011 - Stephen Forte - Kanban
 
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JSMihai Tataran - Building Windows 8 Applications with HTML5 and JS
Mihai Tataran - Building Windows 8 Applications with HTML5 and JS
 
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code QualityITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
ITCamp 2013 - Florin Coros - Driving Your Team Towards Code Quality
 
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
ITCamp 2012 - Radu Vunvulea - Building metro style applications on Windows 8 ...
 
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...Vunvulea radu it camp-ro 2012 - building metro style applications on window...
Vunvulea radu it camp-ro 2012 - building metro style applications on window...
 
ITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to AzureITCamp 2011 - Mihai Tataran - Migrating to Azure
ITCamp 2011 - Mihai Tataran - Migrating to Azure
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
 

Mehr von ITCamp

ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp
 

Mehr von ITCamp (20)

ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
 
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing Skills
 
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
 
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
 
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
 
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
 
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
 
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AI
 
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud StoryITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
 
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
 
ITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian QualityITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian Quality
 
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World ApplicationITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
 

Kürzlich hochgeladen

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

ITCamp 2011 - Paula Januszkiewicz - Password secrets revealed

  • 1. …or had no time to check it! Password Secrets Revealed! Everything you want to know but are afraid to ask… Paula Januszkiewicz CQURE: IT Security Auditor, MVP, MCT http://blogs.technet.com/plwit/ paula@cqure.pl Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 2. IT Camp 2011 • Thanks for coming! • ITCamp is made possible by our sponsors: Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 3. MVP-Press Training Course Planning, Deploying and Managing Microsoft Forefront Threat Management Gateway 2010 Available for online purchase: http://www.mvp-press.com Follow us on: http://facebook.com/MVPpress http://twitter.com/MVPpress 3 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 4. Agenda Summary What are passwords for… nothing! (Things you should remember) 1 2 3 Passwords – some examples Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 5. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 6. Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 7. … would be beautiful, but it is not • Strong passwords or / and user awareness Complexity Letters Letters (Upper Letters (All) & Letters & Characters (Lower) & Lower) Digits Digits & Special 6 308,915,776 19,770,609,664 56,800,235,584 304,006,671,42 4 8 208,827,064,57 53,459,728,531 218,340,105,58 2,044,140,858, 6 ,456 4,896 654,976 10 141,167,095,65 144,555,105,94 839,299,365,86 13,744,803,133 3,376 9,057,024 8,340,224 ,596,058,624 12 95,428,956,661 390,877,006,48 3,226,266,762, 92,420,056,270 ,682,176 6,250,192,896 397,899,821,05 ,299,898,187,7 6 76 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 8. Time to crack passwords Complexity Letters Letters (Upper Letters (All) Letters & Digits Characters (Lower) & Lower) & Digits & Special 6 154,4 seconds 164,7 hours 8 29 hours … … … 10 816 days … … … 12 51152123 years … … 87918622783,7 years Avg. password cracking: 2 millions per second Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 9. 3 cryptograpgy basis Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 10. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 11. Passwords in the Web: Null Byte Injection, Inside the SSL Tunnel DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 12. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 13. Protected Storage • Now: Read-Only • DPAPI – Data Blob + Entropy – Master Key – User Password Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 14. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 15. VNC DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 16. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 17. Wireless (In) Security DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 18. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 19. Crack Basics: Windows • Locally: Security Accounts Manager • Domain: NTLS • Direct reading? Why not? – SAMInside, Cain, ERD Commander, pwdump + LC5, john the ripper • PSTORE Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 20. SAM (Tools), DefineDosDevice, System Privileges, SAPD, Notification Package, GINA.DLL DEMO Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 21. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 22. Rainbow Tables • OphCrack • RainbowCrack • http://www.insidepro.com/tables.php • http://www.freerainbowtables.com/en/tables/ntlm/ • https://www.objectif- securite.ch/en/products.php?hash=EE84987FE4DC6997 ABD2655ED5D5C144&drgn=2 Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 23. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 24. Password Cracking Tools • Linux – John the Ripper (http://www.openwall.com/john/) • Windows – John the Ripper – SamInside / Passwords Pro (http://www.insidepro.com) – Cain (http://www.oxid.it/cain.html ) – LC5 / pwdump – Top 10 Tools: http://sectools.org/crackers.html Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 25. What to expect? Life without passwords… Passwords in the Web Protected Storage VNC Wireless (In) Security Passwords in the Operating System Rainbow tables Cracking toolkit Summary Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 26. Summary • Have your own dictionary file • Use well-designed password policies • Train users – show them what may happen if their password is revealed • Test your users’ passwords Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 27. Q&A Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro
  • 28. Don’t forget! Get your free Azure pass! We want your feedback! • 30+15 days, no CC req’d • Win a WP7 smartphone – http://bit.ly/ITCAMP11 – Fill in your feedback forms – Promo code: ITCAMP11 – Raffle: end of the day Premium conference on Microsoft’s Dev and ITPro technologies @itcampro / #itcampro