Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 11:00 - 11:30
Password Cracking; the First 500 Million

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

We present a new tool, hashcrack, to preprocess hash files and drive hashcat with sensible parameters, including support for automatic ntdsutil and responder DB extraction.

Examples of good and bad hashing methods are given, as well as advice on how to do strong password hashing, and prevent credential stuffing attacks.

We also do a walk through of cracking 500 million hashes from Troy Hunt/haveibeenpwned's NTLM password dump will be given, and a representative data set of mixed hashes (NTLM, sha256crypt, bcrypt, Drupal, Wordpress and others) will be provided for a CTF-type competition.

See https://github.com/nccgroup/hashcrack - the tool supports many common hash formats including Cisco, UNIX, and Windows types as well as standard MD5/SHA1,2,3 etc.


Jamie Riden

Sometime developer, sysadmin, pen-tester, member of blue "team" and hacker. I have disclosed issues to IBM, SAP, D-link, Belkin, British Telecom among others and have an Erdős number of 4.

Wednesday June 5, 2019 11:00 - 11:30 BST
Track 2 ILEC Conference Centre 47 Lillie Road London SW6 1UD