Activity Summary: According to the LARES 2019 Penetration Testing Findings report, Brute Forcing Accounts With Weak and Guessable Passwords was the most frequently encountered issue. In this hands-on session, we will look at password-based authentication systems and look at the tools used to attack password-based systems and recover passwords from hashes. Finally, we will examine useful password usage statistics using a notional dataset from a Windows domain controller.

Rob Couey is the Deputy Cyber Lead at Ridgeline International Inc, a technology company in Northern Virginia. Prior to Ridgeline, Rob served over 22 years in the U.S. Navy in a wide variety of operational offensive and defensive cybersecurity roles. He also played pivotal roles in the development of the Department of Defense cybersecurity workforce framework, the Joint Cyber Analysis Course, and the U.S. Navy Cyber Competition Team.