Your Users Passwords Are Already Stolen

Explore the critical issue of password security in this 34-minute conference talk from BSides San Francisco 2015. Delve into the threat actor perspective, attack life cycles, and common vulnerabilities like password reuse and phishing schemes. Learn about hashing techniques, implementation failures, and the impact of major database breaches. Discover strategies for creating effective word lists, improving cracking performance, and analyzing leaked databases. Gain valuable insights into the DHS Critical Infrastructure findings and explore the Rapid Detection Response Model. Conclude with an insider threat perspective and engage in a Q&A session to deepen your understanding of password security challenges and solutions.

Intro
Who am I
All passwords are crap
Threat actor perspective
Attack life cycle
They pivot
Password reuse
Phishing schemes
Why hash
MD5 is broken
Keyspace
Salt
Rounds
Implementation failures
Database breaches
Zappos
Cracking User Databases
Creating a Word List
Performance
Database Leak
DHS Critical Infrastructure
Results
Takeaways
Rapid Detection Response Model
Insider Threat Perspective
Questions