Password Cracking - The First 500 Million

Explore password cracking techniques and tools in this 30-minute conference talk from Security BSides London. Learn about hashcrack, a new tool for preprocessing hash files and optimizing hashcat parameters, including automatic ntdsutil and responder DB extraction. Discover examples of effective and ineffective hashing methods, gain insights on implementing strong password hashing, and learn strategies to prevent credential stuffing attacks. Follow along with a demonstration of cracking 500 million hashes from Troy Hunt's NTLM password dump, and participate in a CTF-style competition using a diverse dataset of mixed hashes. Gain hands-on experience with the hashcrack tool, which supports various hash formats including Cisco, UNIX, Windows, and standard MD5/SHA1,2,3.