Plundering and pillaging password and passphrase plains for profit
In this talk we'll look beyond the basics of cracking and arm you with further attacks when you feel you're out of options. We'll look at multiple paths for cracking delimited passphrases and review when you'd want to use these attacks and why. Target-specific markov tables will be shown to illustrate how you could be missing out on elusive plains without even realising it, as well as getting the best bang for your buck out of your rule-based attacks by identifying non-efficient operations. Then, after reviewing transliterated attacks and hash shucking, we'll wrap up with the release of a tool to help you automate the initial heavy lifting of your attack cycles.
Presented at Security Fest 2025.
Speaker: Will HuntAbout Will Hunt
Will (@Stealthsploit) has been in infosec for over 15 years, co-founded In.security in 2018 and as a pentester has helped secure many organisations through technical security services and training. Will's a Black Hat trainer and has taught and spoken at several conferences and events, as well as helping run Password Village at DEFCON. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
