In this session we will generally move through three sections 1) Automation of the lab environment a) the why b) the how 2) External audit and password complexity rules 3) Windows password cracking when the minimum length is set at 12 char

4. aracters

6. aracters

14. https://hubblestack.io/i
mg/helix_nebula.jpg
- confucius

19. "variables": {
"boot_wait": "5s",
"disk_size": "40960",
"iso_checksum_type": "sha1",
"iso_checksum": "c4834f538a90bb41f625144c9a2e0edf8bb9b9b5",
"iso_url": "https://software-download.microsoft.com/download/pr/17763.1.180914-1434.rs5_release_SERVER_EVAL_X64FRE_EN-US.ISO",
"memsize": "8192",
"numvcpus": "2",
"vm_name": "PWLAB_S2019",
"winrm_password" : "abracadabra.99",
"winrm_username" : "Administrator"
},

20. "builders": [
{
"type": "virtualbox-iso",
"guest_os_type": "Windows2016_64",
"vm_name": "{{user `vm_name`}}",
"iso_url": "{{user `iso_url`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_checksum": "{{user `iso_checksum`}}",
"guest_additions_mode": "disable",
"headless": false,
"boot_wait": "{{user `boot_wait`}}",
"disk_size": "{{user `disk_size`}}",
"communicator":"winrm",
"winrm_username": "{{user `winrm_username`}}",
"winrm_password": "{{user `winrm_password`}}",
"winrm_use_ssl": true,
"winrm_insecure": true,
"winrm_timeout": "4h",
"floppy_files": ["scripts/floppy/autounattend.xml"],
"shutdown_command": "shutdown /s /t 5 /f /d p:4:1 /c "Packer Shutdown"",
"shutdown_timeout": "30m",
"vboxmanage": [
["modifyvm", "{{.Name}}", "--memory", "{{user `memsize`}}"],
["modifyvm", "{{.Name}}", "--cpus", "{{user `numvcpus`}}"]
]
}
],

21. "provisioners": [
{
"type": "powershell",
"only": ["virtualbox-iso"],
"scripts": ["scripts/virtualbox-guest-additions.ps1"],
"pause_before": "1m"
},
{
"type": "powershell",
"scripts": ["scripts/setup.ps1"]
},
{
"type": "windows-restart",
"restart_timeout": "30m"
},
{
"type": "powershell",
"scripts": ["scripts/cleanup.ps1"],
"pause_before": "1m"
}
]

22. "post-processors": [
{
"output": "boxes/windows-2019-basic.box",
"keep_input_artifact": true,
"type": "vagrant"
}
],

24. "post-processors": [
{
"output": "boxes/windows-2019-basic.box",
"keep_input_artifact": true,
"type": "vagrant"
}
],

28. https://hubblestack.io/i
mg/helix_nebula.jpg

30. https://www.youtube.com/watch?v=AslU3GtV-4g

31. https://hubblestack.io/i
mg/helix_nebula.jpg

36. e

40. BIG PARTNER
PARTNER
SENIOR AUDIT MGR
JUNIOR AUDITOR
Recruits Partners
Runs biggest account
Signs off on all accounts
Smart people
pragmatic project managers
make things happen
Data collector -
“just (blindly) following the proces”

41. Out-the-box settings are usually something like
Be at least six characters in length.
Contain characters from three of the following four categories.
English uppercase letters (A through Z)
English Lowercase letters (a through z)
Base 10 digit (0 through 9)
Non-alphabetic characters ( !,@,#,$, %&,*)
Then minimum length is usually upped to 8 or 9 and a password history of 6 , 12 or 24 is set to
prevent reuse of an old password and a maximum age of 45 days set

43. Out-the-box settings are usually something like
Be at least six characters in length.
Contain characters from three of the following four categories.
English uppercase letters (A through Z)
English Lowercase letters (a through z)
Base 10 digit (0 through 9)
Non-alphabetic characters ( !,@,#,$, %&,*)
Then minimum length is usually upped to 8 or 9 and a password history of 6 , 12 or 24 is set to
prevent reuse of an old password and a maximum age of 45 days set
I opted for

51. e
blog behind the rule -

53. e blog behind the rule -