Pick a password, any password - Wicus Ross - SensePost

•

0 likes•152 views

Harry Gunns

Technology

11/7/2018 1
@wicusross
Pick a password,
any password
with Wicus Ross
T: +44 (0)1622 723400 | E: info@secdata.com | W: www.secdata.com
@wicusross
http://www.arubanetworks.com/support-services/security-bulletins/

11/7/2018 2
@wicusross
https://www.xkcd.com/936/

11/7/2018 3
@wicusross
Meet Etienne @staaldraat

11/7/2018 4
@wicusross
Exploiting native functionality
available over the Internet in
Outlook Web Access

11/7/2018 7
@wicusross
www.haveibeenpwned.com

11/7/2018 9
@wicusross
SensePost Ruler
Exposed OWA
?
OWA from leaks
Email
✓
Public Data Leaks
Password
✓
SensePost Password
Cracking

11/7/2018 10
@wicusross
OWA & Password Collection
Process
100% 5.55%
0.70%
0.60% 2832

11/7/2018 11
@wicusross
Including 235 O365
<10%

11/7/2018 12
@wicusross
ACCOUNTS BREACHED PER TARGET PER DOMAIN
0
20
40
60
80
100
120
140
160
180
200
1
7
13
19
25
31
37
43
49
55
61
67
74
80
86
92
99
107
115
122
130
144
157
172
195
220
248
282
315
415
566
615
893
1776
Other
gov.uk
org.uk
ac.uk
co.uk

11/7/2018 14
@wicusross
2832 targets per TLD that
exposed passwords
2178
167
55
269
163
0
500
1000
1500
2000
2500
co.uk ac.uk gov.uk org.uk Other

11/7/2018 15
@wicusross
• 6 x AMD RX580 8GB GPU
• Hashcat
• Keyspace included all characters,
numbers and symbols, both upper
and lower case
• 6 values in less than 2 minutes
• 7 values in less than 20 minutes
• 8 values in less than 2 days
• Run over 8 weeks
• Against ~½ million hashes

11/7/2018 16
@wicusross
646,898 passwords
497,136 unique
115 stories
85%
15%
Unique
82%
18%
Non unique
98
14,914 inches

11/7/2018 17
@wicusross
MOST POPULAR PASSWORDS
2.69% 1.43%
1.15%
0.86%
0.36%0.64% 0.60%
0.48%
0.45%
0.36%

11/7/2018 18
@wicusross
• One to six characters = 1929 (0.42%)
• One to eight characters = 85106 (18.75%)
• More than eight characters = 368892 (81.25%)

11/7/2018 20
@wicusross
ALL THE DATES
0.00%
2.00%
4.00%
6.00%
8.00%
10.00%
12.00%
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019

11/7/2018 21
@wicusross
HAPPY ENDING
7%
12%
8%
13%
6% 6%
8%
12%
4% 4%
0%
2%
4%
6%
8%
10%
12%
14%
0
10000
20000
30000
40000
50000
60000
70000
0 1 2 3 4 5 6 7 8 9

11/7/2018 22
@wicusross
Lowercase Only, 0%
Uppercase Only, 0%
Alpha Only, 0%
Numeric Only, 0%
First capital last
symbol , 6%
First capital last number , 32%Contains Month, 6%
Contains Day, 2%
Contains Year, 12%
Single digit end, 6%
Two digits end , 15%
Three digits
end, 9%
Mystery!, 12%
Other, 2%
Lowercase Only Uppercase Only Alpha Only Numeric Only First capital last symbol
First capital last number Contains Month Contains Day Contains Year Single digit end
Two digits end Three digits end Mystery!
PREDICTABLE FORMATS

11/7/2018 23
@wicusross
PREDICTABLE FORMATS

11/7/2018 24
@wicusross
THE TRUTH?
M
F
A

Similar to Pick a password, any password - Wicus Ross - SensePost

How can you tell if meeting room A302 is occupied right now? Ask an API! The same Cisco Collab devices that provide high-quality video are also embedding a rich API where you can get real-time info and create a personalized experience with custom UI controls. In this talk, we’ll detail how to create controls to turn off the lights or take the curtains down, how to build interactive maps that show rooms occupation in React, or build a Maze game in Javascript and deploy it to the latest Cisco Collab devices. If you love modern user experiences, IoT, know a bit Javascript, come get inspired!

Meeting rooms are talking! are you listening?

Cisco DevNet

Join to explore concrete use cases implemented with the Administrative & Serviceability capabilities of Webex Teams (formally Cisco Spark) APIs. We'll cover how to manage Webex Teams Users but also track Spaces activity through the recently added /events API resource. Moreover, we will dig into the possibilities offered by the xAPI for Webex Teams-registered devices: discover Company Branding, People counting, and how to initiate Video Calls to Webex Teams & SIP addresses. This session is aimed at Webex Teams Administrators, Compliance Officers, and Cisco Collaboration Endpoints owners. DEVNET-3610 https://www.ciscolive.com/us/learn/sessions/session-catalog/?search=DEVNET-3610

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610

Cisco DevNet

Two-Factor Authentication Presentation

SamSmith537

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

michaelbasoah

UXPA Dallas - Google Analytics and What's Before Mobile First

Ken Tabor

Cisco Connect Toronto 2018 an introduction to Cisco kinetic

Cisco Canada

Cisco Connect Toronto 2018 an introduction to Cisco kinetic

Cisco Canada

Drawing the Line with Browser Compatibility

jsmith92

Going Fast on the Mobile Web

Jason Grigsby

Api Strat 2018 Turning External Services into Internal APIs

Chris Phillips

Sqrrl February Webinar: Breaking Down Data Silos

Sqrrl

Global Azure Bootcamp 216 - Azure Rights Management

Riwut Libinuko

EduWeb - Building a Responsive Website for the Presidential Debate

Jon Liu

Ionic Native: Native-powered apps, without the hassle

Ionic Framework

Getting Single Page Application Security Right

Philippe De Ryck

Lessons From Spider Support

Oliver Brett

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...

mdevtalk

AP Takeover Attacks

Eric Goldman

Credentials don’t start out on the dark web - they end there. When usernames and passwords are compromised in a data breach, the consequences extend far beyond the victim organization due to rampant password reuse. For this reason, NIST recently recommended that organizations check users’ credentials against a set of known compromised passwords. However, by patroning dark web forums and paying for spilled credentials, enterprises indirectly support the criminal ecosystem. Furthermore, attackers often don’t publicly post stolen data until months or years after the breach, if at all. Is there a better way to follow NIST guidelines and protect users from account takeover? Join Justin Richer, co-author of NIST Digital Identity Guidelines 800-63B, and Gautam Agarwal, Blackfish Product Manager, for a lively discussion on NIST’s password recommendations and how best to prevent account takeover fraud at your organization. Agenda: The Threat of Stolen Credentials Reasoning Behind NIST’s Password Recommendations Ways to Manage a Password “Breach Corpus” How Blackfish Helps Organizations Follow NIST Guidelines

After the Data Breach: Stolen Credentials

SBWebinars

The industry move towards wearables is all the rage and taking advantage of these new devices doesn’t have to mean learning a whole new platform. For example the Microsoft Band is a multi-function wearable device that works with your smart phone to help you track heart rate, steps, calorie burn, sleep quality and be productive with email and calendar alerts and more. While you can quickly and easily build an app for the Band in just a few minutes how can you be sure the back end is up to the scale you’d need to support potential massive growth if it were to take off? Enter the cloud and tools available that we can use to load test and explore the performance characteristics of the solution. In this session we’ll take a look at what’s possible and walk thru the scenario to see first hand how it is done.

Testing IoT Apps with the Cloud

Josiah Renaudin

Similar to Pick a password, any password - Wicus Ross - SensePost (20)

Meeting rooms are talking! are you listening?

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610

Two-Factor Authentication Presentation

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

UXPA Dallas - Google Analytics and What's Before Mobile First

Cisco Connect Toronto 2018 an introduction to Cisco kinetic

Drawing the Line with Browser Compatibility

Going Fast on the Mobile Web

Api Strat 2018 Turning External Services into Internal APIs

Sqrrl February Webinar: Breaking Down Data Silos

Global Azure Bootcamp 216 - Azure Rights Management

EduWeb - Building a Responsive Website for the Presidential Debate

Ionic Native: Native-powered apps, without the hassle

Getting Single Page Application Security Right

Lessons From Spider Support

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...

AP Takeover Attacks

After the Data Breach: Stolen Credentials

Testing IoT Apps with the Cloud

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Histor y of HAM Radio presentation slide

vu2urc

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Tech Trends Report 2024 Future Today Institute.pdf

Artificial Intelligence: Facts and Myths

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Automating Google Workspace (GWS) & more with Apps Script

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Handwritten Text Recognition for manuscripts and early printed texts

Strategies for Landing an Oracle DBA Job as a Fresher

Histor y of HAM Radio presentation slide

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

A Domino Admins Adventures (Engage 2024)

Scaling API-first – The story of a global engineering organization

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Pick a password, any password - Wicus Ross - SensePost

1. 11/7/2018 1 @wicusross Pick a password, any password with Wicus Ross T: +44 (0)1622 723400 | E: info@secdata.com | W: www.secdata.com @wicusross http://www.arubanetworks.com/support-services/security-bulletins/

2. 11/7/2018 2 @wicusross https://www.xkcd.com/936/

3. 11/7/2018 3 @wicusross Meet Etienne @staaldraat

4. 11/7/2018 4 @wicusross Exploiting native functionality available over the Internet in Outlook Web Access

5. 11/7/2018 5 @wicusross

6. 11/7/2018 6 @wicusross

7. 11/7/2018 7 @wicusross www.haveibeenpwned.com

8. 11/7/2018 8 @wicusross SensePost Yota

9. 11/7/2018 9 @wicusross SensePost Ruler Exposed OWA ? OWA from leaks Email ✓ Public Data Leaks Password ✓ SensePost Password Cracking

10. 11/7/2018 10 @wicusross OWA & Password Collection Process 100% 5.55% 0.70% 0.60% 2832

11. 11/7/2018 11 @wicusross Including 235 O365 <10%

12. 11/7/2018 12 @wicusross ACCOUNTS BREACHED PER TARGET PER DOMAIN 0 20 40 60 80 100 120 140 160 180 200 1 7 13 19 25 31 37 43 49 55 61 67 74 80 86 92 99 107 115 122 130 144 157 172 195 220 248 282 315 415 566 615 893 1776 Other gov.uk org.uk ac.uk co.uk

13. 11/7/2018 14 @wicusross 2832 targets per TLD that exposed passwords 2178 167 55 269 163 0 500 1000 1500 2000 2500 co.uk ac.uk gov.uk org.uk Other

14. 11/7/2018 15 @wicusross • 6 x AMD RX580 8GB GPU • Hashcat • Keyspace included all characters, numbers and symbols, both upper and lower case • 6 values in less than 2 minutes • 7 values in less than 20 minutes • 8 values in less than 2 days • Run over 8 weeks • Against ~½ million hashes

15. 11/7/2018 16 @wicusross 646,898 passwords 497,136 unique 115 stories 85% 15% Unique 82% 18% Non unique 98 14,914 inches

16. 11/7/2018 17 @wicusross MOST POPULAR PASSWORDS 2.69% 1.43% 1.15% 0.86% 0.36%0.64% 0.60% 0.48% 0.45% 0.36%

17. 11/7/2018 18 @wicusross • One to six characters = 1929 (0.42%) • One to eight characters = 85106 (18.75%) • More than eight characters = 368892 (81.25%)

18. 11/7/2018 19 @wicusross ALL THE MONTHS

19. 11/7/2018 20 @wicusross ALL THE DATES 0.00% 2.00% 4.00% 6.00% 8.00% 10.00% 12.00% 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019

20. 11/7/2018 21 @wicusross HAPPY ENDING 7% 12% 8% 13% 6% 6% 8% 12% 4% 4% 0% 2% 4% 6% 8% 10% 12% 14% 0 10000 20000 30000 40000 50000 60000 70000 0 1 2 3 4 5 6 7 8 9

21. 11/7/2018 22 @wicusross Lowercase Only, 0% Uppercase Only, 0% Alpha Only, 0% Numeric Only, 0% First capital last symbol , 6% First capital last number , 32%Contains Month, 6% Contains Day, 2% Contains Year, 12% Single digit end, 6% Two digits end , 15% Three digits end, 9% Mystery!, 12% Other, 2% Lowercase Only Uppercase Only Alpha Only Numeric Only First capital last symbol First capital last number Contains Month Contains Day Contains Year Single digit end Two digits end Three digits end Mystery! PREDICTABLE FORMATS

22. 11/7/2018 23 @wicusross PREDICTABLE FORMATS

23. 11/7/2018 24 @wicusross THE TRUTH? M F A

Pick a password, any password - Wicus Ross - SensePost

Recommended

Recommended

More Related Content

Similar to Pick a password, any password - Wicus Ross - SensePost

Similar to Pick a password, any password - Wicus Ross - SensePost (20)

More from Harry Gunns

More from Harry Gunns (17)

Recently uploaded

Recently uploaded (20)

Pick a password, any password - Wicus Ross - SensePost