The primary vulnerability in networks today is passwords. Often these bad passwords are not even compliant with the organizations password policy! How does this happen, and how can we tell?
In this talk we will discuss password selection vulnerabilities and demonstrate auditing an Active Directory environment leveraging cloud resources to enhance scale with a low cost to entry. Once we have discovered issues, we will explore techniques to perform statistical analysis and triage our findings for remediation. Passwords are important and they affect all organizations even those who feel like they have solved the problem.