Last Day to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Passwords are a Solvable Problem!

  • 8:00 am Mumbai / 10:30 am Singapore / 11:30 am Tokyo / 1:30 pm SydneyThursday, February 13, 2020 at 9:30 PM EST (2020-02-14 02:30:00 UTC)
  • Matthew Toussain

You can now attend the webcast using your mobile device!



Abstract: Attackers rarely exploit systems when they can just login. Passwords are the gatekeepers to system access. Today's passwords are bad, but it's not for the reasons you think! The primary problem with password-based security today is selection. Password Selection Vulnerabilities are not simply the fault of our users, but often the result of poor processes within our organizations.

In this webcast, we delve into performing password auditing on Windows Active Directory domains using tools such as Cryptbreaker, DPAT, Hashcat, and ntdsutil. As we uncover the most common passwords in use today we will discover ubiquitous trends such as downward password strength drift over time. Remediations for these conditions can have a transformative effect on the security of our networks!

Speaker Bio

Matthew Toussain

Matthew Toussain is an active-duty Air Force officer and the founder of Spectrum Information Security, a firm focused on maximizing the value proposition of information security programs. As an avid information security researcher, Matthew regularly hunts for vulnerabilities in computer systems and releases tools to demonstrate the effectiveness of attacks and countermeasures. He has been a guest speaker at many conference venues, including DEFCON, the largest security conference in the world. 

After graduating from the U.S. Air Force Academy, where he architected and instructed the summer cyber course that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He directed the teams responsible for developing innovative tactics, techniques, and procedures for offensive operations as well as for cyber protection teams (CPT). Later, as a member of the 688th Cyber Warfare Wing he managed the Air Force's transition of all 18 CPTs to fully operational capability. As a founding member of Spectrum, Matthew regularly performs a wide variety of information security services. He earned his master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and supports many national and international cyber competitions including the CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise as a red team member and instructor.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.