Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday Workshop - Password and Access Attacks

  • Tuesday, May 26, 2020 at 1:00 PM EST (2020-05-26 17:00:00 UTC)
  • Joshua Wright

You can now attend the webcast using your mobile device!



Understanding password and access attacks are a fundamental knowledge area for both defenders and pen testers. The concepts behind these authentication systems are something we often take for granted, but developing a technical understanding of how passwords are stored, how attackers exploit password selection, and how you can use the tactics of attackers to improve your password-based systems is an extremely valuable skillset.

In this hands-on workshop we'll look at the techniques behind password attacks, complete with hands-on exercises against live network targets. We'll dig into the protocols supporting password-based authentication systems, and we'll look at the tools attackers use to guess and recover protected passwords. We'll also look at our Defense Spotlight, where we'll leverage historical and current password hashes to assess the security of a Windows Domain environment to spot patterns of deficiencies that plague many modern networks.

Workshop System Requirements:

  • VMware to boot a customized Slingshot Linux distribution
  • 30 GB free hard drive space
  • At least 4 GB RAM (8 GB preferred)

Speaker Bio

Joshua Wright

Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions for cyberwarriors in the US military, government agencies, and critical infrastructure providers.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.