Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday Workshop – Password and Access Attacks

  • Tuesday, November 24, 2020 at 10:00 AM EST (2020-11-24 15:00:00 UTC)
  • Joshua Wright

You can now attend the webcast using your mobile device!



Understanding password and access attacks are a fundamental knowledge area for both defenders and pen testers. The concepts behind these authentication systems are something we often take for granted, but developing a technical understanding of how passwords are stored, how attackers exploit password selection, and how you can use the tactics of attackers to improve your password-based systems is an extremely valuable skillset.

In this hands-on workshop we'll look at the techniques behind password attacks, complete with hands-on exercises against live network targets. We'll dig into the protocols supporting password-based authentication systems, and we'll look at the tools attackers use to guess and recover protected passwords. We'll also look at our Defense Spotlight, where we'll leverage historical and current password hashes to assess the security of a Windows Domain environment to spot patterns of deficiencies that plague many modern networks.

 System Requirements:

  • VMware to boot a customized Slingshot Linux distribution (This can be VMware Workstation ProVMware Workstation Player, or VMware Fusion (for macOS). Trial versions of all three are available, and VMware Workstation Player is available for free for non-commercial use.)
  • 30 GB free hard drive space
  • At least 4 GB RAM (8 GB preferred)
  • Download Slingshot-SEC504-PasswordWorkshop
  • Double-click on the Slingshot-SEC504-PasswordWorkshop.7z
  • username sec504
  • password sec504

Attention: Macs running Big Sur may run into an issue installing the GoTo Webinar software used for this session. We have not experienced any specific issues, but if have trouble loading the webinar, you can alternately view on Linux or Google Chrome OS then join from Mozilla Firefox or Google Chrome or you can also switch to the GoTo Webinar mobile apps for Windows or Mac.

Speaker Bio

Joshua Wright

Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions for cyberwarriors in the US military, government agencies, and critical infrastructure providers.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.