Attacking and defending passwords on Windows and Linux
“Your password is safe with us.”
Taught by: Peter Zsiros
Length: 6 hours
Do you need to use passwords? Do you know how operating systems store and handle local passwords and use them in the most common network authentications?
In this course you will learn step-by-step how to find and delete local passwords and how to identify the information required for password cracking in network traffic.
For this we will cover the following topics in practice:
- Windows and Linux local password storage
- Service account passwords
- Cracking passwords online with Hydra, Medusa (to crack FTP, HTTP basic, HTTP form based and Remote Desktop password authentication)
- LANMAN/NTLM authentications
- PPTP VPN (MS-CHAP family)
- Capturing printed documents
We will also deal with the following defense methods:
- Fail2ban for Linux
- Monitoring with advanced auditing in Windows
- Disabling NTLM to mitigate pass the hash attack against Active Directory domain environments
- Credential Guard
Join our course and learn everything about password attacks and defense.
Other hacking courses from the same trainer, Peter Zsiros.
System administrators, security specialists
Networking basics, be familiar with Windows and Linux basics
We will run maximum 3 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 2 remains to host), about 40GB disk space for virtual machines.
Will understand the most widely used password storage and authentication mechanisms, attacks and defenses
Section 1 - Preparation and rainbow tables
Section 2 - Local attacks
Local password storage, brute forcing passwords, service account passwords, Fail2ban, etc.
Section 3 - Network authentication attacks
Network authentications, pass the hash, man in the middle attacks, etc.