Hacking and protecting passwords

Hacking and protecting passwords

Attacking and defending passwords on Windows and Linux

“Your password is safe with us.”

Taught by: Peter Zsiros

Length: 6 hours

7 students

Course ended, video recordings are available

Do you need to use passwords? Do you know how operating systems store and handle local passwords and use them in the most common network authentications?


In this course you will learn step-by-step how to find and delete local passwords and how to identify the information required for password cracking in network traffic.

For this we will cover the following topics in practice:

- Windows and Linux local password storage
- Service account passwords
- Cracking passwords online with Hydra, Medusa (to crack FTP, HTTP basic, HTTP form based and Remote Desktop password authentication)
- LANMAN/NTLM authentications
- PPTP VPN (MS-CHAP family)
- Capturing printed documents


We will also deal with the following defense methods:

- Fail2ban for Linux
- Monitoring with advanced auditing in Windows
- Disabling NTLM to mitigate pass the hash attack against Active Directory domain environments
- Credential Guard


Join our course and learn everything about password attacks and defense.

------------------------------

Live instructor-led course
It will be a live course so you will work together simultaneously with the trainer and the other students and will have the possibility to ask your questions. More about live classes

  • + Recommended for

    System administrators, security specialists

  • + Prerequisites

    Networking basics, be familiar with Windows and Linux basics

  • + Technical requirements

    We will run maximum 3 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 2 remains to host), about 40GB disk space for virtual machines.

  • + Acquired skills

    Will understand the most widely used password storage and authentication mechanisms, attacks and defenses

Curriculum and videos

Start the course for free! No credit card needed.

Free

Session 0 - Preparation and sample video

Sample video from the course (56:58) - Extracting service accounts and their passwords, ...

Session 1 - Local attacks

Local password storage, brute forcing passwords, service account passwords, fail2ban, etc.

Video recordings will be uploaded soon...

Session 2 - Network authentication attacks

Network authentications, pass the hash, man in the middle attacks, etc.

Video recordings will be uploaded soon...