Price/availability: FREE! Training videos + VM download below

Perfect for: Pentesters, Red Teamers and password cracking enthusiasts

Learn new password cracking techniques, how to tailor these to the hashes you have, and more during this intensive 4-hour free training with In.security. We specialise in password cracking and have given several conference talks on the topic.

From dictionaries and rules to brute force and custom masks, you will get a hands-on experience of a huge variety of modern password cracking techniques with this course. Traditional attacks failing you? Increase your success rate with hybrid, combinator/passphrase, PRINCE and fingerprint attacks from our team. We’ll even sure you how to attack foreign language passwords and emojis!

No matter whether your attacks fail or hit dead ends, our intensive training includes explanation and deconstruction of more advanced, non-deterministic attacks design for infinite runtimes. Tailor your strategy and find the techniques that work for you in this free training course with the experts. We’ve got you covered!

Course topics What you’ll learn.

Password cracking 101 + 1 covers a wide array of topics to ensure you gain the knowledge you need. You can also join our Discord server to discuss the training with others.

  • Attack toolsets and planning
  • Online attacks and considerations
  • Dictionaries and rules
  • Masks, customer character set & hybrid attacks
  • Brute force use cases
  • Combinator passphrase breaking and delimiters
  • Password protected files
  • Candidate generation and target-specific wordlists
  • Expander, Fingerprint, PRINCE and non-deterministic attack techniques
  • Unknown hashes/variable iteration testing
  • Foreign character and emoji attacks
  • Attack analysis

What you need Prerequisites.

  • Follow along with our Kali Linux VM (VirtualBox/OVA) pre-installed with all required tools and wordlists
  • Password cracking experience advantageous but not required

Part 1: Intro, Setup & Online Attacks

  • Training intro
  • Kali VM download/setup
  • Hashing
  • Attack toolsets
  • Online attacks
  • Hands-on 1: Online Attacks

Part 2: Dictionary Attacks

  • Hashcat usage
  • Dictionary attacks
  • Linux hash construction
  • Hands-on 2: Dictionary Attacks

Part 3: Rules

  • Rules
  • Rule creation
  • NTLM hash construction
  • Hands-on 3: Dictionary + Rule Attacks

Part 4: Brute Force Attacks

  • Brute force attacks
  • Key space
  • Markov modelling
  • Hands-on 4: Brute Force Attacks

Part 5: Mask Attacks

  • Masks and mask files
  • Cached domain credential construction
  • Hands-on 5: Mask Attacks

Part 6: Hybrid Attacks

  • Hybrid attack variations
  • NTLM challenge/response hashes
  • Hands-on 6: Hybrid Attacks

Part 7: Working With Files

  • Extracting hashes from various files
  • Hash preparation and username fields
  • Hands-on 7: Protected Files

Part 8: Level Up! Keyboard Walking

  • Hashcat GPU/CPU workloads
  • Fast/slow hashes and performance
  • Unrealistic and (more) realistic benchmarking
  • Custom markov thresholds for pre-defined attack windows
  • Hashcat switches & integer overflows
  • Keyboard walking candidate generation
  • Hands-on 8: Walk This Way

Part 9: Combinator Attacks and Passphrases

  • Target specific wordlists
  • Updated NIST password guidance
  • Passphrase wordlist generation
  • Attacking delimiters
  • Combinator with rules
  • Optimised kernels and length limitations
  • Hands-on 9: Combinator Attacks

Part 10: Fingerprint Attacks

  • Loopback attacks
  • Using expander
  • Fingerprint attack technique
  • Kerberos authentication
  • Hands-on 10: Fingerprint Attack

Release: 17 August 2022

Part 11: PRINCE Attacks

  • PRobability INfinite Chained Elements (PRINCE)
  • PRINCE and PRINCEPTION attacks
  • Rule debugging
  • OneRuleToRuleThemAll.rule analysis
  • Piping hashcat for PRINCE + rules
  • Hands-on 11: PRINCE Attack

Release: 24 August 2022

Part 12: PRINCE Passphrase Attacks

  • Overcoming combinator rule limitations
  • Configuring PRINCE for passphrases
  • Hands-on 12: Delimited PRINCE Passphrase Attack

Release: 31 August 2022

Part 13: Unorthodox Attacks, Crypto-wallets, Foreign Language and Emoji Attacks

  • “Purple rain” and “Till the Sun Burns Out” attacks
  • Video showing multiple advanced attack strategies and statistics
  • Ethereum crypto-wallet cracking
  • Hardware limitations & GPU vs CPU
  • Attacking non-ASCII and foreign language
  • Hands-on 13: 😁 Emoji Attacks! 😁

Release: 7 September 2022

Part 14: Attacking Unknown Hashes

  • Introducing mdxfind
  • Identifying cracked hash types
  • Hands-on 14: Cracking Unknown Hashes
  • Hands-on 14 Bonus: Can you crack the last one?

Release: 14 September 2022

Part 15: PACK for Attack Analysis

  • Introducing Password Analysis and Cracking Kit (PACK)
  • Generating stats with statsgen
  • Creating masks with maskgen and attack planning
  • Using policygen to create policy based masks
  • Generating rules to match passwords
  • Stemming
  • Hands-on 15: Attack Planning
  • Resources and further work

Technical training & workshops Upcoming events & workshops.

In.security

FREE Cyber Awareness

Virtual @ In.security
FREE Cyber Awareness

Hacking Enterprises – 2022 Edition

Stockholm @ SEC-T
Hacking Enterprises – 2022 Edition
In.security

FREE Workshop – Catch Me If You Can: Seeing Red Through Blue

Virtual @ In.security
FREE Workshop – Catch Me If You Can: Seeing Red Through Blue