Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence.

Similar presentations

Presentation on theme: "Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence."— Presentation transcript:

1 Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence

2 whois [Querying] Name: manoranjan paul > mano paul > @manopaul [IDENTITY] Primary: Follower of Jesus Christ (Christian) DOB: 09/30-1990 [TECHNICAL] Advisor: Software Assurance Book: The 7 Qualities of Highly Secure Software; Official (ISC) 2 Guide to CSSLP CEO: SecuRisk Solutions [OTHER] Researcher: Shark Biology (dash4rk) Credz: CSSLP, CISSP, MCSD, MCAD, CompTIA Network+, ECSA Record created on 03-03-19.. Record expires on tbd Database last updated on 10-11-2013 2 wen u c me, tweet #/@HackFormers

3 Agenda Teach Security Teach Christ Teach Security In Christ 3

4 What is the topic/series about? Seek and Ye shall Find – Passwords (Teach Security) – Providence (Teach Christ) Part of the Kali OS series – Pentesting processes from r3c0n to r00t – Intro to security tools in the Kali Linux OS Password Attack Tools 4

5 Seek and Ye shall Find -- passwords -- Teach Security

6 What is a password? A credential/claim Used in combination with a username For validation of an identity – Authentication Used to gain admission/access 6

7 I AM that I AM Authentication – Something you know Passwords, PINs – Something you have Badges, Certs, Fobs – Something you are Biometrics 7 In scope for this talk!

8 Cracking Discovering Can it be legit? – Attest password policy – Attest password strength – Determine if the passwords are cryptographically protected Hashed Encrypted 8 To crack for the right reasons is being wise; To crack for the wrong reasons is being a wisecracker!

9 wisecracker 9

10 A note about ‘strong’ passwords Characteristics – Particular length – Alpha – Numeric – Mixed Case – Special Characters Change – Periodically changed 10 So is your password ‘strong’ enough?

11 Strong but psychologically acceptable Make it too complex – Users seek to find a way around it Make it too simple – Hackers seek to find it and often do Is your password – Strong? – Psychologically acceptable? 11

12 What is Kali Linux? Debian based OS distro – dpkg –i file.deb Favorite OS for h@X0rs, pentesters and forensics 300+ security tools 12

13 Tools, Tools, and more Tools 13

14 Humans – The weakest link Why hack when you can just ask – Ask and you shall receive (Matthew 7:7) Social Engineering (Toolkit) – Credential Harvesting You are the weakest link, Goodbye! – Anne Robinson, Gameshow Host You are the weakest link, Hacked Guy! – Mano Paul, HackFormers Host 14

15 Password Attack Tools 15

16 john (the ripper) without wordlists 16

17 john (the ripper) with wordlist 17

18 johnny 18

19 Seeking Wordlists! Download existing wordlists – (free) – (free) – (paid ~$30) Create your own i.e., Crunch It 19

20 mimikatz Tool to grab windows passwords from memory Benjamin Delphy (@gentilkiwi) oui oui How to? – Upload libraries and run commands [virustotal flags it] – Meterpreter Extension 20

21 Disclaimer Do NOT hack to crack unless you are authorized to … Demo – Seek and Ye shall Find 21

22 Demo < Seek and Ye shall Find 1. Social Engineering Toolkit – Credential Harvesting attack 2. Meterpreter – Migrate to winlogon process – Keylog Meterpeter – Get password hashes (hashdump) – Crack (john without/with wordlists) 4. Mimikatz 22

23 Seek and Ye shall Find -- Providence -- Teach Christ

24 Humans – The weakest link Humans are frail made from the dust of the earth – the weak link The devil tries to social engineer us to death We need to ask for it is written 7 Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you: – Matthew 7:7-11 Ask and ye shall receive > But who do you ask for? 24

25 Who do you say I AM? - Jesus’ Question God said – I AM that I AM – I AM the God of your fathers (Abraham, Isaac and Jacob) Jesus said – Before Abraham was, I AM  Jesus is God (Providence) i.e., God’s provision for our Salvation … without Jesus, no one can be granted access to God … no other way! Jesus said > I AM – The bread of life – From above – I am the true vine – The Light of the world – The door – The good shepherd – The Son of God – The Resurrection and the life – The way, the truth, and the life 25

26 Who is Jesus Christ? - HackFormers Style Jesus is – The credential/claim – To be used in combination with a Your name – For validation of your identity Authentication – Needed to gain admission/access Jesus is THE PASSWORD to all the questions of life – He is strong and psychologically acceptable, never changes, and UNCRACKABLE 26

27 If you seek Jesus, you will find him 7 Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you: 8 For every one that asketh receiveth; and he that seeketh findeth; and to him that knocketh it shall be opened. – Matthew 7:7-8 13 And ye shall seek me, and find me, when ye shall search for me with all your heart. 14 And I will be found of you, saith the Lord: – Jeremiah 29:13-14a 27

28 If you seek Jesus, you will find him 6 Seek ye the Lord while he may be found, call ye upon him while he is near: 7 Let the wicked forsake his way, and the unrighteous man his thoughts: and let him return unto the Lord, and he will have mercy upon him; and to our God, for he will abundantly pardon. – Isaiah 55:6-7 28

29 Points to Ponder Teach Security In Christ

30 Discussion Points You need to know the password to get access to a privileged resource You need to know Jesus (THE password) to get access to God – And this is life eternal, that they might know thee the only true God, and Jesus Christ, whom thou hast sent. John 17:3 – Know him NOT JUST as a cool guy, but as Savior and Lord! Is Jesus your password? ******** – Is he your Savior and Lord i.e., Have you believed or do you still doubt? Seek Jesus while he may still be found! All who call on the name of the Lord Jesus Christ shall be saved (Joel 2:32) [i.e., all who know Jesus Christ as their password shall be granted access to the presence of God to live eternally] 30

31 Closing Thoughts 31 try { if (uLikedThisPresentationAndMtg) { subscribeViaEmail(); followAndTweet(); // @hackformers getLinkedIn(); emailUs(); // } else { giveFeedback(); // } catch(Temptations t) { Seek(God’sProvidence > JesusChrist); } finally { ThankUandGodBless(); }

Download ppt "Mano ‘dash4rk’ Paul October 11, 2013 Seek and Ye shall Find - Password and Providence."

Similar presentations

Ads by Google