After a great day of hanging out with old and new friends all while getting inspired to start breaking/researching anything ranging from 50 year old behemoths to Internet enabled light bulbs, I raced down peninsula to the epicenter of Bay Area's security community at Hacker Dojo. Baythreat Day Two has begun.
In a terrible miscalculation of a sleeping schedule I have regretfully missed several morning talks; however, below are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. Read more.
The year is almost over, but the infosec community in the Bay Area shows no signs of slowing down with the fourth annual BayThreat conference happening this Friday and Saturday. I always loved smaller hacker cons for their much more personable feel and few carefully selected talks that you can see without missing a dozen others. I love BayThreat not only because it is a local event, but also due to the overall quality of the talks and organization being on par with many of the larger cons.
BayThreat 4 marks the return to the Hacker Dojo, albeit at a different location, which in my opinion is even better than the original. Below are a few writeups on the talks from the breaker track that I had a chance to attend. Read more.
Last week I gave a talk during the Password '13 security conference on various password analysis and pattern detection attacks using the Password Analysis and Cracking Kit. You can download slides for the presentation here.
The conference itself was an absolute blast with great organization by Per Thorsheim and Jeremi Gosney. The conference gathered a fascinating crowd which spawned hours of great discussions on password security, cryptography, politics and everything in between. However, I especially enjoyed meeting in real life with many members of Team Hashcat.
Team Hashcat had another great run at the CMIYC during Defcon where we placed 2nd. As always I ended up spending most of the conference in the hotel room or the chill room at Defcon, but that's part of the fun doing contests. Russia-based team Inside-Pro placed first by scoring more points on harder hashes, молодцы ребята!
Today, I have finally finished writing documentation for the many changes and adding the final polish to the next release of PACK 0.0.4. There should be noticeable performance bumps for all of the tools in the toolkit especially Rulegen which is now finally using multiple CPU cores. You should also try out the completely rewritten 'maskgen' which is now capable of generating highly optimized mask collections for use with Hashcat suite of tools (see presentation slides above for more details). Enjoy and most importantly have fun with password cracking! Read more.
|Date||August 8th, 2013|
PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists and enhancing cracking of passwords using password pattern detection. It can be used to reverse word mangling rules, generate source words, optimize password masks, craft policy attacks, etc. for the Hashcat family of tools. The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient. Read more.
The Sprawl is a research and development environment with a focus on information security and hacking culture. The site is split into several categories each containing unique presentation of the above topics.
is the main source for project announcements and site news. It is intentionally kept low volume so as not to distract from the rest of the site.
is a collection of articles covering a wide range of topics related to security. This is the product of my blood, sweat and tears navigating the rough waters of security research; I hope you will enjoy the fruits of my labor.
is a repository of security tools and scripts that rely heavily on topics covered in the research section. Each tool has detailed usage description; however, you might want to reference respective research article for in-depth understanding of its operation.
is a collection of media artifacts covering hacking culture. Currently it includes a few dozen handpicked documentaries and television shows on the subject. In case you are interested the name Simstim comes from William Gibson's The Sprawl trilogy. Simstim is described as a device capable of replaying or live viewing of another person's sensory experience. In a way this project attempts to stimulate your mind with a carefully selected collection of audio and video recordings.
is a historical project to explore events related to the hacking culture and information security such as group formations, important releases, compromises, arrests, etc. Studying the history of the previously mentioned topics is essential when trying to understand where we stand today and possibly glimpse into the future.
The site was designed and developed by Peter Kacherginsky (iphelix).
Unless specified otherwise, all original content on this site is copyright protected and licensed under a CC BY-SA 3.0 license.