Video: Advanced password recovery and modern mitigation strategies
Posted on 23 October 2013.
Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have become the keys to our digital kingdoms. So it’s no surprise that APT actors and malicious software target these credentials once they have compromised a system or systems in our network to further entrench and seek profit from unlocking our personal and corporate data.

In order to curb this problem, most enterprises and operating systems encrypt this data to keep it safe. However, we have seen with the right tools these credentials can be unencrypted and used for more nefarious means. This problem has plagued even the largest organizations and the list of companies suffering from credential leaks is growing almost daily.

This video by John Moore from DerbyCon discusses how these breaches occur, the risks to the organization as well as the individual and what can be done to mitigate this growing security epidemic. An “Enclave Protected Defense-in-Depth” strategy toward creating, securing and managing passwords against this class of attack will be propounded and a focus will be placed on explicating the tools, techniques and practices (TTPs) used by malicious actors that leverage these attacks to gain access within the network to breach critical data that can bring harm to the individual and organization.

Lastly, we will explore how to improve personal and enterprise password strategies, discuss alternatives like two factor authentication and Active Directory Group Policy strategies to help mitigate this risk and, finally, speculate to what the future of authentication may look like.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th