The precursor to cracking any password is getting the right hash. In this talk we are going to cover how we discovered that Cain and Able, Creddump, Metasploit and other hash extraction tools regularly yield corrupt hashes that cannot be cracked. We will take a deep dive into password extraction mechanics, the birth of a viral logic flaw that started it all and how to prevent corrupt hashes. At the conclusion of this talk we will release patches that prevent hash corruption in these tools that many security professionals use every day.
Ryan has been with Crowe for five years and is the Manager responsible for Crowe's Penetration Testing methodology and tool development. Ryan has a wide range of knowledge and experience in system administration and networking to include security applications and controls. He is a technical lead for engagements including application, network and infrastructure penetration testing on both internal and external systems.
Jonathan Claudius is a Security Researcher at Trustwave. He is a member of Trustwave's SpiderLabs -the advanced security team focused on penetration testing, incident response, and application security. He has eleven years of experience in the IT industry with the last nine years specializing in Security. At Trustwave, Jonathan works in the SpiderLabs Research Division where he focuses on vulnerability research, network exploitation and is the creator of the BNAT-Suite. Before joining SpiderLabs, Jonathan ran Trustwave's Global Security Operations Center. Before joining Trustwave, Jonathan was a Network Penetration Tester for a Top 10 Consulting and Accounting firm and worked for a US Department of Defense contractor in their Communications Electronics Warfare Division. Jonathan holds a Bachelor of Science in Applied Networking and System Administration from the Rochester Institute of Technology and is a Certified Information Systems Security Professional (CISSP).