Hashcat and Survivorship Bias: Cracking uncommon passwords

BSidesDFW 2021 Track 2 Session 6 - 06 Nov 2021 Hashcat and Survivorship Bias: Cracking uncommon passwords An easy trap to fall into when cracking passwords is to model off what has already been found. While this will generally yield some success, it ignores those that do not follow the pattern. Applying models based on Survivorship Bias can improve discovery of complex passwords that would otherwise remain uncracked. Jon Rhodes is currently employed as Principal Adversarial Engineer at Truist. He specializes in cloud and webapp pentesting and is a member of the Synack Red Team. In his free time, he enjoys spending time with his family, swimming, and gaming.