Using Natural Language Processing to Crack Passwords

right hello everybody my name is Robin Vickery and this is using natural language processing to track password on set for the victory I'm a penetration tester and I work for a company called Collison and I like sailing pen testing do two things Tolleson are small pen testing companies were pasted over in these check writing objects code and build reviews Wi-Fi testing mobile application testing you have application testing and external pen testing and it's the last two that identity so how I came up with this is a half-baked idea that I'm sorry turn into a presentation like all updates ideas it's stopped out of our problems the problem is basically I coached her from and is a pen tester at line you know

arts nothing about your business area businesses Preston and volcano in fear that business part I'm inspected strongest a password in name so just have an example of what a typical shop for us to be right and have a country called examples on that which is an international community and I know they've booked an internal next channel pentest some are doing excellent test photography to engines anyone narration president so two weeks before the test drops the peasants much ugly and all I see is and about serious concerns the project initiation document this is what soldiers that opinion and slowly project raspberry you see what we're not contesting so I am I finished insistence sorry too lazy bug and then for the next

couple beachside but it had my name is unlocking another project and so it certainly be tested before adding such as attach it in the freezer Brad and on the time I didn't know he's a bit more about company 90 companies you only 32 you know justice and also misery so here we've got is / 16 about this such a 50% [Music] and popular website so I respond audience because and realized it was such a new series so next step is check out complete website children identify an opportunity named it out and you can password wants to see what we find and then I look at any proper related sites I can find so the organization

issues Federation Federation on just basically making a history it is confronting national silent instruction and ironies contact our initiations and you didn't see interpreter and it turns out the discussion is improvisation Rosina so in perpetuity session today [Music] the world sizes actually efficient vessels at sea so you drop that out of your scope and replace it with one missing job and then there's a critical system that you wanted to see 3-pack numeration dns enumeration what's going on abyss carrying that much captures all those it started off and then while I'm waiting for is to completely start covering information password happiness so scan websites been using cruel go to know when slightly screwed that and take that

this ice buildup mister dictionary this definitely and I combined that with any knowledge that can covered from the local area Fraserburgh and any passwords are found in password Leeds fans in the DNS enumeration about buying anything that's in the case of interest in Mesa sadness when I productions as well then I go under and I'd ever anything that I might possibly religious in the company and that's what I might do fishing what knows Asian I have a role just stop read this and show you every company in Scotland because I have yet to company yet that doesn't have at least half a dozen password based on South the time you just blue teams and then study password list so enemies

I'm innovations will never stand or static okay and by now good luck we all have fans over history on the doors even cover potential softly was cut Valencia on hashes or copy file share with pilots in Pasadena and we cousins named Thomas and very seriously and now start cutting them so first we are centered well imagine terms service comes please service captain time and to the GSM adjustment and you can choose a password then this chesticles stop sticking around the world to choose prime various rules passenger seat row and then Austin speed running a while was a nasty I have a look at us resonant Silverman fun many common patents so this efficient company and I am a PhD

machine image and on our times farming is on and I'm always that television is to fish new teaching silicate night but that something wasn't work that we do on a client's awesome person into the mountainside engineers be concentrating learning from Calcutta by Japan's Network and

much less puffy cracking so it'd be nice if I could not even see her so what can we oughta know oh I've got some pre-built tissues that I had used every time that doesn't require much with us the cool straight thing you need to do to get a some kind of specific post for that quite no trans industry but the rest is just a plug if we can automatically look at the track passwords and perfect relatedness those up mr. 15 per block to the equivalents involved the looking finding Alistair fish and putting it back in the ditch me then I would save me a lot of often time so I had hazy memories of seeing Google

projects years ago which she gives the words and it will find a little group to find out and I could but continue including an issue dispose of something to Android and items now this is the definitely voting days it means of building a long dimensional vector representation through the text we preserve the protectors of my achievements so was it regularly economy by an attachable to be president United States which basically means computers rubbish at Museum of birds but good enough so we convert words but that relationships other words then computer can work in pair so very very Italian this is instituting a slightly embarrassing text and find it comes to the written that the words

within that window surround and it doesn't list in fact that I've activated fans to that are huge equal to dance and you end up with effects of every single word in caucus and detective course it takes is big enough and representative or not then those vectors parent relationships to each other so on the fine father was used as some content so ended fish reel had a very single vector you can find it given HTTP event you can find only factors which are within a certain process and definitely swap rows with similar vectors which is been locked on you there's also a couple of other things as relationships between birds they cannot miss a food derived

with the written since two thousand things like is subtract adapted for obesity competitive tension and that's the difference to another country of ended really gets is actually that's very positive ends up in publicity of a mention perhaps as is interesting but it's not new currency so any means he finds that factors for similar words news have trusted together so his crappy she is discontent is not the service noted was custom cabin cold it's fans this is general descent of a relationship to Kappa citizen countries for adductors [Music] so we need to turn these things on she probably didn't and it takes a lot of time as they've seen communities to clean up the tater and such Edison so

what's you don't have to do that you can go wrong in this netting at times downloading but the post on occasion common core dataset which is is a spider web site Pervis news where to 6 and ayah Susie reviews one of those 1 in 10 G's this is this one seem very interested but I have fun in mass the last 20 years with a significant mass as 10 years so I was very funky to anything so but there's a likely to do in whoo it's called Jemison pipe iconography and it's just a case of it was too late and he brought everything on September 13 so proud of you need to start looking for some of those so this is a sub usage and

also pivot farming and then set it to consume what were similar to mr. Sherman what you get out is something like that among the top 10 list so 70 simoleons

not all thanks to the users password because you don't need a massive amount accuracy is just a huge number of us supplementation so here's another problem with rampage about put in freezer burn for mountbatten if you had a very challenging so if I said nagging is now that we see digitally using a spot where this whole scrutiny website and then BOOM I'm tracking on using values upon which we note taking find all the crap muscles discovers 17 off quickly very busy pressures to get what particular and then stick out what this manner stick that word in to Kenzo of those words in to change them and take reverse it was this shucks fabulous put them back English and then repeat

hello so if I were doesn't come back you've any new words or that board is stop it so the advantages of that is I don't have to change any totally thinking sometimes especially the middle of a 14-1 and it sometimes discovers relationships don't suppose I'm sitting on the toilet when I develop into the efficiently the disadvantages are it means a huge dataset to work from it's quite is lost intensive memory and it doesn't run in the hospital or a space it's quite sensitive to the positive input so if you don't clean on the Apple as you discover what necessarily foundation rather workers correctly wages and it doesn't understand context to do so words which have more than one

meaning it might be obvious to you what the person trying to mask what he means but this program doesn't understand so that's essentially what this okay it's not it doesn't send to work quite as well as we doing manually but that means practically no luck identifying things like doctor to use so in future are include the cleaning of the passwords as input in system turning out high entropy us with the oxygen generated and trying to decide series of phases individual growth is also actually runs out and adult pathways I'd like to find some we're receiving it [Music]

[Music]

[Music]

[Music]

[Music] so you sure - okay how well would this one how well would this work with like a non Western alphabet I've not tried on almost not that but there are preaching levels were wrong Central European languages the vedas extant even worse the typicals Betania what wikipedia than Wikipedia the English massively people saw this as possible but apparently was [Music] I thank you for that it's very interesting and have you considered packaging this up into at all or even webapp because of things a really really cool approach of integrating a load of different libraries and tool sets and it's probably a market out there that would take full advantage of it thank you for the talk do you have any like

hard numbers on how to still actually perform statistically you said it's like not quite as good as doing it manually but have you done any benchmarking or something I'm not entirely sure how to do I have to mention it sir I have a few just looking at resolves some time what I feel this is listing misses things that I might plan well monument and it does fall relationship stood from the 13 images I'm using my limited knowledge is sufficiently mistreated and right okay Middleton's cool but it has the entire repeater to drones and finally it works so it points things that I will report it but I just saw fill all feeling that on the whole I get a better percentage

with password cracks when I'm 14 13 or so and I'll be able to figure some way that he tips attention after comparing my performance of I'm just critical question and do you usually just crack password dumps or detail actively and brute force passwords I've done accounts which are active and if you do em how do you add you bypass liked a lot of password lock helpful stuff at the account I only use this [Music]

password services thanks very much for the talk I thought it's really interesting how long does roughly take you to pull all this together during an engagement like couple hours to pull this together to be able to sort of crack the word list in terms of effort now that is God's or the library there for you yeah so if you wanted to do this cracking technique that you just discussed that how long does it now take you now there's a library so you'd have to do it manually roughly there's a couple hours of effort or

see now all jumpin the cool sensitive you once you're starting the season came to listen to the story not another

thankee would you agree that probably the most effective way to to use this in an actual engagement would be to combine sort of your your natural language processing along with your manual tactics so you would normally used yes

there's always on time so listen this [Music] button usually when we're doing this we do it Cynthia the customer and ideas the security the passwords across the organization because once across the stage were probably chance whoever's favors we were already on what was a very trouble already so incentive means these attraction that is continuous s so this is more giving in the active data the customer actual situation where pastors they lose focus on achieving the unity person was this difference terrible person

so you've spoken so far about this being used in the context of an engagement where you go and help a client organization do you think this tool could be easily made into a form where an organization could self audit their own password database

[Music]

[Music]

well thank you