‘Password Security’ Presentation at IIT Guwahati

Here is brief capture of the security conference “Information Security Education & Awareness 2011” (ISEA) held at IIT Guwahati where I presented ‘Primer on Password Security’. This event was held as part of initiative to educate masses on growing trends and latest topics of information security.

On the first 2 days of the event, Vivek – Founder of SecurityTube.net – talked about ‘Exploit Research & Research Engineering’. It was excellent session followed by one day workshop where participants really enjoyed performing reverse engineering and exploiting buffer overflow using metasploit. On forth day, Sohail – AirTight Networks – spoke on “Wireless Penetration Testing” with live demonstration of wireless attacks and on Final day, Prasanna presented on “Mozilla Firefox Security” showing how easy is to write dangerous malicious extensions and fool anyone.


As part of this event I was invited to speak on ‘Password Security’. My session was on third day with morning session focused on theoretical aspects of password security along with couple of demonstrations followed by workshop in the afternoon where students performed hands-on experiments with recovering windows password.


Here is the high level break up of my Presentation

  • Part I   – Operating System, Cryptography & Password Recovery
  • Part II  – Password Cracking/Recovery Techniques
  • Part III – Advanced Password Stealing Methods
  • Part IV –  Why they are after you and Tips for Protection !


The session started with windows/linux password recovery methods where I talked about local/remote/offline windows password recovery along with demonstration. Then I explained on Windows cryptography technologies such as DPAPI, “Credential Store” & “Protected Storage” along with code examples.In the second part, I covered various password recovery/cracking techniques including dictionary,hybrid, pattern based brute-force, GPU/Distributed crack, Rainbow Crack etc.


Next I shared about – first ever disclosure – ‘Apple Safari Password Recovery’, starting with figuring out password storage location, decoding and finally decrypting the stored passwords by Safari. Here I explained about various steps and challenges involved in making of SafariPasswordDecryptor !

In the later session, I explained on advanced password stealing methods employed by hackers/trojans and some practical tips on how to secure/save oursevles from such attacks.

In the workshop, participants played around with local and remote windows password recovery using the tools BackTrack + Cain & Abel + RainbowCrack + Online Hash Cracking. Funny thing was that no one was surprised or amazed when I showed the demonstration of windows password recovery in the morning session. But they were really shocked when they really did it for themselves in the workshop !


The special moment of this entire event was a small ceremony where in speakers were felicitated by Prof. Sukumar Nandi with a Shawl, Momento (Rhino with One Horn) and a certificate. Personally it was great moment for me as it was first time I have received such a great felicitation.

This would not have been possible if Vivek – Founder of SecurityTube.net – had not recommended me to ISEA event committee. My special regards to him for referring me and making me part of this great event.

You can download the slides of my presentation ‘Primer on Password Security’ here.


Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list