What I Wish I Knew About Password Auditing: Cracking User's Passwords before the Bad Guys
Ben Tice at BSides Delaware 2019
The goal of the talk is to give blue teamers and IT staff the knowledge they need to do internal audits of their Active Directory credentials and to dramatically increase the difficulty of attacks that abuse passwords such as password spraying and credential access. Password auditing (Aka cracking your own passwords) is presented as one part in a larger strategy to reach the desired goal. This talk puts all the knowledge required in one place with both high level strategy and low level specifics of the cracking techniques used.