Advanced Password Analysis & Recovery
Contact IT Dojo for current pricing, available dates, and a custom quote tailored to your team or organization.
Course Duration
5 Days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
No prerequisites required.
Course Description
This course equips students with the knowledge and skills needed to perform password auditing using tools like Hashcat and John the Ripper. Students gain a thorough understanding of password cracking techniques, methodologies for different hash types, and hardware optimization for password recovery. Special focus is placed on the application of advanced attack modes using Hashcat and John the Ripper, ensuring students can audit standard and complex password scenarios in real-world environments.
Learning Objectives
- Understand password storage mechanisms, hash types, and common weaknesses in password-based authentication
- Configure and operate Hashcat and John the Ripper for a variety of password auditing scenarios
- Apply wordlist, brute-force, mask, rule-based, and combination attack modes effectively
- Optimize hardware configurations (CPU and GPU) for high-performance password recovery
- Analyze and crack password hashes from common operating systems and applications
- Conduct sanctioned password audits in compliance with applicable policies and legal requirements
Course Outline
Introduction to Password Security
- Password storage and hashing fundamentals
- Common hash types (MD5, SHA, NTLM, bcrypt, etc.)
- Why passwords fail and how auditors find weaknesses
Hashcat Fundamentals
- Installation, configuration, and hardware optimization
- Attack modes: straight, combination, brute-force, mask, hybrid
- Rule-based attacks and custom rule creation
- Wordlists and candidate generation strategies
John the Ripper Fundamentals
- Installation and configuration
- Format detection and hash extraction
- Incremental, wordlist, and rules-based cracking
Advanced Attack Techniques
- Markov chains and PRINCE attacks
- Cracking complex and enterprise password policies
- Distributed cracking and cluster setup
Real-World Scenarios and Lab Exercises
- Extracting and cracking hashes from Windows, Linux, and applications
- Auditing Active Directory password hashes
- Reporting and remediation recommendations
Frequently Asked Questions
What does the Advanced Password Analysis & Recovery course cover?
This course equips students with the knowledge and skills needed to perform password auditing using tools like Hashcat and John the Ripper. Students gain a thorough understanding of password cracking techniques, methodologies for different hash types, and hardware optimization for password recovery. IT Dojo delivers it as live instructor-led training for government and business professionals.
How long is IT Dojo's Advanced Password Analysis & Recovery training?
Advanced Password Analysis & Recovery is a 5 days course. It is available as live remote online instruction or on-site at your facility.
Is this course available as live remote online training?
Yes. IT Dojo offers Advanced Password Analysis & Recovery as live remote online training led in real time by a certified instructor. On-site delivery at your government facility or contractor location is also available.
Who should attend this course?
Employees of federal, state and local governments; and businesses working with the government.
Does IT Dojo offer this training on-site at government or DoD facilities?
Yes. IT Dojo delivers Advanced Password Analysis & Recovery on-site at government agencies, DoD commands, military installations, and contractor facilities. On-site training is ideal for teams and can be customized to your organization's workflows. Contact IT Dojo to schedule.
How do I register for this course?
IT Dojo training is employer sponsored. Your organization registers and pays for seats. To schedule Advanced Password Analysis & Recovery for your team, contact IT Dojo via the Request Training form or call 757-216-3656.