5 Days


Cybersecurity professional that need to crack passwords for ethical, lawful or otherwised approved/sanctioned reasons. You must be government, law enforcement or a legitimate organization/government contractor. This includes penetration testers and/or red teams that include Hashcat in their TTPs. We do not offer this course to the general public.

Course Overview:

You will learn, in detail, how to use Hashcat, its supporting tools as well as Hashtopolis for distributed cracking.
Message to prospective students:
Calling hashcat a ‘password cracker’ is a true statement but is also an over-simplification. Pulling back the layers on this tool reveals a complexity that is not appreciated until you dive in and begin to explore. Like all tools, this one involves typing a command, pressing enter and waiting for the result. But what is not readily apparent is the skill and artistry that is required to make this tool a truly amazing piece of kit in your armory. This course endeavors to focus on the technical while simulatneously pushing you in the direction of using hashcat with a nuanced, artist-like approach.


Fundamental Linux skills are a must

Course Outline:

  • Provide a brief overview of modern cryptography for the purposes of framing hashing techniques and their role in securing infomation systems
  • Understand the state of affairs with modern password usage. This includes;
    • Issues with passwords and password implementation (proper and improper usage)
    • Approaches to password cracking
    • An examination of famous password breaches and what was learned from them
    • Passkeys, Dicewords, passphrases and password complexity
  • Approaches to password cracking – A logical, methodical approach to password cracking that can and will vary from target to target
    • Exploring Distributed Cracking
    • Time-space tradeoffs in password cracking
    • Considerations and variations in technique when dealing with slow v. fast hashes
  • Password Entropy
    • What it is and why it is so important
    • Calculating entropy
  • Considerations for building password cracking computers (‘cracking rigs’)
    • GPU choices
    • RAM choices
    • CPU choices
    • Cooling
    • Power
    • Motherboard considerations
  • Considerations in Internet Wordlists, Custom Wordlists and character encoding
  • Overview of Hashcat
    • What it is
    • What it can and cannot do
    • Overview of attack modes and supported algorithms
    • Identifying algorithm type (if/when possible)
    • Understanding Hashcat Base and Mod loops and how they impact cracking
  • Detailed exploration of Hashcat potfiles and potfile management
  • Managing Hashcat sessions
  • An in-depth look at each tool in hashcat utils and how each might be used in support of cracknig efforts. This includes:
    • cap2hccapx
    • cleanup-rules
    • combinator, combinator3 and combinatorX
    • combipow
    • cutb
    • expander
    • export_potfile
    • gate
    • generate-rules
    • hcstatgen & hcstat2gen
    • keyspace
    • len
    • mli2
    • morph
    • permute
    • prepare
    • remaining
    • req-exclude
    • req-include
    • rli, rli2
    • tmesis, tmesis-dynamic
  • Detailed Exploration of each hashcat attack type and its usage. This includes:
    • Dictionary attacks
      • Rule-based Attack
        • Analyzing Internet rule sets
        • Creating your own custom rule sets
        • Ruleset considerations with various algorithms
    • Combinator Attack
    • Brute Force Attack (Marov)
      • Understanding Markov Chains
    • Mask Attacks
      • Custom Hash Masks and Characters Sets
    • Hybrid Attacks
    • Association Attacks
  • Analysis of WiFi Vendors and their default key algroithms and how they can be attcked in the most optimal way possible.
  • Detailed exploration of keyboard walks and kwprocessor
    • An analysis of keyboard walk vectors (magnitude & direction)
    • Creation of custom keymap files
    • Creating your own route files
  • Using hcstatsgen and statsprocessor to make your own hcstat files (optimizing Markov for target-specific attacks)
  • Using maskprocessor to generate customized candidates using mask files
  • Using princeprocessor for automated password guessing
  • Using Hashtopolis for distributed cracking

Hands-on Labs:

  • Each course objective described above is reinforced with hands-exercises.
  • End-of-course marathon labs; there are two:
  • One focused on a data dump from a large organization with a variety of hash types in use
  • One focused exclusively on attacking 802.11 WLANs

Hardware Required:

Each student requires a computer with a GPU, preferably an NVIDIA GeForce RTX series. If neeed, this computer can be remotely accessible. MacBook Pros (both late-model Intel and Apple Silicon w/ upgraded GPU) will also work but are less than ideal. If students do not have computers (laptops) with GPUs, please contact us and we can offer solutions.
Please note that this course can be done on computers without GPUs but it is not recommended and is discouraged. The ability to work through some of the lab exercises will be severly hindered without reasonable equipment.