Back To Schedule
Saturday, March 28 • 11:30am - 12:00pm
Serverless Password Cracking or: How I Learned to Stop Worrying and Love AWS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Password cracking by the book is expensive, complicated and difficult to scale. Trying to crack passwords on laptops is comparatively slow and unhelpful. Investing in a rack of Nvidia graphics cards to do all the heavy lifting is so costly that the added value is nearly impossible to communicate. 

Too many times, a single uncracked password is the only thing sitting between a penetration tester and a Domain Admin account during an engagement. Inefficient and costly password cracking doesn’t just keep white-hat hackers from doing their best work. It keeps their clients from completely understanding their threat model. 

My colleague and I have set out to create a better solution using existing AWS offerings that drastically reduces costs, improves the quality of penetration testing and red team exercises and can be utilized with almost no barrier to entry. By removing the need to purchase hardware, time spent configuring and managing servers, and by distributing the workload across low-cost/high-power endpoints, we’ve found a way for security experts to crack passwords in a scalable, portable, cheap way without losing processing power.


avatar for Ryan Basden

Ryan Basden

Manager, Senior Penetration Tester, risk3sixty

Saturday March 28, 2020 11:30am - 12:00pm EDT
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA