(image was generated by Stable Diffusion, and is not an accurate representation of our cracking server 🙃)
In the realm of penetration testing, the inevitable task of collecting and cracking password hashes arises. Whether conducting web application testing, uncovering symmetric secrets for JSON Web Tokens (JWTs), or engaging in network penetration testing within an internal network, cracking passwords is an invaluable step in the process. Despite numerous resources offering recommendations for assembling a password cracking machine, there is a scarcity of comprehensive build guides for existing password cracking servers. Especially for those operating on a smaller budget, but trying to get the best bang for their buck.
Join Doug Bigalke and Alex Rodriguez as they delve into this topic and more during the Thrift Store Cracking Server: Popping Hashes Guide webcast on February 27th.
Thrift shopping with performance in mind
In 2021, with a budget of approximately $12,000, Doug and Alex strategically crafted two password cracking rigs focusing on optimizing performance as well as ensuring a cost-effective approach. One of the other key ideals that was incorporated in their planning was to accommodate for future GPU upgrades. Operating in a fully remote capacity, Alex prioritized the ability to manage servers from a distance, and urged hardware choices aligned with this goal. From a software perspective, they implemented a scarcely discussed technique—PCIe pass-through—but through benchmarks identified it was on par with most hardware configurations. They also were able to leverage Infrastructure as Code (IaC) using Ansible to ensure this process was repeatable.
Webcast Highlights:
- Requirements Overview: Explore the real-world requirements and initial project objectives that shaped our journey.
- Hardware Insights: Dive into the thoughtful decision-making process behind our hardware selections.
- Software Techniques: Uncover the novel and performance-driven techniques employed, with a brief mention of repeatability through IaC.
- Day 2 (Daily) operations & Future Improvements: Delve into the ongoing maintenance, periodic challenges, and future enhancements.
- Live Q&A Session: Engage in a dynamic question-and-answer session to gain deeper insights into our password cracking process.
Target Audience:
While this isn’t a comprehensive list, these are some of the people we had in mind when creating this presentation.
- Security Professionals
- Red team members from an offensive perspective
- Blue team members focused on password auditing
- Hobbyists interested in building cracking rigs
- System Administrators handling ML/AI workloads
- Anyone seeking an understanding of the requirements for password cracking servers
Join us for an insightful discussion about our thrift store experience!
Don't miss the opportunity to enhance your knowledge of password cracking hardware. Register now for this unique experience. At Secure Ideas, we are dedicated to enhancing your penetration test experience by sharing insights and techniques to bolster your environment's security, whether you are on the defensive or offensive side. Stay tuned for more detailed blog posts on this topic in the future, and in the meantime, explore our existing blog posts on hardware and passwords