Phone Number +1-202-802-9399 (US)

Thycotic PAM, IT and
Cyber Security Webinars

Ongoing education, on-demand


Password Attacks with Kali Linux

Kali Linux has around 40 tools in its Password category of tools. In this webinar, we demonstrate the best Kali tools for penetration testing and risk analysis. But before you can use these tools for pentesting it helps to understand the multifaceted world of password attacks. So we start the webinar with a quick Password 101 tutorial.

Password attacks can largely be divided into three types: online, offline and hybrid. Kali’s tools directly or indirectly facilitate all three types of password attacks.

With online password attacks, you actively contact a listening service and try to authenticate using various passwords or related credentials. Brute force online attacks are the simplest but also the most time consuming and “loudest”. In the webinar we reveal “better than brute force” methods and tools in Kali.

Offline password attacks require you to harvest some derivative of a password such as hashes, session keys, cached credentials and more. Then you work backwards from that artifact to figure out the actual password in a process called cracking. We examine Kali tools for harvesting credential artifacts, then we explore several of the cracking tools that come with Kali and discuss techniques like rainbow tables.

But is it even necessary to crack the hash? Some technologies, such as Windows, are vulnerable to hybrid attacks like pass-the-hash. You’ll learn how these attacks work, their perquisites, and Kali tools that apply these techniques.

There are many peripheral tools that make the above password attacks more efficient. So we delve into PACK and other tools that help you build efficient word-lists for online login attacks as well as cracking. The more you know about the environment and users involved, the more targeted you can make the list of passwords tried.

Here are some of the tools we discuss in the webinar:

  • Creddump
  • PACK
  • Hashcat
  • HexorBase
  • Hydra
  • Keimpx
  • Ncrack
  • Ophcrack

For online attacks it’s also important to have tools that can attempt logon through a wide range of protocols. We’ll show you how some of these tools can try everything from RDP to SQL Server and in between.

Then we will show you some of the techniques he uses to get your passwords and some best practices to help reduce the risks of your password being stolen and abused.

Who should attend this webinar?

IT Security
New to PAM
PAM experts
IT operations: Systems Administrators, Helpdesk Teams, Infrastructure Management, Workstation Management, etc.
Compliance and Audit
CISO and Executive Leadership

What will I learn?

The most useful Kali Linux tools for penetration testing across all three types of password attack
The “better than brute force” methods you need to know about
How to build the most efficient password lists
How to harvest and re-use artifacts
Joseph Carson’s top techniques for accessing organizations’ passwords

Get the answers to these important questions:

What is the #1 cyber security challenge my organization faces?
What makes the online password attack such a viable technique?
What is artifact re-use and why is it an attractive option?
What is the common security vulnerability that is associated with cookies?
Which is the most modern type of password attack?
Which best practices will reduce my risk of password theft?

What materials or resources will I receive?

Download our free ebook: Privileged Access Management for Dummies

Watch the Webinar