Password Audit
This service offers an evaluation of your organization’s password policy. Our specialists will perform a dump of all user hashes within an organization and perform hash cracking against the hashes to evaluate password strength. If one of your employees uses a weak password, it exposes your entire organization to threats. Likewise, if one member of your team reuses their strong password elsewhere and it is compromised, then your entire network is exposed.
Passwords have become the main point of entry for hackers. Any password complex enough to garner security cannot be remembered easily, and with an ever-increasing number of passwords being needed, users often reuse them, which is a huge security risk. An audit can assist with employee training and the improvement of your organization’s password policy and security posture.
Our Methodolody
All testing performed are based on the NIST SP 800 - 115 Technical Guide to Information Security Testing and Assessment, OWASP testing Guide and checklist (v4) plus other customized testing frameworks.
PLANNING
Customer goals are gathered and rules of engagement obtained.
DISCOVERY
Perform scanning and enumeration to identify potential vulnerabilities, weak areas and exploit.
ATTACK
Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
REPORTING
Document all found vulnerabilities and exploits, failed attempts, company strengths and weaknesses.
Thorough Testing
The tools used for testing include but not limited to:
John the Ripper
RainbowCrack
Wfuzz
Cain and Abel
THC Hydra
Ncrack