Exposing the Insecurity of Weak Passwords… and How it Helps the Threat Actor

Webinar Registration

The latest industry data shows that nearly every cyberattack today involves some form of misuse of credentials – whether as part of lateral movement, establishing persistence, gaining elevated privileges, exfiltrating data, or encrypting an environment. But not every instance involves a threat actor using social engineering, phishing, vishing, etc. to trick someone out of their username and password.

In many cases, brute force and password spray attacks are effective ways to attain access. And, with users being infamous for using insecure passwords, the potential for successful attack is high. Add to this the fact that there are common locations threat actors go to in order to either test passwords or simply find them lying in wait, and it quickly becomes evident that there are steps you can take and measures that can be put in place to offset the risk in insecure passwords.

So, just how weak are your passwords and what can you do to strengthen this part of your security strategy?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:

  • The reality of insecure password use
  • The role passwords play in common cyberthreats
  • Resources you can use to both identify weaknesses and strengthen your password position

Nick will be joined by Brian Johnson, CISSP, OSCP, and President of 7 Minute Security, and Jeremy Dundon, Solutions Engineer from Anixis (now part of Netwrix). Brian will dive deeper into the topic showing real-world tools used to identify and crack passwords, discussing:

  • How to manually audit your environment for weak/common passwords
  • Where to download lists of weak/common passwords
  • How to dump all usernames and hashes out of the domain controller and then check all your users against these lists of weak/common passwords
  • “Hidden” places on the network (like Active Directory, Group Policy objects and file shares) where passwords may live unbeknownst to sysadmins

Jeremy will then talk about the biggest issue in password security – the user – and discuss how to enforce granular password policies to protect Active Directory from password attacks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Zip/Postal Code:  
Company Size:
Job Title:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources