Gears, Grit, and Gaps: A Mechanical Engineering Mindset for Cybersecurity

This talk explores how a mechanical engineering mindset can be applied to security challenges. Just as Free Body Diagrams help engineers visualize and solve physical problems, similar approaches can be taken to security problems. We’ll break down the engineering process and re-frame it for cybersecurity investigations. From visualizing the problem, solving for unknowns, and iterating toward solutions, attendees will walk away with a structured framework for turning overwhelming cyber problems into solvable ones.

From Hashed to Cracked: Practical Password Cracking

Hashed passwords are foundational to modern authentication systems, yet many people only encounter them at a surface level. This 2-part workshop introduces attendees to the identification, analysis, and recovery of weak credentials through tools such as Hashcat and John the Ripper.

Hour 1 - Hashing Fundamentals and Intro to Hashcat + JtR. We'll discuss how hashes are generated and stored, their role in authentication systems, and how we interact with them during security assessments. We'll then cover Hashcat and John the Ripper, including installation, syntax, hash identification, and basic cracking workflows.

Hour 2 - Intermediate Cracking Techniques. We'll cover combination attacks, masks and rule-based attacks. We'll extract password hashes from a couple different types of real-world systems such as captured WPA/WPA2 handshakes and Linux systems utilizing modern hashing algorithms such as YesCrypt.

By the end of this workshop, participants will be able to identify common hash formats, extract credentials from various environments, execute effective cracking, and assess password resilience.

Target Audience: Beginner to Intermediate Level
Target Length: 2 hours
Prerequisites: Linux terminal knowledge
Tools Covered: Hashcat, John The Ripper, maskprocessor, and more!