Password Attacks - SY0-601 CompTIA Security+ : 1.2

Рет қаралды 362,824

Күн бұрын

Security+ Training Course Index: professormesser.link/sy0601
Professor Messer’s Course Notes: professormesser.link/601cn
Professor Messer's Practice Exams: professormesser.link/601ytpe
Discount Exam Vouchers: professormesser.com/vouchers/
Professor Messer Recommended Study Materials: professormesser.link/601rs
- - - - -
There are many different techniques that the attackers can use to find your password. In this video, you’ll learn about spraying attacks, brute force attacks, hashing, dictionary attacks, rainbow tables, salt, and more.
- - - - -
Subscribe to get the latest videos: professormesser.link/yt
Calendar of live events: professormesser.com/calendar/
Frequently Asked Questions: professormesser.link/faq
FOLLOW PROFESSOR MESSER:
Professor Messer website: professormesser.com/
Discord chat: professormessermesser.com/dis...
Twitter: professormesser.com/twitter
Facebook: professormesser.com/facebook
Instagram: professormesser.com/instagram
LinkedIn: professormesser.com/linkedin

Пікірлер: 64

@nuchemweinstock9978 2 жыл бұрын

Actual story: a user came to me with a Tablet with a pattern password, he told me that he forgot the password, I performed a Google search for the most common pattern passwords, and guess what, the 6th password I tried was the correct one...

@halo2bullseye922 5 ай бұрын

😂😂

@thereaper1766 2 жыл бұрын

Another incredible video. Just passed the exam and absolutely this video is important. Make sure to watch the whole thing!

@thatonedudemike3259 2 жыл бұрын

Congrats!

@okegs4real 2 жыл бұрын

Congrats. Were you able to secure a job

@thereaper1766 2 жыл бұрын

@@okegs4real Yes absolutely. I was taking this exam to meet the requirements for a job.

@okegs4real 2 жыл бұрын

@@thereaper1766 what is pay range for cybersec beginner jobs? Did you already have IT experience? I'm completely new to this field, no IT experience

@thereaper1766 2 жыл бұрын

@@okegs4real I actually needed this for a Software Developer position. I had a little IT experience but mostly programming. Also I think pay is VERY regional because it fluctuates a lot based on location.

@ecuadoriano2 Жыл бұрын

"Rainbow Tables won't work with Salted Hashes" U da man, prof Messer Got my A+/Net+, thanks to ur videos, now on to Security+ Happy New Year

@sorakhar 20 күн бұрын

imagine saying that phrase to someone out of the industry

@Spartan045G Жыл бұрын

God, I started watching your videos years ago and I love how you still use Stargate names for things. Funny how when I started I was going into a job for a help desk position, and now I'm a SysAdmin.

@mohdymi 2 жыл бұрын

I'm so astonished, of how great Professor Messer is, his videos are extremely beneficial, and what I love so much about it as well, he dives right in, as soon as the first second of the video begins , which is so time-efficient, much love professor!

@BoitumeloNtokozoNgwenya 6 ай бұрын

watching the whole series for my security+

@jjd1480 Ай бұрын

Me too!

@user-gs2wd2zl9l Жыл бұрын

It is really hard for me to listen to the same voice but you keep me incredibly engaged. Thank you for doing this!

@emperial8889 Жыл бұрын

I appreciate Professor Messer is a Stargate fan!

@derekfranklin9783 2 жыл бұрын

I don't see too many comments. I want to thank you for all the help with keeping the information straight to the point but giving awesome examples!

@Dan-rj8xx Жыл бұрын

2:35 stargate reference... nice!

@dominicbarnes712 2 жыл бұрын

i love this guy. Brilliant material!

@Tairah 2 жыл бұрын

Thank you so much! Your videos are super helpful!

@AboodSpiN Жыл бұрын

i love your explanation prof! keep it up!

@JakeXimus 2 ай бұрын

You just earned a new level of respect for being a fan of Stargate

@BoitumeloNtokozoNgwenya 6 ай бұрын

great content, very clear and precise

@Facumaglio 3 жыл бұрын

Thanks for the videos, you are amazing.

@nhiphuongnguyen5449 Жыл бұрын

This video is incredibly interestinggg!

@johncrocker2949 Жыл бұрын

Thank you!

@halo2bullseye922 5 ай бұрын

Thanks Professor Messer! :)

@whatdoiputhere545 2 жыл бұрын

I see that Stargate SG1 reference

@joerogers11155 Жыл бұрын

Indeed.

@vagabondmatt5152 3 ай бұрын

The stargate reference made me smile lol

@disQoWiLL Жыл бұрын

@anthonyreese2929 Ай бұрын

how would they know which hashing algorithm to use in order to do a brute force on hash data?

@user-px2ik3mr8k 4 ай бұрын

Hi Professor, thanks for your videos. It has been helpful for me to prepare for Security+ exam. I am planning to take practice exam from your website before taking a real exam. I have been watching till this video so far. What do you recommend me about when can I take practice exam ? Is that recommended if I take it after watching all 177 videos or what? Thanks.

@devinrobertson5251 5 ай бұрын

How does one "add salt" to a password? Isnt the password saved as a hash upon entering it successfully? So wouldnt that mean youd need to add a random string of stuff to the password before hitting enter? Because that would cause you to have the wrong password and be unable to log in. Or, is it that when you sign into something, the application, or site, will add the random string automatically, prior to generating and writing the hash?

@clintmillent Жыл бұрын

How do you create a hash?

@richardvanpuymbrouck8297 Жыл бұрын

Long length and rainbow passwords is what I trust

@galloe 8 ай бұрын

What's a rainbow password?

@michaelchigozieobiukwu4044 Жыл бұрын

How do you do passowrd hash for encription

@devinrobertson5251 5 ай бұрын

Question. Lets say person A has the password, "password". And person B has the same exact password. Would both A and B's resulting fingerprint be the same exach hash string?

@devinrobertson5251 5 ай бұрын

Okay further in the video. Using the same algorithm, it ends up being the same hash. So what if you use a different algorithm? Of course it would be different. So is it a good idea for many different types of algorithms to be common to make it even harder for hackers? Or is the Sha one you mentioned the most common?

@tatertotbot Жыл бұрын

So is brute-forcing generally done after a hacker gets the password hash?

@cvpherhack3r819 9 ай бұрын

generally they try to brute force with accquired hashed via a breach of some sort and they can have at it offline. if they try a online attack without the hashes more than likely the account will get locked out after multiple attempts.

@abdullahathar9347 8 ай бұрын

Let's say 2 user use the same passeword ("12345" in this case), once they generate the hash value for their respective passwords, tho being the same, they will still get unique hash values for the same password. So how does adding random data at the end (salting) of the same password even help? Also how can a hacker utilize a hash value, since they are unique for the same password.

@professormesser 8 ай бұрын

The hash values of identical inputs would be the same. The salting provides the additional randomization.

@joannadodo2526 Жыл бұрын

Hi, unfortunately I still don't understand the idea of password file. Can someone explain? why is that for?

@rkb3991 Жыл бұрын

It’s for you to see how it converted a user to a hash that’s it

@KadenBera 7 ай бұрын

My question is if your going to hash your password to not keep it as plain text and then you forget the password, how would you be able to use the hash to get your password again since that would be the reason for writing it down?

@bwah9481 7 ай бұрын

You don't. We set a new password. It's not meant to be retrieved in plaintext ever again. The server hashes the password you're trying to log in with and checks for a match with the hashed password stored.

@MrBdc2013 Жыл бұрын

tells us not to click suspicious links I immediately check out the link he spoke of and put my email in.

@trickwheel Жыл бұрын

So I have a question. If you are storing the password, it is so you don't forget it. If you hash the password and store it but can't reverse the hash. How do you retrieve the password for use later?

@professormesser Жыл бұрын

You don't retrieve the password for use later. That's the point of using the hash as a storage mechanism for passwords.

@trickwheel Жыл бұрын

@@professormesser so not physical storage like a password manager? Storage like cpu use or memory?

@jenkaigaming Жыл бұрын

@@trickwheel to my knowledge, I don't think you hash them yourself. Windows hashes your passwords and saves it. When you enter your password to login, it compares that has to the saved hash, if it matches, then it lets you login. You should use a password vault to remember passwords.

@trickwheel Жыл бұрын

@@jenkaigaming thank you. That makes more sense. I was thinking in simplistic terms of storing a password. Brain fart. 😆