In this technical webinar for network administrators and security engineers, David Maloney discusses weaknesses in password-based authentication on clients and servers and how to audit these as part of a regular security program. Participants will learn about:

  • Password storage systems and password obfuscation
  • Strengths and weaknesses of the various approaches
  • Real-life examples of badly implemented password authentication mechanisms
  • How to audit passwords on your network using Metasploit Pro


David Maloney, Software Engineer, Rapid7

David is a Software Engineer on Rapid7’s Metasploit team, where he is responsible for development of core features for the commercial Metasploit editions. Before Rapid7, he worked as a Security Engineer and Penetration Tester at Time Warner Cable and as an Application Security Specialist for a global insurance company. David has been a long-time community contributor to the Metasploit Framework. He is one of the founders of Hackerspace Charlotte and is an avid locksport enthusiast.

Don't Pick the Lock, Steal the Key - Password Auditing with Metasploit

Rapid7 is committed to respecting your privacy.