Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Praetorian Launches Cloud-based Password Cracking Service

Praetorian, an Austin, Texas-based provider of information security solutions, has launched a new cloud-based platform that leverages the computing power of Amazon AWS in order to crack password hashes in a simple fashion.

Praetorian, an Austin, Texas-based provider of information security solutions, has launched a new cloud-based platform that leverages the computing power of Amazon AWS in order to crack password hashes in a simple fashion.

Online at PWAudit.com, the service provides organizations with reports that measure password strength and policy effectiveness to identify potential risks stemming from weak passwords.

“With the click of a button, users can spin up multiple Amazon AWS EC2 instances, with GPU support, to efficiently scale users’ password cracking needs,” the company explained in an announcement.

Password Cracking ToolThe cloud-based password cracking service also offers hash management features, such as hash type auto-detection, multi-file upload, and drag-and-drop support, and supports popular hash types, including LM-NT2, MD5, MSCACHE, MS SQL 05, MYSQLSHA1, SHA1, SHA256, SHA512, ORACLE, ORACLE11G, and DES.

Furthermore, PWAudit.com’s context-based wordlist generator lets users to create custom wordlists based on information specific to their organization, such as city, state, zip, and web domain.

PWAudit.com also provides access to over 15 GB of prebuilt wordlists and 9 TB of rainbow tables, the company said.

“Throughout my career, I cannot count the number of times that a site-wide compromise of a client’s environment started with a weak, default or re-used password,” said Joshua Abraham, director of professional services at Praetorian. “Our team has built a solution that addresses these problems by enabling organizations to proactively test their security posture by identifying weak passwords throughout their environment in an ongoing manner.” 

PWAudit.com offers interactive reporting which shows users a breakdown of various password types that have been cracked and alerts them to high-risk issues and weak passwords that should to be addressed immediately. 

“Passwords are often the frontline of digital defense, but also the weakest link,” Paul Jauregui, vice president of marketing at Praetorian,  said. “Password auditing helps organizations demonstrate and manage the inherit risk associated with password-based user authentication.”

The company said that AWS credentials, hash files, cracked passwords, and all other user data are encrypted and stored using security industry best practices, though no specifics on the company’s security practices, or the level and method of encryption used, was provided.

Praetorian is offering the platform free of charge during a beta, but users will stay have to pay Amazon for their AWS usage. According to the company, the estimated cost for PWAudit usage on AWS with GPU support is $2. 20 / hr / GPU.

The service is similar to others such as CloudCracker, a platform built by security researcher Moxie Marlinspike in February 2012.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...