CypherCon 2023

Needle in the Hay: A Guide to Discovering Plaintext Credentials in Enterprise Environments

Ben Burkhart


his talk will serve as an overview of some advanced tactics and techniques for discovering the holy grail of confidential data on a pentest: passwords. While the offensive research space has been incredibly fruitful when it comes to complicated attack paths over the last few years, sometimes the old ways are best. And who needs a GPU cracking rig or rainbow tables when you can find PLAINTEXT credentials on an assessment?  Additionally, the tools demonstrated can be equally leveraged by internal teams to audit and remediate the dreaded and never ending growth of attack surface creep when it comes to network file shares and other places for potential cryptographic data exposure. After this talk, you’ll be better equipped and prepared to find plaintext passwords in environments and demonstrate impact to stakeholders.

Importance: Three Things Will Attendees Be Able to Use in Their Jobs After Hearing My Talk:
1) attackers will learn hopefully new tools and techniques for searching out plaintext creds on pentests
2) blue teams and auditors will hopefully learn some new methods for finding and remediating those accessible creds in their environments
3) attendees will hopefully have a greater appreciation of the potential impact of hard-coded creds in scripts stored on SYSVOL

Ben Burkhart


Ben is a pentester and consultant at Black Hills Information Security. Based out of Chicago, IL, Ben has been performing offensive testing and security consulting since 2017. Outside of infosec, Ben enjoys gaming, running, cooking, and caring for his retired racing greyhound Louise.