Password Audits
& Recovery Services

Cracked 99.8% of 260,000 password hashes. Passwords complied with documented policies, but policies didn't prevent major trends and predictable user behavior. Identified administrators abusing privileges to reuse passwords, evading password history controls.

Impact: Unprecedented visibility into the risks posed by weak passwords and abusive administrator habits

A firm was processing thousands of password-protected Microsoft Office and PDF documents for eDiscovery. After commercial password cracking software proved ineffective, they engaged KoreLogic's PRS. We accomplished more in days than they had managed in months.

Impact: Urgent legal deadlines met, thousands of documents processed, and a significant number of recoveries made

Leveraged PRS to understand user compliance and satisfy audit requirements. A majority (84%) of the organization's 11,000 user passwords were recovered in 24 hours, leading to intense discussions and a complete revamp of their security policies.

Impact: Enterprise-wide security policy transformation and compliance achievement

A couple ran a small business together; the husband did all bookkeeping and kept business/personal financial account information in an encrypted spreadsheet. When he passed away suddenly, his wife couldn't access the credentials needed to log into any of their accounts. We decrypted the spreadsheet, saving her substantial effort and immeasurable frustration.

Impact: Critical recovery during a life-altering tragedy

Recovered encrypted files from a CD used by a former employee of an acquired company. When standard techniques fell short, our team reverse-engineered the proprietary encryption to recover the files.

Impact: Important acquisition data recovered through reverse-engineering and cryptanalysis

A private citizen being audited by the IRS urgently needed access to a pair of password-protected PDF files containing audit-relevant information. After unsuccessful attempts to recall/guess/recover the passwords, the individual engaged KoreLogic's PRS. We recovered the passwords in a fraction of a compute hour (mere minutes).

Impact: Urgent need met during stressful period

Business units under tight deadlines to identify and register all production macros were hindered by protections previously placed on production workbooks, worksheets, and macros. We adapted PRS to create the Macro Recovery Service (MRS) and deployed it as a self-serve web portal within the client's environment.

Impact: Deadlines met while maximizing recoveries and preserving file integrity across the enterprise

During black-box security testing of a peripheral device, we hypothesized a brute force attack against its 128-bit AES-encrypted wireless protocol. After creating/deploying a custom attack program on our distributed cracking grid, we confirmed the cryptosystem, as implemented, was broken within two hours.

Impact: Severe global vulnerability disclosed — all devices affected, all traffic decryptable

Provided cracking assistance for an on-going criminal case. As a government contractor, we were privy to few details and had no way to know the impact of our efforts. Approximately two and a half years later, our technical point of contact thanked us writing: "As a side mention, the previous assistance you provided has indeed been a component to helping us identify and catch several elusive bad guys."

Impact: Recovered passwords helped law enforcement advance their case

Provided analytic support to our client who was responding to signs of a breach. Since we recently performed an Active Directory audit, we were in a unique position to take a new snapshot, compare it to the previous snapshot, and look for evidence of compromise. Our differential analysis focused on changed/new/missing accounts and groups. Fortunately, we found nothing that was unexpected or couldn't be explained by the client.

Impact: Critical accounts and group memberships quickly cleared from the investigation