 Cool, thank you very much, and I really appreciate the being here and I really appreciate your time So I'm more than happy to answer any of your questions. I'm looking mostly at the discord channel right now My beard is awesome, and I'm not on the boat, but I wish I was But just kind of I didn't plan this out here, but you got you got respect the beard here. So on more serious questions here Yeah, I guess what can I do to help answer and so mark off it really has very little mass actually in it too It's just multiplication. So if you can do multiplication, there's not even any division so you just look at the probability of we're one letter falling after another letter falling after another letter there and The more letters you have the the higher probability usually is Omen gets a little bit more complicated because they have this idea behind it called levels But that then you do it with some multiplication and you just do addition instead So the the final level the password is the summing all the levels across it And the reason why you want to do that is because that's much faster than trying to do a more traditional Markov attack Like you would see in John Ripper Markov mode But there's a million different ways that you can do Markov So I could talk to you all day about that if we want to just go ahead and get into that Hascat needs to update its Markov ability though because it is probably the of all the algorithms the worst But hash cats really fast so it can get away with that and I know you're just trying to be cheeky about that But I here's a just trying to give you an answer to it because I'm really enjoy it It would be nice the challenge is that the the guest generation port could probably be Extracted out but figuring out what the kind of rule to use is Pretty much single-threaded unfortunately so And that's really what takes all the time is it just trying to figure out which of the rules is currently the most probable In order to run and that's why I take so much memory because it's basically building a Probability queue of all different probabilities. It's going through has a kind of three type of a format there So long story short, I wish I could figure out how to do that But where you're probably better off doing is instead of trying to generate all the guesses in probability order You could actually just go ahead and generate guesses behind a different probability threshold So it's all these guesses that are you know higher probability than this level here And in that case you could absolutely go ahead and multi-thread it for GPU. So I've actually talked to some people about Potentially getting this in a way so that you're not doing probably order But you set that threshold and you could actually run this in the GPU and it's a fact that GPUs have more memory now Means you can start putting the the base grammar inside GPU as well to help us speed that up so And I'm sorry. I should ask answer Respond to question here. Yeah, so the question was that could I run multiple PCFG's at once on multiple different GPUs? so the short answer is a Syriacly yes, but I could definitely use some help in actually coding that up with somebody who's smarter than I am So does anyone else have any questions here or I could just Keep on rambling here, too so One nice thing is being able to run this against the password list that you've already you're currently cracking too Because it does do a pretty good job of stemming that and creating some really interesting input dictionaries for you to be able to use so if you're kind of going ahead and Doing kind of like a fingerprint attack. He's kind of running it around again there It can actually extract some really useful bits for that to keep on launching against the people so since I got like Nine minutes late a left here unless someone else ask a question. Oh ramble away. Okay, so that sounds good here So the question is I guess what I could start talking about is where? password crack PCFG's are kind of going in the future So one of my big goals is I really would like to be able to get incorporated into hash cat I started, you know, brainstorming that quite a while ago That's part of reason also why it uses the compiled C version I wrote it in first place was because a hash cat for some reason does not actually run in place on because it's fast, I guess so That is, you know, ultimately the kind of the end goal for that that effort there is to actually incorporate it into hash cat As a new cracking mode the initial way I'm going to start looking at is actually having it run as a Adam calls it a slow guesser mode, which pretty much defines this exactly So I want to be able to incorporate that as part of the hash cat slow guessing modes that you can add in eventually though, I would like to be able to start going ahead and see whether I can go ahead and paralyze the The way it generates guests is and put into GPU to make it much much faster So there's other options too that potentially like you could Basically do pre What really slows it down is generating all those rules. So in an older version I had actually had the ability to go ahead and pre-compute all those rules and Be able to save those to this so you could actually didn't completely paralyze it if you wanted to as well Because there's no rule generation So that's another thing I could take a look back at there. The problem is that the rules are really fine grained So I almost want to go ahead and in order to reduce the size of You know, the rules on the disc is to make the rules much kind of fatter essentially So each rule would correspond to more password guesses But that's definitely an option that I'm kind of looking at as well It's to make this more feasible to be able to be used So is there such a thing as a random PCFG rule? Are they human readable or well geek readable? So the short answer is yes So if you hit the this kind of status output of when you're running a PCFG cracking session You'll kind of print out the text screen of what the current rule set looks like And it it looks a lot like a hashtag mask actually So it just has a few extra different features onto it there. So you'll say something like like the I use a for alpha string But like a five so, you know, it's generating like a five letter word and I'll have a number next to it saying, you know What the the probable, you know, what the probability or ranking I should say of that five letter word is So it'll say like, you know, the hundred fifty third most probable word or, you know, number one So it'd be the first most probable words that people like password So in that case you can't read it and you can see what the capitalization mode is it'll say like the most common capitalization mode for this year and it'll say like, you know D2 and it'll be like a number after that too. It's like the third most common two letter or two digit number So you can kind of look at that and see what that rule is so because the way that it happens there you could absolutely go ahead and go ahead and create a Random rule for that or you can kind of look at and read what it's actually doing And so you can go back to the grammar and say, okay What is actually the hundred forty third, you know, most probable word and so okay So that's the word that it's using And if the words have the same probability, they'll use just all of them there So there might be like multiple different words that you only saw in the train set Let's say twice so they'd all be used the same probability in that rule it can also create When talking about random passwords some work I did in the past was creating what's called honey words So these are passwords that look like Human passwords and PCFGs are really good for that. So instead trying to create the most probable password You do a random walk Through the grammar and that way, you know one two three five five six is still gonna be very common You're gonna create that much more often than normal But you also create some kind of random looking passwords too and where this is really useful for example Is if you're trying to set out a honeypot server and you want to do like a honeypot actor directory Controller and you don't want to go ahead and mainly create, you know a thousand different passwords for you know different fake users So that way you can go ahead and run that and you create passwords that you know if you glance at it It looks somewhat real, you know, you're still seeing like the really common passwords You might see the company names, you know the most common there But you're still seeing some random other stuff as well so that's definitely some work and Improving upon that is I'd like to be able to create one that Modification that where it has a bias random walk so that way that you can create passwords that look like they all came from the same user But once again are you know somewhat different? So that's definitely an area that's kind of fun to play around with What have you seen in terms of variance between say company one and company two? So that's just a question that was asked and a short answer is I Really haven't seen that and by that. I mean I'm a researcher This is a hobby for me. So almost every single dump that I've worked with has been I would say the public dumps And well, they're definitely our company passwords that you know get pushed out there if you especially if you look for like NTLM but I'm a researcher. So you'd actually have to ask you know someone like you know core logic About that there. So I'm not really good person to answer and that's why I'm always really interested in hearing these talks and talking to people We're actually doing this professionally because they're able to provide me that information there But pretty much all I have from that is secondhand So we're getting to the end here. It looks like there's just a couple more minutes So if anyone has any questions feel free to ask them Otherwise, I really do appreciate you coming in and you're viewing this talk As I said, I'm available on Twitter at a locky W. L. A. K. I W And if you really want to get in touch with me, the best way to do it is submit an issue to the GitLab repo I really that's probably the best way Because I pretty much obsessively tracked that there And I'll definitely try to get back to you But this is something that I find is really fun and I really do appreciate you taking interest into this Cool. Yep, and I'll be on discord for the rest of the weekend, too So if anyone has any questions feel free to pop in there, too