Maximize Security with a Complete Password Audit

Find your organization’s problematic passwords before anyone else does.

Weak passwords are often the first foothold an attacker gains within a network environment. A single initial account provides the ability to identify key accounts and groups to target for escalating privileges. A TrustedSec Password Audit provides the visibility necessary to identify these accounts as well as the information required to take corrective action. It can also provide statistics around whether third-party password black-listing may be a viable addition during Active Directory (AD) password creation. Password reuse is also assessed, which identifies accounts that share the same password, as well as users that share the same password between low-privilege and high-privilege accounts.

TrustedSec’s Password Audit provides analysis of AD password hashes and all recovered passwords. Analysis will be performed against the extracted hashes, along with the associated user account settings and the domain Password Policy. The hashes will then be subjected to recovery techniques that employ a combination of rulesets and reversing methodologies in an attempt to recover as many passwords as possible.

However, TrustedSec does not just perform recovery techniques and provide statistics. Active Directory configuration and policies are queried via custom scripts in order to uncover any accounts that may be out of compliance with Group Policy. This analysis includes, but is not limited to, LanMan (LM) hash storage, Password Policy adherence, disabled accounts, and accounts set to not expire.

Additionally, the Password Policy will be analyzed for recommended best practices, with suggestions for modification where applicable. In addition to TrustedSec’s large collection of wordlists, custom lists are also generated based on industry vertical, client locale, and keywords scraped from the client website.