7 Minute Security

Hey friends! Today we're dusting off an old mini-series about password cracking in the cloud (check out part 1 and part 2) and sharing some awesome info on building a monster of a cracking rig in AWS! One reason we haven't talked about password cracking in the cloud in a while is because back in winter of 2019 I built baby's first password cracking. Unfortunately, this week, Hashy (the name I gave to the rig) is overheating, and GPUs are impossible to find, so what's a pentester to do? Well, in today's episode I talk about this article from Sevnx which walks you through building a virtual password-cracking beast in the cloud. The article (complemented by a sweet video) will get you running in short order. WARNING: running this instance is super expensive (the author warns the instance would cost ~$9k/month if you left it run continuously). The steps are pretty straightforward, but between reboots I found that hashcat acted all wonky. Luckily, the article addresses that with this great tip: Pro tip: Save the