I perform offline password cracking assessments against your organization's password hashes to show you what percentage of credentials are crackable — and in what timeframe — using the same techniques a motivated attacker with your hash database would employ.
Attack methodology using Hashcat with GPU acceleration: dictionary attacks (rockyou, breach compilations, custom wordlists); rule-based mangling (best64, d3ad0ne, custom rules); hybrid attacks combining dictionary with masks; pure mask attacks for pattern discovery; and combinator attacks.
Deliverables: cracking results by attack type and time elapsed; percentage cracked at 1hr, 6hr, 24hr, 72hr marks; password pattern analysis (top base words, common transformations, length distribution, character set usage); weak password user list (your choice whether names are included); policy gap findings; and concrete password policy recommendations.
Hash types supported: NTLM, NetNTLMv1/v2, MD5, SHA-1, SHA-256, SHA-512, bcrypt, Argon2, PBKDF2, WPA2 PMKIDs, and more. Share hashes in a password-protected ZIP with written authorization. Cracked plaintexts returned at your discretion.