October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
Back To Schedule
Saturday, October 28 • 14:20 - 15:05
The World is Y0ur$: Geolocation-based Wordlist Generation with Wordsmith

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Popular wordlists such as Rockyou and Uniq are great when used with a variety of rules and big hash sets. But what about the hashes that you aren't able to crack? And what about those users with a base word not found in a standard dictionary?

Queue Wordsmith, a tool that creates wordlists that are tailored to the target’s location. We’ve parsed and analyzed several geographic databases to find road names, cities, counties, landmarks, sports teams, and more for regions all around the world. Built using a modular framework and hosted on GitHub, Wordsmith’s database can easily be updated by anyone with a text editor and an interest in geolocation or spatial databases. With data from 249 countries and territories, Wordsmith can bolster typical dictionaries by adding the name of that unique street that a person grew up on, or by appending a region’s postal codes, all so you crack those hard-to-get hashes.

avatar for Sanjiv Kawa

Sanjiv Kawa

Sr. Penetration Tester, PSC/NCC Group
I enjoy searching for creative ways to break into restricted networks and applications. I also like to write tools that automate things or make a life a little easier. Something I’m trying to get better at is binary analysis and exploit development. When my laptop battery dies you... Read More →
avatar for Tom Porter

Tom Porter

Sr. Security Consultant, FusionX
Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for the... Read More →

Saturday October 28, 2017 14:20 - 15:05 MDT
Pine Crest A