Michael Spaling leads a team of professionals involved in a wide variety of IT Security work for one of Canada's largest Universities. He has presented on various security topics at a wide range of conferences and user groups including Connect, HuCon, FUEL, CANHEIT and BSides Las Vegas. Michael has a handful of private vulnerability disclosures to his credit, the most notable of which is achieving recognition in the Malwarebytes Hall of Fame.

Topic: What We Learned Sniffing 3 Million Plaintext Passwords

Credential theft is a universal issue which grants attackers a broad range of access which goes beyond traditional exploitation. Despite our best efforts, users continue to fall for elaborate phishing emails by entering their credentials on third party websites. Once entered, the attacker now has access to a victim’s credentials and all associated services and information that go with it.

To address this threat, we found a way to leverage an existing technical investment to enable plain text password sniffing. By looking for a handful of identifiers in network traffic, we have successfully built a tool that not only alerts when someone has entered credentials into an unencrypted web-form but also expires those credentials automatically. This has proved immensely valuable as these credentials will no longer be valid when the attacker attempts to use them.

We encountered a few issues along the way and would like to highlight the benefits to this approach, valuable information gained and people’s reactions when they realized they had fallen victim.