An audit report showed that a former employee saved the following files to an external USB drive before the employee's termination date:
• annual_tax_form.pdf
• encrypted_passwords.db
• team_picture.jpg
• contact_list.db
• human_resources.txt
Which of the following could the former employee do to potentially compromise corporate credentials?
Given the files listed, particularly 'encrypted_passwords.db,' the most likely course of action for a former employee to compromise corporate credentials would be to perform an offline brute-force attack. An offline brute-force attack involves the attacker using a tool to try multiple password combinations against the encrypted passwords until the correct one is found. This method does not require online presence, thereby reducing the risk of detection.
A. Perform an offline brute-force attack The former employee, having obtained files such as "encrypted_passwords.db" and "human_resources.txt," could potentially perform an offline brute-force attack on the encrypted passwords. In an offline brute-force attack, the attacker attempts various combinations of passwords against the encrypted file to discover the original passwords. If the encryption is weak or the passwords are not properly hashed and salted, this type of attack could be successful.
Brute-force attacks can take place both offline or online. For an offline attack, the hacker would have access to the encrypted password hashes and try different key without the risk of discovery or interference.
nobody is saying it but i chose b at first . but the f-employee could USE a rainbow table , but i dont think he could create one
absolutely B Rainbow tables are precomputed tables used for reversing cryptographic hash functions, often used in password attacks. The presence of the "encrypted_passwords.db" file suggests that it contains hashed passwords. By using this file to create a rainbow table, the former employee could potentially compromise corporate credentials by quickly cracking hashed passwords and gaining unauthorized access to systems and accounts
Believe the answer is offline brute-force attack.
Perform an offline brute-force attack
A. Perform an offline brute-force attack ,having saved files such as "encrypted_passwords.db,".