This case is designed to have students perform a cybersecurity penetration test of password strengths at Blue Yarrow Unicorns. Students are provided with over 5,100 usernames, hashed passwords and job unit descriptors of Blue Yarrow's employees. Using a dictionary of nearly 2 million plain text compromised passwords discovered from data breaches of various organizations, students will be required to perform a test of which company passwords are contained in this dictionary by hashing it and combining the words. This test should be relatively easy to perform. Students will then be asked to use their own methods to crack as many additional passwords as possible. This task will be more complex for students. More enterprising students should be able to crack a few additional passwords based on generating simple letter combinations (such as the person's name or job unit description) The most advanced students may even crack more based on generating all possible combinations of letters and characters (the solution does this for up to four characters). Students are required to prepare a memo of their findings and recommendations for the Board of Directors for Blue Yarrow. Solutions are provided in both Alteryx and Python. This case is accompanied with how-to videos for the Alteryx solution.
Suitable courses: Cybersecurity; Accounting information systems; Auditing (external or internal); Fraud; Data analytics