IEEE Security And Privacy Conference 2009: Password Cracking Using Probablistic Context Free Grammars.
The theory, (as well as some of the results), behind my research on probablistic password cracking. The more work I do on this, the more I'm convinced this is the future of password cracking. In a nutshell, this is a way to better represent how people actually create password and then use that knowledge to attack them.
Slides from my Shmoocon 2009 talk Enough with the Insanity - Dictionary Based Rainbow Tables. Basically an overview of how rainbow tables work, their limitations and why dictionary based rainbow tables are really nice.
My PhD. dissertation: "Using Probabilistic Techniques to Aid in Password Cracking Attacks". It represents about three years of work and a whole lot of fun. Chapter 5 is the part that I'm most proud of.