Hello friend 👋
You might have seen in the news this week, LastPass got breached (Source: LastPass). Hackers gained access to their corporate systems and obtained some of their proprietary source code. This will allow hackers to potentially figure out ways to attack the password manager in order to attempt to get access to end-user passwords.
So, if you’re a LastPass user, burn your phone and walk away. I’m kidding. Those passwords stored in your password manager are encrypted with your master password, which only you know (Source: LastPass technical guide).
They’re as safe as the gold in Fort Knox.
However, there are several attacks those bad guys can perform to try and get a hold of your master password, through phishing or malicious Google Chrome extensions. I’d still advise that you keep using your password manager, LastPass or something else. It’s much better to have all your passwords managed by an app than for you to try and remember them.
- passwords should be unique
- passwords should be strong
- passwords should be backed up with 2FA where possible
Everything seems to be fine with the LastPass breach, don’t cancel your subscription. But there’s one thing I’d recommend you do: pay attention to upcoming LastPass app updates. You just don’t know what the hackers will find or what bugs LastPass knew were in their source code that might be exploited down the line.
Stay frosty! 🥶
If there is something you’d like me to write about or make a video on, let me know by simply replying to this email.
Until next week,
Fun Things This Week
📽 My New Videos
The Easiest Way to Learn to Hack: If you want to learn to hack, I highly recommend Hack the Box. It’s a platform that has been very good to me over the years. If you haven’t heard of it or used it, I made a video to give you a quick overview.
The First Hacker Tool You Should Learn: Learning to hack is different for everyone. But one thing is consistent: it’s not linear like many topics. You must take your mind all over the place and loop back again to join the dots. But the first tool you should learn is always: Nmap.
📽 My New Articles
Hack Your Way Into Cyber: Getting into cyber-security is daunting for many. There’s a reason so many people ask me about how you go about it. So I wrote this article. This is a more detailed version of my original RAPIDFIRE guide. Enjoy.
I’ve been dying for the latest episode of Darknet Diaries. Jack must have taken a little break while the big security conferences were on. In his latest episode, he talks with Lisa Forte about insider threats! So grab your favourite drink, and a comfy seat, and tune in for 52 minutes of cyber edutainment (education + entertainment).
I’m working on a new version of my SWITCHFIRE course that is geared toward anyone trying to pivot careers into cyber-security and not just military folk. The current course could work for most people, but the stories and analogies in there are all focused on military people’s experiences. I wouldn’t feel right offering it to the general public.
If you’re keen to take the course, I’d hold off if you’re not in the military. A new version will be coming in a few months that works for everyone! If you are in the military and you’re keen to take the current course, dive on in! Get SWITCHFIRE here ->
👾 Cool Tools
- Rekono combines other hacking tools and their results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications. Rekono includes a Telegram bot that can be used to perform executions easily from anywhere and using any device.
- DNS Reaper is a sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in its arsenal. It can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️