Hello friend 👋
I've been in the Peak District all week, staying in an old barn conversion. It's been great. My daughter took her first rollercoaster ride and went on her first waterslides. She loved it! The cyber landscape has been interesting, to say the least. But a couple of things have really stood out for me this week.
Vanuatu is back to typewriters
A month ago the beautiful archipelago of Vanuatu, just east of Australia, was hit with a cyber-attack. There are 83 islands with a population of over 300,000 in Vanuatu, so it's been a bit of a disruption, to say the least. The government have resorted to using Gmail accounts, personal devices, pen & paper, and even typewriters to operate the Prime Minister's office.
The infection point seems to be...you guessed it...email. According to an analyst working closely with the cybersecurity teams, the malware 'crashed' nearly every single government email and web server. Apparently, there are no cloud storage solutions in play in Vanuatu, everything is kept on local drives.
From what I've read, I'm still not sure if it's ransomware, a wiper or something else. But I'll be keeping an eye on this incident as it's not every day something like this happens.
LastPass breached again!
If you're new here, you might not have seen the archive of these newsletters, but I reported on a previous LastPass breach in August 2022 in issue #004. Only a couple of months later, they've been breached again! The team at LastPass have been incredibly transparent on the whole situation, which is good. It looks like the hackers who compromised their network in August, gleaned some information that allowed them to regain access. The security team over there are going to have to clean the whole house, top to bottom, to make sure that the hackers are kicked out for good this time. In both breaches, LastPass has reported no impact on customer passwords. Which is great for consumers. The crazy part of my mind can't help but wonder if these hacks are part of a bold marketing campaign in the build-up to Christmas or not!
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Fun Things This Week
📽 My New Video
1 Easy Command will Change Metasploit FOREVER: In this introduction to Metasploit, we'll gain access to a victim machine and I'll show you an awesome feature in Metasploit that most people don't know about!
Cyberwire discusses the Cuba ransomware operation earning a staggering $60 million, DDoSes against the Vatican, and Brandon Bailey explains the Space Attack Research and Tactic Analysis (SPARTA) matrix - which is MITRE ATT&CK for space 🚀
Part two of Darknet Diaries' conversation with Gollumfun dropped this week and I'll be giving it a listen on my journey back to Scotland! Just in time for snow next week ☃️
I've ordered a lock pick training set from good old Amazon for an upcoming video on the topic. If you'd like to learn how to pick locks over the holiday season ahead, you can find a link to one in this article I wrote. Plenty of links to share with loved ones in time for Christmas!
👾 Cool Tools
shells is a script for generating common reverse shells quickly and easily. It's really good for PowerShell and Python shells which can be tricky to format correctly.
wwwtree is a utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victim machine during privilege escalation.
pywirt is a blue team tool that uses WinRM and Python to collect information from Windows such as Log Entries, Open Sessions, Registry Control and much more.
If you've written a tool and you'd like me to see it, just drop me an email!
P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️