The Ghost Operator's Signal
Password vaults are the Operator’s allies.
They keep secrets contained.
Versioned.
Secure.
We’ve tested the blades of Passbolt – the open-source team-focused vault.
Vaultwarden is different.
Silent.
Small.
Minimal footprint.
In today’s increasingly digital world, cyber security has become an essential component of business operations. Many business owners and stakeholders may assume that cyber threats only affect large corporations or high-profile companies. However, small and medium-sized businesses are often even more vulnerable, as cyber criminals know they may lack robust security measures. Implementing strong passwords and two-factor authentication (2FA) is a straightforward yet crucial step that can help protect business assets and maintain trust with clients and partners. Here’s why these practices should be a priority for every business owner.
Continue reading “Why Business Owners Need Strong Passwords and Two-Factor Authentication (2FA)”
In today’s digital age, the importance of strong passwords cannot be overstated. With cyber threats on the rise, safeguarding your online accounts with robust passwords is essential. This article delves into the best practices for creating strong passwords and explores how to use and store them securely using various consumer password managers.
Continue reading “Creating Strong Passwords: Best Practices and Secure Storage”
In today’s dynamic business environment, effective password management is crucial to ensure the security of sensitive information. Passbolt, an open-source password manager, provides a robust solution for organizations looking to enhance their credential management practices. We’ll explore the process of importing KDBX and CSV files into Passbolt, helping the transition to a more secure and efficient password management system.
Continue reading “Import Passwords From KDBX Or CSV Files Into Passbolt”
Passbolt is an open-source password manager designed for teams and organizations that prioritize security and privacy. It offers the following features:
Passbolt is trusted by a wide range of organizations, including Fortune 500 companies, the defense industry, universities, and startups, and has received 4,000 stars on GitHub as a seal of approval for its reliable and secure password management. It is also available as a free and open-source solution, with an extensible API for developers.
Continue reading “Install Passbolt Self-Hosted With Podman”We all have secrets. Whether it’s our bank account details, our social media passwords, or our personal information, we don’t want anyone to access them without our permission. But how do we keep our secrets safe in the digital age, where hackers, phishing scams, and data breaches are frequent?
Hashicorp Vault is a popular tool for managing secrets and encryption in cloud environments. It allows us to store, access, and distribute sensitive data securely across different applications and platforms. In this blog post, I will show us how to install Hashicorp Vault on Debian 11 (Bullseye), the latest stable release of the Debian operating system.
Continue reading “How to install Hashicorp Vault on Debian”In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.
In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.
Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!”In this presentation we will crack the password of a general Linux user via SSH in our personal lab. The machine from which we start the attack is a Kali Linux box, and the attacked machine is an ordinary Debian Linux on which a user set a weak password. Unfortunately the security settings are weak on the target host, so we have a great chance for success. We already know the name of the user.
Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!
Continue reading “How to brute force and crack SSH passwords with Hydra? Ethical Hacking in real practice!”I’ve been using the Keepass password vault for years. I don’t remember when I started to keep my secrets in it, but it can be easily a decade ago. Though I always liked Keepass, and its features are strong, times have changed and I looked for something fresher and more elegant. My choice is KeepassXC. Read more to see why!
Continue reading “Password Manager upgrade: I switched to KeepassXC”In 2022 there is no excuse to do not use a reliable password manager. Period!
In the age of passwordless authentication, IoT, smart devices and high speed internet connection data breaches are more common than usual, mostly because of the insecure password usage. Remembering long and difficult passwords is really counter productive but luckily there is the solution: password managers! The era of post-its attached to the display with corporate or private secrets must be over. Even the corporate security starts with the individual level safety. Today’s cyber world demands strong and thorough security considerations even in our personal lives. We have bank account credentials, paid subscriptions and other stored card informations on different websites and mobile devices. So, do YOU use weak or shared passwords? Do you have any default passwords in your devices? Think about it a bit!
Continue reading “Password Manager 101”
Tom's IT Cafe 