Bruteforcing my own Bitwarden vault

📆
🏷
security, bitwarden

Lately I lost the masterkey to my Bitwarden vault. As Bitwarden does not provide a way out of that rabbit hole, losing my masterkey would mean losing all of my data within the vault. Something around 300 entries.

Luckily I had access to the vault on one of my computers as the vault has not been locked there and on my mobile which is using Face ID to unlock my vault. But without my masterkey I was unable to export the entries, so my only choices had been

  1. lose everything
  2. transcribe all entries manually
  3. patch bitwarden Firefox extension so I could bypass the masterkey in order to export the vault

It goes without saying that option #1 is totally unacceptable. Option #2 was nice to have as a backup plan and option #3 was nice to know and something probably worthwhile to follow through someday.

Windows Powershell for purple teams

📆
🏷
security, windows

This is my Powershell Cheat Sheat for purple teams. Starting point for this blog is the excellenct Attacking and defending Active Directory course by Nikhil Mittal and my first machines over at HackTheBox. Feel free to get inspired. This list is also a moving target and will most likely grow with time and experience.

heading for a new destiny?

📆
🏷
blabla

Lately I started thinking about my future and whether I should keep my self employed or if I should finally start working on being either self-employed or start my own company. Yeah, interesting timing in such uncertain economic times but I guess they'll stay uncertain no matter what. As I am starting a new day job mid September I'm going to explore the situation most probably by starting working on public engagements on yeswehack.

Not much going on

📆
🏷
blabla

Wasn't much going on lately. First work kept me busy, then COVID19 came along and with it homeschooling next to having to work. So for me, COVID19 kept me even more busy. Which feels strange because a lot of people seem to have a lot of spare time at their hands. Still I managed to migrate my stuff to a new ESXi machine, upgraded my systems, fiddled with prometheus, telegraf, grafana and rabbitmq, bought myself a new switch and moved from bitbucket to sourcehut.

Oh, and I got myself a nice treat and bought a Huwaei Matebook X which also triggered a move from Xmonad to sdorfehs and a locally patched version of sdorfehs-bar

--EOF

VHL Certified! \o/

📆
🏷
security

Finally certified. Too bad I haven't found the time to tackle the Advanced+ certification but there are enough machines left in the lab and I am pretty sure that I will revisit the lab for the Advanced+ certification, too.

I had a lot of fun in the lab and the guys were quick to respond whenever problems with or questions arised (mind you: not to the individual machines).

I can warm heartedly recommend them. Can't say too much about the Courseware though as I didn't have to rely on it. But the few things I saw seemed to be ok.