Cracking encrypted Lastpass vaults

In this post I will go into technical details on what attackers could do with the stolen encrypted vaults, specifically how they could use tools like Hashcat to crack vault passwords and get access to sensitive log-in credentials. To simulate the stolen data, I will use my test Lastpass account to extract an encrypted vault from the Chrome Browser extension on macOS. Following this, I will use a wordlist attack to bruteforce the vault which has a weak and guessiable password....

23 December, 2022 · 5 min · Naz Markuta