Hello World! I’ve successfully broken a YubiKey and locked myself from the accounts, it’s not completely broken it just needs to be reset but what a pain in the backside.
This is why I have my backup key, meaning this is nothing but an inconvenience to me. I was trying to setup my YubiKey with KeePass so id be able demonstrate but didn’t pay enough attention to what I was doing. Oopsie, there is documentation for it setting it up as a master key but I don’t know how viable it is. In the meantime, I disabled the NFC on the key as I don’t currently use it. Well, this won’t be a major issue… I can take all the things I’ve learnt over the last few months from using my key and have an even better configuration this time. Maybe even upgrade my keys.
However, I do want to do two things for people here on AACyber. Demonstrate YubiKeys (Also properly discuss Multi factor authentication) and using keepass2john and hashcat to attack (a poorly configured.) KeePass database.
Lastly, it’s only right I disclose https://ubuntu.com/security/CVE-2022-0725. This is a recent vulnerability found within KeePass; however, it only affects Linux systems. If I can reproduce it on one of my machines then I’ll write about it, but I don’t think I will have much luck. So that’s what is coming, this format I feel is much more engaging with the audience as we aren’t just discussing some app stealing passwords or a google chrome patch, but much more exciting things that we’re all capable of doing.
We also have more to elaborate on KeePass and its abilities, but one step at a time… I’m also looking at getting additional biometric security keys from Feitian for personal use, however I will only talk about YubiKeys as they are the easiest and most accessible security keys currently in the market.
This post caused me some issues for some reason but it should be fixed now.