The recent (2022) compromise of Lastpass included email addresses, home addresses, names, and encrypted customer vaults. In this post I will demonstrate how attackers may leverage tools like Hashcat to crack an encrypted vault with a weak password. In this post I will go into technical details on what attackers could do with the stolen encrypted vaults, specifically how they could use tools like H