You need to check out public key cryptography and digital signatures. Those are the basics of Fido.
When the private key is bound to a device it is not possible to fake or steal it through conventional methods. Passwords are the weakest link and an easy target for attackers - passkeys basically solve that.
User adoption depends on implementation, but everything is easier than remembering a secure password or using a password manager for most people. There needs to be an easy and secure way to distribute passkeys across devices, and any backup mechanisms may be a weak point. In any case: still better than passwords.
I had a colleague at work years ago who did his Master’s thesis on network scanning. He ran a PoC in the company’s network and had all the printers print hundreds of pages.
We learned that printers suck and that we should always know our payloads and targets 😁
Check out openvas.
https://github.com/greenbone/openvas-scanner
I use Nessus professionally, they are somewhat similar. I can’t decide which one has the worse user interface.
I’m a big fan of hashcat for this use case myself! I route it through WS, however. I like being on the bleeding edge.
Jia Tan is most definitely not a person, just the publicly facing account of a group of people.
What is the trail of crumbs? Just some random email accounts?
This was in a big part a social engineering attack, so you can’t really avoid contact.
Telegram is a security disaster.
And for the full Linux experience do it at the perfect moment, such as when you’re in a lecture or customer presentation!