Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week.

BY PATRICK SHEEHAN After doing offensive cyber security for over a year now, I continue to express shock every time a password spray [taking a list of known user accounts and attempting to log in with a small list of potential passwords] succeeds with passwords like Spring2021 or Covid19. And a more seasoned colleague of mine always responded with the phrase “security isn’t convenient.” He is spot-on, but I believe it’s bigger than that. Being healthy isn’t convenient either.

macOS ESF playground, Azure privesc via service principles, Java gadget finding, malicious Azure AD OAuth2, and more!

BY KIM CANGELOSI With data breaches and cyber-crime continuing to increase and advance, cybersecurity jobs and careers are on the rise. As part of SixGen’s mission we provide world-class teams of operators and engineers to defeat global challenges. We are always looking for new talent and have some tips and tricks to help you and your skillsets stand out. Certifications Not every job requires certification(s), however they are a bonus when looking for a new job in the cyber i