Lets say (hypothetically for the sake of this post) that you were able to exploit the system of a Windows domain admin during a pentest. The goal of this attack? Steal the credentials of the domain admin and continue on with owning the domain. Sure, you could use gsecdump, pass-the-hash and do the same thing…however, […]
Finally a use for Incognito Read More »
I saw this post on Hexesec the other day that made me think about all the skill’s that when you put them together could make one kick ass penetration testing team. Note that this is a pretty large list of skills that would be difficult if not impossible for one person to master. However, it
Building the pentest team skillset Read More »
I have seen a couple blogs posts, articles and even the creator of winlockpwn (the hack/script that allows you to bypass Windows authentication through FireWire) saying that this script is nothing more then a “partytrick”… “Wow and amaze your friends by magically unlocking a Windows PC without a password!” While this seems like a fun
Winlockpwn: More then a Partytrick Read More »
