Resources

Tools

  • Mercury v2.2.1 – labs.mwrinfosecurity.com
    Well, ToolsWatch broke the news: after nearly 18 months, thousands of downloads, countless hours of R&D and loads of feedback from the community, we are sad to be waving goodbye to Mercury and its awesome (if somewhat maligned) logo.

Techniques

  • Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit – article.gmane.org
    I’m quite proud of this list cycle trick, here’s how to turn it into an arbitrary write.
  • EasyDA – Easy Windows Domain Access Script – nccgroup.com
    For people who regularly conduct internal penetration tests on Windows domains, typically you will see common issues arise such as common passwords.
  • Using Nessus to Audit VMware vSphereConfigurations – blog.gdssecurity.com
    Nessus has the ability to run compliance checking scripts for many different services and servers, and is a great resource for aligning a server with “best practice” server hardening guides, such as those released by the Center for Internet Security (CIS). Recently VMware officially released the vSphere 5.1 Hardening Guide, for which Tenable have then released Nessus compliance scripts to check for the recommended configurations.
  • Using Mimikatz Alpha or Getting Clear Text Passwords with a Microsoft Tool – room362.com
    Mimikatz is now built into Metasploit’s meterpreter, you can do load mimikatz from the meterpreter prompt, but if you don’t want to go through the hassle of dealing with AV, reverse or bind payloads, meterpreter binaries, and you have clear text credentials for an admin, you can just use Mimikatz’s alpha release that allows you to run Mimikatz on your machine against a process memory dump of LSASS.
  • Part 3: Quick and Useful Tricks for Analyzing Binaries for Pen Testers – pen-testing.sans.org
    In the first part of this series, I discussed analyzing binary files and looking for hints about their communications streams.

Other News