• Mercury v2.2.1 –
    Well, ToolsWatch broke the news: after nearly 18 months, thousands of downloads, countless hours of R&D and loads of feedback from the community, we are sad to be waving goodbye to Mercury and its awesome (if somewhat maligned) logo.


  • Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit –
    I’m quite proud of this list cycle trick, here’s how to turn it into an arbitrary write.
  • EasyDA – Easy Windows Domain Access Script –
    For people who regularly conduct internal penetration tests on Windows domains, typically you will see common issues arise such as common passwords.
  • Using Nessus to Audit VMware vSphereConfigurations –
    Nessus has the ability to run compliance checking scripts for many different services and servers, and is a great resource for aligning a server with “best practice” server hardening guides, such as those released by the Center for Internet Security (CIS). Recently VMware officially released the vSphere 5.1 Hardening Guide, for which Tenable have then released Nessus compliance scripts to check for the recommended configurations.
  • Using Mimikatz Alpha or Getting Clear Text Passwords with a Microsoft Tool –
    Mimikatz is now built into Metasploit’s meterpreter, you can do load mimikatz from the meterpreter prompt, but if you don’t want to go through the hassle of dealing with AV, reverse or bind payloads, meterpreter binaries, and you have clear text credentials for an admin, you can just use Mimikatz’s alpha release that allows you to run Mimikatz on your machine against a process memory dump of LSASS.
  • Part 3: Quick and Useful Tricks for Analyzing Binaries for Pen Testers –
    In the first part of this series, I discussed analyzing binary files and looking for hints about their communications streams.

Other News