Resources

  • Forgot your Windows admin password? – ogostick.net
    This is a utility to reset the password of any user that has a valid local account on your Windows system. Finally! A very major release!
  • TrustyCon Videos Available – makehacklearn.org
    You can find the playlist of all of the videos in Al Jigong Billings YouTube channel but He also included the videos embedded here.
  • New Attacks on HTTPS Traffic Reveal Plenty About Your Web Surfing –threatpost.com
    A group of researchers from UC Berkeley, however this week published a paper, that explains new attacks that aid in the analysis of encrypted traffic to learn personal details about the user, right down to possible health issues, financial affairs and even sexual orientation.

Tools

  • CSRFT – github.com
    CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit. A lightweight CSRF Toolkit for easy Proof of concept.

Techniques

  • SSL man-in-the-middle attacks on RDP – labs.portcullis.co.uk
    This post seeks to demonstrate why users learning to ignore those certificate warnings for SSL-based RDP connection could leave them open to Man-in-the-middle (MiTM) attacks. The MiTM attack demonstrated displays keystrokes sent during an RDP session. Portcullis Labs conclude with some advice on how to avoid being the victim of such an attack.
  • Decrypting MSSQL Database Link Server Passwords – netspi.com
    Extracting cleartext credentials from critical systems is always fun. While MSSQL server hashes local SQL credentials in the database, linked server credentials are stored encrypted. And if MSSQL can decrypt them, so can you using the PowerShell script released along with this blog.

Other News