Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
This is a guide for anyone who has an interested in penetration testing but no experience with it.
5 ways to bypass account lockout in web applications
Where a system locks a user out after several unsuccessful login attempts, this guide outlines some ways that you may be able to defeat this
Domain penetration testing: Using BlookHound, Crackmapexex and Mimikatz to get domain admin
Exploiting Active Directory misconfigurations to get domain admin
A mysterious grey hat is patching people’s outdate Mikrotik routers
A Russian-speaking grey-hat hacker is breaking into people’s MikroTik routers and patching devices so they can’t be abused by cryptojackers, botnet herders, or other cyber-criminals
OSINT gathering: Techniques, automation and visualisation
Bringing together multiple OSINT data points
Tools and tech:
Scout2 is a security tool that lets AWS administrators assess their environment’s security posture.
CUPP – Common User Password Profiler
A great tool for building a bespoke password list based on user data you provide.
An alternative dataset for Nmap fingerprint script http-default-accounts
A tool to pop a PowerShell credentials box that will ask the user to submit their details, before passing them to an external web server
A high performance DNS lookup tool