I read this last week: WC 08 October 2018

By | October 15, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week.

Articles and news:

A beginners guide to Vulnhub

This is a guide for anyone who has an interested in penetration testing but no experience with it.


5 ways to bypass account lockout in web applications

Where a system locks a user out after several unsuccessful login attempts, this guide outlines some ways that you may be able to defeat this


Domain penetration testing: Using BlookHound, Crackmapexex and Mimikatz to get domain admin

Exploiting Active Directory misconfigurations to get domain admin


A mysterious grey hat is patching people’s outdate Mikrotik routers

A Russian-speaking grey-hat hacker is breaking into people’s MikroTik routers and patching devices so they can’t be abused by cryptojackers, botnet herders, or other cyber-criminals


OSINT gathering: Techniques, automation and visualisation

Bringing together multiple OSINT data points



Tools and tech:

Scout2

Scout2 is a security tool that lets AWS administrators assess their environment’s security posture.


CUPP – Common User Password Profiler

A great tool for building a bespoke password list based on user data you provide.


NNDefaccts

An alternative dataset for Nmap fingerprint script http-default-accounts


CredsLeaker

A tool to pop a PowerShell credentials box that will ask the user to submit their details, before passing them to an external web server


MassScan

A high performance DNS lookup tool