I read this last week: WC 08 October 2018

By | October 15, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week.

Articles and news:

A beginners guide to Vulnhub

This is a guide for anyone who has an interested in penetration testing but no experience with it.

5 ways to bypass account lockout in web applications

Where a system locks a user out after several unsuccessful login attempts, this guide outlines some ways that you may be able to defeat this

Domain penetration testing: Using BlookHound, Crackmapexex and Mimikatz to get domain admin

Exploiting Active Directory misconfigurations to get domain admin

A mysterious grey hat is patching people’s outdate Mikrotik routers

A Russian-speaking grey-hat hacker is breaking into people’s MikroTik routers and patching devices so they can’t be abused by cryptojackers, botnet herders, or other cyber-criminals

OSINT gathering: Techniques, automation and visualisation

Bringing together multiple OSINT data points

Tools and tech:


Scout2 is a security tool that lets AWS administrators assess their environment’s security posture.

CUPP – Common User Password Profiler

A great tool for building a bespoke password list based on user data you provide.


An alternative dataset for Nmap fingerprint script http-default-accounts


A tool to pop a PowerShell credentials box that will ask the user to submit their details, before passing them to an external web server


A high performance DNS lookup tool