Penetration Testing – discussing exploits, vulnerabilities, fixes and tools
Here I will be discussing exploits, vulnerabilities, fixes and tools dedicated to the two areas of personal interest to me within Penetration Testing. Infrastructure and Web Application Testing.
- Networking Pivoting via SSH – Scanning with Nessus Professional behind a Firewall or NAT.
- Searchsploit command line shortcut options -m and -x.
- Self Signed Certificates + Remote Desktop Protocol = MiTM and Creds – This is a problem, don’t ignore it!
- Problems with VirtualBox Guest Additions in Kali – Quick Tip!
- NTLM/NTLMv2 Relaying in Windows with PowerShell and Inveigh!
- Linux Privilege Escalation with Setuid and Nmap
- Creating and mangling custom word lists!
- Setting up a quick DHCP server in Linux with dnsmasq
- Pivoting through SSH with dynamic port forwarding.
- Adding your own or custom exploits to Metasploit! Eternalblue, SambaCry?