Note: This is a cross-post of a blog entry I wrote for Red Cursor. The original can be found here: https://www.redcursor.com.au/blog/capturing-and-relaying-ntlm-authentication-methods-and-techniques This blog post … »
These are some interesting web attacks that I have either found, read about or theorized. They should all work in practice. 1. Unicode Transliteration (Best-Fit Mapping) Unicode transliteration is the … »
There seems to be a common misconception that you cannot Pass-The-Hash (a NTLM hash) to create a Remote Desktop Connection to a Windows workstation or server. This is untrue. Starting … »
I wanted to provide a quick overview on Windows credential management in relation to penetration testing, why passwords are not always stored in memory and the Double Hop problem. Windows … »