These are some interesting web attacks that I have either found, read about or theorized. They should all work in practice. 1. Unicode Transliteration (Best-Fit Mapping) Unicode transliteration is the … »
There seems to be a common misconception that you cannot Pass-The-Hash (a NTLM hash) to create a Remote Desktop Connection to a Windows workstation or server. This is untrue. Starting … »
I wanted to provide a quick overview on Windows credential management in relation to penetration testing, why passwords are not always stored in memory and the Double Hop problem. Windows … »