Recovering Passwords From Hibernated Windows Machines

Recovering Passwords From Hibernated Windows Machines

A friend of mine recently asked if I could help them by recovering passwords from an old Windows laptop. Nothing nefarious here just a common scenario we’ve all been in before. They hadn’t used the system in quite some time and couldn’t recall the password to log in. Since many of you know, this is a trivial problem to solve provided the laptop is not utilizing disk-level encryption which in my friend’s case it was not. I naturally felt like a white knight and told them to “bring it over to my house I’ll have it unlocked in no time.”
Read More


How To Install Metasploit Framework Ubuntu 14.04

How-to-install-metasploit-framework-ubuntu-14-04

The Metasploit Framework is an integral component to every penetration testers tool-kit. This guide will teach you how to install Metasploit Framework in Ubuntu 14.04. You will also install and configure RVM and Postgres. For additional information and troubleshooting tips please checkout some of the links in the related content section at the bottom of this tutorial.
Read More


How to Install Nmap From Source

How To Install Nmap

Nmap is a network mapping tool used during the Information Gathering phase of a network penetration testing engagement. It is completely free and open source. Click on the following link for more information about the Nmap Project. In this step-by-step tutorial you will learn how to install Nmap from source on an Ubuntu Linux machine.
Read More


Another Lap Around Microsoft LAPS

I recently landed on a client’s network with an implementation of Microsoft LAPS on a few thousand hosts. This blog post will walk through how to identify the users sysadmins delegated to view LAPS passwords, and how to identify the users sysadmins have no idea can view LAPS passwords.
Read More


Credential Harvesting via MiTM – Burp Suite Tutorial

Credential-Harvesting-Via-MiTM-Burp-Suite

In this step by step tutorial we will discuss some of the more advanced use cases for the Burp Suite.  Credential harvesting through Man In The Middle attack vectors can be your saving grace during an otherwise uneventful penetration test.  You can watch a video version of this tutorial Here. This guide is intended to be educational as well as entertaining.  The author does not condone or encourage illegal hacking activities.
Read More


SSL Certificate from letsencrypt.org – Setup Guide

SSL Certificate From letsencrypt.org

I’m sure many of you have heard of the new free service from letsencrypt.org which essentially offers a valid SSL Certificate for everyone. The goal of the project is to run the entire internet over HTTPS without any excuses.

Read More


Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting

Phishing Frenzy: SSL Support on Rails 4

It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.

Read More


How To Use Burp Suite – Web Penetration Testing (Part 2)

Burp Suite Tutorial Part 2

In our last Burp Suite Tutorial we introduced some of the useful features that Burp Suite has to offer when performing a Web Application Penetration Test. In part 2 of this series we will continue to explore how to use Burp Suite including: Validating Scanner Results, Exporting Scanner Reports, Parsing XML Results, Saving a Burp Session and Burp Extensions. Lets get right to it!
Read More


Phishing Frenzy: HTA PowerShell Attacks with BeEF

BeEF HTA Powershell Popup

If you’re not currently using Phishing Frenzy, BeEF, or PowerSploit for your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the “new hotness” attack vectors that every pentester should be using in their next phishing assessment.

Read More


Share This

Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Recent Posts

Free Course

Penetration Testing

Categories

Metasploit

Web Application Hacking

css.php