- The attack all starts with a victim opening a PDF document. The same attack is shown to be possible when viewing a QuickTime video (at the end of the video).
- While some passwords are cracked (very fast), access to the Domain Controller is made possible by 'passing password hashes'. This technique does not require the password to be cracked.
- The attack demonstrated uses a printer server as an internal launch point, which might surprise some people. In this example a new network is discovered.
- It uses Metasploit Framework, which is a powerful tool worth getting to grips with if you want to test systems and networks.
- It uses a tool called 7Seec to scan for credit card details.
Monday, 14 November 2011
This nice demonstration of a penetration test is notable for a few reasons.