Week 4 Summary

Reading Summary:

The reading focused on the functionality of the msf console. The console allows one to look thru plenty of payload options, exploits, and auxiliary scanners. Scanners can act as port scanners, vulnerability scanners, and more. Programs like mimikatz or the updated kiwi can dump passwords in clear text on Windows machines. The hashdump or run hashdump command can dump LM:NT hashes from memory from Windows machines. One can perform pass the hash attacks through a variety of exploits available. Programs such as karametapsloit is Karma within the metasploit framework which allows attackers to create fake access points, capture passwords, collect data, and perform browser attacks. Also within msf console, one can pivot to other machines that the first compromised machine has access to. Activating the database allows Metasploit to record all information that is collected about target machines in the recon phase of the pen test.

In the News:

Cloud, cyber policy documents trickle out of DoD
http://www.armytimes.com/story/military-tech/cyber/2016/01/29/cloud-cyber-policy-documents-trickle-out-dod/79518898/