As the title says, I'm looking for hacks, tools, tricks that are suitable for demonstrating to non-professionals. As great as pass-the-hash or a buffer overflow is for professionals, they are unsuitable for explaining security to a person without IT affinity. Here are a few examples of what I am already using:
- MicroJoiner, to quickly and graphically build a "dropper".
- "Stealing" a browser history, which of course contains dirty pages
- Mimikatz to read Minesweeper from memory. This is a thousand times more understandable than a Kerberosticket.
- A small software keylogger
- and of course a Rubber Ducky or Teensys
- Accessing the camera of the alleged victim
The important thing is that the effect is obvious and makes the problem understandable.
What else do you suggest?
[link] [comments]
from hacking: security in practice https://ift.tt/3qHkOgL
Comments
Post a Comment