Footnotes

Footnotes (1)http://www.irongeek.com/i.php?page=videos/passwordscon2014/target-specific-automateddictionary-generation-matt-marx (2)http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/ (3)http://sparta.secforce.com/ (4)https://www.pentestgeek.com/2014/06/13/hacking-jenkins-servers-with-no-password/ (5)http://download.support.xerox.com/pub/docs/CQ8700/userdocs/anyos/en_GB/ColorQube_8700_8900_Smart_Card_Guide_v2.pdf (6)http://www.irongeek.com/i.php?page=videos/bsidescolumbus2015/offense01-plunder-pillageand-print-the-art-of-leverage-multifunction-printers-during-penetration-testing-deral-heiland (7)http://kb.juniper.net/InfoCenter/index?page=content&id=KB23255 (8)http://arstechnica.com/security/2014/12/worm-exploits-nasty-shellshock-bug-to-commandeernetwork-storage-systems/ (9)https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/ (10)https://reedphish.wordpress.com/2015/01/03/repository-hacking/ (11)https://www.siteground.com/tutorials/git/commands.htm (12)http://www.harmj0y.net/blog/redteaming/domain-trusts-why-you-should-care/ (13)http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx (14)http://www.room362.com/blog/2011/09/06/post-exploitation-command-lists/ (15)https://github.com/rapid7/metasploitframework/blob/master/modules/exploits/windows/local/trusted_service_path.rb (16)http://www.offensive-security.com/metasploit-unleashed/Fun_With_Incognito (17)http://www.darkoperator.com/blog/2011/5/19/metasploit-post-module-smart_hashdump.html (18)http://www.irongeek.com/i.php?page=videos/derbycon3/s106-owning-computers-without-shellaccess-royce-davis (19)https://github.com/VeilFramework/PowerTools/blob/b63f4381f48f68e4802015dc49cfc21c21311d60/PewPewPew/InvokeMassMimikatz.ps1 (20)http://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos (21)https://hashcat.net/misc/postgres-pth/postgres-pth.pdf (22)http://www.defcon.org/images/defcon-21/dc-21-presentations/Milam/DEFCON-21-MilamGetting-The-Goods-With-smbexec-Updated.pdf (23)http://www.rapid7.com/db/modules/auxiliary/admin/smb/psexec_ntdsgrab (24)http://blog.cobaltstrike.com/2013/11/09/schtasks-persistence-with-powershell-one-liners/ (25)http://blog.cobaltstrike.com/2014/05/14/meterpreter-kiwi-extension-golden-ticket-howto/ (26)http://digital-forensics.sans.org/blog/2014/11/24/kerberos-in-the-crosshairs-golden-ticketssilver-tickets-mitm-more (27)https://www.youtube.com/watch?v=RIRQQCM4wz8 (28)http://adsecurity.org/?p=1275 (29)http://windows.microsoft.com/en-us/windows-xp/help/using-stickykeys (30)https://www.jessecole.org/2011/12/03/ssh-password-logging/ (30)https://www.securepla.net/doppelganging-your-ssh-server/ (31)http://hackerwarehouse.com/product/alfa-802-11bgn-long-range-usb-wireless-adapter/ (32)https://bbs.archlinux.org/viewtopic.php?id=51548 (33)http://hashcat.net/wiki/doku.php?id=cracking_wpawpa2 (34)http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup (35)http://www.kb.cert.org/vuls/id/723755 (36)http://www.willhackforsushi.com/?page_id=37 (37)https://github.com/sophron/wifiphisher.git (38)http://hackerwarehouse.com/product/proxmark3-kit/ (39)http://robospatula.blogspot.com/2014/02/how-to-clone-mifare-classic-rfid-nfc-cards.html (40)https://github.com/Proxmark/proxmark3/wiki/commands (41)http://pogostick.net/~pnh/ntpasswd/ (42)http://www.wikihow.com/Reset-a-Lost-Admin-Password-on-Mac-OS-X (43)http://www.raspberrypi.org/products/raspberry-pi-2-model-b/ (44) http://www.harmj0y.net/blog/redteaming/targeted-trojanation/ (45)http://www.trustedsec.com/files/BSIDESLV_Secret_Pentesting_Techniques.pdf (46)http://www.youtube.com/watch?v=8BiOPBsXh0g#t=163 (47)https://isc.sans.edu/forums/diary/No+Wireshark+No+TCPDump+No+Problem/19409/ (48)http://pen-testing.sans.org/blog/category/post-exploitation-2 (49)https://www.kali.org/kali-linux-nethunter/ (50)https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/ (51)https://github.com/trustedsec/meterssh (52)http://www.offensive-security.com/metasploit-unleashed/Pivoting (53)http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot (54)http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/ (55)http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html (56)http://www.offensive-security.com/metasploit-unleashed/Fun_With_Incognito (57)http://www.counterhack.net/talks/Post%20Exploitation%20Redux%20%20Skoudis&StrandSMALL.pdf (58)http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf (59)http://www.immunityinc.com/products/canva