A listing of some cool looking security tools. In particular, I think that PWDumpX could be an interesting one.
I've not had a chance to play with it yet, but it seems to me that the implication of it is that in an enterprise environment, if you have access to a local admin set of credentials (which depending on how your company manages local admin accounts may be pretty easy) or if your domain account has local admin, you could use this tool to dump the domain credentials of any user by running this against the machine that they're logged in to. Of course, once you've got the credentials you need to decrypt them, but then, that's what rainbow tables are for!
If it works like that it's actually a pretty sneaky attack, definitely one to test.
