Some of the things I've learnt (and remembered and practiced so it's not just theoretical knowledge) over the last fortnight includes:
The PHP passthru
function is a reliable way to get more than just the last line (unlike the "exec" or "system" commands).
Running the command "Rundll32 evil.dll, @DllMain1" is a good way to run malicious code a) without the real filename showing up in task Manager b) when Software Restrictions Policy
is in place and the default setting "All software files except libraries (such as DLLs)" is enforced. However, it looks a bit dodgy when rundll32.exe is running as SYSTEM if you escalate privileges. But probably less suspect than notepad.exe running as SYSTEM.
Laptop displays using TN panels are rubbish. My phone's screen is better than my work laptop (same resolution, but my phone has an IPS-based display). I'm half tempted to use my Nexus 10 to remote desktop in for a higher resolution display. Except typing would be more awkward. And there would be some lag even over a decent wireless connection.
Outlook 2013 (as well as being blue, white and flat) defaults to displaying replies to emails within Outlook (and new emails in a pop out window). I like consistency, and I dislike change, so I've tracked down the annoying setting and put a tick next to it: