filmov
tv
OSCP Prep | Try Harder Vlog #2: Active Directory Crash Course
Показать описание
Patreon:
This isn't your typical Patreon. Patreons form a moving, active CTF group. All you need is the will to work and apply yourself.
0:00 The POWAH of External Accountability
2:52 Beginning Active from HackTheBox (Some SMBClient life lessons)
5:13 Explaining the output of smbclient -L.
7:04 What is anonymous login? Basically, its the norm in large environments and not a misconfiguration, in spite of what you might think.
19:55 The Final Command before Initial Access; click here to avoid seeing me struggle with SMBClient. Its been a while, don't judge me, yo.
20:32 Blurting out everything I can about AD in 20 minutes
24:09 Doing an awesome job explaining Kerberoasting. The best defense is a complex password.
24:48 Short vouch for impacket. Be familiar with impacket, it is your sword.
26:45 You don't have to click this timestamp, I got you bro: Pass the hash = Logging in with a hash instead of a password. Done. Move on.
27:20 The dangers of using NTLM (username/password authentication) on large networks. Bottom line: Don't!
28:36 Don't listen to what I'm saying here about mimikatz. Get local administrator privileges on your target first before running it. Mimikatz will run without elevated privileges, but its pretty much useless.
30:00 Doing a stellar job at explaining Golden Tickets/Silver Tickets.
35:15 Reluctantly giving Offensive Security props and then more OSCP coaching.
This isn't your typical Patreon. Patreons form a moving, active CTF group. All you need is the will to work and apply yourself.
0:00 The POWAH of External Accountability
2:52 Beginning Active from HackTheBox (Some SMBClient life lessons)
5:13 Explaining the output of smbclient -L.
7:04 What is anonymous login? Basically, its the norm in large environments and not a misconfiguration, in spite of what you might think.
19:55 The Final Command before Initial Access; click here to avoid seeing me struggle with SMBClient. Its been a while, don't judge me, yo.
20:32 Blurting out everything I can about AD in 20 minutes
24:09 Doing an awesome job explaining Kerberoasting. The best defense is a complex password.
24:48 Short vouch for impacket. Be familiar with impacket, it is your sword.
26:45 You don't have to click this timestamp, I got you bro: Pass the hash = Logging in with a hash instead of a password. Done. Move on.
27:20 The dangers of using NTLM (username/password authentication) on large networks. Bottom line: Don't!
28:36 Don't listen to what I'm saying here about mimikatz. Get local administrator privileges on your target first before running it. Mimikatz will run without elevated privileges, but its pretty much useless.
30:00 Doing a stellar job at explaining Golden Tickets/Silver Tickets.
35:15 Reluctantly giving Offensive Security props and then more OSCP coaching.
0:03:25
0:00:38
1:00:32
0:41:13
0:01:01
0:27:03
0:25:47
0:14:38
0:14:05
0:03:26
0:00:28
0:00:30
0:28:05
0:09:07
0:01:00
0:04:38
0:01:31
0:00:11
0:17:20
0:00:47
0:11:02
0:24:53
0:37:46
1:57:02