Комментарии:
@david what did the sysadmin did wrong in the installation of xammp?
ОтветитьMuy bueno!
ОтветитьWOW, very nicely done
Ответитьawesome presentation and demo. David and Remi
ОтветитьHi David. I find your videos very informational, and this one is so far "the best." Thanks for interviewing one of my country men. This presentation scares me :( Am for sure going to make a call to Remi
ОтветитьBetter to roll your own LSASS dumper.
ОтветитьThanks David & Remi, this is probably the best demo on AD hacking, I will watch this repeatedly until I get good grasp of AD hacking.
ОтветитьThanks David for a great channel. From Cyber security, hacking, pen testing, networking … all in one. Also thanks to Remi for the excellent demo
ОтветитьGreat stuff. Thanks @David for make this happen. I need to re-watch and take more notes. Thank you!!
ОтветитьGood piece of information, it gives us great tips to protect ADs. Bring him for more topics maybe exploiting some Cloud IAMs (Azure AD, Okta etc)
ОтветитьAmazing video and demo! One of the best explanations on Golden Ticket exploitation I've seen. Thanks
ОтветитьSheesh David, I appreciate the questions but who in their right mind would be attempting to pentest Windows without knowing the difference between Domain Admin and Local Admin.. lol. Sorry, I just feel like that kind of slows down the pace of the video.
GREAT video!!! Thank you for the content.
if I wasn't broke I'd tip this video but doesn't look like you would need it 🤑
ОтветитьI watched this video and immediately went and checked like 20 files on various systems. LOL. Good wake-up for anyone that might not be thinking about these attacks.
Ответитьsophos antivirus always in the way brothers
ОтветитьWhat a great video! Super interesting!
ОтветитьThank you very much for this sir.
ОтветитьIt's time to start renaming the Guest accounts to Jeff
ОтветитьMimikatz doesn’t work well on client machine without full privileges!
ОтветитьHow do we get these simulated labs to practice
ОтветитьBrilliant video, and brilliant explanations all round. Just out of curiosity if a golden ticket file did fall into the wrong hands, would it be traceable to whoever created it?
ОтветитьThis vid is brilliant, Remy explained things so well and David you asked the questions popping right into my mind. Great job! Thanks!
ОтветитьEye opening video... Didn't know there is so many open holes in the active directory
Ответитьawesome sauce. Thank you!
ОтветитьReally amazing
ОтветитьAwesome Video, I'd love to see more like this!!
ОтветитьVery indepth and intriguing video. I'd like to see Remy provide more explanations to OffSec practices and again, with he explanations.
ОтветитьWhat about caylx institute for isp?
ОтветитьHigh valuable content. Looking forward for more stuff like this. Thank you 👍
ОтветитьGOLDEN TICKET of an explanation Remi was amazing
ОтветитьGood stuff David - inside the mind of Remi ;)
ОтветитьBut you also need to tell people that pentesting AD environments is not that easy, it involves so much more than that, this is a very basic pentest that u can only find in CTF machine and very rare to see in a real life environments.
ОтветитьThis vid is a gem, and Remi is a breath of fresh air. Great explains along the way, but not too much to put off viewers with reasonable knowledge in some areas. More id definitely required from you guys if possible. Never change Remi, people who work with you must love it!!
ОтветитьGreat video.
ОтветитьThank you so much this is the video I have always been wanted the full pentest from initial access to lateral movement, escalation and persistence. Pretty much the whole package. Great stuff.
ОтветитьAmazing, I have been sysadmin for a long time, this is scary stuff, I did notice antivirus was not enabled and would also need to be bypassed before mimikatz could be run, but as in all things that's a whole other video that probably should not see the light of day 😂
ОтветитьAwesome video
ОтветитьGreat demo! Very informative for system administrators on things to look out for in the environment.
ОтветитьThe Kerberos ticket lifetime of 10 years explains some weirdness I encountered at work recently where the Kerberos ticked had expired for some accounts.
ОтветитьIf you penetrate a system and gain domain admin right - change the background image on every account with a nice little message.
Ответитьnice but that powershell command can't work in my laptop even i did everthing as he did
Ответить@Rational Bushcraft I don't see a link to the commands either.
ОтветитьHello, hope you are doing good, please where is the command lines github page or source as you said before the start of the penstest, thank YOU.
ОтветитьRight
Ответить"muh names jeff" LMAO
ОтветитьReally great video and full of good information. I appreciate you both for taking the time to explain this and upload this video, thank you !!!
ОтветитьI have a question- Agreed that user credentials were stolen and rdp is being used now. But how do we get into the network? Unless we get into the corp network there is no way rdp would work. Or am I missing something?
Ответить"my name is Jeff" 🤣
this tutorial was amazing. So how do you protect against these attacks? solution?