- Видео 4
- Просмотров 832
Brady McLaughlin
Добавлен 4 мар 2024
WebClient Abuse with Shadow Credentials
Sorry I said "um" almost a million times in this recording. Not used to moving so many things from one screen to another and narrating at the same time. I'll work on it :)
This is a demonstration of abusing the WebClient service resulting in shadow credentials being created for a machine account, and eventually the compromise of the machine. The cool thing here is that as long as the machine is running the WebClient service, all we need to escalate privileges on this computer is any domain account. Credit to @alh4zr3d3 for the idea and much of the tradecraft here: x.com/Alh4zr3d/status/1767211616670499154.
Toolset:
netexec (apt)
python3-impacket (apt)
krbrelayx (github.com/dirkjanm/krbrelayx)
P...
This is a demonstration of abusing the WebClient service resulting in shadow credentials being created for a machine account, and eventually the compromise of the machine. The cool thing here is that as long as the machine is running the WebClient service, all we need to escalate privileges on this computer is any domain account. Credit to @alh4zr3d3 for the idea and much of the tradecraft here: x.com/Alh4zr3d/status/1767211616670499154.
Toolset:
netexec (apt)
python3-impacket (apt)
krbrelayx (github.com/dirkjanm/krbrelayx)
P...
Просмотров: 177
Видео
CyberLens (TryHackMe) Walkthrough
Просмотров 5054 месяца назад
This is a video walkthrough of the writeup I made for CyberLabs, the newest Challenge Room on TryHackMe. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/CyberLens (TryHackMe) Writeup/writeup.md Check out CyberLens on TryHackMe: tryhackme.com/r/room/cyberlensp6 Check out the Rhino Security Labs article about this vulnerability here: rhinosecuritylabs.com/application-secur...
Blogger (Proving Grounds Play) Walkthrough
Просмотров 1025 месяцев назад
This is a video walkthrough of the writeup I made for Blogger on OffSec's Proving Grounds platform. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Blogger (Proving Grounds) Writeup/writeup.md Got a slightly better mic placement this time, and remembered to make my terminal font bigger so that text can be seen better in the video. Hopefully next time I can make some clea...
Querier (Hack the Box) Walkthrough
Просмотров 486 месяцев назад
This is a video walkthrough of the writeup I made for Querier on Hack the Box. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Querier (Hack the Box) Writeup/writeup.md Still new to this, so apologies for the audio trailing off at times- I was trying to suppress my noisy keyboard :) Hopefully I'll get better at making these as I record a few more. I'll also definitely be...
nice :)
Very informative video thank you
nice !
thanks
No prob, thanks for watching!
where do I get this powerup.ps1? is that from github?
great video man, how did u learn the basics of this?
Thank you! I discovered TryHackMe early in my IT career and started learning the basics from there. Since then, I've branched out to training from other vendors like TCM Security and OffSec, but I still firmly believe that you could learn all the basics you need from TryHackMe and Google.
@@bradyjmcl is it possible to have a playlist of the basics that you learned? 1. The way that you setup the listener, the tool that you used in the video. 2. A little bit of nmap scan results. What you look for, what is interesting in the output. 3. Your recommendation on reading and basic rooms in tryhackme or any other platform. Your reply would be highly appreciated
@@aminnayani1620 check out ruclips.net/video/3FNYvj2U0HM/видео.htmlsi=cyi5HNkjrG9CCjfk. This is a great (free!) course to get you started, from almost zero to basically functional.
Great work!!
Thanks!