Brady McLaughlin
Brady McLaughlin
  • Видео 5
  • Просмотров 1 889
ADCS ESC15 AKA EKUwu Abuse (CVE-2024-49019)
This is a quick demonstration of abusing ADCS ESC15, also known as EKUwu.
Read the original research blog post written by Justin Bollinger here: trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc
ESC15 Certipy fork: github.com/dru1d-foofus/Certipy/tree/esc15-ekuwu
Timestamps:
00:00 - Background
04:06 - Enumeration with Certipy
04:58 - Exploitation Method #1 (Certificate Request Agent)
09:10 - Exploitation Method #2 (LDAP Shell via Schannel)
Просмотров: 765

Видео

WebClient Abuse with Shadow CredentialsWebClient Abuse with Shadow Credentials
WebClient Abuse with Shadow Credentials
Просмотров 2837 месяцев назад
Sorry I said "um" almost a million times in this recording. Not used to moving so many things from one screen to another and narrating at the same time. I'll work on it :) This is a demonstration of abusing the WebClient service resulting in shadow credentials being created for a machine account, and eventually the compromise of the machine. The cool thing here is that as long as the machine is...
CyberLens (TryHackMe) WalkthroughCyberLens (TryHackMe) Walkthrough
CyberLens (TryHackMe) Walkthrough
Просмотров 6428 месяцев назад
This is a video walkthrough of the writeup I made for CyberLabs, the newest Challenge Room on TryHackMe. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/CyberLens (TryHackMe) Writeup/writeup.md Check out CyberLens on TryHackMe: tryhackme.com/r/room/cyberlensp6 Check out the Rhino Security Labs article about this vulnerability here: rhinosecuritylabs.com/application-secur...
Blogger (Proving Grounds Play) WalkthroughBlogger (Proving Grounds Play) Walkthrough
Blogger (Proving Grounds Play) Walkthrough
Просмотров 1559 месяцев назад
This is a video walkthrough of the writeup I made for Blogger on OffSec's Proving Grounds platform. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Blogger (Proving Grounds) Writeup/writeup.md Got a slightly better mic placement this time, and remembered to make my terminal font bigger so that text can be seen better in the video. Hopefully next time I can make some clea...
Querier (Hack the Box) WalkthroughQuerier (Hack the Box) Walkthrough
Querier (Hack the Box) Walkthrough
Просмотров 5610 месяцев назад
This is a video walkthrough of the writeup I made for Querier on Hack the Box. The full writeup is here: github.com/bradyjmcl/CTF-Writeups/blob/master/Querier (Hack the Box) Writeup/writeup.md Still new to this, so apologies for the audio trailing off at times- I was trying to suppress my noisy keyboard :) Hopefully I'll get better at making these as I record a few more. I'll also definitely be...