Видео

First off, all your videos are awesome. You mention in this one that there are a lot of things you can do with the DC system hash, including dcsync. I watched your other video that you recommended in other comments but didn't see a way to utilize these hashes. Could you do a quick video on using these or point to a good reference that explains please?

S TIER CONTENT

This is art. Do you have any advice on office macros in terms of obfuscation like the one you used? Thanks.

Next part?

brian with the bangers as always

This is cool, I love it

Thank you very much for your content, I am really enjoying the way you convey the information and the fact that you make the extra step of showing how to detect these common techniques and toolsets is very eye-opening. A question(or clarification) about detecting Pass-The-Cert attack. The fields of the event we need to effectively detect this attack are the event code, the certificate issuer name and the account name of a user? Additionally, I think we can catch this attack from the Ticket options field revealing the tool used. Thank you again for your effort creating such content of high quality

nice

excellent rundown! keep them coming!

Can you share your experience with the protected process concept RunAsPPl , even Native Dump cant work with it

Another banger, starting out in pentesting/redteaming and ur really helping my methodology man. God bless you

Allways the BEST!!!!

could u do a video on coff loader using it to do a threadless injectio and bypassing defender dont know if itll get flagged but was curious to see how itll pan out

Could you make a video on the updated version

Very fun stuff. My IPv6 Relay attacks stopped working though. Reports that LDAP authentication failed and ldap protocol not found. It also fails when I specify - smb2support What could be the issue? My command looks something like: Python 3 ntlmrelayx.py -6 -t ldaps//192.168.19.150 -wh fakewpad.domain.local -l loot_folder This used to work but not anymore. I've disabled SMB signing and my DC LDAP policy is "none"

loved that meme LOL

Cool, I had same idea two week ago before watch this video and talked to a sysadmin, they were like: "are you saying we need to manually move X users from Y OUs which applied Z group policy into a OU just to stop them from reading LDAP?"

Can you use any part of this technique to hide just one or two users among several others for persistence?

I'm glad I watched this. What privileges did you need to run that .exe and successfully dump lsass? Steps up to that would be flagged easily. Our soc would also see that being run and notify the client.

Thanks!

hello! sorry if this is a dumb question but do i have to be really good with programming to understand/do all of this? i found your channel and i thought it was awesome, but i feel like im missing a lot of foundational knowledge to understand fully. i know i could google it but i feel like it'd be better if i asked, sorry to bother you

Thanks!!

and this kali box is ad joined correct? i have an ad joined win10 system runnung virtual box and trying to use certipy on the vm instance and am gaving issues

Nice video! Just a tip, you should use the PNG feature for BobTheSmuggler. I added that functionality to evade multiple firewalls & DLPs. Hope you like the tool😊

Wow, this is cool. Thank you for sharing

Thank you for your videos. We learned a lot from you, sir.

Thanks 🙏❤️

Can u make a video on how to create phishlists in a convenient way cuz i didn't understand from the main source.

great thanks!

hi. can you make video which firewall software good for windows? how defeat any online working virus without antivirus

You are really good at what you do

As it stands, Python for Excel is supposed to only run on the cloud, so I'm not sure how it can be exploited, but time will tell.

So are the subdomains in the gophish setup supposed to match the subdomains in the evilginx phishlet?

can you please re-upload the project ? it not available anymore

How to uninstall it ? Can anybody help me out?

Thanks for showing how easy it is to use Coercer. Outside of patching, do you have any recommendations for mitigating this attack?

Why do we need to bypass the uac? To run no defender does it require admin right?

how to bypass applocker

Nice one. Too bad you have to be an admin 😅

I appreciate your content bro ❤️🫡, Thanks for sharing such great tips. I Think your next should be PPLkillers and the concept of protected process

Great video. Any tests against other commercial EDRs? Is it only defender oriented?

Then how to bypass credential guard?

This is a great share. I am using it and dumped the RAM, and from it the SAM hashes using volatility3. However, it would be more useful to get the actual NTLM hashes of the AD users, and this is not in the LSA secrets method from volatility3. I thought, that maybe if I carved out somehow the process data from the Lsass.exe that is in the RAM dump it would be possible to analyze it with mimikatz minidump locally. But it just fails. Am I doing something that makes no sense?

seems patched, what do u think? I got this error when I try execute the attack System.Runtime.InteropServices.COMException (0x80070721): A security package specific error occurred

this no longer works, right?

Fantastic! Bravo

Great video !!! Unfortunately Microsoft requirements for Credential Guard are pretty "heavy". For example it will work only on windows Enterprise edition.

Was that from a low-priv user??

This was amazing and I will be using this lol thank you!

As always. This channel is gold. Thanks!