Видео

Thank you for reaching out! You can connect with us through our official website redfoxsec.com. Feel free to drop us a message, and our team will be happy to assist you!

@@redfoxsec is their any telegram contact

We're glad to hear that the video helped you better understand Android pen testing. The filesystem can be tricky, but it's great that you found the explanation clear.

Can I have a reply?

😭😭

Right?! That neck movement was on point! 🔥👌 Glad you noticed it! 😄

Yes, ESC15 is definitely on our radar! It's in our bucket list, and we’re planning to drop a video on it soon. Stay tuned, it's coming! 💪🎥

@@redfoxsec that's great! Looking forward to it

Thank you! We're glad you enjoyed the presentation!

Thanks for your interest! 🙌 Be sure to check out our channel, We've got some great penetration testing videos already up and more coming soon! 🔐💻

Also, it is mentioned that relaying to the same domain controller isn't possible, but what if we try relaying the NTLMv2 hash from DC01 to DC02 ?

@BlackwinghacksBlogspot To get a TGT, a certificate is required, and getting that certificate involves interacting with ADCS. However, if you already have the certificate, you can directly authenticate with the Domain Controller to obtain the TGT.

@BlackwinghacksBlogspot Yes, it is possible to relay the NTLMv2 hash from DC01 to DC02.

@@redfoxsec thanks guys

To test if a parameter is vulnerable to XSS, start by injecting a basic payload like "<script>alert(1)</script>". If the alert pops up in the browser, the parameter is likely vulnerable. To determine the type of XSS: Reflected XSS: The payload is immediately reflected in the response and executed. Stored XSS: The payload is stored on the server and executed later. DOM-based XSS: The vulnerability occurs in the page's JavaScript itself. Tailor your payload based on where the input is reflected (HTML, attributes, or script tags). Keep adjusting based on how the application reacts to find the exact payload that works. It's common for the application to URL-encode characters like < (%3C) and > (%3E) to sanitize input. In such cases, you can try encoding your payload manually. For example, injecting %3Cscript%3Ealert(1)%3C%2Fscript%3E in Burp Suite's request could reveal vulnerabilities if the app decodes and executes it. Additionally, you can manually obfuscate XSS payloads to bypass filters or Web Application Firewalls (WAFs). If manual obfuscation doesn't work, consider using more advanced payloads available on GitHub specifically designed to bypass WAFs. Testing different encoding formats (e.g., URL-encoded, HTML-encoded) may also help expose vulnerabilities. XSS is a broad and complex topic, so we hope this helps answer your questions! In case of any further queries, feel free to ask. Don’t forget to like, share, and subscribe for more content like this.

@@redfoxsec ohkk now I understood thank you so much for such a nice explanation :)

Our mic was having an off day! We'll make sure it gets a pep talk before the next recording!

How can we help you?

Glad it was helpful!

Appreciate it! We'll be sure to keep the dead-air to a minimum-unless it's a super awkward pause for comedic effect! 😄

Only if you can outsmart a fox! Just kidding, freshers are welcome too - just bring your A-game! Please apply through our company website :)

Relaying back to the same machine over the network is patched for all protocols (in your case, CA and DC are the same machines). Hope this helps :).

Thanks so much for the kind words and for the suggestion! We appreciate your support and will look into PXETHIEF!

Well you can do one thing 😉 Install mac on VMware

Yes, it should work.

@@redfoxsec thanks for your answer. I am going to try it this weekend. Are you going to release an iOS pentesting course soon?

Yes, It will be out soon

Ah, the elusive 95%! It's like the secret sauce in a hacking recipe-everyone knows about it, because 90% of the world use Windows operating system

@@redfoxsec got you.

Totally hear you! An English version would be awesome-let’s make it happen!

Thank you so much for your kind words and insightful request! We are thrilled to hear you learned a lot from the video. We truly appreciate your suggestions and will definitely keep them in mind for future content!

It’s like trying to fix a flat tire while driving-sometimes, you just end up with a bigger mess! Rollbacks should be a safety net, but they can be tricky to deploy.

Start by learning the fundamentals of Active Directory using the Microsoft guide- learn.microsoft.com/en-us/training/paths/active-directory-domain-services/ Once you have a good grasp of the basics, move on to understanding AD attacks and the tools used for them. To advance your skills and become an expert, consider enrolling in our Windows Red Teaming Course academy.redfoxsec.com

@@redfoxsec Amazing, team Redfox. I have shared your RUclips references in our org for training our new hires and students.

Thanks for watching :)

Thanks for the feedback. We will try to incorporate this in our process :).

We really appreciate your kind words! Your support means a lot to me!

Thanks for the feedback.

Thanks for your feedback.

@@redfoxsec how are you?