I was waiting for this for a while. I never properly understood Blazor when meeting it in pentests, haven't watched the video yet but I'm sure it will be good.
Ippsec, first of all, always as always, awesome video. i just wanted to remember you that for what you said about you can not do anything with impakcet tools , because you do not have the password or hash of the user, that is not true. you can always use the tgtdeleg trick to extract a valid ticket for the user, and do all trough kerberos from outside the box. in that way is more opsec safe, and you do not need to be dropping a lot of stuff into the box.
Around 15:00 you say that in a red team you'd be changing the expiation date to be 60 seconds ahead of time, how would you go about doing that? I can imagine the code to generate the tokens, but how would you integrate it with burp?
This is a pretty big edge case that doesn't come up that often as tokens generally aren't generated on every request. However, for similar things, I've written a quick HTTP Proxy and pointed my browser at that which would add the header for me. You could have the custom HTTP Proxy then forward to burpsuite but be aware manual interception would cause a time drift.
HI there! im having issues when installing ILSpy on ARM64 VM (VMware Fusion - apple silicon)... someone willing to help? any blog/github (beside the official one) with POC installation/How to run?
Yup that sounds about right, I didn't realize what the abbreviations meant until your comment. Ha. 1. NU (Normal User) -> RSA (Restricted SysAdmin) via Write SPN 2. RSA -> SSA (Super Secret Admin) via Write Loginscript 3. SSA -> Administrator via DCSync
Hi everyone, I’m Arya and I’ve just entered the field of cybersecurity. I’m relatively a beginner. Is it possible for you to give me your email or web address so I can get some guidance from you? I would really appreciate it. Thank you!
I was waiting for this for a while. I never properly understood Blazor when meeting it in pentests, haven't watched the video yet but I'm sure it will be good.
Ippsec, first of all, always as always, awesome video. i just wanted to remember you that for what you said about you can not do anything with impakcet tools , because you do not have the password or hash of the user, that is not true. you can always use the tgtdeleg trick to extract a valid ticket for the user, and do all trough kerberos from outside the box. in that way is more opsec safe, and you do not need to be dropping a lot of stuff into the box.
sweet! thanks for the videos IppSec!
Thanks for all the wonderfull tips
hello ippsec
are you planning to add more boxes to "CPTS prep" or the current playlist is complete? thank you for the walkthrough
Yes - If when doing a video I realize it overlaps with the CPTS I'll likely add it.
great video, thanks \o/
It’s difficult for me to follow the logic on AD system to lareral movement to gain acces as other user
Push!
Hey Ipp, you like Huey Lewis and the News?
Around 15:00 you say that in a red team you'd be changing the expiation date to be 60 seconds ahead of time, how would you go about doing that? I can imagine the code to generate the tokens, but how would you integrate it with burp?
This is a pretty big edge case that doesn't come up that often as tokens generally aren't generated on every request. However, for similar things, I've written a quick HTTP Proxy and pointed my browser at that which would add the header for me.
You could have the custom HTTP Proxy then forward to burpsuite but be aware manual interception would cause a time drift.
@ippsec makes sense. Thanks for explaining and the tips, always loved your content and that you interact with the community
This box stumped me when I was trying to do this. I didn't even get an initial foothold
HI there! im having issues when installing ILSpy on ARM64 VM (VMware Fusion - apple silicon)... someone willing to help? any blog/github (beside the official one) with POC installation/How to run?
there are release .zip files compatible with arm64 shown at 11:53
@@deadlyspud7399 Thanks! but where to find the .zip files compatibles with arm64 its not the problem I need to solve... thanks though
Hey Ipp, let's rap. I promise I won't get political
I'M NOT A BIG FAN OF THE GOVERNMENT
I solved prives using adalanche it was good for acl
So let me get this straight we move from NU - normal user, to RSA - real super admin, to SSA - Secret/super/secure super admin?
Yup that sounds about right, I didn't realize what the abbreviations meant until your comment. Ha.
1. NU (Normal User) -> RSA (Restricted SysAdmin) via Write SPN
2. RSA -> SSA (Super Secret Admin) via Write Loginscript
3. SSA -> Administrator via DCSync
Hi everyone, I’m Arya and I’ve just entered the field of cybersecurity. I’m relatively a beginner. Is it possible for you to give me your email or web address so I can get some guidance from you? I would really appreciate it. Thank you!