You have no idea how incredibly helpful this is - working on OSCP challenge labs and keep thinking back to techniques you use in this series. Find myself coming here before my own notes sometimes. Thank you!
Just finished the roughly 9 hours videos which I enjoyed so much. I wish the OSCP videos were this engaging. You are so talented and I wish you can make more videos. At least once a week. A challenge for you 😀
Derron, this is the first content i came across which really helped for my OSCP prep. Besides zillion of HowTo's, learning platforms, etc. I've felt this is the real deal. The way you explain all the details is amazing and I wanted to express my gratitude and thanks for this. It really helped me understand much better the attack vectors in the AD env. Thank you very much man! THANK YOU!
Dude your ability to talk through what your doing is next level. Super helpful and man I am stealing your box setup that's a great way to organize everything. Well done all around and a huge THANK YOU!
I have zero thm or htb experience and have to take oscp exam so no idea how to start hacking. But these videos including #1, #2 are incredibly helpful. I hope I'll pass it.
Will you do more of these? Understand if not doing OSCP anymore, but perhaps any other hacking vids? I love them. I feel like you would do so well teaching this stuff to beginners, as clearly these are more of an intermediate+ level. You're a natural with the videos and commentary.
@@derronc can't talk about it but your technique methodology help me got my first foothold in. I didn't pass I will sign up for hack the box academy and study on the weak areas. And will still look towards your videos. I will get it next time. 🤙🏾
First thing I have to say is thank you for your videos cause they are amazing, second thing is that I think you can inject macro in doc file directly from kali using minitrue or I think eviloffice (maybe it's useful info for someone)
Great stuff man, my only comment is you should consider using the userpass file options for accounts you already know the passwords for. It will reduce clutter of trying username and password combinations you already know wont work.
Always happy to see these videos come out, I use these to refer some of my team for study purposes, as well as for me to prep for my OSCP coming up soon. Have you made these into an ISO/VM instance for download? would love to have my team try these custom boxes out.
thank you so much, I'm glad you find these helpful and are sharing them with your team 😊 I thought about how best to share the lab with everyone and that's how I ended up deciding on the "How to build..." videos. Unfortunately MSFT licensing doesn't work well with trying to package up the images into an ISO/VM for public consumption
Hey bro you have such an amazing methodologies and your explanations are insane. But can I ask you where did you find those labs you are doing in these videos or you just built them? Also thank you really for this content !!
Hey Derron, great walkthroughs. Question- in terms of the office macro that you created is there a easier way to go about it it seems like a lengthy setup and was curious if there was a pre created office macro template from a resource to work with and tailor if you come across this attack method scenario and want to go this route? Also if you come across the upload function that you play with the extension format in order to upload a reverse shell if certain extension are restricted instead of going the office macros route. Just curious why you didn't explore that further? Ideally I would prefer to avoid the office macro exploit to get an initial foothold just because its potentially adding additional aspects to your attack approach, and having to get into a spun up Windows instance to initiate, when there could be a better more efficient way? Just want to see your thoughts on it?
Hi Derron. I am confused. You ran john with rules 1st, got no hit. Then you ran it again (after editing the video and a short pause) and you got a hit? what changed? The command was the same.
hmmmm, I'm honestly not sure. I may have screwed up the hash and cut that out of the video. it's likely something silly I had to cut out because of a mistake I made. Unless I commented on why it worked the second time I'd just treat it as though it should've worked the first time :)
Once you have a foothold on the ms01, is it necessary to use pivoting techniques? Suppose you can download tools on the compromised box, as an alternative, can you just live off the land?
good question! I suppose you could try and live off the land and do everything from MS01, however it would definitely make things harder and may reduce your efficient use of time on the OSCP. I may take this on as a fun challenge though: see if you can do all of this without pivoting through MS01 😊
Hey bro do you know why he didn't try to use impacket-GetUsersSPNs or impacket-GetNPUsers for kerberoasting and reproasating after obtaining the credentials of the first domain account?
hey derron , can you please share on which year did you passed the oscp ? I'm asking because, in many groups some peoples complains about the dificulty level of oscp has been increased recently . what do you think about that ?
I passed my OSCP back in Sept. of this year. I can't say I'm aware of what the previous versions of the exam difficulty were... but I can say that the OSCP exam for me was pretty difficult. I felt like I was going to fail until the last few hours when I managed to finally break through on the AD set. Once I did I pwned the AD set extremely quickly and that gave me enough points to pass. This is one of the reasons I decided to share my practice lessons on youtube: having the right process/comfort level can be the difference between passing/failing.
sadly, this was a unique problem to my lab environment and recording. I believe the packets were dropped the first time and they shouldn't have been. Ideally the recording would have shown the success from nmap both times, but I decided not to go back and re-record. more just showing the nuances of labs and tools, and it never hurts to re-run scans to confirm results
![[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory](http://i.ytimg.com/vi/MIt-tIjMr08/mqdefault.jpg)
You have no idea how incredibly helpful this is - working on OSCP challenge labs and keep thinking back to techniques you use in this series. Find myself coming here before my own notes sometimes. Thank you!
Just finished the roughly 9 hours videos which I enjoyed so much. I wish the OSCP videos were this engaging.
You are so talented and I wish you can make more videos. At least once a week. A challenge for you 😀
Challenge not accepted 😅😅
@@srijanshrestha6382 Yeah, he disappeared 😑
Derron, this is the first content i came across which really helped for my OSCP prep. Besides zillion of HowTo's, learning platforms, etc. I've felt this is the real deal. The way you explain all the details is amazing and I wanted to express my gratitude and thanks for this. It really helped me understand much better the attack vectors in the AD env. Thank you very much man! THANK YOU!
that is incredibly high praise, thank you so much!! It means a lot and I'm really glad this is helpful for you
Dude your ability to talk through what your doing is next level. Super helpful and man I am stealing your box setup that's a great way to organize everything. Well done all around and a huge THANK YOU!
Very good content as always, can't wait for #4, thank you!
Wow this was insanely helpful! I am much more confident now walking into the exam. Thank you so much again for your time and dedication!
I was unaware of its existence. I am excited to discover what the next instalment in this series will bring.
I have zero thm or htb experience and have to take oscp exam so no idea how to start hacking. But these videos including #1, #2 are incredibly helpful. I hope I'll pass it.
Heeeeyy glad to see another AD path from you!
Superb content as always, thank you!
Suggesting these vids to my OSCP study group. Good work!
This content is awesome man thank you!!I need to build this setup and work through it!!
Thank you so much, awesome and revised many things along with new things learned 🙂 stay blessed,
Will you do more of these? Understand if not doing OSCP anymore, but perhaps any other hacking vids? I love them. I feel like you would do so well teaching this stuff to beginners, as clearly these are more of an intermediate+ level. You're a natural with the videos and commentary.
Thank you for such high praise! 🙏 Life has been keeping me extremely busy this year but I am hoping to create some more content in the near future.
This is gold, Thank you
Thank you, amazing content!
Very helpful content. I take my oscp test in 2 days. The one I struggle is with web foothold. I'm being better though
best of luck on the exam!! 🤞
@@derronc can't talk about it but your technique methodology help me got my first foothold in. I didn't pass I will sign up for hack the box academy and study on the weak areas. And will still look towards your videos. I will get it next time. 🤙🏾
@@johnwright6498how many machines u got
keep up the good work maan!
This is gold!
Brother amazing content keep it brother and try to upload more content like this
fantastic video, awesome :)
First thing I have to say is thank you for your videos cause they are amazing, second thing is that I think you can inject macro in doc file directly from kali using minitrue or I think eviloffice (maybe it's useful info for someone)
good sir, you're a wizard
unbelievable keep going 💪💪🔥🔥
Great stuff man, my only comment is you should consider using the userpass file options for accounts you already know the passwords for. It will reduce clutter of trying username and password combinations you already know wont work.
totally agree! I forgot about the userpass option during the recording. Great call out and thank you for watching!
Great content!
Always happy to see these videos come out, I use these to refer some of my team for study purposes, as well as for me to prep for my OSCP coming up soon. Have you made these into an ISO/VM instance for download? would love to have my team try these custom boxes out.
thank you so much, I'm glad you find these helpful and are sharing them with your team 😊
I thought about how best to share the lab with everyone and that's how I ended up deciding on the "How to build..." videos. Unfortunately MSFT licensing doesn't work well with trying to package up the images into an ISO/VM for public consumption
Hey bro you have such an amazing methodologies and your explanations are insane. But can I ask you where did you find those labs you are doing in these videos or you just built them? Also thank you really for this content !!
Super muper content :)
Hey Derron, great walkthroughs. Question- in terms of the office macro that you created is there a easier way to go about it it seems like a lengthy setup and was curious if there was a pre created office macro template from a resource to work with and tailor if you come across this attack method scenario and want to go this route?
Also if you come across the upload function that you play with the extension format in order to upload a reverse shell if certain extension are restricted instead of going the office macros route. Just curious why you didn't explore that further?
Ideally I would prefer to avoid the office macro exploit to get an initial foothold just because its potentially adding additional aspects to your attack approach, and having to get into a spun up Windows instance to initiate, when there could be a better more efficient way? Just want to see your thoughts on it?
Hi Derron. I am confused. You ran john with rules 1st, got no hit. Then you ran it again (after editing the video and a short pause) and you got a hit? what changed? The command was the same.
hmmmm, I'm honestly not sure. I may have screwed up the hash and cut that out of the video. it's likely something silly I had to cut out because of a mistake I made. Unless I commented on why it worked the second time I'd just treat it as though it should've worked the first time :)
@@derronc Hey, you are alive? lol ... how can I contact you? do you have a website ?
What’s the difference between a $ at the command line vs a % symbol
Once you have a foothold on the ms01, is it necessary to use pivoting techniques?
Suppose you can download tools on the compromised box, as an alternative, can you just live off the land?
good question! I suppose you could try and live off the land and do everything from MS01, however it would definitely make things harder and may reduce your efficient use of time on the OSCP. I may take this on as a fun challenge though: see if you can do all of this without pivoting through MS01 😊
Hey bro do you know why he didn't try to use impacket-GetUsersSPNs or impacket-GetNPUsers for kerberoasting and reproasating after obtaining the credentials of the first domain account?
When are you coming back to making videos? :D
I believe sekurlsa is supposed to be “secure LSA” 😊
hey derron , can you please share on which year did you passed the oscp ? I'm asking because, in many groups some peoples complains about the dificulty level of oscp has been increased recently . what do you think about that ?
I passed my OSCP back in Sept. of this year. I can't say I'm aware of what the previous versions of the exam difficulty were... but I can say that the OSCP exam for me was pretty difficult. I felt like I was going to fail until the last few hours when I managed to finally break through on the AD set. Once I did I pwned the AD set extremely quickly and that gave me enough points to pass. This is one of the reasons I decided to share my practice lessons on youtube: having the right process/comfort level can be the difference between passing/failing.
How to did you set rules to crack that office hash?
Pls more videos
Why can't nmap find port 445 of ms02 the first time, but can find it the second time? Can anyone help me solve this problem?
sadly, this was a unique problem to my lab environment and recording. I believe the packets were dropped the first time and they shouldn't have been. Ideally the recording would have shown the success from nmap both times, but I decided not to go back and re-record. more just showing the nuances of labs and tools, and it never hurts to re-run scans to confirm results
thank's
hi when are u gonna give us a video about how to setting up this lab environment
Thanks for the ping on this :) Life's been super busy with family/work/school but I'm hoping to have it posted this week.
@@derronc I see, alright ty
please more videos
Anyone has Macro code?
Great videos continue !!!