Ace the OSEP Exam with Sliver Framework
HTML-код
- Опубликовано: 18 сен 2024
- www.bishopfox.com - Penetration testers are perpetual learners, constantly adapting and evolving. To excel in ethical hacking, one must master the art of emulating adversarial tactics in the most cutting-edge ways. Offensive security certifications serve as a testament to an ethical hacker's expertise, but with countless options and complex exams, how does one succeed?
Tune in to learn how our senior security expert, Jon Guild, set himself up for success to pass the esteemed OSEP exam. Listen in to hear Jon’s first-hand experience using Bishop Fox’s Sliver C2 framework to practice pivoting, enumeration, lateral movement, and escalation in an ideal vulnerable lab environment. Jon will offer actionable tips and tricks to enhance your own preparedness for offensive security certification exams.
Don't miss out on this opportunity to excel in the world of penetration testing. During this livestream, our senior security expert will share expertise on:
• Using Sliver to prepare for and pass the OSEP exam
• Developing and refining technical methodologies for exam success
• Soft skills to make the most of study sessions and exam preparation
#cybersecurity #penetrationtesting #hacking
I just wanted to say thanks very much. Currently studying OSEP, which is an incredible course. I was trying to decide which framework to use for the extra mile exercise and you have definitely swung it for Sliver.
Just wanted to say this was excellent. Please more of this content.
That's the plan! Are there any kind of trainings you are specifically seeking?
@@Bishopfox That's great. To be honest John's stream was amazing but the Sliver stuff didn't start until 45mins in then finished just over an hour but I realise that's because it was due to the exam focus. I was glued to it from that moment on and learning about AV evasion, any character limits Sliver has and how to avoid the double hop with Rubeus was quality material. If he did an hour purely on moving around with Sliver so we can pick up tips and tricks it would be really fantastic.
@@DavidKennedy- That's an interesting idea. Happy to pass it along, and thank you again for watching.
I agree it would be nice to see more about working with sliver. I do like sliver a lot. I used it doing the CRTP from altered security and used it for the lab. It was fun.
More more more. John has a fantastic talent at explaining things!
Definitely more to come!
This is awesome, ive got my exam scheduled and will be using sliver!
Let us know what happens - and good luck!
Only partway through, but it was so crazy, I was just reading a post by RastMouse before I came here to learn more about using Sliver with C2 BOFs :)
Great work! Btw it looks like CME was exporting the AS-REP user hash as AES-256 as the hash encryption type is tgs$18$ so you wouldn’t likely crack it.
Kerbrute is requesting the hash as tgs$23$ which is the older RC4 encryption and much weaker/faster to crack.
From Jon:
That is interesting! Really appreciate your input here and thanks for sharing with me. When I was prepping for it, I did use CME but you’re right and I mentioned it - the hash didn't crack but I didn't dig into why. I moved along to a different tool. From an OPSEC standpoint, we wouldn't want to draw too much attention to our activities on a network so CME requests the hash as AES-256 which makes sense. From an exam standpoint and CTF/etc, kerbrute's Rc4 encryption is preferred.
Amazing content, this is a blessing! Thank you so much!
Thx for this ! this is exactly what i needed sir !
Hey there awesome video!
What is the terminal you are using??? Or theme I like those icons
Excellent video. Thanks for posting. Could you provide the HTB link for the double hop explanation as shown @52:11 into the video? I am subscribed Thanks.
What is the terminal you are using??? Or theme I like those icons
Is about OSCP or OSEP? Bcs, we see "OSEP" in title but video content targeted OSCP. Am I wrong?
From Jon: The content is for OSEP. OffSec has updated their OSCP content to include Active Directory attacks, but at a basic level. OSEP dives deeper into AD attacks and discusses AV evasion as well.
Thank you for information. Regards,@@Bishopfox
Yes you are, this has nothing to do with OSCP
is there any discord channel where we can interact with the development team?
Absolutely! We'd love to have you over at discord.gg/redsec