Відео

the best Kerberos explanation on the web

Thanks, I’m studying for the OSCP right now and watching this to confirm my understanding is correct.

Excellent overview of the vulnerability. Thanks for sharing!

Thank you so much for the video! Very well explained subscribed!! :>

ort forwarding or tunneling can be used by attackers to bypass network restrictions. Imagine an attacker, a target system, and a firewall that blocks incoming connections by default. The attacker needs to establish a reverse shell on the target, which listens on a specific port, say 9966. This listener forwards the data it receives to another port, say 5985. The attacker then directs all their traffic to port 5985 through the tunnel set up on port 9966, effectively bypassing the firewall's restrictions. Am I right?

Great video! Thank you so much for sharing.

Hey, is this project still maintained? Can you provide the .exe maybe ?

masterclass

Dude i already be on the O drive and can see all the files but how can i execute shell comands ?

One Quick Question Step 6: SQL server also read session key so does that mean SQL server has User J smith account password or NTLM has of J smit account's password

Legend

Are you still going to do a video covering AD permissions?

How about meterpreter > kiwi ? How can I force the popup of the commandline after I execute the command kiwi_cmd "misc::cmd" ?

This was useful thank you

Amazing video! Thank you!

Seeing most of this stuff from PS / Windows perspective whilst only knowing the linux distros and all the common tools really puts a different perspective on this. I had no clue that you could enumerate shares like this! I would be just smashing CME at this haha. Great videos, I hope you come back to making some more!

Thx

Damn, such a good video. Thanks!

Thanks for that amazing explanation. I was reading more about the attack and landed on passing-the-hash.blogspot.com/2014/09/pac-validation-20-minute-rule-and.html. According to the article, if the ticket is more thatn 20 mins old, the service will do a PAC validation and the DC will invalidate the ticket meaning we will not get access. Have you ever faced something like this in your labs?

Wish you'd come back I like watching your write-ups but what I really appreciate is you explaining modern and relevant attacks, few channels and peoples really explain attacks and exploits like you do. Anyways cheers I hope you're doing well and shooting for the stars.

This method of explanation is brilliant, starting simple so you get a chance to understand the principals first then expand on that. All the other videos I've seen just dive in the deep end and it's too confusing.

Great video. Can you share the code you used in the demo?

Best explanation ever! Thank you so much!

Awesome video. In the line of network adapters on your VM on VMware workstation is your network adapter NAT, Bridged what is the best way to protect the host when doing HTB labs ?

you are a legend

I don't like and subscribe often or leave comments but I thought this video surely needed a bump. You've explained things very well and thoroughly.

Thank you for your videos i really appreciate it, but also if you can for future videos show us how to see and detect them in the logs would be great

awesome for a reverse shell....

Thank you particularly the packet capture at the end! Can you explain the use of the ( kvno ); I see it is 2 for the as-rep ticket enc-part and 4 for as-rep enc-part then later on is 6 for the tgs-rep ticket enc-part?

if i set permission for that user then when i impacket_psexec i cant login to that user

Good

Dude thank you so much. I spent hours trying to understand this process. I felt like I had almost all the parts except a couple steps weren't clicking for me. You made those click. Cheers!

In 30:22 , TGS-REP part. Isn't the session key sent by TGS suppose to be encrypted with the session key that was previously decrypted with the user password (AS-REP)? Instead of encrypting it with user password agn.

No doubt the most compact and helpful video on the whole internet

May I ask one question that I followed the steps and can see admin session using klist, But when I use net use to mount AD's C drive, the username/password is still prompt. Where can I check?

Hey, can you tell me how did you disable everything on the system in order for mimikatz to run, also when I want to run mimikatz.exe it does not let me even though i installed it? can you help me?

Thank you for the Clear Explanation 🙏🙏, one of the best video on Kerberos authentication and practical demonstration through pcap

26:30 AS-REQ is encrypted with the user's password not krbtgt's.. right?

i tested this method but i couldn't access to plain text with hashcat has it another way to access to silver ticket without hash crack?

I see the ticket when I run klist but net use does not work. Tried pushd as well. net use output is "The network name cannot be found." pushd output is: The specified network password is not correct. Same error when I try to dir \\DC\C$ Windows server version is 2019. Firewall is off.

You forgot to mention to enable "advanced features"

Dood

👍👍👍👍👍

@VbScrub - this is the single BEST in-depth explanation and deep dive into Kerberos I've ever seen, and I've read (and watched) **all of them**. I've read the MIT documentation, the Windows & Microsoft documentation, many other Blogs and Guides and videos, and you have single-handedly outclassed them all. Kerberos is an incredibly complex and confusing topic (largely due to the authors of the protocol) that you have broken down and explained step by step of the 5 W's (Where, When, Why, hoW and Who) of modern Kerberos. Thank you so much! Subscribed!

Absolutely FANTASTIC Kerberos explanation, diagrams, AND demo! Kudos to you! I've already watched it twice. MM

why you don't use impacket-getUserSPN? this it any different condition?

Still waiting for your new video

The best!!!!!!!!!!!!!!!!!!!

Is it possible to not worry about the expiration date of the evaluation or do I need to buy one? As I am making a VM that will be saved as an .ova file for local use.

Absolute best description covering this matter. very well done