For me as a sysadmin this video has shown sooooo many things that I will give attention even more in the future and double check and change. Thanks so so much for that awesome and free content.
A Couple of retired machines on Hack The Box are good active directory practice machines with good walk through's if you get stuck 'Hathor' and 'Sekhmet'.
This vid is a gem, and Remi is a breath of fresh air. Great explains along the way, but not too much to put off viewers with reasonable knowledge in some areas. More id definitely required from you guys if possible. Never change Remi, people who work with you must love it!!
I watched this video and immediately went and checked like 20 files on various systems. LOL. Good wake-up for anyone that might not be thinking about these attacks.
best video to overview what is a pentest and how they approach it thank you david for this king of content on youtube we are very happy to see you again with the videos like this :)))
Really great to see this all done. Thanks for the video 🎉 I’m so used to seeing this done with bloodhound etc. it was really refreshing seeing it done this way.
Greater job have been achieved inside this content. David, thanks again for contribution. You always try to provide the best content for your audience. Thanks
Thank you so much this is the video I have always been wanted the full pentest from initial access to lateral movement, escalation and persistence. Pretty much the whole package. Great stuff.
finally i found two hours to watch the video, it was saved in my "watch later" list for 2 months now... awesome video, tried all the stuff directly in my productive Active Directory and was able to undertand it deep dive...
Excellent demo and insightful comments David and Remi. Would be interesting to see how this can be detected by Blue Team members. Maybe something for another video?
Indeed a great video David! I've learned so much in this video and it would such be a greater help if Remy can also demonstrate on how to prevent this kind of attacks and/or persistent attacks from happening again. Like what Remy said that it is not advisable to go and change the password of your krbtgt immediately.. It would really be of great help teaching sysadmins on how to protect they're network environment. I really appreciate this video because a lot of knowledge has been demonstrated by Remy. Kudos to your videos David! Looking forward for a lot more educational and exciting videos regarding offensive security and hopefully for defensive security also. Thank you and God bless!
Hi David. I find your videos very informational, and this one is so far "the best." Thanks for interviewing one of my country men. This presentation scares me :( Am for sure going to make a call to Remi
i love these type of contents , I remember learning and understanding AD and also Group Policy etc. But yes Thank you David, also David you need to do a video and live stream with Ryan Montgomery, idk if youve seen that Ryan Shawn interviewing Ryan Montgomery, but it be awesome if you guys can show some awesome hack techniques or something. but thank you David as always 😁
a real security architect would have SEIM, PAM, PIM and IAM in place, either commercial or opensource, you will never get that easily unless an insider is involved
Get your 10% discount here: www.offsec.com/review/david-pwk-2023/ Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and is a major topic on the OSCP exam. However, OffSec did give me access to Learn One for one year so I could see the course content. This has helped me prepare for the interview. Hopefully I'll be able to make more content covering what is in the PEN 200 course in future :) // GitHub Code // Commands: github.com/davidbombal/Ethical-Hacking/blob/main/Windows%20Pentesting%20with%20OffSec // Documentation // Changes: www.offsec.com/offsec/pen-200-2023/ Course: www.offsec.com/courses/pen-200/ // Offsec // Twitter: twitter.com/offsectraining Website: www.offsec.com/ LinkedIn: www.linkedin.com/company/offsec-training/ // Remi's SOCIAL // LinkedIn: no.linkedin.com/in/remi-solberg-8991b910a // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MENU // 00:00 - Coming up 01:31 - Disclaimer 01:57 - Remi Solberg introduction & background 03:37 - Jump to a timestamp (check in description below) 03:57 - Simulated full-scale penetration test demo // Hacking Windows 05:12 - OffSec Learn One discount! 06:22 - Penetration test demo 09:38 - Documentation & enumeration // Prepping for penetration test 23:25 - Penetration test demo // Accessing users 30:10 - Privilege escalation 37:44 - Using ICACLS (Integrity Access Control Access List) 43:59 - Privilege escalation (continued) 52:14 - Getting around obstacles // Social engineering 53:23 - Privilege escalation (continued) 57:19 - Stealing credentials 59:11 - Using Mimikatz tool // Kerberos and NTLM Authentication (theory) 01:07:33 - Mimikatz tool demo 01:06:05 - Penetration test demo (continued) // Exposing passwords & credentials 01:23:25 - What a malicious hacker would do 01:25:55 - The "Golden Ticket" // How to forge a ticket 01:45:07 - Demo summary & tips 01:48:05 - Conclusion // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
Am I missing it? I don't see a link to the commands. I think I know them all but I always like to add these to my obsidian so I can access them later if needed.
Super, super video! Adoption of good credential isolation techniques, enabling LSA protection and use of the built in Protected Users group in AD would all be good first steps towards thwarting many of these types of privilege escalation attacks. Above all, don't let Jeff anywhere near your directory infrastructure 🤣🤣🤣
Amazing, I have been sysadmin for a long time, this is scary stuff, I did notice antivirus was not enabled and would also need to be bypassed before mimikatz could be run, but as in all things that's a whole other video that probably should not see the light of day 😂
The Kerberos ticket lifetime of 10 years explains some weirdness I encountered at work recently where the Kerberos ticked had expired for some accounts.
Free Active Directory tutorial??? Best IT channel by far!!! If I could subscribe twice to show my appreciation I would but I can’t😔 But thanks for all your efforts🙂🫡
please get this guy back for more tutorials, really great video
For me as a sysadmin this video has shown sooooo many things that I will give attention even more in the future and double check and change. Thanks so so much for that awesome and free content.
David you always coming with intersting guests and tech explanation .thanks
Thank you! It always fun to learn from different people in the industry :)
A Couple of retired machines on Hack The Box are good active directory practice machines with good walk through's if you get stuck 'Hathor' and 'Sekhmet'.
This vid is a gem, and Remi is a breath of fresh air. Great explains along the way, but not too much to put off viewers with reasonable knowledge in some areas. More id definitely required from you guys if possible. Never change Remi, people who work with you must love it!!
wow this is absolutely jam packed for a youtube video. Killer video David, I'm blown away by the depth of knowledge your guests have.
Nice work Dr Bombal - great content as always, we appreciate your service
Thank you Billy! I appreciate that!
Very indepth and intriguing video. I'd like to see Remy provide more explanations to OffSec practices and again, with he explanations.
Right.
But seriously, good content and I appreciate taking the time to make this and posting it publicly too.
I watched this video and immediately went and checked like 20 files on various systems. LOL. Good wake-up for anyone that might not be thinking about these attacks.
best video to overview what is a pentest and how they approach it thank you david for this king of content on youtube we are very happy to see you again with the videos like this :)))
Thanks David for a great channel. From Cyber security, hacking, pen testing, networking … all in one. Also thanks to Remi for the excellent demo
Really great to see this all done. Thanks for the video 🎉 I’m so used to seeing this done with bloodhound etc. it was really refreshing seeing it done this way.
High valuable content. Looking forward for more stuff like this. Thank you 👍
This vid is brilliant, Remy explained things so well and David you asked the questions popping right into my mind. Great job! Thanks!
Greater job have been achieved inside this content. David, thanks again for contribution. You always try to provide the best content for your audience. Thanks
David, you are doing fascinating content , you help me drastically to gain my knowledge in this new sphere for me
u always have good people as guests your good too Bombal enjoy seeing and learning from good people the best Knowledge is free God bless😇
Thank you so much this is the video I have always been wanted the full pentest from initial access to lateral movement, escalation and persistence. Pretty much the whole package. Great stuff.
So awesome. Asked about this on your Managed vs Unmanaged switch UA-cam Short. Thanks David.
Great video about AD pentest. Love it. Want to see more videos like this.
finally i found two hours to watch the video, it was saved in my "watch later" list for 2 months now... awesome video, tried all the stuff directly in my productive Active Directory and was able to undertand it deep dive...
Good piece of information, it gives us great tips to protect ADs. Bring him for more topics maybe exploiting some Cloud IAMs (Azure AD, Okta etc)
Really great video and full of good information. I appreciate you both for taking the time to explain this and upload this video, thank you !!!
This was just really great! Big thank you for showing this!
Awesome 👍 content , knowledge filled,
Thanks David.
Thank you guys ! It will be nice to see and the remediotion steps for this vulnerabilities.
Great stuff. Thanks @David for make this happen. I need to re-watch and take more notes. Thank you!!
Really Enjoy a lot and learn as well. Great demo. And Thanks David for Such informative Videos.
Great demo! Very informative for system administrators on things to look out for in the environment.
I knew the theory but had never really put it all together, thanks for this demo.
Excellent demo and insightful comments David and Remi. Would be interesting to see how this can be detected by Blue Team members. Maybe something for another video?
Really nice video!!!. Keep posting this kind of material
Thanks David & Remi, this is probably the best demo on AD hacking, I will watch this repeatedly until I get good grasp of AD hacking.
Awesome video i am a 12 year old l am learing coding i know python i a learn networking,and new hacking tools from this channel you make great videos
I started hacking/coding at 12 mate. Your future is bright!
Be quieter listen more
Here you have it: your audience
Very good 👍 keep it up
Keep learning keep growing
You can study computer sciences in university, that will be great
So cool to see a fellow Norwegian has come this far in this field, wish there was more red teaming here in Norway... Really cool video great job!😎
And we thought Norwegians were good for herding Reindeers and that is about it 😂
@@HK-Asia-IQ No, no... We have icebears in the streets and we used to kill whales also
You're the best David. This channel is a UA-cam mine.
awesome presentation and demo. David and Remi
it was awesome. thanks for the demonstration. don't forget resetting krbgt password 2 times :)
Great demo! Would love to see more from Remy.
David, you are amazing! God bless your family bro,
It would be fun if you bring a guest specialised in ransomware and malwares attacks.
Excellent and interesting demo as always i would like to watch him do the enumeration as he documented
Indeed a great video David! I've learned so much in this video and it would such be a greater help if Remy can also demonstrate on how to prevent this kind of attacks and/or persistent attacks from happening again. Like what Remy said that it is not advisable to go and change the password of your krbtgt immediately.. It would really be of great help teaching sysadmins on how to protect they're network environment. I really appreciate this video because a lot of knowledge has been demonstrated by Remy. Kudos to your videos David! Looking forward for a lot more educational and exciting videos regarding offensive security and hopefully for defensive security also. Thank you and God bless!
Great video!
helped me to prepare for PJPT/PNPT
Eye opening video... Didn't know there is so many open holes in the active directory
Amazing video and demo! One of the best explanations on Golden Ticket exploitation I've seen. Thanks
like always, great great content, thanks you!
Thank you very much!
Thank You For The Content, Always Learn A Lot.
Awesome Video, I'd love to see more like this!!
Im trying to learn PLCs but this is mote fascinating to me.
Great vid as I've just started my AD course!!
This is bloody awesome. Thanks!
Thanks David.
Hi David. I find your videos very informational, and this one is so far "the best." Thanks for interviewing one of my country men. This presentation scares me :( Am for sure going to make a call to Remi
i love these type of contents , I remember learning and understanding AD and also Group Policy etc. But yes Thank you David, also David you need to do a video and live stream with Ryan Montgomery, idk if youve seen that Ryan Shawn interviewing Ryan Montgomery, but it be awesome if you guys can show some awesome hack techniques or something. but thank you David as always 😁
Awesome video mate, very impressive!
one of a kind
...am supposed to do an internal pentest in my active directory i hope this will help me break things apart
Wow. Extraordinary👏👏👏
Great video, loved every minute!
What a great video! Super interesting!
GOLDEN TICKET of an explanation Remi was amazing
thank you Remi and David. Great content as always. Appreciate the Kerberos vs NTLM breakdown. @Remi perfer nano also.
FINALLY YOUR CREATED CONTENT ON ACTIVE DIRECTORY 🎉
Thank you for all that you do.
I'm trhilled to see another episode of our legend David!
Thank you! This is a long video, but a great demonstration.
@@davidbombal The longer the better David i enjoy every single video :)
A video on enumeration/reconnaissance would be amazing!
a real security architect would have SEIM, PAM, PIM and IAM in place, either commercial or opensource, you will never get that easily unless an insider is involved
WOW ... i understood everything... please bring him back
Get your 10% discount here: www.offsec.com/review/david-pwk-2023/
Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and is a major topic on the OSCP exam. However, OffSec did give me access to Learn One for one year so I could see the course content. This has helped me prepare for the interview. Hopefully I'll be able to make more content covering what is in the PEN 200 course in future :)
// GitHub Code //
Commands: github.com/davidbombal/Ethical-Hacking/blob/main/Windows%20Pentesting%20with%20OffSec
// Documentation //
Changes: www.offsec.com/offsec/pen-200-2023/
Course: www.offsec.com/courses/pen-200/
// Offsec //
Twitter: twitter.com/offsectraining
Website: www.offsec.com/
LinkedIn: www.linkedin.com/company/offsec-training/
// Remi's SOCIAL //
LinkedIn: no.linkedin.com/in/remi-solberg-8991b910a
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// MENU //
00:00 - Coming up
01:31 - Disclaimer
01:57 - Remi Solberg introduction & background
03:37 - Jump to a timestamp (check in description below)
03:57 - Simulated full-scale penetration test demo // Hacking Windows
05:12 - OffSec Learn One discount!
06:22 - Penetration test demo
09:38 - Documentation & enumeration // Prepping for penetration test
23:25 - Penetration test demo // Accessing users
30:10 - Privilege escalation
37:44 - Using ICACLS (Integrity Access Control Access List)
43:59 - Privilege escalation (continued)
52:14 - Getting around obstacles // Social engineering
53:23 - Privilege escalation (continued)
57:19 - Stealing credentials
59:11 - Using Mimikatz tool // Kerberos and NTLM Authentication (theory)
01:07:33 - Mimikatz tool demo
01:06:05 - Penetration test demo (continued) // Exposing passwords & credentials
01:23:25 - What a malicious hacker would do
01:25:55 - The "Golden Ticket" // How to forge a ticket
01:45:07 - Demo summary & tips
01:48:05 - Conclusion
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
Am I missing it? I don't see a link to the commands. I think I know them all but I always like to add these to my obsidian so I can access them later if needed.
@@rationalbushcraft I don't see a link to the commands either.
No commands below?
Great video Mr Bombal, I think you forgot to attach the commands, thank you in advance
The link to the commands is missing.
Great video. Love this.
Amazing video content! Thanks
wonderful explanation
Thank you very much for this sir.
This is the "video" I am waiting for !!
Very happy to hear that!
The best part was "MY NAME IS JEFF" 😂🤣
Super, super video! Adoption of good credential isolation techniques, enabling LSA protection and use of the built in Protected Users group in AD would all be good first steps towards thwarting many of these types of privilege escalation attacks. Above all, don't let Jeff anywhere near your directory infrastructure 🤣🤣🤣
awesome sauce. Thank you!
I like this tutorials allow thanks for the gift!
If you penetrate a system and gain domain admin right - change the background image on every account with a nice little message.
Awesome bro 😎👍
I hope you enjoy the video!
Just in time, thank you in advance
I hope you enjoy the video!
wow! great stuff
great content David
bros beard has opacity set to 0.75 - great content very knowledgable.
Amazing, I have been sysadmin for a long time, this is scary stuff, I did notice antivirus was not enabled and would also need to be bypassed before mimikatz could be run, but as in all things that's a whole other video that probably should not see the light of day 😂
Good stuff David - inside the mind of Remi ;)
great demo thank you
This is too good!
I'm too scared to comment on this video 🤣 I just opened an attack vector lol love your vids David and co
Wow david awesome vid!
Thank you! Glad you enjoyed the video!
The Kerberos ticket lifetime of 10 years explains some weirdness I encountered at work recently where the Kerberos ticked had expired for some accounts.
Free Active Directory tutorial???
Best IT channel by far!!!
If I could subscribe twice to show my appreciation I would but I can’t😔
But thanks for all your efforts🙂🫡
Thank you so much! I appreciate your support!
excellent demo
Thanks david. Id like to see a walk through on how to set up the active directory lab he is using.
Look up on youtube how to create a local domain
Awesome video
Really amazing
Great video.
Hello David can u make a video on wpa3 cracking it will be really helpful and i love ur channel man !!
great video thanks \o/
it was fantastic