1
00:00:00,150 --> 00:00:01,650
We are finally here.

2
00:00:01,650 --> 00:00:06,220
This is my favorite section of the course and now we're gonna start actually attacking.

3
00:00:06,300 --> 00:00:09,750
We've got our lab built out and we're ready to roll.

4
00:00:09,780 --> 00:00:17,580
So this first section I'm calling the initial attack vectors and what I mean by that is this is the

5
00:00:17,580 --> 00:00:22,530
way we're going to initially attempt to attack Active Directory.

6
00:00:22,530 --> 00:00:28,140
There are a lot of posts compromise attacks which you're going to see a little bit later that require

7
00:00:28,140 --> 00:00:33,570
having some sort of credential or some sort of lateral movement already occurring.

8
00:00:34,170 --> 00:00:40,240
So first we have to find a way into the network when we start a penetration test especially internal.

9
00:00:40,260 --> 00:00:44,010
We just have a machine we have our machine and we drop it into the network.

10
00:00:44,040 --> 00:00:45,540
Typically you're remote.

11
00:00:45,540 --> 00:00:51,210
You just already pee into this machine or maybe you're on site and you're working in front of this computer

12
00:00:51,480 --> 00:00:53,380
but you're just drops into a network.

13
00:00:53,380 --> 00:00:55,580
You are given no credentials you're given nothing.

14
00:00:55,590 --> 00:00:56,290
OK.

15
00:00:56,370 --> 00:01:02,430
And what we're going to do is we're going to go through how we can abuse features of Windows features.

16
00:01:02,430 --> 00:01:08,760
Again these are not Miss configurations just features of Windows and utilize those to get access to

17
00:01:08,760 --> 00:01:13,990
user accounts credentials and get access to machines as well.

18
00:01:14,010 --> 00:01:16,620
So it's gonna be a really really fun ride.

19
00:01:16,620 --> 00:01:22,360
Now when I first started getting into Active Directory pen testing my very first pen test I had no idea

20
00:01:22,360 --> 00:01:25,530
what was going on and I was just kind of thrown into it.

21
00:01:25,530 --> 00:01:27,330
They said Here you go go figure it out.

22
00:01:27,690 --> 00:01:33,120
So I was onsite and I had my my laptop and Google.

23
00:01:33,120 --> 00:01:34,150
And that's that's it.

24
00:01:34,170 --> 00:01:34,830
Right.

25
00:01:34,860 --> 00:01:39,810
And I found this wonderful article and I'm going to show it to you as well and this is kind of what

26
00:01:39,810 --> 00:01:41,370
started me out.

27
00:01:41,370 --> 00:01:47,880
Now it doesn't really have the how to do it but it just kind of has the here's what I do and this is

28
00:01:47,880 --> 00:01:49,140
the 2018 edition.

29
00:01:49,140 --> 00:01:53,480
So it's a little dated but most of these attacks are still very very common.

30
00:01:53,610 --> 00:01:58,260
And what we're going to be covering in a lot of these are we're going to be covering all these tax first

31
00:01:58,260 --> 00:02:01,920
of all and a lot of these are those initial attack vectors.

32
00:02:01,920 --> 00:02:07,410
So this is the top five ways I got domain admin on your internal network before lunch.

33
00:02:07,410 --> 00:02:11,820
I'm going to post this link down below in the references.

34
00:02:11,820 --> 00:02:17,610
And so this Adam gentleman here he talks about net bios and Elliman are poisoning.

35
00:02:17,670 --> 00:02:22,200
This is going to be our first topic that we're going to cover we come through here really attacks.

36
00:02:22,200 --> 00:02:27,150
That's going to be the second topic that we cover and we keep going through.

37
00:02:27,410 --> 00:02:28,520
Let's see what else he's got.

38
00:02:28,530 --> 00:02:32,410
MH 17 010 that is eternal blue right.

39
00:02:32,420 --> 00:02:38,570
And we covered that in the midcourse Capstone this you saw how easy it was in the midcourse Capstone.

40
00:02:38,660 --> 00:02:41,600
This is truly that easy.

41
00:02:41,600 --> 00:02:49,000
It is literally just discover the host running the vulnerable S&amp;P right and then you exploit it.

42
00:02:49,130 --> 00:02:52,860
Very very simple just like we did it before you get that shell pretty easy.

43
00:02:52,970 --> 00:02:56,420
You would not believe it's been almost three years now.

44
00:02:56,540 --> 00:03:02,000
How often we still see MH 17 010 in a network it's all the time.

45
00:03:02,890 --> 00:03:03,230
OK.

46
00:03:03,230 --> 00:03:08,240
And then we're in a cover Kerber roasting later on we get into post compromise attacks and man the middle

47
00:03:08,240 --> 00:03:14,480
six we're actually going to be covering as well in this first part of the initial attack vectors These

48
00:03:14,480 --> 00:03:16,190
are all very very good ones.

49
00:03:16,280 --> 00:03:19,520
They still hold up to date very well.

50
00:03:19,520 --> 00:03:22,910
Some of these are starting to be defended against and we'll talk about that as we go.

51
00:03:23,150 --> 00:03:28,760
But when it comes to having a good reference point and a good starting point to learn attacks if you

52
00:03:28,760 --> 00:03:33,920
knew these five going into an interview you have a leg up over just a general candidate.

53
00:03:33,950 --> 00:03:39,350
So that's what we're after here is the practicality of this course and being practical with our attacks.

54
00:03:39,350 --> 00:03:44,500
Understanding the attacks and the defenses and getting you ready for that that pen test interview.

55
00:03:44,630 --> 00:03:47,600
So let's go ahead and move on from here.

56
00:03:47,600 --> 00:03:53,180
We're going to get into our first attack which is going to be l m an R poisoning so I'll catch you in

57
00:03:53,180 --> 00:03:53,900
the next video.