Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting

Name: Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Uploaded: 2019-05-23T04:36:02Z
Channel: The Cyber Mentor
Description: Zero to Hero: 0:00 - Welcome 1:17 - Quick housekeeping 4:20 - Scanning our targets 10:46 - Reviewing nmap results for Blue 12:48 - Checking for MS17-010...

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·6y ago

Zero to Hero: 0:00 - Welcome 1:17 - Quick housekeeping 4:20 - Scanning our targets 10:46 - Reviewing nmap results for Blue 12:48 - Checking for MS17-010 w/ nmap 14:20 - Exploiting MS17-010 w/ Metasploit and post enumeration 25:15 - Reviewing nmap results for Active 27:50 - Extracting data w/ smbclient 32:20 - GPP/cPassword overview/exploitation 38:17 - Kerberoasting and post enumeration Q&A / AMA: 52:00 - How old is the GPP exploit? 52:55 - Are you running Windows on VM? 53:37 - Is the OSCP still worth it for HR purposes? 54:14 - What sort of credentials to get into pentesting from military? …

Watch on YouTube ↗ (saves to browser)

Chapters (43)

Welcome

1:17 Quick housekeeping

4:20 Scanning our targets

10:46 Reviewing nmap results for Blue

12:48 Checking for MS17-010 w/ nmap

14:20 Exploiting MS17-010 w/ Metasploit and post enumeration

25:15 Reviewing nmap results for Active

27:50 Extracting data w/ smbclient

32:20 GPP/cPassword overview/exploitation

38:17 Kerberoasting and post enumeration

52:00 How old is the GPP exploit?

52:55 Are you running Windows on VM?

53:37 Is the OSCP still worth it for HR purposes?

54:14 What sort of credentials to get into pentesting from military?

55:15 Does Metasploit leave remnants?

56:40 Errors on GetUsersSPN?

57:18 Bug bounty hunting certs?

58:07 Pass the Kerberos hash?

59:05 Is it better to start on externals before internals?

1:00:27 Internal pentest resources?

1:01:00 Any experience w/ Rapid7?

1:02:05 How fast is your cracking rig?

1:04:00 Have you used Commando?

1:04:37 Bug bounties for internal?

1:05:34 Powershell on assessments?

1:06:32 Have you done any Bluetooth attacks?

1:07:05 How would I go about starting my own consulting company / business advice?

1:15:10 What is your computer setup like?

1:15:40 RFID hacking?

1:16:10 Finding talent to start a company / do you have to work X amount of years befo

1:18:23 Thoughts on cloud certifications?

1:19:05 Network vs Web Pentesting in terms of pay, jobs, etc?

1:21:16 CS or IT major in college to become a pentester?

1:21:39 Is the US the best country to work in for cybersecurity?

1:23:02 Is PentesterLab more web app or network focused?

1:23:45 Is the Web Application Hacker's Handbook still relevant?

1:24:15 Do you run a gaming router?

1:24:28 How are you planning to charge companies?

1:25:42 Phishing tools?

1:27:50 Any assessments that have stumped you?

1:29:33 Any wifi stories?

1:29:55 Does the blue team actively try to stop you in assessments?

1:30:42 Have you ever crashed a server?

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 40 of 60

← Previous Next →