Zero to Hero: Episode 10 – MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
iSpeech
Zero to Hero:
0:00 - Welcome
1:17 - Quick housekeeping
4:20 - Scanning our targets
10:46 - Reviewing nmap results for Blue
12:48 - Checking for MS17-010 w/ nmap
14:20 - Exploiting MS17-010 w/ Metasploit and post enumeration
25:15 - Reviewing nmap results for Active
27:50 - Extracting data w/ smbclient
32:20 - GPP/cPassword overview/exploitation
38:17 - Kerberoasting and post enumeration
Q&A / AMA:
52:00 - How old is the GPP exploit?
52:55 - Are you running Windows on VM?
53:37 - Is the OSCP still worth it for HR purposes?
54:14 - What sort of credentials to get into pentesting from military?
55:15 - Does Metasploit leave remnants?
56:40 - Errors on GetUsersSPN?
57:18 - Bug bounty hunting certs?
58:07 - Pass the Kerberos hash?
59:05 - Is it better to start on externals before internals?
1:00:27 - Internal pentest resources?
1:01:00 - Any experience w/ Rapid7?
1:02:05 - How fast is your cracking rig?
1:04:00 - Have you used Commando?
1:04:37 - Bug bounties for internal?
1:05:34 - Powershell on assessments?
1:06:32 - Have you done any Bluetooth attacks?
1:07:05 - How would I go about starting my own consulting company / business advice?
1:15:10 - What is your computer setup like?
1:15:40 - RFID hacking?
1:16:10 - Finding talent to start a company / do you have to work X amount of years before starting a business
1:18:23 - Thoughts on cloud certifications?
1:19:05 - Network vs Web Pentesting in terms of pay, jobs, etc?
1:21:16 - CS or IT major in college to become a pentester?
1:21:39 - Is the US the best country to work in for cybersecurity?
1:23:02 - Is PentesterLab more web app or network focused?
1:23:45 - Is the Web Application Hacker's Handbook still relevant?
1:24:15 - Do you run a gaming router?
1:24:28 - How are you planning to charge companies?
1:25:42 - Phishing tools?
1:27:50 - Any assessments that have stumped you?
1:29:33 - Any wifi stories?
1:29:55 - Does the blue team actively try to stop you in assessments?
1:30:42 - Have you ever crashed a server?
❓Info❓
___________________________________________
Hire me: https://tcm-sec.com
Course info: https://www.thecybermentor.com/zero-to-hero-pentesting
Contact (professional inquiries only, please): info@thecybermentor.com
🔹The Cyber Mentor Merch🔹
___________________________________________
https://teespring.com/stores/the-cyber-mentor
📱Social Media📱
___________________________________________
Website: https://thecybermentor.com
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Discord: https://discord.gg/REfpPJB
LinkedIn: https://www.linkedin.com/in/heathadams
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp
Aston Origin Microphone: https://amzn.to/2LFtNNE
Rode VideoMicro: https://amzn.to/309yLKH
Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB
Elgato Cam Link 4K: https://amzn.to/2QlicYx
Elgate Stream Deck: https://amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
source
0 Responses to Zero to Hero: Episode 10 – MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting